PXE Network using outdated Windows 10 images. How dangerous is it ?

Discussion in 'Windows Server' started by itsmemario1, Oct 17, 2020.

  1. itsmemario1

    itsmemario1 MDL Addicted

    Sep 10, 2012
    539
    87
    30
    #1 itsmemario1, Oct 17, 2020
    Last edited: Oct 18, 2020
    With the following setup, if the Windows 10 Client image (provided via PXE everytime the clients start) is completely outdated (Build 16299), no antivirus software beeing used and all clients having full internet access, using an outdated firefox...

    Just in general, how much of a threat could the outdated client computers become for
    a.) the Server (either Hypervisor, or para Virtualization, or OS Level Virtualization)
    b.) the whole network and its data
    if the clients have full internet access with an outdated browser ?

    Or in other words:
    How important are Windows Updates in such an PXE environment ? And what could be the worst case scenario in such an environment, if ignoring windows updates completely ?

    I read about Rembo / mySHN aka. BpBatch.
    I read about "attacking Windows PXE environments".
    (like, setting up your own server to infect the clients with your image, or intercept the image from the original server)
    I read stories about "Windows Update messing with TFTP".


    Im aware how careless this might sound in the 1st place, but before I create a test scenario like this, playing around with various 0 Day exploits'n stuff, I prefer a discussion about it, here at MDL. :)





    !mapxyz.jpg
     
  2. itsmemario1

    itsmemario1 MDL Addicted

    Sep 10, 2012
    539
    87
    30
    #2 itsmemario1, Oct 18, 2020
    Last edited: Oct 18, 2020
    (OP)
    Ok, as far as I understand, after the outdated Windows 10 images have been applied to the clients, these act just like...an outdated client would act in todays internet.

    But what kind of dangers exist, for the Server OS inside of a Hypervisor within the same network ?

    Im aware all clients will be "clean" (but still outdated) after a reset.

    And Im aware there is much more info needed, for example on network hardware.
    Like if there are VLANs and Layer 3 Switches, subnets, antivir software etc.
     
  3. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,133
    1,914
    210
    And how many vulnerabilities these clients could possibly have?
    5/10/20/100?

    Who knows, there is Patch Tuesday every month, and things get patched for a reason.

    So it is suicidal to run such setup in live network. While the client (even if compromised) will revert to clean state after next boot (providing nothing nasty will attack ie EFI of local hardware), the Server(s) might not be that "lucky", not to mention the data