The first such report came from Windows Secrets and it stated that both XP and Vista have had nine small executables changed recently without the users being informed about it. It’s worth noting also that, besides not displaying any dialogue box to request permission, the update goes through even though the Windows Update (WU) wasn’t allowed to install anything.

To make matters even more interesting, there was no mention of this update on Microsoft’s site.

So, what’s Microsoft been up to exactly? Early speculations had it that since the update only targeted files related to Windows Update, then it was only necessary so that further updates would be recognized and the user could be made aware of their existence.

According to Microsoft’s Nick White, the speculations were true:

The upshot is that a longstanding procedure in Windows Update requires it to self-update before it is able to recognize that new updates are available (note: WU does not conduct a self-update event each and every time it checks for updates). This self-updating is done regardless of whether the user has enabled automatic checking, download and/or installation of updates. It does so in an effort to avoid WU misleading the user to think s/he is up-to-date simply because s/he was not receiving notification that updates are available. Put another way, WU cannot alert the user that there are security updates available if it is not in the necessary updated state that will allow it to recognize those updates (see "chicken and egg" dilemma).

However, we do recognize that we should have been clearer in our explanation of this process earlier in the game; the MU team’s blog post is an effort to rectify that oversight.”

It may very well be so, but the procedure still raises a lot of questions and “Just how many rights does Microsoft have on my system?” is the first one. Add this reports to previous Windows Genuine Advantage mishaps (when legitimate users had their Windows copies tagged as “pirate” due to an error in Microsoft’s system) and feel free to doubt that you’re actually in charge when running your OS.