Massive Potential Abuse of Windows Machines Via Update

It’s happened again, whilst researching on the net, suddenly my internet
connection reported it had been intercepted (and the proxy given to me by my
ISP to solve this sort of problem stopped working) so I had to swap back to
automatically detect (lan settings), with the restrictions this gives to
certain sites.

I recon I am the subject of a big test! Over the years I have battled with
this one.

Re-build’s galore, new machines, super fandango firewall routers, set up by
experts, but still I have issues.

I have been quietly noting events and I think that there can only be two
possible explanations.

Update traffic is being controlled externally
Or
Update traffic is being controlled internally

This is BIG if you think about it. Forget malware, spyware etc. The best way
to get control of machines without the user being alerted too much has got to
be to restrict them from getting genuine security update’s, create your own
update’s to software and then deliver them.

The first theory would be where someone sets up some kind of interception,
modification and later delivery of the updates.

The second theory would be where the operating system is set to connect to
an update source that is not the genuine Microsoft one.

Why do I think this you ask yourself? Well I have noticed that I am not
getting my automatic updates at the correct time!

Take for example the January Patch Tuesday Release.

My XP machine didn’t update until the Thursday. When I looked at the KB
number of the update I had just received it was not the one it should have
been. Indeed the one I got (KB951748) was meant to have been released in July!

I checked the two Vista machines on my network to see what updates they had
recently received; one was showing KB954708 as being installed on 13th
January. Research shows that this was published in July. The other machine
wasn’t showing any updates since the last forced one’s I did back in December.

Indeed I was even working on one of the Vista machines yesterday, ran MBSA
which said all updates were installed, and then a little while later an
update started to download and re-boot the machine. It went through the 3
stage install process, but! When I checked to see what had been updated there
was nothing new in the list.

My 1st theory is my favoured one as it would go some way to explain the
earlier issues I have had with updating my security software programs,
problems accessing webmail, and also accessing the tweaks site and Microsoft
site’s among others.

This is BIG if you think about it. Forget malware, spyware etc. Surely the
best way to get control of machines without the user being alerted too much
has got to be to restrict them from getting genuine security update’s, create
your own update’s to software and then deliver them.

Could this be what the downadup worm will be attempting to do? Was my
network one of the guinea pig's used for the last few years used to test and
perfect this?

The problem I have is how I can find out what is going on here. Who can I
turn to for help?

Anyone got any suggestions?

--
BarneyB

"BarneyB" <> wrote in message
news:94DA9CC5-72A1-4953-B820-...
> It’s happened again, whilst researching on the net, suddenly my internet
> connection reported it had been intercepted (and the proxy given to me by
> my
> ISP to solve this sort of problem stopped working) so I had to swap back
> to
> automatically detect (lan settings), with the restrictions this gives to
> certain sites.
>
> I recon I am the subject of a big test! Over the years I have battled with
> this one.
>
> Re-build’s galore, new machines, super fandango firewall routers, set up
> by
> experts, but still I have issues.
>
> I have been quietly noting events and I think that there can only be two
> possible explanations.
>
> Update traffic is being controlled externally
> Or
> Update traffic is being controlled internally
>
> This is BIG if you think about it. Forget malware, spyware etc. The best
> way
> to get control of machines without the user being alerted too much has got
> to
> be to restrict them from getting genuine security update’s, create your
> own
> update’s to software and then deliver them.
>
> The first theory would be where someone sets up some kind of interception,
> modification and later delivery of the updates.
>
> The second theory would be where the operating system is set to connect to
> an update source that is not the genuine Microsoft one.
>
> Why do I think this you ask yourself? Well I have noticed that I am not
> getting my automatic updates at the correct time!
>
> Take for example the January Patch Tuesday Release.
>
> My XP machine didn’t update until the Thursday. When I looked at the KB
> number of the update I had just received it was not the one it should have
> been. Indeed the one I got (KB951748) was meant to have been released in
> July!
>
> I checked the two Vista machines on my network to see what updates they
> had
> recently received; one was showing KB954708 as being installed on 13th
> January. Research shows that this was published in July. The other machine
> wasn’t showing any updates since the last forced one’s I did back in
> December.
>
> Indeed I was even working on one of the Vista machines yesterday, ran MBSA
> which said all updates were installed, and then a little while later an
> update started to download and re-boot the machine. It went through the 3
> stage install process, but! When I checked to see what had been updated
> there
> was nothing new in the list.
>
> My 1st theory is my favoured one as it would go some way to explain the
> earlier issues I have had with updating my security software programs,
> problems accessing webmail, and also accessing the tweaks site and
> Microsoft
> site’s among others.
>
> This is BIG if you think about it. Forget malware, spyware etc. Surely the
> best way to get control of machines without the user being alerted too
> much
> has got to be to restrict them from getting genuine security update’s,
> create
> your own update’s to software and then deliver them.
>
> Could this be what the downadup worm will be attempting to do? Was my
> network one of the guinea pig's used for the last few years used to test
> and
> perfect this?
>
> The problem I have is how I can find out what is going on here. Who can I
> turn to for help?
>
> Anyone got any suggestions?
>
> --
> BarneyB

Talk to your shrink maybe?

"BarneyB" <> wrote in message
news:94DA9CC5-72A1-4953-B820-...
> It's happened again, whilst researching on the net, suddenly my internet
> connection reported it had been intercepted (and the proxy given to me by
> my
> ISP to solve this sort of problem stopped working) so I had to swap back
> to
> automatically detect (lan settings), with the restrictions this gives to
> certain sites.
>
> I recon I am the subject of a big test! Over the years I have battled with
> this one.
>
> Re-build's galore, new machines, super fandango firewall routers, set up
> by
> experts, but still I have issues.
>
> I have been quietly noting events and I think that there can only be two
> possible explanations.
>
> Update traffic is being controlled externally
> Or
> Update traffic is being controlled internally
>
> This is BIG if you think about it. Forget malware, spyware etc. The best
> way
> to get control of machines without the user being alerted too much has got
> to
> be to restrict them from getting genuine security update's, create your
> own
> update's to software and then deliver them.
>
> The first theory would be where someone sets up some kind of interception,
> modification and later delivery of the updates.
>
> The second theory would be where the operating system is set to connect to
> an update source that is not the genuine Microsoft one.
>
> Why do I think this you ask yourself? Well I have noticed that I am not
> getting my automatic updates at the correct time!
>
> Take for example the January Patch Tuesday Release.
>
> My XP machine didn't update until the Thursday. When I looked at the KB
> number of the update I had just received it was not the one it should have
> been. Indeed the one I got (KB951748) was meant to have been released in
> July!
>
> I checked the two Vista machines on my network to see what updates they
> had
> recently received; one was showing KB954708 as being installed on 13th
> January. Research shows that this was published in July. The other machine
> wasn't showing any updates since the last forced one's I did back in
> December.
>
> Indeed I was even working on one of the Vista machines yesterday, ran MBSA
> which said all updates were installed, and then a little while later an
> update started to download and re-boot the machine. It went through the 3
> stage install process, but! When I checked to see what had been updated
> there
> was nothing new in the list.
>
> My 1st theory is my favoured one as it would go some way to explain the
> earlier issues I have had with updating my security software programs,
> problems accessing webmail, and also accessing the tweaks site and
> Microsoft
> site's among others.
>
> This is BIG if you think about it. Forget malware, spyware etc. Surely the
> best way to get control of machines without the user being alerted too
> much
> has got to be to restrict them from getting genuine security update's,
> create
> your own update's to software and then deliver them.
>
> Could this be what the downadup worm will be attempting to do? Was my
> network one of the guinea pig's used for the last few years used to test
> and
> perfect this?
>
> The problem I have is how I can find out what is going on here. Who can I
> turn to for help?
>
> Anyone got any suggestions?
>
> --
> BarneyB


BarneyB, this is how to obtain assistance from MS Support

If you believe there is a Massive Potential Abuse of Windows Machines via
update then contact MS and discuss the issue with them.

To contact Microsoft for support issues, visit the International Support Web
site:
https://support.microsoft.com/common/international.aspx
To make sure you receive the appropriate support information for your
location, select your region setting from the list and then click the arrow
button


--

TaurArian [MVP] 2005-2009 - Update Services
http://taurarian.mvps.org
======================================
How to ask a question: http://support.microsoft.com/kb/555375
Disclaimer: The information has been posted "as is" with no warranties or
guarantees and doesn't give any rights.
Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco

BarneyB wrote:
> It’s happened again, whilst researching on the net, suddenly my internet
> connection reported it had been intercepted (and the proxy given to me by my
> ISP to solve this sort of problem stopped working) so I had to swap back to
> automatically detect (lan settings), with the restrictions this gives to
> certain sites.
>
> I recon I am the subject of a big test! Over the years I have battled with
> this one.
>
> Re-build’s galore, new machines, super fandango firewall routers, set up by
> experts, but still I have issues.
>
> I have been quietly noting events and I think that there can only be two
> possible explanations.
>
> Update traffic is being controlled externally
> Or
> Update traffic is being controlled internally
>
> This is BIG if you think about it. Forget malware, spyware etc. The best way
> to get control of machines without the user being alerted too much has got to
> be to restrict them from getting genuine security update’s, create your own
> update’s to software and then deliver them.
>
> The first theory would be where someone sets up some kind of interception,
> modification and later delivery of the updates.
>
> The second theory would be where the operating system is set to connect to
> an update source that is not the genuine Microsoft one.
>
> Why do I think this you ask yourself? Well I have noticed that I am not
> getting my automatic updates at the correct time!
>
> Take for example the January Patch Tuesday Release.
>
> My XP machine didn’t update until the Thursday. When I looked at the KB
> number of the update I had just received it was not the one it should have
> been. Indeed the one I got (KB951748) was meant to have been released in July!
>
> I checked the two Vista machines on my network to see what updates they had
> recently received; one was showing KB954708 as being installed on 13th
> January. Research shows that this was published in July. The other machine
> wasn’t showing any updates since the last forced one’s I did back in December.
>
> Indeed I was even working on one of the Vista machines yesterday, ran MBSA
> which said all updates were installed, and then a little while later an
> update started to download and re-boot the machine. It went through the 3
> stage install process, but! When I checked to see what had been updated there
> was nothing new in the list.
>
> My 1st theory is my favoured one as it would go some way to explain the
> earlier issues I have had with updating my security software programs,
> problems accessing webmail, and also accessing the tweaks site and Microsoft
> site’s among others.
>
> This is BIG if you think about it. Forget malware, spyware etc. Surely the
> best way to get control of machines without the user being alerted too much
> has got to be to restrict them from getting genuine security update’s, create
> your own update’s to software and then deliver them.
>
> Could this be what the downadup worm will be attempting to do? Was my
> network one of the guinea pig's used for the last few years used to test and
> perfect this?
>
> The problem I have is how I can find out what is going on here. Who can I
> turn to for help?
>
> Anyone got any suggestions?
>
For the record the July patch that you just got was due to a detection
issue.

"BarneyB" <> schrieb:
[...]
> Why do I think this you ask yourself? Well I have noticed that I am not
> getting my automatic updates at the correct time!
>
> Take for example the January Patch Tuesday Release.
>
> My XP machine didn't update until the Thursday. When I looked at the KB
> number of the update I had just received it was not the one it should have
> been. Indeed the one I got (KB951748) was meant to have been released in July!

KB951748 (MS08-037) has not been delivered to Windows XP SP3(!) systems
since around November 2008 til 13th January 2009 due to a detection issue
from Windows/Auto Update. It has been released in July 2008 and been offerd
to Windows XP SP3 also since 8th July 2008 til the detection issue occured.
Systems which have been set up from around November 2008 to January 2009
have not been offered KB951748 from WU/AU. To those systems KB951748 is
beeing offered again after the detection issue has been resolved.

See also the following thread in this very newsgroup:
http://groups.google.com/groups?thre...TNGP04.phx.gbl

Bye,
Freudi

cumulative security update for internet explorer7 for windows xp (KB958215)
then a different box -error code 0x8007F0F1 registration server 32URLMON.dll.
I know its a windows security setting that is unable to install but dont
know how to fix please help

"BarneyB" wrote:

> It’s happened again, whilst researching on the net, suddenly my internet
> connection reported it had been intercepted (and the proxy given to me by my
> ISP to solve this sort of problem stopped working) so I had to swap back to
> automatically detect (lan settings), with the restrictions this gives to
> certain sites.
>
> I recon I am the subject of a big test! Over the years I have battled with
> this one.
>
> Re-build’s galore, new machines, super fandango firewall routers, set up by
> experts, but still I have issues.
>
> I have been quietly noting events and I think that there can only be two
> possible explanations.
>
> Update traffic is being controlled externally
> Or
> Update traffic is being controlled internally
>
> This is BIG if you think about it. Forget malware, spyware etc. The best way
> to get control of machines without the user being alerted too much has got to
> be to restrict them from getting genuine security update’s, create your own
> update’s to software and then deliver them.
>
> The first theory would be where someone sets up some kind of interception,
> modification and later delivery of the updates.
>
> The second theory would be where the operating system is set to connect to
> an update source that is not the genuine Microsoft one.
>
> Why do I think this you ask yourself? Well I have noticed that I am not
> getting my automatic updates at the correct time!
>
> Take for example the January Patch Tuesday Release.
>
> My XP machine didn’t update until the Thursday. When I looked at the KB
> number of the update I had just received it was not the one it should have
> been. Indeed the one I got (KB951748) was meant to have been released in July!
>
> I checked the two Vista machines on my network to see what updates they had
> recently received; one was showing KB954708 as being installed on 13th
> January. Research shows that this was published in July. The other machine
> wasn’t showing any updates since the last forced one’s I did back in December.
>
> Indeed I was even working on one of the Vista machines yesterday, ran MBSA
> which said all updates were installed, and then a little while later an
> update started to download and re-boot the machine. It went through the 3
> stage install process, but! When I checked to see what had been updated there
> was nothing new in the list.
>
> My 1st theory is my favoured one as it would go some way to explain the
> earlier issues I have had with updating my security software programs,
> problems accessing webmail, and also accessing the tweaks site and Microsoft
> site’s among others.
>
> This is BIG if you think about it. Forget malware, spyware etc. Surely the
> best way to get control of machines without the user being alerted too much
> has got to be to restrict them from getting genuine security update’s, create
> your own update’s to software and then deliver them.
>
> Could this be what the downadup worm will be attempting to do? Was my
> network one of the guinea pig's used for the last few years used to test and
> perfect this?
>
> The problem I have is how I can find out what is going on here. Who can I
> turn to for help?
>
> Anyone got any suggestions?
>
> --
> BarneyB