Microsoft installs updates without user consent

Posted on Friday, Sep 14 2007 @ 14:58 CEST by Thomas De Maesschalck
Several websites report Microsoft is secretly installing updates on Windows systems without the users' consent:
Windows Secrets contacted eWEEK and Microsoft Watch earlier this afternoon about the discovery. Tomorrow, Windows Secrets' Scott Dunn will report that Windows Update has started "altering files on users' systems without displaying any dialog box to request permission. The only altered files that have been reported to date are 18 small executables used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC."

The stealth updates do not appear to affect PCs using WSUS (Windows Server Update Services) the same way as those using Microsoft Update/Windows Update. Typically, Windows would give some notification before installing updates and, presumably, install nothing if Windows Update is disabled. But, in testing, Dunn found that Microsoft was updating Windows XP and Vista systems even when automatic updating is disabled.

"Microsoft is bypassing the normal automatic update control," Dunn told me this afternoon. "The problem is that users don't know that."

"From the perspective of businesses, it isn't a good thing," said Andrew Jaquith, Yankee Group program manager for Security Research. "Silent updates are probably against corporate policy and will definitely mess up whitelisting programs if those are installed."
More info at Microsoft Watch.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments