Microsoft previews telemetry push with new Win7/8.1 patches KB 3192403, 3192404

[Karlston]

Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November

Yesterday Microsoft released seven new patches through Windows Update. Three of them -- KB 3192403 for Windows 7, KB 3192404 for Windows 8.1, and KB 3192406 for Windows Server 2012 -- confirm a trend we've long expected: Microsoft is adding new telemetry/snooping capabilities to Win7, 8.1, and Server 2012 by growing out its Diagnostic and Telemetry service subsystem, DiagTrack. The big push will come in November.

 

Much to Microsoft's credit, we have many details about the new subsystem. We also have tools to help you avoid installing this enhancement to DiagTrack. But in order to use those tools effectively, you must start installing Windows 7 and 8.1 updates manually -- using Windows Update will ensure that your PC starts sending more info to the mothership.

 

What kind of info? We don't know -- and don't have any way of knowing. While there are voluminous lists of privacy-related settings, Microsoft hasn't said what data it's collecting. There is no "Security" level option for Win 7 or 8.1 (or Win10 Pro or Home, for that matter). Data sent to the mothership is encrypted and inaccessible -- as it should be -- so we simply don't know if this new, improved DiagTrack will lead to Google-class snooping.

 

Before you get worried, be sure you understand the situation. These three patches have been released as a test. They're called "October 2016 Preview of Monthly Quality Rollup" for a reason. If you run Windows Update in Win7 or 8.1, they'll appear as unchecked, optional updates. If you don't check them, they won't be installed. And unless you're testing something specific, you'd be foolish to check and install the updates.

 

These Third Tuesday patches are a preview of the non-security portion of the monthly rollup that's expected to arrive in November. It's complicated, but in short, you don't want to install them yet.

 

The KB articles have detailed descriptions of the changes coming in November, but they're quite esoteric -- telemetry receiving locations, proxy servers, and registry entries. The KB articles all point to Microsoft's description of the Customer Experience Improvement Program (CEIP). But the description, which is almost eight years old, doesn't mention DiagTrack.

 

You might draw the conclusion that you can turn off DiagTrack by turning off CEIP, but as best I can tell that isn't true. I first noticed that telemetry-with-no-off-switch behavior 18 months ago in KB 2952664. A new incarnation of the same patch appeared earlier this month.

 

Bottom line: Those users who install KB 3192403 or KB 3192404 should expect a greatly enhanced DiagTrack subsystem that provides unknown kinds of telemetry to Microsoft, with no easy way to switch it off.

 

The obvious way to avoid such a situation is to avoid installing the patches in the first place. I'll step you through that minefield next month, when the patches appear for real.

 

Tero Alhonen has noticed something uncanny about the patches: The KB 3192403 and KB 3192404 articles include wording that's basically identical to that found in KB 3192441, which is the Oct. 11 cumulative update for Windows 10 version 1511. They have the same telemetry upload points and registry entries. It sure looks like Windows 10-class snooping is coming to Windows 7 and 8.1.

 

If you have Windows 7 or 8.1, you likely already have a nascent version of DiagTrack running. To see it, go into Control Panel and choose System and Security, Administrative Tools. Double-click on Services and scroll down the list to see if Diagnostic Tracking Service has been started. If you want to disable it (I've seen no reports of adverse side effects in doing so), double-click on Diagnostic Tracking Service. Under General, set Startup type to Disabled and click the Stop button, then OK. After you reboot, DiagTrack will haunt your PC no more -- until the next DiagTrack patch gets applied.

 

If you want to kill DiagTrack and pour salt on the ground from which it springs, you can run these commands (each on one line) provided by abbodi86 on AskWoody.com:

 

sc config DiagTrack start= disabled

 

sc stop DiagTrack

 

reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener /f

 

reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Diagtrack-Listener /f

 

reg delete HKLM\SYSTEM\ControlSet001\Control\WMI\AutoLogger\SQMLogger /f

 

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack /f

 

reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /f

 

takeown /f %ProgramData%\Microsoft\Diagnosis /A /r /d y

 

icacls %ProgramData%\Microsoft\Diagnosis /grant:r *S-1-5-32-544:F /T /C

 

del /f /q %ProgramData%\Microsoft\Diagnosis\*.rbs

 

del /f /q /s %ProgramData%\Microsoft\Diagnosis\ETLLogs\*

 

That's a scorched-earth removal of a "service" you're not likely to want.

 

Stay tuned. There will be lots of bumps ahead, in the aftermath of this month's patchocalypse. I continue to recommend that you NOT install any October updates just yet. Wait for the dust to settle. Later this week I'll have detailed (and easy) step-by-step instructions for safely installing the October updates.

 

Source: Microsoft previews telemetry push with new Win7/8.1 patches KB 3192403, 3192404

 

InfoWorld - Woody on Windows

 

AskWoody.com - Woody Leonhard's no-bull news, tips and help for Windows and Office

[Batu69]

KB3192403

KB3192403: October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

 

The list of changes include the following improvements and fixes:

1. Addressed issue that prevents pushed-printer connections and printer connections from trusted servers from being installed in Point and Print scenarios after installing MS16-087.
2. New root certificate type to support Catalog V2 for Windows 7 Embedded systems.
3. Improved proxy support in an authenticated proxy environment (telemetry, download of settings).
4. Revised daylight saving time issues fixed.

October 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

KB3192404

KB3192404: October 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2.

 

The list of changes includes the following ones:

1. Shared drives becoming unavailable issue fixed.
2. Memory leaks addressed in ISCSI WMI Provider.
3. Addressed printing issues.
4. Addressed 100% cou usage LSASS issue on domain controller role machines.
5. Fixed Office 365 integration issue with Windows Server Essentials 2012 R2.
6. Fixed task scheduler issue where weekly scheduled tasks failed with ERROR_REQUEST_REFUSED (0x800710e0).

Source