Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows SUS Question

From: "paralleluniverse" <paralleluniverse () ev1 net>
Date: Thu, 15 Apr 2004 19:30:21 -0700
Security of Auto Updates:

Re: Windows Update:
Are the auto-update procedures particularly susceptible to mischief?
If the Reg values for WUServer was, in fact,
"WUServer"=http://hackyourupdate.com/
"WUStatusServer"=http://hackyourupdate.com/
What if the DCOM vulnerability had been used to drop these reg keys instead
of dropping a worm.
What, do you think, are the protections within the client to determine a
clever substitute and prevent? Ditto for all Auto Updates.
Thanks,
Ron Cohen
FUNEN



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: