Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nerves rattled by highly suspicious Windows Update delivered worldwide [Updated]


  • Please log in to reply
14 replies to this topic

#1 mainer21

mainer21

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:03:24 AM

Posted 30 September 2015 - 05:11 PM

Microsoft said a highly suspicious Windows update that was delivered to customers around the world was the result of a test that wasn't correctly implemented.

"We incorrectly published a test update and are in the process of removing it," a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.

The explanation came more than 12 hours after people around the world began receiving the software bulletin through the official Windows Update, raising widespread speculation that Microsoft's automatic patching mechanism was broken or, worse, had been compromised to attack end users. Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out. What follows is the remainder of this post as it appeared before the company issued its explanation.

http://arstechnica.com/security/2015/09/nerves-rattled-by-highly-suspicious-windows-update-delivered-worldwide/



BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:06:24 AM

Posted 30 September 2015 - 06:22 PM

 

 Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out.

 

Ya figure?

 

Here's a totally fictitious statement from the same company:

 

We got hacked, and after working frantically all day, we think we are on top of it.

 

I really find it odd, for example, how deafening the silence is from the major banks that they have ever had any net related security breaches. Millions of dollars have been stolen. They will, of course, never admit such a thing. It would be too damaging to their claims of security.

 

Would Microsoft admit there was a vulnerability in their update service that was exploited? Would they even state unequivocally that the P2P implementation was flawless security wise?

 

Do you work for Microsoft or a company that does work for Microsoft?


When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:24 PM

Posted 01 October 2015 - 01:09 AM

 

Would Microsoft admit there was a vulnerability in their update service that was exploited?

I doubt it. Simply because  it shows that their system can be breached, and would encourage others to try.

 

There are a few options.

 

This was a breach of server security.

a, Microsoft caught it fast. And patched the exploit.

b. Some fool at MS hit the publish button by mistake on a test of some sort. I wouldn't like to be in his/her shoes about now.

c. The bad guys have a back door to the update servers and were just testing to see how quickly MS reacts and its not patched.

d. A Snowden like character published a warning about some 3 letter agency trying to take over Windows.

 

 

This is getting interesting.

 

 

PS.

All jokes aside thanks to all the 3 letter agencies for trying to keep us safe from the bad guys. While they may  royally mess up now and then we never hear of the successes they have.  I truly believe that most of the people who work at places like the CIA NSA MI6 ASIO have our best interest at heart, in regards to our safety and security, the actual implementation, I will not comment.  


Edited by NickAu, 01 October 2015 - 01:19 AM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 AM

Posted 01 October 2015 - 04:48 AM

Susan Bradley MVP, MS Answers Community Forum

September 30, 2015

Microsoft updates have specific signed certificates provided only by Microsoft. What happened here was human oops.

Don't panic: Microsoft mistakenly posted a 'test' Windows update patch

"A Microsoft spokesperson confirmed Wednesday that it had "incorrectly published a test update" and is in the process of removing it."


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 01 October 2015 - 07:04 AM

Microsoft updates have specific signed certificates provided only by Microsoft. What happened here was human oops.


This. Once you know the mechanism via the Windows Update system, you realize how hard it would be to actually compromise it and push malicious updates via it. Physical interaction would be needed at least. Susan Bradley explains it in her posts in the thread quietman linked.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 mremski

mremski

  • Members
  • 495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:07:24 AM

Posted 01 October 2015 - 08:02 AM

So it may be advisable to reconfigure update settings to not install until this gets sorted out?


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 01 October 2015 - 08:06 AM

It has been sorted out already. Microsoft pulled the bad update and it shouldn't appear in your list anymore.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 AM

Posted 01 October 2015 - 08:22 AM

Regardless...I have always recommended configuring Windows Update to notify but not to automatically download anything.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 AM

Posted 03 October 2015 - 03:23 PM

This weird update, did it get INSTALLED, despite the user's choice of settings, on computers where users had updates set to "check automatically but ask me whether I want to download", or did it only get downloaded by users whose updates were set to be automatic? (Quietman7: This is the update setting you advise in post #8, it's also the update setting I've been using for years though I have windows 8.1 not 7). I assume however that it has been OFFERED to windows 7 users whichever update setting they use?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 AM

Posted 03 October 2015 - 03:31 PM

I have never changed my settings and the update was never offered to me.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 03 October 2015 - 03:43 PM

rp, the update never got installed. It always failed to install with the same error code. There's only one user who reported that the update installed and it "messed up all his system and his gear", but he didn't provide any proofs of that.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:24 AM

Posted 04 October 2015 - 06:43 AM

Did anyone mention the KB number or when it attempted to load?  I shown 6 different updates all on 9-04-2015.

Just curieous.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 04 October 2015 - 08:39 AM

There was no KB number for it. Also, this happened this week, so your updates are way before that.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:24 AM

Posted 04 October 2015 - 08:59 AM

Thank you.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 04 October 2015 - 09:13 AM

No problem, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users