The Tech Herald

Comodohacker: I can hack Windows Update

by Steven Mostyn - Sep 13 2011, 12:38

Hackable?

Following on from the recent hack attack carried out against Dutch security specialist DigiNotar (read), it would appear notorious hacker Comodohacker is setting his/her sights on a significantly bigger target. 

Moreover, while claiming to be “so smart, sharp, dangerous [and] powerful”, the hacker has offered up a statement conflicting directly with Microsoft’s recent insistence that its Windows Update system cannot be compromised.

“I’m able to issue Windows updates—Microsoft’s statement about Windows Update and that I can’t issue such [an] update is totally false,” the hacker wrote via Pastebin. “Simply I can issue updates via Windows Update!”

“I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL, which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API,” the post boasted.

Although Microsoft remains staunch in its belief that Windows Update cannot be circumvented “even to an attacker with a fraudulent certificate”, hundreds of millions of unwitting users could face a flood of malware if Comodohacker is able to make good on the claim.

“Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers”, wrote the software giant via its official blog.

“The Windows Update client will only install binary payloads signed by the actual Microsoft root CA certificate, which is issued and secured by Microsoft,” it added.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Chevrolet shows off the 2015 Colorado with digital experience

Chevrolet has launched a new website to show buyers all the bells and whistles available on ...

Mazda to debut CX-3 and MX-5 at Los Angeles Auto Show

Mazda has announced plans to premiere the new Mazda CX 3, its new compact crossover SUV, at ...

Ford issues safety recall for 204,448 Ford Edge and Lincoln MKX

Ford has issued a safety recall for 204,448 of the 2007-2008 Ford Edge and Lincoln MKX in No...

Mopar Previews SEMA Custom Rides

We have added a set of pictures released by Mopar ahead of the SEMA Show. Mopar are bri...

Audi R8 Competition – The Most Powerful Production Audi Ever

Audi has revealed details of their new super-fast Audi R8 Competititon — the most powerful a...