{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Threat Talks - Your Gateway to Cybersecurity Insights","title":"WSUS RCE: Update Weaponized","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/a5b84931\"></iframe>","width":"100%","height":180,"duration":1377,"description":"Attackers are abusing a WSUS flaw - Microsoft’s Windows Server Update Services - to detonate PowerCat, spawn reverse shells, and plant ShadowPad. All from the update server your entire Windows estate trusts by default.One weak crypto key and a broken deserialization function let attackers hit your WSUS server with unauthenticated SYSTEM-level code execution. Chinese APT groups are already exploiting it to drop malware in memory, blend into legitimate WSUS traffic, and pivot deeper into the network.Yes WSUS patch exists, but even if you patch it today, the real problem remains:Your WSUS server is a high-value target with high-trust pathways - and most environments expose it far more than they think.Watch host Lieuwe Jan Koning - with Blue Team expert Rob Maas and Red Team lead Luca Cipriano - break down how the exploit works, how attackers chain it into real-world intrusions, and the Zero Trust fixes that actually matter.Key Topics Covered• How one WSUS flaw enables unauthenticated RCE as SYSTEM• The attack chain: crafted payload → deserialization → PowerCat → ShadowPad• Why update servers are high-value pivot points for APT groups• How Chinese APTs weaponized this vulnerability in real-world intrusions• Zero Trust protections: segmentation, egress control, EDR/XDR detection• How to secure Microsoft Windows Server Update Services (WSUS patching best practices)Episodes Mentioned• China Nexus Barracuda Hack: https://www.youtube.com/watch?v=4X9AmBhOmSA• APT Sand Eagle: https://youtu.be/U5qdERmvEwg?si=kdsCJDNkGjs6Lklz• APT 44 / Seashell Blizzard: https://youtu.be/JqA0Irspxrc?si=nnJpz7VnLtz38LN4• APT Handala: https://youtu.be/XYf-SMhQdDc?si=WpIE0h9Q-pokz0MDGuest & Host LinksRob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/Additional ResourcesThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/amsSubscribe to...","thumbnail_url":"https://img.transistorcdn.com/zxiRQtIn39fLuEqIC458HdYTjdufBy-QMdJtCYFz97Y/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8xN2Q1/NGE1NjBhYWY0ZmY5/NzEyODA5OGU3NDdi/MmNmYi5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}