A brief review of the nomenclature. For Windows 7 SP1 and Windows Server 2008/R2 there was a monthly rollup update as well as a security-only update. The monthly rollup update contained all security fixes, but also bug fixes. And this rollup update included telemetry features.
Windows 7 Update KB4507456 (security only) with Telemetry
Download Zip: https://tlniurl.com/2vF5GL
Exactly these telemetry functions were missing in the security-only updates that Microsoft offers in the Microsoft Update Catalog and via WSUS. Many administrators have therefore installed the security-only updates.
The security-only KB4507456 contains telemetry (KB2952664, diagtrack, appraiser). Telemetry was previously only included in the rollups, but not in security-only. Secretly quiet and quietly Microsoft wants to extend the monitoring.
I only noticed that, but haven't time to dig in. Later, while visiting askwoody.com I came across the article Microsoft surreptitiously adds telemetry functionality to July 2019 Win7 Security-only patch linked by Bolko. Microsoft has added silently telemetry functionality to the July 2019 Security-only update for Windows 7 KB4507456. An anonymous poster had contacted askwoody.com with the following hint:
It replaces infamous KB2952664 and contains telemetry. Some details can be found in file information for update 4507456 (keywords: "telemetry", "diagtrack" and "appraiser") and under =7cdee6a8-6f30-423e-b02c-3453e14e3a6e (in "Package details"->"This update replaces the following updates" and there is KB2952664 listed).
The poster had inspected the file list (link is available the KB article). There are entries for files with names like "telemetry", "diagtrack" and "appraiser". In 2016, I had already written something about the Diagnostics Tracking service (DiagTrack) in the article Plant Microsoft die Ausweitung der Telemetriedatenerfassung in Windows 7/8.1? At askwoody.com abbodi86 writes that DiagTrack is part of the Compatel Runner. And about appraiser I had written something documented in the article Windows 10 V1607: Update KB4033637 finally documented.
This is interpreted on askwoody.com in such a way that telemetry functions now find their way into security-only updates. It is still unclear whether the telemetry is now included in every security-only update or whether it is a one-time thing. At askwoody.com there is this thread which describes how to disable the telemetry.
For years, the rollup updates for Windows 7 were equipped with telemetry functions, but the security online updates were telemetry-free. Under WSUS, these updates are offered as standard anyway and installed in corporate environments.
Users who didn't want any new telemetry functions, but are dependent on Windows Update, have manually installed the Security-online Updates. Unfortunately this model died. Already in July 2019 update KB4507456 comes with telemetry. I had reported in the blog post Windows 7 Update KB4507456 (security only) with Telemetry. The Security-only Update from August 2019 was shipped without Telemetry.
At askwoody.com there is this post, that deals also with this telemetry topic. Also the article here discusses several workaround to deactivate telementry. It's also possible, to use Software Restriction Policies to block CompatTelRunner.exe.
Many users are concerned about Telemetry and Data Collection services that Microsoft bundles with Windows 10. Some users consider these features as a spying attempt and a reason to not move to Windows 10. Even if Microsoft claims that such big data is only used to improve the user experience, ultimately for the end user, being in control of any data collected is the top priority. After the release of Windows 10, Microsoft released updates for Windows 7 and Windows 8, which increase the data collected by adding more Telemetry entry points to these operating systems.
From time to time, Microsoft is releasing a new updates that contains extra telemetry and data collection functions for both Windows 7 and Windows 8. One of them is the July 2019 Security-only Update for Windows 7, patch KB4507456.
The official description for the patch tells that it comes with security updates to Windows Server, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Shell, Windows Input and Composition, and Windows Kernel.
It has no mention that it comes bundled with KB2952664, the Compatibility Appraiser component. Earlier, Microsoft included the KB2952664 functionality (known as the "Compatibility Appraiser") in the Security Quality Monthly Rollups for Windows 7 back in September 2018. The package details for KB4507456 say it replaces KB2952664 (among other updates). It ads telemetry and its scheduled tasks to the KB4507456 update without any warning or mention.
