Microsoft Pushes Windows Updates without User Permission
One of the things I always preach when it comes to security, is keeping your operating system and the software running on it up-to-date. In Windows XP and Windows Vista, you can set your OS to update itself automatically, update only after asking you, and never update at all. The thing is that some updates will be pushed through regardless of the fact that you selected the option to be informed when an update is available for installation - or at least they have been pushed recently.
The OS update options in Windows XP and Windows Vista are similar, but worded differently. In Windows XP the options are:
1. Automatic - automatically download recommended updates for my computer and install them.
2. Download updates for me, but let me choose when to install them.
3. Notify me but don’t automatically download or install them.
4. Turn off Automatic Updates.
And in Windows Vista they are:
1. Install updates automatically
2. Download updates but let me choose whether to install them.
3. Check for updates but let me choose whether to download and install them.
4. Never check for updates.
According to Windows Secrets, users that have selected option 2 or 3 noticed their Windows-based operating system installed updates regardless of the fact that they did not specifically approve this. The updates come from the June Patch Tuesday release and were installed when the user turned off or rebooted the PC.
Scott Spanbauer explains: “The forced-install behavior has been witnessed at least three times by Windows Secrets editors, but Microsoft says its procedure for Automatic Updates hasn't changed in the last 10 months. The behavior seems to occur only if a Windows user has Automatic Updates configured to "download updates but don't install them" or "notify me but don't install them." If updates are scheduled to occur automatically, with no notice to users, the silent installation of updates would be expected.”
It is not clear what has spurred stealth update push, but rumors on the web have it that the June Patch Tuesday, because it contained a very large number of fixes, has somehow overwhelmed Microsoft’s download servers. This server overload may have caused some downloads to be incomplete, and when a download is incomplete the notification icon (the yellow shield-like icon) will not be displayed, now will the approval dialog box.
To make things worse, it seems that this Microsoft knew about this bug for quite some time, as you can see from this Help and Support article.
The OS update options in Windows XP and Windows Vista are similar, but worded differently. In Windows XP the options are:
1. Automatic - automatically download recommended updates for my computer and install them.
2. Download updates for me, but let me choose when to install them.
3. Notify me but don’t automatically download or install them.
4. Turn off Automatic Updates.
And in Windows Vista they are:
1. Install updates automatically
2. Download updates but let me choose whether to install them.
3. Check for updates but let me choose whether to download and install them.
4. Never check for updates.
According to Windows Secrets, users that have selected option 2 or 3 noticed their Windows-based operating system installed updates regardless of the fact that they did not specifically approve this. The updates come from the June Patch Tuesday release and were installed when the user turned off or rebooted the PC.
Scott Spanbauer explains: “The forced-install behavior has been witnessed at least three times by Windows Secrets editors, but Microsoft says its procedure for Automatic Updates hasn't changed in the last 10 months. The behavior seems to occur only if a Windows user has Automatic Updates configured to "download updates but don't install them" or "notify me but don't install them." If updates are scheduled to occur automatically, with no notice to users, the silent installation of updates would be expected.”
It is not clear what has spurred stealth update push, but rumors on the web have it that the June Patch Tuesday, because it contained a very large number of fixes, has somehow overwhelmed Microsoft’s download servers. This server overload may have caused some downloads to be incomplete, and when a download is incomplete the notification icon (the yellow shield-like icon) will not be displayed, now will the approval dialog box.
To make things worse, it seems that this Microsoft knew about this bug for quite some time, as you can see from this Help and Support article.
