[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030902200314.11439.qmail@sf-www2-symnsj.securityfocus.com>
Date: 2 Sep 2003 20:03:14 -0000
From: <miki4242@...mail.com>
To: bugtraq@...urityfocus.com
Subject: (Ad-) Host blocking may cause Windows Update to silently fail
Description of the problem:
Using certain host blocking methods (possibly used to block
advertisements) and Windows Update configured to automatically download
(and possibly install) updates, Windows Update may silently FAIL to notify
the user of the existence of critical updates.
Detailed description:
Windows Update (current version) tries to download its catalog of
available updates from a host on the Akamai domain (akamai.net). Access to
hosts on this domain is sometimes blocked by ad-blocking methods because
these hosts may also serve advertisements.
The problem is that Windows Update, when running unattended, does not
report errors directly to the user, possibly giving them a false sense of
security. (Windows Update does log its transactions to a log file, though.)
Possibly affected systems:
All Windows versions with Windows Update feature (ME, 2000, XP, 2003,
confirmed on Windows XP), using (advertising) host blocking mechanisms,
for example:
- 'HOSTS' file host blocking (entries pointing to 127.0.0.1 (localhost)
for hosts to be blocked).
- External firewall host blocking (rules denying traffic from and to
unwanted hosts).
How to check if your system is affected:
- Manually launch Windows Update and try to check for updates. How to do
this depends on your version of Windows.
- If you receive an error opening the Web page or you receive an error
while searching for updates, your system may be affected.
- Next, look for a file named "Windows Update.log" in your Windows
directory (the location depends on your Windows version).
Open this file (with Notepad for example) and search for the
string "Querying".
- Look for the LAST line found that is similar to this one (you may have
to use "Find Next" several times):
2003-08-15 22:12:20 20:12:20 Error IUENGINE Querying software
update catalog from
https://a248.e.akamai.net/v4.windowsupdate.microsoft.com/getmanifest.asp
(Error 0x800C0005)
- If the line contains "Error", Windows Update has not been able to
download the list of available updates. Your system possibly is vulnerable
to security exploits for which patches have been released. You should
apply the work-around below as soon as possible and update your system
with the latest patches.
Quick work-around:
Disable all host-blocking mechanisms.
More refined work-around
Users of external firewalls: Allow traffic from and to hosts on the Akamai
domain (akamai.net).
Users using HOSTS file: get the latest version of the HOSTS file (for
example from http://www.accs-net.com/hosts/ ) and check that no hosts from
the Akamai domain are being blocked.
Powered by blists - more mailing lists