Microsoft's Latest Windows 7 Security Update With Telemetry Payload Has Users Crying Foul Over Privacy Invasion
Although the Windows 7 operating system was first released way back in 2009, it is still being updated on a regular basis by Microsoft -- that is until extended support ends on January 14th, 2020) Like clockwork, Windows 7 received the usual bevy of bug fixes and security updates during Patch Tuesday.
However, Microsoft is drawing suspicion over some added content with KB4507456, which is labeled as a "Security-only update". This month's update is being bundled with a Compatibility Appraiser (KB2952664), which is a diagnostics tool for systems running legacy Windows operating systems. Microsoft describes the Compatibility Appraiser, writing, "The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows."
To put that into plain English, the software will scan a Windows 7 system and determine if the hardware and installed apps will support an update to the Windows 10 operating system. Woody Leonhard (Ask Woody), however, believes that Microsoft is secretly adding telemetry to gather additional data on users.
"With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update," writes Woody.
According to Woody, the telemetry data could be a precursor to Microsoft "snooping" on users who have been reluctant to upgrade to Windows 10. "Come on Microsoft. This is not a security-only update," Woody adds. "How do you justify this sneaky behavior? Where is the transparency now?”
By its very nature -- and from Microsoft's own words -- these security-only updates are stripped down to the bare minimum and only include necessary software to keep systems protected against the latest threats. Microsoft described this process back in 2016, stating:
Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available. The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog.
Perhaps everyone is jumping the gun and maybe Microsoft's actions are actually benign. But Ed Bott of ZDNet reached out to Microsoft to give some clarity on the situation, but was met with what he described as a terse "no comment".