Microsoft Windows 7 is reaching its end of support in 6 months (in January 2020). The situation with the security update could be an extra step to convince Windows 7 users to move on Windows 10 and make the transition more smoother in terms of reliability.
A few days ago, I read a flurry of articles surrounding the July batch of security patches forWindows 7. One of them, the security-only KB4507456 package, available through the Online Catalog (andnot WU) seems to contain telemetry code, too - something called Compatibility Appraiser. Hm,naughty.
I decided to check this and see what gives. There are two important findings to this - one, whetherMicrosoft sneaked in telemetry to Windows 7 in the guise of a security-only fix, and two, the widerimplication of this move when it comes to user trust. Let's explore.
But I've talked about this many years ago, with the whole Windows 10 & keylogger conspiracy. This isn't reallyanything new, and the data telemetry has been around for a long time. From all practical purposes, thepresence of this code doesn't alter how Windows 7 behaves. But that's only the first point of thissituation.
The more important element is HOW Microsoft did the update. Security-only means what it means. Toinclude packages that do not serve a security-only purpose is a breach of user trust who expect theirupdates to do as the text says. Indeed, the move to cumulative updates has removed a degree offreedom among advanced users in how they manage their patching, as the granularity of yore is gone.This means you must accept the whole bundle of updates - or none at all.
Then, let's not forget the GWX campaign. Hardly the record of awesome behavior thatyou would expect. Indeed, many people got burned by this aggressive push to use Windows 10, and itstill lingers. The latest set of updates, REGARDLESS of what they factually, technically do, erodes thetrust even further, and in the long run, will only cause more damage. That's classic salesfoot-in-the-door nonsense. Works for people with IQ in the double-digit zone, does not work for smartpeople.
So no, there's nothing new on the telemetry side. Yes, there's something new on the updates side -and that means they're less trustworthy than before. You can add the reduced quality of updates in recent times, and noneof this helps build confidence among Windows 7 (and possibly Windows 8) users in moving forward andtrying Windows 10. Because freedom and privacy are important, even as philosophical concepts.
Speaking of freedom and privacy, come the day, if you don't want Windows 10 upgrade, then Microsofthas released updates that allow you to block system upgrades once and for all. Indeed, you should checkmy Windows upgrade & telemetry article. Thismeans you won't be nudged to try the "modern" world and whatever. Specifically, the relevant patchesinclude KB3050265 for Windows 7 and KB3050267 for Windows 8.1. There yougo.
From the technological point of view, there's nothing new here. However, the fact you now getnon-security nonsense with security means you can't really trust updates from Microsoft anymore. So ifanything, this will majestically backfire. People don't like being pushed, and I'm amazed with therepeated attempts to do so, again and again.
Starting in July 2020, there will no longer be optional, non-security releases (known as "C" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the "B" or Update Tuesday release).
The March 12, 2019 servicing stack update (SSU) (KB4490628). To get the standalone package for this SSU, search for it in the Microsoft Update Catalog. This update is required to install updates that are only SHA-2 signed.
The latest SHA-2 update (KB4474419) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:
This issue is resolved in KB4539601 if you are using Monthly Rollups. If you are using Security-only updates, see KB4539602. These updates are available for all customers running Windows 7 SP1 and Windows Server 2008 R2 SP1.
Additionally to the Telemetry reports, there are known system wide issues with kb4507456, which i just found out on the following sevenforums url, but google also has more about this particular update.
Please read the conversation, people have report system wide issues (performance problem) and the additional KB4512816 is noted to fix issues (boot related apparently) caused by this particular KB. But the real issue is people have already recognize the existence of telemetry which is a security problem. Just keep this in mind and perhaps reconsider your recommendation with that url. 2ff7e9595c
Comments