Re: How the MS Critical Update Notification works...

[paulle () MICROSOFT COM (Paul Leach)]

> -----Original Message-----
> From: Brian Hayward [mailto:hayward () SLOTHMUD ORG]
> Sent: Thursday, January 28, 1999 9:00 AM
> To: BUGTRAQ () NETSPACE ORG
> Subject: Re: How the MS Critical Update Notification works...
>
>
> So the weakest link here is the nameserver.  If someone is able to
> compromise your nameserver.
>
> I wonder what type of validation is done within the update utility.
> Does it check to see if the resolved address is indeed a
> valid microsoft
> IP address, or are there any other security checks that prevent
> installation of updates from a non-microsoft site?

After a quick check with the IE folks, this is what I learned.

The short answer is that the files are signed. If done correctly, that means
that the worst that can happen is that the nameserver spoofer can return an
old cucif.cab file, or an old version of an update if the update's name had
ever been used before.

Of course, as everyone knows, just saying "it's signed" isn't enough; other
care needs to be taken. However, even this tidbit of information should be
sufficient to deflect the discussion in a more fruitful direction.

Paul