2 Replies Latest reply on Jun 25, 2012 11:43 AM by antwesor

    Heads Up! Update Available for Windows Update


      Microsoft has released recently an important update to the Windows Update component for all OS available (at least those who are currently supported). This update will provide clients the new certificates to be used for communicating with the Windows Update servers and the new mechanism to connect to these Windows Update servers.


      This action was triggered because hackers discovered that there were Windows Updates certificates that expired in February 2012. So after that date they become invalid and Windows update clients could actually connect to any other server with an altered certificate.


      And there was a virus going around: “Flame Malware” is the name of the attack related to this issue, and for what researchers are saying this malware development was one of the most elaborated because of its complexity and the code involved (people are also suggesting that these hackers could be possible founded by a third-party). 


      Even though the update to mitigate this is already available, it makes you wonder about Windows security. The MD5 algorithm used by these certificates was already mentioned by MS in 2008 to not be used by administrators, but they didn’t disable it. Also, the certificates used by the Windows Update servers were expired in February.


      I guess there is no such thing as the perfect system. 


      How do you feel about this Microsoft processes regarding security? Can we actually say that there are other OS with large amount of users which have unbreakable defenses?