I have known about this for some time, that is, the fake updates from hackers, taking advantage of Microsoft's Automatic Update feature and have pretty made a point of turning this off on any machine I work on. Thing is, I used to set it to 'critical only' but that still causes the computer to allow the port to be active. You can learn more about this here from this ZDNet post.