As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user's permission. As you can see in the Windows Update screenshot above, Microsoft does not indicate that the update will install anything for either browser. It's also not really clear what the installed extension actually does.

To make matters worse, the update was marked "Important" instead of "Optional," which means it was more likely to be installed either automatically (if the user has Automatic Updates on) or manually when the user clicks Install (Important updates are checked by default).

The Microsoft Support page for this update, KB982217, describes the issues the update supposedly fixes: "In an Internet browser, you specify a homepage that is not a fully qualified URL. However, Windows Live Toolbar, MSN Toolbar, or Bing Bar may not categorize your homepage correctly. Therefore, the homepage reporting may be generated incorrectly for users who select the Help improve our services option when they install these toolbars."

The Bing Bar, which has replaced both the Windows Live Toolbar and the MSN toolbar, is available for both Internet Explorer and Firefox, which is why we assume that only these two browsers are tampered with. Still, the KB article does not mention an add-on or an extension being installed or updated.

Since we could not find any official documentation from Microsoft, we checked the actual IE add-on and Firefox extension. Unfortunately, they were not terribly helpful; all we discovered was that the IE add-on is at version 3.0.126.0, so it has been around for a while, and that the Firefox extension is at version 1.0, so it's likely it was only released now. Both seem to be installed in "C:Program FilesMicrosoftSearch Enhancement PackSearch Helper." Inside, there is a file called "SEPsearchhelperie.dll" that is responsible for the IE add-on and a "firefoxextension" folder responsible for Firefox. The update can't be uninstalled, but deleting these files works just fine.

Users started reporting this issue yesterday on the MozillaZine forums in the Firefox Support section. The Firefox users ran Windows Update and, after they restarted Firefox, they noticed that the Extensions window had opened up and was showing a new resident: Search Helper Extension. IE users likely did not notice the update because the browser does not check on launch to see if new add-ons are installed. At the time of writing, the thread in question only had 14 posts, but we verified that the extension is indeed installed:

On one of our Windows systems, we had the Windows Live Toolbar installed for Internet Explorer but not for Firefox. Nevertheless, installing this update added the add-on/extension to both browsers without telling us that it would do so. On our second system, we had the Bing Bar installed for Internet Explorer, but it was disabled. Firefox was not installed. This system already had the update in question, so we decided to install Firefox. Not only was the Bing Bar extension present upon Firefox's first launch, but so was the Search Helper Extension.

Additional testing determined that the update is only being offered to those with one of the Microsoft toolbars installed, regardless of whether they are enabled or disabled. It's unknown how many users fall into that scenario, but the toolbars often come bundled with new PCs and popular Microsoft downloads.

The worst part of this issue is that Microsoft does not seem to be aware of it: a Microsoft spokesperson simply pointed us to the aforementioned Microsoft Support page that inaccurately describes the update. We asked the company for an explanation of why the extension was installed and what it does, and eventually got a reply.

Mozilla responded to our inquiries regarding possible security concerns. "We're in contact with Microsoft, and are looking into it," a Mozilla spokesperson told Ars. "As far as we know at this time, there are no security implications to this add-on's background installation."