Microsofts ‘Stealth’ Update

Microsoft has done it again.

We receive reports from our WSUS server telling what updates are rolling out to what servers. So when I started receiving TripWire reports indicating files being altered on a bunch of windows boxes I got concerned.

I started opening the files with hex editors looking for strange junk and ran sigverif to see if files are properly signed. After doing that I detected nothing fishy.

So why did these files change?!

After doing a couple quick searches the answer became clear… Microsoft pushed some updates that it told no one about. These updates come even if you choose not to have updates downloaded automatically.

In this world of heightened security awareness, file integrity verification and patch pre-validation I can’t think of why they would do this.

I guess its just Microsoft’s way.

One Reply to “Microsofts ‘Stealth’ Update”

  1. I’m fairly sure my lone windows box got hit with this… My big question is: what does the update do? I don’t like the idea of updates being forced onto my machines without my knowledge… not one bit.

Leave a Reply

Your email address will not be published. Required fields are marked *

Navigation