Back Door Install - Probably Not but...
Microsoft updates Windows without users' consent
http://windowssecrets.com/comp/070913
By Scott Dunn
Microsoft has begun patching files on Windows XP and Vista without users'
knowledge, even when the users have turned off auto-updates.
Many companies require testing of patches before they are widely installed, and
businesses in this situation are objecting to the stealth patching.
Files changed with no notice to users
In recent days, Windows Update (WU) started altering files on users' systems
without displaying any dialog box to request permission. The only files that
have been reportedly altered to date are nine small executables on XP and nine
on Vista that are used by WU itself. Microsoft is patching these files
silently, even if auto-updates have been disabled on a particular PC.
It's surprising that these files can be changed without the user's knowledge.
The Automatic Updates dialog box in the Control Panel can be set to prevent
updates from being installed automatically. However, with Microsoft's latest
stealth move, updates to the WU executables seem to be installed regardless of
the settings without notifying users.
When users launch Windows Update, Microsoft's online service can check the
version of its executables on the PC and update them if necessary. What's
unusual is that people are reporting changes in these files although WU wasn't
authorized to install anything.
This isn't the first time Microsoft has pushed updates out to users who prefer
to test and install their updates manually. Not long ago, another Windows
component, svchost.exe, was causing problems with Windows Update, as last
reported on June 21 in the Windows Secrets Newsletter. In that case, however,
the Windows Update site notified users that updated software had to be
installed before the patching process could proceed. This time, such a notice
never appears.
For users who elect not to have updates installed automatically, the issue of
consent is crucial. Microsoft has apparently decided, however, that it doesn't
need permission to patch Windows Updates files, even if you've set your
preferences to require it.
Microsoft provides no tech information yet
To make matters even stranger, a search on Microsoft's Web site reveals no
information at all on the stealth updates. Let's say you wished to voluntarily
download and install the new WU executable files when you were, for example,
reinstalling a system. You'd be hard-pressed to find the updated files in order
to download them. At this writing, you either get a stealth install or nothing.
A few Web forums have already started to discuss the updated files, which bear
the version number 7.0.6000.381. The only explanation found at Microsoft's site
comes from a user identified as Dean-Dean on a Microsoft Communities forum. In
reply to a question, he states:
Windows Update Software 7.0.6000.381 is an update to Windows Update itself.
It is an update for both Windows XP and Windows Vista. Unless the update is
installed, Windows Update won't work, at least in terms of searching for
further updates. Normal use of Windows Update, in other words, is blocked until
this update is installed.
Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner
Support about the update and received this short reply:
7.0.6000.381 is a consumer only release that addresses some specific issues
found after .374 was released. It will not be available via WSUS [Windows
Server Update Services]. A standalone installer and the redist will be
available soon, I will keep an eye on it and notify you when it is available.
Unfortunately, this reply does not explain why the stealth patching began with
so little information provided to customers. Nor does it provide any details on
the specific issues that the update supposedly addresses.
System logs confirm stealth installs
In his forum post, Dean-Dean names several files that are changed on XP and
Vista. The patching process updates several Windows\System32 executables (with
the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the
post.
In Vista, the following files are updated:
1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll
In XP, the following files are updated:
1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll
These files are by no means viruses, and Microsoft appears to have no malicious
intent in patching them. However, writing files to a user's PC without notice
(when auto-updating has been turned off) is behavior that's usually associated
with hacker Web sites. The question being raised in discussion forums is, Why
is Microsoft operating in this way?
How to check which version your PC has
If a system has been patched in the