I came across an interesting entry from hacktricks.xyz regarding WSUS:

"You can compromise the system if the updates are not requested using httpS but http."

Interesting...

After doing some research, it all links back to Contextis's 2015 paper "WSUSpect", a whitepaper on compromising the Windows network via Windows Updates …

Continue reading