RE: Windows SUS Question

From: Alex Lomas (alex_at_alexlomas.com)
Date: 04/16/04

  • Next message: Michael Cecil: "Re: restore Administrator password" 
    To: "'paralleluniverse'" <paralleluniverse@ev1.net>, <security-basics@securityfocus.com>
Date: Fri, 16 Apr 2004 22:27:30 +0100

    AU checks for Microsoft's certificate - if it doesn't match then AU deletes
    the downloaded update.

    -----Original Message-----
    From: paralleluniverse [mailto:paralleluniverse@ev1.net]
    Sent: 16 April 2004 03:30
    To: security-basics@securityfocus.com
    Subject: Re: Windows SUS Question

    Security of Auto Updates:

    Re: Windows Update:
    Are the auto-update procedures particularly susceptible to mischief?
    If the Reg values for WUServer was, in fact,
    "WUServer"=http://hackyourupdate.com/
    "WUStatusServer"=http://hackyourupdate.com/
    What if the DCOM vulnerability had been used to drop these reg keys instead
    of dropping a worm.
    What, do you think, are the protections within the client to determine a
    clever substitute and prevent? Ditto for all Auto Updates.
    Thanks,
    Ron Cohen
    FUNEN

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Michael Cecil: "Re: restore Administrator password"

    Relevant Pages

    • Re: Windows SUS Question
      ... Security of Auto Updates: ... What if the DCOM vulnerability had been used to drop these reg keys instead ... Ditto for all Auto Updates. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • greyed out security
      ... On a Dell OptiPlex running Winxp Pro, when I go to the security center ... to instigate auto updates, I find that both auto updates and the ...
      (microsoft.public.windowsxp.security_admin)
    • Re: SP-2 and much slower reboot time
      ... I wonder if its the security centre scanning ... >have a third party firewall and AV. ... And I dont want auto updates on. ... Same here with Security service and Firewall service *disabled* (and no auto ...
      (microsoft.public.windowsxp.general)
    • automatic updates appear to be off in security center
      ... I get a warning that auto updates is off. ... the security center, but it's on in the system properties window. ...
      (microsoft.public.windowsxp.general)
    • Quantcast