According to a new report from security firm Context, hackers can intercept Windows Server Update Services to inject malware to Windows Enterprise.
WSUS apparently uses HTTP, which isn’t encrypted and it isn’t as secure as HTTPS which is encrypted. Since WSUS isn’t using SSL (HTTPS), it is vulnerable to man-in-the-middle attacks – according to Context. The security firm’s researchers, Alex Chapman and Paul Stone stated that hackers with low privileges can also deliver fake updates that can inject malware. The report also stated:
“Our concern is that when plugging in a USB device, some of these drivers may have vulnerabilities that could be exploited for malicious purposes. Everyone is familiar with the ‘searching for Drivers’ and ‘Windows Update’ dialog boxes on their desktops – but these seemingly innocuous windows may be hiding some serious threats.”
If you want to know more about this security research, head over to Context.