Slashdot Mirror
Nerves Rattled By Highly Suspicious Windows Update Delivered Worldwide
An anonymous reader writes: If you're using Windows 7 you might want to be careful about which updates you install. Users on Windows forums are worried about a new "important" update that looks a little suspect. Ars reports: "'Clearly there's something that's delivered into the [Windows Update] queue that's trusted,' Kenneth White, a Washington DC-based security researcher, told Ars after contacting some of the Windows users who received the suspicious update. 'For someone to compromise the Windows Update server, that's a pretty serious vector. I don't raise the alarm very often but this has just enough characteristics of something pretty serious that I think it's worth looking at.'" UPDATE: Microsoft says there's nothing to worry about, the company "incorrectly published a test update."
This is exactly why I disabled updates. With all of the crap MS has been trying to forcefully push out after Malware 10 was released, you're safer without them.
http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/
Microsoft said a highly suspicious Windows update that was delivered to customers around the world was the result of a test that wasn't correctly implemented.
They were just checking to see if you really wanted to upgrade to Windows 10
Never attribute to malice that which is adequately explained by stupidity. Could be that some Microsoft engineer accidentally published a test update.
"We incorrectly published a test update and are in the process of removing it," a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.
The explanation came more than 12 hours after people around the world began receiving the software bulletin through the official Windows Update, raising widespread speculation that Microsoft's automatic patching mechanism was broken or, worse, had been compromised to attack end users. Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out.
I'm a little leery of the Microsoft claim. Admittedly I am perhaps a bit biased against Microsoft for their having integrated a web browser into their OS kernel such that the OS can be irrevocably compromised through a simple web page, but even without that history, that company is large enough that anyone in public relations to make the, "our bad," announcement might not have any idea what actually happened from a technical point of view. On top of that the formatting of the update doesn't give any clue that it's a test update either, as it appears to make no origin claims (at least by the article's included screen shot) and is simply strange.
Whenever I've done something as a test, I actually note in the comments that it's a damn test. I also note that I put it there. Microsoft might not want to publicly attribute something to a particular developer to intentionally obfuscate the development process from the user, but they still should have used something that identifies it as a test to the average person, and used something to make it clear to them that it's attributed to a specific person.
Do not look into laser with remaining eye.
They're apparently not content with only failing miserably in new markets like smartphones - they're now finding ways to destroy their successful businesses as well. They should just sit on their hands and keep collecting their checks.
Perhaps it's just me, but on days like this it almost looks like sacking thousands of QA employees might not have been the smartest idea ever.
"Microsoft confirmed Wednesday that a suspicious-looking update pushed out to Windows machines globally in the early hours was nothing more than a test gone errant."
http://www.zdnet.com/article/m...
The summary makes it sound like this is all a mystery and insinuates that Microsoft's update servers may have been compromised, however, the linked articles state that it was simple a mistakenly pushed test patch and nothing nefarious at all.
yeah - turns out to be a mistake. We can delete this post and all conversation after it.
The same article also explains that it was a test update that they released by accident. Human error isn't exactly unbelievable when it comes to computer software. The tinfoil hat jobs are just doing what they always do around here - spreading FUD.
BeauHD. Worst editor since kdawson.
Trust?
Silly rabbit, trust is for naive fools.
-- Tigger warning: This post may contain tiggers! --
I've been reading the support forum links where people claim that their PC where nuked with this update, nothing worked, everything failed, no System Restore, bla bla bla. I'm amazed how far the MS hate goes, even making up stories.
If this continues, I wouldn't do real work on [windows] ever again.
So this time didn't do it for you? There has to be another time? Given Win7+'s mod to auto install fixes deemed by MS to be critical, I think that time was at least years ago. Even IBM jumped ship.
The cesspool just got a check and balance.
What do they mean by "trusted?" Like a trusted software publisher? Like Microsoft...like all the updates are marked?
It is so uplifting to find so many people who have never made a mistake in their professional careers.
I am sure those around you are giddy as they read your witty posts on Slashdot calling out "those idiots at Microsoft".
I applaud you and the personal perfection that arms you with such stones.
They won't show you the code they build from and it's *known* to contain malware.
I'm amazed we are still having this discussion. However some people are just too stupid to move. Excuses excuses. They push the blame off (it's a non-issue because of x, y, z) or otherwise say, "but I can't do X". Well, if you don't move you'll never be able to do X. I moved in 2000 knowing full well that I wouldn't be able to do a few things and/or have to learn to do things differently. Well, in 2015 there isn't a dang thing I want to do that I can't and there hasn't been for 10 years. And then I became part of the solution too enabling other less technical users to adopt the operating systems. If you just 'give up' you'll never be able to move.
a weather balloon!
