funsec mailing list archives
Re: The Windows Update DDoS attack
From: "Alex Shipp \(elist\)" <elist-alex () starlabs net>
Date: Wed, 30 May 2007 11:51:33 +0100
I had this problem, and when I goggled it found lots of other people seemed to be having the same. Someone I contacted that day also said his PC had seized up, and when I talked him through it, his PC had the same problems too. My plan next month is to make sure my PC is online overnight so the patches install when I don't need my box. ----- Original Message ----- From: "Dennis Henderson" <hendomatic () gmail com> To: <rms () computerbytesman com> Cc: "FunSec [List]" <funsec () linuxbox org> Sent: Tuesday, May 29, 2007 2:56 PM Subject: Re: [funsec] The Windows Update DDoS attack On 5/28/07, rms () computerbytesman com <rms () computerbytesman com> wrote:
This Windows Update problem showed up my computer about a month ago. A few minutes after a reboot, I saw a svchost process suddenly start consuming almost 100% of the CPU. I couldn't do anything on the system for about 20 minutes. CTRL-ALT-DEL didn't even work. Extremely annoying. Did anyone else run into this problem? I'm curious how common the problem was. Richard
Yes I has this same issue on a dual core AMD box. I ended pulling the windows update service out of the svchost and rehosting it under its own svchost. It would go 100% CPU and leak tons of memory(at one point I saw it over 400 meg). I cound just then kill that one svchost and restart it without crashing the whole box. The rest of my machines are Intel and they didnt seem to have the issue to the same degree. It drove me nuts for about 2 weeks as I thought the box might have been pnwed.. Once the patch was rolled, things have been much better. Dennis -------------------------------------------------------------------------------- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The Windows Update DDoS attack rms (May 28)
- Re: The Windows Update DDoS attack Dennis Henderson (May 29)
- Re: The Windows Update DDoS attack Alex Shipp (elist) (May 30)
- Re: The Windows Update DDoS attack Jordan Wiens (May 30)
- Re: The Windows Update DDoS attack Dennis Henderson (May 29)