Arbitrary and Remote Code Execution – CompTIA Security+ SY0-401: 3.5

A serious programming error can open your computer to code that can be run from anywhere in the world. In this video, you’ll learn about remote code execution and how you can avoid having your computer taken over by the bad guys.

<< Previous Video: Malicious Add-ons and AttachmentsNext: Monitoring System Logs >>

When we run an application on our computer, we are executing code. Nothing happens on your computer unless you have some application, some program, running that is executing in memory. Now this executable code is a very specific kind of program. This is designed to perform certain actions on your computer. This is not the spreadsheet that you’re using. This is not a word processing document. It’s the program that you were using to edit a word processing document or the application you’re using to manipulate numbers within the spreadsheet. So it’s a very specific kind of file. And it may be related to a game that you’re playing. Maybe it’s a business application you’re using. It could be something that is running as part of your operating system.

A number of executables run on our program behind the scenes just to make sure that all of the things that we’re doing on our computer are working properly. Since nothing happens on our computer unless some code is executing, the bad guys really would like to have complete access to your computer to run whatever they’d like. Or they had like a program that you’re already using to run some arbitrary code that they’ve somehow managed to get inside of that application. And if an application has not been developed well or it has a bug, then it may run some arbitrary code without any permission from you.

I mentioned earlier that there are a number of processes that are always running inside of your computer. And if any of those processes have a bug that allows for this arbitrary code execution, the bad guys could feed that arbitrary code to that process, it would then execute on your computer and then the bad guys would have whatever access they needed to your system. It is this original executable running as the process that created this problem to begin with, and normally you would be patching that process so that nobody would be able to run this arbitrary code.

We often think that a lot of these arbitrary code executions are something that can only happen if you have administrator access or root access to the operating system, but the reality is a number of programs can run in the normal user space and the bad guys just want to be able to start up their malware, get your system to run that as a normal user, and they’ll be able to perform whatever functions they need on your machine. So all of us have to be very careful about these arbitrary code executions because even as a normal user you can really have the bad guys create a lot of havoc on your computer.

If you’ve ever looked through the release notes of the monthly Microsoft patches or you look through the notes associated with an Adobe patch update your sometimes run across a vulnerability identified as a remote code execution. These vulnerabilities are usually categorized at a very high severity because a remote code execution means that the bad guy can run software on your computer but they don’t even have to run it or be anywhere near your computer. They can send information into your system remotely and have that execution occur on your system. This is obviously a significant vulnerability one that needs to be patched very quickly because you don’t want people from anywhere in the world connecting to your computer and running whatever software they’d like.