Slashdot Mirror
Manipulating Microsoft WSUS To Attack Enterprises
msm1267 writes: Microsoft's enterprise-grade Windows Server Update Services (WSUS), used to download and distribute security and driver updates, poses a significant weak spot if not configured properly. Researchers Paul Stone and Alex Chapman during last week's Black Hat conference presented research (PDF) on the the WSUS attack surface and discovered that when a WSUS server contacts Microsoft for driver updates, it does so using XML SOAP web services, and those checks are not made over SSL.
While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could, with some work, tamper with the unencrypted communication and inject a malicious homegrown update.
While updates are signed by Microsoft and updates must be verified by Microsoft, Stone and Chapman discovered that an attacker already in a man-in-the-middle position on a corporate network, for example, could, with some work, tamper with the unencrypted communication and inject a malicious homegrown update.
If you already have someone with a MITM on your network, you've already been compromised. The sooner you know it, the better. This is kind of like those stories about some 'hack' someone found that requires keyboard access. If they have keyboard access, you're already sunk.