Microsoft Updates Windows Without User Permission, Apologizes - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management
04:01 PM
Connect Directly

Microsoft Updates Windows Without User Permission, Apologizes

Over the last few weeks, without user approval, Windows Update has updated nine small executable files in both Windows XP and Windows Vista.

Microsoft has been quietly updating Windows even when users have turned off automatic updates and without notifying users, according to reports and posts on Microsoft discussion boards.

Even though the updates ended up being benign and vital to the function of Windows Updates, such a breach of trust could end up harming Microsoft's reputation.

Over the last few weeks, without user approval, Windows Update has updated nine small executable files in both Windows XP and Windows Vista. "I did not download this and my Windows Update is still not set to automatic," a poster named Engle wrote on a Microsoft discussion board. "This has got me really puzzled." Both eWeek Labs and Windows Secrets report that they have confirmed cases of Windows Update downloading and installing an update without permission.

The updates in question actually updated Windows Update's own software. If Windows Update doesn't update itself, it stops functioning properly and is not able to recognize when new updates are available, according to Microsoft.

"That result would not only fail to meet customer expectations but even worse, would lead users to believe that they were secure even though there was no installation and/or notification of upgrades," Nate Clinton, Windows Update program manger, wrote on the Windows Update team blog in response to concern about the covert file revisions.

That said, Microsoft is still offering a bit of a semi-apology. "We do recognize that we should have been clearer in our explanation of this process earlier in the game," Microsoft Windows programmer Nick White writes on the Windows Vista Team Blog.

Windows Update does not automatically update itself if automatic updates are turned off, according to Microsoft's Clinton. However, Windows Secrets reports that it found the updates downloaded and installed even under those circumstances. Even Microsoft's own reports appear to be inconsistent: Windows program manager Nick White writes on his blog that "self-updating is done regardless of whether the user has enabled automatic checking, download and/or installation of updates."

The issue only affects computers that use Windows Update. Though consumers and some small businesses use Windows Update, most large businesses do not. That means businesses who use Windows Server Update Services or a feature in Systems Management Server to update their copies of Windows won't find files on their computers suddenly altered.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll