[9254] in bugtraq
Re: Microsoft Critical Updater Security
daemon@ATHENA.MIT.EDU (Corwin J. Grey)
Wed Jan 27 15:45:02 1999
Mail-Followup-To: Carson Gaspar <carson@TLA.ORG>, BUGTRAQ@netspace.org
Date: Tue, 26 Jan 1999 12:45:11 -0800
Reply-To: "Corwin J. Grey" <cgrey@WCFAMILY.COM>
From: "Corwin J. Grey" <cgrey@WCFAMILY.COM>
X-To: Carson Gaspar <carson@TLA.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <13997.11664.784405.835866@taltos.tla.org>; from Carson Gaspar on
Mon, Jan 25, 1999 at 09:50:56PM -0500
--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Carson, I believe you are correct. I have noticed something similar on two =
occasions now, where it appears that the Critical Update program is updatin=
g something without requestion permission. I have not give permission on th=
e security certificates, and have to authenticate all other transfers from =
MS. I'm not sure exactly what is taking place, but I don't like it.=20
I'm going to being tracking all Critical Update changes using logs of all d=
irectory entries to see exactly what is being altered. As soon as I get ano=
ther occurence and can identify what files have been modified I will post t=
he results here.
On Mon, Jan 25, 1999 at 09:50:56PM -0500, Carson Gaspar wrote:
> >>>>> "Gale" =3D=3D Gale S Ringley <gringley@HOTMAIL.COM> writes:
>=20
> Gale> The behaviour you describe occured because at some point, you or so=
meone
> Gale> else who uses your computer told Windows to trust all content from
> Gale> Microsoft. The wait and restart was indeed an update to Windows Up=
date.
> Gale> To prevent this in the future, you will have to open in IE4
> View> Internet Options>Content>Certificate>Publishers and remove the
> Gale> publishers you no longer want to trust.
>=20
> Not true. I can confirm this. It transferred _something_ and then
> asked if I wanted to restart. After that, I got the usual "do you want
> to trust this ActiveX control" message before it scanned my system for
> new updates.
>=20
> Something else is going on.
>=20
> --
> Carson Gaspar -- carson@cs.columbia.edu carson@tla.org carson@cugc.org
> http://www.cs.columbia.edu/~carson/home.html
> Queen Trapped in a Butch Body
--=20
+---------------------------------------------------------------------+
| Corwin J. Grey Systems Administrator |
| Linux Consultant West Coast Family |
| http://www.wcfamily.com |
| |
| Shell, email, mailing list, and ircd accounts |
+---------------------------------------------------------------------+
PGP: finger cgrey#pgp@wcfamily.com
--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: vu5YSxoeshMnRA9RgpsTVZeX3ShIaJ1V
iQCVAwUBNq4bRdAOh9qeNxrzAQG8CgP/eMusRMU4f/4AsOObHMva6hPUPM3+PKPM
40rKjHkYFtPS3FGD7STrwwsRfCi3ZqOnGWRB9C2WhuKC5gLeiOn2aE++P68c/sfJ
HA4zrlcnJE2huNFmgtUjmee1uaVheIyBvQl8lkSfZzzorByA5xGnQ1u+X0xfAikV
/UhIfyVIle8=
=onOb
-----END PGP SIGNATURE-----
--zhXaljGHf11kAtnf--
