Windows downloads and installs patches on user’s systems without their consent, according to a new report by eWeek’s Microsoft Watch. The report isn’t about Windows’ built-in Automatic Updates tool, but about a Windows Update feature that apparently alters files entirely unbeknownst to end users—even when Automatic Updates is disabled.
The modified files in question are a collection of 18 executables used by Windows Update, including wuapi.dll, wuauclt.exe, and wups2.dll. "Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC," according to Scott Dunn from Windows Secrets. Both Windows XP and Windows Vista exhibit the same behavior
Besides the obvious privacy issues, the procedure can be problematic for businesses, as Yankee Group program manager Andrew Jaquith points out. "Silent updates are probably against corporate policy and will definitely mess up whitelisting programs if those are installed," Jaquith explains.