In this paper, we uncover 1645 critical vulnerabilities in the perimeter of Lebanon affecting the majority of its sectors, including critical infrastructure. Given the enormous economic and personal damage imposed by critical vulnerabilities, we use a novel framework to regularly identify these vulnerabilities in time on a large scale. We show that the root cause of the uncovered vulnerabilities is the lack of a core security best practice, namely, patch management. All the 1645 vulnerable systems had a patch offered by the vendor at the time they were found vulnerable. In addition to that, the poor reaction to our notification efforts to the owners of vulnerable systems underlines another lack of a proper incident handling process. To this end, this research shall be considered as a first step towards continuous attack surface evaluation of Lebanon, which shall involve different parties from public and private sectors in order to better perform risk analysis and mitigation.