Windows system started to update without permission
Experts have reported unusual behavior of Windows XP and Vista in recent days. Some of them, in the middle of the night on command, began to update the system files, bypassing the traditional autoupdate procedure. Moreover, the files were updated even if the automatic update function is disabled on the system. The Windows Update (WU) program took over all the authority and independently replaced nine files without any dialogue with the user.
Generally speaking, this is a very significant event. If Microsoft makes the forced update procedure standard, then we will have to review the entire security strategy for personal computers. Such a self-renewing computer can no longer be called fully controlled by its owner.
Of course, Microsoft does this for the security of the users themselves, but this attitude towards users as a flock of sheep is quite offensive. In addition, by implementing a similar procedure for global system update in a homogeneous environment, the company itself becomes a source of potential danger.
The following files were updated under the XP SP2 operating system: cdm.dll, wuapi.dll, wuauclt.exe, wuaucpl.cpl, wuaueng.dll, wucltui.dll, wups.dll, wups2.dll, wuweb.dll.
Under Vista, wuapi.dll, wuapp.exe, wuauclt.exe, wuaueng.dll, wucltux.dll, wudriver.dll, wups.dll, wups2.dll, wuwebv.dll were updated.
')
The first reports of an unusual update appeared on August 24, but on some machines the update occurred even last week.
Security experts do not hide their bewilderment. "Before we even warned in advance," - says Scott Duncan, editor of the Windows Secrets , about the unusual update of Windows. Never once did it happen that Windows did not ask the user's consent, even if it was the most critical security update.
“We don’t fully understand WU technology, but it’s obvious that this time the procedure didn’t check the Auto Update settings,” said Brian Livingston, founder of Windows Secrets. “Many companies are very sensitive to changes in their computers, and although Microsoft has not seen any attempts to inject malicious code, in which case there can be very serious reasons for concern.”
You can check the update on your system if you open the system log of the operating system. Under XP, this is done via “Start” - “Run” - eventvwr.msc.
Generally speaking, this is a very significant event. If Microsoft makes the forced update procedure standard, then we will have to review the entire security strategy for personal computers. Such a self-renewing computer can no longer be called fully controlled by its owner.
Of course, Microsoft does this for the security of the users themselves, but this attitude towards users as a flock of sheep is quite offensive. In addition, by implementing a similar procedure for global system update in a homogeneous environment, the company itself becomes a source of potential danger.
The following files were updated under the XP SP2 operating system: cdm.dll, wuapi.dll, wuauclt.exe, wuaucpl.cpl, wuaueng.dll, wucltui.dll, wups.dll, wups2.dll, wuweb.dll.
Under Vista, wuapi.dll, wuapp.exe, wuauclt.exe, wuaueng.dll, wucltux.dll, wudriver.dll, wups.dll, wups2.dll, wuwebv.dll were updated.
')
The first reports of an unusual update appeared on August 24, but on some machines the update occurred even last week.
Security experts do not hide their bewilderment. "Before we even warned in advance," - says Scott Duncan, editor of the Windows Secrets , about the unusual update of Windows. Never once did it happen that Windows did not ask the user's consent, even if it was the most critical security update.
“We don’t fully understand WU technology, but it’s obvious that this time the procedure didn’t check the Auto Update settings,” said Brian Livingston, founder of Windows Secrets. “Many companies are very sensitive to changes in their computers, and although Microsoft has not seen any attempts to inject malicious code, in which case there can be very serious reasons for concern.”
You can check the update on your system if you open the system log of the operating system. Under XP, this is done via “Start” - “Run” - eventvwr.msc.
Source: https://habr.com/ru/post/14048/
All Articles