New
#41
KB4023057 does the following:
- it changes settings of intentionally blocked services (trustedinstaller, wuauserv and many more) so they can run again; see contents of the file progfiles\rempl\servicestackhardening.inf
- winupdate then immediately installs KB4023814 which forces upgrade to newer version, see contents of the folder windows\updateassistant.
Pure winupdate malware.
ServiceStackHardening.Inf.txt