SUS uses windowsupdate.com
From: Glenn Turner (glenn_at_GLENN-TURNER.COM)
Date: Sun, 17 Aug 2003 10:24:28 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I read that Microsoft killed off windowsupdate.com to foil the worm:
As part of its effort to stop the progress of the MSBlast worm,
Microsoft is killing off the Windowsupdate.com address that the
self-propagating program was set to attack.
Because the worm is programmed to attack only that address and not the
site that it redirects to, the software giant has decided to eliminate
the Windowsupdate.com address. The move is one of a series of efforts
that Microsoft has undertaken to try to thwart an attack on its servers
that was expected to be launched by infected computers starting Friday.
"One strategy for cushioning the blow was to extinguish the
Windowsupdate.com" site, said Microsoft spokesman Sean Sundwall. "We
have no plans to ever restore that to be an active site."
On Thursday, Microsoft changed the Internet addresses that correspond to
the Windowsupdate.com entry in the domain name service servers that act
as the Internet's address book. One source familiar with the change said
that the new addresses are no longer on the same network as Microsoft's
other servers, thereby insulating the company's servers from any attack
aimed at Windowsupdate.com. Sundwall stressed that the Windows Update
service remains up and running, noting that the service never connected
to Windowsupdate.com. Access to Windows Update is built into the latest
versions of Microsoft's Windows client and server operating systems.
To get the latest patches, consumers can type in
windowsupdate.microsoft.com or, as Microsoft would prefer, go to the
main Microsoft.com page, where they can find information on downloading
patches as well as on setting up a firewall and installing antivirus
software. The worm is programmed to start attacking Windowsupdate.com at
12 a.m. Saturday. As a result, Australia was among the first countries
to be affected, with midnight hitting at 7 a.m. PDT.
However, SUS appears to rely on a windowsupdate.com address:
Manual Sync Started- Sunday, August 17, 2003 10:16:57 AM Failed
Unable to connect to server
"http://www.msus.windowsupdate.com/". Verify that your proxy settings
are configured correctly. (Error 0x80072EE7: The server name could not
be resolved by DNS.)
If Microsoft have no plans to restore windowsupdate.com, what are their
plans for SUS?
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to