OS9USER Newsroom
TOP STORIES




#BREAKING : Alleged plot to kidnap and potentially kill Michigan Governor Gretchen Whitmer and overthrow the state government




LIVE COVERAGE
Amy Coney Barrett's Supreme Court confirmation hearings | Day 3



Windows 10 October 2020 Update
5 biggest changes



Fox Host Confronts Trump On Existence Of UFOs



North Korea unveils 'monster' intercontinental missile


OS9USER NEWS ROOM News Map

GRAB a Copy of OS9USER Newsroom Map For Your Website


Apple to release four new iPhones



Apple Top Free Apps





CLASSIFIED REPORT

Leaking Classified NSA Information



Billie Winner-Davis, Reality Winner's mother, told Business Insider on Tuesday that President Donald Trump's former lawyer, Michael Cohen, is attempting legal representation to aid the former Air Force language analyst contractor and Kingsville native Reality Winner with her case.

Winner pleaded guilty in 2018 to leaking classified National Security Agency information on Russia's alleged efforts to interfere with the 2016 election. She was found guilty of violating the U.S. Espionage Act and sentenced to five years in prison at the Federal Medical Center-Carswell in Fort Worth, Texas.

In 2016 following her separation from six years of active duty, Winner was hired by Pluribus International Corporation under an NSA contract to work out of Fort Gordon, Georgia.

According to ABC News, Winner printed a classified report detailing how Russian hackers allegedly “executed cyber espionage operations” on local election systems and mailed the documents to The Intercept.

She was arrested on June 3, 2017.


Michael Cohen, who pleaded guilty to campaign violations and tax fraud in 2018, began serving his sentence in May 2019 at the federal penitentiary in Otisville, New York.

He has been under house arrest since July over coronavirus concerns.

Military.com stated that Reality’s mother sent a Twitter message that said “Cohen has asked another attorney to look at the case and for opportunities to help.”



Announcements

We encourage anyone to reach out to discuss potential news stories that may be in the public interest. You can reach us via email or by phone at 603-483-3900 with the understanding that the information you provide might be used in our
LIVE broadcasts or other stories.

Grab our Feed



September 13, 2007




Microsoft has begun patching files on Windows XP and Vista without users knowledge, even when the users have turned off auto updates.



Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching.


Files changed with no notice to users

In recent days, Windows Update (WU) started altering files on users systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are
nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

It is surprising that these files can be cha
nged without the users knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings without notifying users.

When users launch Windows Update, Microsofts online service can check the version of its executables on the PC and update them if necessary. What is unusual is that people are reporting changes in these files although WU was not authorized to install anything.

This is not the first time Microsoft has pushed updates out to users who prefer to test and install their updates ma
nually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears.

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it does not need permission to patch Windows Updates files, even if you have set your preferences to require it.



Microsoft provides no tech information (yet)

To make matters even stranger, a search on Mic
rosoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing.

A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsofts site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states:

  • Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update will no't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed.
Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply:

  • 7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available.
Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the specific issues that the update supposedly addresses.

System logs confirm stealth installs

In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates sev
eral Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post.

To see if your computer has received the updates just head on over to the Windows\System32 folder and look for one of the affected files listed below. You should see the date that the file was modified (probably around August 24th), and the version number should be 7.0.6000.381



In Vista, the following files are updated:

1. wuapi.dll
2. wuapp.exe
3. wuauclt.exe
4. wuaueng.dll
5. wucltux.dll
6. wudriver.dll
7. wups.dll
8. wups2.dll
9. wuwebv.dll

In XP, the following files are updated:

1. cdm.dll
2. wuapi.dll
3. wuauclt.exe
4. wuaucpl.cpl
5. wuaueng.dll
6. wucltui.dll
7. wups.dll
8. wups2.dll
9. wuweb.dll

These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a users PC without notice (when auto updating has been turned off) is behavior that is usually associated with hacker Web sites. The question being raised in discussion forums is, Why is Microsoft operating in this way?

How to check which version your PC has

If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.)

In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders:

c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll
c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll

Users can also verify whether patching occurred by checking Windows Event Log:

Step 1. In XP, click Start, Run.

Step 2. Type eventvwr.msc and press Enter.

Step 3. In the tree pane on the left, select System.

Step 4. The right pane displays events and several details about them. Event types such as Installation are labeled in the Category column. Windows Update Agent is the event typically listed in the Source column for system patches.

On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.)

To investigate further, you can open the Event Logs properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsofts Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, Installation Successful: Windows successfully installed the following update: Automatic Updates.

Windows Secrets plans to offer more details tomorrow on its Web site and to subscribers via its normal email channel.

I spent about an hour this afternoon reading various forum posts about the 7.0.6000.381 update. They varied from people finding the update installed without consent to WSUS not updating some systems to version 7.0.6000.381.

Another concern is privacy. Do the stealth installations violate the Windows EULA (end user license agreement) or Microsofts privacy policy? I took a look at the Windows Vista version of both documents this afternoon. The Vista EULA is a 14-page document. A search for terms 'update' or 'consent' revealed no place where I could see that users explicitly give permission to Microsoft to download and apply updates without consent.

The Windows Vista Privacy Statement states:

'To make Windows Vista work better with the Internet, some features that do not collect personal information are turned on by default. You can choose to disable these features. For details about the information collection, uses, and choice provided by a specific feature or related product or service, please click on the link provided in the list on the right.'

Windows Update is not in that list, but it is in another. But I found nothing in the Windows Update Privacy Statement explicitly giving permission to update without end user consent.

I definately keep you up to date on this news breaking story. Watch for updates, we will be moving this story to the front page for the next few days. - OS9USER

(My projects can wait a few more days)

Labels:




Anonymous Anonymous posted on 5:56 PM, September 13, 2007

There have been some questions raised about how we service the Windows Update components and concerns expressed about software installing silently. I want to clarify the issue so that everyone can better understand why the self-updating of Windows Update acts the way it does.

So first some background: Windows Update is designed to help our consumer and small business customers (customers without an IT staff) keep their systems up-to-date. To do this, Windows Update provides different updating options: 1) Install updates automatically, 2) Download updates but let me choose whether to install them, 3) Check for updates but let me choose whether to download and install them, and 4) Never check for updates. Our goal is to automate the process wherever possible so that we can increase the likelihood of a system being secure and up-to-date, while giving customers the flexibility to control how and whether updates are installed. The reasons for this are both philosophical and practical. Philosophically, Microsoft believes that users should remain in control of their computer experience. Practically, customers have told us that they want to have time to evaluate our updates before they install them. That said, and to the benefit of both customers and the IT ecosystem, most customers choose to automate the updating experience.

So what is happening here? Windows Update is a service that primarily delivers updates to Windows. To ensure on-going service reliability and operation, we must also update and enhance the Windows Update service itself, including its client side software. These upgrades are important if we are to maintain the quality of the service.

Of course, for enterprise customers who use Windows Server Update Services (WSUS) or Systems Management Server (SMS), all updating (including the WU client) is controlled by the network administrator, who has authority over the download and install experience.

One question we have been asked is why do we update the client code for Windows Update automatically if the customer did not opt into automatically installing updates without further notice? The answer is simple: any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available. Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications. That result would not only fail to meet customer expectations but even worse, that result would lead users to believe that they were secure even though there was no installation and/or notification of upgrades. To avoid creating such a false impression, the Windows Update client is configured to automatically check for updates anytime a system uses the WU service, independent of the selected settings for handling updates (for example, “check for updates but let me choose whether to download or install them”). This has been the case since we introduced the automatic update feature in Windows XP. In fact, WU has auto-updated itself many times in the past.

The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself. This is helpful and important feedback, and we are now looking at the best way to clarify WU’s behavior to customers so that they can more clearly understand how WU works. At the same time, however, we wanted to explain the rationale for the product’s behavior so our customers know what the service is doing: WU updates itself to make sure it continues to work properly. We are also confident that the choice to use Automatic Updating continues to be the right choice.

Before closing, I would like to address another misconception that I have seen publically reported. WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates.

Providing and maintaining the WU service is important to enable us to service our customers and help them maintain safe, more secure and reliable computers. We take this responsibility very seriously and we are proud of the impact that Windows Update has had to help users with safety security and reliability over the years. Updating the client has been and remains a critical piece to this approach.

