SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 Aug 2015

Corporate networks can be compromised via Windows Updates

If you think that the patches delivered through Windows update can not be laced with malware, think again.

Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. Security researchers from UK-based security firm ‘Context’ have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise.

WSUS allows an administrator to deploy the Windows software update to servers and desktops throughout the organization. These updates come from the WSUS server and not Windows server. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates.

Intercepting WSUS to Inject Malware into Corporate Networks

By default, WSUS does not use SSL encrypted HTTPS delivery for the SOAP (Simple Object Access Protocol) XML web service. Instead, it uses the non-encrypted HTTP. This is a major WSUS weakness that should not be ignored now. (At least when it has been exploited and shown to the world). As WSUS installations are not configured to use SSL security mechanism, hence they are vulnerable to man-in-the-middle (MitM) attacks.

According to researchers Paul Stone and Alex Chapman, the attack is so simple that a hacker with low privileges can set up fake updates that can be installed automatically by connected machines. All update packages that are downloaded from the Microsoft Update website are signed with a Microsoft signature. Which cannot be altered.

However, Hackers can alter Windows Update by installing malware in the metadata of the update. "By repurposing existing Microsoft-signed binaries, we were able to demonstrate that an attacker can inject malicious updates to execute arbitrary commands," researchers said in the paper. A malicious attacker can inject malware in the SOAP XML communication between the WSUS server and the client and making it look purely authentic update to install.

Windows update also includes more than 25,000 of 3rd-party drivers that are developed and signed by other developers, which can also be altered easily. “Our concern is that when plugging in a USB device, some of these drivers may have vulnerabilities that could be exploited for malicious purposes. Everyone is familiar with the 'searching for Drivers' and ‘Windows Update' dialog boxes on their desktops – but these seemingly innocuous windows may be hiding some serious threats.”

So, now it can be a big security threat for the new Windows 10. Either the corporates are going to live in the era of old Windows or upgrade and welcome the malware! The researchers demonstrated the hack at the Black Hat security conference in Las Vegas this week in a talk titled, WSUSpect: Compromising the Windows Enterprise via Windows Update [PDF].

Tags:
Windows information leaks Microsoft
Source:
The Hacker News
2026
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015