Malware threat to MS updates

[Rik]

The BBC is reporting that malware can hijack MS updates:

"Virus writers may be able to smuggle malicious files onto a computer using Microsoft's security patch updates, experts say.

At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.

The method bypasses users' firewall, allowing files to download undetected.

Microsoft said it was aware of reports of the attack."

That should be an interesting update for MS to put out...

[D-Dan]

I read this yesterday. The specific problem relates to a vulnerability in the BITS service.

To solve, I disabled (ie - changed from manual startup to disabled in the services manager) the BITS service, and replaced the Startmenu "Microsoft Update" link with a link to this script:

SC config "BITS" start= demand
Net Start "BITS"
"C:\Program Files\Internet Explorer\iexplore.exe" http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en
Net Stop "BITS"
SC config "BITS" start= disabled

Simply copy and paste it into notepad, save it somewhere convenient (such as Program Files\Microsoft Update\) as Update.bat and call that from the shortcut.

It will enable BITS, go to MSUpdate, do the update, then disable BITS again (you need BITS to use MS Update). NB. The line starting "C:\" and the line starting http should all be one line.

Edit

If you need to restart after an update, choose no to restart automatcally, and let the script finish, then restart manually, otherwise BITS will remain enabled after the update.

[Rik]

Thanks for that D-Dan, very helpful.