Tuesday’s ‘optional’ Windows patch KB 2876229 can hijack your browser

If you were somehow possessed to install the “optional” KB 2876229 patch, make sure you uncheck the correct installer boxes, or your Internet Explorer home page will be hijacked and the default search engine changed. That’s the default behavior of this boorish Microsoft KB-numbered installer, pushed through the Windows Update chute.

Yesterday’s fourth-Tuesday patch round included a rather special patch. Identified as “Skype for Windows desktop 7.0 (KB2876229),” it’s an unchecked patch offered up for systems that don’t already have Skype installed.

While you might expect Windows Update to include, uh, Windows updates, this is a patch of a different color. If you check the box and install KB 2876229, Microsoft runs the Windows-based Skype installer. It’s the plain vanilla Skype installer, not an update or a patch.

Which might not be too bad, but the Skype installer asks if you want to make MSN your home page and if you want to make Bing your default search engine. Unless you uncheck the requisite boxes in the installer, your browser gets taken over.

Welcome to the kind of garbage you would expect to see from Oracle, which still rigs the Java installer to add the Ask toolbar and reset your search engine to Ask. AxperaMarketing (source).

Via: Info World