Stealthy Windows Update
In his blog on ZDNet.com, Adrian Kingsley-Hughes has a report about a stealthy Windows Update. And apparently Mircrosoft has responded to his inquiry and confirmed. Despite the fact that the Automatic Updates service is set to not download or even install updates automatically, the updater does still download and install updates for the Automatic Updates service itself.
Some contributors to discussions actually question the legality of this action. No matter whether this is actually true or not, not even getting to the question of enforcing this law, Microsoft definitely ruins trust of industrial customers. Imagine your running systems in critical infrastructure and spent a whole lot of effort on patch management. The report doesn’t quite say anything about how it behaves in configurations with an intermediate WSUS server but no matter what, even if this time it wouldn’t affect those configurations, if Microsoft ignores customer configurations without notice once, you may not want to trust them to do it in all other occasions either. For Microsoft clients who are legally required to perform strict change management and not perform any modifications without prior site acceptance tests, this may lead to liability charges.