• Is it possible Microsoft will install telemetry in a Security-only update?

    Interesting question from MA:

    This is a question about the “Group B” approach to safely updating Windows 7.

    If I understand correctly, the Group B approach is to install the security-only patches from the Microsoft Update Catalog rather than from the (formerly) beloved Windows Update. Things like .net patches would still be installed via Windows Update.

    Is it possible for a security-only patch installed in this way (from the Microsoft Update Catalog) to be a patch for, say, a telemetry function that has so far been evaded by using the Group B approach?  If this can occur, then what happens to the attempted installation of such a security-only patch?  In particular, is it possible that finding no target, this patch can then cause the unwanted telemetry function to be installed?

    My answer:

    Is it possible? Sure. In the post-Get-Windows-10 era, anything’s possible.

    But I think it’s highly unlikely. Microsoft has promised thousands of corporate customers that it won’t play games with the Security-only updates. It’s hard to imagine shenanigans that would cause Microsoft’s credibility with the industry to fall even lower. This would be one of them.

    Far more likely at this point is that Microsoft will introduce bugs in Security-only updates, which are subsequently fixed exclusively in the Monthly rollups, the Group A patches, which contain both security and non-security elements (and, potentially, added telemetry).

    I’m looking at one reported case now. If anything solidifies (and I can wrap my head around it), I’ll be sure to yell real loud.