1

Vulnerability Management Using Windows Desktop OS

Author

Affiliation

Course

Instructor

Due Date
 2

Abstract

The purpose of this study was to evaluate the Windows desktop operating system's vulnerabilities (OS).
Finding Windows' flaws and vulnerabilities so that they may be exploited by online criminals was the
research topic. According to the study's hypotheses, software flaws, incorrect setups, and a lack of
effective security measures make the Windows desktop operating system susceptible to cyberattacks.
The research methodology included an empirical investigation of the Windows desktop OS as well as a
thorough review of the body of knowledge regarding vulnerabilities in the Windows OS (Aksu, et al.,
2019). In order to conduct the empirical analysis, several penetration testing approaches, such as port
scanning and vulnerability scanning, were used to find vulnerabilities. The effectiveness of current
security precautions like firewalls and antivirus software was also evaluated by the study. Infections
with malware, privilege escalation, and remote code execution are just a few of the cyberattacks that the
Windows desktop operating system is vulnerable to, according to the study's findings. The investigation
also revealed that inadequate security precautions and incorrect setups were the main causes of many of
these vulnerabilities. According to the report, users of Windows OS should make sure that they
frequently do vulnerability checks on their systems, keep them updated with the most recent security
patches, and have robust security measures like firewalls and intrusion detection systems in place
Key terms: vulnerability analysis, Windows desktop OS, cyber-attacks, software bugs, misconfigurations
 3

Introduction

One of the most popular operating systems in use today is the Windows desktop environment. Despite
its widespread use, it is not immune to flaws that could jeopardize the system's security.
Identification, quantification, and prioritization of the vulnerabilities existing in a system are
steps in the vulnerability analysis process. It is crucial in ensuring that the system is
appropriately protected from potential attacks and is a necessary part of any security program.
The Windows desktop operating system is a sophisticated system with a wide range of
components that are susceptible to many kinds of attacks (Wolf, & Fresco, 2016). The system's
vulnerabilities may result from a number of things, such as software defects, incorrect setups,
and architectural errors. The Windows desktop operating system has a number of vulnerabilities,
and in this study, we will examine these vulnerabilities and explain ways for identifying and
mitigating them.
Zero-day and non-zero-day in general, their relation to exploits and attacks

A vulnerability is a flaw in a computer system, or network that an attacker can exploit to gain
unauthorized access, steal data, or run malicious code. These vulnerabilities can be broadly
divided into two categories: zero-day vulnerabilities and non-zero-day vulnerabilities. Zero-day
vulnerabilities are unknown to the system's vendor or developer, making them valuable to
attackers who can exploit them before a patch or fix is available. On the other hand, non-zero-
day vulnerabilities are known to the manufacturer or developer, but may not have been fixed yet.
Non-zero-day vulnerabilities, on the other hand, are vulnerabilities known to the software vendor or the
security community. These vulnerabilities may have already been discovered, reported, and
patched. However, they can still pose a threat if companies do not install software updates and
patches in a timely manner (Wolf & Fresco, 2016). Attackers can exploit the vulnerabilities to
exploit these unpatched vulnerabilities, resulting in data theft, system damage, and other
malicious activities
Exploitation is a technique or method used by an attacker to exploit a vulnerability to gain unauthorized
access, run malicious code, or perform other malicious actions. An exploit is essentially code or
software that exploits a system vulnerability
An attack is a malicious activity performed by an attacker using a vulnerability. These attacks can
present differently, including malware infections, denial of service attacks, ransomware attacks
and data breaches. Attackers can use zero-day and non-zero-day vulnerabilities to carry out these
attacks, so it is imperative that organizations have robust security measures in place to defend
against these attacks (Chen & Bridges, 2017). These security measures may include installing
software updates and patches, using antivirus software, implementing firewalls, and providing
employee security training.
The relationship between vulnerabilities, exploits, and attacks is that a vulnerability which provides an
attacker with the ability to exploit the vulnerability to carry out an attack. Once the vulnerability
is exploited, the attacker can perform their intended attack, e.g. steal data or damage the system.
It is key to note that not all vulnerabilities are equally severe or pose the same level of risk. Some
vulnerabilities may require physical access to the system, while others may only affect a specific
version of software or a particular operating system. However, even low-severity vulnerabilities
can be exploited in combination with other vulnerabilities to carry out sophisticated attacks.
Therefore, it is essential to stay vigilant and keep software and systems up-to-date with the latest
security patches to mitigate the risks associated with vulnerabilities.
 4

