Many software packages today have the ability to perform automatic selfupdates, typically via the Internet. Updates, in the form of executable files, are downloaded and then run, with the intent of "patching" an existing application. This presents a new security risk since there is no established standard for a protocol that performs the update process. This often leads developers to use proprietary schemes that have not been vetted for vulnerabilities. In this paper we analyze several software applications that have an auto-update feature. We also present two generic types of man-inthe-middle attacks that can subvert Hypertext Transfer Protocol (HTTP) downloads, which many auto-updating applications use, and show how these attacks can be tailored to exploit specific updating processes. In addition, we review some countermeasures, including Microsoft's Authenticode* technology. ยฉ 2007 Alcatel-Lucent.
spoofing, and domain name system (DNS) poisoning, can be used to exploit insecure communications. In this paper, we focus on performing man-in-the-middle attacks against such programs, specifically where the attacker resides on the victim's local area network (LAN). The results serve to emphasize the importance of LAN security. We focus on software that runs on Microsoft Windows, because it has the largest installed base of any operating system.
Automatic Updates
Automatic updates were introduced to ease the process of ensuring that a user's software packages remain current. Whether at regular intervals or upon the user's request, an auto-updating application uses a network connection to perform a check for any patches or updates that have been released since the last time the application was updated. The most common protocol used to download updates is Hypertext