Saturday, January 23, 2010

A quirk in the Windows Update process on Vista: another vulnerability?


I noticed a little vulnerability in the Windows Update procedure for Vista this morning. While I walked away from the computer, it installed a Cumulative Security Update, and restarted the machine. But after the Step 3 of the configuration process and restart, it brought up all the Internet windows that had been open before. In the meantime, it takes Webroot Spysweeper up to a minute to reload, while Windows Security Center says that the computer is not protected.

The websites open were MSN Dell and Google, so I don’t think there could have been any harm. But there is a slight chance that had the computer had a riskier and less known website open, that during that minute that it took Webroot to reload, infection could have occurred.

The automated reboot process should not re-open Internet Explorer and other browser windows that were open before. The user should open them manually after security is reloaded.

1 comment:

Helen said...

This is interesting, a friend was discussing it at the local bookshop last time. I think I will check it out myself.

Thanks for sharing this post.
Helen Neely