lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030902200314.11439.qmail@sf-www2-symnsj.securityfocus.com>
Date: 2 Sep 2003 20:03:14 -0000
From: <miki4242@...mail.com>
To: bugtraq@...urityfocus.com
Subject: (Ad-) Host blocking may cause Windows Update to silently fail




Description of the problem:

Using certain host blocking methods (possibly used to block 
advertisements) and Windows Update configured to automatically download 
(and possibly install) updates, Windows Update may silently FAIL to notify 
the user of the existence of critical updates.


Detailed description:

Windows Update (current version) tries to download its catalog of 
available updates from a host on the Akamai domain (akamai.net). Access to 
hosts on this domain is sometimes blocked by ad-blocking methods because 
these hosts may also serve advertisements.
The problem is that Windows Update, when running unattended, does not 
report errors directly to the user, possibly giving them a false sense of 
security. (Windows Update does log its transactions to a log file, though.)


Possibly affected systems:

All Windows versions with Windows Update feature (ME, 2000, XP, 2003, 
confirmed on Windows XP), using (advertising) host blocking mechanisms, 
for example:
- 'HOSTS' file host blocking (entries pointing to 127.0.0.1 (localhost) 
for hosts to be blocked).
- External firewall host blocking (rules denying traffic from and to 
unwanted hosts).


How to check if your system is affected:

- Manually launch Windows Update and try to check for updates. How to do 
this depends on your version of Windows.

- If you receive an error opening the Web page or you receive an error 
while searching for updates, your system may be affected.

- Next, look for a file named "Windows Update.log" in your Windows 
directory (the location depends on your Windows version).
Open this file (with Notepad for example) and search for the 
string "Querying".

- Look for the LAST line found that is similar to this one (you may have 
to use "Find Next" several times):

2003-08-15 22:12:20  20:12:20   Error     IUENGINE       Querying software 
update catalog from 
https://a248.e.akamai.net/v4.windowsupdate.microsoft.com/getmanifest.asp 
(Error 0x800C0005)

- If the line contains "Error", Windows Update has not been able to 
download the list of available updates. Your system possibly is vulnerable 
to security exploits for which patches have been released. You should 
apply the work-around below as soon as possible and update your system 
with the latest patches.


Quick work-around:

Disable all host-blocking mechanisms.


More refined work-around

Users of external firewalls: Allow traffic from and to hosts on the Akamai 
domain (akamai.net).
Users using HOSTS file: get the latest version of the HOSTS file (for 
example from http://www.accs-net.com/hosts/ ) and check that no hosts from 
the Akamai domain are being blocked.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