SUS uses windowsupdate.com

From: Glenn Turner (glenn_at_GLENN-TURNER.COM)
Date: 08/17/03

  • Next message: Russ: "Mail from Microsoft regarding Blaster"
    Date:         Sun, 17 Aug 2003 10:24:28 +0200
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    I read that Microsoft killed off windowsupdate.com to foil the worm:

    http://www.neowin.net/comments.php?category=main
    <http://www.neowin.net/comments.php?category=main&id=13426> &id=13426

    As part of its effort to stop the progress of the MSBlast worm,
    Microsoft is killing off the Windowsupdate.com address that the
    self-propagating program was set to attack.

    Because the worm is programmed to attack only that address and not the
    site that it redirects to, the software giant has decided to eliminate
    the Windowsupdate.com address. The move is one of a series of efforts
    that Microsoft has undertaken to try to thwart an attack on its servers
    that was expected to be launched by infected computers starting Friday.
    "One strategy for cushioning the blow was to extinguish the
    Windowsupdate.com" site, said Microsoft spokesman Sean Sundwall. "We
    have no plans to ever restore that to be an active site."

    On Thursday, Microsoft changed the Internet addresses that correspond to
    the Windowsupdate.com entry in the domain name service servers that act
    as the Internet's address book. One source familiar with the change said
    that the new addresses are no longer on the same network as Microsoft's
    other servers, thereby insulating the company's servers from any attack
    aimed at Windowsupdate.com. Sundwall stressed that the Windows Update
    service remains up and running, noting that the service never connected
    to Windowsupdate.com. Access to Windows Update is built into the latest
    versions of Microsoft's Windows client and server operating systems.

    To get the latest patches, consumers can type in
    windowsupdate.microsoft.com or, as Microsoft would prefer, go to the
    main Microsoft.com page, where they can find information on downloading
    patches as well as on setting up a firewall and installing antivirus
    software. The worm is programmed to start attacking Windowsupdate.com at
    12 a.m. Saturday. As a result, Australia was among the first countries
    to be affected, with midnight hitting at 7 a.m. PDT.

    However, SUS appears to rely on a windowsupdate.com address:

    Manual Sync Started- Sunday, August 17, 2003 10:16:57 AM Failed
    Updates Added:
            None
    Updates Removed:
            None
    Reissued Update(s):
            None
    Errors:
            Unable to connect to server
    "http://www.msus.windowsupdate.com/". Verify that your proxy settings
    are configured correctly. (Error 0x80072EE7: The server name could not
    be resolved by DNS.)

    If Microsoft have no plans to restore windowsupdate.com, what are their
    plans for SUS?

    Glenn
    Munich, Germany

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Russ: "Mail from Microsoft regarding Blaster"