Security Short Take: Microsoft gets vague on Windows 10 updates
Last week, Microsoft released two updates for devices running the Windows 10 preview build 10240: KB3074663 and KB3074665, with the latter one being announced on Twitter by Gabriel Aul, engineering general manager for Microsoft's OS group. "We're releasing an update package on WU [Windows Update] for PC build 10240 today. It will install automatically or you can check for updates to grab it," Aul tweeted Friday. "It will be described as a security update, but that's just because it's cumulative and includes the last package's security fix."
The first update, KB3074663, was also marked as a security update. "The vulnerability could allow elevation of privilege if the Windows Installer service incorrectly runs custom action scripts," said the accompanying support document. Like its follow-up, KB3074663 also used the phrase, "This update includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements."
What may disturb long-time Windows users is the lack of information about the contents of KB3074663 and KB3074665; the phrase "includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements" could cover a variety changes across wide spectrums of the OS.
Among the issues raised by the shift:
Windows 10 is set to roll out on July 29 and promises to offer a faster update cadence, which could exacerbate concerns about the lack of update information.
With reports by Gregg Keizer at Computerworld.