Holy cow! One of the two monsters of the Internet is at it again. For all of our newer clients who have not followed my thought processes over the years as to the “Two Monsters” I so lovingly refer to, they are “Google” and “Microsoft”.
Microsoft has begun patching files on Windows XP and Vista without users’ knowledge, even when the users have turned off auto-updates!
In recent days, Windows Update (WU) started altering files on users’ systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.
It’s surprising that these files can be changed without the user’s knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft’s latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.
When users launch Windows Update, Microsoft’s online service can check the version of its executables on the PC and update them if necessary. What’s unusual is that people are reporting changes in these files although WU wasn’t authorized to install anything.
For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn’t need permission to patch Windows Updates files, even if you’ve set your preferences to require it.
To make matters even stranger, when I search on Microsoft’s Web site, there is no information at all on the stealth updates. Let’s say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You’d be hard-pressed to find the updated files in order to download them. As of this writing, you either get a stealth install or nothing.
Microsoft appears to have no malicious intent in patching them. However, writing files to a user’s PC without notice (when auto-updating has been turned off) is behavior that’s usually associated with hacker Web sites. The question being raised in discussion forums is, “Why is Microsoft operating in this way?”
It’s important to note that there’s seems to be nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). My biggest gripe is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.
On another note pertaining to Microsoft and their updates, Microsoft patched four vulnerabilities this month, but you’re still not entirely safe.
There’s a dangerous unpatched vulnerability, and the bad guys are actively exploiting it. Until Microsoft releases a fix for the severe vulnerability involving Visual Basic, guard your systems against files that have a .vbp (Visual Basic Project) extension.
We considered putting a server-wide block on incoming email that contained a .vbp file attachment, but taking that step would keep you from running any legitimate VB projects. So instead, I’m just sending you a MAJOR CAUTION FLAG to NOT open any attachments that may find their way to your in-box that has a .vbp extension unless you are absolutely, positively, without any shadow of a doubt, sure of who sent it to you, and that whomever sent it is free of any infections in their Visual Basic programming.
Finally… some readers last week expressed concerns about the recommended resource I referred you to (Secunia) to scan your system for outdated files, wondering about it’s safety. Let me emphasize, the scan is safe, it is free, and can take you a couple of steps further along in the “Protect Your PC and Data at All Costs” goal.
If you had problems running the scan on your system for some reason (a few select users apparently encountered errors), it may be due to you either having major system files out of date, cookies disabled, or a couple of other things that I am not going to get in to in this post. My only suggestion is, try it again, and also sign up for their software update reminder service. It too is free, and they will not spam you or sell your address to any third parties.
I ran my system through their scanners again yesterday, (only a week after updating everything the first time) and found two more outdated applications that need to be updated to prevent vulnerabilities. So again, I encourage you to bookmark their site, and make it a weekly part of your PC Maintenance to scan your system for outdated applications.
That’s it for today! Be safe, and have a great weekend.