News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Don’t install any updates yet – but here’s where to find them

    Posted on October 11th, 2016 at 12:11 woody Comment on the AskWoody Lounge

    We’re going to be discussing today’s patches, but DON’T ASSUME THAT YOU SHOULD INSTALL THEM.

    You have plenty of time to wait and see if they break anything.

    With that as prolog, addobi86 just provided info for the two patches that’ll be on everyone’s minds.

    The security-only Win 7 Oct 2016 patch is KB3192391. You can find it here:

    http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3192391

    The security-only Win 8.1 Oct 2016 patch is KB3192392. Find it here:

    http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3192392

    There’s also a security Win 8.1 patch for Flash, KB3194343 and it’s here:

    http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3194343

    Windows Update in Win7 now showing Oct 2016 “Security Monthly Quality Rollup” (in other words, the security + non-security cumulative update) KB 3185330 and Oct 2016 “Security and Quality Rollup for .NET” KB 3188740. No surprises.

    And our good friend KB 2952664 – the detested snooping patch – is back, as a Recommended, optional patch.

    Look but don’t touch, OK?

    The Security Bulletins are up. They don’t include KB numbers, as expected, but I continue to wonder… how will Vista users install security patches?

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Don’t install any updates yet – but here’s where to find them

    This topic contains 253 replies, has 14 voices, and was last updated by  Lea 2 years, 1 month ago.

    • Author
      Posts
    • #32013 Reply

      woody
      Da Boss

      We’re going to be discussing today’s patches, but DON’T ASSUME THAT YOU SHOULD INSTALL THEM. You have plenty of time to wait and see if they break any
      [See the full post at: Don’t install any updates yet – but here’s where to find them]

    • #32014 Reply

      Lea

      Same for Windows 10 version 1511?

    • #32015 Reply

      woody
      Da Boss

      Yes.

    • #32016 Reply

      Chris

      Do you think is safe to just install the .NET rollup?

    • #32017 Reply

      woody
      Da Boss

      I wouldn’t touch it until we’ve heard the screams of a thousand dying souls.

    • #32018 Reply

      bobcat5536
      AskWoody Plus

      As a novice, there are 5 updates with the same KB. Which one or ones do I get?

    • #32019 Reply

      Anonymous User

      Hi Woody. Just wanted to point this out.
      Apparently the October rollup includes the fixes from the September rollups for 7/8.1 according to the update history.
      https://support.microsoft.com/en-us/help/22801
      https://support.microsoft.com/en-us/help/24717

    • #32020 Reply

      Mike in Texas

      Again, MS shows it’s “quality” in that KB3192391 knowledge base “More Information” has no data and displays an “Sad Face” emoticon.

      https://support.microsoft.com/en-us/kb/3192391

      MS: “For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.” – and we’ll show you a sad face… 🙂

    • #32021 Reply

      Anonymous User

      It’s as if a million machines screamed out in horror and then were suddenly bricked.

    • #32022 Reply

      zero2dash
      AskWoody Lounger

      As I suspected, you can use the IE Tab extension to browse the site in Chrome (and I assume also Firefox). Also, you can go here to see all the updates for 7: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=Windows+7 (and then sort by the “Last Updated” column)

    • #32023 Reply

      woody
      Da Boss

      Yep. That’s as expected. See the description in https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history

      This security update includes improvements and fixes that were a part of update KB3185278 (released September 20, 2016), and also resolves the following vulnerabilities in Windows:

      Security updates to Windows authentication methods, Internet Explorer 11, Microsoft Graphics component, Microsoft Video Control, kernel-mode drivers, Windows registry, and Microsoft Internet Messaging API.

    • #32024 Reply

      Megan Ryan

      Any word on the windows update speed up for the month?

    • #32025 Reply

      woody
      Da Boss

      Yeah, the RSS listing is really incomprehensible.

      If you have 64-bit Win7, you want this one:

      October, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3192391)

      If you have 32-bit Win7, take this:

      October, 2016 Security Only Quality Update for Windows 7 (KB3192391)

      But, again, DON’T UPDATE ANYTHING YET.

    • #32026 Reply

      zero2dash
      AskWoody Lounger

      According to the site, under “Package Details”, 3192391 replaces:
      Security Update for Windows 7 for x64-based Systems (KB3124280)
      Security Update for Windows 7 for x64-based Systems (KB3139852)
      Security Update for Windows 7 for x64-based Systems (KB3140410)
      Security Update for Windows 7 for x64-based Systems (KB3145739)
      Security Update for Windows 7 for x64-based Systems (KB3153171)
      Security Update for Windows 7 for x64-based Systems (KB3153199)
      Security Update for Windows 7 for x64-based Systems (KB3161664)
      Security Update for Windows 7 for x64-based Systems (KB3167679)
      Security Update for Windows 7 for x64-based Systems (KB3175024)
      Security Update for Windows 7 for x64-based Systems (KB3177725)
      Security Update for Windows 7 for x64-based Systems (KB3178034)
      Update for Windows 7 for x64-based Systems (KB2846960)
      Update for Windows 7 for x64-based Systems (KB3156417)
      Update for Windows 7 for x64-based Systems (KB3187022)

      I’m interested to dig those all up and see what those were for.

    • #32027 Reply

      TonyS
      AskWoody Plus

      Got Silverlight (3193713) and .NET (3188740)

      Also got Security+non-security Rollup (3185330) but not Security Rollup (3192391) – is that because the latter is contained de facto in the former?

      Until further notice I’m retiring to the bunker with a hotline to Woody (to whom, many thanks once again).

      Win7 (both x86 & x64) Home Premium, Avast Free plus MBAM 3 Premium, PaleMoon not IE, OpenOffice not Office, Sumatra PDF not Adobe.
    • #32028 Reply

      zero2dash
      AskWoody Lounger

      Ah, apparently the newest (Security) updates highlighted above are not showing up in that list (which should show all Win7 updates).

    • #32029 Reply

      woody
      Da Boss

      To the bunker!

      Don’t install anything. Wait for everybody else to get hit.

    • #32030 Reply

      woody
      Da Boss

      Good ones!

    • #32031 Reply

      woody
      Da Boss

      HARRRRR!

    • #32032 Reply

      TonyS
      AskWoody Plus

      That’s why I’m in the bunker 🙂

      Win7 (both x86 & x64) Home Premium, Avast Free plus MBAM 3 Premium, PaleMoon not IE, OpenOffice not Office, Sumatra PDF not Adobe.
    • #32033 Reply

      Chip Ford

      Good Morning Woody,

      I just did this procedure and got to the correct page for downloading the October Security Update (I didn’t download it). This seems to work, as I had done this experiment awhile ago.

      Much thanks and appreciation for all you do for us; and thanks also to all who contribute.

      Procedure: (I’ve set this up in One Note and as such, the link works. You can either set it up in One Note, or manually input this into your browser).

      1) Click on: http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KBxxxxxxx

      2) This brings up a Google Search box. Delete the “xxx’s” and input the KB # you are looking for.

      3) This brings up the XML document dealing with the KB.

      4) Locate Security Update for Windows 7 (it’s 3/4 of the way down the page).

      5) Highlight / Select the for http://go.microsoft.com (it’s right below the title line).

      6) Right Click on the selection and select “Go To”

      7) This will take you to the correct page for the download.

      Chip

    • #32034 Reply

      bobcat5536
      AskWoody Plus

      So if I choose to not install the monthly rollup KB 3185330 and go with the security updates only, do I still install the rollup for .NET framework 3.5.1, Silverlight,and software removal tool from Windows Update or just ignore Window Update all together ?

    • #32035 Reply

      woody
      Da Boss

      That gets you to the 32 bit download

    • #32036 Reply

      fp
      AskWoody Lounger

      1st, trying to access the KB3192391 download page with IE11 fails with:

      “Object does not support property or method ‘addEventListener”.

      Anybody experienced this?

      2nd, the first time I tried to download with Firefox, the download got stuck at 16s left.

      3rd, second attempt to download seemed OK, but apparently you cannot JUST DOWNLOAD KB3192391–it is automatically installed at end of download. This is how I discovered one effect of disabling the WU service: install fails with error 0X8070422.

      Comments?

    • #32037 Reply

      Bill C.
      AskWoody Plus

      KB3192391 is only on the Microsoft Update Catalog.

      Install NOTHING!

