Re: ?Expired Security Certif for MS Update

Steven and Wesley,

Thank you both for your courteous and helpful replies. Unfortunately,
Steven, I couldn't get the MBSA to run -- it seemed to download okay, but it
just stalls out. And, for that matter, the link you provided went to an
error page that said, "this page is temporarily unavailable." (I found the
download elsewhere by searching the site, so you definitely got me pointed in
the right direction.) Both these behaviors -- the error page maneuver, and
the stalling out when an app like this runs -- are typicial of this security
issue I have experienced.

All of which makes me very, very uncomfortable with the idea of having any
faith in the downloads I have, that used the expired certificate to get the
gateway ActiveX.

Another thing that makes me uneasy is that even after I removed the
downloaded ActiveX in question, and uninstalled a few critical updates, I was
not prompted to download the ActiveX again.

At the risk of sounding like an alien abductee, this security invasion
system is so subtle -- and so sophisticated -- that it must be running on a
lot more machines than just mine.

As always, I appreciate your courteous and thoughtful replies.

Sue

"Steven L Umbach" wrote:

Certificates/PKI is a somewhat complex topic. If the certificate is from
Microsoft and signed by a CA that your computer trusts I would not worry
about it as long as it has not been revoked. You can view the certificate
certification path to see if it was issued to Microsoft or not and by what
CA. You can go to Internet Explorer/tools/internet options/content -
certificates to view the Trusted Root CAs.

Offhand I don't recall every seeing that message myself on a new install
that has SP2 installed also but I use authentic full retail version of XP
Pro. If you are concerned about your security updates not being installed
you can use Microsoft Baseline Security Analyzer to see if it shows your
computer is current with critical security updates or not. You can find it
for free at the link below. Belarc Advisor is also a free program that will
display updates installed on your computer and let you know if they are
installed correctly if you look under installed hotfixes. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.belarc.com/free_download.html --- Belarc Advisor.


"SueInCincy" <SueInCincy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0FB0E019-9224-4ECE-8986-6FD2F7C5AADD@xxxxxxxxxxxxxxxx
Maybe I don't understand security certificates. In this particular case,
it's the security certificate for the "front door" of Microsoft's update
system. I have had several senior-level Microsoft Research Techs say I
should not be encountering this kind of expired certificate -- yet now,
when
they have not been able to stop that from happening, they say go ahead and
use the expired certificate.

What I know from previous experience is that if I do so, it opens the door
to all kinds of new security problems. What I see in log files, for
example,
strongly suggests that the updates are not really being installed -- that
bogus ones are being retrieved.

What is especially troubling about this is that the last Microsoft tech I
spoke with promised to send a written clarification of why I should use an
expired security certif, within 15 minutes, and here it is four days later
and it hasn't arrived. I don't think anyone at Microsoft is willing to
put
that in writing.

Hmmm....

"Steven L Umbach" wrote:

I would not worry about an expired certificate. If the certificate was
from
an untrusted Certificate Authority or revoked then you certainly should
not
proceed. It is not uncommon to come across expired certificates. A
certificate that has expired still works in that it in this case it
verifies
that the file is from a trusted publisher. --- Steve


"SueInCincy" <SueInCincy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B55A21C9-7112-40E0-AD6E-3922E26A9A1B@xxxxxxxxxxxxxxxx
I have had a profound security problem, and I get conflicting
information
from Microsoft technicians. Two of them, 2nd level Research department,
say I
should not download an ActiveX control that has an expired security
certificate. Today's tech insists there's nothing wrong with doing
that.

Here is what has happened to me repeatedly, on at least four different
machines:

With a freshly reformatted hard drive, and the protection of a router
firewall and Service Pack 2, I go straight to the Microsoft Update
site.
The
first thing that happens is a warning for the ActiveX control required
to
get
updates, and the security certificate has an expiry date (consistently)
of
October 15, 2005. When I have, in the past, downloaded the thing, it
popped
up on the Anti-Spyware Beta as unrecognized by Microsoft.

What appears to happen, if you look at the install logs for critical
updates, is that many of them appear to be being retrieved from the
pagefile.sys location. There are lots of other troublesome lines of
code
in
those logs, although I don't pretend to be a developer -- or even
knowledgeable about the mysteries of Microsoft.

Today's Microsoft technician--he the one who insisted we use the
ActiveX
control with the expired security certificate-- said, when confronted
with
these troubling lines of code, "These are not for you or I to know," as
if
that somehow clears up the issue.

All I know is that if I "just use the machine," I get all kinds of
security
problems, including, eventually, a QuickBooks program that will not
work
because of a "virus." That, despite clean scans from the fully updated
Norton
(or Kaspersky or McAfee, it doesn't matter) I have on the machine, and
clean
online scans from the vendors.

I have looked at other machines log files that have these updates
installed
legitimately, and they all show the update files being retrieved from a
temp
file or even a web address -- never a pagefile.sys.

I appreciate all the folks that answer these posts, even the ones who
aren't
always terribly courteous. I especially appreciate the courteous ones.

Best regards, S






.

Relevant Pages

  • Re: ?Expired Security Certif for MS Update
    ... MBSA should run fine on a new install. ... faith in the downloads I have, that used the expired certificate to get ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)
  • Re: DO NOT DOWNLOAD SERVICE PACK 2
    ... If the Security Center does not monitor your anti virus, ... A Microsoft representative told me this so ... Download updates yourself ...
    (microsoft.public.windowsupdate)
  • Re: 810030 Microsoft VM Security Update
    ... 810030 Microsoft VM Security Update ... >>>I wish to be able to download the update and archive it. ... >>machine which the update cannot patch. ...
    (microsoft.public.security)
  • Re: Latest Microsoft security updates caused network problems.
    ... automated update service downloaded what appeared to be the usual suspects: some security patches and the latest malicious software removal tool. ... the system can't download any possible updates or fixes Microsoft might release for this, nor can I access any online tech support for trying to troubleshoot the problem. ... I guess one possibility would be to try to revert to the state prior to the patches--I assume the state is bookmarked automatically by the Microsoft Update feature? ...
    (microsoft.public.windowsxp.general)
  • re: 810030 Microsoft VM Security Update
    ... 810030 Microsoft VM Security Update ... >>> Before I can apply the 810030 patch I must first update ... >>> tried the Microsoft Download Centre and drew a blank. ...
    (microsoft.public.security)