> -----Original Message----- > From: Brian Hayward [mailto:haywardat_private] > Sent: Thursday, January 28, 1999 9:00 AM > To: BUGTRAQat_private > Subject: Re: How the MS Critical Update Notification works... > > > So the weakest link here is the nameserver. If someone is able to > compromise your nameserver. > > I wonder what type of validation is done within the update utility. > Does it check to see if the resolved address is indeed a > valid microsoft > IP address, or are there any other security checks that prevent > installation of updates from a non-microsoft site? After a quick check with the IE folks, this is what I learned. The short answer is that the files are signed. If done correctly, that means that the worst that can happen is that the nameserver spoofer can return an old cucif.cab file, or an old version of an update if the update's name had ever been used before. Of course, as everyone knows, just saying "it's signed" isn't enough; other care needs to be taken. However, even this tidbit of information should be sufficient to deflect the discussion in a more fruitful direction. Paul
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:04 PDT