Detecting Windows Vulnerabilities

Most estimates put Microsoft's Windows operating system running on the vast majority of Desktop computers. With such a large installed base, Windows systems are attractive targets for attackers. This Lab will detect and analyze the vulnerabilities of a Windows host. You will learn how to prevent having vulnerabilities exploited and learn how to investigate specific vulnerabilities. Host security is one layer in a multi-layered security strategy. This Lab focuses on host security and does not discuss other layers such as network and application security.

The Windows host that you will check for vulnerabilities is a Windows 7 virtual machine running in a Hyper-V virtual environment.

This Lab is designed for the CREST Practitioner Security Analyst (CPSA) certification examination but is of value to security practitioners in general.

Learning Objectives

Upon completion of this Lab you will be able to:

• Understand different categories of host vulnerabilities
• Learn how to protect against host vulnerabilities
• Find out more information about specific vulnerabilities
• Learn about Windows tools that can help identify system vulnerabilities

Intended Audience

This Lab is intended for:

• CREST CPSA certification examinees
• Security practitioners
• Windows administrators

Prerequisites

You should be familiar with:

• Working with the Windows operating system at a basic level

Updates

October 30th, 2023 - Updated the instructions and screenshots to reflect the latest UI

April 20th, 2021 - Updated instructions to reflect changes to security analyzer

July 9th, 2020 - Enabled direct browser RDP connection for a streamlined experience