Microsoft added telemetry files to security updates and aroused skeptics

1 Star2 Star3 Star4 Star5 Star (1 ratings, average: 5.00 of 5)


This month, security updates for Windows 7 received a built-in telemetry and compatibility component that some skeptical users didn’t like right away.

Traditionally, on Tuesday Patch (Patch Tuesday), on July 9, Microsoft released several security updates and patches for Windows 7. However, this time one of the service packs came with a “surprise” from Redmond.

According to Microsoft rules, “security updates” should only include security enhancements, not quality fixes or diagnostic tools. About three years ago, the company divided the monthly update packages for Windows 7 and Windows 8.1 into 2 suggestion options: a monthly set of patches and updates, and a package with security updates only.

Update KB4507456 dated July 9, 2019 received a component called Microsoft Compatibility Appraiser (compatibility assessment tool), designed to identify problems that may interfere with the upgrade of Windows 7 to Windows 10.

Free upgrade to Windows 10 for Windows 7 SP1 and 8.1 users

Among the fierce skeptics of Windows Update, the Compatibility Appraiser has earned not the best reputation. This component is used to prepare for the next rollout of push updates or to monitor individual computers. According to some observers, the mention of the word “telemetry” in at least one of the package files is a short step from innocuous data collection to real spyware.

The author of the popular books about Windows Woody Leonard (Woody Leonhard) believes that Microsoft has decided to “seamlessly add telemetry functionality to the latest update”:

In the security update KB4507456 for July 2019, Microsoft added the “Compatibility Appraiser” and scheduled tasks (telemetry) to the security update without warning. The release notes state that KB4507456 replaces KB2952664.

Thus, this update is no longer just a security update. How to regard such vile behavior? Microsoft, where is the transparency?

Many users have similar questions. ZDnet tried to get an official comment from Microsoft, but instead received a short “no comment” message from Redmond.

ZDnet’s own investigation led to an alternative theory that some of the Appraiser component in Windows 7 SP1 could have its own security problem. If this is true, then the package KB4507456 can really be considered solely a security update.

For the first time, the Appraiser tool was offered through Windows Update both separately and as part of a monthly cumulative update two years ago. This module is installed on most PCs still running on Windows 7.

Microsoft has publicly stated that the security updates “do not contain either the Windows 10 Get utility or the update features.” However, given the negative experience of the user with unwanted updates in the first year after the release of Windows 10, few believe Redmond.

How to disable the reminder “Support for Windows 7 is coming to an end”

Why is Microsoft silent about this update? It is clear that the company is reluctant to talk about security issues outside official channels, such as release notes and support bulletins. Microsoft security engineers have had so many things to do – this week it was reported that there were several zero-day exploits in Windows 10 that are already being actively exploited by cybercriminals.

Microsoft’s information openness related to updates has become better in recent years, but, as we see in this situation, problems still persist. The stubborn silence of the company this time baffles. Such behavior simply serves as evidence for critics that the company has a hidden motive.

Perhaps, Microsoft believes that it has compelling reasons for the Compatibility Appraiser to become a mandatory component, since the end date of Windows 7 support is coming. Although Microsoft will offer paid support for another three years, it will be available only to organizations.