Operating System Vulnerabilities - CompTIA Security+ SY0-701 - 2.3

Operating Systems

A foundational computing platform.

- This makes OS's a very big target

Remarkably complex

- Millions of lines of code

- More code means more opportunities for a security issue

The vulnerabilities are already in there

- We've just not found them yet

A month of OS updates

A normal month of Windows updates

- Patch tuesday - 2nd Tuesday of each month

- Other companies have similar schedules

May 9th 2023 - Nearly 50 security patches

- 8 elevation Privilege Vulnerabilities

- 4 Security Feature Bypass Vulnerabilities

- 12 Remote Code Execution Vulnerabilities

- 8 infomration Disclosure Vulnerabilities

- 5 Denial of Service Vulnerabilities

- 1 Spoofing Vulnerability

Best practices for OS vulnerabilities

Always update

- Monthly or on-demand updates

- It's a race between you and the attackers

• May require testing before deployment

- A patch might break something else

• May require a reboot

- Save all data

• Have a fallback plan

- Where's that backup?

<>

<>