Microsoft Data Harvesting Backported To Windows 7 & 8


So as a follow up to our recent article about the rather lax Windows 10 default privacy settings, Microsoft has decided that even if you aren’t upgrading – they want your data anyway.

Microsoft Backports Data Harvesting To Windows 7 & 8

The most complete cloud indeed, made up of telemetry from your machines. Microsoft is back-porting the data harvesting portions of Windows 10 to both Windows 7 and Windows 8 – nice eh? And yah, Microsoft data harvesting? Not really surprising to be honest.

We recently mused, half seriously, whether the entire point of the Windows 10 upgrade was to harvest your personal information. With Microsoft suffering from a serious case of Google envy, perhaps it felt it had some catching up to do.

Now Microsoft is revamping the user-tracking tools in Windows 7 and 8 to harvest more data, via some new patches.

All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools. This data can include how long you use apps, and which features you use the most, snapshots of memory to investigate crashes, and so on.

The updates are KB3068708 (“Update for customer experience and diagnostic telemetry” and mandatory) KB3075249 (“Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7”) and KB3080149 (also an “Update for customer experience and diagnostic telemetry”, both optional).


In my experience backports generally only exist in the *nix World, so Microsoft is upping their game here backporting Windows 10 ‘features’ into older operating systems, all seamlessly delivered via the patching system. The only example I really remember was a bunch of stuff from Windows Vista being backported to Windows XP when SP3 was released.

If people are only installing security updates, they might not get these as one is optional and two will show up under recommended.

The notes explain that diagnostic telemetry data is sent to settings-win.data.microsoft.com (64.4.54.253) over SSL. Privacy advocates note that the OS is hardwired to use that hostname, so trying to override the IP address it resolves to using your PC’s hosts file won’t work.

The tools relate to Microsoft’s CEIP (‘customer experience improvement program’). Disabling the monitoring tools is complicated, requiring tweaks via both the policy editor, and at application level.

If you’re not bothered by anonymised data being sent to Microsoft (or mobile data caps) then the telemetry elevations probably won’t bother you.

Microsoft’s creepy robo-buddy “contextual operating service”, Cortana – which has caused much of the privacy concerns, even though it’s fairly well explained – remains an exclusive to Windows 10 and Windows 8.1 Phone.

If you want details on how to disable the snooping, check here: Microsoft intensifies data collection on Windows 7 and 8 systems

Not super tough to stop it, but it would be nice to be asked in the first place.

Source: The Register

Posted in: Privacy


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


Comments are closed.