Could a grey hat create a self propagating but non-ransoming variant that inoculated target machines against its more malicious brethren? Seems like something a state actor might want to do.
When the vendor does that, everyone complains about forced updates. And the vendor's patch is likely to be better than a grey-hat hack, by virtue of having perfect knowledge of the systems they're patching.
Yeah then some bugs in your code or unplanned set of conditions amongst the bazillion xp computers out there lead your code to kill someone by failure of some critical NHS equipment, or worse, to lose a lot of money!
"but I meant good "is totally going to save you then.
You mean bundle and forcefully install MS patches? This would require reboot which AFAIK can't be done without user's action (if not using undocumented APIs).
> You mean bundle and forcefully install MS patches? This would require reboot which AFAIK can't be done without user's action (if not using undocumented APIs).
Considering you're using a vulnerability to forcefully inoculate systems, and you gained admin if not Ring0 privileges, you could trivially "reboot" the box by just crashing it, no APIs required. You could even be nice and check if there are applications with open files, or schedule it only when the user has been idle for a while, and only do it during the usual hours of inactivity (Windows 10 even has a control panel section to choose them).
Or, you could just open a dialog box, masquerade as a legitimate update and ask for user consent. You are an important security update after all, just a fairly unconventional one.
