PURPOSEIT resources could easily get exploited by the attackers to steal sensitive data, or to gain access ofthe system. Vendors and software service providers recognize these potentially exploitablevulnerabilities and release patches time to time. It is the job of the customers to update theservice from their end timely to avoid successful attacks from hackers. Most of thesevulnerabilities could be managed using additional software security, but in few occasions non-technical vulnerabilities are also exploited which can be caused from the security loopholes inthe access control of the data, and the social engineering attacks on the employees. These risksneed to be actively managed by the firm; therefore, it is the job of the company to assess theoverall safety of the company and teach the employees of the potentially vulnerable exploitspresent to the firm. The main purpose of this document is to create a vulnerability reduction andmanagement operation plan which can be used for staff testing and training, and highlight thevulnerabilities in the operating systems that are commonly used in the industries, the vulnerableoperating systems and their respected patched versions would be highlighted in this document.