Saturday, 8 August 2015

WSUS Allows Attacker Distribute Infected Windows Updates

Companies and organizations that their Windows Server Update Services (WSUS) have not configured securely give attackers the ability to provide the entire corporate network from infected Windows updates.WSUS acts as a proxy for Windows Update. Companies can deploy effectively via WSUS Windows updates within their local network.

Instead of all company computers to connect to Microsoft servers to download updates, this is done once by WSUS. The WSUS server is installed in the corporate network and all connected business computers then will their Windows updates downloaded from the WSUS server. By default, WSUS, however not enabled to use HTTPS. An attacker who already has access to the corporate network can use to take then other company computers.

That researchers Paul Stone and Alex Chapman at the Black Hat conference demonstrated in Las Vegas ( pdf ). To prevent attacks via Windows Updates Windows only accepts updates that are signed by Microsoft. The researchers showed that an attacker Microsoft signed files can reuse to inject malicious updates, which are then to execute arbitrary commands on the attacked computers.

The attack, according to Stone and Chapman easy to avoid, namely setting up SSL. Most companies would also do this, so let them versus SC Magazine know. Companies, however, have not brought the risk that a system at one time the entire corporate network can compromise, the researchers said. In addition to enabling SSL by companies that use WSUS, Microsoft may also screwing security. The software giant would namely to use a separate certificate for the signings of Windows updates.

No comments:

Post a Comment