[LINK] Microsoft contains Flame with Windows Update revamp
Kim Holburn
kim at holburn.net
Sun Jun 10 17:36:45 AEST 2012
Note that:
> WSUS will no longer work through network proxies that use SSL deep packet content inspection,
...
> Such proxies act as man-in-the-middle devices that can peek inside encrypted traffic as it travels from a local network onto the Internet. Enterprises that have inspection servers in place will have to create exception rules so all Windows Update traffic is bypassed.
https relying on SSL certification is not looking so trustworthy these days!
http://arstechnica.com/security/2012/06/revamped-windows-update-contains-flame/
> Microsoft contains Flame with Windows Update revamp
>
> Changes are designed to prevent hijacking of the system used to deliver updates.
>
> by Dan Goodin - June 9 2012, 7:20am EST
>
> Following a groundbreaking cryptographic attack that hijacked the platform Microsoft uses to deliver updates to millions of large customers, the company has issued changes designed to prevent similar exploits from working again.
>
> The company's Windows Server Update Services, which businesses and organizations use to deliver patches to large fleets of PCs, will no longer work through network proxies that use SSL deep packet content inspection, Microsoft representatives said in an advisory published Friday afternoon. Such proxies act as man-in-the-middle devices that can peek inside encrypted traffic as it travels from a local network onto the Internet. Enterprises that have inspection servers in place will have to create exception rules so all Windows Update traffic is bypassed.
>
> The changes are designed to blunt the kind of attacks carried out by Flame, the sophisticated espionage software that infected PCs in Iran and other Middle Eastern countries. As revealed earlier this week, the malware hijacked the Windows Update process to spread from machine to machine within a local network. By hacking a Microsoft licensing service to sign malware stored on one infected computer, Flame could disguise the malicious payload as a Windows update that should be installed by other computers on the same network.
>
> Microsoft has also provided cryptographic hashes that will accompany all future Windows Updates. It is signed with a private key that only Microsoft possesses, making it infeasible for attackers to include the same certification.
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list