    • #32038 Reply

      Glenda Hewitt

      KB 3156417 is on my hidden list because it is roll up for May. Surely this should not be in the security update? Forgive me if I’m stupid, but my head is pickled with all this. I am Group B but feeling very much that will have to surrender and go to Group A or else do nothing at all.

    • #32039 Reply

      poohsticks

      @Megan Ryan,

      Your prior question about a speed-up patch for this month (which appeared on another blogpost’s discussion thread, a day or two ago) was later answered by a few people.

      The short answer is: There will no longer be a separate Windows Update speed-up patch.

      So we don’t have to worry about that anymore.

      From now on, all normal Windows patches will be included in a big, monthly rollup/update.

      A. If you are in Group A, you will get any speed-up patches that Microsoft puts out.

      B. If you are in Group B, you may or may not get a speed-up patch, depending on whether Microsoft calls it a “security” or a “non-security” patch.
      If Microsoft calls it a “non-security” patch, then you won’t get it by following the Group B instructions.
      But the question is, would you even need a “speed-up” patch if you are in Group B, because by definition, Group B instructions call on people to download a rollup/update from the Update Catalog, and not from Windows Update (which is where the manually-downloaded speed-up patch has recently been useful).
      Probably you wouldn’t even need a speed-up patch anyway, in order to let you have a quick installation of the rollup/update that you have downloaded manually from the Update Catalog.

      C. If you are in Group C/W, you are now the master of your own domain, and speed-up patches are all part of a bad dream. 😉

    • #32040 Reply

      poohsticks

      Cup o’ tea, sir?


      If you don’t get that reference, I can find the post that it refers to, so it makes sense. 🙂

    • #32041 Reply

      poohsticks
    • #32042 Reply

      woody
      Da Boss

      +1

    • #32043 Reply

      woody
      Da Boss

      Don’t worry about it. Tiny patch, not likely to cause you any grief one way or another.

    • #32044 Reply

      Anonymous User

      Well I installed the updates on my test installation. No problems so far. But if anything goes wrong then my main Windows installation will have updates locked down and I’ll join you in the bunker. I mean having two Windows installations does offer a sort of safety net. In case I brick one then I won’t have to waste 3 hours reinstalling right away.
      But I’m going to bet most of you don’t have two separate Windows installations.

    • #32045 Reply

      poohsticks

      @steve,

      I believe Woody’s instructions are to not download/install **anything** today,
      whether it is from Windows Update or from the Update Catalog,
      and whether it is in the big Windows rollup/update or is a separate small thing like a Silverlight update might be.

      Woody will give us further instructions in a week or two, after learning more about how the new update system works, and hearing about any bad after-effects that the early adopters (=the people who do go ahead and download/install new updates/rollups in the next 2 weeks) are experiencing.

      Until Woody gives a clear go-ahead to download/install — which means making a change in his “DefCon” number — any information and discussion that Woody will share with the public about Microsoft’s new Windows Update system will only be for knowledge-sharing purposes.

      (Of course, if one is an IT person who manages this sort of thing for other people’s computers as a job, of course the above instructions do not apply, and one has one’s own row to hoe/headaches about this!)

    • #32046 Reply

      poohsticks

      automatically installs at the end of the download…

      Chuckle, I got a fleeting mental image of poking a sleeping snake with a stick!
      😉

    • #32047 Reply

      EP
      AskWoody_MVP

      woody: KB3192391 for Win7 SP1 and KB3192392 for Win8.1 are also available from MS Download Center:

      https://www.microsoft.com/en-us/search/result.aspx?q=kb3192391&form=dlc

      https://www.microsoft.com/en-us/search/result.aspx?q=kb3192392&form=dlc

      Even KB3194343 for Win8.1 is also there at MS Download Center as well:
      https://www.microsoft.com/en-us/search/result.aspx?q=kb3194343&form=dlc

    • #32048 Reply

      Todd

      I looked up the support documentation for the
      security-only Win 7 Oct 2016 patch, KB3192391, and read that the update is available for download from the Microsoft Download Center, in addition to the Microsoft Update Catalog. I checked and verified that I could locate and download the KB3192391 packages from the Microsoft Download Center website. This seems to be contrary to what Microsoft said – that the security-only updates would be available solely from the Microsoft Update Catalog.

    • #32049 Reply

      Bill C.
      AskWoody Plus

      That is due to your Firefox Settings. It defaults to a Firefox download directory.

      In Settings, under general, make sure in the Downloads Section, that the selection is to “Always ask me where to save files.

      After changing to that I never had the auto installation issue in Firefox with executables like .exe and .msi, but I never downloaded an Update Catalog file with Firefox. FOr those I use IE11.

    • #32050 Reply

      Squall

      Just wanted to say that I just did a manual check for updates. I took the precaution of installing KB3172605 the other day, and it seems to negate the slow update check hell that I had to go through last month… the check took about one minute, if that.

    • #32051 Reply

      Todd

      I should have added that the Microsoft support documentation for KB3192391 has direct download links from the Microsoft Download Center.

      The Microsoft Support documentation for KB3192391 can be found here:
      https://support.microsoft.com/en-us/kb/3192391

    • #32052 Reply

      Squall
    • #32053 Reply

      T

      So they’re already including non-security updates into the security only rollup? Why am i not surprised.

    • #32054 Reply

      Doc

      MSRT and Defender definitions still remain safe and good to go, right?

    • #32055 Reply

      pulsar
      AskWoody Lounger

      Any feedback yet whether it’s still taking hours and much CPU useage for the updates to be located for Win 7?

    • #32056 Reply

      ch100
      AskWoody_MVP

      Based on previous experience, it should be KB3185330. However if you are fully patched and with the system working correctly, you don’t need any speed-up patches.
      And do not install anything yet.

    • #32057 Reply

      nkp6

      Moreover, “replaces” does not necessarily mean “includes.” Most simply, it means “makes it unnecessary” – so it could be, for example, that it contains a bug-fix or something that was previously released as non-security, but is now part of the security update as well. Or at least, that’s what it should (and certainly used to) mean, but what MS means by it now is possibly up for debate.

      I wonder, does this mean that all those could be cleaned up with the WU disk clean-up utility after the update is eventually applied? In other words, how will that utility handle the transition? Surely, it shouldn’t matter how the package was delivered… all the machinery outside the search/download should function the same way as before, no?

      And something else I’m curious about, if WU is not doing any searching (stuff is being manually acquired from the Catalog) does it even need that SoftwareDistribution folder? I mean, that’s ~1GB just wasted right there. Not that I can’t live without it but, man, I hate wasting anything!

    • #32058 Reply

      SGvagon

      My WU still check update today. Maybe it’s problem, that I don’t have (fix) update KB3177467 :-/ ?

    • #32059 Reply

      nkp6

      Does disabling actually prevent installation of updates? When installing a manually downloaded update, I typically stop WU service beforehand. Of course, stopping and disabling are not the same thing, and it does seem to start itself again at some point, so if it can’t do it maybe it errors out – but I always thought it was TrustedInstaller that takes over the actual installation.

    • #32060 Reply

      nkp6

      Are you sure you didn’t select “open with” instead of “save file” in the dialog that Firefox pops out on start of download? There’s nothing that can force you to install it automatically, it’s just an .msu file!

    • #32061 Reply

      thedon

      Yes, one effect of disabling WU service is an error while installing an update from a website. Re-enabling the service temporarily could give a nasty surprise if you just disabled the service without turning off downloads in the UI. If you’re really nervous, perhaps pull the internet cable or turn off wireless before re-enabling the service. Could check your WU settings with no internet, and even install in that state.

    • #32062 Reply

      Brocktoon

      Looks like it may be a long wait time again … and no speed up patch. I have my system set to check for updates but only notify me. So far I’m 60+ minutes of ‘Checking for Updates’ with 1 CPU core pegged and still no updates. So, business as usual …

    • #32063 Reply

      zero2dash
      AskWoody Lounger

      Further digestion on my part basically shows things are as many (Woody, abbodi, and I believe also ch100) speculated…

      If you get the “security only” update from either the Update catalog or the MS download site, you get only the fixes released for October.

      If you get the “security & quality rollup” from Windows Update (most likely), or the Update catalog or MS download site, you get September’s security updates, along with October’s.

      IOW if you keep your system up to date (though maybe not on patch day like MS would prefer), you only need the “security only” update.

