(Figure) Windows Update was found to be abusive to execute malicious programs.

In September, the site reported that malicious files could be downloaded from the command line in Microsoft Defender, and now similar features have been found in Windows Update that can be misused by hackers to execute malicious files.

(Figure) Windows Update was found to be abusive to execute malicious programs.

(Figure) Windows Update was found to be abusive to execute malicious programs.

MDSec researcher David Middlehurst found that an attacker could execute malicious code on a Windows 10 system by loading wuauclt from any specially dLL using the following command-line options, according tomedia Bleeping Computer.

wuauclt.exe/UpdateDeploymentProvider (path_to_dll)/RunHandlerComServer.

This technique bypasses Windows User Account Control (UAC) or Windows Defender Application Control (WDAC) and can be used to achieve persistence on systems that are already compromised. It was discovered because he discovered that a hacker had exploited the vulnerability to carry out the attack.