Researchers "Microsoft updating files on user PCs without permission"

Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today. Scott Dunn, an editor at the "Windows Secrets" newsletter, said that nine files in XP and Vista -- but not the same files in each operating system […]

Microsoft Corp. has started updating files on computers running Windows XP and Vista, even when users have explicitly disabled the operating systems' automatic update feature, researchers said today.

Scott Dunn, an editor at the "Windows Secrets" newsletter, said that nine files in XP and Vista -- but not the same files in each operating system -- have been changed by Windows Update, the Microsoft update mechanism, without displaying the usual notification or permission dialog box. The files, said Dunn, are related to the XP and Vista versions of Windows Update (WU) itself.

"We started hearing from readers that Windows was modifying files in the middle of the night, even when Windows Update was turned off," Dunn said today. Some machines' event logs pinpointed Aug. 24 as the date when the invisible updates began, but on one of Dunn's personal machines, the log showed the changes taking place this week.

Full Article

UpdateMy eWEEK Labs colleague Andrew Garcia has independently confirmed a report that will appear in tomorrow's Windows Secrets newsletter: Windows Update is fetching and installing some updates without end users' consent.

Windows Secrets contacted eWEEK and Microsoft Watch earlier this afternoon about the discovery. Tomorrow, Windows Secrets' Scott Dunn will report that Windows Update has started "altering files on users' systems without displaying any dialog box to request permission. The only altered files that have been reported to date are 18 small executables used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC."

The Windows Secrets story can be found here, on September 13.

The stealth updates do not appear to affect PCs using WSUS (Windows Server Update Services) the same way as those using Microsoft Update/Windows Update. Typically, Windows would give some notification before installing updates and, presumably, install nothing if Windows Update is turned off. But, in testing, Dunn found that Microsoft was updating Windows XP and Vista systems even when automatic updating is turned off.

Full Article

Microsoft, Security Update, Microsoft Update, Windows update, Automatic Update, Windows File, PC