Security vulnerabilities are regularly published by the dozens, and software vendors are in a constant race to issue updates that patch or mitigate them. This happens at an even faster pace in popular platforms that are appealing to researchers and attackers alike. That makes Microsoft’s Windows operating system — the leading desktop operating system by market share — a high-profile target, with a constant stream of vulnerabilities published regularly. Microsoft uses its monthly Patch Tuesday updates to automatically secure many Windows devices from those vulnerabilities.
That means most users are safe because they have an up-to-date version of Windows. However, there are many environments in which that is not the case. For example, industrial networks are often not managed, and are isolated from the online update services, meaning that many computers are left unpatched and vulnerable.
In these cases, IT administrators will still want to know based on the installed updates on a host, what vulnerabilities remain unpatched. In other words, to determine which vulnerabilities are resolved given a list of installed patches.
During our research we found this task difficult because of different complexities in the Microsoft update process. We will describe these challenges and walk through the journey of collecting data from different sources, building a dependency flow of updates, and eventually listing all remaining vulnerabilities on a host based on the list of installed updates.
This post was created with our nice and easy submission form. Create your post!