We appreciate the feedback and I hope that this post helps you to understand the situation and our strategy.


Nate Clinton
Program Manager
Windows Update

 


Blogger OS9USER posted on 6:12 PM, September 13, 2007

According to the evidence assembled by Windows Secrets, these updates were silently downloaded and installed, without notifying end users, even in cases where those end users had specifically told Microsoft, through their PC settings, not to install updates without letting them choose to do so.

 


Blogger david and mary grace posted on 11:52 AM, September 17, 2007

You can grab the .cab files from Microsoft here:

x86:

http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x86/Vista/WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.0.6000.381.cab
http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x86/Vista/WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.0.6000.381.cab
http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x86/Vista/WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.0.6000.381.cab

x64:

http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x64/Vista/WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.0.6000.381.cab
http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x64/Vista/WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.0.6000.381.cab
http://download.windowsupdate.com/v7/windowsupdate/a/selfupdate/WSUS3/x64/Vista/WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.0.6000.381.cab

david

 


3 Comment(s) on this Article

Post a Comment









 



VP Fly Debate Cold Open - SNL



New details emerge from plot to kidnap Michigan Gov. Whitmer



Twitter News

Hackaday — Access An 8-bit Atari Through Twitter

cryptodaily.co.uk — Could China be behind a recent spike in bitcoin addresses?

Medium — Thoughts on distribution strategy and CEO/firm misalignment

Wired — How to Block Bad Websites—or Just Get Things Done

Arkansas Online — Stocks advance to end their best week in 3 months

Business Standard India — Trump to hold in-person White House event Saturday, hit campaign trail Mon

VentureBeat — Star Wars: Squadrons is seeing significant VR play

Japan Today — Twitter testing how its misinformation labels can be more obvious, direct

Mashable — One man's frustrating journey to recovering his Myspace

Medium — The Viral Nature of Bitcoin inside Publicly-traded Company Stocks

 Claim by Mike Pence:

"(Biden’s) own chief of staff, Ron Klain, would say last year that it was pure luck, that they did ‘everything possible wrong’ (with H1N1). And we learned from that."
PolitiFact rating: Needs context
Fact-checking the 2020 vice presidential debate, Kamala Harris vs. Mike Pence

Claim by Kamala Harris:
"There are estimates that by the end of the term of this administration, they will have lost more jobs than almost any other presidential administration."
PolitiFact rating: Half True


Claim by Mike Pence:
That Rose Garden event — there's been a great deal of speculation about it — my wife Karen and I were there and honored to be there. Many of the people who were at that event, Susan, were actually tested for coronavirus, and it was an outdoor event, which all of our scientists r...
CBS News rating: Partially true


Claim by Mike Pence:
"This administration saw 500,000 manufacturing jobs created."
PolitiFact rating: Misleading


Claim by Sen. Kamala Harris:
"Because of a so-called trade war with China, America lost 300,000 manufacturing jobs."
FactCheck.org rating: False


Claim by Mike Pence:
"The Green New Deal's on their campaign website."
PolitiFact rating: Misleading


Claim by Kamala Harris:
"Do you know that of the 50 people who President Trump appointed to the court of appeals for lifetime appointments, not one is Black?"
PolitiFact rating: Accurate


Claim by Mike Pence:
The Rose Garden event with Judge Amy Coney Barrett "was an outdoor event which all of our scientists regularly and routinely advised."
PolitiFact rating: Wrong


Claim by Kamala Harris:
Says Trump "got rid of" the National Security Council pandemic threat staff, and the CDC's team in China.


Tracking COVID-19


Our Interactive Radar


Tracking Our
New Hampshire Weather



MANCHESTER




OS9USER Trailer Mania

COME AWAY



Release Date: December 24, 2020 (Singapore)

Genre : Thriller






The official synopsis;

Before Alice went to Wonderland, and before Peter became Pan, they were brother and sister. When their eldest brother dies in a tragic accident, they each seek to save their parents from their downward spirals of despair until finally they are forced to choose between home and imagination, setting the stage for their iconic journeys into Wonderland and Neverland.



Warning: Some flashing-lights scenes in this film may effect photosensitive viewers.



Search our Archives