Disabled WSUS config

[s-bt]

Hi there,

I had a customer today where the DWORD Value DisableWindowsUpdateAccess under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate was set to 1 which seems to effectively disable Windows Update and the config is not vulnerable event though http is set. Would be great if that made into the checks.

[itm4n]

Hi!

My understanding is that this setting disables user access to Windows Update and it also prevents Windows Update from querying public MS servers. However, it does not mean that the WSUS configuration is not vulnerable. The vulnerability lies in the fact that it uses clear text HTTP traffic to query and download updates from the internal servers.

So, DisableWindowsUpdateAccess should definitely make it harder to exploit but it does not mean the configuration is not vulnerable. Anyway, it is probably a good idea to add this to the check indeed.

[itm4n]

The script now reports the value of DisableWindowsUpdateAccess in case the configuration is vulnerable.

Feel free to close the issue or add a comment if you have a different understanding in regard to my previous message.