How to Identify Missing Windows Patches for Easier Exploitation

How to Identify Missing Windows Patches for Easier Exploitation

No operating system is stricken with as many vulnerabilities as Windows, and it's often a race to release the latest patches to fix things. From an attacker's point of view, knowing which patches are present on a Windows machine can make or break successful exploitation. Today, we will be covering three methods of patch enumeration, using Metasploit, WMIC, and Windows Exploit Suggester.


For Metasploit, we will use a post module to find missing patches. With WMIC, we will run commands directly from a shell on the system to view quick fix engineering patches. And using Windows Exploit Suggester, we will compare the installed patches on the system with a database of vulnerabilities. We will be using Kali Linux to attack an unpatched version of Windows 7.


Method 1: Metasploit


The first method we will use to identify any missing patches on the target is Metasploit. Fire it up by typing msfconsole in the terminal.


~# msfconsole [-] ***rting the Metasploit Framework console.../
[-] * WARNING: No database support: No database YAML file
[-] *** . . . dBBBBBBb dBBBP dBBBBBBP dBBBBBb . o ' dB' BBP dB'dB'dB' dBBP dBP dBP BB dB'dB'dB' dBP dBP dBP BB dB'dB'dB' dBBBBP dBP dBBBBBBB dBBBBBP dBBBBBb dBP dBBBBP dBP dBBBBBBP . . dB' dBP dB'.BP | dBP dBBBB' dBP dB'.BP dBP dBP --o-- dBP dBP dBP dB'.BP dBP dBP | dBBBBP dBP dBBBBP dBBBBP dBP dBP . . o To boldly go where no shell has gone before =[ metasploit v5.0.20-dev ]
+ -- --=[ 1886 exploits - 1065 auxiliary - 328 post ]
+ -- --=[ 546 payloads - 44 encoders - 10 nops ]
+ -- --=[ 2 ..