Posted on April 26th, 2017 at 14:26 Comment on the AskWoody Lounge
I’ve received many questions like this, from MT:
I am currently on Version 1607 (Build 14393.953). Some time ago I enabled
“Defer Windows Updates” per your instructions. Each month since then I have
waited for your indication that it was ok to update. But now that the
Creators Update is out, I am confused about how this will work.
If I disable “Defer Windows Updates” and then I then run Windows Update,
won’t I get the Creators Update installed?
Or will it show up when I run wushowhide the second time? Thus giving me a
chance to hide it.
Your best bet is to wait until Creators Update is declared “Current Branch for Business” – likely a couple months away.
If you disable “Defer Windows Update,” you may or may not get Creators Update. At this point only 10% of Anniversary Update users have been upgraded to Creators Update, and Microsoft’s controlling the rollout closely.
The easiest approach, if you’re using Win10 Pro, is to set Defer Windows Update. In Win10 Home, the options aren’t as easy.
If you’ve turned off all updating, via a metered connection, you’ll have to switch updating back on (perhaps turn off metered connection) before this month’s patches will appear.
Posted on April 26th, 2017 at 12:06 Comment on the AskWoody Lounge
A fascinating bug reported by Cave_West on the Microsoft Answers forum:
Word 2016 is crashing when clicking on the File menu when certain (not all) documents are open… if we open a document that works (a fresh .docx or any .doc) and while Word is still open try and open a problematic .docx it works. If we try and open a problematic .docx with Word closed first, accessing the File menu causes Word to crash. What’s interesting is that it doesn’t seem to be all .docx files, only certain ones, but for the moment we haven’t identified any commonality between the problem files, in fact most are simple documents with no embedded pictures, macros etc.
Removing the Update for Word 2016 (KB3178720) resolves the issue.
Anybody else seeing this?
Posted on April 25th, 2017 at 16:51 Comment on the AskWoody Lounge
Curiouser and curiouser…
Dan Goodin on Ars Technica:
On Tuesday, security firm Countercept released an update to the DoublePulsar detection script it published last week. It now allows people anywhere on the Internet to remotely uninstall the implant from any infected machine… amid the radio silence Microsoft is maintaining, the tool will no doubt prove useful to admins responsible for large fleets of aging computers.
Just when you thought it couldn’t get any more complicated, Creators Update gets a new kind of patch, KB 4016240Posted on April 25th, 2017 at 14:09 Comment on the AskWoody Lounge
Microsoft just released another patch for Win10 Creators Update. KB 4016240 brings the 1703 build number up to 15063.250.
That’s quite normal for a new version of Win10 – we commonly get multiple updates for the first month or two.
What’s abnormal – has me bamboozled – is the explanation surrounding the patch.
If I read Michael Niehaus’s post on the Technet blog correctly, this is the first of the “new update options for Windows 10, version 1703.” Which is also fine — but I don’t understand what’s “new” about it. KB 4016240 apparently lacks any security updates, but KB 4016251, build 15063.13, didn’t have any security updates either. At least, there aren’t any documented.
Many Win10 cumulative updates don’t have security patches. In fact, just thumbing through the list the only cumulative updates with security patches that I can find were released on Patch Tuesday. Look at KB 4016635, released on March 22, for example. Win10 patches with no security updates are quite common.
Niehaus notes that the Insider Release Preview ring (which has always raised my blood pressure) will get new non-security updates first. Then the non-security updates will get rolled out to the normal update process later. (Today’s the first example of that.) Then, presumably, the non-security updates will get rolled into the regular cumul
ative update that frequently appears on Patch Tuesday.
(Except, if you look at the history, many Win10 cumulative updates don’t appear on Patch Tuesday.)
These additional cumulative updates will contain only new non-security updates, so they will be considered “Updates” in WSUS and Configuration Manager.
Which, to me, is an oxymoron.
Poster thymej explains:
if its said these patches will contain only new non-security patches, how then can it be cumulative? Cumulative contains new and old, right?
