WSUS Dangerous Misconfigurations



Windows Server Update Services (WSUS) is the Microsoft product that deploys Windows updates to workstations and servers. Misconfigurations of WSUS settings can lead to an elevation to administrator privileges from a standard account.


Certain Microsoft WSUS parameters can have a significant security impact on the entire Active Directory and therefore require careful configuration.

See Also

Introducing SharpWSUS

WSUSpendu - Injecting a new update (p17)

Indicator Details

Name: WSUS Dangerous Misconfigurations


Severity: Critical

MITRE ATT&CK Information:

Tactics: TA0006, TA0008

Techniques: T1557, T1072

Attacker Known Tools

Paul Stone, Alex Chapman: WSUSpect Proxy

Romain Coltel, Yves Le Provost: WSUSpendu