Multiple Windows 7 users on Microsoft’s support forums on Wednesday claimed to have receive an update that suggested Microsoft’s update servers were compromised, which could have meant a disaster situation for Windows users.
Windows 7 users on Wednesday began piling on to a thread at Microsoft’s community forum with concerns an update — apparently a language pack — may be a phishing attempt or could have included malware.
The message users were delivered was that an “important” 4.3MB package was ready for installation.
According to the user who initiated the thread, the update window included URLs below support titles that suggested they would lead to a non-Microsoft website. The URLs contained a random string of characters followed by “.gov” and “.mil”, the web domains used by the US government and US military.
That user attempted to repeat the update but upon doing so discovered the “important” flag had vanished.
“After my MSE definitions updated, I repeated Windows Update. The above 'important' update did not reappear??? Did MS servers get compromised?”
The message that appeared, understandably, could be interpreted as suspicious:
Download size: 4.3 MB
You may need to restart your computer for this update to take effect.
Update type: Important
Help and Support:
Over 100 concerned forum members reported experiencing similar issues on Wednesday.
“This just happened to me on a fresh install of windows 7 enterprise. Last night I finished installing all windows updates. This morning I had this come up. Once you rescan the updater, it disappears,” one purported enterprise user wrote.
If an attacked did hijack the Windows Update process it could pose a serious problem for Windows users, given that the attack could infect a large number of unsuspecting Windows users and could also prevent them from receiving security patches from Microsoft.
The type of attack can’t be ruled out either after the discovery in 2012 that the Flame malware — believed to been US government malware developed to compromise Iranian computers — spoofed Windows updates from Microsoft. As IDG News Service noted at the time, it relied on a cryptographic collision that would have required significant skills and resources to pull off, perhaps of the type that only a government agency would have ready access to.
In this instance however it appears Windows users can relax. Microsoft told CSO Australia the incident was just a mistake.
“We incorrectly published a test update and are in the process of removing it,” a Microsoft spokesperson said.
Still, Windows users could be wondering why they were delivered a message suggesting they seek help from domains controlled by the US government and military.
Microsoft was unable to offer further details on the incident at the time of reporting, though said it would provide any additional information available for sharing.