Windows updating service
If that one server got compromised one day, or an attacker cracks the [Microsoft] DNS server again, there could be millions of users installing trojans every hour. Unlike its predecessor, Automatic Updates can download and install updates.
The scope of this attack is big enough to attract crackers who actually know what they are doing..." Automatic Updates is the successor of the Critical Update Notification Utility. Instead of the five-minute schedule used by its predecessor, Automatic Updates checks the Windows Update servers once a day.
Once the check is executed, any custom schedule defined by the user is reverted to the default. Moore in early 1999 was critical of this approach, describing it as "horribly inefficient" and susceptible to attacks.
Microsoft stated that this ensures that users received notification of critical updates in a timely manner. In a posting to Bug Traq, he explained that, "every single Windows 98 computer that wishes to get an update has to rely on a single host for the security.
After Windows ME is installed, a notification balloon prompts the user to configure the Automatic Updates client.
The user can choose from three notification schemes: Being notified before downloading the update, being notified before installing the update, or both.
But the list grew so large that the performance impact of processing became a concern.
Instead, the app downloads a full list of every available update and chooses which one to download and install.
Cumulative updates are updates that bundle previously released updates.
Cumulative updates were introduced with Windows 10 and have been backported to Windows 7 and Windows 8.1.
According to Woody Leonhart of Info World, early reports of this issue could be seen in Microsoft Tech Net forums in late May 2013, although Microsoft first received large number of complaints about this issue in September 2013.
The cause was an exponential algorithm in the evaluation of superseded updates which had grown large over the decade following the release of Windows XP.