Important Notices & Announcements

Scheduled Third Party LNP Black Out Dates #20171007002

Monday, October 16, 2017 through Sunday, October 22, 2017

Scheduled Third Party Maintenance #20171007001

Sunday, October 8, 2017 between 1:00 am - 6:00 AM EDT

Planned Maintenance Notice #20161113001

Sunday, November 13th, 2016 between 3:00 AM - 6:00 AM EDT
Wednesday, 26 October 2016 15:08

Microsoft OneDrive Update Pop-up is it REAL or BOGUS?

Rate this item
(1 Vote)

Today on one of our Windows 10 Pro machines there was a "pop-up".

When "Update OneDrive" is clicked, the download prompt is as below.

The problem is the origin of the file: https://oneclient.sfx.ms

sfx.ms IS a domain registered to the Microsoft Corporation - GOOD

oneclient.sfx.ms is obviously a sub-domain of a legitimate Microsoft domain. - GOOD

This is where things get strange.

oneclient.sfx.ms is hosted on a server in Mazowieckie, Poland (PL) - QUESTIONABLE

Follow this link to see for yourself: http://www.herdprotect.com/domain-oneclient.sfx.ms.aspx

If you enter https://oneclient.sfx.ms into your browser's address bar or simply click the link provided, you're immediately redirected to: https://onedrive.live.com/about/en-us/ which is very much a well known legit site controlled by Microsoft.

The thing is... ANYONE can redirect a website to any other site. For this article, we created:

http://redirect-example.jjcom.com

If you click the above link it will open a new browser tab/window and redirect you to https://onedrive.live.com/about/en-us/. This is just to show how simple it is to do by ANYONE.

Ok. Let's, for the sake of argument, say we're just being paranoid.

(In our opinion, it is "Always better to be safe aka paranoid, than Sorry".)

The next unusual thing is the SSL certificate that  https://oneclient.sfx.ms is using. It is a "wild-card certificate". There are many legit uses for this type of certificate. Personally, I have never seen or heard of Microsoft using a wild-card certificate for a site that the general internet is supposed to access.

It is difficult to see the SSL certificate details in a regular browser because the redirect happens to fast. Here is a link to a third party website the exposes the details of the wild-card SSL cert. https://www.sslshopper.com/ssl-checker.html#hostname=oneclient.sfx.ms This information is available to anyone accessing any SSL website.

After some basic "googling" for confirmation on the legitimacy of https://oneclient.sfx.ms/, we found this thread on a Microsoft legitimate site. A confirmed Microsoft employee, Sudheendra S, (confirmed by the blue and white "Microsoft" under his name) in true "Outsourced Indian Tech Support fashion" (Click the preceding link for a laugh example), evades answering the simple question: Is this "OneDrive update is required - real or bogus?"

At this time is remains unclear if this is a legitimate pop-up from Microsoft or not. Typically, OneDrive updates automatically without the requirement of "Manually Downloading" an update.

Our recommendation is that:

  1. You DO NOT ALLOW this application to run.
  2. Immediately update your antivirus software and perform a full system scan.
  3. Have your antivirus run a boot-time scan of your system as well.

Our contacts as Microsoft haven't given a straight answer as to the legitimacy of the update either. We'll update this article as we learn more.

If you have any information regarding this, please login or create an account to add your comments below.

Read 2065 times

Media

Login to post comments

Highly Qualified And Friendly Support

We provide 24/7 service and support through a combination of online help, live operators, and our On-Call Technicians that come to your site when you need us.

Look at what we do for you!

  • Manage and maintain everything
  • Unlimited local and long distance
  • Easily add remote offices and mobile workers
  • Make moves and changes online
  • Free moves, adds, changes

Tons Of Useful Built-In Features

  • Toll Free Numbers
  • Call Forwarding
  • Call Screening
  • Caller ID
  • Voicemail to Email
  • Voicemail
  • Music-on-hold
  • Conference Calls
  • Cloud based
  • Many more features...