warning: MS WinUpdate kb info link rerouted

… just reported that on Technet:
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/0c6dcf5a-f460-4a15-a773-adcefd94e16a

just went through a couple of updates on W7/64 and after rebooting and reviewing what was installed, I just clicked on a link related to kb2505438, so hxxp://support.micrososft.com/kb/2505438 and I got rerouted, in Google Chrome to hxxp://hus.parkingspa.com/hc3.asp

…same in Internet Explorer, same in Firefox. In Firefox I noticed that for the page to be displayed, I had to allow a script called… note the spelling… micrososft.com .

here’s a screen shot of the bad site

Look at the link you posted…support.micrososft

Where did the link come from?

At best, it is a typosquatter

The true link:

http://support.microsoft.com/kb/2505438

the link got copied and pasted directly from Windows Update panel ;D

see screenshot from WinUpdate

@spg SCOTT anyway there’s no rerouting, the bad link comes directly from the Windows Update info panel in Windows. Lol I didn’t notice, but I saw the script in Firefox, as mentioned in my first post, with the wrong MS spelling.

Was just going to ask that ;D

Yeah, looks like they made a mistake in typing out the link…but of a D’oh moment ;D

On the flip side…
http://www.mywot.com/en/scorecard/hus.parkingspa.com%2Fhc3.asp

Not a smart mistake to make, if there ever was one…

Warning comes from WOT but no warning from avast unless the main site isn’t harmful ???

Couldn’t resist:
http://spgscott.wordpress.com/2011/03/08/microsoft-update-kb2505438-typo-link-to-a-typosquatting-malware-site/

;D ;D

The site should definitely be looked at by avast at least

I could swear that I already reported the same issue on Technet a long time ago…

Long time ago? about the same time you posted here. I’m confused ???

… you’re kidding ??? I meant several months ago… and no I’m not that old :smiley:

okay I reported on Technet today, and I think I already did for a similar problem in the past.

Oh…ok, I misunderstood…don’t really know what I read into that…thought you meant the technet post, in the OP was not recent. :-[

no problem :wink:

I just tried this on my Windows 7 system and the link goes to:
Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/kb/2505438

yeah Yokenny I figured that in the meantime ;D but interesting though that your Windows Update shows the link properly typed.

good that you posted it. Doesn’t seem to be the case from everywhere though, Yokenny for instance doesn’t have the bad link on his system.

I googled a bit and have seen one page from this morning.

I did see a thread on sevenforums and I think someone said that they were in the process of sorting it…but now I can’t get to the thread, so I can’t confirm it.

That said, I do have a comment on the blog saying basically that the link was updated.

Oddly, I don’t even have the update yet…
Okay, checked again, and it’s there. Link is correct also.

okay I’m in the middle of a full scan with Avast (unrelated to the thread here)… when it’s done I’ll just remove the update and re-install. The bad link is saved locally here and there’s no way to update this alone. This will probably be corrected when I do the update again.

that was riduculous, as of f****** course the link would remain in Windows Update history, saved locally at the time of the first update. Anyway a new install of the same KB still brings the same bad infolink associated with it. Better to just forget about that ::slight_smile:

Microsoft in Windows Update spell-check shoker
http://nakedsecurity.sophos.com/2011/03/09/microsoft-in-windows-update-spell-check-shocker/