Most estimates put Microsoft’s Windows operating system running on the vast majority of Desktop computers. With such a large installed base, Windows systems are attractive targets for attackers. This Lab will detect and analyze the vulnerabilities of a Windows host. You will learn how to prevent having vulnerabilities exploited and learn how to investigate specific vulnerabilities.
Host security is one layer in a multi-layered security strategy. This Lab focuses on host security and does not discuss other layers such as network and application security.
The Windows host that you will check for vulnerabilities is a Windows 7 virtual machine running in a Hyper-V virtual environment.
Upon completion of this Lab you will be able to:
- Understand different categories of host vulnerabilities
- Learn how to protect against host vulnerabilities
- Find out more information about specific vulnerabilities
- Learn about Windows tools that can help identify system vulnerabilities
Detecting and Analyzing Vulnerabilities in Windows
Most estimates put Microsoft’s Windows operating system running on the vast majority of Desktop computers. With such a large installed base, Windows systems are attractive targets for attackers. This Lab Step will analyze the vulnerabilities of a Windows 7 host. You will learn how to prevent having vulnerabilities exploited and learn how to investigate specific vulnerabilities.
- Click the Hyper-V Manager icon in the taskbar at the bottom of the screen to open Hyper-V Manager. This is how our lab looks like:
- Double-click the Win 7 virtual machine in Hyper-V Manager to connect to the Windows 7 virtual machine. We are now connected to Win7 machine.
- Double-click the Microsoft Baseline Security Analyzer icon on the Desktop:
The Microsoft Baseline Security Analyzer is a tool Microsoft maintained until late 2018. It is capable of running system scans to identify common vulnerabilities in Windows systems. Although it is no longer maintained, it is still useful for learning about different vulnerabilities on Windows systems and what you can do to protect against them.
- Click Yes to allow the program to make changes to the computer:
We have now Microsoft Baseline Security Analyzer window opened.
- Click Scan a computer.
- Uncheck the option for Check for security updates and Click Start Scan:
- The configuration will search the local machine by default. Also, note that the default Options check for vulnerabilities in Windows and common services such as Microsoft’s IIS web server.
Watch as the scan proceeds through different phases:
- It takes around 5 minutes to complete when you are presented with the results of the scan:
- Read through the result tables to understand what vulnerabilities are checked:
For entries that correspond to checks that fail or additional information, there are links provided to fix the issue (How to correct this). Although MBSA is now deprecated, you can find useful advice on how to address security issues and understand different aspects of securing Windows systems by exploring the results.
- Click Result details next to the Local Account Password Test issue in the Administrative Vulnerabilities section:
- Review the result details:
The virtual machine has not installed Windows updates since 2015 making it highly vulnerable along with the weak passwords. Ensuring automatic updates are configured can remove many of the vulnerabilities for Windows systems. This applies to the third-party software you have installed on the system.
- Click on How to correct this under the Administrative Vulnerabilities section to see the information on fixing the vulnerability:
- The instruction on fixing the weak password vulnerability should look something like this:
In this Lab Step, you learned about Windows vulnerabilities with the help of Microsoft Baseline Security Analyzer. You understood different categories of vulnerabilities, how to protect against vulnerabilities, and where to go to find out more information about vulnerabilities. Simply enabling automatic updates can protect against many vulnerabilities. As an example, after running Windows Update the MBSA scan results change to the following protecting the system from dozens of vulnerabilities:
Microsoft has issued advice on how to replace some of the capabilities that MBSA provided. However, it is a false sense of security to think that any one tool can completely protect a system. A defense-in-depth strategy is highly recommended.
Regularly updating the system cannot protect against the vulnerabilities in the Windows Scan Results section, for example. It is important to have a comprehensive view of vulnerabilities when assessing security.