The 10 Major Windows Security Vulnerabilities

Image: Windows Central

Almost all of the windows networks have the number of security holes. Luckily many of these holes can be repaired quickly and efficiently before they create any threat to your business-critical data. In this post ten most common and correctable windows security vulnerabilities are included:

  1. File and share permissions that give up everything to everyone — This is one of the most significant weakness seen with Windows systems regardless of the type of system or Windows version. One who creates shares to make their local files available across the network is typically the offender. Sometimes it negligence admins; other time they are an unintentional or honest mistake. Unfortunately, all too often the “Everyone group” is authorized for every file on the system. Then all it takes is for an insider to search for sensitive keywords saved in pdf, Xls, doc and other file formats applying a text search too such as Effective File search or File locator pro. Odd is almost 100% of the time- the attackers will come across a sensitive report (SSNs, credit card numbers, you name it) that they shouldn’t have access to. Best case scenario, this is identity theft in the making. Worst case, this becomes a serious breach that makes the headlines.
  2.  Lack of malware protection– This is one of the underlying security vulnerabilities seen in many computers. Most of the users’ disable and do not install antivirus and antispyware.
  3.  Lack of personal firewall protection– This is another security control that is still disabled on many Windows system. People may not be aware of this but even the basic and free Windows Firewall can prevent connection to the IPC$ and Admin$ shares that are often open and passing information and access that they shouldn’t be divulging. Malware infiltrations, wireless intrusion and more can be even be blocked by personal firewalls. Using private on all workstations and most can be a bad idea.
  4. Weak or nonexistent drive encryption-The drive encryption marketing is functioning magically but still, the majority of organizations are not using encryption, the whole- disk encryption is the only way to go. If a laptop or desktop machine is lost or stolen, the only way to secure someone from cracking the Windows password and gaining full access to the hard drive is to encrypt everything using reasonable passphrases. Depending on Windows Encrypted File System (EFS) or another file/directory/volume-level encryption puts too much security control in the hands of users and is a breach waiting to happen.
  5.  No minimum security standards Wireless networks users need to follow secure company policies at their homes, like requiring SSL for Outlook Web Acess, a PPTP VPN connection for remote network connectivity or WPA- PSK with a strong password to help to guarantee everything is safe and sound. This can be hard to enforce without a workstation- based wireless IDS/IPS (typically a component of an enterprise wireless management system) or a well-configured Network Access Control (NAC) system. Nevertheless, make it your policy and enforce it wherever possible.

 6. Missing patches in Windows as well as third-party software, such as VNC,         RealPlayer and others- This is the crucial problem that is often ignored.         Using Metasploit its commercial alternatives CANVASand CORE IMPACT, many missing patches can be exploited by a rogue insider or outsider who’s gotten into your network via other means. Full remote access anyone?

7. Weak Windows security policy settingsSome examples of the examples regarding this problem are audit logging that is not being enabled for failed events; no password-protected screensavers; not requiring Ctrl+Alt+Del for login; not lacking password complexity, and showcasing the last user name that logged in. Policies to manage these issues are easy to implement locally on each Windows system for smaller Windows shops not running Active Directory. It’s even easier for larger enterprises via Active Directory Group Policy.

8. Unaccounted for systems running unknown, and unmanaged, services such as IIS and SQL Server Express These are not only a problem but also a legacy of Windows systems that aren’t within the scope of enterprise security and compliance. Sometimes, they’re not even supported by third-party security management apps, so they get pushed aside. These systems (typically Windows 98, NT and 2000) are often unhardened and unpatched and are waiting to be exploited. Inevitably there’s going to be some random training or test system that everyone forgot about. But such a system is all it takes for someone with ill intent to get onto your network and do bad things.

9. Weak or nonexistent passwords-There are many systems in the Windows laptops that do not have a password assigned to the Administrator, or the default user’s password is the same as the user name. The issue of the password has been taking place for a long time, so there is no excuse for this one.

10. Windows Mobile and other mobile device weaknesses– Windows mobile are associated with various vulnerabilities and weaknesses.

Some mobile-specific issues are essential to have on everyone radar. In a tip called Windows mobile security: Get it locked down, some of the several things to consider

To detect these vulnerabilities, you need the right tools, including port scanners and system enumeration tools, such as SuperScan or, ideally, vulnerability scanners that do it in one fell swoop, such as QualysGuard. An easy-to-use network analyzer such as OmniPeek or CommView is a must, and so is a good hex editor. Last, but certainly not least, you’ll have to use your expertise to analyze your systems to check for weaknesses manually. It’s easy to verify whether malware protection is installed but not so simple to determine just how weak file permissions; missing Group Policies and the like can be exploited.


Please enter your comment!
Please enter your name here