Researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS).
- A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client Digest Article
- The Next Big Cyber-Attack Vector: APIs Digest Article
- Microsoft Releases Emergency Windows Update to Hamstring Earlier ‘Spectre’ Defense Digest Article
- Microsoft Updates Guideline on Windows Driver Security Digest Article
- Attackers can Pull Data From Air-gapped Networks’ Surveillance Cameras Digest Article