As expected, Windows Update dropped off several packages of security and reliability fixes for Windows 7 earlier this week, part of the normal Patch Tuesday delivery cycle for every version of Windows.
[...] What was surprising about this month's Security-only update, formally titled the "July 9, 2019—KB4507456 (Security-only update)," is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.
[...] I spent the afternoon poking through update files and security bulletins and trying to get an on-the-record response from Microsoft. I got a terse "no comment" from Redmond.
My research did, however, confirm that this is not a mistake, and it led me to a theory for why these mysterious files are shipping in an unexpected location. I strongly suspect that some part of the Appraiser component on Windows 7 SP1 had a security issue of its own. If that's the case, then the updates indisputably belong in a Security-only update.
And if they happen to get installed on systems where administrators had taken special precautions not to install those components, Microsoft's reaction seems to be, "Well ... tough." The Appraiser tool was offered via Windows Update, both separately and as part of a monthly rollup update two years ago; as a result, most of the declining population of Windows 7 PCs already has it installed.