Explore the vulnerabilities in Windows Update and WSUS (Windows Server Update Services) in this Black Hat conference talk. Delve into the intricacies of driver installations triggered by USB devices and the potential security risks associated with Microsoft-signed third-party drivers. Learn how attackers can exploit default WSUS deployments to gain SYSTEM-level access to machines on local networks. Discover the process of finding and automating driver installations through Windows Update and the Windows Update Catalog. Examine the security implications of WSUS, including possible attack vectors and vulnerabilities in proxy settings, state pools, and update metadata. Witness demonstrations of these exploits and gain insights into securing enterprise WSUS configurations. Understand the complexities of Windows Update processes and the importance of proper security measures in enterprise environments.
Compromising the Windows Enterprise Via Windows Update
Overview
Syllabus
Introduction
Why hardware drivers
Vendor code quality
Process overview
Finding drivers
Automating drivers
Search Windows Update
Catalog Updates on Microsoftcom
Accessing the Catalog
Plan
Devices
Files
Windows Device Consult
VirtualBox VM
DEFCON
Device Simulation Framework
USB Filters
What is WSU
Security of WSU
Possible attacks
Proxy settings
State pools
Sync updates
Hardware updates
Metadata
XML
Update IDs
Update Metadata
Extended Update Info
Update XML
Update Handlers
Program Attributes
Installation
The Plan
Setup
Modify Proxy Settings
BGInfo
Demo
Check for SSL
Summary
Textmate
Why is Update so slow
Whitepaper
Taught by
Black Hat
