Window updates from an enterprise update server not configured to use encryption are vulnerable to an injection attackWhat is WSUS?Intercepting WSUS to Inject Malware into Corporate NetworksMitigation
Exactly how this can be done was demonstrated by researchers from UK-based security firm Context demonstrated at the Black Hat conference in Las Vegas on Wednesday. Context researchers demonstrated how hackers can compromise corporate networks by exploiting a weakness in Windows’ update mechanism. PCs on a corporate network update through a separate Windows Update (WSUS) server on the network. But insecurely configured implementations of the corporate update server can “be exploited in local privilege escalation and network attacks.”
What is WSUS?
Normally the Windows patches are served to the end users through Windows servers however this is not the case with corporate users. The patches are sent to the Windows Server Update Services (WSUS) of the corporate and than the administrator WSUS deploys the Windows software update to servers and desktops throughout the organization. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates.
Intercepting WSUS to Inject Malware into Corporate Networks
By default, WSUS does not use Secure Socket Layer (SSL) certificate encrypted HTTPS delivery for the SOAP (Simple Object Access Protocol) XML web service. Instead, it uses the non-encrypted HTTP. As WSUS installations are not configured to use SSL security mechanism, hence they are vulnerable to man-in-the-middle (MitM) attacks.
Mitigation
With the Windows 10 launch, there will be plenty of patches to fix the bugs and flaws. Through this method, the cyber criminals could flood the Internet with fake Windows patches which could harm millions of Windows 10 users.
