Report Says Microsoft Engaging in 'Stealth Patching'
Microsoft once again appears to be stepping over the line. Reports yesterday
say Redmond is patching files on users' Windows XP and Windows Vista machines
without
first notifying them. Microsoft has been able to do this even when users
have switched off Windows' auto update capability.
One of the dangers here, of course, is that many companies' IT departments
need to test updates of any kind before they can be deployed. Not good.
Apparently, according
to Scott Dunn who reported this in the Sept. 13 issue of the Windows Secrets
newsletter (http://www.windowssecrets.com),
Windows Update started changing files on users' systems without showing a dialog
box that requests users' permission to do so. So far, the only altered files
reported are about 18 smaller executables that are used by the Windows Update
(WU).
According to the newsletter, the only attempt at an explanation from Microsoft
about this can be seen on a Microsoft Community Forum site offered by a user
called "Dean-Dean." In a post, Dean-Dean stated:
"Windows Update Software 7.0.6000.381 is an update to Windows Update
itself. It is an update for both Windows XP and Windows Vista. Unless the
update is installed, Windows Update won't work, at least in terms of searching
for further updates. Normal use of Windows Update, in other words, is blocked
until this update is installed."
Not exactly a clear explanation of why Microsoft would engage in this sort
of undercover practice. What has made some people apprehensive about this is
how Microsoft could use this method of "stealth patching" in the future.
Posted by Ed Scannell on September 13, 2007