• Home
  • |
  • Blog
  • |
  • How To Quickly Find And Fix Vulnerabilities On Windows In No Time?
How to quickly find and fix vulnerabilities on Windows in no time!

No matter whatever the reason is. Still, Microsoft Windows tops the position in malware infection. According to Statista report, In 2020, Windows has seen more than 83% of cyber attacks against other operating systems. This clearly tells that Windows is the hot cake for hackers, cybercriminals, and threat actors. All Windows users should pay more attention towards the Security than any other. Vulnerability is one of the common attack vectors to consider. When it comes to the Windows operating system, it tops the list. In Exploit DB we found around 10K vulnerabilities related to Windows alone. It is the responsibility of each Windows users to keep track of all the newly discovered vulnerabilities regularly and fix them at the right time. We knew it is a great troublesome and laborious task to do.  In this article, we are going to show how to quickly find and fix the vulnerabilities on your Windows OS.

Operating systems most affected by malware in 2020

Do you know how many vulnerabilities your system has? How many exploits are available for them? How much of them are critical? Then how do you fix them? We will show you a quick method which will give answers to all such questions. We have a tool called Windows Exploit Suggester – Next Generation (WES-NG) developed on Python that will answer all these questions.

Windows Exploit Suggester – Next Generation (WES-NG):

WES-NG is a python tool that discovers vulnerabilities including the available exploits information for the discovered vulnerabilities on the system by analysing the output of Windows’ systeminfo utility. You can use this Python tool to find and fix the vulnerabilities on any Windows desktop operating system from Windows XP to Windows 10 and server operating system from Windows server 2003 to Windows server 2019.

How Does Windows Exploit Suggester – Next Generation (WES-NG) Work?

As we said earlier, WES-NG users the built-in utility ‘systeminfo.exe‘. If you don’t know about systeminfo, it is a command-line utility used to print the detailed system information. It prints information about the processor, ram,  operating system, network cards, BIOS, system boot, and there are a plethora of things. WES-NG uses this information as input and checks for the associated vulnerabilities in its database. Its database is considered more accurate than Microsoft’s as it reefers multiple sources to create a comprehensive database. In its report, it shows which vulnerabilities were found on the system. Their CVV ID, associated services, available exploits, and how to fix them.

Pros & Cons Of Windows Exploit Suggester – Next Generation (WES-NG):

Cons:

The important thing to note is that it doesn’t scan the system to determine the vulnerabilities. It just provides the list of vulnerabilities based on the version, build, and patch installed on the machine. You can see the manually fixed vulnerabilities in the list as it doesn’t scan the system for vulnerabilities. This makes it less accurate and you may see a few false positives either. None of the tools available in the market is perfect, right?

Pros:

However, it gives the result in no time. It’s totally free to use. It doesn’t take a lot of time to give results, unlike other tools. It’s a perfect tool for a quick check. No technical knowledge is required to run the tool. All these properties will make this tool perfect for individual users and small business.

Sources From Were Windows Exploit Suggester – Next Generation (WES-NG) Collects The Updates:

It gathers the data from these three sources. So this makes it more valuable.

  • Microsoft Security Bulletin: KB articles for older systems
  • MSRC: The Microsoft Security Update API of the Microsoft Security Response Center (MSRC): Standard source of information for modern Microsoft Updates
  • NIST National Vulnerability Database (NVD): Complement vulnerabilities with Exploit-DB links These are combined into a single .csv file which is compressed and hosted on GitHub repository.

How To Quickly Find And Fix Vulnerabilities On Windows?

Step #1: Clone the Git repo or just download the code from the Github: https://github.com/bitsadmin/wesng

  1. Step #1:

    Clone the Git repo or just download the code from the Github: https://github.com/bitsadmin/wesngWindows Exploit Suggester - Next Generation

  2. Step #2:

    Navigate to the location where it is stored. In my case I have stored it in: C:\Windows\System32\cmd.exeWindows Exploit Suggester

  3. Step #3

    Run the wes.py script from Python. Download and install the Python from Python.org if Python is not installed on your machine.  It is very easy, simple, and direct procedure to install Python on the Windows machine. Make sure to add Python to the PATH. This creates a PATH environment variable to run the Python script.Installing Python

  4. Step #4:

    Install chardet library.
    > pip install chardet

    Install chardet library

  5. Step #5:

    Store the systeminfo output to a file. Use ‘>’ symbol to store the output of the systeminfo command.
    > systeminfo > sysinfo.txtsysteminfo output

  6. Step #6:

    1st Machine:
    Run the wes.py script using Python.


    Symtex to run the script is:
    Python wes.py full path of ‘sysinfo.txt’


    > python wes.py sysinfo.txt


    This tool can be ran through few filters.
    Example:
    Filter to print only critical vulnerabilities with ‘-s critical’
    > python wes.py sysinfo.txt -s critical
    Filter to print only exploit available critical vulnerabilities with ‘-e’
    > python wes.py sysinfo.txt -e
    Get help
    > python .\wes.py -hRun the wes.py script using Python

  7. Step #7:

    Analyse the report. In this case, the first, three-block shows the three vulnerabilities in my machine. Forth and the last block shows the 2 missing patches. This system is in good shape. If you found more and critical vulnerabilities on the system. Apply the recommended patches written at the end of the report.Windows Update

  8. Download and install the Windows Updates

    Windows Update1

  9. No vulnerabilities. This shows that we have fixed all the vulnerabilities.

    Run the wes.py script using Python 1

  10. 2nd machine:
    We found 89 vulnerabilities. Report suggested three patches to fix all 89 vulnerabilities.WES-NG vulnerabilities report

  11. WES-NG Critical vulnerabilities filter

    Filter to print only critical vulnerabilities with ‘-s critical’
    > python wes.py sysinfo.txt -s critical

    WES-NG Filter to print only critical vulnerabilities

  12. WES-NG available exploit vulnerabilities filter

    Filter to print only exploit available critical vulnerabilities with ‘-e’
    > python wes.py sysinfo.txt -e

    WES-NG Filter to print only exploit available critical vulnerabilities

  13. Reboot to complete Windows Update

    After applying patches, system will ask to restart.reboot system

  14. Windows Updates after reboot

    Patches applied after reboot.Patches applied after reboot.

  15. No vulnerabilities means all patches were applied.

    WES-NG report

This completes the process. This is how you can quickly find and fix vulnerabilities on Windows in no time.

Thanks for reading the article. Please share your comments to if you like this demo. Read more such interesting articles here:

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.