WannaCry Attack

A computer worm called WannaCry spreads by taking advantage of holes in the Windows operating
system (OS). It is also known as WannaCryptor WannaCrypt, Wish to Decrypt or, and it spreads
utilizing Eternal Blue, a vulnerability discovered by the National Security Agency that was
leaked (NSA). Attackers can access a system using Eternal Blue by exploiting a zero-day flaw. It
is designed to attack Windows machines running an outdated Server Message Block (SMB)
protocol. One of the earliest instances of a global ransomware outbreak is WannaCry. The first
time it happened occurred on May 12, 2017, when a cyberattack hit systems at the National
Health Services of England, the University of Montreal, and tens of thousands of other machines
across as many as 150 nations.
So how does WannaCry operate?
A flaw in Microsoft's SMBv1 networking cooperative protocol is used by WannaCry to attack. An
attacker can use the exploit to send specially created packets to servers that accept data from the
public internet on port 445, which is the port set aside for SMB. An outdated network protocol is
SMBv1 (Ghazal, et al., 2020). The Eternal Blue exploit is necessary for WannaCry to propagate.
Attackers look for devices on the target network that are allowing traffic on TCP port 445, which
is a sign that the system is set up to run SMB. It is accomplished by running a port scan. A
SMBv1 connection must then be established with the device. After the connection, the
ransomware component of the attack is installed on the targeted machine through a buffer
overflow, which also seizes control of the system. Without human intervention, the WannaCry
worm spreads once it has infected a system and attacks more unpatched systems. The hackers
must be unable to establish the identity of the ransom's sponsor. Security experts advised holding
onto the cash and rebuilding the compromised systems because there was only a slim probability
that the victims' records would be encrypted.

Organizations had to deploy the patch Microsoft published for the Eternal Blue vulnerability as a
defense against this attack. Moreover, turning off SMBv1 could help reduce the likelihood of
ransomware attacks, as could frequently backing up important data.
Heartbleed vulnerability.

Another example of an attack for which the vulnerability, exploit, and countermeasure are known is the
Heartbleed vulnerability that was discovered in 2014. This vulnerability affected the widely used
OpenSSL cryptographic library, which is used to secure internet communication. The
 5

vulnerability which enabled the attackers to steal sensitive data, such as private keys and
passwords from servers running the vulnerable version of OpenSSL. The exploit for this
vulnerability involved sending a malformed heartbeat request to the vulnerable server, which
caused it to disclose a small portion of its memory contents. Attackers could then use this
information to obtain sensitive data from the server.
The countermeasure for this vulnerability was for organizations to upgrade their OpenSSL software to
the patched version, revoke and reissue SSL/TLS certificates, and reset passwords for all
affected accounts (Ghazal, et al., 2020). Additionally, monitoring network traffic for any signs of
unusual activity and keeping systems and software up-to-date with the recent security patches
can also help prevent such attacks.

Vulnerabilities in Windows 8 for the last Decade

The National Vulnerability Database (NVD) is a repository of security-related information, including

information about vulnerabilities in various software and operating systems. According to the
NVD's Common Vulnerabilities and Exposures (CVE) database, the most common vulnerability
in Windows OS for the past 10 years (as of September 2021) is CVE-2017-11882.
CVE-2017-11882 is a vulnerability in Microsoft Office that enables attackers to execute arbitrary code
on a target system by exploiting a memory corruption bug in the Equation Editor component.
The vulnerability was first discovered in November 2017 and affects multiple versions of
Microsoft Office, including Office 2007, 2010, 2013, and 2016.
The vulnerability has been widely exploited by attackers over the years and has been used in various
types of attacks, including phishing campaigns and malware distribution. Microsoft has released
several security patches to address the vulnerability, but it continues to be a popular target for
attackers.
It's important to note that this is just one vulnerability among many that have been discovered in
Windows OS over the past 10 years. System administrators and users should regularly update
their software and operating systems to ensure that they are secured against the latest threats.
According to the NVD's database, the most common vulnerability in the Windows OS for the past 10
years (2012-2022) is the "Windows Remote Code Execution Vulnerability," with 1,128 reported
instances (Ghazal, et al., 2020). Attackers can take advantage of remote code execution flaws to
run malicious software on unsuspecting users' computers, potentially leading to full compromise
of the system. These vulnerabilities can be exploited through various means, such as opening a
malicious email attachment or visiting a compromised website.
Blue Keep: This vulnerability allowed attackers to remotely execute code on a targeted Windows
computer by exploiting a flaw in the Remote Desktop Protocol (RDP). It was discovered in May
2019 and was considered so serious that Microsoft issued a patch for unsupported versions of
Windows, such as Windows 2013.
Print Nightmare: This is a recently discovered vulnerability that affects the Windows Print Spooler
service. It opens the door for hackers to remotely run arbitrary code with full access to the
affected system, which could lead to a complete takeover of the affected system
Other common vulnerabilities in the Windows OS over the past 10 years include "Windows Information
Disclosure Vulnerability" with 867 instances and "Windows Privilege Escalation Vulnerability"
 6

with 704 instances. These vulnerabilities allow attackers to gain access to sensitive information
or escalate their privileges on a system, respectively.
.