      If you are behind, use the “security & quality rollup”.

      The picture is clearer now. At least right now, I’m not as scared as I was yesterday. 🙂

      Again guys – highly recommend you grabbing the IE Tab Chrome/Firefox extension. You can also use the “Auto URL” functionality to make any tabs going to http://catalog.update.microsoft.com/v7/site/* automatically open in the IE Tab extension, so you don’t even need to click on the IE Tab button in your browser after trying to load the page in Chrome or Firefox. Very handy!

      Alternately, just download it from the MS site. Look up the KB, and check out “Method 2” – those are the links to DL from the MS site, NOT the Update catalog.

    • #32064 Reply

      zero2dash
      AskWoody Lounger

      Keep in mind – don’t do ANYTHING at this point.
      This is patch day – don’t install ANYTHING.
      Give it at least a few days, if not weeks….

    • #32065 Reply

      nkp6

      There are also security-only updates for .NET. The keyword that brings them forward is “only” (or maybe there is a better one, but I couldn’t think of it):
      http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=october+2016+only+framework

      Even then, they are not exactly at the top of the list… of course, if you know the exact kb number it’s easier – but there are variations based on the .NET and OS version.

    • #32066 Reply

      Dimk

      @fp:”trying to access the KB3192391 download page with IE11 fails with: Object does not support property or method ‘addEventListener.
      Anybody experienced this?”
      Same here, I just tried to download it with IE 11 and failed. Anyway, as it has already been mentioned, we should NOT install anything.

    • #32067 Reply

      Anonymous

      Is this the right place to download from https://www.microsoft.com/en-us/download/details.aspx?id=53990?

      Does Windows Update have to be set to on or off in order to install the above?

      Does Windows Update include things that one has to install that are not part of the security only update? I am confused by mentions that some things are available separately (.net framework ? and MSRT).

    • #32068 Reply

      Quidam Q. Agathezol

      Looks like the “Security Only Update” vs. “Security and Quality Rollup” choice that applies to Windows also applies to .NET. The Security Only .NET is KB3188730 (Win7/2008R2) and KB3188732 (Win8.1/2012R2).

    • #32069 Reply

      JO

      I am in no hurry to install anything from any source. However, I am curious about the Microsoft Update Catalog which I have never accessed.

      When I click on Rss links to the catalog (for example, Woody’s first clickable link in this post) using Google Chrome I get a page where I am unable to click, delete, or insert anything. Any ideas why?

      Also, although I have never done it, would it not be easier to access the catalog by simply using Internet Explorer?

      Thanks.

    • #32070 Reply

      Tudor

      @woody: It appears Microsoft has changed their mind once more. The security only rollup is available as direct download from the KB article. It redirected me here:

      https://www.microsoft.com/en-us/download/details.aspx?id=53990

      We need to pay attention to the latest news.

      Either someone at Microsoft realized that the higher ups are doing a massive blunder by restricting this update to Catalog/WSUS and sneaked in the links the KB article OR Microsoft themselves were pushed into a corner by the enterprise sector to have those download links easily available.

      Either way, being able to download the security only update without going through Update Catalog is a good thing.

      Not such a good thing is the fact that this rollup has a high chance of including the bugs of the security updates it supersedes or replaces.

    • #32071 Reply

      Frahaleah

      Yeah, when Woody says ‘DO NOT DOWNLOAD’ He isn’t kidding.

    • #32072 Reply

      woody
      Da Boss

      Good grief! Thanks for the heads up. I hadn’t noticed it.

    • #32073 Reply

      shopper55

      Am I missing something here? The security only updates for October 2016 appear to be available at the regular MS Download site by way of any of the TechNet Security Bulletins for the same month. The Microsoft Update Catalog is NOT needed?

      So for example

      https://technet.microsoft.com/library/security/MS16-124

      has links for the actual KB 3192391 patch file at

      https://www.microsoft.com/en-us/download/details.aspx?id=53990

      or not?

      Regards,
      shopper55

    • #32074 Reply

      shopper55

      OOps,sorry, evidently I missed the very last two posts

      Regards,
      shopper55

    • #32075 Reply

      justaned

      @fp
      I got the same thing, clicked the ok, and found nothing downloadable. However, I then clicked on the link under More Information which brought me to a Microsoft help page. Using the KB number in the search box got me a link to the catalog page, but with the wrong KB number (go figure). Inputing the proper KB number gave me the proper page. I added it to the cart (haha) and was then able to download.
      No-I DID NOT install anything; it sits happily quiescent in my downloads folder.

    • #32076 Reply

      Brocktoon

      I haven’t installed any speed-up patches that I know of. I’m now up to 2.5 hours of still checking for updates, so it seems like previous months, but maybe even worse? I’m on Win7 x64 that had nothing but a few optional updates available as of yesterday. And it took less than a minute to check 24 hours ago

    • #32077 Reply

      justaned

      Now this is interesting. I just clicked on Woody’s original link using Firefox. I chose the correct version (X64) and reached the page that had not worked for me earlier using IE11. I could check package details etc; and I was able to download. No problems. 6:40 Eastern time for the curious. BTW, I’m using NoScript, but had no trouble at all as MS is already whitelisted.

    • #32078 Reply

      Squall

      It would appear you’re right… I managed to find the security-only update’s download page just by Googling the KB number for it.

    • #32079 Reply

      RCPete

      Looks like MSE definition update is running a little slow, but not out of line for Patch Tuesday. It took 9 minutes to do it all, with 5 in the search phase. This was after updating early this morning. (Updates through MSE…)

    • #32080 Reply

      Squall

      If you have KB3172605 installed, then it shouldn’t… I did 2 checks that took less than a minute each. Without that, I have no idea how long it would take.

    • #32081 Reply

      Anonymous User

      This is in response to the last sentence of this post. I suspect Vista will be pretty much the same. I don’t think it would be worth it to Microsoft to change the way Vista updates this late into its lifespan since 6 months from today Vista support will end.

      What would be the point? They plan for 7 & 8.1 to become fully cumulative starting next year I believe? Probably by the time that starts Vista will only have a couple months left or have just ended. Also more and more programs are dumping support for Vista.

      Vista’s market share is through the floor but since Microsoft guaranteed support until 2017 they’re going to continue to patch it until its support ends in 6 months. 7 has a little over 3 years left, 8.1 has a little over 6 years left. Vista has 6 months. So I doubt it’ll change. I could be wrong. But seeing as how they didn’t announce the patching changes for Vista, then it’s unlikely it will go cumulative especially this late in the game.

    • #32082 Reply

      Walter Bear

      I have one win 7 machine that I need to get updated now with the hand full of patches that are ok from September.

      KB: 3177186, 3175024, 3182203, 3184122 and 3185319.

      I didn’t get to this machine until about 3:30 pm CST. The updates are listed to download but it just spins and spins. A machine that did get updated earlier this am now just spins checking for updates. So nothing is working, not even the option to get Octobers stuff.

      It’s obvious a speed up patch is now needed. If as some have stated there will not be a single one I can manually install how am I going to get the above patches installed?

      No I do not want to install a roll up to get the single speed up I need as I only want to get the September patches installed at this time. If I let it run for 24 hrs will it finally install them? If not what are my options? Thanks.

    • #32083 Reply

      woody
      Da Boss

      Ends up that Vista’s very different. More in the morning, in InfoWorld.

    • #32084 Reply

      woody
      Da Boss

      Looks like kb3172605 fits the bill.

    • #32085 Reply

      woody
      Da Boss

      Believe me, it’s easy to do. Hundreds of posts today.

    • #32086 Reply

      Gary Karasik

      Here’s one problem with the new update model: If one update in the rollup fails, the entire rollup fails.

      GaryK

    • #32087 Reply

      woody
      Da Boss

      True.

    • #32088 Reply

      Alberto Marconi

      I’m no computer expert, but I have installed all the important updates from Windows Update and my Windows 7 machine is working perfectly OK. Sorry, but I don’t understand what all this fuss here and in other sites is all about!

    • #32089 Reply

      woody
      Da Boss

      It will probably finish within 24 hours.

      Only way I’ve seen to speed up Win7 scans is by installing both KB 3020369 and KB 3172605. See http://wu.krelay.de/en/ for details about problems with both. (Yes, 3172605 breaks bluetooth on Intel machines, but Intel has a new driver.)

    • #32090 Reply

      woody
      Da Boss

      Two big questions:

      1) Did the rollup include more snooping?

      2) If something in the rollup breaks, how will you fix it?

      As long as you’re in Group A, and the rollup has no bugs, you’re home free.

    • #32091 Reply

      C

      Woody,

      By now can I install 2952664? Or is it still something to avoid? Some say it’s necessary for future updates (and it does say it doesn’t have W10 stuff anymore in it).

      If it’s necessary (or even merely harmless) I figure I’ll install it.

    • #32092 Reply

      Gary Karasik

      Hi Alberto. I’m going to give you the benefit of the doubt and assume you’re not a troll: If you take care of multiple users–anywhere from five to five thousand–and an Outlook security update cripples Outlook so that those five to five thousand users can’t use their email and they start calling you in an angst-ridden panic and you have to first figure out what the problem is and then second manually uninstall the offending update from five to five thousand PCs, you might begin to understand all the fuss.

      GaryK

    • #32093 Reply

      woody
      Da Boss

      🙂

    • #32094 Reply

      woody
      Da Boss

      Good question. See my post, which just went up

      https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/

    • #32095 Reply

      Alberto Marconi

      1) Honestly I’m not too sure about the snooping. Long ago I uninstalled Windows 10 telemetry updates and hid them and they are still hidden.
      2) The rollup Update KB3185330 is shown in the list of installed updates, so it can be uninstalled if it causes any problems. I’m not sure if this is the right answer to your question though!

    • #32096 Reply

      Alberto Marconi

      Well, I guess what you said makes perfect sense if you are managing multiple systems. From a home user’s perspective, this article and other similar ones on the web seem a little overcautious.

    • #32097 Reply

      woody
      Da Boss

      Snooping is a very squishy topic – we don’t know what Microsoft is doing to Win7 at this point.

      The whole update can be uninstalled. But individual updates cannot. Thus, for example, if a non-security patches causes bad side-effects, you have to roll out the security patches, too.

      As long as the patches are OK, everything’s great.

    • #32098 Reply

      woody
      Da Boss

      Again, it all boils down to whether you accept Microsoft’s snooping, and how to recover if something goes bump in the night.

    • #32099 Reply

      Alberto Marconi

      Thank you Woody for your insightful replies

    • #32100 Reply

      Brian

      Just checked my updates for October and MS sent me KB 3188740, KB3185330 and malicious update KB89830. I may have seen mention of KB3185330 but I have never seen KB3188740. I turned updates off again and left them where they were. I think I might be a little lost.

    • #32101 Reply

      James Bond 007
      AskWoody Lounger

      Perhaps the reason that the updates are offered through the Download Centre this month is because the Update Catalog is not yet “fixed” for other browsers as Microsoft had promised to do earlier?

      Once the Update Catalog has been fixed then the updates may no longer be available from the Download Centre, as Microsoft said before.

      Hope for the best. Prepare for the worst.

    • #32102 Reply

      Brandon

      The catalog is pretty sparse I noticed

      By the way click more information on each update pack after running WUD, it breaks down the MS number,

      EX
      https://support.microsoft.com/en-us/kb/3185330
      -supposedly fixes a update released last month (didn’t install it)

      https://support.microsoft.com/en-us/kb/3188740

      https://support.microsoft.com/en-us/kb/2952664 – phone home garbage

    • #32103 Reply

      Gary Karasik

      On reflection, I think this is a serious problem. If you have a failure with one of the security updates (or even one of the optional updates) included in the rollup, you don’t get *any* of the security updates for that month, and possibly longer. There needs to be code in the rollup that allows it to proceed with every update it can even if a portion fails; further, comprehensive info about the exact failure–which update, what error code–should be published in an error message.

      GaryK

    • #32104 Reply

      woody
      Da Boss

      It certainly is a serious problem. In fact, it’s worse.

      For those in Group A – the folks who are taking the “Security Monthly Quality Rollup” – if one part of the rollup causes problems, you have to uninstall the whole rollup. If the problem lies in one of the non-security patches, you have to take out all of the security and non-security patches for that month.

      It also isn’t clear how rolling back cumulative updates will work. Not a simple problem.

    • #32105 Reply

      woody
      Da Boss

      Quite possible.

    • #32106 Reply

      woody
      Da Boss

      Relax. Wait for MS-DEFCON 3, and I should have full details.

    • #32107 Reply

      woody
      Da Boss

      Keep posting good questions!

    • #32108 Reply

      Megan Ryan

      Well my toshiba satellite laptop doesn’t have intel blue-tooth.

      It has a AMD Vision, energy star, and epeat gold from what I see on my computer side near the keyboard.

      So would it be safe to install 3172605 on my laptop? Of course I will wait until after Halloween to install it and test it on my dad’s computer.

    • #32109 Reply

      woody
      Da Boss

      Why install it now? Wait until you’re ready to get serious about patching.

    • #32110 Reply

      poohsticks

      @Gary Karasik,

      Why start at 5 users? I take care of just 2 computers – my computer and a relative’s, and if that person’s email stopped working or computer wouldn’t turn on, my phone would be ringing, beeping and buzzing (and it has in the past, even though I lived thousands of miles away and it was the middle of the night for me)! 😉

    • #32111 Reply

      poohsticks

      @JO,

      I may or may not have had the same problem as you.

      I don’t use Chrome, I use IE 11 — but last week when I was experimenting with uploading something from the Update Catalog for the first time, I had a doozy of a time trying to use Woody’s link to the update that I was seeking. I described my tussles here on this site, in another discussion thread.

      I did not manage to get Woody’s direct hyperlink to work, but I was able to successfully use the Update Catalog by going straight to its initial home page (I did a search for that on the Microsoft Help/Support site, and I clicked on the link that search threw up for me), installing the add-on that the Update Catalog requires (which I’d never had before on my computer), and doing a search for the update I was looking for.

    • #32112 Reply

      poohsticks

      @woody,

      Intel does not have new drivers for all the affected Windows 7 drivers.

      I don’t think they have one for mine.

      And it appears that they plan not to create a new version for a substantial group of older drivers/customers.

      The same old list is still going around — the following comment is dated October 3rd but the list of drivers is the old one, from August 9:
      https://communities.intel.com/thread/104851

      They do not list all their drivers, and they say
      “A solution for additional adapters will come a few weeks later.”
      But has there been a newer list created?

      —-
      In the link to the 3-page-long discussion thread that you quoted above — hyperlinked under “Intel has a new driver” —

      if you read the last page of comments, there are many users whose drivers Intel has decided not to replace,
      and what Intel tells people like them (and me) is:

      “As we mentioned, it is not possible to provide a fix for older adapters.
      Bluetooth will function if you remove the updates and prevent Windows from applying them;
      or, you can proceed with the Windows updates knowing that Bluetooth will not work.”

      So, you can either have Windows Updates and have KB 3172605/3161608 and go with Group A downloading,
      or you can have your computer’s Bluetooth working.
      One or the other.

      ===
      Therefore, this is the *second* bad Windows patch that, through no fault of my own, with my computer set-up still being the same as it came originally from the factory, is going to prevent me from being in Group A and accepting Windows Updates as Microsoft intends me to.

    • #32113 Reply

      JO

      Basic question:

      On a computer running Windows 7 SP1 with Windows Update set to “Never check for updates (not recommended)” is it safe now to click the “Check for updates” button or should I wait until Woody moves to MS-Defcon 3?

      I do not intend to actually install any new updates until Woody moves to Defcon 3, but I would like to see if previously pending updates are still pending.

    • #32114 Reply

      poohsticks

      I need to post a correction to part of what I wrote just above:

      The link that you linked to in your comment earlier, hyperlinked under the words “Intel has a new driver”, is:
      https://communities.intel.com/thread/106442

      In that link, there are only two posts and it’s just on one page. The guy who made the first post actually couldn’t get the instructions to work, and had to do some fancy technical stuff on his own (which a non-techie like me would not know how to do) in order to push it through.

      The one response to his post gave a link to a longer discussion thread in case it shed more light on the problem. The link was to this thread: https://communities.intel.com/thread/104414

      And it is the 3rd page of THAT thread which I was trying to direct your attention to.