I don’t get it. Anybody out there have a Win10 Patch Babel Fish?
Martin Brinkmann has a description on gHacks, but I’m still scratching my head. Maybe I’m just being unusually dense today.
Peter Bright has an explainer on Ars Technica. He says the new cumulative non-security update contains “all the non-security fixes released for a given version.” I’m scratching my head again. He says, “This split packaging (and split classification) should make it easier for organizations to, for example, deploy Security Update very quickly but hold the non-security portion back so that it can be more thoroughly tested and validated.” — which makes sense, but why would we want the non-security updates early (but after the Preview ring)?
Posted on April 25th, 2017 at 12:16 Comment on the AskWoody Lounge
Thanks to Rod Trent and myitforum.com.
A simple upvote would be nice, if you can spare a click.
Posted on April 25th, 2017 at 10:37 Comment on the AskWoody Lounge
I’m pleased as could be to add @MrBrian to our list of illustrious MVPs!
Outstanding work, excellent insight, and decorous personality. Quite a combination.
Please join me in thanking and welcoming him to the sanctum sanctorum.
Posted on April 25th, 2017 at 10:09 Comment on the AskWoody Lounge
My head’s still reeling, but Microsoft patching honcho Michael Niehaus has just published information about a new patching branch for Windows 10 Creators Update.
we will routinely offer one (or sometimes more than one) additional update each month. These additional cumulative updates will contain only new non-security updates, so they will be considered “Updates” in WSUS and Configuration Manager.
The admin options:
Deploy each of them just like the updates on “Update Tuesday.” This enables the organization’s PCs to get the latest fixes more quickly.
Deploy each of them to a subset of devices. This enables the organization to ensure that these new non-security fixes work well, prior to those same fixes being included in the next “Update Tuesday” cumulative update which will be deployed throughout the organization.
Selectively deploy them, based on whether they address specific issues affecting the organization, ahead of the next “Update Tuesday” cumulative update.
Don’t deploy them at all. There is no harm in doing this since the same fixes will be included in the “Update Tuesday” cumulative update (along with all the new security fixes).
Would somebody please tell me how this differs from the Windows Insider “Preview” ring?
My head’s swimming. Just when you thought it couldn’t get any more complicated…
UPDATE: Mary Jo Foley on ZDNet repeats the announcement. I’m still baffled.
Posted on April 25th, 2017 at 07:34 Comment on the AskWoody Lounge
As promised, I’d like to start a discussion about “Group B” and its future.
As I see it, the “Group B” approach to installing Security-only patches is becoming unwieldy, both for Windows 7 and 8.1 users. @PKCano’s list in AKB 2000003 is getting downright oppressive. And the recent experience with Microsoft blocking Windows Update on Kaby Lake and Ryzen processors has me convinced that the line between Security-only and Monthly Rollup is growing fainter.
If you can explain to me why a Security-only patch would block Windows Update, I’d surely like to understand.
I’d like to open the topic up to discussion. I don’t want to debate the validity of Microsoft’s telemetry/snooping garbage, er, features. Some people think it’s OK. Others (like me) think Win7 customers didn’t sign up for this abuse, and shouldn’t be subjected to it. But that’s beside the point.
I’m also not changing my stance on delaying patches. Even with this month’s Word 0day, I still think most Windows customers are better served by letting the other guys get the arrows in their backs.
What I want to know is if there’s a real, valid, easy way for Win7 and 8.1 customers to install Monthly Rollups yet opt out of most of the snooping.
So… what do you think? I know the topic’s controversial. I know Linux doesn’t snoop (at least, not as much). I know ChromeOS is worse and macOS’s snooping remains open to debate. Is there a way to stay with Windows and not become part of the Win10 borg?
I’m not looking for heat, but light. As always, ad-hominem attacks won’t be tolerated. Stick to the facts, please….
Also, note well – I’ve already been assimilated. I use Win10 all day, every day, and have for years.