A recent Windows 7 security-only update came with a telemetry surprise. Ed Bott reports on ZDNet that these updates usually stick to their name and only include security updates… But that wasn’t the case this time.
The “July 9, 2019—KB4507456 (Security-only update)” supplied the Compatibility Appraiser, KB2952664 — designed to identify issues preventing a Windows 7 machine from updating to 10.
What’s the concern?
According to ZDNet’s article, the concern is that components like this “are being used to prepare for another round of forced updates or to spy on individual PCs.”
In at least one file, the word “telemetry” shows up. For some users, that blurs the line between “innocuous data collection” and “outright spyware,” Bott says.
With the Comparability Appraiser — “telemetry” files and all — the so-called Windows 7 security-only update lost transparency, at least to some observers.
What Ed Bott discovered
Bott says he tried to research why this may have happened and reached out to Microsoft for comment. While they declined, he says he did formulate a theory.
“I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that’s the case, then the updates indisputably belong in a Security-only update. And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft’s reaction seems to be, ‘Well … tough.’ The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed,” he says on ZDNet.
Bott reports that Microsoft communications in regards to updates have generally improved over the years.
Read Next: IoT Growth is Great, But It’s Causing SMB Security Risks
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply