Security researcher David Middlehurst (@dtmsecurity) posted a blog yesterday briefly detailing a method that attackers could use to evade detection by using the Windows Update client to run arbitrary DLLs on the system. Using the “/UpdateDeploymentProvider” command line argument, a file path to a malicious DLL and the “/RunHandlerComServer” argument after, it is possible to get code execution through Windows Update. After his discovery, Middlehurst also found a sample in the wild taking advantage of this functionality. Although the original post does not provide a lot of detail, a second blog post through @MDSecLabs will eventually be shared.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security