According to the latest report of the famous security company Context, hackers can use Windows Server Update Service (WSUS) to attack Windows, such as Win10 Enterprise Edition. The system is infected with malware. So how do hackers do it?
One of the methods is to intercept the service and inject malicious false Windows updates into it. After the relevant users are installed, they will be "suggested".
At present, WSUS is still using unencrypted HTTP, which is far less secure than HTTPS with encryption. According to the Context message, since WSUS does not use SSL (HTTPS), it is highly vulnerable to "middle man" attacks. Researchers Alex Chapman and Paul Stone say that hackers can attack by pushing fake malicious patches even in lower-privilege situations.
The report also said: "What we care about is when plugging in USB devices, some of which may be vulnerable and exploited by hackers. The familiar "look for drivers" and "Windows Updates" dialog boxes, these seemingly harmless windows may hide some serious dangers. ”
This organization has extended a more difficult way to discover the threat from the vulnerability. The attack process may not be undetectable, but you will not think at all. That's in the "invasion" or "attack", so when you find a problem, you don't know how your system is "dead".
How to activate Win10 Professional Edition system? The official version of Win10 has been released.
users reflected in Win10 update and can not open the store often encounter error code 0x80072efd (or
In almost every new version of Windows 10, well find some changes to the system icons, and the lates
In the previous section, we mentioned the word DHCP. Why use DHCP? If there are 100 computers in the
How to turn off the system icon of the notification bar in Windows 10
Win7 uses kms to activate Office when prompted to 0x8007000d error solution
About the installation of LInux system under WIndows7
Win8 system computer clicks broadband connection when there are multiple solutions to error 629
Win10 Redstone Preview 14279 Update Known Issues and Solutions
Windows Server 2008 R2 Domain Controller: Carefully Planning RODC
Win10 system to check whether the patch is updated to the latest method
Win10/Win8.1/WP8.1 developers can now respond publicly to user comments
How does Win8.1 remove the American keyboard? Win8.1 system deletes the American keyboard method
How to set up automatic pop-up touch keyboard for win10 system?
Win8 system connection Wlan prompts no network can not be connected to the solution
How to use the win9 start menu? Windows9 Start Menu Function Demo Video Tutorial
Windows 8.1 preview will be available separately for ISO downloads
How does the win7 system adjust the resolution of the computer to the best?
WinXP control panel part of the function can not be used to solve
Windows BOOT\\BCD error solution
Server Security Dog Remote Desktop Protection Tutorial
How does Win10 solve Age of Empires 3? You did not install msxml4.0
Win 7 system security optimization, slimming strategy
Win10 forced automatic update KB3074681 caused the resource manager to crash