Recent Windows update wants to snoop through users' Office data

[Alfonso Maruccia]

Why it matters: A patch recently released via Windows Update scared Office users away, as Microsoft was seemingly going after data about older Office versions. Now the company explains: it's for your own good, privacy is paramount, etc.

Microsoft released the KB5021751 update in January, explaining that it was to "help" the company identify how many users were still running unsupported or soon-to-be-unsupported versions of the Office productivity suite. Microsoft was seemingly searching for info over users of Office 2013, Office 2010, and Office 2007, with an update that would run only once in "silent mode" to collect data and then remove itself from the system.

Redmond engineers deployed the update on Windows installations with the "Receive updates for other Microsoft products" option enabled and a copy of Office 2013, Office 2010, or Office 2007 installed. Microsoft points out that the receive updates feature is optional, and users can disable it from Windows Update's advanced options configuration page.

More recently, the OS giant refreshed the KB5021751 support page to re-explain how the update works and why it is helpful for Microsoft's business and customers. The update gathers "diagnostic and performance data" from Registry entries and application interfaces (API) to estimate the overall usage of older Office releases, says Microsoft Support.

The company says that unsupported versions of Office are no longer secure because they don't receive the latest security patches, which provide the most up-to-date protection against known vulnerabilities. Out-of-date versions "might face performance and reliability issues over time" as well.

However, Microsoft assures users that KB5021751 does not gather any information about licensing details, customer content, or data about other "non-Microsoft products." The company "values, protects, and defends" user privacy, even if this means letting customers off the hook on pirated versions of its software — on paper, at least.

Microsoft further said it would use the data gathered through the update to decide "how best to support and service" systems with outdated Office versions. However, there is no information about how it will carry out the continuing support. It could push some emergency, out-of-band updates for extremely dangerous (or even "wormable") security flaws, for example, even though no actual guarantees are offered.

Permalink to story.

https://www.techspot.com/news/97521-kb5021751-microsoft-update-wants-check-office-data-users.html

 

[brucek]

Even if many users might find this particular use benign, it indicates Microsoft just doesn't have the right attitude and respect about this. As soon as the topic came up, the answer should have been "of course we won't index our customers hard drives to answer our own internal research question because that's flat out wrong." The fact that didn't happen is pretty telling, although it's not exactly new information.

A secondary problem is Microsoft's casual attitude about mixing different types of updates in one channel, including at least a) small but urgent security patches which most users should trust to take immediately; b) feature changes which carry some risk of stability impact which users should evaluate as to when and whether they want it; and c) flat out negative changes which many users would refuse and never take if given adequate disclosure and choice. By mixing all three in the same channel, the result is many users disable all updates, to the misfortune of all.

 

[psycros]

Office has been trash since the anti-user UI (I.e the "ribbon" mess) was introduced. Libreoffice on Windows is slightly less stable but otherwise better in every way.

 

[ET3D]

As soon as the topic came up, the answer should have been "of course we won't index our customers hard drives to answer our own internal research question because that's flat out wrong."

That's would have been a rather bad response, considering that Microsoft isn't indexing customers hard drives here. Such a response would have done nothing to assuage paranoia, and would possibly have made it worse.

 

[bviktor]

Office has been trash since the anti-user UI (I.e the "ribbon" mess) was introduced. Libreoffice on Windows is slightly less stable but otherwise better in every way.

Are you seriously still talking about the ribbon? It's been 16 years dude, grow up.

For the record, I just checked out LibreOffice 7.5. Took about 20 seconds to start Writer. On a Ryzen 3900X with a PCI-E 3 SSD. And the dark mode interface makes my eyes bleed. Then I closed it.

Yeah, better in every way for sure.

 

[RaXelliX]

Are you seriously still talking about the ribbon? It's been 16 years dude, grow up.

For the record, I just checked out LibreOffice 7.5. Took about 20 seconds to start Writer. On a Ryzen 3900X with a PCI-E 3 SSD. And the dark mode interface makes my eyes bleed. Then I closed it.

Yeah, better in every way for sure.

I use LibreOffice daily and that's just flat out BS statement. Updated to 7.5 last week. Opening swriter.exe takes ~3 seconds and the Dark Mode addition is great for my eyes.

5800X3D, 32GB RAM @ 3733Mhz and PCI-E 4.0 SSD.

 

[BobHome]

Huh! That's about the time my Office 2013 said it needed to be activated--again!
It was last activated about a year ago when I rebuilt my PC, but this time:
1. You have used your max activations, try the Support phone number option.
2. The Support phone number is no longer in use.

And yeah, I know it goes EOL April 11, but not for me. Thanks again Microsoft!

 

[lazer]

I do NOT trust M$, they are not what I want. I want to rest my mind from worrying about people stealing my confidential info.
I will NEVER update and have begun to use Ubuntu.