id: windows-update-service-disabled

info:
  name: Windows Update Service Disabled
  author: princechaddha
  severity: high
  description: Checks if the Windows Update service is disabled.
  impact: |
    Disabling Windows Update prevents the system from receiving important security patches, leaving it vulnerable.
  remediation: |
    Ensure that the Windows Update service is enabled and configured properly.
  tags: windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      (Get-Service -Name wuauserv).Status

    matchers:
      - type: word
        words:
          - "Stopped"
# digest: 4b0a0048304602210085d5d3a48b8d5b35d25ccd267aae53d1cc98c7b6517c67b6821f25964cadf6c9022100dcfd90ea896b51a5abfa1f4a7c67fbc796059c2f0862ae5f43944bc1a90a68f6:922c64590222798bb761d5b6d8e72950