Reading Time: < 1 minute

to check if a Win domain is a possible candidate to a MITM WSUS attack check

reg query HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate /v WUServer (requires a MITM attack for ex. with bettercap) (all in one tool, with changing local proxy settings )

Update : CVE-2020-1013 if patched, Windows update will use the SYSTEM proxy settings and not the User proxy.

If regkey HKLM\Software\Policies\Microsoft\WindowsUpdate\SetProxybehaviorForUpdateDetection is set to reg_dword : 1

Then only if system proxy doesn’t work, then user proxy will be used.

References :