Microsoft officials say they are investigating reports that files the company deployed this summer prevent Windows XP users who run a built-in “repair” function from installing as many as 80 of the companys latest security patches.
“We are aware of reports about customers not being able to download some updates from Windows Update when using the latest version of the Windows Update client and after reinstalling Windows XP system files from CD,” a Microsoft spokesperson said Sept. 27. “We take this issue very seriously and are investigating the root cause of this behavior and what options are available to address it.”
The issue was brought to light by Scott Dunn, a writer and associate editor with Windows Secrets Newsletter. According to Dunn, the problem is stealthy updates deployed by Microsoft in July and August. The files prevent Windows XP users who utilize the repair function from installing recent patches.
Does Microsoft have the right to automatically update users systems? Click here to read more.
In the newsletter, Dunn explained that after a user employs the repair option from an XP CD-ROM, Windows Update downloads and installs the new 7.0.600.381 executable files. Some of the Windows Update executables are not registered with the operating system, which in turn prevents Windows Update from working as intended.
“We have tested and confirmed that the silent updates actually prevent a repaired copy of Windows XP from loading the latest patches,” Dunn said later in a statement. “We initially thought Microsofts stealth update, though unwise, was harmless. But that is not the case, because it cripples the updating process on XP after the repair option is used.”
The repair function takes Windows back to its original state if a computer is unable to boot up.
According to Dunn, a few users of the repair option relayed their problems to Windows Secrets after the newsletter on Sept. 13 revealed “silent installs” by Microsoft.
Microsoft, based in Redmond, Wash., urged customers that are experiencing this issue to contact customer service.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
