Is Microsoft Update Infecting You?

UPDATED: Tens of millions of Microsoft users get their security updates from the
Microsoft Update service. But a researcher at security firm Symantec (Quote) is alleging that users could potentially get something more
than they bargained for.

A Symantec researcher said that Microsoft Update, which includes a
component called Background Intelligent Transfer Service (BITS), could
potentially be used by hackers to bypass security measures and attack users’
PCs. BITS runs in the background on a Windows PC as an asynchronous download
service for patch updates.

A Microsoft spokesperson confirmed to internetnews.com that Microsoft
is aware of public reports that BITS is being used by TrojanDownloader:Win32/Jowspry to bypass
policy-based firewalls in order to install additional malware.

According to Microsoft, the bypass relies on TrojanDownloader:Win32/Jowspry
already being present on the system; it is not an attack vector for initial
infection. The bypass most commonly occurs after a successful social-engineering attempt lures the user into inadvertently running
TrojanDownloader:Win32/Jowspry, which then utilizes BITS to download
additional malware.

Microsoft recommends that any users who believe they are affected by
TrojanDownloader:Win32/Jowspry visit Windows Live OneCare safety scanner to scan their systems, determine if they are
infected, and clean all currently known variants of this Trojan.

Using BITS to download malicious files is a clever trick because it
bypasses local firewalls, as the download is performed by Windows itself,
and does not require suspicious actions for process injection, Symantec
researcher Elia Florio wrote on the Symantec Security Response blog.

According to Florio, there is no workaround for a BITS-based attack and it is difficult to manage what should not be downloaded by BITS.

“Probably the BITS interface should be designed to be accessible only with a
higher level of privilege, or the download jobs created with BITS should be
restricted to only trusted URLs,” Florio wrote.

Though the Symantec researcher is now bringing this issue to light,
Florio said the hack community has been aware of the potential risk of BITS since it was cited as an “antifirewall loader” technique on a Russian forum at the end of 2006.

Florio’s allegation comes as Microsoft wraps up its fifth Blue Hat Security
conference. Blue Hat is Microsoft’s closed-door security conference
where the company invites security researchers up to its campus to discuss
the latest bleeding-edge security research.

According to Microsoft’s Blue
Hat Security blog, Blue Hat v5 included a number of presentations about
mobile and Web application hacking, as well as a session on how a security
researcher, “cracked the Xbox 360.”

Earlier this week Microsoft issued its monthly patch update fixing vulnerabilities in Microsoft Office,
Internet Explorer and Exchange.

This article was first published on InternetNews.com. To read the full article, click here.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020