![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneNot pleasant news.
"At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.
The method bypasses users' firewall, allowing files to download undetected.
Microsoft said it was aware of reports of the attack."
Now, for this to work, you must first have fallen for a social engineering attack and downloaded a program that has infected your computer and thus compromised the Windows BITS subsystem that is used by the Windows Update process. As one expert pointed out, at that point, the fact that your Update system has been compromised is irrelevent because you've already allowed your computer to be compromised.
My suggestion, regardless of this hack, is to have your update settings configured to download the updates but to not install them until you tell it to.
http://news.bbc.co.uk/2/hi/technology/6657677.stm
(yes, I said I'd try not to dupe posts to my other blog, but I think this is important enough to merit duping.)
"At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.
The method bypasses users' firewall, allowing files to download undetected.
Microsoft said it was aware of reports of the attack."
Now, for this to work, you must first have fallen for a social engineering attack and downloaded a program that has infected your computer and thus compromised the Windows BITS subsystem that is used by the Windows Update process. As one expert pointed out, at that point, the fact that your Update system has been compromised is irrelevent because you've already allowed your computer to be compromised.
My suggestion, regardless of this hack, is to have your update settings configured to download the updates but to not install them until you tell it to.
http://news.bbc.co.uk/2/hi/technology/6657677.stm
(yes, I said I'd try not to dupe posts to my other blog, but I think this is important enough to merit duping.)
