NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0297 Researcher Confirms Stealth Windows Update:
Researchers say that Microsoft is updating files on computers running Windows XP and VISTA - even when the automatic update feature has been disabled. ZDNet's Adrian Kingsley-Hughes confirmed the stealth Windows Update by looking at systems used for testing, which are set not to update automatically. He observed that the updating of files depends on the operating system used. The update affected 9 files each on systems running Vista and Windows XP. Kingsley-Hughes used Event Viewer to confirm reports that the update was pushed out on 24 August, posting screen captures showing the initiation and completion of the update, and one of the updated files.
(blogs.zdnet.com 13SEP07)
Microsoft is assuring users that concerns over unauthorized updates to Windows XP and Windows VISTA are unwarranted, saying that silent modifications to the Windows Update (WU) software have been a longtime practice and are needed to keep users patched. "Windows UPdate is a service that primarily delivers updates to Windows," said Nate Clinton, program manager in the WU group on the team's blog today. "To ensure ongoing service reliability and operation, we must also update and enhance the Windows Update service itself, including its client-side software." Microsoft was moved to respond after the popular "Windows Secrets" newsletter looked into complaints that WU had modified numerous files in both XP and VISTA, even though users had set the operating system to not install updates without their permission. In many cases, users who dug into Windows' event logs found that the updates had been done in the middle of the night.
Andrew Storms, director of security operations at nCircle Network Security Inc., a security and compliance vendor assessed that Microsoft has not completely addressed the question of how, in corporations where system integrity is not only demanded, but often crucial, is Microsoft handling these kinds of updates to the WU client files on machines patched through Windows Server Update Services (WSUS), the server-side update manager? "This could be a very big deal to enterprises," said Storms, depending on exactly what happens in a WSUS environment. "You just don't want unknown files installed or changed."
(ComputerWorld 13SEP07)
Last Modified: Saturday, 22-Sep-2007 11:46:17 EDT