      This goes directly to the third page:
      https://communities.intel.com/thread/104414?start=30&tstart=0

      And there are posts like the following:
      “Intel (or Microsoft) is going to have to do something about the drivers for the discontinued Bluetooth adapters. Starting in October, Microsoft will be releasing Windows7/8… updates only as roll-ups, meaning if they include the patch that breaks Bluetooth, you can’t avoid it and receive other updates”
      “intel ..dont forget your customers! “not possible” is no solution.”
      “It is ms-patchday and the laptop runs now hours-long with high CPU-usage and is nearly not usable. Should that be the future every month from now on? or install ms-patch and lose the bluetooth-functionality?”



      So if readers here have Intel Bluetooth on a computer that is more than 2 years old, don’t assume that you can go right into Windows Update “Group A” or that you can safely install KB3161608/KB3172605 — first, check out which Intel Bluetooth driver is in your machine, see if it’s on the list of drivers that Intel has published a fix for, and get that fixed, prior to forging ahead with Windows Updates.

      If Intel has not provided a fix for your Bluetooth driver, you will either have to
      1) lose the Bluetooth functionality in your machine (and get lots of error messages in your Event Viewer even if you never try to use the Bluetooth feature!) or
      2) not accept cumulative Windows Updates from now on.

    • #32115 Reply

      Anonymous

      Should I just download KB3192391 and the other downloads, avoiding the two monthly rollups?

    • #32116 Reply

      Brian

      The KB3188740 is nothing more than a NET rollup for win 7 sp1 sorry.

    • #32117 Reply

      Megan Ryan

      I am-I’m waiting until after Halloween like ya said wait 2-3 weeks until things are Level 3.

      I mean I got some Halloween stuff I wanna watch and stuff to read too. I mean seriously when I heard of Patch-O-Geddon for October, I thought “You should wait until October is over to see if anyone found a way to speed up WU and what KB updates are safe.”

      I mean I gotta install the speed up in the morning, defrag and regain MB and such the night before and exactly at Midnight I scan and install updates and be in bed by 1am or so.

      I ain’t wasting a morning or afternoon or evening installing updates and missing on stuff to catch up on.

      Plus after I install, I turn off WU so I don’t get disturbed of any updates for awhile. Trust me in the past-MICROSOFT’S updates and stuff has disturbed parts of my day and time.

    • #32118 Reply

      Megan Ryan

      So I am gonna wait it out until everything is okay to install. I like things to be simple and easy than complicated.

    • #32119 Reply

      Goofy

      How wood 1 go about finding “.NET security-only” updates using the Microsoft Update Catalog without knowing the KB number. All I see is the KB for the .NET security + non-security rollup. And, by the way, whose ever idea it was to shoehorn “Quality” into every other statement needs to be thrown a BOOT PARTY!

    • #32120 Reply

      Anonymous

      Oh shoot I can’t. KB3192391 is only for 86-bit ><.

    • #32121 Reply

      Anonymous

      Never mind. Found the 64-bit version ^^;. Hopefully this will work better than the monthly rollups.

    • #32122 Reply

      lizzytish
      AskWoody Lounger

      Well…I am a home user, Alberto and I think you must be one of the lucky ones……… and I’m glad your experiences have proven good……. but think you should understand that other’s experiences have not been as good as yours… and I feel your comments/views are a bit belittling to other’s points of view. If you had been subjected to some of the things that people have had to dig themselves out of because of dodgy patches (not to mention the dreaded GWX drama) you perhaps would have an understanding of the animosity that people have towards updating. It is not a seamless procedure as it used to be some years ago…… and as some have said the USERS are the BETA Testers for MS. So the concern and the angst that people feel is a very genuine thing and should not be belittled simply because you haven’t experienced these things……… or perhaps you have and haven’t even realised that you have. Be very aware that Snooping/collecting of your data is going on even if you don’t think this is happening on your machine. It could very well be so. If that doesn’t concern you – then as Woody says…… your home and dry! LT

      Vision without ACTION is a DAY DREAM
      Action without vision is a NIGHTMARE

    • #32123 Reply

      Glenda Hewitt

      Just for info. I have CEIP turned off and still get this update

    • #32124 Reply

      ch100
      AskWoody_MVP

      +1

    • #32125 Reply

      ch100
      AskWoody_MVP

      @poohsticks
      In your specific situation, with old hardware for which Intel is not providing updated drivers and unless you trust abbodi’s method of extracting the WU agent only from KB3172605, I suggest continuing to update until it really becomes a functionality problem. Then you should really stop updating, but unfortunately you may find yourself in the same situation with the current users of Windows XP, i.e exposed to all sort of Internet nasties, although it is very possible not to be affected at all.
      I still find using the computer taking precedence over a presumable security threat which may never materialise. Unfortunately a lot of users affected by viruses do not realise it or realise it late and there is no definitive solution to this problem even from the major antivirus manufacturers.

    • #32126 Reply

      ch100
      AskWoody_MVP

      This is just an imaginary problem. A failing patch is a failing patch, regardless of its complexity. For you as end user it is absolutely the same thing.

    • #32127 Reply

      Walker

      @woody:

      Is it best to have the Win Updates set at “NEVER” until you reach MS-DEFCON 3? Or is it all right to have it set at “Check for updates but let me choose whether to download and install” to see what’s out there?

      For Group B, how do we know which are the Security Updates only, so we don’t install all of the others that Group A wants (the non-security, etc.).

      Apologies, however I’m “lost” here, trying to determine if it’s OK to change my settings to “Check for updates but let me choose to download and install”. At least with this setting I can see what’s “available”, and which one(s) I’m supposed to DL & install for Group B when you change to MS-DEFCON 3. (Also which “roll-ups” is Group B supposed to install?)

      Your help, as always, is appreciated. Thank you. 🙂

    • #32128 Reply

      woody
      Da Boss

      Chill. If you have updates set to “check” or “never” you’re fine, both of them behave identically at this point.

      Wait for the MS-DEFCON level to change.

    • #32129 Reply

      b111gates

      ^ this

    • #32130 Reply

      tittyhead

      you’re still being snooped on in win10 even though you’ve hidden those telemetry updates.
      They knew a lot of users would block them so they hardcoded the privacy invasion into the system.

    • #32131 Reply

      Todd

      The Security-only update for .NET 3.5.1 is KB3188730. This is the counterpart to KB3188740, which is the Security and Quality Rollup for .NET 3.5.1.

      KB3188730 at the Microsoft Catalog:
      http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3188730

      KB3188730 at the Microsoft Download Center:
      https://www.microsoft.com/en-us/download/details.aspx?id=54007

      Downloads are available for 32-bit and 64-bit Windows 7.

    • #32132 Reply

      Gary Karasik

      Did I say five? Sorry–I meant two. 🙂

      GaryK

    • #32133 Reply

      wdburt1

      Woody: I’ve been busy with other things but wanted to thank you for this information.

    • #32134 Reply

      Roger

      BEWARE: The dreaded KB 2952664 snooping patch is now being offered as “Important” and is checked by default. Uncheck and hide before proceeding to decide on any other patches.

    • #32135 Reply

      woody
      Da Boss

      It’s only checked by default if you’ve selected the Windows Update setting marked “Give me recommended updates the same way I receive important updates.”

      See http://www.infoworld.com/article/3130076/microsoft-windows/win-781-patchocalypse-springs-a-few-surprises.html

    • #32136 Reply

      Anonymous

      i installed KB3192391 should I uninstall it.

    • #32137 Reply

      Inew

      Hi Woody,

      I’m new to this, and I’m confused, worried and don’t know what to do.

      In September, I was advised that while I’m not patched with the latest security updates, I should Not be connected to the internet as all business & personal data (including online banking and credit-card passwords)are at-risk and compromised. With that advice, I feel a sense of urgency to get patched, but I’m set at “Never check for updates…” and waiting for Defcon 3. Am I missing something? How do I stay safe while waiting for Defcon 3?

      Please forgive me, I’m tech-challenged. I would really be grateful if my worry and confusion could be relieved. Thanks.

    • #32138 Reply

      Mandy

      Thank you for the link for KB3188730!!!!

    • #32139 Reply

      poohsticks

      @ch100,

      I can’t be in Group A anyway, due to not being able to install the “important” update kb3033929,

      so my plan is to be in Group B if I can,

      and if that doesn’t work, I’ll go to Group C/W.

      My understanding of update kb3172605 is that it is not important/security, at least it was not on my Windows Update scan for my machine as of Monday night.

      So my impression is that I do not need to worry about kb3172605, since it appears that most people are trying to get it in order to speed up their Windows Update scanning.

      My Windows Update scan late on Monday night was quick, something less than 10 minutes (that is how long I was away from the computer).

      I also have the understanding that I don’t need to worry about kb3172605 to speed up my Windows Update scanning if I plan to be in Group B anyway and must download the Security-only update/rollup from the Update Catalog.

      Perhaps that understanding is incorrect, because I don’t know why lots of folks here are making a big deal about needing to make sure that their WU scans quickly in October and about downloading kb3172605 straightaway. 🙂

      Maybe my Windows Update scan was fast on Monday night, yet it wouldn’t have been on Tuesday morning after the new patching system was introduced — I have not wanted to test my Windows Update at this risky “DefCon” level.

      But even if that is the case (if my Windows Update has become slow again), I am not sure why I’d be using Windows Update from now on, if all the patches I will have access to, with Group B, are going to be manually available in the Update Catalog.

      I have had a bad migraine for the last 2 days, probably barometric-pressure-related, and I’m trying not to think about things that are not immediately important (because concentrating hurts). So I’m fine with being confused on some issues, as long as I play it safe with my own machine in this moment — meaning “do nothing”! 🙂

    • #32140 Reply

      ch100
      AskWoody_MVP

      “So my impression is that I do not need to worry about kb3172605, since it appears that most people are trying to get it in order to speed up their Windows Update scanning.”

      This is correct. The only important agent as classified by Microsoft at the moment is KB3138612 and that one should be installed by everyone who cares about the scanning time.

    • #32141 Reply

      woody
      Da Boss

      … so the older (and less suspicious, and not Intel Bluetooth antagonistic) KB 3138612, along with KB 3020369 are sufficient for Win7? If so, I better get the main post modified.

    • #32142 Reply

      samak

      A couple of people at krebsonsecurity.com are reporting problems after updating:
      “This time the mandatory Windows update pulled down some obscure Intel sound driver that wiped out my Realtek sound driver.”
      “The above has happened, also on my win 10,8.1,8, and win7 machines.”
      https://krebsonsecurity.com/2016/10/microsoft-no-more-pick-and-choose-patching/#comments

    • #32143 Reply

      woody
      Da Boss

      OMG. Thanks for the link!

    • #32144 Reply

      Richard

      Installed KB 3185330 on Windows 7 x64 laptop. Afterwards, when I open Internet Explorer 11, there’s a pop-up box asking me to choose Microsoft default settings or stay with my current settings. It then will not allow me to finish the action, and the only way to continue is to open the Task Manager to close IE 11.

    • #32145 Reply

      Al

      I’m confused, does this mean that automatic update downloads don’t work anymore? Starting Tuesday whenever I turn on my computer ‘service host local services (13)eats up my cpu and keeps my laptop fan running continuously. The top item in the services is ‘windows update’, if I STOP this process my cpu goes back to normal. Either way my download updates but don’t install shows NO UPDATES.
      do I have to manually download these now?

    • #32146 Reply

      Woody

      You’re fine. If you last got your security patches 4 or 6 months ago, there’s nothing pressing.

      Wait for MS-DEFCON 3.

    • #32147 Reply

      Woody
    • #32148 Reply

      Michael

      WSUS now looks like a total mess.

      We have things called:
      Security Only Update
      Security Only Quality Update
      Security and Quality Rollup
      Security Monthly Quality Rollup

      as well as a whole pile of old style:
      Security Update(s)
      for:
      – Windows Server
      – Silverlight
      – Office
      – .NET
      – Adobe Flash Player

      So Microsoft has put the zero-day IE11 fix for MS16-118 into KB3185330 and KB3192391, which are “Security Monthly Quality Rollup” and “Security Only Quality Update”… But with “Quality” in there, doesn’t that mean they are Group A patches, meaning to get the fix you need to accept the snooping?

    • #32149 Reply

      James Bond 007
      AskWoody Lounger

      Woody, I notice that in your new article “Win 7/8.1 ‘patchocalypse’ springs a few surprises” you said:

      In addition, the security patches are available as one-off downloads through the Microsoft Download Center. If you don’t want to install this month’s entire security-only update, you can pluck off each individual patch and install it by going to the relevant TechNet article and clicking on the download link. For example, MS16-124/KB 3193227, the Security Update for Windows Registry, can be downloaded and installed all by itself.

      However, what I find is that the download links only allow me to download the “Security-only Rollup” KB3192391 or the “Security Monthly Quality Rollup” KB3185330, not the individual security patches.

      Did I miss something here?

      Hope for the best. Prepare for the worst.

    • #32150 Reply

      Al

      from your article = Those who continue to use Windows Update will get all of Microsoft’s Windows patches. According to your windows 8.1 book I’ve consistently let windows update download the updates and installed them only when you said it was safe to do so. Again does it now mean that windows automatic update does not work and I have to manually download them? Should I buy an apple computer?

    • #32151 Reply

      woody
      Da Boss

      Noting that drastic!

      First, make sure you have automatic update turned off – as described in my books.

      Then, read this and decide if you want to be in Group A or Group B

      http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

      Then wait. Seriously. At some point the coast will be more-or-less clear, I’ll move us to MS-DEFCON 3, and have full instructions at that time.

    • #32152 Reply

      woody
      Da Boss

      Oh boy.

      Yes, they only point to links for the Security-only or Monthly Rollup patches.

      My InfoWorld article is wrong.

      I’ll get it corrected in the morning. Sorry about that – and thanks for the correction!

    • #32153 Reply

      Alberto Marconi

      Hi Lizzytish,

      Thank you for your reply. I’m sorry but I didn’t mean to belittle anyone’s opinion. Maybe because I’m not a native English speaker so I wasn’t using the most appropriate words. I do apologize if anyone has felt this way.

      Going back to Updates, maybe like you said I was lucky. Quite honestly, My Windows 7 Update has always been set to Automatic including recommended, and I never had a single problem or uninstalled an update. Only after my netbook display adapter was found incompatible for Windows 10, and telemetry became aggressive towards the end of the free upgrade period and started running on every boot that I uninstalled KB2952664 and other GWX updates because they were slowing down my machine on boot.

      As far as collecting data or what’s refereed to here as snooping is concerned, I’m OK with it (and this is just my opinion). I trust MS will only collect performance data, and think If everyone denies MS this data, how will MS know if Windows is functioning properly on the countless hardware configurations out there, or provide fixes if needed? Or maybe because I feel I have nothing worthy of snooping on! What are they going to find on this old man’s machine anyway? Other than few news sites, a couple of email sites (one of them belongs to MS) and a couple of Internet card game sites. Please note this is just a layman’s opinion and not belittling anyone 🙂

    • #32154 Reply

      James Bond 007
      AskWoody Lounger

      That “Security Only Quality Update” KB3192391 is supposed to contain the security content of KB3185330 without the non-security content.

      If all you want is security updates this will be the one you want.

      Of course, Woody’s advice is to wait some time until it is safe to patch, anyway.

      Hope for the best. Prepare for the worst.

    • #32155 Reply

      Bill

      Please stop using gray text on your website. Please use black so older people with marginal eyesight can read posts.

    • #32156 Reply

      poohsticks

      @michael,

      Oh, that list is different from the list that someone else gave here!

      As far as I can remember, the other list I saw here didn’t indicate that there were both:

      Security Only Update
      and
      Security Only Quality Update

      What is the difference between those two updates?

      Does the “quality” descriptor mean that it’s a cumulative patch?

    • #32157 Reply

      poohsticks

      @michael,

      I think I have figured it out, by looking at the other list that someone else, contributor “Olaf”, provided to a different discussion thread here —
      what you are seeing might be a mixture between the .NET updates and the normal updates.

      According to that other list, the .Net update packages and the normal update packages are named slightly inconsistently, which I think was a mistake that Microsoft should fix
      [ see my post: https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/comment-page-2/#comment-102181 ]

      Olaf says that they are the following:

      NET
      1. Security Only Update for .NET
      2. Security and Quality Rollup for .NET

      Windows
      1. Security Only Quality Update
      2. Security Monthly Quality Rollup

      [Olaf’s post: https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/comment-page-2/#comment-102147 ]

      Therefore, the “Security Only Update” and the “Security Only Quality Update” are two different things altogether, and not two different versions of the same thing.


      It appears that the ones called “update” are not cumulative, and the ones called “rollup” are cumulative.

    • #32158 Reply

      poohsticks

      @woody,

      When you posted tonight in the following comment: https://www.askwoody.com/2016/dont-install-any-updates-yet-but-heres-where-to-find-them/comment-page-3/#comment-102172

      that your info in the Infoworld article about this (http://www.infoworld.com/article/3130076/microsoft-windows/win-781-patchocalypse-springs-a-few-surprises.html )

      is wrong, does that mean that what “Tudor” saw and described above is now NOT the way it is working anymore?

    • #32159 Reply

      poohsticks

      @woody,

      Or was it the above information from Shopper55 that is now no longer working and which you will change your InfoWorld article to reflect?

      I am confused about what Tudor said and Shopper55 said – did they say the same thing?

      Is neither/both way(s) not the way things are working anymore?

    • #32160 Reply

      woody
      Da Boss

      It’s complicated 🙂

      Tudor and shopper55 are both correct. I was wrong in the way I interpreted the comments – but not completely wrong. I’ll have the change made as soon as my editors are awake.

    • #32161 Reply

      woody
      Da Boss
    • #32162 Reply

      woody
      Da Boss

      I’ve tried fiddling with the contrast on the site, and come to the conclusion that I’m not adept enough with this WordPress skin to fix anything without clobbering something else. Sorry.

    • #32163 Reply

      woody
      Da Boss

      Worth remembering… if you use the Chrome browser, Google search, ChromeOS, Android, Alexa, or one of a myriad of products or services, you’re also being snooped.

      Like you, I’ve come to terms with the intrusiveness. Which is why I use Win10.

    • #32164 Reply

      TooLoose

      I have my system set to notify me of updates but not install, so this morning when my computer was poised to restart to finish the download, I got suspicious. KB 3185330 was one of the three updates. When I tried to investigate this patch from the MS link, the description said nothing and just referred me to another document. Looks like they are hiding something.

      I checked and KB 2952664 is sitting in the optional updates ready for installation. I will not install it.

      Can I uninstall and hide KB 3185330? I am not a techie but am a fan of privacy and not being forced to actions without my consent.

    • #32165 Reply

      Cavalary

      Took the plunge, with the full package, and something’s weird. Checked for updates again after installing it and rebooting, took somewhat longer than before, and now I have the servicing stack update listed as important, wasn’t there before, and nothing else. No optional tab anymore, with the 4 updates (including a driver) I had left there. Don’t seem to have been installed though.
      So what did it (or I) mess up? :/

    • #32166 Reply

      Alberto Marconi

      That’s really good to know that you’re also using Win 10. Actually I upgraded all my household computers to 10 except for one which had incompatible display, and I love it. I was quite surprised and pleased that Win 10 actually runs better than 7 even on my 8 year old core 2 laptop!

      I’m not trying to advertise Win 10 here! Just sharing my lucky story 🙂

    • #32167 Reply

      confusdaf

      Hey Woody,
      Something has happened that has changed my Windows Update settings on my main machine to “Check and Install Automatically”, also both “Recommended Updates” and “Other Microsoft Updates” check-boxes were ticked again.

      I’m using 8.1 Pro and I just put a group policy in place to prevent automatic updates, I’m hoping this doesn’t happen again.

      However, now KB3185331, KB2976978 and KB3188743 are pending restart and I’m not sure how to prevent this. Should I just install and hope for the best?

      It is mighty annoying having to constantly babysit your operating system, it’s like a dog that can’t be trusted in the kitchen alone…

    • #32168 Reply

      woody
      Da Boss

      Installing some programs will flip the setting without warning. Best bet is to go ahead and install, then immediately manually uninstall.

    • #32169 Reply

      lizzytish
      AskWoody Lounger

      It’s nice to meet you Alberto….. and your explanation is most appreciated. Somewhere along the line I did once include the Privacy Statement that MS issued, (it would be easily available if Googled or whatever SE you use) but in it, it quite catagorically states that by using Win10 you give MS the right to all your data on your PC for their use.
      They do state that they won’t use your emails or personal files………. but to me the inference is that they can perhaps at some future date, but also infers that they have got it, but won’t use it (for now). Maybe you would call this bordering on paranoia….. but I feel that what’s on my computer is for me to decide who I share it with……… and not a third party. As people have said it’s becoming more and more difficult to keep that privacy and security around one’s personal life on line and sometimes in real life.

      People have made the distinction on this forum….that even if Google et al are the same……they most of the time work outside of your computer when you are browsing, sending emails, social networking etc. MS are bringing this into our Computers……. and that’s the difference.

      And there lies the rub!

      So besides the privacy issues there is also the issue of dodgy patches that can really brick your computer and cause so much angst. Just this week a member in one of the groups I’m in…. and is on Win10….wrote this email and I quote:

      “I got everything working and then my laptop crashed after the updates.

      I hate Microsoft!!!!!”

      and this is something that happens very consistently. She’s not the only one… their number is legion!

      So it’s an issue………. that’s why people come to this site and sit at Woody’s feet…….. as well as all the others who share their thoughts with us. And that’s why we hold off and watch and listen before we update. MS’s culture has changed considerably….. it used to be a far nicer experience for us all ….. including themselves……… Now it’s……… well different! LT

      “Sometimes when things are falling apart, they are just falling into place.” – Anonymous

    • #32170 Reply

      Chip Ford

      Thanks for the reply Woody. How would one tell that it is the 32 bit download? Perhaps my reading of the page was incorrect. I run 64 bit and would naturaly need that one. Thanks, Chip

    • #32171 Reply

      ch100
      AskWoody_MVP

      Sorry LT, I have to contradict you here. Windows Update was never a seamless procedure. It is actually better starting with Windows Vista compared to XP times since the introduction of the so-called CBS, but it is still a mess, maybe a different type of mess.

    • #32172 Reply

      woody
      Da Boss

      The naming sucks. If it includes “x64” that’s the 64-bit version. If there’s no “x” then it’s the 32-bit version.

    • #32173 Reply

      JO

      poohsticks:

      Thank you for the reply. Here is what I have learned, which you and many others may already know:

      In Woody’s October 11 post “How to scan the Microsoft Catalog for security patches”

      https://www.askwoody.com/2016/how-to-scan-the-microsoft-update-catalog-for-security-patches/

      Woody has a link to his InfoWorld article covering the same topic.

      http://www.infoworld.com/article/3112862/microsoft-windows/how-to-check-the-microsoft-update-catalog-with-any-browser.html

      There are currently six comments at the end of that article and Woody explains there that in order to read the RSS feed for the Microsoft Update Catalog one’s browser must have an “RSS interpreter.” Apparently Chrome does not have one and therefore an “extension” such as “RSS Subscription extension (by Google)” must be added. Having never previously added an extension to Chrome I am hesitant to add one now given all the changes to Windows Update. It should be easier to identify the source of problems should they arise during the next several weeks as new Microsoft updates are installed (always after Woody gives the OK) if the changes to my computer are kept to a minimum. Similarly, I am reluctant to install the add-on that Internet Explorer seems to need to use the Microsoft Update Catalog. In addition, I am generally reluctant to use Internet Explorer for any purpose until this month’s security patches, which apparently include fixes for Internet Explorer, are installed.

    • #32174 Reply

      lizzytish
      AskWoody Lounger

      Ah!……well guess compared to how it is NOW and how it was say 2 years ago or so….. to me it would have appeared seamless …… merely because I wasn’t paying attention more than likely……… and I wasn’t tripped up so to speak……. but yes I would perhaps have done better to have termed it differently!!! Good call ch100!!

    • #32175 Reply

      Ricardo

      Just for what it’s worth: KB3185330 (full) and KB3192391 (security only) both include the security update for Internet Explorer. Which is weird, because (at least on my system) IE’s security update is also seen as a seperate update. I don’t like it by the way. It messes my favorites folder.

    • #32176 Reply

      Steve

      Rolled out the updates to about 275 Win 7 machines last night after successful testing. Have about 30 users reporting Outlook freezing and IE not working. Off to roll back – thanks again MS.

    • #32177 Reply

      PKCano
      Da Boss

      Why are you installing updates? We are on DEFCON2 – don’t install anything until Woody gives the go-ahead.

