Author Lasse Trolle Borup explains “the service simply copies itself to the TEMP directory and executes the copy, probably for when the update service must update its own executable. The problem here is, that though normal users are not allowed to list the contents of TEMP, they can still write files there.
How many other applications update in the same way? thousands or millions?