Windows 7 Vulnerabilities
The recent release of the Windows 7 operating system offers multiple enhancements over Windows Vista as well as a more user-friendly operating system for your PC. Although Microsoft has already repaired newly discovered vulnerabilities in the new Windows 7 operating system, there are a few recent security holes that have been discovered, some of which you can obtain patches for from the Microsoft website. Some of the vulnerabilities include:
There is a current vulnerability in Windows Explorer which contains all of the files in your PC's operating system. It is a file type that exploits the fact that Windows Explorer in the Windows 7 operating system hides file extensions by default. The exploit tricks the user into clicking something that appears to be harmless but in reality it is malware that is capable of destroying your hard drive.
Since Windows Explorer hides file extensions by default, the malware can present itself as "destructive_malware.txt.exe." When you view your files in Windows Explorer the extra file extension ".exe" is not visible.
- How to Avoid Getting Tricked Into Clicking: You can avoid being tricked by opening your Windows Explorer window and clicking on the folder icon up on the superbar. Continue to press the ALT key on your keyboard and then click on "Tools" on the main toolbar. Select "Options" from the pull-down menu and when the window opens, click on the "View" tab and uncheck the box next to "Hide extensions for known file types." Click "OK."
This will allow you to see all file extensions before you click on them and allows you to change file extensions since they are no longer hidden. It is important to note that you should always use caution when changing file extensions because it could render the file unusable. Windows will always prompt you whenever a file extension is changed by the user.
Local Security Authority Subsystem Service
There is a recently discovered vulnerability in the Local Security Authority Subsystem Service which can cause a denial of service attack if a hacker sends a packet containing malicious files during NTLM authentication. NTLM protocol refers to the Windows NT LAN Manager which is used to authenticate logons to PCs that are connected to the network.
The security update provided by Microsoft includes updates for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and the new Windows 7 operating systems.
User Account Controls
Microsoft changed and upgraded the User Account Control settings for Windows 7 to make it more flexible for users. Some of the UAC applications are channeled through the User Account Controls to reduce user interaction. As a result, the vulnerability is apparent when the third party application calls on files by proxy through an existing Windows application which never uses the UAC prompt application.