About Andy Jenkinson
Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.
Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader.
Earlier this week it was revealed that DNS Poisoning was exploiting a number of ISP’s enabling hackers to deliver Malware to Windows and Mac users via software updates and unsecure connections.
We would like to take that further and share how, when DNS servers are compromised, it is possible that they can be exploited to also add Malware into software updates – remember SolarWinds Orion and (Sunburst) Malware.
WSUS – ”The Windows Update Services: Client-Server Protocol (WUSP) and the Windows Update Services: Server-Server Protocol (WSUSSS). The primary relationship between the Windows Update Services: Client-Server Protocol (WUSP) and the Windows Update Services: Server-Server Protocol (WSUSSS) is based on shared data among the member protocols.”
”State sharing of the information passed using WSUSSS and WUSP takes place on an update server. An update server can participate in protocol exchanges with a USS or a DSS using WSUSSS as well as protocol exchanges with update clients using WUSP.”
”WSUS maintains data for each protocol, and there is substantial overlap among the data maintained for each protocol. Data that is modified by a WSUSSS protocol exchange can be consumed by a WUSP protocol exchange, and vice versa.”
As the below WSUS topology diagram shows, the DNS server plays a critical role in the distribution of software updates. This is immaterial if the updates are Orion, Falcon, Microsoft, or any other updates using WSUS.