If Microsoft's documentation is correct, installing Patch Tuesday's
KB 3139929 security update for Internet Explorer also installs a new Windows 10 ad-generating routine called
KB 3146449.
Many people -- present company included -- feel that putting an ad generator inside a security patch crosses way over the line. In fact, you have to ask yourself if there are any lines any more.
Microsoft lays it all out in black and white in its inimitable, most obfuscatory way.
This month's MS16-023 security patch for Internet Explorer,
KB 3139929, says:
This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer… Additionally, this security update includes several nonsecurity-related fixes for Internet Explorer.
Later in the same KB article, Microsoft lists six "nonsecurity-related fixes that are included in this security update," including this:
3146449 Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7
If you then look at
KB 3146449,
you see:
This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.
According to one of my sources, this new user education works like this:
On non-domain joined machines this adds a blue banner when a user opens a "New Tab" saying "Microsoft recommends upgrading to Windows 10"
It's important to note that KB 3146449 is not installed separately. You can't remove it. If you look in your installed updates list, KB 3146449 doesn't appear. Instead, it's baked into the IE security patch KB 3139929. The only way to get rid of the new advertising inside Internet Explorer 11 is to remove the security patch entirely.
source:infoworld
