RE: Massive Potential Abuse of Windows Machines Via Update



cumulative security update for internet explorer7 for windows xp (KB958215)
then a different box -error code 0x8007F0F1 registration server 32URLMON.dll.
I know its a windows security setting that is unable to install but dont
know how to fix please help

"BarneyB" wrote:

It’s happened again, whilst researching on the net, suddenly my internet
connection reported it had been intercepted (and the proxy given to me by my
ISP to solve this sort of problem stopped working) so I had to swap back to
automatically detect (lan settings), with the restrictions this gives to
certain sites.

I recon I am the subject of a big test! Over the years I have battled with
this one.

Re-build’s galore, new machines, super fandango firewall routers, set up by
experts, but still I have issues.

I have been quietly noting events and I think that there can only be two
possible explanations.

Update traffic is being controlled externally
Or
Update traffic is being controlled internally

This is BIG if you think about it. Forget malware, spyware etc. The best way
to get control of machines without the user being alerted too much has got to
be to restrict them from getting genuine security update’s, create your own
update’s to software and then deliver them.

The first theory would be where someone sets up some kind of interception,
modification and later delivery of the updates.

The second theory would be where the operating system is set to connect to
an update source that is not the genuine Microsoft one.

Why do I think this you ask yourself? Well I have noticed that I am not
getting my automatic updates at the correct time!

Take for example the January Patch Tuesday Release.

My XP machine didn’t update until the Thursday. When I looked at the KB
number of the update I had just received it was not the one it should have
been. Indeed the one I got (KB951748) was meant to have been released in July!

I checked the two Vista machines on my network to see what updates they had
recently received; one was showing KB954708 as being installed on 13th
January. Research shows that this was published in July. The other machine
wasn’t showing any updates since the last forced one’s I did back in December.

Indeed I was even working on one of the Vista machines yesterday, ran MBSA
which said all updates were installed, and then a little while later an
update started to download and re-boot the machine. It went through the 3
stage install process, but! When I checked to see what had been updated there
was nothing new in the list.

My 1st theory is my favoured one as it would go some way to explain the
earlier issues I have had with updating my security software programs,
problems accessing webmail, and also accessing the tweaks site and Microsoft
site’s among others.

This is BIG if you think about it. Forget malware, spyware etc. Surely the
best way to get control of machines without the user being alerted too much
has got to be to restrict them from getting genuine security update’s, create
your own update’s to software and then deliver them.

Could this be what the downadup worm will be attempting to do? Was my
network one of the guinea pig's used for the last few years used to test and
perfect this?

The problem I have is how I can find out what is going on here. Who can I
turn to for help?

Anyone got any suggestions?

--
BarneyB
.



Relevant Pages

  • Re: Small Business Server Networking Wizard was not installed
    ... IE browser helper toolbar with some sort of security features enabled. ... WINSOCK fix, all these things were done on both of these machines, nothing ... Server Networking Wizard would not run on and nothing helped. ... ActivX garbage to install on either of these two machines. ...
    (microsoft.public.windows.server.sbs)
  • RE: Controlling access to servers
    ... machines because the information they contain is "too sensitive". ... > How do we manage security in such a case? ... > control measures to prevent IT Admins to do whatever they ... > Security Section or the IT Audit, in this way, Admins will ...
    (Security-Basics)
  • Re: MS02-047 + Terminal Service Web Client
    ... together an MSI installer for the redistributable control. ... Subscribe to Microsoft's Security Bulletins: ... >>> install these controls. ... >> This is from the bulletin describing the IE6 security patch ...
    (microsoft.public.win2000.security)
  • Re: OT computers
    ... I also don't install anything ... On Win7 I think I'm using Private Firewall. ... I'm very concerned with both privacy and security. ... machines because I won't licence it on customer's machines - and one I ...
    (alt.home.repair)
  • Re: MS02-047 + Terminal Service Web Client
    ... >> I am evaluating the IE6 security update MS02-047 and have ... >> updated OCX control. ... >> install these controls. ... > This is from the bulletin describing the server side security update: ...
    (microsoft.public.win2000.security)