As a follow on to the WGA and Security Updates post by Dustin Childs, I wanted to address another common question we get regarding both security and non-security updates that customers receive from Microsoft through Windows Update or Microsoft Update. Customers sometimes feel that somehow the settings they chose in the update console have been changed. Most commonly, customers who have set the client to notify them before installing updates are now getting updates automatically without prompting.
Before I go into details, I want to take a second to describe the differences between Windows Update (WU), Microsoft Update (MU) and Automatic Updates (AU). Windows Update was first developed to provide updates for Windows operating systems. Later, we introduced Microsoft Update to add the ability to offer updates for other Microsoft products such as Office and Windows Live. Automatic Updates is a feature that allows you to configure your computer to automatically download and install updates from either service. For more information, please see the Windows Update FAQ.
So, does Microsoft change your Automatic Update settings? No. Your settings are not changed by Microsoft unless you consent to do so.
The Windows Update team has seen this question several times and has blogged about it in the past. The team identified the following scenarios where your AU settings can be changed. Note that all of them require some action from you:
In addition, third-party products may change AU settings when installed, though this not a common practice. In some cases malware may attempt to change settings or block WU/MU entirely.
We always recommend that you configure your systems to receive Automatic Updates to ensure that you have the latest security and reliability updates for your Microsoft software. If you believe that your settings have changed without your consent or possibly due to malware on the system, please contact the Microsoft Customer Service & Support team for assistance.
*Postings are provided "AS IS" with no warranties, and confers no rights.*
As I’m sure you are all well aware by now, the second installment of the BlueHat Security Forum: Buenos Argentina Edition shipped on March 18, 2010, and was a resounding success. For those of you first hearing about this BlueHat Forum, the event itself was an exclusive, invitation-only gathering of 100 select business decision-makers and security researchers from across Latin America.
The BlueHat Security Forum events are a separate entity from the BlueHat Security Briefings you will find in Redmond. Whereas the goal of the BlueHat Security Briefings is to educate our own FTEs on emerging threats by inviting a targeted mix of the external security community to participate as presenters and active attendees, the mission behind the BlueHat Security Forum events is to pair Business Decision Makers (BDMs) with the local responsible finder community as a means to build relationships in the region. So where the Redmond events are about bringing the security community to our Microsoft developers and security teams, the Forum events are bringing the BlueHat ideals into the regional hotbeds we’re seeking to legitimize by leveraging the local security communities to one another. Make sense? Cool. J
As Mike mentioned live from the event, we managed to successfully align with the local subs by partnering with Microsoft’s Security Week (a TwC week-long event seeking to increase Security and Privacy perception; every day of the week has a different audience target). Our agenda featured lively presentations on the latest developments in information security from Microsoft leaders and external security researcher luminaries. NSAT Scores and attendee testimonials were truly phenomenal, so we are not really sure how we can go up from here which is a good problem to have! Check them out:
The BlueHat Security Forum allows me to build a valued relationship with Microsoft
The information discussed in this meeting will contribute to my company’s future technology plan
My relationship with Microsoft has improved or been strengthened as a result of the BlueHat Security Forum
Considering all aspects, I am satisfied with this BlueHat Security Forum meeting
· The BlueHat forum in Buenos Aires was a very interesting event, with many good talks, and it gave me the opportunity to meet/see again/exchange ideas with interesting people: the organizers of ekoparty (Argentina), H2HC (Brazil) and of course the staff from MSRC (in particular Damian Hasse). – Carlos Sarruate, CORElabs
· Very interesting topics; very interesting audience. Bring BlueHat to more places outside the US. – Anchises de Paula, iDefense
· Do it for 2days! – Domingo Montanaro, iSight
· Create more BlueHats in other locations (like Brazil) and increase the frequency! – Rodrigo Rubira Branco, H2HC Conference Co-founder
· My objectives were to learn, interact, and talk to participants….I succeeded on these goals. – Celso Hirata, ITA
· The BlueHat Forum in Buenos Aires last week showed not only how important, but also, how strong is the security community in Latin America, especially in Argentina.
Bringing people from other countries from Latam and places all over the world is huge, not only to exposing these people to what's happening in their region, but, allowing them to see and meet people who live in a different security realty, yet, so similar to us all.
On the flip-side, these same key people from the ecosystem had the opportunity to see how strong and well established, the security community is in Latin America.
The way the conference has been structured was key to accomplish what many people have been trying to do for a while, which is to close the gap between all parts involved with information security.
As I have mentioned before on the brief blog post during the conference, I hope this is the first of many BlueHat events in Latam. Keep up the good work! ---Luiz Eduardo, yStS Conference Co-founder
Thanks to the village that made this happen. We plan to replicate this formula every spring in conjunction with the Fall BlueHat Security Briefings in Redmond from here on out.
CanSecWest is a laid back conference – with only one track, it allows an attendee to attend every presentation. In addition, it’s well known for the Pwn2Own competition, a yearly hacker standoff in which researchers get their shot at compromising devices equipped with the latest in Web browsers and operating system security mitigations. If the attacker is able to pwn (“perfect own”) the machine, they win a cash prize and a new device to take home.
This year had a special focus on mobile devices, with most of the prize money allotted to that category. Vincenzo Iozzo and Ralf Weinmann each left the competition with a brand new Apple iPhone. Even multiple problems with airport strikes and construction couldn't keep Vincenzo away.
Charlie Miller proved himself to be a true "Michael Jordan" showing up at his very own slam dunk contest by pwning a fully patched installation of Safari on a MacBook Pro. Microsoft also did not escape unscathed. Peter Vreugdenhil came, saw, and then gave our team homework by unleashing an exploit that tipped over Internet Explorer 8 on Windows 7. Kudos to Peter, and thank you for making us aware of this issue privately. We are investigating the issue and we will take appropriate steps to protect customers when the investigation is complete.
After he was finished with the Pwn2Own contest, Charlie Miller gave a great talk on the result of his extensive fuzzing. Interestingly, the fuzzer he built used only five lines of Python code. After three weeks of fuzzing, he was able to determine a couple dozen potentially exploitable bugs in different applications. Just imagine if he had used seven lines of code in his fuzzer...
Matthieu Suiche gave another great presentation on analyzing Mac OS X physical memory. All of us battling the post-lunch fatigue immediately perked up when he began his demo and ended with plain-text passwords.
Tavis Ormandy and Julien Tinnes from Google played around with the Linux and Windows kernels in their talk, organizing a party at ring 0. Luckily, we had been invited a while back, and we’re happy to say Microsoft customers are currently protected against each of the attacks they presented.
Another fascinating talk was delivered by Halvar Flake and Sebastian Porst from Germany. These Zynamics Care Bears introduced a plug-in for their products which allows investigators to crowd-source reverse engineering, helping to put defenders on better footing when dealing with new pieces of malicious code. This is a great effort and we look forward to seeing others build on the work they are putting in place today. Too bad they couldn't find a full-size Care Bear outfit.
Our Office team also attended. Tom Gallagher and David Conger gave a great presentation on how they dealt with Office specific vulnerabilities.
The work they did includes building a sandbox for less-trusted documents, and implementation of a validator for any content being loaded into the parser, and theirs was a great talk for those intending to protect word processing applications and other office productivity tools.
The conference dinner on Thursday night was also a great time to get to know people. What we first thought was a bomb scare actually ended up just being a horrible comedian on stage. But once that was done, there were a lot of great conversations to be had with people from all over the world throughout the industry. It is always helpful to get feedback from our customers as to what we are doing right and what could be improved.
As usual, we spent a lot of time talking to our partners in the research community, and we’d like to thank Dragos for setting up another great CanSecWest. See you next year, Vancouver!
Cheers, Maarten and Dustin