Mystery patch KB 3035583 for Windows 7 and 8 revealed

Recommended patch released March 27 is a Windows 10 prompter/downloader that nags users about upgrading to Windows 10 -- then does the dirty deed

Mystery patch KB 3035583 for Windows 7 and 8 revealed

Late last month a mysterious patch suddenly appeared as an Optional entry in the Windows Automatic Update chute. At the time I wrote:

Conjecture at this point: It's somehow related to the ability to upgrade directly from Windows 7 or 8 to Windows 10. But of course, the official documentation doesn't say anything of the sort.

The crows have come home to roost and, thanks to a German researcher named Gerard Himmelein at, we now have a more thorough understanding of exactly what Microsoft's dishing out (a Google English translation of the post is available). Yesterday Jan Willem Aldershoff at Myce posted an analysis in English, with a Dutch-language screenshot, and this morning Vlad Dudau at Neowin gave us an English-language shot.

Microsoft provides an explanation -- of sorts -- in the KB article:

This update enables additional capabilities for Windows Update notifications when new updates are available to the user. It applies to a computer that is running Windows 8.1 or Windows 7 Service Pack 1 (SP1).

That's the entirety of the official explanation.

Analysis shows, though, that KB 3035583 is a shill for Windows 10. As poster rugk on the eset Security Forum says, it's "an adware/PUA/PUS/PUP for Windows 10 upgrade."

Aldershoff goes into detail:

Once the update is downloaded it adds a folder to System32 called "GWX" which contains 9 files and a folder called "Download". One of the four .EXE files reveals what the update really is, the description of GWXUXWorker.EXE states, "Download Windows 10″. This explains the X in the name, the X is the Romanian [sic] number 10.

The folder also contains "config.xml" which contains some URLs that at the moment of writing didn't work.  The config  file mentions "OnlineAdURL" that points to and Telemetry BaseURL pointing to

Dudau adds:

In the same system folder, users can find a config XML file that goes through the program's behavior depending on what "phase" Windows 10 is in. For example, currently the program doesn't display any notifications or act in any way because we're currently in the "None" phase. But as we get to the "RTM" phase of Windows 10, users will likely see a new Live Tile show up on their Start Screen, pointing to the upcoming OS. Similarly, taskbar notifications will also be displayed when Windows 10 launches, prompting users to update.

Is the patch an unwanted intrusion or just a convenient way to let Windows 7, 8, and 8.1 users upgrade to the (free) Windows 10?

I guess that depends on your point of view. But it sure would've been nice if Microsoft had simply told us the truth, instead of sneaking another controversial come-on into its patch list.

Copyright © 2015 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon