WSUS RCE: Update Weaponized

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/87/c2/f8/87c2f8ef-8e03-63a6-264f-698f5239d96e/mza_17716733432111276097.jpg/600x600bb.jpg

Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks

103 episodes

1 week ago

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Tech News

News

RSS

All content for Threat Talks - Your Gateway to Cybersecurity Insights is the property of Threat Talks and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Tech News

News

https://img.transistorcdn.com/8hspPadKVHKoN19Mwbu-7baQM7SEKXdwXvxEv_nbtUQ/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS85ZWFh/ODMzMWY3ZjM4MGU2/YTkwMGJiODMwMjY5/MThiOC5qcGc.jpg

WSUS RCE: Update Weaponized

Threat Talks - Your Gateway to Cybersecurity Insights

22 minutes

6 days ago

WSUS RCE: Update Weaponized

Attackers are abusing a WSUS flaw - Microsoft’s Windows Server Update Services - to detonate PowerCat, spawn reverse shells, and plant ShadowPad. All from the update server your entire Windows estate trusts by default.

One weak crypto key and a broken deserialization function let attackers hit your WSUS server with unauthenticated SYSTEM-level code execution. Chinese APT groups are already exploiting it to drop malware in memory, blend into legitimate WSUS traffic, and pivot deeper into the network.

Yes WSUS patch exists, but even if you patch it today, the real problem remains:
Your WSUS server is a high-value target with high-trust pathways - and most environments expose it far more than they think.

Watch host Lieuwe Jan Koning - with Blue Team expert Rob Maas and Red Team lead Luca Cipriano - break down how the exploit works, how attackers chain it into real-world intrusions, and the Zero Trust fixes that actually matter.

(00:00) - Intro
(01:03) - What is a WSUS server?
(02:48) - The WSUS vulnerability
(05:49) - What is deserialization?
(08:17) - What to do about this vulnerability
(10:52) - How attackers are exploiting it
(18:42) - Real-world harm
(19:16) - Final advice & defense strategy

Key Topics Covered
• How one WSUS flaw enables unauthenticated RCE as SYSTEM
• The attack chain: crafted payload → deserialization → PowerCat → ShadowPad
• Why update servers are high-value pivot points for APT groups
• How Chinese APTs weaponized this vulnerability in real-world intrusions
• Zero Trust protections: segmentation, egress control, EDR/XDR detection
• How to secure Microsoft Windows Server Update Services (WSUS patching best practices)

Episodes Mentioned
• China Nexus Barracuda Hack: https://www.youtube.com/watch?v=4X9AmBhOmSA
• APT Sand Eagle: https://youtu.be/U5qdERmvEwg?si=kdsCJDNkGjs6Lklz
• APT 44 / Seashell Blizzard: https://youtu.be/JqA0Irspxrc?si=nnJpz7VnLtz38LN4
• APT Handala: https://youtu.be/XYf-SMhQdDc?si=WpIE0h9Q-pokz0MD

Guest & Host Links
Rob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/
Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/

Additional Resources
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX