News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 4: Get Windows and Office patched, but watch out for Kylo Ren

    Posted on December 25th, 2015 at 19:09 woody Comment on the AskWoody Lounge

    With the holidays now in full swing, it’s highly unlikely that Microsoft will be releasing any Windows or Office patches over the next few days. That gives us Windows users a clear, uh, window for getting our machines updated. Do it now.

    The big stinker patch in December was KB 3114409, which triggered multiple problems in Outlook 2010. Although complaints surfaced within hours of the release of the patch, it took Microsoft more than a day to pull it. Eight days later, Microsoft released KB 3114560, which fixes the problems introduced by KB 3114409. So it’s all clear on KB 3114409 – you shouldn’t see that patch being offered.

    For those of you who use Windows Live Mail and have an @outlook.com, @hotmail, @live, or @msn email account, you should take a look at my advice on KB 3093594. In short, Microsoft hasn’t yet fixed the mail sync problem. The KB article, last updated Dec 23 and at revision level 5, says “Microsoft is researching this issue and will post more information in this article when the information becomes available.” No need to sit on pins and needles about this patch. As best I can tell, it’s only available by direct download, not yet through Windows Update, and the trigger event – Microsoft killing the DeltaSync protocol on its servers — hasn’t yet come to pass. Stay cool and don’t go looking for trouble.

    The Office version 6366 debacle, which renamed normal.dotm and normalemail.dotm, thus destroying customizations in Word, is still listed as the Current Branch for Office 365. (Yes, this is the bug I erroneously attributed to Win10 v 1511 patch KB 3124200.) If you subscribe to Office 365 and suddenly discover that Word isn’t behaving properly, Microsoft has an 11-step procedure to discover and change the erroneous names for “Normal.dotm.old, NormalPre, NormalPre15, NormalOld, or OldNormal. If you see more than one of these files, then you will need to choose the correct file to restore. Often, this is the file with the most recent Date modified value, which should be Normal.dotm.old. Don’t worry if you choose the wrong one, you can repeat steps 7-10 as many times as necessary to find the right file.”

    The article doesn’t mention normalemail.dotm, but one can assume the procedure is similar, mutatis mutandis. Don’t worry, you can repeat steps 7-10 as many times as necessary to find the right file.

    If you can do all of that in about ten seconds, you’re a better geek than I, Gunga Din.

    If you’re in charge of an Office 365 fleet, you should seriously consider throttling the Office 365 Click to Run updates, at least until we get official word that version 6366 is toast.

    Many of you are wondering about installing Internet Explorer 11. Yes, it’s true that Microsoft is discontinuing support for earlier versions of IE on January 12. (Exceptions: IE 9 will still be supported on Vista and Server 2008 SP2; IE 10 on Server 2012. Details on Microsoft’s IE End of Life page.) I’m seeing some really weird behavior with IE 11 installs, and will be looking at it in more depth while you’re out having a good time next week. For now, I say stick with the IE you currently have – and for heaven’s sake, don’t use IE, use Firefox or Chrome. ‘Course I’ve been saying that for almost a decade now.

    The Windows 10 v 1511 patches are going along as usual –it seems that every one generates a loud chorus of complaints about failure to install, weird errors, disappearing apps, re-assigned filename associations, and other imponderables. I’d say go ahead and install the latest cumulative update, KB 3124200, keep your eyes open and pray for the best.

    The bad Outlook 2013 patch I mentioned last month, KB 3101488, appears to be fixed. See KB 3118497 if you have problems with Outlook crashing.

    Thus, I say go ahead and patch. We’re at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

    As always, use Windows Update, DON’T check any boxes that aren’t checked. Reboot immediately after patching. If you’re using Win7 or 8.1, run GWX Control Panel right after the update to get rid of any sneaky “Get Windows 10” nagware. Then, if privacy is important to you, follow Susan Bradley’s suggestions to turn off the Diagnostic Tracking Service. When you’re done, make sure Automatic Update is set to Notify but don’t download (see the tab at the top of this page).

    For Windows 10 users, if you’re using the metered connection trick (or one of Susan’s other methods for deferring updates), unblock the updates just long enough to get the latest dose (CU 6, KB 3124200).

    If you hit any snags, post ‘em here.

    Time to get braced for January. Microsoft’s promising that we’ll see the Windows 10 upgrade posted to Windows Update as a “recommended” update. Lots of offal is about to hit the fan.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums MS-DEFCON 4: Get Windows and Office patched, but watch out for Kylo Ren

    This topic contains 77 replies, has 6 voices, and was last updated by

     oxbridgelee 2 years ago.

    • Author
      Posts
    • #48080 Reply

      woody
      Da Boss

      With the holidays now in full swing, it’s highly unlikely that Microsoft will be releasing any Windows or Office patches over the next few days. That
      [See the full post at: MS-DEFCON 4: Get Windows and Office patched, but watch out for Kylo Ren]

    • #48081 Reply

      oxbridgelee
      AskWoody Lounger

      For all your continued efforts on our behalf, typically above and beyond the call of duty:

      Woody, Great Britain salutes you!

    • #48082 Reply

      Seff

      Indeed, I support that as a fellow Brit! Thanks Woody for all your excellent advice throughout the year. I wish you and yours, together with my fellow commenters, the very best for Christmas and the New Year.

    • #48083 Reply

      Seff

      By way of personal update, I have successfully upgraded both my Windows 7 machines from IE9 to IE11 (although I use Chrome as my main browser). That was before I saw Woody’s advice to leave well alone for the moment! No problems apparent, although when rebooting the machines to complete the installation each time there was a pronounced pause with a black screen before the desktop appeared so my heart was in my stomach for a moment!

      My main concern now relate to whether I need to upgrade from Windows Live Mail 2011 and if so whether to go with Thunderbird or OE Classic rather than WLM 2012 (I use the email client purely for my ISP’s email account as I access my hotmail and yahoo accounts through the browswer).

      Also, I have read elsewhere about the need to upgrade certain .Net Framework versions but don’t think there’s been any reference here to that. I wonder whether I have to go looking for the necessary downloads or will Microsoft include the necessary upgrades in their January patches?

    • #48084 Reply

      woody
      Da Boss

      If you’ve installed IE 11, you should run GWX Control Panel and make sure that you didn’t get hit with a copy of Get Windows X. You’ll need to upgrade to WLM 2012 if you have any email addresses that end in @outlook.com, @msn, etc. .NET should upgrade itself via Windows Update.

    • #48085 Reply

      woody
      Da Boss

      Cheers!

      (And thanks, everyone for the wishes. You’re most kind.)

    • #48086 Reply

      misuser8

      Windows Update Client Patches KB3102812 and KB3112336 break Windows Update user interface:

      https://social.technet.microsoft.com/Forums/en-US/4cb303e3-6485-4946-9f6d-c4cbe6857f41/kb3102812-and-kb3112336-breaks-windows-update-user-interface-on-windows-81?forum=w8itproinstall

      KB3102812 has disappeared from the list of available updates on my Windows 8.1 laptop and now KB3112336 is offered to install, but KB3112336 does not supercede KB3102812, does this mean that KB3102812 has been pulled by Microsoft?

    • #48087 Reply

      b

      “– and for heaven’s sake, don’t use IE, use Firefox or Chrome. ‘Course I’ve been saying that for almost a decade now.”

      After a decade, it would be nice to have a proper reason.

    • #48088 Reply

      Marty

      My Windows 7 computer includes KB3112343, another one of those Windows 7 Client Update patches. But in contrast to many, this one actually has an informative description. Read it and you may want to skip this patch:

      “This update enables support for additional upgrade scenarios from Windows 7 to Windows 10, and provides a smoother experience when you have to retry an operating system upgrade because of certain failure conditions. This update also improves the ability of Microsoft to monitor the quality of the upgrade experience.”

      Caveat emptor.

    • #48089 Reply

      DAM3

      I did a clean install of Windows 7 Home Premium and Office 2010 on an XP computer. Of course there were a lot of updates to install. I did them at different times. All went well until Dec 18. There were 85 listed “failed” in the update history. They showed an erroneous date of Dec 19 (rather than 18). They never reappeared in Update.

      I did an MS troubleshooter and fixit but they never show up again . They appear to be .Net and Office updates.

      Do I need to be concerned about these? If so, what do I do? I am not very tech savvy.

    • #48090 Reply

      Seff

      Thanks Woody. I don’t use any of those email addresses with my WLM 2011 client, I access my hotmail.com account solely through Chrome – it’s currently showing as Outlook Mail (Preview).

      My WLM 2011 email client is used only for my ISP email account (Virgin Media). Do I need to do anything now WLM 2011 is no longer supported, and if so is it best to upgrade to WLM 2012 or switch to a different email client like Thunderbird or OE Classic?

    • #48091 Reply

      woody
      Da Boss

      If they don’t show up, chances are good they’ve been replaced by later patches.

    • #48092 Reply

      Great Lake Bunjip

      Greetings from Tasmania, Australia. My sincere thanks Woody for your help and support! I run a help desk involving about 100 computers. Before I used GWX Control Panel I had nothing but trouble in upgrading several computers from Windows 7 to Windows 10. Leave Windows 7 alone! I am thinking that the only way to deal with potential upgrade problems from 7 to 10 is buying a new computer with Windows 10 version 1511 pre-installed. The Windows 10 upgrade is free, but the Pro version is much preferred for getting more control over Windows updates! Toshiba support has been very poor for me.

    • #48093 Reply

      DAM3

      Thanks, Woody. I enjoy your books and much appreciate your help. Stay safe and dry!
      🙂

    • #48094 Reply

      woody
      Da Boss

      I think that’s the best route, although Eric Knorr (my editor at InfoWorld) says he’s still convinced Win7 is the better choice for new company PCs. He has a good point.

    • #48095 Reply

      woody
      Da Boss

      Those are, respectively, the November and December patches for the Windows Update program. They exist solely to make it easier for Microsoft to put Windows 10 on your machine. I don’t see any harm in installing them but unless you’re going to upgrade to Win10 shortly, it’s not a big deal either way. Yes, KB 3112336 supersedes KB 3102812, even if MS doesn’t officially mention it.

    • #48096 Reply

      Deborah

      Excuse my ignorance, but what is Kylo Ren?

    • #48097 Reply

      Martha Means

      Susan Bradley’s Patch Watch has a section on KB3112343. If you subscribe, check there to see her advice.

    • #48098 Reply

      Nd60

      REALLY…. pls help if you can or any advice?

      few days to NY and my win7 suddenly ask to activate win
      when it was working fine b4
      as expected online activation fail and i was moved to to call in phone system – that to fail and I was move to a tech guy that ask to help me via remote desktop… i decline

      not sure what is going or if MS is going for the kill for those who,
      completely turn off update at all levels (inc in group security edit and registry) but the tech guy was very keen to remote ‘fix’ my computer or blatantly say if not, then they cant help me, of which I hear as “may be ms is not quite for me”. I work in those call centre environment b4 and honestly, with the tech guy, that want to be the superstar that is loyal to the company and secure they next rank, customer are the gold mine they work on.

      Look im prob angry that i was being treated that way few days to new yr but i cant help feeling this is the little trick to move the herds to the next product they dont want.
      I was wondering even if I purchase a new activation code, which will last me for 5 year (according to their shelve life) what is to say, more surprises wont be amazingly pleasant?

      anyway tech guy say my OEM activation code was legit after he checked it and also say something is “wrong” with my system setting, of which I manually turn off everything possible that I dont need and dont need to be track or other way to be ‘used’.

      Anyhow, if this computer is locked down by ms due to fail activation code in 2 days, i cannot come here again, you know what happen. As suspected, everything is on a timeline and I thought i have 5 yr b4 this product officially goes out.

      Thought I wish all of you well in the new year to come…
      in case… this is my last post… w window 7 anyway… sad

    • #48099 Reply

      EP
      AskWoody_MVP

      @woody: the one patch that doesn’t get mentioned here before is KB3102429. KB3102429 was offered to me by Windows Update but was UNchecked by default. I didn’t install that one because it breaks stuff with Crystal Reports versions 9 & 10; some business applications that I use on some PCs depend on SAP Crystal Reports. Avoid installing KB3102429 if using any apps that use Crystal Reports.

    • #48100 Reply

      J

      I had to google the Kylo Ren reference. It Makes much more sense now.

    • #48101 Reply

      woody
      Da Boss

      Another good catch….

    • #48102 Reply

      woody
      Da Boss

      The billion dollar baby? Ask any five-year-old. 😉

      Seriously, I think he’s channeling Jar Jar Binks.

    • #48103 Reply

      Nd60

      I thank my god my w7 has MAGICALLY re-activated by itself while offline… but perhaps there maybe smth here for others to learn and be prep if you have time to study ‘my’ case….

      summary: activation appear to gone off due to wu turn off
      activation came back after half-hearted wu (nothing downloaded or even connected) and rebooted 3-4 time while OFFLINE

      long version: we know if user turn off wu then the water mark will appear at corner of desktop saying smth like “this is not a real copy” blah blah… so what if the user ignore it just cont to use it? granted he pay money for a legit copy w full proof of the code and shop receipt…

      would ms deactivate w7 since its say its not the real copy (due to user turn of wu)? legally?

      so turn off wu = deactivation = what?
      unable to use w7 anymore?
      even the user has paid money for the real thing? Thats was what ‘pissed’ me off – where is my right and freedom as end user to choose the features I want on my PERSONAL computer (inc not allowing wu)?

      What Happens If Windows Is Not Activated?
      http://smallbusiness.chron.com/happens-windows-not-activated-34196.html

      so there you go… note the publish date so ‘updates’ on policy and ms new target range may have been expended…

      anyhow back to ‘my’ case and what the ms tech guy from india said (in point form to save time)…
      -wu all turn off as mentioned
      -using alright until yesterday when suddenly notice w7 deactivated and hv 2 days to reactivate
      -online activation fail (pro due to more than 5 times)
      -phone activation fail (prob due to pressing the wrong key)
      -re try phone activation but was decline and sent to tech guy
      -tech took the code and check and confirm its legit and ask remote desktop to ‘fix’ for me i decline (partly due to physical restrain as phone and computer in different room and i dont use wireless ever)
      -after sweet talking him to find the true cause tech guy say activation is not the problem but smth in my computer hinting win setting or other programs… note i was using win w/out problem for months w wu turn off…
      – finally gave up talking since tech guy cant do anything ( ie reset the activation count) but said code can be activate and reactivate millions of times on ONE computer… it can be use on another computer but only ONE will be activated
      – back to pc and turn on wu as if normal setting and click update…. while its searching and connecting (say 10-20 sec) disconnect internet… (actually the connection drop off :D)
      -turn off all wu setting manually again
      -check still deactivated
      -reboot pc and check still deactivated while offline
      -repeated reboot and check 3-4 time while offline
      -and suddenly MAGICALLY its shows its activated
      – its been good 12 hr and its still activated…

      whats next?

      Hmmmmmm…. how can the activation be back while pc was offline?

      thought somebody may have smth there to ref… ms does literally own the backbone of our pc… and hence our ‘life’ and normal functioning… and freedom of choice…

      anyhow another note… some say w7 ultimate and above are still being treated w some grace and respect… anything below it is in the ‘strongly encourage’ conversion process…

      important end note: of course this is just one case and nothing share here is of gospel truth and your case and experience just as your needs are individual and different so use whatever info here to your own benefit (if there is any)
      Also the net is a very murky place and perhaps millions of users has had their code stolen or cracked or whatever… so billy needs to protect his s legally… even rumor has it he may not be the original ‘creator’ of back then…
      and hundred other reasons excuses personal claims and other variation…
      so ms is not ‘evil’ but not so old-customer needs focus as b4… as the focus is more future ‘business’ end…

      anyhow… thats ‘my’ case… we all want to be left untouched from all the wrong places… esp those of us to pay dearly into thousands for when the new product ‘rock’ the world at that time once b4…. good old day of techno color 🙂

      as mention in other post, it is not that the world has gone more evil, but the heart of man has gone darker…
      what then is this lie call ‘evolution’ or ‘technology advance’ when clearly it is ‘devolution’ as this species created as man now voluntarily degrading to be animal? its seems to have lost or kill of its soul… and made the other darker choice…

      anyhow… i believe the hand of the unknown god(s) is supreme and so the lesson here for me, as creature, is… what else do I need to learn and serve?
      why else do I come (or sent) to earth? to ‘get’ more of everything that all of this ‘everything’ will not pass death? for that matter nor do i come into this world with it? so nothing of this ‘everything’ is mine (as in the beginning at birth) or mine to keep (as at the end as death).
      Better to convert this meat body corporeality with the ‘real money’ or medium of exchange i can use to the next world… b4 all of that ‘everything’ is devalue to its intrinsic value – nothing at game-over death… ain’t that smarter?? you would change all your fiat-currency to gold if you knew the former is not going to be around for the next 1000 yr right? 😀

      peace to you all and on earth…
      may your god be merciful and kind to you

    • #48104 Reply

      DAM3

      In Dec 24 patch update, Susan Bradley said that even after installing Kb 3104002, we’re not fully protected. We need to apply a manual step to protect from ASLR. She says Microsoft made it relatively easy via fixit 3125869 and she enabled it on her PCs with no ill effects; and using Chrome or Firefox as default browser won’t lower the risk. She recommends erring on the side of safety and installing the fixit–and download the “unfixit” in case of side effects.

      What are your thoughts about this, Woody? Have you heard of any problems with this fixit? Should we go ahead with it?

      DAM3

    • #48105 Reply

      JB

      Hi Woody, KB3132372 stops INCREDIMAIL from working in Win 10

    • #48106 Reply

      Ty

      Re: turning off Diagnostic Tracking Service.

      I don’t have it installed but I do have KB 3068708 available in optional updates. Is it better not to install that service or should I install it and then turn it off? I ask because in Susan Bradley’s article she wrote this: (Note: If you don’t see the service, it’s probably because you’re behind a domain and didn’t get optional updates KB 3075249, KB 3080149, and KB 3068708 installed, install that service.) So it sounds like she is saying it’s better to install and turn it off but it seems counter intuitive to me so I thought I’d ask you.

      Thanks and Happy New Year from Kamala.

    • #48107 Reply

      woody
      Da Boss

      From Kamala! Oy. Wish I was back there!

      I would say don’t install it. Save yourself the headache. Particularly if KB 3068708 shows up as optional, and not checked.

    • #48108 Reply

      woody
      Da Boss

      Ouch. Yep, I’m seeing comments on Tenforums about Incredimail and another app (unidentified) as going belly up with this new IE 11 patch. Thanks for the note!

    • #48109 Reply

      woody
      Da Boss

      I’d say go ahead. I haven’t heard of any problems – and please report back!

    • #48110 Reply

      louis

      @DAM3, @woody

      “…fixit 3125869”

      And where is this fixit located?

      Thanks…

    • #48111 Reply

      woody
      Da Boss
    • #48112 Reply

      louis

      @woody

      Thanks for the link.
      Is MS serious that the average user has to jump through all these hoops to secure an OS and/or a browser?

      It’s 2015…soon to be 2016 and users are wasting hours trying to keep up with the incompetence coming out of MS.
      If I didn’t read your website I would never know about this so called “fixit”. The average user is not reading this website and will not know about this additional step to take after updating/upgrading IE. And the average user doesn’t care.

      These people in Redmond need a slap upside their head. And this is just another reason to move to Apple, or Linux or whatever…who has the time, the energy or even the interest to continue to search on a daily basis for ways to do MSFT’s job?

      I am becoming truly disgusted with this crap.

    • #48113 Reply

      woody
      Da Boss

      Microsoft’s slacking off with IE, in my opinion. They’re devoting all their energy to Edge and just haven’t been playing their top game with IE.

    • #48114 Reply

      DAM3

      Just finished installing the Fixit 3125869 on two laptops and two desktops running Windows 7 Home Premium and IE 11 (with patch Kb3104002 already installed). It’s actually been a couple of days for one desktop. Seems to be okay for all of them so far. Just watch the Fixit screen carefully so you don’t close the fixit dialog box too soon. The fixit instructions page tells you to restart the computer once the fixit is complete.

      Of course, I never use IE 11 either but Bradley says the Fixit must be installed anyway to be protected.

      DAM3

    • #48115 Reply

      woody
      Da Boss

      Got it. Yep, she’s right.

    • #48116 Reply

      D.

      @woody,
      Today I am researching what various experts and customers have said about the December updates for Win 7 in order to decide what to install and what to hide on my laptop.
      After reading all of your blog posts for the month of December and making note of things I should watch out for (including your Dec. 30th comment, just above, about 3068708),
      I moved next to glean info from the “Bork Tuesday” thread at wilderssecurity.com, and I noticed that some folks there were recently discussing 3068708 (around about the following point in the thread: http://www.wilderssecurity.com/threads/bork-tuesday-any-problems-yet.370217/page-59#post-2547343),
      and they said that for Win 7, 3068708 contains some kernel security patches that Win 8.1 received separately in a security update, while Win 7 didn’t receive them in a security update but only in this “optional-and-recommended” update.
      I don’t know if those folks were actually correct about that issue,
      and I’ve personally got no idea what the kernel is and how important it might be to install every single update of it that is published (and if updates to it build on each other — requiring a full set of the old ones, for any future ones to work properly), so I thought I’d ask for your thoughts on this kernel-update issue, in relation to 3068708 and Win 7.
      [Note: In my laptop’s Windows Update, a few months ago I hid 3068708 as per your advice at that time, and today 3068708 is still showing up in the “hidden” section, marked as “recommended”.]
      Thank you,
      and Happy New Year!

    • #48117 Reply

      Charlie
      AskWoody Plus

      @louis – Very well said louis! I agree with you 100%. I’m getting a headache just reading all of this, and all those fire-ringed hoops we are forced to jump through come on a much too frequent basis!

      Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

    • #48118 Reply

      woody
      Da Boss

      Looks like KB 3068708 is one of the very rare patches for Win7 that actually does something. Yeah, you should install it.

      UPDATE: I’ve recanted. If the patch isn’t checked, don’t install it. I have more research to do on this one.

    • #48119 Reply

      D.

      Thank you for your response, Woody.

      I have a further question for you about this patch, which I spell out at the end of this comment.

      —-
      For readers’ general information, I have come across the Microsoft statement that this patch contains security-related kernel updates for Win 7:

      “The Windows 7 offering also supports the kernel updates that were deployed separately to Windows 8.1 through security update 3045999.”

      (source https://support.microsoft.com/en-us/kb/3068708)

      —-
      Woody, in June, you wrote about 3068708:

      “There’s open speculation… that KB 3068708 is just our old foul friend KB 3022345.
      You may recall that KB 3022345 triggers (incorrect) errors in the Microsoft SFC system scan routine.
      It also has a long history of other problems.
      Microsoft promised that KB 3022345 would have “an upcoming version that will be a compatible upgrade to either version” of KB 3022345.
      Could this be an attempt to get 3022345 installed on systems that have the ill-fated update hidden?”

      (source http://www.infoworld.com/article/2930713/microsoft-windows/microsoft-re-re-releases-kb-2952664-kb-2976978-and-kb-2977759.html)

      By the way,
      as of Jan 2 (today), the Microsoft description for 3068708
      (source: the same Microsoft support url as given at the start of this comment)
      says that the SFC system scan problem is *STILL* not fixed:
      “Note: When an advanced user runs the System File Checker tool (sfc.exe) after installing this package, the two files that are listed above are unintentionally flagged as corrupted. There’s no system effect or corruption when these files are flagged, and this issue will be fixed in a later service update.”

      —-
      In September, a colleague of yours at infoworld.com wrote an article about avoiding 3068708 and other updates —
      it is at: http://www.infoworld.com/article/2979054/windows-security/windows-7-8-10-now-all-collecting-user-data-for-microsoft.html

      —-
      In a September article about 3068708, you wrote:

      “KB 3022345, since replaced by KB 3068708, says, “By applying this service, you can add benefits from the latest version of Windows to systems that have not yet been upgraded.”
      That looks like a lightning bolt to any tinfoil hat.
      Read further, though, and Microsoft says the patch “collects diagnostics about functional issues on Windows systems that participate in the Customer Experience Improvement Program,” which is a horse of a very different color.”

      And “…I don’t mean to tell you that the new reach of the CEIP in Windows 7 and 8.1 is innocuous. Clearly, Microsoft is gathering more data.
      But it’s more of the same-old, same-old: The “new” CEIP in Windows 8.1 or Windows 7 isn’t much different from the “old” CEIP.
      It’s hardly the stuff of mainstream newspaper headlines or threats to boycott older versions of Windows.”

      (source: http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html)

      This seemed to imply that you thought at that point that the data-gathering of this patch was not so bad, and could be mostly controlled by the user (by adjusting the CEIP settings).


      In October, you wrote about the 3068708 patch:

      “…make sure [it is] unchecked, right-click on the patch and “Hide” it. [It is one of a set of] Win10 nags or telemetry patches.”

      And “(If you’re double-checking with last month’s recommendations, note: I received official information back from Microsoft about those patches, and it was demonstrably incorrect and/or misleading.)”

      (source: https://www.askwoody.com/2015/msdefcon-3-patch-windows-beware-snoops/)

      Does that mean that the relatively-relaxed opinion that you had of it – as described in the September article – had become more suspicious by the October article?


      Last year, I was SO careful to avoid downloading 3022345,
      but if I install 3068708 now, I guess I’ll be inviting in 3022345 to my computer after all.

      🙁

      But I don’t want to miss out on an important kernel update.

      And now that you’ve stated in this discussion thread that it *should* be installed on Win 7, I will do so.

      —-
      At this point, my follow-up question(s) to you is(are):

      If I install this, what exactly do I have to take steps to limit/what should I be wary of?

      Specifically, I have gleaned that it:

      a) Installs more data-gathering capabilities/telemetry facilities on the computer
      a1) Microsoft says that the customer can pretty much opt out of all the new telemetry
      a2) Microsoft says that the data gathered is not of any personally-identifiable info, anonymous, etc. etc.
      a3) My question: Apparently you discovered in the run-up to your October article that opting out of the data-gathering is not so straightforward and the telemetry will continue to happen in a hidden way, regardless? Or what did you find was “incorrect and/or misleading” about what Microsoft had told you in September about this update?

      b) Screws up the results of SFC scans
      b1) Microsoft says that a fix for this will be released in the future — but they have been saying that for months, apparently
      b2) My question: I don’t normally do SFC scans — is there anything in particular I need to know about this problem? Will it harm my computer if I do a scan – will it advise me to delete files that should actually not be deleted? Should I avoid doing any future SFC scans until I learn that this problem is fixed?

      c) Anything else (unwelcome) that it does?
      One of the above quotes of yours says that 3022345 has “a long history of other problems”–
      Is this one of those patches that puts the computer on a torturous path to the “get Windows 10” malarkey? Even though I’ve been really careful to avoid the Windows-10-transition stuff up to now, if this patch is installed, am I going to have to battle GWX from the inside of my computer (presumably with the help of that third-party program you have recommended)?

      Thank you — I hope this message has not been too long and convoluted.

      —-
      By the way, from my own experience with trying to get a handle on these twinned updates since May, and from some of the recent comments on the wilderssecurity.com thread that I referenced in my earlier post on this discussion, I expect that a lot of Windows 7 users who are earnestly trying to be as careful as possible with protecting their Windows 7 machines have put these 2 updates on their “never download/keep hidden” list, not knowing that 3068708 contains security-level kernel fixes which should be installed.
      I know that you recently wrote that you are stepping away from discussing Windows 7 updates individually in your writings,
      BUT if Windows 7 users actually ought to install this — despite the many voices on the internet that have said it can and *should* be ignored/hidden — this particular issue might be something that would help a lot of people if you brought it to their attention in a new blog post.

    • #48120 Reply

      Ty

      Now I’m confused. Telemetry service and security update in the same KB, but MS marks it as optional and not important. Khun Woody, You just told me not to install it but your telling D to install it. Your starting to sound Thai, whatever makes you happy 555 🙂 not a bad thing. I blame MS!

    • #48121 Reply

      woody
      Da Boss

      I should probably say that I’m ambivalent, eh? I’ll recant. If it isn’t checked, don’t install it.

      If I have a chance this week I’ll look into the kernel changes. Bizarre patch.

      Sawadee pi-mai!

    • #48122 Reply

      woody
      Da Boss

      You’re right. I need to devote more research to this furshlinger patch. For now, if it isn’t checked, don’t install it. I’ll see if one of my insiders can give better guidance.

    • #48123 Reply

      louis

      @woody @D

      Since it appears that once a thread gets a number of Replies, further Reply options are not available. I will submit a short Reply at this point in the D-Woody conversation.

      @D points out some interesting “concerns”, but much of what D is saying/questioning requires users and readers of AskWoody to “take what MS says at their word” regarding KB 3068708. Consider, if this is a security update that is kernel related why was it-is it, unchecked??

      I’m sorry, I no longer take Microsoft at their word regarding any of their updates and patches. I don’t know how anyone could at this point given this GWX fiasco…

      As well, has anyone considered that as we sometimes wait a month or more to install recent updates/patches, I’m not aware of security issues rearing their ugly head in that 4-5 week window before installation. So how “Important” are these “Important” updates, really?

      One last thing, for a “kernel” update/patch, KB 3068708 was sent to my W7 x64 machine as “Recommended”.
      Really? A kernel security update is only labeled as “Recommended”?? Please, who’s zoomin who here??

    • #48124 Reply

      woody
      Da Boss

      I had nesting limited to five deep in the comments. I bumped it up to 10. I hope that doesn’t affect legibility too much… but it should take care of the Reply problem you mention. I think.

    • #48125 Reply

      woody
      Da Boss

      P.S. It’s exceedingly rare for “important” updates to get widespread exploits for months after they’re released. There are exceptions – and anyone who’s keeping important company or state secrets should get patched more rapidly. But for most users, most of the time, the MS-DEFCON pace works, IMHO.

    • #48126 Reply

      louis

      @woody

      “So how “Important” are these “Important” updates, really?”

      “It’s exceedingly rare for “important” updates to get widespread exploits for months after they’re released.”
      ————————

      Allow to me relay a brief story…a story I have first hand knowledge of. I’m not recommending anyone do this, but I am just recounting the facts.

      I have a good friend, John, who is a lawyer and an IT guy who has been doing professional development and coding for years. This friend has been using Windows since 3.0 and has been involved with computers even before that. Any time I had a semi serious issue with my windows machine I would always ask him for assistance.

      From Windows 3.0 through Windows 8 my friend John NEVER installed an update or a patch. On a couple of occasions John was forced to install hundreds of updates in one shot if something he was working with required that Windows be updated. Generally, over those 25+ years, that only happened, as I indicated, 3 or 4 times. Much to my astonishment, John, running at various times, McAfee, Norton, Kaspersky, IE, Firefox and the last couple of years Chrome…NEVER got a virus, malware, or had his computers or servers ever been compromised. I used to tell him he was taking a big chance…he used to laugh at me.

      Up until a couple of months ago, when he decided to upgrade to W10, his track record of his machines never being infected or compromised, stood. Now, on W10, he is forced into updating-patching and he’s not happy. But that’s another story.

      The reason I relate this story is, 25+ years of basically ignoring MS’s warnings of “threats”, leaving his machines unpatched, but evidently not vulnerable, John confidently went about his work and never worried a bit about patching. And he never got hit. How does that happen? Luck? Coincidence?? I don’t think so.

      Now that we’ve seen how MSFT has handled this W10 “upgrade” and the misinformation and vague documentation they have released, it certainly makes me wonder about whether MSFT’s patching stuff is more about instilling FUD in their user base than it is about making that user base secure.

    • #48127 Reply

      Deborah

      I haven’t updated my Win7 laptop yet (I usually do it the Sunday afternoon before the next update is scheduled), but after reading various posts here I hide KB3112343 marked as “Important.” Now, today, KB3102810 is back in my list, also listed as “Important.” Wasn’t this a previous update we were warned about?

    • #48128 Reply

      D.

      @woody,

      1. Thank you again, for your guidance regarding that odd patch.

      2. Regarding the nested replies, I think it’s a great thing to increase the available layers — however, I do not see any more layers available today than I previously saw…? The reply button is not showing for me on Louis’ or Ty’s comments just above, for example.

    • #48129 Reply

      D.

      @Louis,

      You wrote,
      “@D points out some interesting “concerns”, but much of what D is saying/questioning requires users and readers of AskWoody to “take what MS says at their word” regarding KB 3068708….
      I’m sorry, I no longer take Microsoft at their word regarding any of their updates and patches. I don’t know how anyone could at this point.…”

      On the contrary, I am/was not taking MS “at their word”.

      My default position is to independently-verify everything.

      Indeed, I even politely “pushed back on” Woody about _his_ stated position on this issue, _which one does not undertake lightly_! 🙂

    • #48130 Reply

      woody
      Da Boss

      Interesting. As far as I can tell, KB3102810 wasn’t re-released, so there may be something else going on. It’s another of the suspicious Win7 patches that may, in fact, do some good.

    • #48131 Reply

      woody
      Da Boss

      He was lucky. Or perhaps he got hit and didn’t know it.

      You have to update sooner or later. I just prefer waiting to see what gets broken, and only applying patches after the coast looks clear.

    • #48132 Reply

      louis

      @woody

      And I agree with your approach. And that’s why I follow you and your site.
      But, I can’t imagine my friend was just lucky….25+ years of never patching unless Visual Studio, .NET, etc., needed to be patched, and this IT professional navigated the internet from W3.0 through 8.1 without any problems. Where there’s smoke there’s usually fire. Keeping your user base “fearful” keeps them active, upgrading and spending money.

      I hope you have a chance to read this morning’s Forbes article: “Microsoft Warns Windows 7 Has Serious Problems”

      http://www.forbes.com/sites/gordonkelly/2016/01/02/microsoft-windows-7-problems/

    • #48133 Reply

      rc primak

      This may be a bit off-topic, but it has to do with Windows 10 updating of Windows Store Apps over a slow DSL connection.

      How can the Windows Store download 75 MB And not get even 10 MB of that bandwidth applied toward one single update of a Store App?? I’ve had this happen nearly every time I try to do the Windows 10 Windows Store App updates over a slow AT&T DSL Internet Connection. It doesn’t happen on public networks. I have shared updating over my own network only, and I have used third-party WiFi analyzing tools and found no one is connecting to my home network other than myself. Is Microsoft ignoring the setting not to share updates with everyone on the Internet when I allow sharing only over my home network?

      I measure my real bandwidth used with SoftPerfect Research’s Networx utility. Networx is also used to determine that on true broadband connections (1.5 MB/sec or better), such wastage of bandwidth is rare to nonexistent.

    • #48134 Reply

      Charlie
      AskWoody Plus

      You know, just the fact that M$ CAN still update and support IE-9 and IE-10 on much OLDER OS’es like Vista tells me that they are doing this deliberately. Sounds like something rotten and it isn’t in Denmark.

      Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

    • #48135 Reply

      rc primak

      Update to my comment today about Windows Store Updates:

      Regarding not respecting the Share Updates Over My Network Only vs. to anyone on the Internet:

      It’s true! My Windows 10 Pro installation is not respecting my restriction. As long as the Share over My Network Only item is ticked, but the ability to upload updates to other computers is enabled, this restriction is being ignored. This changed behavior of the Windows Store updates began in December with the Cumulative Update for December 2015.

      This change is so far only affecting my Windows 10 Pro laptop, not my Windows 10 Home tablet. On the tablet I have not enabled any sort of updates sharing, due to its processing limitations.

      It appears that since the Cumulative Update, I can’t allow sharing of Windows Store updates over my local network without having my bandwidth used to share updates all over the world via the Internet.

      I won’t risk more bandwidth wastage testing the more general Microsoft or Windows Updates for this change in the connection sharing settings behaviors. The user (Administrator) settings are definitely being ignored, at least for Windows Store Apps updates.

      My PC to router connection is WIFi, not wired.

      I have disable all updates sharing, and then only the bandwidth hogging absolutely ceases. I can now update my own Store Apps and I get full use of the bandwidth used for my own updates and nothing else unexpected.

      This looks very suspicious!

    • #48136 Reply

      jah1subs

      Woody:

      I am staying with Windows version 10240 for a while until I can safely upgrade one desktop program. I have used the metered connection suggestion to block further cumulative updates.

      In your original post that created this thread, you wrote about MS Office Version 6366. My Office Pro license comes from an offshore business partner that uses Office 365. They provide Office 365 with traditional Office 2013 installed to the individual machine, not Click-to-Run, from what I can tell.

      For the past two weeks, I have been seeing the message in all of my Office 2013 programs “Updates ready to be installed, but first we need to close some apps.” To the right of this it says “Update Now” in a box.

      Did you mean to imply in your original post that only the Click to Run Version of 6366 is a risk or that all versions of Office, specifically this downloaded version, is a risk?

      I asked the offshore support desk on Christmas eve whether or not this is version 6366 and have no answer back.

      Please write back.

    • #48137 Reply

      woody
      Da Boss

      If you’re running traditional Office 2013 apps, not Click-to-Run, as I understand it, you have nothing to fear. One piece of advice though: create a backup of your normal.dotm and normalemail.dotm files. That way, if something goes south, you can manually put the correct versions back.

    • #48138 Reply

      woody
      Da Boss

      Sounds like a good one for the Microsoft Answers forum….

    • #48139 Reply

      jah1subs

      Woody:

      As important as those two templates are, this is something that probably should be recommended as a best practice for Word and similar saves should be made for other templates across Office.

      This reminds me that infrequently (less than once a month?) I have a message pop up: “normal.dotm has been changed, would you like to keep the changes?” I have always answered “No” so far and nothing has happened.

    • #48140 Reply

      rc primak

      Probably something they already have an answer for. But maybe a good idea to post so that they know about a potential issue. My interim solution was to use public broadband WiFi.

      If the same siphoning off of some bandwidth for some non-updating use is indeed happening, over true broadband (say, 1.5 Mb/sec or better) the amount of the performance hit when downloading would be small enough so as not to be noticed by most people. It wouldn’t conspire to cause timeouts and endless download restarts on downloads over 12 Mb for Store Apps, the way AT&T DSL at my house is experiencing. No such timeouts ever occur with the main Windows Updates service. That updater is remarkably persistent! But it doesn’t have this kind of background chatter.

      I did succeed in getting the Store Apps updated using public broadband WiFi. I also downloaded the ISO for the Windows 10 Pro Media Creation Tool. But then I found out that my laptop’s aging DVD burner was no longer up to the task. (USB media creation is not an option when the USB installer wants to use EFI Fast Boot. USB+EFI is not an option in my laptop’s BIOS.) Three “coasters” later, I am going to order a replacement DVD drive. This may be the final hardware replacement for that laptop. Time for a new 2-in-1 or somesuch.

    • #48141 Reply

      woody
      Da Boss

      Yep, I’m writing it up even as we speak…

    • #48142 Reply

      Ruth

      Dear Woody,

      I am just a regular person who needs their computer and I am so confused.

      Some background–I never reserved my Win 10 copy when offered on my Windows 7 Home Premium. I figured I would let the dust settled, and it turns out it has been a fallout storm–Why couldn’t MS just labelled the updates readying people for Win 10 in a section titled-files to get you ready for Win 10 should you so decide to update to it?–I guess that would be too logical, but . . .

      I have always had my Win Updates set to check for updates and let me decide when to download them.

      October 17 I walked away from my computer and suddenly it was downloading all sorts of Windows 10 files to “get me ready”. I did not have the two hidden folders because I never reserved Win 10. I also found my update settings had been changed to automatic downloads. I know MS changed this because I had been careful to check regularly.

      I did a system restore, but my computer was rendered a mess after that. Finally in mid-December I had the system wiped and the restore files put back on this older Toshiba Satellite. After that I took it home and the first update it installed was an update to the win update agent 7.6.7600.320 and after that it has taken up to 24 hours (while preventing my computer from sleeping) to check for updates and download the ones I have chosen. At first when I noticed this I took it back to the “computer wipers” and they insisted I’d have to pay more money to look at it. I said forget it. I have been struggling ever since. I don’t think they knew about the brand new updater.

      I have the newest GWX Control Panel installed–thank you Mr. Mayfield. It says I have no traces of Win 10.

      Now, to the real question, I finally installed the IE 11 cumulative update KB3104002 yesterday. Now, I find that I need the Fix-it KB3125869, from reading your column and other posts. I will install it, but have not yet.

      Since installing 3104002 the computer is a bit weird–mainly when clicking on links it freezes things for a number of seconds, but mainly this is in IE–I am primarily using the new Firefox-64 bit now, based on your advice to not use IE. It is freezing a bit here on your site now and then when I type. Although I did not test it much before. I get jerky movement of the screen and I have gotten graying out of the screen, and a long time for the Task Manager to open–almost a minute– even though I am in Firefox. It was not doing this before this IE 11 cumulative update. Is this typical behavior? It also took a while for my GWX CP to just open from the taskbar.

      I do not have malware according to Trend Micro Premium 2016, or Malwarebytes Premium.

      *Importantly, regarding KB3104002, another posting area says I also need KB2109094 along with the Fix-it KB 3125869 in order to avoid this ALSR vulnerability. Is this true?

      I have read that KB3109094 is linked to Win 10, which I am avoiding at all costs. Is it true that I need this update also? No one in your column here mentions it.

      Since installing the KB3103004 I also have been informed by Win Update that I need the following updates. There first 3 were already installed and are shown on the installed update list from the Control Panel. They are KBs 3035132,3035126 and 3078601.

      I have since read that KB3078601 is connected to Win 10, should I uninstall it?

      Why are the others there again?

      I have hidden KB3112343 based on my reading. Others I wonder about are:
      A new one from February showed up–Kb2912390
      KB3042058-supposedly contains Winlogging, whatever that is–is it related to Win 10?
      KB3086255
      KB3102810
      KB3100213

      KB971033 (not checked, but many say avoid it based on the fact it may give MS spying privileges in the future-should it be intalled?)This multiple information stuff is making me have awful headaches.

      . . .and while I pile on the questions which have arisen from reading all this stuff as a non-computer educated person. . . .what are leaks in Windows Updates? How do I know if I have them, and should I install KB3050265?

      Your posters are correct–not knowing how to patch the patch for IE 11, is one of those things the typical “user” would never know about. What is it with MS?

      I need this computer because I have been a PC users for decades now and have many records, and research and important personal stuff in PC format, but I am going to transition to MAC. I believe I need this PC to do that and don’t want to buy a new PC to be able to transition to a MAC. In the mean time, I need to be safe, and still avoid Windows 10.

      Thank you so much–Ruth

    • #48143 Reply

      woody
      Da Boss

      That’s a lot to digest! First and foremost, while we’re at MS-DEFCON 4, I suggest you go into Windows Update and install everything available (keeping the advice in the original post in mind, of course). Slowing of Windows Update has been tackled by numerous patches and you may find some relief there.

      Next, if you’re having trouble with Firefox, why not try Chrome? You need to realize that Chrome sends all of your browsing history to Google, but if you use Firefox for any sensitive browsing, you should be fine.

      Transitioning to a Mac is a reasonable alternative. I use a MacBook Pro all the time – running Windows 7 on BootCamp. Works very well, in my experience.

    • #48144 Reply

      Ruth

      Dear Woody,

      Install everything available? If you really believe that KB3102810 is fine now versus November, I will install it, but it is to Improve the Windows Update Experience and on November 7 you indicate not to install it in a response to a person.

      From what I understand a prevent windows 10 program DSWlite uninstalls Kb3042058. Thus indicating to me it is a Windows 10 program. As I said, for a common user this is very confusing.

      How do I install the updates already installed that WU says needs to be installed again. WU is not updating them.

      Is there any chance you will look into the Fix-it KB3125869 also requiring KB3109094? Others here may need to know that too.

      If as you suggest, I keep in mind the original post, above, the only thing that applies would be the IE 11 cumulative update, which, I suppose I should not have installed. Instead of the Fix-it should I uninstall the IE 11 cumulative update KB3104002, or do a system restore?

      I will wait to hear if I should uninstall KB3104002 or do a system restore before I proceed. I will not even do the Fix-it. I’d also like to hear what you now think of KB3100213

      Ruth

      Thanks,
      Ruth

    • #48145 Reply

      woody
      Da Boss

      Microsoft has peppered Win7 and 8.1 with so many “Windows Update Experience” improvements that it’s hard to keep track of them all. I’ve basically thrown in the towel – let MS improve its update experience, but don’t install Win10 until/unless you’re ready for all it entails. Run GWX Control Panel to remove any chance of installing it accidentally.

      If WU says you need to install something – even something that’s already installed – you should go ahead and do it. The alternative is to follow a list of “bad” updates and not install those, fully realizing that the people who put them on the “bad” list are working from barely functional descriptions, and that other updates you may install may do something just as bad. It’s turned into a real cesspool.

      As far as I know, KB 3125869 does not require KB 3109094.

      No need to uninstall KB 3104002. Just don’t use IE!

      KB3100213 covers a very rare problem. I haven’t seen any discussion of it, other than the failure to install problems that seem to plague many patches.

    • #48146 Reply

      Ruth

      Dear Woody,

      Okay, I will move forward early next week.

      My attempts at reading the MS15 document on KB3102810 show it seems to involve an issue with “System Center Configuration Manager”. That doesn”t seem to apply to individual PC users. It seems relevant if you receive updates from this SCCM (if you are on a domain that uses SCCM to push Windows Updates), and as someone else said if you’re trying to upgrade to Windows 10 and svchost.exe if causing an issue.

      I don’t understand why I’d be offered it (it was checked) in my home, on my single PC, and I am not trying to upgrade to Windows 10.

      Would holding off on it be a problem?

    • #48147 Reply

      Deborah

      I didn’t install it before, so I won’t be installing it again.

    • #48148 Reply

      owburp
      AskWoody Plus

      Woody and Ruth, not to churn up the already muddy waters, but Microsoft’s description of the Fixit at

      https://technet.microsoft.com/en-us/library/security/ms15-124.aspx#Fix_6161

      specifically mentions the sequence of installation being Cumulative Update for Internet Explorer 3104002, then security update 3109094, and finally easy fix 3125869.

      It caused me to scramble to find references here for 3109094. Then I realized that it was included in the December collection of Win Updates that I had installed when you moved us to Defcon 4.

    • #48149 Reply

      woody
      Da Boss

      Mea culpa. You’re right!

    • #48150 Reply

      woody
      Da Boss

      I don’t see any problem with holding off. No idea why Microsoft is presenting it as a checked option.

    • #48151 Reply

      owburp
      AskWoody Plus

      @woody … Darn. Now I feel like “Gunga Din”.

      (except without his snarky arrogant Microsoft-bigot attitude …….)

    • #48152 Reply

      Ruth

      Dear Owburp,

      Thank you for the clarification!

      Funny, I received 3109094 far earlier than 3104002, and of course I have not received the fix at all. I only learned about it here. There’s nothing that makes any sense about this stuff any more, and obviously, as just a confused consumer/user I tried reading the MS15-, but didn’t catch it at all.

      When I can face it again early next week, I will install 3109094 and then the fix. I am going to try to use a friend’s Mac Pro this weekend to try it, and do some important things. Phew!

    • #48153 Reply

      woody
      Da Boss

      😉

    • #48154 Reply

      Steve Charleston

      Bgt new HP Envy laptop, I7 chip, 16G ram w win10 pre installed.Using wireless mouse. Cant disable touchpad without it turning on again on reboot. HP tried 3 times and gave up. Typing a pain w touchpad on.
      Went to Woody Win forum and found many w same problem. Microsoft responded with many solutions that didnt work for them or me. I finally placed shortcut to mouse properties on desktop and disable touchpad for each session. Royal pain.
      You were correct when you said “if you are still using XP you are begging for problems”. So I bgt a new Win 10 toy and found the problems I begged for. Many of them.
      As for the touchpad problem? Microsoft thinks it should turn off even after reboot.HP thinks the same. The Emperor has no clothes.

    • #48155 Reply

      woody
      Da Boss

      [sigh]

    • #48156 Reply

      Steve Charleston

      Your sigh inspired me. I went to Device Mgr via control panel, found pointing devices and Synaptics touchpad and downloaded and installed new driver even though HP and Microsoft and my laptop kept telling me it was up to date. AND IT WORKED.
      Cant take credit. Google hit advised ignore all protestations of “up to date” and just do it.
      I did it and it dood it.

    • #48157 Reply

      woody
      Da Boss

      Awwwwwright!

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 4: Get Windows and Office patched, but watch out for Kylo Ren

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: