The flip side of update rollbacks
Thursday, April 26, 2018
Our readers are well informed about the need to install updates. But many users refrain from installing them, fearing the consequences. Indeed, things happen! That's why Microsoft allows updates to be rolled back—i.e., updated system files can be restored to their previous state.
Users can do this in several ways—via the Control Panel and the Update Log or via the command line.
To remove updates manually, run the command line as an administrator. You can do this by right-clicking on the Start button and then selecting Command Prompt (Admin).
To begin, let's check what updates are installed to your system. Enter the command wmic qfe list brief /format:table, and press Enter.
Select the update that you want to roll back by entering the command wusa /uninstall /kb:ID, where ID is the number of the update. For example, wusa /uninstall /kb:4022405. If you want to remove the update, automatically confirm this action, and, if necessary, automatically restart the computer, by entering the following command: wusa /uninstall /kb:ID /quiet /forcerestart.
And now let’s talk about the flip side of this option. If you can pull off such a trick, cybercriminals can, too. Here is a recent incident connected with Android:
Researchers have found that criminals can roll back an operating system to older versions, which are vulnerable to various security exploits.
For clarity, the researchers conducted an experiment on Samsung Galaxy S7, Huawei Mate 9, Google Nexus 5, and Google Nexus 6 devices. They replaced updated versions of the Widevine plugin with an older version that was vulnerable to CVE-2015-6639.
As a result, attackers will be able to embed malware using whatever method suits them into the specific applications they are targeting.
#security_updates #Windows #АndroidThe Anti-virus Times recommends
- Do not use a system administrator account. If you are working under an account with limited privileges, it is impossible for you to run commands that require administrator permissions.
- Use the Windows Startup Control Panel—it won't let any program launch itself invisibly.
- And, of course, you need an anti-virus. It will not allow an attacker to "carry" and embed malicious software into your system.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
01:27:03 2018-07-29
vasvet
08:25:14 2018-07-06