Samsung laptops open to hackers after Windows Update disabled

Security researchers warn of serious risks as Samsung overrides key security feature

Samsung has disabled Windows Update on some of its laptops, it has been claimed, potentially leaving them open to malware and data leakage.

The issue, which IT Pro has not currently been able to independently verify, was discovered by Patrick Barker, a Microsoft support engineer.

In a blog post, Barker states that a user "was being assisted with a WU (Windows Update) issue, which was going well, aside from the fact that [his] WU kept getting disabled randomly".

"It was figured out eventually after using auditpol.exe and registry security auditing that the program that was responsible for disabling WU was Disable_Windowsupdate.exe, which is part of Samsung's SW Update software," Barker said.

While there has not yet been any official word from Samsung as to why SW Update disabled Windows Update, a customer service representative told Barker in a web chat: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates."

As security researcher Graham Cluley notes, this is a tactic often used by malware to prevent patches and security updates being applied. And, while the motivation is different, the outcome in terms of making the user's computer unsecure - indeed, Barker has urged his readers to report Disable_Windowsupdate.exe as Malware to Microsoft "because that's exactly what it is".

"Why would you ever disable WU in such a fashion (or in general), in a way a generic user cannot control, leaving them vulnerable?" Barker said.

In a statement, Microsoft said: "Windows Update remains a critical component of our security commitment to our customers. We do not recommend disabling or modifying Windows Update in any way as this could expose a customer to increased security risks.

"We are in contact with Samsung to address this issue."

- Update: Samsung has denied Barker's claims, at least in part - read the full story here.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021