WSUSpect - Compromising The Windows Enterprise Via Windows Update

by Paul Stone, Alex Chapman
Sept. 19, 2017 1 comment belen_caty

WSUS (Windows Server Update Services) allows admins to co-ordinate software updates to servers and desktops throughout their organisation. Whilst all updates must be signed by Microsoft, we find other routes to deliver malicious updates to Windows systems using WSUS. We will demonstrate how a default WSUS deployment can be leveraged to gain SYSTEM level access to machines on the local network. We also take a look at exactly what happens when you plug in a new USB device into a Windows desktop. There are thousands Microsoft-signed updates for 3rd party drivers available through Windows Update. We show how driver installs can be triggered by low privileged users and look at the insecurities that can be introduced by these Microsoft-blessed drivers.

Mitchell Rowton moderator 8 months ago

It's always fun to learn that the infrastructure you use to deploy security patches is also used to deploy malware