Jump to content

Microsoft update windows without users consent

Recommended Posts



I am subscribed to a tech newsletter called Windows Secrets and the info below is questionable as far as being legal, in my opinion. If Microsoft is allowed to continue performing stealth updates without the users/owners knowledge and/or consent, then what will prevent hackers & terrorists from using this as well?


Microsoft updates Windows without users' consent



By Scott Dunn


Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.


Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.




Files changed with no notice to users


In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.


It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.


When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.


This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.


For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.


Microsoft provides no tech information — yet


To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.


A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:


"Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."


Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:



"7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."


Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.


System logs confirm stealth installs


In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.


In Vista, the following files are updated:


1. wuapi.dll

2. wuapp.exe

3. wuauclt.exe

4. wuaueng.dll

5. wucltux.dll

6. wudriver.dll

7. wups.dll

8. wups2.dll

9. wuwebv.dll


In XP, the following files are updated:


1. cdm.dll

2. wuapi.dll

3. wuauclt.exe

4. wuaucpl.cpl

5. wuaueng.dll

6. wucltui.dll

7. wups.dll

8. wups2.dll

9. wuweb.dll


These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"


How to check which version your PC has


If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)


In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:





Users can also verify whether patching occurred by checking Windows' Event Log:


Step 1. In XP, click Start, Run.


Step 2. Type eventvwr.msc and press Enter.


Step 3. In the tree pane on the left, select System.


Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.


On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)


To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."


No need to roll back the updated files


Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

Edited by rickk1
Link to post
Share on other sites

it's not like you even have a choice, why doesn't M$ just flat out say that "we do what ever we want and if you don't like it, then don't install windows." It's much more simpler that way

Link to post
Share on other sites

of course you have a choice. either use windows or something else. it'll keep getting worse until people do make that chioce. it's even easier now that pc manufacturers are selling computers with alternatives to windows.

Edited by badbinary
Link to post
Share on other sites

once again, that's their problem. ignorance is not an excuse.


I think everyone has missed the point here. To me the main issue is not about the operating system but about security. If Microsoft can do this to Windows, then what or who will prevent terrorists, hackers, and other unmentioned scumbags from invading our systems without our consent and perhaps without our knowledge?


If scumbags can access Windows in this manner, has anyone else checked their linux or other operating systems? Is nothing safe anymore? Doesn't ownership of a computer and assumed ownership of your copy of windows give you the right to restrict software manufacturers, terrorists, etc from accessing your system? Where will it all end? If Microsoft claims they can always have access due to their eula agreement, then what will that do to all the millions of websites that have privacy policies and/or terms of use? Will this allow them to stealthily install software without our knowledge and/or permission legally as well? Microsoft, in my opinion, has crossed the line on this one. They've shown to the world's scumbags that nothing is safe. They've opened a can of worms.

Link to post
Share on other sites

Thanks for the post rickk1


Even though I have the Windows Update service disable, I found updates that were installed without my knowledge and therefore consent. :blink:


Usually I review, test and install updates when I am almost certain it won't cause any system issues or conflicts with other system's hardware and software.


So, Microsoft can just roam in a system and install updates or anything else without a user knowledge?

I don't think so, :boxing: at least not anymore since I blocking Microsoft websites in my firewall.


I have been reading the EULA and have not found any clause authorizing that kind of personal invasion. :geezer:

Link to post
Share on other sites



One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice? The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available. Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications. That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades. To avoid creating such a false impression, the Windows Update client is configured to automatically check for updates anytime a system uses the WU service, independent of the selected settings for handling updates (for example, “check for updates but let me choose whether to download or install them”). This has been the case since we introduced the automatic update feature in Windows XP. In fact, WU has auto-updated itself many times in the past.

Link to post
Share on other sites

Well , let me put it this way ,

Microsoft doesn`t have the right to be able to bypass my firewall,ya tell it does oh please

it`s not part of microsoft at all... so ya i own the hardware not them ..i might use windows it every now and them ,but as far as them doing an update without mine or anybodies knowladge, sorry that does fly !!!!

in fact sorry i don`t see why they wanted to hide it from anyone if this was on the up and up ,but then again your trying to tell me they can do want they want when they want ..... and ya i did read the EULA ,nope still doesn`t fly ...

i`m still trying to find out just how they got passed the firewall to do this ....

oh i will , got a good tattle tell built in just haven`t sat down to see just what ports got used by them

i can say the system was hacked..

Edited by tw2
Link to post
Share on other sites

We can probably be expecting to see a security patch comming from M$ in the near future because I suspect that the crackers have read this same article and one or more of them are working to gain access via WU as we speak

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...