SUS uses windowsupdate.com

From: Glenn Turner (glenn_at_GLENN-TURNER.COM)
Date: 08/17/03

  • Next message: Russ: "Mail from Microsoft regarding Blaster"
    Date:         Sun, 17 Aug 2003 10:24:28 +0200
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    I read that Microsoft killed off windowsupdate.com to foil the worm:

    http://www.neowin.net/comments.php?category=main
    <http://www.neowin.net/comments.php?category=main&id=13426> &id=13426

    As part of its effort to stop the progress of the MSBlast worm,
    Microsoft is killing off the Windowsupdate.com address that the
    self-propagating program was set to attack.

    Because the worm is programmed to attack only that address and not the
    site that it redirects to, the software giant has decided to eliminate
    the Windowsupdate.com address. The move is one of a series of efforts
    that Microsoft has undertaken to try to thwart an attack on its servers
    that was expected to be launched by infected computers starting Friday.
    "One strategy for cushioning the blow was to extinguish the
    Windowsupdate.com" site, said Microsoft spokesman Sean Sundwall. "We
    have no plans to ever restore that to be an active site."

    On Thursday, Microsoft changed the Internet addresses that correspond to
    the Windowsupdate.com entry in the domain name service servers that act
    as the Internet's address book. One source familiar with the change said
    that the new addresses are no longer on the same network as Microsoft's
    other servers, thereby insulating the company's servers from any attack
    aimed at Windowsupdate.com. Sundwall stressed that the Windows Update
    service remains up and running, noting that the service never connected
    to Windowsupdate.com. Access to Windows Update is built into the latest
    versions of Microsoft's Windows client and server operating systems.

    To get the latest patches, consumers can type in
    windowsupdate.microsoft.com or, as Microsoft would prefer, go to the
    main Microsoft.com page, where they can find information on downloading
    patches as well as on setting up a firewall and installing antivirus
    software. The worm is programmed to start attacking Windowsupdate.com at
    12 a.m. Saturday. As a result, Australia was among the first countries
    to be affected, with midnight hitting at 7 a.m. PDT.

    However, SUS appears to rely on a windowsupdate.com address:

    Manual Sync Started- Sunday, August 17, 2003 10:16:57 AM Failed
    Updates Added:
            None
    Updates Removed:
            None
    Reissued Update(s):
            None
    Errors:
            Unable to connect to server
    "http://www.msus.windowsupdate.com/". Verify that your proxy settings
    are configured correctly. (Error 0x80072EE7: The server name could not
    be resolved by DNS.)

    If Microsoft have no plans to restore windowsupdate.com, what are their
    plans for SUS?

    Glenn
    Munich, Germany

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Russ: "Mail from Microsoft regarding Blaster"

    Relevant Pages

    • Nimda Worm Alert - What Ive done so far.
      ... Download/Install URL Scan for www servers. ... A new worm named W32/Nimda-A (known aliases are Nimda, Minda, Concept ... Microsoft IIS 4.0/5.0 File Permission Canonicalization Vulnerability ...
      (Focus-Microsoft)
    • MS tool to disinfect Code Red II
      ... on the list the appropriate solution to a Code Red II infection is ... NOT ELIMINATE THE EFFECT OF OTHER VARIANTS OF THE WORM. ... WORM ON INTERNAL SERVERS THAT ARE PROTECTED FROM THE INTERNET BY A ROUTER ... MICROSOFT RECOMMENDS THAT INFECTED INTERNET-FACING SERVERS ...
      (Incidents)
    • May Windows7 cu?a BillGates bi. virus
      ... Microsoft offers reward to catch worm maker ... heads of those responsible for a vexing computer worm. ... Internet Corporation for Assigned Names and Numbers to track ... "We hope these efforts help to contain the threat posed by Conficker, ...
      (soc.culture.vietnamese)
    • Re: Cant apply KB835732 on various Win2k systems
      ... So these machines have the Sasser worm? ... Microsoft has learned about a worm identified as "W32.Sasser.worm" that is ... Windows XP Professional ... > AnalyzePhaseOne: used 7691 ticks ...
      (microsoft.public.win2000.security)
    • FW: Actions for the Blaster Worm - Special Edition, TechNet Flash
      ... Actions for the Blaster Worm - Special Edition, ... You are receiving this message because you are a Microsoft newsletter ... Presence of the file msblast.exe in the WINDOWS SYSTEM32 directory ... antivirus vendor and scan your machine. ...
      (Focus-Microsoft)