Late last month a mysterious patch suddenly appeared as an Optional entry in the Windows Automatic Update chute. At the time I wrote:
Conjecture at this point: It's somehow related to the ability to upgrade directly from Windows 7 or 8 to Windows 10. But of course, the official documentation doesn't say anything of the sort.
The crows have come home to roost and, thanks to a German researcher named Gerard Himmelein at heise.de, we now have a more thorough understanding of exactly what Microsoft's dishing out (a Google English translation of the post is available). Yesterday Jan Willem Aldershoff at Myce posted an analysis in English, with a Dutch-language screenshot, and this morning Vlad Dudau at Neowin gave us an English-language shot.
Microsoft provides an explanation -- of sorts -- in the KB article:
This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1).
That's the entirety of the official explanation.
Analysis shows, though, that KB 3035583 is a shill for Windows 10. As poster rugk on the eset Security Forum says, it's "an adware/PUA/PUS/PUP for Windows 10 upgrade."
Aldershoff goes into detail:
Once the update is downloaded it adds a folder to System32 called "GWX" which contains 9 files and a folder called "Download". One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, "Download Windows 10″. This explains the X in the name, the X is the Romanian [sic] number 10.
The folder also contains "config.xml" which contains some URLs that at the moment of writing didn't work. The config file mentions "OnlineAdURL" that points to https://go.microsoft.com/fwlink/?LinkID=526874 and Telemetry BaseURL pointing to http://g.bing.com/GWX/.
Dudau adds:
In the same system folder, users can find a config XML file that goes through the program's behavior depending on what "phase" Windows 10 is in. For example, currently the program doesn't display any notifications or act in any way because we're currently in the "None" phase. But as we get to the "RTM" phase of Windows 10, users will likely see a new Live Tile show up on their Start Screen, pointing to the upcoming OS. Similarly, taskbar notifications will also be displayed when Windows 10 launches, prompting users to update.
Is the patch an unwanted intrusion or just a convenient way to let Windows 7, 8, and 8.1 users upgrade to the (free) Windows 10?
I guess that depends on your point of view. But it sure would've been nice if Microsoft had simply told us the truth, instead of sneaking another controversial come-on into its patch list.