Windows Update Not Compromised
“We incorrectly published a test update and are in the process of removing it,” a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.
The explanation came more than 12 hours after people around the world began receiving the software bulletin through the official Windows Update, raising widespread speculation that Microsoft’s automatic patching mechanism was broken or, worse, had been compromised to attack end users. Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out.
I first heard about this when one of my programming professors was discussing the matter with the technician who keeps all of the computers in the lab up to date, and I had to pause to think about it. It isn’t something I’ve thought about before, but Windows Update is quite a target for a hacker – if you can get some of your own code in there, within a few days you could easily have the largest botnet on the planet. Scary.