We provide reporting on specific Windows vulnerabilities so that users can quickly determine their level of exposure to the latest threats. Some items include:
- WannaCry/BadRabbit
- Meltdown
- BlueKeep
- Windows CryptoAPI Spoofing
In order to detect these vulnerabilities, we attempt to inventory each device's full Windows build, including the UBR (Update Build Revision), and catalogue their installed hotfixes. We also maintain separate lists of hotfixes that each contain a patch for the relevant vulnerability, updating it daily to stay relevant. Here are some reasons that explain why we follow these practices:
- The Windows build will tell us if a device contains the fix in its actual build
- The list of installed hotfixes will tell us if a device contains the fix as a patch on its current build, especially useful if the full Windows build was not returned
- Later versions of Windows reset their list of hotfixes each build, making the build number important to use in addition so that we don't flag a device as exposed when it has simply updated its build
- Later hotfixes replace older ones and may appear as installed when the older ones do not, which is why we maintain a list of the latest and all relevant hotfixes using Microsoft's sources
Links to Microsoft Update Guides for each vulnerability:
WannaCry: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0143
BlueKeep: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0708
CryptoAPI: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0601
Meltdown: https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV180002