The second round of October patches arrives — with a few twists and a new nag

On the face of it, yesterday’s dump of “optional, non-security” patches for Win10 was thoroughly boring: 

• KB 4520062 for Win10 1809/Server 2019
• KB 4519978 for Win10 1803
• KB 4520006 for Win10 1709
• KB 4519979 for Win 10 1607/Server 2016 

As usual, there was no second cumulative update for Win10 1903/Server 1903. If history’s any indication, that patch will likely arrive during “D Week” or “E Week” — or some other random time, later this month or early next month.

Far more interesting are the Monthly Rollup Previews for earlier versions:

• KB 4519972 for Win7/Server 2008 R2
• KB4520012 for Win8.1/Server 2012 R2

As well as KB 4520013 for Server 2012 and KB 4520015 for Server 2008.

Knowledge Base articles for the Win7 and 8.1 Monthly Rollup Previews include this tantalizing text:

Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows. For more information, see KB 4525208.

Just one little problem. As of early Wednesday morning anyway, there is no KB 4525208. Try it yourself and see. 

What “issue with evaluating the compatibility status of the Windows ecosystem” is in Win7 and 8.1? We surely don’t want to mess with the Windows ecosystem, even if it requires installing an undocumented patch, right?

@abbodi86 has an educated guess:

The ecosystem compatibility thing is just a fancy term for the Compatibility Appraiser (formerly known as KB 2952664).

If that ends up being the case, we’re seeing a re-re-…re-release of an old telemetry/snooping ghoul. I first wrote about KB 2952664 more than five years ago, and have posted updated info about it dozens of times since, most recently in a July 11 post which warns that the KB 2952664 functions had been bundled with a “Security only” Win7 patch. Microsoft has never given more than a cursory statement about the patch’s proclivities, or the telemetry being extricated. 

Is it possible that Microsoft will roll this decidedly non-security snooper into the next Win7 “Security only” patch? It’s happened before, in July and September. Don’t be too surprised if it happens again.

Speaking of utterly obnoxious Win7 behavior: In a supposedly unrelated development, Microsoft says it will start displaying “Get Windows 10” nag screens to Win7 Pro customers. Matt Barlow’s Windows blog post from March was just updated with this notice:

Oct. 15, 2019 — We are now extending the notifications discussed below to Windows 7 Pro devices to ensure our customers are aware of the end of support for Windows 7 and can take action to remain productive and secure. Devices that are domain-joined as a part of an IT-managed infrastructure will not receive the notifications.

It’s like PUP déjà vu all over again. I wrote about the Win10 upgrade notifications back in March. By far the most detailed explanation of the nuts-and-bolts behind Microsoft’s new, kinder, gentler “Get Windows 10” push appears in Lawrence Abrams’s BleepingComputer article. 

AskWoody poster Speccy took a look inside the files and found that Microsoft had prepared — back in March, mind you — five different notifications, each urging Win7 users to upgrade to Win10, including the one most people have seen. Here’s a shot of one of the last in the sequence, which may or may not appear on a Win7 screen near you:

Woody Leonhard/IDG

What’s really happening? Back in March, Microsoft started pushing KB 4493132 to Win7 machines. That patch enables the Win7-to-Win10 nag. But there’s logic built into the patch that, at the time, prohibited it from running on Pro machines. @abbodi86 unraveled it:

According to Windows Update metadata sniffer Detectoid, Professional, Enterprise and Embedded editions are excluded (with all Server 2008 R2 editions) from getting the update through Windows Update. …

Even if KB 4493132 is manually or accidentally installed on the blocked editions (or Server 2008 R2), SipNotify.exe has built-in checks to not show the notification for certain situations:

• IsBlockedSku (i guess that’s for Server SKUs)
• IsVolumeLicensed
• IsDomainJoined
• IsKiosk (Embedded editions)
• IsDontRemindMeRegistryKeySet
• IsGeofenced

Apparently, according to Barlow’s announcement, the metadata on KB 4493132 has been changed so it will start installing on Pro machines that aren’t connected to a domain. Also apparently, the logic in SipNotify.exe has changed, so nag screens will start appearing for Pro machines.

What we don’t know at the moment is whether KB 4493132 will appear in the Windows Update list on Pro machines as Optional/Unchecked or Important/Checked. Back in March, we saw a lot of variation between similar machines, and it wasn’t clear to me then (or now) why some get the patch pushed (Important/Checked) or if they’re merely offered (Optional/Unchecked) for the unwary.

Running Win7 Pro? What are you seeing? Join us on AskWoody.