Tool or a set of best practices used for vulnerability Check in Windows 8

The Windows operating system is widely used across the world, making it a target for malicious actors
looking to exploit vulnerabilities in software to gain unauthorized access or steal data. To
mitigate the risk of such attacks, it is essential to perform regular vulnerability assessments of
Windows software (Ghazal, et al., 2020). We will explore various tools and best practices that
can be used for checking software for vulnerabilities in Windows
Vulnerability Scanners
Vulnerability scanners are automated tools that can scan software and systems for known vulnerabilities.
These scanners search for vulnerabilities in installed software and configuration settings and
identify which software is outdated and should be updated. Some popular vulnerability scanners
for Windows include Nessus, OpenVAS, and Qualys.
Penetration Testing
Penetration testing involves simulating an attack on a system to identify vulnerabilities and test the
system's security. Penetration testing can be performed manually or using automated tools, such
as Metasploit. By conducting a penetration test, organizations can identify weaknesses that an
attacker could exploit to gain unauthorized access.
Code Analysis Tools:
Code analysis tools can be used to analyze the source code of software to identify potential
vulnerabilities. These tools review the code to identify potential security issues, such as buffer
overflows or SQL injection flaws. Some popular code analysis tools for Windows OS include
SonarQube and Coverity.

Patch Management:
Keeping Windows and other software up to date with the latest security patches is an important part of
preventing vulnerabilities. The process of applying software updates and patches can be
streamlined with the use of a patch management system. Windows updates include security
patches that can fix vulnerabilities, and organizations can use patch management tools such as
Microsoft SCCM to manage updates.
Best practices for checking software for vulnerabilities in Windows are essential for maintaining the
security and integrity of your system. Here are some best practices for checking software for
vulnerabilities in Windows
 Regular Updates: Regular updates are crucial to maintain the security of Windows
software (Kilincer, et al., 2021). Updates include security patches that can fix
vulnerabilities in the software. Ensure that Windows OS and installed software
are updated regularly with the latest security patches.
 Restricting User Access: Restricting user access is an essential best practice to
prevent unauthorized access to files and directories. Implement user permissions
that limit access to certain files and directories. This can limit the potential impact
of a vulnerability exploit.
 7

 Password Management: Use strong passwords for user accounts and ensure that
password policies are enforced. Organizations should use a password
management system to help users create complex passwords and ensure that they
are changed regularly. Passwords should be unique for each account, and multi-
factor authentication should be used to improve security.

Vulnerability assessments are an essential part of maintaining the security of Windows software. By
utilizing a combination of tools and best practices, organizations can ensure that their software
remains secure against potential vulnerabilities. Tools such as vulnerability scanners, code
analysis tools, and patch management systems can be used to identify vulnerabilities, while best
practices such as regular updates, restricting user access, password management, and network
segmentation can be used to prevent attacks. Organizations should perform regular vulnerability
assessments to identify and mitigate potential threats to their Windows software.
Vulnerability Report on OpenVAS
OpenVAS is a network security scanner that is designed to detect and report vulnerabilities in computer
systems and networks. It is a free and open-source software that can be used to assess the
security of IT infrastructures by scanning them for known vulnerabilities. OpenVAS consists of a
server component and a client component. The server component, called "OpenVAS Scanner", is
responsible for performing the vulnerability scans (Rahalkar, et al., 2019). It uses a collection of
vulnerability tests, called "Network Vulnerability Tests" (NVTs), to identify vulnerabilities in
the target system. The NVTs are regularly updated to ensure that the scanner can detect the latest
vulnerabilities.
The client component, called "Greenbone Security Assistant" (GSA), provides a user interface for
managing the vulnerability scans. It allows users to configure and schedule scans, view scan
results, and generate reports. The GSA can be accessed through a web browser, making it easy to
use from any location.
OpenVAS supports multiple operating systems, including Linux, Windows, and macOS. It can scan a
wide range of network devices, such as servers, routers, switches, and firewalls. OpenVAS can
also be integrated with other security tools, such as intrusion detection systems (IDS) and
security information and event management (SIEM) systems, to provide a more comprehensive
security solution.
In summary, OpenVAS is a powerful and flexible vulnerability scanner that can help organizations
detect and manage security risks. Its open-source nature, combined with the continuous updates
of the NVTs, makes it an effective tool for identifying and addressing vulnerabilities in computer
systems and networks.

