Unprompted/Unexpected Windows Update?

[SngBrdb]

This morning, at about 8:30, windows seems to have performed some sort of update to my system in the background. My automatic updates are set to 'notify me before download and before install'... there was no prompt, no notification, but here's how it went down:

At 8:30, while surfing the net, I got the Windows File Protection popup, telling me a system file had been replaced with an unrecognized version. Of course this doesn't tell me *what* was replaced. WFP used to be disabled on my system, but SP3 re-enabled it, I'm sure. Hit cancel.

Went into my event log; found these entries:

Event Type: Information

Event Source: Application Popup

Event Category: None

Event ID: 26

Date: 8/28/2008

Time: 8:30:30 AM

Description:

Application popup: Windows File Protection : Possible reasons for this problem:

• You have inserted the wrong CD (blah blah blah)

Second Event:

Event Type: Information

Event Source: Windows Update Agent

Event Category: Installation

Event ID: 19

Date: 8/28/2008

Time: 8:30:31 AMDescription:

Installation Successful: Windows successfully installed the following update: Automatic Updates

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 57 69 6e 33 32 48 52 65 Win32HRe

0008: 73 75 6c 74 3d 30 78 30 sult=0x0

0010: 30 30 30 30 30 30 30 20 0000000

0018: 55 70 64 61 74 65 49 44 UpdateID

0020: 3d 7b 44 36 37 36 36 31 ={D67661

0028: 45 42 2d 32 34 32 33 2d EB-2423-

0030: 34 35 31 44 2d 42 46 35 451D-BF5

0038: 44 2d 31 33 31 39 39 45 D-13199E

0040: 33 37 44 46 32 38 7d 20 37DF28}

0048: 52 65 76 69 73 69 6f 6e Revision

0050: 4e 75 6d 62 65 72 3d 30 Number=0

0058: 20 00 .

The third event was me hitting cancel on the WFP popup, with this message:

Windows File Protection could not restore the system catalog file C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MW770.CAT. This file is necessary to maintain system stability. The specific error code is 0x000004c7

If I'm reading this correctly, Windows replaced one or more files on my system without notifying me (in direct violation of my settings), one of which was an updated catalog file. For whatever reason, WFP didn't recognize the new cat as a valid file, and tried to restore it.

So, basically, the only reason I even knew about this at all was because of an error with the update?! I had disabled automatic updates completely some time ago, but you can't even use the manual online updates unless both update services are set to automatic (it's not good enough just to have them running!! they *must* be automatic, or the manual update fails).

WTF??!? Microsoft tried this once before and p****d off IT everywhere, especially since the silent update broke the software! Are they doing it again?

Can anyone verify this? Anyone else have this happen to them?

Thanks!

PS: This had better not be related to http://blogs.msdn.com/wga/default.aspx!!!!

Edited August 28, 2008 by SngBrdb

[jcarle]

Calm down. It's Windows Update updating itself. If you have a legitimate version of Windows, you have nothing to worry about. And anyway, yes it's a silent and forced update, the news was published and Microsoft warned users that this would happens a month ago.

[GrofLuigi]

How Windows Update Keeps Itself Up-to-Date

Upcoming Update to Windows Update

There is no way to turn the update of windows update off, unless you turn windows update off (I hope that made sense).

Although they have beautiful and believable explanation, when you think about it, it's only a permanently open backdoor. The fact that nobody has entered through it yet, doesn't make it less creepy.

GL

[JedMeister]

I think running any updates without user confirmation (unless its specifically set to fully auto) is dodgey but I guess that's how MS run so if you wish to use their OS then that's how it goes. Whilst I understand where you are coming from jcarle, I don't think that just because MS published their intentions that it is ok to install software without specific user agreement (unless they've already implicitly given it via 'auto' setting). That is one of the defining features of malware in my books! I agree with GrofLuigi that it is a creepy MS backdoor.

My workaround is to make the transition to Linux at home. My current rig will dual/triple boot but for my new PC I will vote with my wallet and run Linux exclusively. I don't game a lot these days but any new software will either have to run on Linux (natively or WINE) or be compatible with my old sys and XP. I may consider buying Cedga (a non-free WINE fork) but I'll wait and see. I'm not sure but I reckon next time we upgrade at work the boss will seriously consider Linux for workstations too. It is becoming a great option to Windows in the workplace although I think there will always be a place for Windows in the home, especially for gamers.

[SngBrdb]

Thanks for the info, that was what I was afraid of. I usually stay on top of bits like this, but the last few weeks have been pretty busy, so this one caught me off guard. Least I know nobody snuck on to my box when I wasn't looking!

If I remember correctly, didn't Microsoft do this once before, and really mucked it up? IT who had checked "notify me before you screw with the 6,000 boxes I'm responsible for" had updates silently installed that broke Windows Update. After the silent update that nobody knew about, Windows couldn't automatically update anymore.

Seriously, you couldn't make this stuff up!

What kills me is that instead of responding to an incredible blunder with corrected behavior, MS continues to do things the same way and tries to justify its actions.

I wouldn't care, but they seem determined to herd their users down the path they pick. Like I said before, if I set the automatic update service to manual and start it before updating, I still can't manually update at the windows update site! Same if I 'turn off' automatic updates in the System properties... I can't manually update until I turn automatic updates back on. WTF?

And shouldn't MS be able to install an update without the File-Protection popup? Now I have no idea... was the update installed or not? Did WFP replace the new file with an older version? Gah!

Anyway, thanks, at least I know what it was now.

:: sigh ::

.

[jcarle]

I don't think that just because MS published their intentions that it is ok to install software without specific user agreement

If you've installed Windows, you've already agreed to this agreement. That's what the EULA is for.

[JedMeister]

I don't think that just because MS published their intentions that it is ok to install software without specific user agreement

If you've installed Windows, you've already agreed to this agreement. That's what the EULA is for.

I understand that, I just don't like it and I don't think its right. That's why I'm transitioning away from Windows.