Windows Updates: Are You Still Vulnerable?

TL;DR

Windows updates are good, but not always enough. This guide shows you how to check if your systems are *really* protected after patching, covering update history verification, third-party software checks, and advanced security measures.

Checking Windows Update History

1. Verify Recent Updates: Make sure updates have actually installed successfully.
• Open Settings (Windows key + I).
• Go to Update & Security > Windows Update > View update history.
• Look for recent security updates and feature updates. Check the ‘Install date’ column. Any failures need investigating.
2. Use PowerShell: For a more detailed view, use PowerShell.

   Get-HotFix | Where-Object {$_.Source -like "Windows Update"} | Sort-Object InstalledOn -Descending | Select-Object HotFixID, Description, InstalledOn

Third-Party Software Updates

Windows updates don’t cover everything. Many vulnerabilities exist in programs like web browsers, Office, Java and Adobe products.

1. Manual Checks: Regularly check for updates within each application.
   • Most applications have a ‘Check for Updates’ option under the ‘Help’ menu.
2. Software Inventory Tools: Use tools to identify installed software and their versions.
   • WSUS Offline Update: A free tool that can download updates for many third-party applications, even without internet access on the target machine. https://www.wsusoffline.net/
   • Ninite Pro: (Paid) Automates software installation and updating across multiple machines. https://ninite.com/pro

Beyond Windows Updates: Advanced Security

Even with updates, you need extra layers of protection.

1. Enable Windows Defender Firewall: This is your first line of defence.
   • Check it’s enabled in Settings > Update & Security > Windows Security > Firewall & network protection.
2. Antivirus/Anti-Malware: Use a reputable antivirus solution.
   • Windows Defender is good, but consider third-party options for enhanced features and detection rates.
3. Regular Vulnerability Scanning: Identify weaknesses before attackers do.
   • Microsoft Defender Vulnerability Management: (If you have Microsoft 365 E5) Provides vulnerability assessments.
   • Nessus Essentials: A free vulnerability scanner for home use and small businesses. https://www.tenable.com/products/nessus
4. User Account Control (UAC): Keep UAC enabled to prevent unauthorized changes.
   • Adjust the level in Settings > Accounts > Family & other users > User Account Control settings.
5. Keep Drivers Updated: Outdated drivers can be exploited.

   pnputil /enum-drivers

   Use this command to list installed drivers and check for updates through Device Manager.

Final Thoughts

Cyber security is an ongoing process. Regularly review your update status, scan for vulnerabilities, and educate yourself about the latest threats. Don’t rely solely on Windows Updates – a layered approach provides the best protection.