Malware threat to MS updates

Started by Rik, May 16, 2007, 09:37:33

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Rik

The BBC is reporting that malware can hijack MS updates:

"Virus writers may be able to smuggle malicious files onto a computer using Microsoft's security patch updates, experts say.

At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.

The method bypasses users' firewall, allowing files to download undetected.

Microsoft said it was aware of reports of the attack."

That should be an interesting update for MS to put out... :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

#1
I read this yesterday. The specific problem relates to a vulnerability in the BITS service.

To solve, I disabled (ie - changed from manual startup to disabled in the services manager) the BITS service, and replaced the Startmenu "Microsoft Update" link with a link to this script:

SC config "BITS" start= demand
Net Start "BITS"
"C:\Program Files\Internet Explorer\iexplore.exe" http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en
Net Stop "BITS"
SC config "BITS" start= disabled

Simply copy and paste it into notepad, save it somewhere convenient (such as Program Files\Microsoft Update\) as Update.bat and call that from the shortcut.

It will enable BITS, go to MSUpdate, do the update, then disable BITS again (you need BITS to use MS Update). NB. The line starting "C:\" and the line starting http should all be one line.

Edit

If you need to restart after an update, choose no to restart automatcally, and let the script finish, then restart manually, otherwise BITS will remain enabled after the update.
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Rik

Thanks for that D-Dan, very helpful.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.