Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Default WSUS configuration puts organizations at risk: researchers.

Default WSUS configuration puts organizations at risk: researchers.

2015/08/10

Securityweek - (International) Security researchers from Context Information Security revealed that configuration issues in Microsoft Windows Update and Windows Server Update Services could be exploited in a situation in which secure sockets layer (SSL) communication is not enabled and a man-in-the-middle (MitM) attacker could modify metadata to create fake updates and execute arbitrary commands.

Source: http://www.securityweek.com/default-wsus-configuration-puts-organizations-risk-researchers

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:57