Software vulnerability announcements must be taken seriously since attackers can use them to gain access to hosts on the network. System administrators should move quickly to install software patches, or adjust firewall rules to mitigate exploitation until the patches can be installed properly. For Navy computer systems, vulnerability announcements come in radio messages called IAVAs and IAVBs (Inforamtion Assurance Vulnerability Announcement/Bulletin).

For this exercise, the WKSTA host is running Microsoft Windows XP SP1 and the WWW host is running Microsoft Windows Server 2003 SP0. Both versions are out of date and have known flaws that allowed you to gain privileged access during the attack lab. Let's patch our Windows hosts!

The patch installation will take about 10-15 minutes. You may make other changes to the host during the installation process.
  1. Remote Desktop to one of the Windows hosts and log in as the Administrator.
  2. From the Windows host, open a web browser and go to http://3.3.3.3/windows
  3. Right-click and "Save Target As" the .exe file beginning with WindowsXP (for WKSTA) or WindowsServer2003 (for WWW). Save it to the Desktop for convenience.
  4. Once the file has completed downloading, click Open on the downloads window.
  5. Following the installation prompts.