Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Earlier this week it was revealed that DNS Poisoning was exploiting a number of ISP’s enabling hackers to deliver Malware to Windows and Mac users via software updates and unsecure connections.
We would like to take that further and share how, when DNS servers are compromised, it is possible that they can be exploited to also add Malware into software updates – remember SolarWinds Orion and (Sunburst) Malware.
WSUS – ”The Windows Update Services: Client-Server Protocol (WUSP) and the Windows Update Services: Server-Server Protocol (WSUSSS). The primary relationship between the Windows Update Services: Client-Server Protocol (WUSP) and the Windows Update Services: Server-Server Protocol (WSUSSS) is based on shared data among the member protocols.”
”State sharing of the information passed using WSUSSS and WUSP takes place on an update server. An update server can participate in protocol exchanges with a USS or a DSS using WSUSSS as well as protocol exchanges with update clients using WUSP.”
”WSUS maintains data for each protocol, and there is substantial overlap among the data maintained for each protocol. Data that is modified by a WSUSSS protocol exchange can be consumed by a WUSP protocol exchange, and vice versa.”
As the below WSUS topology diagram shows, the DNS server plays a critical role in the distribution of software updates. This is immaterial if the updates are Orion, Falcon, Microsoft, or any other updates using WSUS.