Full Disclosure mailing list archives

Re: Windows Update: A single point of failure for the world's economy?

From: William Warren <hescominsoon () adelphia net>
Date: Tue, 19 Aug 2003 14:02:13 -0400

considering MS's record on issuing patches that cause moreproblems..this is indeed a worrisome trend..it also give MS carte'Blanche to keep creating such buggy code to begin with.


Richard M. Smith wrote:

Hi,

The Washington Post has an article in today's paper saying that
Microsoft is mulling over making the Auto-Update feature of Windows XP
be turned on by default.  The article can be found here:

Microsoft Weighs Automatic Security Updates as a Defaulthttp://www.washingtonpost.com/ac2/wp-dyn/A11579-2003Aug18


This move by Microsoft sounds pretty scary to me.  I am willing to bet
that if Microsoft proceeds with these plans, the Windows Update Web site
could easily distribute and install new software on hundreds of millions

of Windows computers in a day or two.

The risk here is that the system could be exploited by a disgruntled
Microsoft employee and become the ultimate malware distribution system.
It seems to me that the Microsoft is in the process of creating a single
point of failure for the world's economy.

I am wondering what sort of security and accounting systems that
Microsoft has in place to prevent an insider attack on the Windows
Update Web site?

As one data point, yesterday I updated my wife's Windows Me laptop at
the Windows Update site to repair the DCOM security hole.  One of the 20
patch files I downloaded was something for DirectX.  This patch file
caused the laptop to blue screen of death in some VxD near the end of
the Windows boot process.  Luckily for me, the system seem to repair
itself after the 4th reboot.  I really didn't relish the idea of
explaining to my wife how I broke her laptop.

Richard M. Smith
http://www.ComputerBytesMan.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--
May God Bless you and everything you touch.

My "foundation" verse:

Isaiah 54:17 No weapon that is formed against thee shall prosper; andevery tongue that shall rise against thee in judgment thou shaltcondemn. This is the heritage of the servants of the LORD, and theirrighteousness is of me, saith the LORD.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Windows Update: A single point of failure for the world's economy? Richard M. Smith (Aug 19)
- Re: Windows Update: A single point of failure for the world's economy? Jeremiah Cornelius (Aug 19)
- Re: Windows Update: A single point of failure for the world's economy? William Warren (Aug 19)
- Re: Windows Update: A single point of failure for the world's economy? Michael Gale (Aug 19)