(adsbygoogle = window.adsbygoogle || []).push({}); Many have wondered if Microsoft has a backdoor to your system. The answer to that may not be to far from the truth. A few days ago a thread popped up about it (on another website) and It got me thinking and poking around. Microsoft themselves has said Windows 7 etc does not have back doors. However, what I am about to show you is a remote connection done everyday from your system without your knowledge. The most concerning part about all this is.... Well you will see for yourself...

The service we're talking about here is CryptSvc..

--------------------Description------------------------

Service name: CryptSvc

Description: Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Path to executable: C: \windows\system32\svchost.exe -k NetworkService

Startup type: Automatic


[ATTACH=CONFIG]25922[/ATTACH]

------------------CMD.exe Scan-------------------------

Note: Normally you cannot get this type of information without first elevating your CMD.exe to Administrator privileges. I created a log scanning at 10 second intervals. The command used shows the name of the file, ports/IP & what PID number was used.

-Command used: netstat -bo 10 > C: \netstat.txt


TCP 192.168.1.100:49175 64.4.11.42:http ESTABLISHED 1324 CryptSvc [svchost.exe]

---------------------Final Thoughts---------------------------------

As you can see this connection runs automatically as a service and has a login/password to this service. This account doesn't exist under management users/groups. If you type 64.4.11.42 in your web browser it will resolve to Microsoft. The most concerning of all this....a Crypto service connecting to a HTTP non secured unencrypted web server?? Wow Microsoft really??? Stopping this service will undoubtedly cause issues. So there you have it enjoy your potential security hole.

P.S. In Path to execute I put spaces in the C: / Because it's a smiley.
Hope You Liked The Information!