Saturday, January 23, 2010
A quirk in the Windows Update process on Vista: another vulnerability?
I noticed a little vulnerability in the Windows Update procedure for Vista this morning. While I walked away from the computer, it installed a Cumulative Security Update, and restarted the machine. But after the Step 3 of the configuration process and restart, it brought up all the Internet windows that had been open before. In the meantime, it takes Webroot Spysweeper up to a minute to reload, while Windows Security Center says that the computer is not protected.
The websites open were MSN Dell and Google, so I don’t think there could have been any harm. But there is a slight chance that had the computer had a riskier and less known website open, that during that minute that it took Webroot to reload, infection could have occurred.
The automated reboot process should not re-open Internet Explorer and other browser windows that were open before. The user should open them manually after security is reloaded.