KB4507456 Security-Only Update Bundled with Telemetry
CYBER NEWS

KB4507456 Security-Only Update Bundled with Telemetry

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

It’s been some time since we last talked about Windows-related telemetry. However, this is now changing with the latest Patch Tuesday for July 2019, which includes a bonus for Windows 7 users. According to “hawk-eyed” users, a “security-only” Windows 7 update contains hidden telemetry. The patch in question is KB4507456.




What is KB4507456 all about?

According to the official Microsoft advisory, KB4507456 is a security update that includes quality improvements, such as:

Security updates to Windows Server, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Shell, Windows Input and Composition, and Windows Kernel.

What some people noticed is that this security-only updates is in fact bundled with a Compatibility Appraiser, KB2952664. Surprisingly or not, KB2952664’s purpose is to identify issues that could prevent Windows 7 computers from updating to Windows 10.

It is very interesting to note that KB2952664 has been around for quite some time, and it’s a Windows 7 compatibility update which has been re-released multiples times in 2014 and 2015. The update has caused lots of crashes for users over time.

Related: Uninstall Windows Updates KB3068708, KB3022345 and Fix Errors

So does the Compatibility Appraiser tool do? CompatTelRunner.exe is the Microsoft Compatibility Appraiser which scans Windows 7/8/8.1 application files residing on the computer to assess their compatibility with Windows 10 if an upgrade is performed, explains Microfocus.

The concern about the compatibility appraiser being bundled with a regular security update (KB4507456) is that these components are being employed to prepare Windows 7 systems to update to Windows 10. What is worse is that this is done in a concealed way, and perhaps user should be on the lookout for a round of forced updates. And some unwanted telemetry. In fact, it appears that the word “telemetry” shows up in at least one file, meaning that data collection is on the way.

Long story short, we’re once again witnessing Microsoft slipping this compatibility and telemetry components into a security-only patch, without warning users in any way.

Ed Bott from ZDNet, however, says that there’s also the suspicion that some part of the Appraiser component on Windows 7 SP1 had a security issue. In this case, the updates definitely belong in a security-only update, he said.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...