Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does Microsoft ever send out unsigned updates?


  • Please log in to reply
30 replies to this topic

#1 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:27 PM

Posted 12 January 2016 - 10:39 AM

Once in a great while I get supposed updates that are unsigned or exspired.

I have always been leary of that since it could be malware trying to pass itself off as a real microsfoft application.

 

This has happened on many different systems/OS that I have owned over the years.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


BC AdBot (Login to Remove)

 


#2 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 12 January 2016 - 11:02 AM

how are you getting those updates?



#3 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:27 PM

Posted 12 January 2016 - 11:11 AM

Windows updates are thru Windows updater.  Others are thru their respective updater. Most programs have some type of updater.

I am only asking about windows at this point.  I do have 2 HP updates that emsisoft has quarentened for unsigned certificates but that is a different matter.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 12 January 2016 - 11:28 AM

Windows Updates are always signed. Do you have any KB numbers that you can give us?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:27 PM

Posted 12 January 2016 - 11:28 AM

dannyboy950,

 

I'm not sure that I have ever seen a message from Windows Update that says anything like that. Do you mind posting a screenshot? I am also curious what OS and Service Pack that computer is currently running.



#6 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:27 PM

Posted 12 January 2016 - 12:11 PM

Sorry I am not talking about this computer at the moment. All I have on here at the moment are 2 HP updates in quarenteen for unsigned certificates.

Emsisoft has blocked them and put them there as per my settings.

 

My computer is always set to  check for unsigned anythings/lol.  When anything tries to install that is unsigned or the certificate is expired I get an alert.

 

I was just asking in general since I have seen this before on systems all the way back to 95.  Maybe even before. It has been a few years though my memory aint as good as it could be.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 12 January 2016 - 12:23 PM

It's possible for certificates delivered via Windows Updates to expire after installation (like, months or years after), but they are usually renewed in a newer update after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:27 PM

Posted 12 January 2016 - 01:00 PM

That is what I always assumed. However some of them were new updates IIRC.  I have meant to ask someone that question for years.

Just finally got around to it.

I guess the 2 recent HP updates brought it to the forefront of my old mind.lol


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#9 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 12 January 2016 - 01:14 PM

Once in a great while I get supposed updates that are unsigned or exspired.

I have always been leary of that since it could be malware trying to pass itself off as a real microsfoft application.

 

This has happened on many different systems/OS that I have owned over the years.

Windows updates are delivered through the update mechanism that's built in to the operating system itself.  Since that is how Windows update works, how then can you possibly be getting "unsigned updates"?  Could you post some screenshots or something concrete that we can work with?

 



#10 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:27 PM

Posted 12 January 2016 - 01:20 PM

I suspect that as Aura suggested, there have been occasions when you installed updates on a computer where the software signing certificate had expired and the computer had not received the updated software signing certificate before you installed Windows Updates on the computer.



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:27 AM

Posted 12 January 2016 - 01:21 PM

The fact that Emsisoft quarantines something for having unsigned certificates sounded new to me. Are you sure it's not 1) malware, or 2) PUP-bundled installer?

Edited by Sintharius, 12 January 2016 - 01:22 PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 12 January 2016 - 01:27 PM

About Windows Updates: Superseding Update, Expired Updates

An update rerelease is a replacement for an update that has expired....An expired update is an update that has been invalidated by Microsoft. An expired update can also be an update that has been superseded by the release of another update (new or revised) that fixes or enhances functionality or applicability offered by the expiring update. In this case, the superseding update should be approved in place of the expired update. An update that is expired can no longer be approved for detection or installation.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:27 PM

Posted 12 January 2016 - 01:57 PM

Thank you all for your input.

If I had not recently reinstalled Vista on that machine I would of had 12 samples for yall to look at. However that is long gone.

 

The updates for HP in question were part of an update to their own update program.  Exactly why they were flagged, all I can go by is what I read in the details tab of the warning. Some msi/installer/exe it said it had a unsigned certificate.  Which is probably why the update will not complete and every couple of days HP reminds me to update the program.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 12 January 2016 - 01:58 PM

It's possible that you downloaded old HP drivers and their certificates expired.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:27 PM

Posted 12 January 2016 - 02:12 PM

That is a good possibility.  If they were bundled in with newer version of the Hp updater service. That was the only one I installed.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users