Microsoft’s relatively quick response to the WMF fiasco may have been a bit too quick. In the midst of a debate at Ars Technica over Microsoft’s personal-best performance in handling the WMF exploit, a few quiet voices popped up. Zakharov:
Is it me or was that patch distributed with some kind of hidden higher priority? I normally leave windows auto-update set to notify me when patches are downloaded for manual installation but the WMF patch took matters into its own hands and installed itself with a reboot.
According to Microsoft’s documentation for Automatic Update, that shouldn’t happen to an Administrative user: “If you are an administrator for your computer, you can delay the restart; otherwise, Windows warns you and then restarts your computer for you. Make sure you save your work and remind other users to save their work, especially before scheduled installation times.”
After Zakharov’s comment, one of our techs concurred. He noticed that one of our XP laptops that was set to simply download updates had restarted… And had the patch.
Meanwhile, astrashe, another Ars Technica member agreed with Zakharov:
I noticed the same thing. I got a message saying the patch had been installed, and that my machine had rebooted.
You may well ask, “What’s the problem? You got protected, didn’t you?”
Quite true. However, it’s one thing for your neighbor to knock on your door, then wait for an invitation to enter. It is quite another for your neighbor to barge in and start moving furniture while you’re entertaining guests at your pool party. And it’s especially troublesome when your neighbor walks in uninvited, using the keys you trusted him to use only when authorized.
We were frankly astounded that Microsoft might be so bold. Back at Ars Technica, mmondok reported:
It’s funny that you guys should mention the reboot as I think it may have also happened to two of my PCs as well. I never log out or turn off my computer, but both were logged out and I had the “your PC has been updated” blob show up when I logged back into the machines.
I just figured it was a strange coincidence. I can’t verify that it was the updates that did it, but it sure sounds like it.
Can Microsoft take over your computer without your permission? Obviously. But would they? While we would like to think Redmond will always do the right thing, there’s a certain blogger in China who might not share that opinion. When China told Microsoft to pull the plug on the poor wretch’s blog, the company shut him down.
Update 11 January 2006: Microsoft says Windows Automatic Update worked just like always. As several user comments below indicate, this is cold comfort to those have successfully negotiated prior updates.
Update 12 January 2006: Several press reports have mischaracterized the contents of this article. Please read it carefully, along with the comments, pro and con, before drawing your own conclusions. The vast majority of Windows users had no problems updating. Having said that, it’s obvious that Windows Automatic Update has caused plenty of grief for many. (To get better control of the beast, see How To Disable Reboot After Windows Automatic Update.)
- had your system set to download updates or notify you before automatic updating, but;
- Windows Automatic Update downloaded and installed the WMF patch (912919) without your permission…
…post a comment below, along with your thoughts. Microsoft will undoubtedly appreciate your input. Just like always.
Email Battles Backgrounder: