Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Secunia PSI - Microsoft Update is not installed


  • Please log in to reply
1 reply to this topic

#1 deskjockey

deskjockey

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 21 October 2015 - 09:15 AM

"Microsoft Update is not installed

 

Some missing updates cannot be detected without Microsoft Update

Please click the button below to open the Microsoft Update site and follow the instructions to install Microsoft Update

 

Install Microsoft Update"

 

When I click the Install Microsoft Update button IE opens to update.microsoft.com or www.update.microsoft.com where I am prompted to install an update script/app for Windows Vista (i am running Windows 8.1)

 

When I tested the ssl server - https://www.ssllabs.com/ssltest/analyze.html?d=update.microsoft.com it comes back as being untrusted.  I noticed when I tested the MS update site yesterday, I was seeing ssllabs as being secure with EV credentials, today it is encrypted however I no longer get the EV credentials.

 

windowsupdate.microsoft.com is redirected to www.update.microsoft.com

 

The certificate chain states:

 

Certification Paths Path #1: Not trusted (path does not chain to a trusted anchor) 1 Sent by server www.update.microsoft.com
Fingerprint: c97d338d0ff447dc22401b860ec24232ed46844c
RSA 2048 bits (e 65537) / SHA1withRSA
WEAK SIGNATURE 2 Sent by server Microsoft Update Secure Server CA 1
Fingerprint: 9132916faf3de14c3619cfe4da6e94bca197d9e8
RSA 4096 bits (e 65537) / SHA1withRSA
WEAK SIGNATURE 3 Extra download
  Not in trust store Microsoft Root Certificate Authority   Self-signed
Fingerprint: cdd4eeae6000ac7f40c3802c171e30148030c072
RSA 4096 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

 

I take to mean that fraudulent certificates have been added to my PC and perhaps legitimate certs have been removed.

 

Any thoughts or ideas here? Im not sure what to do.



BC AdBot (Login to Remove)

 


#2 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:09:42 AM

Posted 24 October 2015 - 07:54 PM

I came across this not long ago myself. Luckyly I did not click on anything, but even then Superantispyware blocked and removed 15 spywares installed the few minutes I was looking at the site.  This was a redirect to a page pretending to be secunia.  Run every thing you have or can get your hands on.  You have probably picked up something you really don't want.

 

Seeing your post reminds me that this happened to me not long before my system became so corrupted that windows update quit working. Took 2 days and several different people and a whole slew of tools to correct.

 

May not happen to you but I would get ready.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users