Skip to content

PyWSUS is broken on recent Windows 10/11 and Windows Server 2016/2019/2022 #17

New issue
New issue
Open
Open
PyWSUS is broken on recent Windows 10/11 and Windows Server 2016/2019/2022#17
@archidote

Description

@archidote
archidote
opened on Oct 3, 2025

Hi, for about a year I haven't been able to get PyWSUS to work.
Tested across multiple targets (Windows 10 (> 23H2), Windows 11, Server 2019, Server 2022) with the same result: the client syncs, but the provided executable/command is never run and the update is never applied.

Command used

pywsus.py --host "192.168.140.1" --port 8530 \
  --executable /opt/resources/windows/SysinternalsSuite/PsExec64.exe \
  --command  '/accepteula /s cmd.exe /c "echo wsus.poc > C:\poc.txt"'

Actual behaviour

  • Client performs SOAP sync (HTTP 200) but does not execute the payload.

  • No C:\poc.txt created on targets.

  • On the Windows Update UI the install attempt shows error 0x80240013

`INFO:root:The update metadata - uuids: [UUID('3a8e3507-4f11-4750-9557-4270fbff22ca'), UUID('4289eeeb-1308-44b9-9bad-3d3e4c138741')],revision_ids: [965752, 983499], deployment_ids: [84285, 87395], executable: PsExec64.exe, sha1: AJjHnhQEtDmb8OaG2I2/BSJpowI=, sha256: 7frhppUi+HsSxtrDIl2TDkhIgy48VR7h59MXNr9FJe8=
INFO:root:Starting httpd...

192.168.140.20 - - [03/Oct/2025 08:04:29] "POST /ClientWebService/client.asmx HTTP/1.1" 200 -
INFO:root:SOAP Action: "http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"
192.168.140.20 - - [03/Oct/2025 08:04:41] "POST /ClientWebService/client.asmx HTTP/1.1" 200 -
INFO:root:SOAP Action: "http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"

Environment

  • pywsus: latest from repo (cloned recently)

  • Recent updated Targets: Windows 10, Windows 11, Server 2019, Server 2022

  • Payload executable: Sysinternals PsExec64.exe

  • Network: no firewall blocking between pywsus server and targets (SOAP requests reach clients)

It looks like this repository hasn’t had any commits for ~3 years, so I’m wondering if the tool is no longer maintained or compatible with newer Windows builds.
I also tried to patch/debug the code myself, but despite several different attempts I couldn’t get it to work.
If anyone is willing to try patching this, feel free to reach out, I can help on the testing/exploitation side.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions