Microsoft Data Harvesting Backported To Windows 7 & 8


So as a follow up to our recent article about the rather lax Windows 10 default privacy settings, Microsoft has decided that even if you aren’t upgrading – they want your data anyway.

Microsoft Backports Data Harvesting To Windows 7 & 8

The most complete cloud indeed, made up of telemetry from your machines. Microsoft is back-porting the data harvesting portions of Windows 10 to both Windows 7 and Windows 8 – nice eh? And yah, Microsoft data harvesting? Not really surprising to be honest.

We recently mused, half seriously, whether the entire point of the Windows 10 upgrade was to harvest your personal information. With Microsoft suffering from a serious case of Google envy, perhaps it felt it had some catching up to do.

Now Microsoft is revamping the user-tracking tools in Windows 7 and 8 to harvest more data, via some new patches.

All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools. This data can include how long you use apps, and which features you use the most, snapshots of memory to investigate crashes, and so on.

The updates are KB3068708 (“Update for customer experience and diagnostic telemetry” and mandatory) KB3075249 (“Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7”) and KB3080149 (also an “Update for customer experience and diagnostic telemetry”, both optional).


In my experience backports generally only exist in the *nix World, so Microsoft is upping their game here backporting Windows 10 ‘features’ into older operating systems, all seamlessly delivered via the patching system. The only example I really remember was a bunch of stuff from Windows Vista being backported to Windows XP when SP3 was released.

If people are only installing security updates, they might not get these as one is optional and two will show up under recommended.

The notes explain that diagnostic telemetry data is sent to settings-win.data.microsoft.com (64.4.54.253) over SSL. Privacy advocates note that the OS is hardwired to use that hostname, so trying to override the IP address it resolves to using your PC’s hosts file won’t work.

The tools relate to Microsoft’s CEIP (‘customer experience improvement program’). Disabling the monitoring tools is complicated, requiring tweaks via both the policy editor, and at application level.

If you’re not bothered by anonymised data being sent to Microsoft (or mobile data caps) then the telemetry elevations probably won’t bother you.

Microsoft’s creepy robo-buddy “contextual operating service”, Cortana – which has caused much of the privacy concerns, even though it’s fairly well explained – remains an exclusive to Windows 10 and Windows 8.1 Phone.

If you want details on how to disable the snooping, check here: Microsoft intensifies data collection on Windows 7 and 8 systems

Not super tough to stop it, but it would be nice to be asked in the first place.

Source: The Register

Posted in: Privacy


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


Comments are closed.