|
|
|
|
|
|
by marshray
5122 days ago
|
|
|
The Windows Update signing requirements are, AFAICT, not documented and they do require a special chain. Whether having Microsoft in the root is special enough is another question. Regardless, it appears that a signed driver is enough to pwn any modern Windows box via USB. "The system is installing driver software for your device..." EDIT: What it most likely would work for over the network would be a man-in-the-middle attack on users who "Always trust ActiveX controls from Microsoft". Not to mention plain old impersonating websites for users of MSIE and Chrome. A scary but plausible possibility is that an attacker with such a cert could forge client certificate credentials to obtain remote access via RDP, MS Terminal Services Gateway, ISS certificate mapping, etc. |
|
|
"...Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update system..."