[German]Microsoft released update KB5021751 for Microsoft Office 2007 – 2013 on January 17, 2023 to track down users who are still using these outdated versions of Office. There was some puzzlement as to what this was all about. Now Microsoft has at least assured that the update is not meant to spy on users and respects privacy.
Review: Office update KB502175
Microsoft Office 2007 and Microsoft Office 2010 have long since fallen out of support at Microsoft and no longer receive any security updates. For Microsoft Office 2013, support with security updates (Extended Support) ends on April 11, 2023 (see Microsoft Office: End of Life dates and feature drops in 2023).
Microsoft then released the optional update KB502175 on January 17, 2023. Update KB5021751 is available for the Microsoft Office 2007 and Microsoft Office 2010 packages that have long since fallen out of support, as well as Microsoft Office 2013, which will fall out in April 2023.
Microsoft provided an interesting explanation of the update's purpose: "This update is intended to help Microsoft identify the number of users who are using unsupported (or soon to be unsupported) versions of Office, including Office 2013, Office 2010 and Office 2007. This update will run once in the background, without the need to install anything on the user's device.
Of course, this aroused nasty fears about what Microsoft intends to do with it. Especially since this update is distributed via Windows Update. After the download, the update is then installed, a restart is not required. The update analyzes the system when it is executed in order to report the Office versions found via telemetry. However, Microsoft does not disclose what information is transmitted during the analysis.
Microsoft's clarification on privacy
Coverage of the update had made waves (I reported in the blog post Update KB5021751 (from Jan. 17, 2023) identifies outdated Office versions). Now Microsoft has updated its support post on update KB5021751 to specify more details on how Bleeping Computer came to attention. Now the support post additionally states:
Versions of Office that are no longer supported do not receive security updates that provide the latest protections against known vulnerabilities. Also, unsupported versions might face performance and reliability issues over time.
This update gathers diagnostic and performance data to estimate the usage of installed Office versions to determine how best to support and service these systems. This data is gathered from registry entries and APIs. The update does not gather licensing details, customer content, or data about non-Microsoft products. Microsoft values, protects, and defends privacy. For more information about our privacy principles, see Privacy at Microsoft.
One probably wants to know how many systems are at risk from known Office vulnerabilities. In addition, unsupported versions may experience performance and reliability issues over time, Microsoft says. It then adds that the update collects diagnostic and performance data to estimate usage of installed versions of Office and determine how best to support and maintain those systems. This data is collected from registry entries and APIs.
Microsoft is adamant that the update does not collect licensing details, customer content or data about non-Microsoft products. Microsoft assures to protect and respect the privacy of the users.
TTip: If you do not want to install this update, you should block it under Windows 10/11 as a precaution. This is possible, for example, with the tool wushowhide.diagcab, which is now available again.
0patch supports Office 2010 with micro patches after the end of support (EOL)
Update KB5021751 (from Jan. 17, 2023) identifies outdated Office versions
Cookies helps to fund this blog: Cookie settings