Windows Update spies on your XP box and sends information about your installed software back to the MSFT Death Star. Best of all, this was discovered by sniffing the "secure" SSL protocol that MSFT uses to communicate. How? By exploiting an undocumented API in MSFT's own system.
Evidence obtained by German hardware site tecChannel suggests a list of software installed on an XP machine is sent to Microsoft when users run Windows Update. When patches are downloaded, a few kilobytes of data are sent in the opposite direction over a secure SSL channel. Because the data is encrypted a simple packet sniffer can't be used to see what this data contains. However tecChannel's tecDUMP utility takes advantage of an undocumented WinInet API, enabling an examination of the data before it becomes encrypted. According to tecChannel, the information sent to Microsoft includes details of all the software installed in a machine, not only Microsoft applications.
http://www.securityfocus.com/news/2746