New Windows 7 ‘security-only’ update installs telemetry/snooping, uh, feature

New Windows 7 ‘security-only’ update installs telemetry/snooping, uh, feature





Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes – and we frankly don’t know what else – rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing “security-only” patches, not cumulative; these were meant to address just the security holes.

…From October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available…. The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.

We’ve had lots of problems with the security-only patches in the intervening three years, with most of the difficulties tied to bugs created by the security-only patches that are fixed in Monthly Rollups. 

Those who use Windows Update to get their Win7 patches have been treated to all sorts of extraneous stuff, including the infamous snooping (or should I be politically correct and call it “telemetry”?) patch KB 2952664.

Now comes word that the July security-only patch, KB 4507456, includes an unexpected bonus. Snooping, er, telemetry.

According to an eagle-eyed anonymous tip on AskWoody:

The “July 9, 2019—KB4507456 (Security-only update)” is NOT “security-only” update.

It replaces infamous KB2952664 and contains telemetry. Some details can be found in file information for update 4507456 (keywords: “telemetry”, “diagtrack” and “appraiser”) and under http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=7cdee6a8-6f30-423e-b02c-3453e14e3a6e (in “Package details”->”This update replaces the following updates” and there is KB2952664 listed).

As @PKCano explains:

Copyright © 2019 IDG Communications, Inc.






Security

Leave a Reply

Your email address will not be published.