Bruce Schneier raises the question of whether this ability to force updates could be exploited by a third party. I would hope that such updates are digitally signed, so that they can only come from Microsoft, but a commenter at Schneier's blog notes that even if that is the case there is a potential vulnerability created:
There may be an attack vector, even if the updates are signed by Microsoft. The signed updates would always be silently accepted. If Microsoft ever signs an update which later turns out to be vulnerable to some attack (this has happened before with signed activeX components), an attacker could re-push this vulnerable update and introduce a known vulnerability into the target system.Another commenter notes that this feature could be used by law enforcement to install a keylogger on a machine, if Microsoft agreed to do it.
No comments:
Post a Comment