Windows Secrets contacted eWEEK and Microsoft Watch earlier this afternoon about the discovery. Tomorrow, Windows Secrets' Scott Dunn will report that Windows Update has started "altering files on users' systems without displaying any dialog box to request permission. The only altered files that have been reported to date are 18 small executables used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC."More info at Microsoft Watch.
The stealth updates do not appear to affect PCs using WSUS (Windows Server Update Services) the same way as those using Microsoft Update/Windows Update. Typically, Windows would give some notification before installing updates and, presumably, install nothing if Windows Update is disabled. But, in testing, Dunn found that Microsoft was updating Windows XP and Vista systems even when automatic updating is disabled.
"Microsoft is bypassing the normal automatic update control," Dunn told me this afternoon. "The problem is that users don't know that."
"From the perspective of businesses, it isn't a good thing," said Andrew Jaquith, Yankee Group program manager for Security Research. "Silent updates are probably against corporate policy and will definitely mess up whitelisting programs if those are installed."
Microsoft installs updates without user consent
Posted on Friday, September 14 2007 @ 14:58 CEST by Thomas De Maesschalck