Detections
Analytics

WSUS Dangerous Misconfigurations

critical

Language:

Description

Windows Server Update Services (WSUS) is the Microsoft product that deploys Windows updates to workstations and servers. Misconfigurations of WSUS settings can lead to an elevation to administrator privileges from a standard account.

Solution

Certain Microsoft WSUS parameters can have a significant security impact on the entire Active Directory and therefore require careful configuration.

See Also

Introducing SharpWSUS

WSUSpendu - Injecting a new update (p17)

Indicator Details

Name: WSUS Dangerous Misconfigurations

Codename: C-WSUS-HARDENING

Severity: Critical

MITRE ATT&CK Information:

Tactics: TA0006, TA0008

Techniques: T1557, T1072

Attacker Known Tools

Paul Stone, Alex Chapman: WSUSpect Proxy

Romain Coltel, Yves Le Provost: WSUSpendu