Microsoft released security updates for all supported operating systems on the July 2019 Patch Day. Windows 7 administrators get to choose between a security-only update or a monthly rollup update. The main difference between the two is that security-only supposedly only contains security related patches while the monthly rollup update may also include non-security changes.
KB4507456, which is this month’s security-only update, seems to have included more than just security patches for the various components of the Windows 7 operating system. According to reports, installing the security-only update replaces the notorious KB2952664, the Compatibility update for keeping Windows up-to-date and also making sure that upgrades to Windows 10 work as expected.
With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates).
The release sparked fear among some admins that Microsoft might have dropped the update in preparation of Windows 7’s support end and the expected push of Windows 10 on these systems.
This is not the first time that Microsoft slipped Compatibility Appraiser into a security-only update. The company did so in September 2018 for Windows 7 but informed users and administrators about it in advance.
The July 2019 seems like a repeat of that but without the warning. Once installed, a new scheduled task is added to the system under Microsoft > Windows > Application Experience.
Ed Bott picked up the story on ZDnet confirming that the security-only update did in fact include the Compatibility Appraiser tool. Bott suggests, however, that there might be another simpler explanation for the inclusion: that the tool itself had a security issue that Microsoft fixed with the release.
Bott presents no evidence on the other hand that the update fixed security issues in the Appraiser tool. Given the lack of data, I would not be too quick to dismiss the hypothesis. For now, all we know is that Microsoft did push the update to Windows 7 devices as part of the security-only update. It could be another case of Microsoft just being Microsoft.
Communication and openness has improved in recent years at Microsoft but as Bott points out, there are still issues “where the company’s stubborn silence is baffling”.
Support for Windows 7 ends in January 2020 and Microsoft started to show notifications about the upcoming end already. The company promised, however, that it would not run another Get Windows 10 campaign on user devices.
Enterprise customers may purchase up to three years of support extensions that costs them $50, $100, and $200 per user and year respectively.
Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks)). Thank you for being a Ghacks reader. The post Did Microsoft just drop the Telemetry bomb on Windows 7 users without telling anyone? appeared first on gHacks Technology News.