Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Corporate networks can be compromised via Windows updates

Corporate networks can be compromised via Windows updates

2015/08/06

Help Net Security - (International) Researchers from Context Information Security reported that Microsoft Windows Update can be used to attack corporate networks by leveraging improperly configured Windows Server Update Services (WSUS) implementations, allowing for fake automatic updates that can install a trojan or other malware, and could be used to grant administrator privileges with a false login.

Source: http://www.net-security.org/secworld.php?id=18725

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:55