Windows Vulnerabilities

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

This topic is about how the complexity of operating systems breeds vulnerabilities with particular emphasis on the Windows operating system.


Any complex ecosystem will have unexplored vulnerabilities, even simple bacteria have viruses that prey on them.[1]

Finding Vulnerabilities

Some people seem to have the predilection for seeking out the unknown, the strange or the weakness in a system. This section is about those people.

    Most of you are probably aware that there are only so many ways to pivot, or conduct lateral movement to a Windows system. Some of those techniques include psexec, WMI, at, Scheduled Tasks, and WinRM (if enabled). Since there are only a handful of techniques, more mature defenders are likely able to prepare for and detect attackers using them. Due to this, I set out to find an alternate way of pivoting to a remote system.

Fixing Vulnerabilities

Other people seem to have the predilection to patching the holes. These are seldom the same people that find them.

  • John Lambert as a PM is Windows Security in the Windows XP time frame tried to find a way to protect Administrators from elevation of privilege attacks from account with admin privileges. This eventually lead to the effort under Tom Jones to enforce Mandatory Access Controls in Windows.


  1. Carl Zimmer, The Secret Life of a Coronavirus New York Times (2021-02-28) p R4