Key Points
All software is prone to vulnerabilities and bugs introduced by developers that can cause security weaknesses, and Windows is no exception. Given that 76% of the world’s desktops and 20% of the world’s servers run on Windows, this is a significant attack surface that most companies should be very conscious of.
Because of its ubiquity, Microsoft has been the number one target for hackers for some time, and they invest a lot in security. But given the extent of their software, they’re still prone to frequent flaws including their latest operating systems Windows 10 and 11.
In this article we’ll look at some recent high profile Windows vulnerabilities, their potential risks to your business, and how a Windows vulnerability scanner like Intruder makes it easier to uncover them in your systems and devices.
Three high profile Windows vulnerabilities
PrintNightmare (CVE-2021–1675, CVE-2021–34527, and CVE-2021–34481)
When is printing not a nightmare? Admins and IT teams struggle with printers daily. But this particular Windows Print Spooler vulnerability causes a lot of sleepless nights. It’s a bug that means a domain user (once they’ve been authenticated against the remote system) can remotely run code on a Microsoft Windows system as the local SYSTEM user.
Essentially, this becomes an exploit because it means any “authenticated” user, not just the trusted, permitted admins, can add any ‘Print Driver’ to Windows. Any random user can escalate this privilege to become a domain admin. Then start causing chaos within your networks. We recommend patching any system exposed to the Microsoft Windows Print Spooler, keep running Microsoft security updates, and using a vulnerability scanner.
Proxynotshell (CVE-2022-41040 and CVE-2022-41082)
These two Exchange Server zero-day vulnerabilities were disclosed in September 2022 and chained together in a series of targeted attacks. One is a server-side request forgery flaw, and the other is a remote code execution bug. Although an attacker must be authenticated to exploit them, the low complexity and the potentially damaging impact gave it a ‘severe’ rating. Microsoft released detection and remediation guidance that advises relying on its Defender Antivirus for protection. However, it’s easier to check if you should worry about this vulnerability with a local agent, as an internal scan using a vulnerability scanner for bugs like this is much faster and more accurate.
HiveNightmare/SeriousSAM (CVE-2021-36934)
SeriousSAM is a local escalation-of-privilege vulnerability affecting some versions of Windows 10. An attacker can exploit this to obtain sensitive system and security data, which could then be used to take full control of affected systems and domains. An attacker with the ability to execute code on a target host could exploit this vulnerability to elevate their privileges to SYSTEM.
How to use a Windows vulnerability scanner
Firstly, you need to find all the required patches and updates to fix Windows vulnerabilities as they are announced. You can do it manually, or switch on auto-update and it does it automatically.
Make sure these updates have actually been applied; some systems may not have been rebooted, or the update may have failed which is where a vulnerability scanner gives you the reassurance you need. If you don't have auto-updates enabled, or if you do and you have a large number of systems, you still need to understand what system needs attention. A vulnerability scanner gives you this visibility.
Bear in mind that when it comes to internal vulnerability scanning, cheap doesn’t mean cheerful. With new Windows vulnerabilities discovered every day, it’s important to use a high-quality vulnerability scanner that offers continuous internal scanning. Intruder’s internal vulnerability scanner is easy to install on all your Windows devices to help identify any known vulnerabilities and emerging threats. Try our interactive demo below to see our Windows vulnerability scanner in action.
How to use Intruder’s vulnerability scanner for Windows
Intruder’s internal vulnerability scanner is designed to find weaknesses on systems not exposed directly to the internet. These systems are still accessible to attackers though if an employee is tricked into running malware on their laptop, or visits a link in an email – or if an attacker has managed to gain a foothold on a private network already. So they still need to be hardened against attacks.
As an agent-based scanner, Intruder needs to be installed on every device, but this can be done easily using the installation wizard, or you can do it manually. You can find a detailed installation walkthrough here.
Intruder is a great choice as a vulnerability scanner for Windows 10 and 11, giving you the flexibility to install it wherever your team demands. It will even scan and uncover unsupported legacy devices running Windows 7 or 8 so you can update them or take them offline. If your team depends on Windows to get things done, Intruder can help you reach your cyber security goals. Start your free trial today or get in touch for more information.
