Author Topic: Windows updates can be intercepted and injected with malware  (Read 1038 times)

0 Members and 1 Guest are viewing this topic.

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Windows updates can be intercepted and injected with malware
« on: August 13, 2015, 09:27:33 pm »
Window updates from an enterprise update server not configured to use encryption are vulnerable to an injection attack

Windows 10 has come and it has had its fair share of controversies from spying on users to disabling the pirated games and hardware. The latest to hit the headlines is not related to Windows 10 in particular but all Windows patches issued by Microsoft. It seems cyber criminals can intercept the of Windows patches and inject it with malware using WSUS server in a corporate network.

Exactly how this can be done was demonstrated by researchers from UK-based security firm Context demonstrated at the Black Hat conference in Las Vegas on Wednesday. Context researchers demonstrated how hackers can compromise corporate networks by exploiting a weakness in Windows’ update mechanism.

Full story:
http://www.techworm.net/2015/08/windows-updates-can-be-intercepted-and-injected-with-malware.html

Windows ::)

« Last Edit: August 13, 2015, 09:28:33 pm by Axon »

aes256

  • Guest
Re: Windows updates can be intercepted and injected with malware
« Reply #1 on: August 13, 2015, 09:49:31 pm »
Very interesting story. Since we're on the topic of the security of W10: Windows 10 still has the IPv6 issue which allows anyone on a network to use the script flood_router26 to crash the Windows system by overloading the CPU and reseting the router in seconds. I just tested on a network I setup between a W10 machine and a Kali machine. I hope they patch 'em in the next updates or so.

But hell, its fucking Microsoft, they probably don't give a shit.
« Last Edit: August 13, 2015, 09:50:13 pm by aes256 »

Offline Darkvision

  • EZ's Fluffer
  • VIP
  • Royal Highness
  • *
  • Posts: 755
  • Cookies: 149
  • Its not a bug, It's a Chilopodas.
    • View Profile
Re: Windows updates can be intercepted and injected with malware
« Reply #2 on: August 14, 2015, 04:35:38 am »
Very interesting story. Since we're on the topic of the security of W10: Windows 10 still has the IPv6 issue which allows anyone on a network to use the script flood_router26 to crash the Windows system by overloading the CPU and reseting the router in seconds. I just tested on a network I setup between a W10 machine and a Kali machine. I hope they patch 'em in the next updates or so.

But hell, its fucking Microsoft, they probably don't give a shit.

Considering they expressly stated before it was released that they KNEW the vuln, and that it wouldnt be fixed. id say no. or as i was saying to someone the other day if someone puts out some like 5$-10$ wireless ipv6 crash tool that skids can walk around starbucks knocking everyone off the network it will get fixed. But until it becomes a mass issue(note im not saying this isnt a massive flaw! just that its not being used en-mass) it will remain unpatched.
The internet: where men are men, women are men, and children are FBI agents.

Ahh, EvilZone.  Where networking certification meets avian fecal matter & all is explained, for better or worse.

<Phage> I used an entrence I never use

aes256

  • Guest
Re: Windows updates can be intercepted and injected with malware
« Reply #3 on: August 14, 2015, 09:35:45 am »
Considering they expressly stated before it was released that they KNEW the vuln, and that it wouldnt be fixed. id say no. or as i was saying to someone the other day if someone puts out some like 5$-10$ wireless ipv6 crash tool that skids can walk around starbucks knocking everyone off the network it will get fixed. But until it becomes a mass issue(note im not saying this isnt a massive flaw! just that its not being used en-mass) it will remain unpatched.

It techinically can be patched by the individual disabling IPv6, but it is automatically set ON when purchased and used. And the chances that you're tech savvy enough to bother disabling it and knowing of the attack is very slim. Opening a wide range of damage in a lot of environments.

But disabling it will only make the computer not crash, the router will still go down. And the "good" thing is that you'll need to be on the same access point to perform the attack. That's why I prefer deauthentication method better.

This, in theory, could become a big issue. It can be used in important places such as banks or hotels, etc. This is if you're assholy enough to attack people on vacation at a hotel.
« Last Edit: August 14, 2015, 09:55:50 am by aes256 »

Offline volatility

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Windows updates can be intercepted and injected with malware
« Reply #4 on: August 29, 2015, 10:52:14 pm »
I don't know how an enterpise can use windows 10 if manny are stopped to xp or windows server 2008. The U.S. Army has pay two month ago 14 million dollar to microsoft only to continue the update for the xp machine. The russian work an alternative operating sistem, still on the alfa stage ,and country like Germany decide to kick out microsoft from the public office.
I guess whit the comming out of the windows 10 the microsoft has been revealed his intention to control information and this is not well seing.There are some alternative update for windows 7 /8/8.1 how allow the consent.exe to sent back information on the Microsoft servers.
« Last Edit: August 29, 2015, 10:53:57 pm by volatility »