How the MS Critical Update Notification works...

[hdmoore () USA NET (HD Moore)]

Here is an overview of how Windows 98 determines if an update is available
via the Critical Update Notification utility.  All of the information here
was obtained through packet dumps, so if anyone from M$ would like to
correct this, feel free to do so.


Step A
----------

Windows 98 will try to resolve the address 'windowsupdate.microsoft.com'
after you either open an IE4 window, or about every 5 minutes.  If it can
resolve that address you proceed to step B, otherwise it waits and tries
again in a few minutes.

Step B
----------

The update program will connect to 'windowsupdate.microsoft.com' on port 80
and attempts to retrieve a CAB file called cucif.cab.  If this file is
retrieved successfully, you go on to step C, otherwise it waits and tries
again.

( the full GET request sent )

-- snip --
GET /x86/W98/en/ie4/cucif.cab HTTP/1.1
Accept: application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
Host: windowsupdate.microsoft.com
Connection: Keep-Alive
Cookie: MC1=ID=f738117cd92911d2933f0f08d79a2879
-- unsnip --


Step C
----------

Inside the cab is a file called 'cucif.cif', this file has a list of all
critical updates for Windows 98.  The update program checks this list
against its list of installed updates and if a new one is found it will
present the user with a dialog.  If the user chooses to accept the update,
they are sent to the windowsupdate site via IE4.

(a cut from 'cucif.cif')

-- snip --
[oepatch]
DisplayName=%oepatch%
Version=4,72,3135,0
Locale=%L_oepatch%
_CriticalUpdateDependencies=mailnews
GUID={AC84C7C0-21A1-11d2-AF1D-00C04FA35D02}
Reboot=1
URL1="OEPATSP1.EXE",2
Size1=1097,1110
Command1="oepatsp1.exe"
Type1=1
Switches1="/Q:A /R:N"
Size=1103,24
-- unsnip --


Anyways, I hope someone found this useful.


HD Moore
http://nlog.ings.com
http://www.trinux.org