Microsoft is distributing security patches through insecure HTTP links


The Microsoft Update Catalog uses insecure HTTP links – not HTTPS links – on the download buttons, so patches you download from the Update Catalog are subject to all of the security problems that dog HTTP links, including man-in-the-middle attacks.

Security researcher Stefan Kanthak, writing on Seclist’s Bugtraq mailing list, elaborates:

Even if you browse the “Microsoft Update Catalog” via the HTTPS link,  ALL download links published there use HTTP, not HTTPS!

That’s trustworthy computing … the Microsoft way!

Despite numerous mails sent to <secure () microsoft com> in the last years, and numerous repli…
Computerworld Operating Systems

Pavlos Papadopoulos

Gadget Rumors

Gadget Rumours is Addicted to Technology News, Coolest Gadgets, Latest Rumors, Smart phones News, Android and iOS Latest Apps and News, Computer and Software News, .

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: