Microsoft is distributing security patches through insecure HTTP links

Click here to visit Original posting

The Microsoft Update Catalog uses insecure HTTP links – not HTTPS links – on the download buttons, so patches you download from the Update Catalog are subject to all of the security problems that dog HTTP links, including man-in-the-middle attacks.

Security researcher Stefan Kanthak, writing on Seclist’s Bugtraq mailing list, elaborates:

Even if you browse the "Microsoft Update Catalog" via the HTTPS link, ALL download links published there use HTTP, not HTTPS!
That's trustworthy computing ... the Microsoft way!
Despite numerous mails sent to <secure () microsoft com> in the last years, and numerous replies "we'll forward this to the product groups," nothing happens at all.
To read this article in full, please click here

Microsoft is distributing security patches through insecure HTTP links

Garmin launches four new dash cams to record everything that happens on the road

The best cheap iPhone is about to disappear – buy one while you still can

I’m a monster Batman fan – here’s where to stream the top movies and shows about the mysterious crimefighter this Batman Day

ICYMI: the week’s 6 biggest tech stories from the disappointing iOS 18 launch to ChatGPT messaging first being ‘fixed’