Microsoft re-releases snooping patches KB 2952664, KB 2976978

Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions

windows spyware
Credit: Pixabay

We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun.

The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week.

Microsoft's descriptions of the patches are quite bland:

This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year.

I last wrote about the patches on Oct. 5, 2016:

A Microsoft spokesman says it isn't bringing back the "Get Windows 10" campaign, but our old nemesis KB 2952664 reappeared suddenly yesterday afternoon, and Windows users are livid -- and scared.

The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11.

I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change?

But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all.

Discussion continues on the AskWoody Lounge.