Nerves Rattled By Highly Suspicious Windows Update Delivered Worldwide

An anonymous reader writes: If you're using Windows 7 you might want to be careful about which updates you install. Users on Windows forums are worried about a new "important" update that looks a little suspect. Ars reports: "'Clearly there's something that's delivered into the [Windows Update] queue that's trusted,' Kenneth White, a Washington DC-based security researcher, told Ars after contacting some of the Windows users who received the suspicious update. 'For someone to compromise the Windows Update server, that's a pretty serious vector. I don't raise the alarm very often but this has just enough characteristics of something pretty serious that I think it's worth looking at.'" UPDATE: Microsoft says there's nothing to worry about, the company "incorrectly published a test update."

It was a test update

http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/

Probably just some fuckery

[jones_supa]

Never attribute to malice that which is adequately explained by stupidity. Could be that some Microsoft engineer accidentally published a test update.

Yeah, a test update...

[TWX]

From the article...

"We incorrectly published a test update and are in the process of removing it," a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.

The explanation came more than 12 hours after people around the world began receiving the software bulletin through the official Windows Update, raising widespread speculation that Microsoft's automatic patching mechanism was broken or, worse, had been compromised to attack end users. Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out.

I'm a little leery of the Microsoft claim. Admittedly I am perhaps a bit biased against Microsoft for their having integrated a web browser into their OS kernel such that the OS can be irrevocably compromised through a simple web page, but even without that history, that company is large enough that anyone in public relations to make the, "our bad," announcement might not have any idea what actually happened from a technical point of view. On top of that the formatting of the update doesn't give any clue that it's a test update either, as it appears to make no origin claims (at least by the article's included screen shot) and is simply strange.

Whenever I've done something as a test, I actually note in the comments that it's a damn test. I also note that I put it there. Microsoft might not want to publicly attribute something to a particular developer to intentionally obfuscate the development process from the user, but they still should have used something that identifies it as a test to the average person, and used something to make it clear to them that it's attributed to a specific person.

Re:Yeah, a test update...

[lgw]

".test" is a reserved test domain. There are others, including ".example", and ".invalid". I remember there being a two-letter one (".xy" I think), and a 63-letter one, but I can't find rhe RFC for those.

I've used ".test" for years, both for test URLs and test servers.