Microsoft accidentally published a test update to Windows Update today. A few users posted details of the updates with long gibberish names to a Microsoft Community thread and many grew concerned that Windows Update had been compromised. The update details for what appeared to be a 4.3MB language pack included:
gYxseNjwafVPfgsoHnzLblmmAxZUiOnGcchqEAEwjyxwjUIfpXfJQcdLapTmFaqHGCFsdvpLarmPJLOZYMEILGNIPwNOgEazuBVJcyVjBRL
Download size: 4.3 MB
You may need to restart your computer for this update to take effect.
Update type: Important
qQMphgyOoFUxFLfNprOUQpHS
More information:
https://hckSLpGtvi.PguhWDz.fuVOl.gov
https://jNt.JFnFA.Jigf.xnzMQAFnZ.eduHelp and Support:
https://IIKaR.ktBDARxd.plepVV.PGetGeG.lfIYQIHCN.mil
The odd URLs certainly seem unusual for updates from Microsoft. Another user posted the details of an update that they saw today:
SjXyXBBRruIsrRKigWTXppLlWhbqTNMZkKHYPfZiADgDWElHqxZxcjUjWuUssdmOYHZsOWybEUZjzNVTpnpTfNlJlkbHObmKv
Размер загрузки: 4,3 МБ
Чтобы обновление вступило в силу, может потребоваться перезапуск компьютера.
Способ обновления: Важное
qQMphgyOoFUxFLfNprOUQpHS
Дополнительные сведения:
https://hckSLpGtvi.PguhWDz.fuVOl.gov
https://jNt.JFnFA.Jigf.xnzMQAFnZ.eduСправка и поддержка:
http://qPhnIf.CrSNYrve.tZjjsLk.iJw.QFPVvoE.LoKj.svQSjg.feOXkVeoJ.gov
The initial thread was created at 6:04 AM and it was not until 11:50 that the first official answer from Redmond seemed to come through a ZDNet article. The answer: A human mistake.
A spokesperson said that the company had “incorrectly published a test update” and is in the process of removing it.
The updates appear to have been published for Windows 7 only and a WSUS server could pick up the bad update if it synced in the window of time that the bad updates were live. If this happened to you, you may decline the update in WSUS to keep the rest of your organization from seeing the update. There has been one report that installing the update causes Explorer.exe to repeatedly crash.
This is certainly alarming to see a core component of Microsoft’s infrastructure become the victim of a an accident, let alone the initially thought compromise. If capable, the attackers would be able to reach hundreds of millions of devices. Signed updates from Microsoft help prevent this scenario from happening but it does not mean it’s not a first irrational fear as your stomach drops out from under you.
A known test update is better than an explanation never given. We’ll assume a Microsoft employee is in a little hot water for the ruckus they have caused today. Beyond the quoted spokesperson referenced in articles, I have been unable to find an official response from Microsoft posted anywhere with any authority. Given the Internet’s attention span and the company’s closed approach, this will likely be the last we hear of this issue unless it happens again.