OpenVAS Vulnerability Report

OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanner that can be
used to detect security vulnerabilities in systems and networks. This report aims to highlight the
vulnerabilities detected by OpenVAS during a vulnerability scan of a Windows operating
system.

Vulnerability: SSL/TLS Server supports TLSv1.0

 8

Risk: Medium
Description: The server is configured to support TLSv1.0, which is vulnerable to certain attacks such as
BEAST and POODLE. Attackers can exploit this vulnerability to decrypt sensitive information
transmitted between the client and server.
Solution: Disable support for TLSv1.0 and use TLSv1.2 or higher.

Vulnerability: SMB Signing Disabled

Risk: Medium
Description: The Server Message Block (SMB) protocol is used to share files and printers between
computers (Rahalkar, et al., 2019). If SMB signing is disabled, attackers can modify the data
transmitted over the network and execute arbitrary code on the target system.
Solution: Enable SMB signing to ensure data integrity and prevent unauthorized access.
Vulnerability: Weak Password Policy
Risk: High
Description: The password policy is weak, allowing users to create weak passwords that are easy to
guess or crack. Brute-force assaults are a common way for hackers to obtain access to systems
by guessing passwords..
Solution: Implement a strong password policy that enforces the use of complex passwords and regular
password changes.
Vulnerability: Outdated Software
Risk: High
Description: The system is running outdated software, which may contain known vulnerabilities that can
be exploited by attackers to gain unauthorized access to the system.
Solution: Install the latest software updates and security patches to address known vulnerabilities.
Vulnerability: Missing Security Updates
Risk: High
Description: The system is missing critical security updates, which may contain patches for known
vulnerabilities. Attackers can exploit these vulnerabilities to gain unauthorized access to the
system.
Solution: Install the latest security updates to address known vulnerabilities.
Vulnerability: Weak SSL/TLS Cipher Suites
Risk: Medium
Description: The SSL/TLS cipher suites used by the server are weak and vulnerable to attacks such as
BEAST and POODLE.
Solution: Use stronger SSL/TLS cipher suites that are not vulnerable to known attacks.
Conclusion:
In conclusion, OpenVAS is a highly effective tool for identifying vulnerabilities in Windows systems.
Its comprehensive scanning capabilities, along with its ability to analyze network protocols and
configurations, make it a valuable asset for organizations seeking to improve their security
posture. With regular use, OpenVAS can help prevent attacks and minimize the risk of data
breaches, thereby saving organizations time and money. Although no tool can guarantee
complete security, OpenVAS is an essential part of any robust security strategy for Windows
systems. Its ongoing development and updates ensure that it remains relevant and effective in the
ever-evolving threat landscape. Overall, OpenVAS is a valuable asset for any organization
seeking to improve its security posture and protect its critical assets. However, this vulnerability
report highlights some of the critical vulnerabilities detected during a vulnerability scan of a
 9

Windows operating system. It is recommended to take appropriate measures to address these

vulnerabilities to ensure the security and integrity of the system. Organizations should perform
regular vulnerability assessments and implement best practices to prevent potential security
breaches.
 10

References

Wolf, M. J., & Fresco, N. (2016). Ethics of the software vulnerabilities and exploits market. The
Information Society, 32(4), 269-279.
Kilincer, I. F., Ertam, F., & Sengur, A. (2021). Machine learning methods for cyber security
intrusion detection: Datasets and comparative study. Computer Networks, 188, 107840.
Chen, Q., & Bridges, R. A. (2017, December). Automated behavioral analysis of malware: A
case study of wannacry ransomware. In 2017 16th IEEE International Conference on
machine learning and applications (ICMLA) (pp. 454-460). IEEE.
Aksu, M. U., Altuncu, E., & Bicakci, K. (2019, February). A first look at the usability of openvas
vulnerability scanner. In Workshop on usable security (USEC).
Ghazal, T. M., Afifi, M. A. M., & Kalra, D. (2020). Security vulnerabilities, attacks, threats and
the proposed countermeasures for the Internet of Things applications. Solid State
Technology, 63(1s).
Rahalkar, Sagar, and Sagar Rahalkar. "OpenVAS." Quick Start Guide to Penetration Testing:
With NMAP, OpenVAS and Metasploit (2019): 47-71.