Note: It is always best practice to test any changes made to the system and back up the current version in case you have to roll it back before deploying it into production.
- PowerShell
- Nessus Essentials
- Windows Registry Editor
- Windows 10
- Virtualization VMware Pro
Nessus Essentials Interface
Configuring Basic Noncredential Scan on Windows 10 Host
Running Scan
Noncredential Scand Completed
Configuring Credential Scan on the same Windows 10 Host
Running Credential Scand
Credential Scan Completed
As you can see Credential-based vulnerability assessment, which make use of the admin account, do a more thorough check by looking for problems that cannot be seen from the network. On the other hand, non-credentialed scans provide a quick view of vulnerabilities by only looking at network services exposed by the host.
Critical Vulnerability Found (Windows 10 Version susceptible to multiple vulnerabilities)
(Windows 10 Version susceptible to multiple vulnerabilities). After careful research, we determined that to remedy this vulnerability, it was necessary to update Windows 10 to a more recent version.
Another critical vulnerability found (Microsoft Internet Explorer Unsupported Version)
(Microsoft Internet Explorer Unsupported Version) Lack of support implies that the vendor will release no new security patches for the product. As a result, it is likely to contain security vulnerabilities. Possible remediation was either upgrading to a currently supported Internet Explorer version or disabling Internet Explorer on the target device. In this case, we decided to uninstall Microsoft Explorer and use another internet browser.
[Note] It is crucial to take into account that the solution will not always be to delete the application, there are cases in which it is impossible to eliminate the risk for many reasons, and if that is the case, it is necessary to take other security measures to keep the device with some vulnerability protected by other means, such as placing it in a segmented area of the network and implementing additional security devices such as placing a firewall or some type of IPS.
High Vulnerability Found (WinVerifyTrust Signature Validation CVE-2013-3900)
[Remediaton] To eliminate this vulnerability, we added and enabled a key registry value (EnableCertPaddingCheck) and additionally, on 64 Bit OS systems, a key registry value (EnableCertPaddingCheck) was added an enabled.
Medium Vulnerability Found (SMB Signing not required) An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
To reduce the risk, SMB1 was disabled using PowerShell utility since SMB1 protocol is labeled as insecure. In addition, it is recommended to disable SMB2 or some other protocol that is not being used and thus reduce the attack surface.