Default WSUS Configuration Puts Organizations at Risk: Researchers


Organizations that fail to configure Windows Server Update Services (WSUS) to use SSL are exposed to cyberattacks, researchers have warned.

In a presentation last week at the Black Hat security conference in Las Vegas, researchers from Context Information Security demonstrated how Windows Update, and particularly WSUS, can be abused in attacks aimed at corporate networks.

WSUS is designed to allow IT administrators to fully manage the distribution of updates to the machines in their organization’s network. WSUS relies on SOAP XML calls to perform updates.

The WSUS configuration wizard in Windows Server 2012 advises users to utilize SSL with the service once the system has been set up. However, since SSL is not enabled by default, experts believe a “significant number” of WSUS deployments don’t use SSL.


Da Boss!

Website: Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.