We play the game with the bravery of being out of range
> now
lol
pr0n - keeping monitor glass spotless since 1981.
I might be the sort of person that needs updates foisted upon me, but I'm not sure that includes escaped test updates that brick my computer. Sure, it might make the Intarwebs a bit less crowded for a while as I and the other plebeians with Windows Home Edition try to coax a nephew into reinstalling our machines, but still, Microsoft should know a whole lot better.
Trust no one.
You are welcome on my lawn.
That is way to much work for personal devices. I have the data I care about on multiple backup drives and I have a Windows install USB drive handy. If an update breaks my system, I can be back up and running in less than a hour from bare metal. The data you care about needs to be backed up anyway, so it would be nothing but a waste of time for me to review all the updates that come out. I set Windows to ask before it reboots, and beyond that, updates are automatic.
I finally woke up and realised the monoculture thing is killing us. I had too many eggs in Microsoft's basket, in Google's basket, so I divested and made myself more secure.
- I dumped Windows and went permanently to Linux
- I dumped my Outlook.com email address and went to my own paid email
- I dumped my iPhone and went to an Android phone I'm about to root and put on a custom ROM
- I don't use the "cloud" for backups. I backup locally x3, plus bank vault 3x year, plus encrypted SD card x2 on person. If all these go wrong, I'm screwed.
I'm done being a product, I want to be a customer.
whatever crap is lying around, evil, benign, or beneficial, rolls out the same way. there is nothing in the description. MS is using misdirection to trick you into installing Win10. these guys are getting as bad as botmasters. auto-updates are turned off on my home machines, and if I can't determine whether something is important, it doesn't get installed.
if this is supposed to be a new economy, how come they still want my old fashioned money?
MonsterSlop, however, is not listing that in the descriptions.
if this is supposed to be a new economy, how come they still want my old fashioned money?
This right here would be what makes black hats drool. Get a payload in the Windows update server that is signed with keys that pass. you do that and you utterly own 60% of the internet in a span of 8 hours.
If you were smart about it, you would do a quick test that is benign. changing only 2 bytes in a MS patch and then look for it. If that works you get your best rootkit that you can conceive and get it out there. now WAIT for about 25-45 days and have it download and install the nasty that you want to unleash.
Luckily 99% of the black hats are so ADD that they shoot their load as soon as they can and brag all over the internet. It's that 1% that you never hear about and are never caught that are the truly dangerous ones.
Do not look at laser with remaining good eye.
they're still fscking weasels, whether it's Microsoft or malicious. uh, wait, it's too hard to tell them apart, now.
if this is supposed to be a new economy, how come they still want my old fashioned money?
A test or not, but why are there .gov hyperlinks in the MS update pages???? is this for real that MS is directing us to U.S. government websites?
Most likely is to make sure that those don't exists, since they are pretty restricted access TLDs, anyone can get a .com, or a .org, pretty much nobody can get a .gov
At the very least, you could have briefly explained what was suspicious about it.
systemd is Roko's Basilisk.
By Microsoft.
Anyone who blindly installs updates deserves all the crap they get.
Welcome to the Panopticon. Used to be a prison, now it's your home.
It's just some untested code forcibly installed on your computer due to a flaw in the release process.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Blaster? I still giggle about Code Red and Nimda.
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
UPDATE: Microsoft says there's nothing to worry about, the company "incorrectly published a test update."
But what if someone compromised the Slashdot Update?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
All I can say is "Win10 auto update"
"If any question why we died, Tell them because our fathers lied."
Bullshit. No OS is "well made" enough that it will never need security updates. Not Windows, not MacOS, not Linux, not *BSD.
This is why it's really, really important for OS providers to maintain a trustworthy update service. If they use it for advertising purposes, or sell it out to various government agencies, or allow incompetent personnel to push "test" updates to the entire planet, it's no longer trustworthy. That means their OS itself is no longer trustworthy, if in fact it ever was.
Nobody at Microsoft seems to have the first clue how important Windows Update actually is, and how important it is not to screw with it. Windows Update is Windows, not just in a de-facto sense but as a vital corporate strategy. It's time they started acting like it.
Nerves rattled? Scanning the title I thought a Microsoft update literally caused Brain Damage that caused users' pointer fingers to shake uncontrollably on top of their mouse.
So Microsoft potentially pushed test code to everyone's production systems. That makes me feel so much better.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Mooo says the cow, MOOO
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
a 14 year old Muslim kid put it together from spare parts. he took it to school and told everybody he built a Windows 7 update.
Star Trek transporters are just 3d printers.