Microsoft controls over 80% of the PC market. Virtually everyone has used Windows, or owns a Windows-based PC. One feature that is found on the most recent versions of Windows is automatic updates. Microsoft has worked to make automatic updates simple and convenient, so even the most novice PC user could update.
Any Windows user has most likely seen Windows update dialog appear while using their computer. People usually don’t question what is being updated with their operating system, and proceed with the download and installation.
A hacker calling himself “Comodohacker”, had hacked into a Dutch Certificate Authority, and claimed that he could use stolen certificates to issue fake Windows updates.With an exploit through Windows update, a malicious user could send out a fake patch to anyone using the certain version of Windows.
I believe that this could pose a huge security concern, and could jeopardize the daily functions of millions of people. Whether a business, bank, hospital, or just a typical user’s PC had been infected with malicious code through windows update, it could be impact society on a mass scale.
Although there are many critics of the hacker’s claim, Microsoft has issued precautionary updates to block patches which use the stolen certificates.