Windows Automatic Update file verification

  • Thread starter Thread starter Mark
  • Start date Start date
M

Mark

When using the Windows Automatic Update program, is there
any way to verify that the security patch downloaded is
indeed the one supplied by Microsoft? In other words, is
there a way to verify that I haven't been subject to a
man-in-the-middle attack when downloading patches?

Verification like this is usually done by checking that the
package is digitally signed by the source. Does Microsoft
sign it's patches? If so, how do I verify them?
 
Hi,

To answer the second question first, yet all the downloads
are signed and checked by the OS directly since they are
signed by the trusted Root. To check whether you are on
the correct site click the SSL lock in the browser, that
should pop up the detail the SSL certificate which would
show the site is genuine.

Regards,
 
Back
Top