January 29, 2008

Microsoft updates Windows without users’ consent

Scott Dunn

By Scott Dunn

Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates.

Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.


Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything.

This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it.

Microsoft provides no tech information — yet

To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:

  • "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed."

Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:

  • "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available."

    where can i get cialis

Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?"

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

Users can also verify whether patching occurred by checking Windows' Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates."

No need to roll back the updated files

Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed.

I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.

Permalink • Print • Comment

January 28, 2008

Microsoft to push Office 2003 SP3 to users in February

January 28th, 2008

Posted by Mary Jo Foley

Microsoft is going to start pushing automatically to customers its Office 2003 Service Pack (SP) 3 via the Microsoft Update patching mechanism starting on February 27.

Last year, Microsoft what is cialis officials committed to giving customers a three- to six-month heads-up regarding its plan to push Office service packs using MU.

Microsoft made SP3 available to Office 2003 users via its Microsoft Downloads site on September 18, 2007. MU is one of the Microsoft patching/updating mechanisms aimed primarily at business users, and is designed to allow them to get security and other kinds of updates pushed automatically to multiple users.

Microsoft posted an update notice to the Microsoft Update Product Team blog on January 27 regarding its planned MU push:

“Today we are providing our customers a minimum of 30 days advance notice that Service Pack 3 (SP3) for Office 2003, which was made available to the public on September 18, 2007, will be distributed automatically via Microsoft Update beginning February 27, 2008. This means that those customers who have not already installed SP3 and that have chosen to receive updates automatically will start to receive the service pack as early as February 27. The distribution through MU is a gradual process and so not every customer will see the service pack on February 27.”

Microsoft is billing Office 2003 SP3 as adding “important” security enhancements, as well as improving compatibility with Windows Vista and Office 2007.

Can corporate users who still aren’t keen on having Office 2003 SP3 pushed automatically to them block or defer SP3? I’m not entirely sure and have put a question into Microsoft on that. I’ll post the answer here once I receive one.

It sounds like if you’re part of MU, SP3 is coming your way. A Microsoft spokeswoman responded to my question with the following:

“To optimize the customer experience, Microsoft recommends people update their Office 2003 applications and servers to take advantage of the improvements and new security tools available in SP3.

“MU continues to be an opt-in service and any customers wishing to remove themselves from the service can do so. That said, because of the impact this service pack has on end user security, we highly recommend that any customer who has not downloaded it does so. We also do not recommend that users opt out of MU.”

Talkback – Add your opinion

Most Recent of 12 Talkback(s)

here ya be emilys

Basically go to start, then settings, then control panel. Next you double click the automatic updates button, and choose the one that fits your needs, then apply and ok…. (Read the rest)

Print/View all Posts Posted by: Monkey_MCSE Posted on: 01/28/08 You are Logged In | Log out

Hopefully customers who aren't keen on having updates pushed to them… *NEW* PB_z   | 01/28/08
Most office users *NEW* No_Ax_to_Grind   | 01/28/08
Improvements? *NEW* aussieblnd@…   | 01/28/08
Well, if you would read something *NEW* No_Ax_to_Grind   | 01/28/08
Say no to SP3 *NEW* jsjag1   | 01/28/08
Prime example why I do not use automatic updates… *NEW* BitTwiddler   | 01/28/08
RE: Microsoft to push Office 2003 SP3 to users in February *NEW* usr31337@…   | 01/28/08
RE: Microsoft to push Office 2003 SP3 to users in February *NEW* rmichaly@…   | 01/28/08
I just reset my permissions *NEW* Keywalker4God   | 01/28/08
How do you reset permissions? *NEW* emilys222@…   | 01/28/08
here ya be emilys *NEW* Monkey_MCSE   | 01/28/08
RE: Microsoft to push Office 2003 SP3 to users in February *NEW* rmichaly@…   | 01/28/08
Permalink • Print • Comment

Resetting Your XP Password

We are all pretty lucky when we forget our password on an online Web service, wouldn't you agree? I mean, if you ever forget your password, almost all Web sites can e-mail it to you or they allow you to reset it by answering a security question. But what if you forget your password for Windows XP? It's happened to the best of us and when it does, you may think there's no way to recover it. Well, I'm happy to tell you there is a way and what is cialis used for that's what I'm going to show you today! You know, just in case it ever happens to you. Here we go!

1.) If you ever forget your password for Windows XP, you need to start your computer in Safe Mode. To do that, reboot your computer and as soon as you see your manufacturer's logo pop up, repeatedly hit the F8 key on your keyboard.

2.) Soon after, you will see this menu:

Make sure the Safe Mode option is highlighted and press Enter.

3.) When the log in screen appears, log in to your Administrator account.

4.) A dialogue box will then appear, notifying you that your computer is running in Safe Mode. Just select Yes for this one.

You may also notice that your resolution is a little distorted.

If so, that's okay. It will go back to normal after you reboot again.

5.) Next, select File, Control Panel. Then double click on the User Accounts icon, which looks like this:

6.) All of the accounts on your computer will be displayed. Go ahead and select the account you would like to remove the password from.

7.) After that, select the link.

8.) Finally, if you'd like to add a new password, you can select the link. But be sure to write this one down in a safe place, so you don't have to go through this again!

I hope you enjoy this one. It can be a real timesaver if you ever forget your Windows XP password!

Permalink • Print • Comment

January 26, 2008

Space It Out

Ever find that you need a little extra space between two paragraphs in an MS Word document?

Thinking maybe a quick way to add a 12 point space before a paragraph would be a nice little trick to have up your sleeve?

Well, to insert that extra space before a paragraph, all you have to do is simply place the cursor anywhere in the paragraph and use the Ctrl + 0 (zero) key combination.

Need the space above several paragraphs?

No problem! Just highlight all the paragraphs to be affected and again, use Ctrl + 0.

Spaces too big? Need to remove them?

Again, a very simple solution. Ctrl + 0 works as a toggle switch: once to add a space, what is cialis professional twice to remove the space.

So, just highlight the paragraph(s) affected and use the Ctrl + 0 combination to remove the extra space.

There you have it. Extra spacing with just a quick key combination!

Permalink • Print • Comment

January 24, 2008

Microsoft to push IE7 out via WSUS next month

Date: January 21st, 2008
Author: Paul Mah

Microsoft warned that it will push a new version of Internet Explorer 7 via Windows Server Update Services (WSUS) in February. Specifically, administrators who have set WSUS to automatically approve Update Rollups will need to disable the auto-approval rule before Feb. 12 to stop IE7 from being updated into their infrastructure.

As of last year, Microsoft removed the requirement of Windows Genuine Advantage (WGA) validation from an usa cialis Internet Explorer 7 installation, making it available to all Windows XP users. Microsoft explained that the move was prompted by security concerns.

Excerpt from InfoWorld:

“Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users,” said Steve Reynolds, an IE program manager, on a Microsoft company blog in early,” said Steve Reynolds, an IE program manager.

Web metrics gathered by Net Applications during December 2007 shows that IE6 accounted for 35 percent of the browsers that visited some 40,000 monitored sites.

Permalink • Print • Comment
Next Page »
Made with WordPress and an easy to customize WordPress theme • Sky Gold skin by Denis de Bernardy