Network News

X My Profile
View More Activity

Microsoft's Stealth Update Backfires for Some Users

A software update Microsoft quietly delivered to millions of PCs this summer prevents the installation of at least 80 security updates when some Windows users try to fix a problem with their computer using the software's "repair" feature, according to reports.

Microsoft has acknowledged that in July it started shipping an update to its Windows Update program. The patch was automatically installed for any Windows user who took advantage of the built-in software-update feature (including automatic update users who had selected the option to "download updates for me, but let me choose when to install them").

The story received a fair amount of attention in the tech press, with many people remarking that they had suspected all along that Microsoft would try something like this, and that such a scenario was the primary reason they had chosen not to allow automatic updates of any kind. Microsoft acknowledged that it could have handled the patch rollout more transparently, but defended its actions, saying the silent fix was meant merely to ensure that the auto-update feature worked as advertised for those who chose to use it.

Fast forward to this week, and it appears that this stealth update is coming back to haunt the company yet again. According to, the patch actually blocks certain users from downloading the latest 80 or so security updates from Microsoft. A security blogger from said he also was able to replicate the WindowsSecrets finding.

The problem apparently affects only those Windows users who have decided to fix a stability or security issue on their machine using the Windows "repair" feature, which can be accessed from the Windows installation CD. Repair essentially replaces the user's current critical Windows systems files with the original files on the Windows installation CD.

No official word yet from Microsoft on how to fix this problem, but the WindowsSecrets column includes some workarounds for users who may be affected by this bug.

By Brian Krebs  |  September 28, 2007; 10:23 AM ET
Categories:  From the Bunker , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Ships iPhone Security Updates
Next: Just How Bad Is the Storm Worm?


Hmmm. I was recently unable to repair-in-place a fairly simple busted function on my wife's computer had to do a total windows reload. (A Dell tech (sigh) and a local expert could not do it either.) I wonder if this is related.

Posted by: Dick Wexelblat | September 28, 2007 4:20 PM | Report abuse

I have not been able to install some security updates, but I also can't update or use Quicktime and Acrobat Reader. Both of these problems started at about the same time this summer. Could these problems be related to this Microsoft update issue?

Posted by: ERS | September 28, 2007 4:57 PM | Report abuse

Man the lifeboats, the M$ Gates ship be sinking. Grab your Linux life ring and jump into the ocean of freedom.


Posted by: DOUGman | September 28, 2007 9:45 PM | Report abuse

See this KB article published on 28 Sept-07:

Updates are not installed successfully from Windows Update, from Microsoft Update, or by using Automatic Updates after you repair a Windows XP installation:

Posted by: Robear Dyer, MS MVP | September 29, 2007 2:15 AM | Report abuse

I regard Windows as a malicious tool designed principally to aid the CIA in spying on people. The whole concept of Windows in my opinion is one one of secrecy, deceit, stealth back-door mechanisms built in to aid and foster personnel and industrial espionage.
I have ditched windows for Linux and would recommend people to do the same.
A simple small man outfit like PCLinuxos creates an easy to use operating system for FREE which is more secure. Why should my hard-earned wages support the CIA in their dirty work and Gates's empire building. To pay up to 500 Dollars for the latest Vista Ultimate Bullsh**t is another knife in the back of the patsy customer

Posted by: sick of USA spies | September 29, 2007 6:27 AM | Report abuse

The worst is that Microsoft has these outsourced techs in South East Asia and the world over that foul up and create more problems. I encountered the same problem and more again when MS released this validation program that did the same thing. This despite the fact I have a genuine paid for Windows XP Pro, registered and authenticated by their own system, that they maintain a record off. Not only would not the system allow to install the down loads but, the system kept repeating over and over. Finally it corrupted one too many other files and the only solution was to wipe off everything and reinstall from scratch. The best was to go ahead and reformat the hard drive. But XP Pro does not reformat the whole hard drive but in section partitions, for use and the tech did not bother to find out if my original system was not FATS, thus creating a dual partition system.

Posted by: Winemaster 2 | September 29, 2007 7:40 AM | Report abuse

Well, it's too late to close the barn door now that the cows are out. I so enjoyed re-installing Windoze last weekend!

Posted by: Keith Warner | September 29, 2007 2:56 PM | Report abuse

Well Robert, I hoped that by following the instructions on the MS Help and Support page to which you provided a link, I should finally succeed in installing the security update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366). But no joy ; just as a thousand times before, downloading the programme is no problem, but when I try to install it, I get a failure notice. And despite the fact that Microsoft claims that service for update problems is freely available, I've never managed to click myself to a place from which I can send a query on the matter to Microsoft. So can it go ! Just not to leave out any information which might be relevant, the setup on which I've been vainly attempting to install the update is running Windows XP SP2....


Posted by: M Henri Day | September 29, 2007 3:55 PM | Report abuse

Sick of:

The CIA says you need to download better porn.

Posted by: Not A Spy | October 1, 2007 12:38 PM | Report abuse

I'm having trouble with Acrobat Reader too!

Posted by: DAC | October 1, 2007 1:24 PM | Report abuse


Posted by: Dick jones | October 2, 2007 12:54 PM | Report abuse

to to to tot tot tot totot totottttot totot totot ttot ttot totot totot totot tot tot tot tot tot tot tot tot tot tot tot tot tot tot tot totot to

Posted by: Dick | October 2, 2007 12:55 PM | Report abuse

to to to tot tot tot totot totottttot totot totot ttot ttot totot totot totot tot tot tot tot tot tot tot tot tot tot tot tot tot tot tot totot to

Posted by: Dick | October 2, 2007 12:55 PM | Report abuse

Looking back, I think this may have been what caused problems for me and was the 'straw that broke the camel's back' - I downloaded and installed Kubuntu Linux and haven't looked back. For M$-Windows users who have been thinking about Linux but holding back: Just do it.

Posted by: JP | October 3, 2007 10:19 AM | Report abuse

This article
Defending yourself against Microsoft
shows how to turn off the automatic updates service, the strongest way to prevent stealth updates.

Posted by: Michael Horowitz | October 3, 2007 3:02 PM | Report abuse

Here in the wonderful world of MS XP Pro on dial-up, Microsoft added a feature recently (this summer probably) by which while it is in the process of downloading something (particularly the on-line version of the Washington Post, but nearly anything of size), it plunks a box in mid-screen saying it cannot open what it is in fact opening and is aborting the attempt. If one checks okay, it goes to its arrogant prose on how this is my fault, but if one then clicks BACK, it goes back to its uploading where it left off. Since MS believes and states it cannot find its own toes, and one day soon will fail to do so, I am glad to learn from y'all of the little guy alternative system, which one day soon I will try. Meanwhile, I humor it, then move on.

Posted by: Claris Nelson | October 3, 2007 9:16 PM | Report abuse

Uh oh, in above, by "upload," of course I meant "download." But you knew that.

Posted by: claris nelson | October 3, 2007 9:19 PM | Report abuse

Good site! I'll stay reading! Keep improving!

Posted by: George | November 10, 2007 10:22 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company