It’s been some time since we last talked about Windows-related telemetry. However, this is now changing with the latest Patch Tuesday for July 2019, which includes a bonus for Windows 7 users. According to “hawk-eyed” users, a “security-only” Windows 7 update contains hidden telemetry. The patch in question is KB4507456.
What is KB4507456 all about?
According to the official Microsoft advisory, KB4507456 is a security update that includes quality improvements, such as:
Security updates to Windows Server, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Shell, Windows Input and Composition, and Windows Kernel.
What some people noticed is that this security-only updates is in fact bundled with a Compatibility Appraiser, KB2952664. Surprisingly or not, KB2952664’s purpose is to identify issues that could prevent Windows 7 computers from updating to Windows 10.
It is very interesting to note that KB2952664 has been around for quite some time, and it’s a Windows 7 compatibility update which has been re-released multiples times in 2014 and 2015. The update has caused lots of crashes for users over time.
So does the Compatibility Appraiser tool do? CompatTelRunner.exe is the Microsoft Compatibility Appraiser which scans Windows 7/8/8.1 application files residing on the computer to assess their compatibility with Windows 10 if an upgrade is performed, explains Microfocus.
The concern about the compatibility appraiser being bundled with a regular security update (KB4507456) is that these components are being employed to prepare Windows 7 systems to update to Windows 10. What is worse is that this is done in a concealed way, and perhaps user should be on the lookout for a round of forced updates. And some unwanted telemetry. In fact, it appears that the word “telemetry” shows up in at least one file, meaning that data collection is on the way.
Long story short, we’re once again witnessing Microsoft slipping this compatibility and telemetry components into a security-only patch, without warning users in any way.
Ed Bott from ZDNet, however, says that there’s also the suspicion that some part of the Appraiser component on Windows 7 SP1 had a security issue. In this case, the updates definitely belong in a security-only update, he said.