Windows Server Update Services (WSUS) are internal Servers that receive softwate updates from Microsoft and distribute these to systems throughout the company.
If these severs (version 2012 and up) are accessible from the internet on their default TCP ports, 8530 (HTTP) and 8531 (HTTPS), they can be exploited. A proof of concept of the attack is available since October 21. Internet servers are currently being actively scanned and exploited by automated hacking scanners.
Over the past month, Microsoft did 2 attempts to patch the vulnerability, but did not succeed: exploits can work around the changes made by microsoft.
Given that WSUS is an internal software distribution system, it has the potential of distributing malicious code to internal machines.
Posts
No comments:
Post a Comment