Has Microsoft Snuck A Windows 10 Ad In An Internet Explorer Patch?

Security patch, at that! Microsoft, in their relentless quest to ensure that as many people upgrade to Windows 10 as early as possible, may have pulled off a sneaky little trick.

There are reports that the software titan has installed a new ad generating routine into IE.

Via a security patch that was rolled out this Tuesday, during the monthly Patch Tuesday update cycle.

The software titan has documented everything, albeit in the most obscure manner possible. But vague or not, many people believe that disguising an ad generator inside a security patch is very much crossing the line.

Anyway, MS16-023 is the security patch for Internet Explorer this time around, and Microsoft explains this as following:

“This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer… Additionally, this security update includes several nonsecurity-related fixes for Internet Explorer.”

Remote code execution, all fine. But the non-security related bit is the interesting part here. The KB article above has the company further listing six such fixes, one of which is KB3146449. And this is the one that brings the ads to the browser:

“This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.”

Essentially, this is a way for the company to educate users that the new OS is out.

Several machines are now showing a little blue banner when a user opens a new tab, which says that Microsoft recommends upgrading to Windows 10.

The important thing to note here is that 3146449 is not deployed separately, meaning it is not possible to manually remove it. It does not appear in the installed updates list, and this update is pretty much baked into the IE security patch KB3139929.

Leaving no choice for users that want to remove the ads, but to remove the security patch entirely.

Computers that are attached to corporate domains are spared, but the general users have no choice but to keep this patch installed if they want to stay on the safe side of things.

7 thoughts on “Has Microsoft Snuck A Windows 10 Ad In An Internet Explorer Patch?”

  1. Another fine example of “how low can you go, Microsoft” isn’t it? Nothing surprises me when it comes to their desperation about Windows 10.

    • I suggested a good friend that he used Chrome instead. He replied: “Why? IE’s always worked.” I said it’s like a bright light to night creeps (viruses), and said I would be happy to install it (as I did with Gmail). NO, was the reply. Well, some learn the hard way.

  2. Hmm, this is just another example of what the people at microsoft think of their customers, as something to be exploited.

  3. OK. Looks like one more reason to not use IE….

    I actually have updated my main computer to Windows 10,and tolerate it. I keep my home TV system on Windows 7 due to the removal of Windows Media Center in WIn 10. (Yes, I do know about the workaround for this, but every time the OS updates the workaround must be reapplied. I worry that eventually this will be plugged and my system would be unusable.)

  4. Future security efforts will be focussed not on IE but on Edge. It is not unreasonable therefore to inform users that they need to join the mainstream if they want to keep up to date and secure. How many past OS versions is Microsoft supposed to support? What other OS vendor cares to support old versions? Supporting old versions costs precious resources that Microsoft needs to commit to Windows 10.


Leave a Comment