Context researchers demonstrated how hackers can compromise corporate networks by exploiting a weakness in Windows update mechanism.
PCs on a corporate connection update through a separate Windows Update (WSUS) server on the connection.
But insecurely configured implementations of the corporate update server can be exploited in local privilege escalation and connection attacks.
What is WSUS?
Instead, it uses the non-encrypted HTTP.
source: www.techworm.net
