| Author |
Topic: Windows Update page hijacked ? |
Earnest Bovine
From:
Los Angeles CA USA
|
Posted 10 Apr 2006 1:18 pm |
|
When I run Microsoft Internet Explorer, and go to Tools -> Windows Update, I supposedly go to
http://windowsupdate.microsoft.com/
telling me to change my security settings. I never had to do this before, and I've done many Windows updates. Is this on the level?
Opinions on Usenet are divided.
Here's what I see when I click Windows Update:
quote:
Windows Update is the online extension of Windows that helps you get the most out of your computer.
Windows Update uses ActiveX Controls and active scripting to display content correctly and to determine which updates apply to your computer.
Tell me about active scripting and ActiveX controls
To view and download updates for your computer, Windows Update should be listed as a Trusted Site in Internet Explorer.
To add Windows Update to the trusted sites zone:
On the Tools menu in Internet Explorer, click Internet Options.
Click the Security tab.
Click the Trusted Sites icon, and then click Sites...
Uncheck the "require server verification" checkbox.
Make sure the following URLs are listed in the Web Sites list box: [url=http://*.windowsupdate.microsoft.com]http://*.windowsupdate.microsoft.com[/url] [url=http://*.windowsupdate.com]http://*.windowsupdate.com[/url]
Note: If you need to add a URL to the Web Sites list and the Add button is disabled, contact your system administrator.
© 2003 Microsoft Corporation. All rights reserved. Terms of Use.
|
|
|
 |
Jack Stoner
From:
Kansas City, MO
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 10 Apr 2006 7:49 pm
|
|
Ernest;
Both of those URLs resolve to Microsoft.com, according to my spoofstick Firefox extension. I have seen that same notice when I turned off all ActiveX controls and functions for the Internet Explorer Internet Zone. You should be safe to add those particular URLs to your Trusted Sites Zone. It never hurts to ask, and I am into computer and website security, as some of you know or suspect.
BTW: You can check your HOSTS file to see if you have any IP hijacks happening. The file name is simply HOSTS. In Windows 98 go to C:\Windows\. In Windows 2000 it is at C:\Winnt\System32\drivers\etc\, and in Windows XP it is located in C:\Windows\System32\Drivers\etc\. Open HOSTS in notepad to read it's contents. If you ever see a line that mentions windows update or microsoft.com post it here immediately.
I have lots of details about the windows HOSTS file on my blog. There is a link to it in my signature.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices
[This message was edited by Wiz Feinberg on 10 April 2006 at 08:58 PM.] |
|
|
|
Earnest Bovine
From:
Los Angeles CA USA
|
Posted 10 Apr 2006 9:14 pm
|
|
Thanks, Wiz.
Now I can relax and get the Microsoft updates tomorrow. |
|
|
|
Earnest Bovine
From:
Los Angeles CA USA
|
Posted 11 Apr 2006 9:35 am
|
|
| I added those URLs to the Trusted Sites as instructed, but when I click Windows Update, I still get that same page. It tells me to add those Windows Update URLs to Trusted Sites even tho I have already done that. |
|
|
|
Earnest Bovine
From:
Los Angeles CA USA
|
Posted 11 Apr 2006 9:39 am
|
|
Jack Stoner suggested visiting http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
as an alternative way to get Windows Update.
When I do that, I get a page saying quote:
[Error number: 0x8DDD0001]
To continue, you must first add this website to your trusted sites in Internet Explorer.
The site cannot determine which updates apply to your computer or display those updates unless you change your security setings to allow ActiveX controls and active scripting. The best way to do this without lowering your security settings is to make this site a trusted website. Your security settings will continue to block potentially harmful ActiveX controls and scripting from other sites but you will be able to get updates.
To make this site a trusted website:
In Internet Explorer, click Tools, and then click Internet Options.
On the Security tab, click the Trusted Sites icon.
Click Sites and under Add this website to the zone, copy and paste these website addresses.
You can only add one address at a time and you must click Add after each one: [url=http://*.update.microsoft.com]http://*.update.microsoft.com[/url]
https://*.update.microsoft.com http://download.windowsupdate.com
Note: The asterisks and different addresses allow your computer to work with the site, no matter how you try to access it from your computer or the Web.
Now I have added all 4 web site addresses to my Trusted Sites, and it still won't do Windows Update. It just keeps telling me to do what I have already done.
I'm running Windows XP, and I did re-boot the PC. |
|
|
|
Earnest Bovine
From:
Los Angeles CA USA
|
Posted 11 Apr 2006 10:20 am
|
|
I found a way to run Windows Update. Unfortunately, it required me to first undo the temporary fix posted by Wiz here http://steelguitarforum.com/Forum12/HTML/002985.html
before I could do the Windows Update. In other words, I had to first re-enable active scripting before I could fix the vulnerablility that occurs when active scripting is enabled.
Now why did Microsoft lead me astray with that B.S about adding URLs to my list of Trusted Sites? |
|
|
|
