Full Disclosure mailing list archives

Re: Recent claims that windows update is broken

From: Georgi Guninski <guninski () guninski com>
Date: Sat, 10 Sep 2011 10:05:37 +0300

On Fri, Sep 09, 2011 at 03:09:25PM -0700, Dan Kaminsky wrote:

On Thu, Sep 8, 2011 at 2:55 AM, Georgi Guninski <guninski () guninski com>wrote:

http://www.theregister.co.uk/2011/09/07/diginotar_hacker_proof/
"I'm able to issue windows update," he [Comodohacker] wrote. "Microsoft's
statement about Windows Update and that I can't issue such update is totally
false!"

The original Comodohacker statement is at: http://pastebin.com/85WV10EL

Is this true?


For the record, no.  Windows Update doesn't just depend on WinVerifyTrust,
it also calls CertVerifyCertificateChainPolicy with
the CERT_CHAIN_POLICY_MICROSOFT_ROOT flag, documented here:

http://msdn.microsoft.com/en-us/library/aa377163(v=vs.85).aspx


By your logic there would be no exploits just because the documentation writes so.

I bothered to ask mainly for these reasons:

1. It is unclear to me what collection of private keys/certs Comodohacker has
2. From thereg article:

Microsoft declined to comment.


-- 
georgi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Recent claims that windows update is broken Georgi Guninski (Sep 08)
- Re: Recent claims that windows update is broken Thor (Hammer of God) (Sep 08)
- Re: Recent claims that windows update is broken Dan Kaminsky (Sep 09)
  - Re: Recent claims that windows update is broken Thor (Hammer of God) (Sep 09)
    - Re: Recent claims that windows update is broken 夜神　岩男 (Sep 09)
  - Re: Recent claims that windows update is broken Georgi Guninski (Sep 10)
    - Re: Recent claims that windows update is broken Dan Kaminsky (Sep 10)