• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Windows patches can be intercepted and injected with malware

Darknet

Darknet

Alfrescian
Loyal
Joined
Dec 29, 2014
Messages
73
Points
0

Windows patches can be intercepted and injected with malware

Researchers say Windows machines that fetch updates from an enterprise update server not configured to use encryption are vulnerable to an injection attack.

By Zack Whittaker for Zero Day | August 6, 2015 -- 17:45 GMT (01:45 GMT+08:00) | Topic: Security

wsus-hero.jpg


(Image: CNET/CBS Interactive)

Can you be certain that patches served through Windows Update aren't laced with malware?

Researchers at UK-based security firm Context demonstrated at the Black Hat conference in Las Vegas on Wednesday how hackers can compromise corporate networks by exploiting a weakness in Windows' update mechanism.

The attack is simple enough. Typically, PCs on a corporate network update through a separate Windows Update (WSUS) server on the network. But insecurely configured implementations of the corporate update server can "be exploited in local privilege escalation and network attacks."

"During the update process, signed and verified update packages are downloaded and installed to the system. By repurposing existing Microsoft-signed binaries, we were able to demonstrate that an attacker can inject malicious updates in order to execute arbitrary commands," said the paper, seen by ZDNet prior to the scheduled talk on Thursday.

The researchers used low-privileged access rights to set up fake updates that were downloaded and installed automatically by connected machines.

WSUS servers that aren't configured to use common web encryption, such as a Secure Socket Layer (SSL) certificate, are vulnerable to man-in-the-middle attacks, wherein an attacker injects updates with malware.

"It's a simple case of a common configuration problem," said Stone in prepared remarks.

Stone said that corporate update servers that don't enforce encryption present "an opportunity for an administrator to compromise complete corporate networks in one go."

"Our concern is that when plugging in a USB device, some of these drivers may have vulnerabilities that could be exploited for malicious purposes," he said.

update-malicious.png


(Image: Context)

And yet, bizarrely, there's a relatively simple fix to prevent these attacks from happening.

The researchers said if network administrators followed Microsoft's guidelines to use SSL by default on the update server, that alone will be enough to prevent the described attack. That said, they added there were additional steps to take to offer greater protection, such as using a separate signing certificate to verify updates.

We reached out to Microsoft but did not hear back at the time of writing. If we do, we'll update the piece.


 
You must log in or register to reply here.

Similar threads

LITTLEREDDOT
China hacks Singtel, PAP govt kept quiet until Bloomberg news reported the incident
Replies
11
Views
758
nabeifuckpap
nabeifuckpap
Hitesh
Helping someone find a suitable candidate, PM if you know anyone
Replies
4
Views
767
nabeifuckpap
nabeifuckpap
duluxe
US and Japan warn of CCP hackers backdooring Cisco routers
Replies
3
Views
1K
Betsycrant
Betsycrant
S
Serious Fierce US Cyberattack on Deep Seek!
Replies
3
Views
239
rotiprata
rotiprata
firehyrant
One of world's biggest botnets taken down, US says
Replies
4
Views
549
firehyrant
firehyrant
Back
Top