There are many threats that we can suffer when browsing the Internet. Many types of malware that in one way or another can damage our security and privacy. In this article we echo how they can abuse Windows Update to run malicious programs. A problem that can affect users of what is the most widely used operating system today on desktop computers.
They abuse Windows Update to sneak malware
We always say that it is vital to keep equipment up to date . In this way we can avoid possible vulnerabilities that are exploited by hackers to carry out their attacks. In this sense, Windows Update acts as a basic tool in the Microsoft operating system to keep it updated correctly.
But now Windows Update has just been added to the list of LoLBins , which attackers can use to execute malicious code on Windows systems. They are basically executables signed by Microsoft (they can be pre-installed or downloaded) that are used to evade detection.
The WSUS / Windows Update client allows you to check for new updates and install them without having to use the Windows user interface, but instead activating them from a command prompt window.
Using the / ResetAuthorization option allows you to initiate a manual update check, either on the locally configured WSUS server or through the Windows Update service, as indicated by Microsoft.
Now MDSec researcher David Middlehurst has discovered that attackers can also use wuauclt to execute malicious code on Windows 10 systems by loading it from a specially crafted arbitrary DLL with the following command line options:
wuauclt.exe / UpdateDeploymentProvider [path_to_dll] / RunHandlerComServer
Full_Path_To_DLL is the absolute path to the attacker’s specially crafted DLL that would execute the code when attaching it. It is a defense evasion technique. It does this by executing malicious code from a DLL loaded using a Microsoft signed binary, the Windows Update client (wuauclt).
In short, a new problem for Microsoft’s security . In this case, as we have seen, it affects the Windows Update tool that can be exploited to deploy malware on systems.
How to protect ourselves against these security problems
It is very important that we protect ourselves properly so as not to compromise our equipment. Something basic is to have a good antivirus installed. Having security tools will prevent the entry of malware that can affect us. There are many options that we have at our disposal and they are available for all types of devices and operating systems.
We must also have the latest versions. There are many security flaws that can arise. However, the developers and manufacturers themselves release patches to correct them. In this way we can avoid problems that affect us.
Last, but perhaps most importantly, common sense . Many of the threats enter through mistakes made by the users themselves. We must always avoid common mistakes that can damage our security. For example, don’t download from unreliable sources or don’t open suspicious attachments. We leave you an article with tips to maintain privacy on the network.
