Be Careful What You Patch

Nancy Anderson
Posted by

In many cases, a software patch is necessary to fix a security problem or make a program more useful to end users. Unfortunately, some companies also use patches to collect usage data, leaving users more vulnerable to hacking and other security issues. In October 2015, Microsoft re-released six software patches, most of which had been identified as nagging or snooping patches in the past.

1. KB 2952664

The Microsoft Support page for KB 2952664 describes this software patch as an update that improves Windows 7 and makes it easier to upgrade to the latest version of Windows. Woody Leonhard of InfoWorld disagrees with this description. When Leonhard initially installed this software patch, he noticed it added a program to Windows Task Scheduler. The program, DoScheduledTelemetryRun, supposedly runs only if you have opted into the Microsoft Customer Experience Improvement Program. However, Leonhard says the program runs even if you specifically opted out of the CEIP, raising concerns about snooping.

2. KB 3035583

Leonhard classifies KB 3035583 as a piece of nagware because this software patch installs a program called GWX on Windows 7 and Windows 8.1 systems. GWX nags users to upgrade to Windows 10 by displaying tray notifications. Although this software patch may be perfectly harmless, Leonhard says he is troubled by Microsoft's lack of transparency. This patch has been re-released several times since it first debuted in March 2015, but Microsoft always describes it as one that enables additional capabilities for Windows Update. Additionally, this patch is marked as important on Windows 8.1 machines, which means it is automatically installed on any machine running Automatic Update.

3. KB 2976978

Microsoft Support describes KB 2976978 as a compatibility update for machines running Windows 8 and Windows 8.1. Leonhard says this patch is actually a scanning program used to perform system diagnostics. Microsoft representatives say the update only performs diagnostics on machines enrolled in the Microsoft CEIP, but Leonhard is skeptical of this claim. Again, this software patch may not cause users any harm, but Microsoft should be more transparent when describing new updates.

4. KB 3083711

Patch KB 3083711 is available for machines running Windows Server 2012 and Windows 8.1. This patch code is new, and it doesn't appear to do any snooping or install nagware on Windows systems.

5. KB 3083710

KB 3083710 is for systems running Windows Server 2008 and Windows 7. As of Oct. 12, 2015, Microsoft has not released further details about this patch, except to say that it is a new update client for Windows 7.

6. KB 2977759

Microsoft categorizes KB 2977759 as a compatibility update for Windows 7 RTM, but Leonhard says this software patch is actually a scanning program. This patch code has been re-released multiple times since 2014.

If you are in charge of IT security for your company, you need to restrict user access to Windows Update and other administrative functions. Otherwise, it's possible for users to download software patches that collect sensitive data and leave your company vulnerable to data theft.

Photo courtesy of Stuart Miles at



Become a member to take advantage of more features, like commenting and voting.

Jobs to Watch