nerdexam
GIAC

GCIH · Question #594

A new buffer overflow vulnerability in the Remote Procedure Call (RPC) mechanism for all versions of Windows has been announced, and exploit code has already been made available on the Internet. A fix

The correct answer is D. Install the latest OS and application patches from Microsoft. The only option available to Windows 2003 systems is to be diligent about patching the system. There are no registry settings, and there is no such thing as Unknown Binary Execution Prevention. The kernel module at openwall.com is for Linux, not Windows.

Vulnerability Exploitation & Privilege Escalation

Question

A new buffer overflow vulnerability in the Remote Procedure Call (RPC) mechanism for all versions of Windows has been announced, and exploit code has already been made available on the Internet. A fix is available. As the administrator of a Windows 2003 Server system, you want to prevent the exploit from compromising your system. Which of the following options are available to you?

Options

  • ASet the noexec_user_stack and noexec_user_stack_log dword values to in the registry
  • BInstall the system kernel module from openwall.com
  • CTurn on Unknown Binary Execution Prevention (UBEP) for essential Windows services
  • DInstall the latest OS and application patches from Microsoft

How the community answered

(61 responses)
  • A
    2% (1)
  • B
    5% (3)
  • C
    2% (1)
  • D
    92% (56)

Explanation

The only option available to Windows 2003 systems is to be diligent about patching the system. There are no registry settings, and there is no such thing as Unknown Binary Execution Prevention. The kernel module at openwall.com is for Linux, not Windows.

Topics

#buffer overflow#RPC vulnerability#patch management#Windows exploit mitigation

Community Discussion

No community discussion yet for this question.

Full GCIH Practice