As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows.
[...] What was surprising about this month's Security-only update, formally titled the "July 9, 2019—KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.
[...] I spent the afternoon poking through update files and security bulletins and trying to get an on-the-record response from Microsoft. I got a terse "no comment" from Redmond.
My research did, however, confirm that this is not a mistake, and it led me to a theory for why these mysterious files are shipping in an unexpected location. I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update.
And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough." The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed.
https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-deployment-script
ConfigScript.ps1 is pretty interesting.
Of note is there are different versions of DiagTrack (the script checks the version):
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3347
There is a blog post on it:
https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-does-Upgrade-Readiness-in-WA-collects-application-inventory/ba-p/213586
Upgrade Readiness in Windows Analytics provides an inventory of devices and applications for enrolled devices. We've had a lot of customers ask about the details of how this works, and this blog post is meant to answer those questions.
[...] This data is collected by an OS component called "Appraiser", which is built into Windows (require a KB to be installed on Windows 7/8.1 devices, per below).
[...] Core Inventory (apps, drivers) data collection is triggered via a scheduled nightly task "Microsoft Compatibility Appraiser" which runs every 24 hours. This assumes the system is awake and idle for long enough period to complete the scan. If the device was found inactive we resume the scan on the next available opportunity. This data is only sent to Microsoft if the device is opted in for CDO (Commercial Data Opt-in) on Win7/8.1 or Basic level in Windows 10.
Mozilla have https://bugzilla.mozilla.org/show_bug.cgi?id=1197768
(Score: 1) by yuhong on Sunday July 14 2019, @04:28AM
This telemetry has legitimate users, BTW:
https://old.reddit.com/r/sysadmin/comments/c184ic/upgrade_readiness_deployment_script/ercr643/?st=jy2gjq05&sh=d3baf2ac [reddit.com]