Home / Technology / Microsoft raises suspicion by adding telemetry files to secure update only

Microsoft raises suspicion by adding telemetry files to secure update only

Reverse engineering of the BlueKeep patch reveals how dangerous it is
The researchers develop a proof of concept attack after the reverse engineering of the Microsoft BlueKeep patch.

As expected, Windows Update released several security and reliability patch packages for Windows 7 earlier this week, as part of the normal patch release cycle on Tuesday for each version of Windows. But some hawk-eyed observers have noticed a surprise in one of these Windows 7 packages.

According to Microsoft's rules, what it calls "security updates only" is meant to include, well, only security updates, not quality patches, or diagnostic tools. Nearly three years ago, Microsoft split its monthly update packages for Windows 7 and Windows 8.1 into two separate offerings: a monthly rollup of updates and patches and, for those who want it, only patches essential, an update package reserved for security. .

What was surprising about this month's security update, formerly called "July 9, 2019 – KB4507456 (security update only)", was that it brought together the compatibility evaluator , KB2952664, designed to identify issues that may prevent Windows 7 PC from updating to Windows 10.

Among the ferocious bodies of Windows Update skeptics, the compatibility assessment tool must be aggressively avoided. The problem is that these components are used to prepare a new series of forced updates or to spy on individual PCs. Word telemetry appears in at least one file and, for some observers, seemingly harmless data collection in the foreground is spyware.

My long-time colleague and former co-author, Woody Leonhard, said earlier today that Microsoft appeared to "surreptitiously add a telemetry feature" to the latest update:

With July 2019-07 Security only Quality update KB4507456, Microsoft has slipped this feature into a security patch only without warning, adding the "Compatibility Appraiser" and its scheduled tasks (telemetry) to the update. The details of the package for KB4507456 indicate that it is replacing KB2952664 (among other updates).

Go Microsoft. This is not a security update only. How do you justify this devious behavior? Where is the transparency now.

I had the same question and so I spent the afternoon rummaging through the update files and security bulletins and trying to get a recorded response from Microsoft . I received a "comment without comment" from Redmond.

My research has, however, led to a theory of why these mysterious files are shipped to an unexpected place. I suspect that part of the Appraiser component of Windows 7 SP1 poses a security problem. If this is the case, the updates undoubtedly belong to an update reserved for security.

And if they were installing on systems where administrators had taken special precautions not to install these components, Microsoft's reaction seems to be: "Well … hard." The evaluation tool was proposed via Windows Update, separately and as part of a monthly cumulative update made two years ago. therefore, the majority of the declining PC population of Windows 7 has already installed it.

For the record, my experience with this update is that it is benign and that Microsoft states the truth when it says: "This update does not contain any features for upgrading or upgrading GWX" . However, given the problems users face during unwanted upgrades in the first year of Windows 10, it is understandable that some people do not believe in this insurance.

Why is Microsoft so discreet about this update? The company is naturally reluctant to talk about security issues except in formal contexts such as release notes and support bulletins. If you're a security engineer at Microsoft, this week has already been exhausting thanks to a pair of exploits of type 10 Windows 10 used in the wild, including by Kremlin protected hackers.

Microsoft's update communications have generally improved (or at least become more consistent) in recent years, but there are still issues like this where the stubborn silence of the company is disconcerting. This simply serves as proof to critics that the company has an ulterior motive. Would it really be difficult to publicly declare that additional files were included because of an unspecified security problem?

It is also possible that Microsoft thinks there are good reasons to make the Compatibility Appraiser tool mandatory as the end-of-support date for Windows 7 approaches. And although Microsoft will offer paid technical support for another three years, this is a business unit whose milestones probably include reducing the number of users as quickly as possible.

Source link