Hacker Claims He Can Exploit Windows Update

Microsoft controls over 80% of the PC market. Virtually everyone has used Windows, or owns a Windows-based PC. One feature that is found on the most recent versions of Windows is automatic updates. Microsoft has worked to make automatic updates simple and convenient, so even the most novice PC user could update.

Any Windows user has most likely seen Windows update dialog appear while using their computer. People usually don’t question what is being updated with their operating system, and proceed with the download and installation.

A hacker calling himself “Comodohacker”, had hacked into a Dutch Certificate Authority, and claimed that he could use stolen certificates to issue fake Windows updates.With an exploit through Windows update, a malicious user could send out a fake patch to anyone using the certain version of Windows.

I believe that this could pose a huge security concern, and could jeopardize the daily functions of millions of people. Whether a business, bank, hospital, or just a typical user’s PC had been infected with malicious code through windows update, it could be impact society on a mass scale.

Although there are many critics of the hacker’s claim, Microsoft has issued precautionary updates to block patches which use the stolen certificates.

Source: http://www.computerworld.com/s/article/9219876/Hacker_claims_he_can_exploit_Windows_Update?taxonomyId=17


4 thoughts on “Hacker Claims He Can Exploit Windows Update

  1. I’ll believe it when I see it. Windows has so many Programmers working whose sole purpose is to hack and attack the OS. Windows will take the necessary precautions and this hacker will just be hot wind.

  2. My question is…if he (Comodohacker) is as “smart, sharp, dangerous, powerful, etc…” as he claims to be, then why didn’t he just prove he could do it by actually doing it. He obviously lacks the moral code that would prevent him from doing such a thing, as proven by his attacks against the CA’s. Plus from his egotistical claims he would certainly have relished in the accomplishment. I’m going with Microsoft on this one…I don’t think it can be done…at least not yet and not the way Comodohacker claims. Just my opinion.

  3. I was thinking the same thing, and It sounds from Microsoft that they weren’t too worried about it. I just thought it was an interesting article regarding windows update, and potential risks where people would disregard any threats through.

  4. It is an interesting article and thanks for posting. What Windows says to the public and what they actually feel behind the doors may be two completely different things. Realizing that, I think it is an interesting thing to explore. Can it actually be done someday? Or even if Windows updates can’t be hacked what about the other automatic updates we receive from other programs? I would bet the common user has no idea they even get updates for some things…and even if they did get a prompt most people would probably just click ‘ok’ without even looking into it.

Comments are closed.