In recent days some sources information specialist in topics related to computer security have spread important information about Microsoft's updates. We are not referring to the usual monthly feature updates for Microsoft products, now universally known as "patch day", but we make reference to another story that deserves to be cited and thorough. Some users have reported that some of the newsletter Secret Windows operating system files were updated remotely without the prior written permission. We refer of course to the Microsoft Update tool in fact, in this case, the forced upgrade takes other routes. A merit the attention of the following files are Microsoft Windows Vista: wuapi.dll, wuapp.exe, wuauclt.exe, Wuaueng.dll, wucltux.dll, wudriver.dll, wups.dll, wups2.dll and wuwebv.dll. But Windows XP is not immune to this particular update mode, it was discovered that the files cdm.dll, wuapi.dll, wuauclt.exe, wuaucpl.cpl, Wuaueng.dll, wucltui.dll, wups.dll, wups2.dll and Wuweb.dll have changed. According to various sources on the network will also update these files on systems with the option of Windows Automatic Update was disabled. Microsoft Watch devoted a large study on the matter and also analyzes the documentation that comes with various operating systems on privacy and security issues. Joe Wilcox points out that the Windows Update tool is extremely clear in their settings: fully automatic when applying the patch, disabled or with two different degrees of intervention that require explicit confirmation from the user. In no case, therefore, there is a forced and arbitrary system upgrade. It thus appears that Microsoft may have an alternative way to intervene remotely on machines running Microsoft Windows XP or Vista, an alternative method that dishonestly canons tools Windows Update and, above all, that does not require permission. These reports have raised some criticism from security experts: none at the moment believes that these updates are of a malicious, but to fuel the debate seems to be the silent mode by which these changes have been applied. A number of statements common to the behavior of Microsoft tools in this particular circumstance to that of a worm. In the home of a simple upgrade that requires the least intervention possible for inexperienced users can be considered the main goal, but in reality business, where there are security issues and specific policies to follow, a behavior that can leave an arbitrary minimum sconcerto.Non is possible that Microsoft may release its own note of clarification in the coming days.
giving things their names, Microsoft has installed a backdoor into your system that allows you to update the component "Windows Update" without asking the user. This is very serious for two reasons, in my opinion:
1) the user is alerted and can not disable this "feature"
2) potential, now that the backdoor has been unearthed, a reverse engineer can understand fully operation and use it to his advantage.
Source hwupgrade.it , a more in depth article can be found on windowssecrets.com
Thanks Microsoft for the latter genius. ^ ^
0 comments:
Post a Comment