Re: WU and security?

From: Scott (scott_at_ehrlichtronics.com)
Date: 09/22/04


Date: Wed, 22 Sep 2004 08:25:23 -0700

Sorry for top-posting... Is there a URL or document by
Microsoft that explains this definitively?

Thanks.

Scott

>-----Original Message-----
>Hi Scott,
>
>
>
>Servers use httpS. This means that client will check if
server has Microsoft
>certificate and if this certificate is valid (e.g. issued
by trusted source,
>has not been revoked and has not expired...).
>
>
>
>*******************************************************
>
>TCP 10.8.64.79:3190 207.46.157.93:80
ESTABLISHED
>
>TCP 10.8.64.79:3192 207.46.157.93:443
ESTABLISHED
>
>*******************************************************
>
>
>
>Next thing, all patches and service packs are digitally
signed by Microsoft.
>If I was to take a patch and modify one bit in it, digital
certificate would
>be invalid and patch would fail to install...
>
>
>
>http://freeweb.siol.net/mpihler/signok.jpg
>
>
>
>I hope this helps,
>
>
>
>Mike
>
>
>"scott" <scott@ehrlichtronics.com> wrote in message
>news:490701c4a0ab$04a4d6a0$a301280a@phx.gbl...
>> What technology is behind the WU client/server model, and
>> what is to prevent a rogue WU server from sending
>> malicious updates to client machines or local department
>> WU servers?
>>
>> Thanks.
>>
>> Scott
>
>
>.
>