    • #32178 Reply

      PKCano
      Da Boss

      Check your settings. They should read “Ckeck for updates but let me decide whether to download and install.”
      If you have it set to “Download but let me decide when to install” it will download updates in the background and install them the next time you reboot.

      KB3185330 is the new Oct Security + non-security monthly rollup. At this point you can TRY to uninstall it and reboot. Be sure you have the settings “Check but let me choose whether to download..” or “Never check for updates” correct first. I don’t know if anyone has tried to uninstall the new rollups or not, or how successful it is.

    • #32179 Reply

      Steve

      UPDATE: rolled back KB3185330 and the issues with Outlook 2010 and IE 11 freezing went away.

    • #32180 Reply

      woody
      Da Boss

      +1

    • #32181 Reply

      woody
      Da Boss

      If you narrow it down, yell read loud!

      Did you use Security-only or Monthly rollup?

    • #32182 Reply

      Cavalary

      Really doubt I waited more than until the 2nd day after release to install security updates, almost always it’s within 24h, so wanted that, and when I saw, even in Woody’s Infoworld article, that the bundle should only include October security updates and the September non-security bundle, not new stuff, said might as well.

      Otherwise things seem fine so far. And actually using IE (another reason to install at least the security updates, with the one for it not separate anymore) and not having issues with it at the moment. If anything, at least so far, some odd access denied errors that kept being logged as from my security software lately seem to have stopped now.

      But worried about that change to WU, since my main concern in all of this (past the risk of serious system problems) is not to end up with forced automatic updates in Win 10 style.
      As long as I get to choose, I tend to be in that 2nd group listed by Woody in an article as typical for those who don’t have it set to auto, as in check, give it a day or two to see if word of anything really bad reaches me, if not install everything*…
      * Since the push for Win 10 and telemetry started, the “everything” excludes updates I knew shoved that down one’s throat. But besides that…

    • #32183 Reply

      Steve

      We had a similar issue with KB3185278, so I’m guessing that was included this month in KB3185330, but it’s just a guess at this point.

    • #32184 Reply

      woody
      Da Boss

      Thanks. I’ll keep my ears open and see if anybody else reports it.

      What are the symptoms?

    • #32185 Reply

      Steve

      This will fix the issue for us and then we can roll-out the update again: https://support.microsoft.com/en-gb/kb/3185278

      Symptoms: IE 11 starts up blank and unresponsive. Outlook 2010 freezes when using the Reading Pane. McAfee Endpoint Security partially shuts down.

    • #32186 Reply

      Xi

      @woody: When can we install the security only/security only quality updates manually? Have you tested?

      Also, many have issues with Windows Update on Windows 8.1(mostly x86 and on older devices). Manual check for updates take hours but doesn’t complete. However, after struggle, patch Tuesday updates listed in Widows Update, then everyday auto check for updates happen peacefully. Inbuilt troubleshooter and latest troubleshooter from windows update FAQ site find some issues and does fixes but the issue still persists. Is there any workaround/fix?

    • #32187 Reply

      Mr.Magoo

      @Bill;

      “Please use black so older people with marginal eyesight can read posts.”

      +1

      I’ve got the same problems.

      I’ve found changing the screen viewing angle gives better contrast.

      Check out the ease of access center.

      Some techies on this forum might help out here.

    • #32188 Reply

      woody
      Da Boss

      Wait.

      Wait for teh MS-DEFCON level to hit 3 (or higher).

    • #32189 Reply

      walker
      AskWoody Lounger

      @woody: In re: KB3185278, this was an UNCHECKED Optional update received September 20th.

      It was not installed, per last recommendation (for Group B) to not install the unchecked Optional updates (it was 60.2 MB).

      There were no Security Updates pending, just 3 UNCHECKED Optionals. Setting is “NEVER CHECK FOR UPDATES” and has been since I set it up for the Group B – – per instructions.

      Is there anything I should know about the above referenced Security Update as it relates to KB 3185278? There were a total of 3 Optional unchecked updates (and no Security updates) when I set it for Group B requirements.

      I will just continue to wait until the MS-DEFCON level shows the “all clear” and there are more detailed instructions on how each “Group” is to proceed. Thank you for your invaluable help. Don’t know what we would do without you, and your contributors.

      🙂

    • #32190 Reply

      wdburt1

      Grey text: My 80+ year old father used to complain about the same thing when he was still alive. I’m not there yet.

      A suggestion: If you want more contrast, get an M-VA or other “VA” monitor, which are well known for superior contrast vs. TN and IPS monitors. TN monitors are very common in typical consumer displays such as you would find at a big box store. IPS displays have made some inroads but are often preferred photo work. VA displays originally were considered too contrasty for photo work but are now contenders for that use, while retaining their superior contrast.

      I work with text and numbers all day long and believe me this has been a subject well worth investigating. You will have to do some online research to find out what type of panel a particular monitor uses.

    • #32191 Reply

      Alberto Marconi

      Thank you once again LT and Woody for your informative replies. You guys are simply AWESOME. I’ve been a computer user even before Windows came into existence and computers had no keyboards, but I’m learning quite a lot on this site.

      I can relate to other people’s concerns regarding updates but during XP days. I remember that SP2 caused my “then” new PCMCIA wireless card to stop working. I was so frustrated that I uninstalled SP2 and disabled WU completely for almost two years. Only when several other software started requiring SP2 that I reactivated WU and luckily found that the wireless issue had been fixed.

      But that was XP. Since I had no issues with Windows 7 updates in the past and hope this will continue. I will continue to install the monthly rollups as they become available and will try to report to you the results so others will be warned in case of trouble.

    • #32192 Reply

      poohsticks

      @JO,

      I think that the IE add-on that the update catalog requires is supposed to be quite safe to accept on one’s computer, no one has said otherwise here.

      Do you have your IE patched up through September’s patches?
      If you do, I don’t think there is any concern about people using IE for the rest of this month while putting off installing October’s IE patch
      (while waiting for Woody to give the “okay” to install October’s patches).

    • #32193 Reply

      ewh

      Change the color setting in https://www.askwoody.com/wp-content/themes/gear_askwoody/style.css. There are two occurrances where it is defined, div.main and body. Looks like div.main is the one to change. Change it from “#666666” to “black”. I did the change in firebug, and the main text changed to black.

    • #32194 Reply

      Xi

      Thank you.

      What about the Windows 8.1 x86 issue? The internet is good and much faster. However, the Win Update Check taking long time.

    • #32195 Reply

      Michael

      Yes, but we have some test systems that I always push updates to to see if they break anything in our specific environment. 🙂

      Plus, a zero-day flaw, in my view, does warrant speedier evaluation than waiting almost to next month’s updates.

    • #32196 Reply

      Michael

      Especially since the word “Quality” has been tossed into the Security Only Update name for Windows, but in .NET it’s just called “Security Only Update”…

      Yep, Microsoft Standard Operating Procedure…

    • #32197 Reply

      ch100
      AskWoody_MVP

      You only create problems which should not exist by not using IE with the required ActiveX Control for the Microsoft Update Catalog. Please also read @poohsticks reply which is absolutely valid.
      You have to use the right tools for the purpose, beyond any bias.
      Or you don’t need to use the Catalog at all if you decide to patch only from Windows Update as the other method (Group B) is currently supported only for businesses which have specific compliance requirements.

    • #32198 Reply

      Michael

      Yep, thanks for that.

      Honestly, I was headdesking over this. I wonder if the patches were named differently because they came from different teams (ie. the Windows team vs the .NET team) and somewhere a memo didn’t get passed along about naming.

    • #32199 Reply

      ch100
      AskWoody_MVP

      Seriously, “pushed into a corner by the enterprise sector to have those download links easily available”?
      Isn’t the Catalog the repository for businesses in addition to direct downloads for those with specific support agreements?

    • #32200 Reply

      Michael

      Well, some of us have testing machines where we can test any issues particular to our environment without affecting production users. I usually wait about a week for really loud screams before rolling out to test PCs/users, then, unless things break, wait until Defcon 3.

    • #32201 Reply

      GirafeLady

      New to this Forum due to the latest Updates because I didn’t want to install 119.4 MB(!) unless absolutely necessary, nor do I care to have any for IE since I don’t use it & don’t care to as I prefer Mozilla, at home (and can only HOPE they get rid of it at work since it continuously has to “recover webpage” grrr, but that’s another story!) I’m very glad Google search brought me here, and I’ve decided to take your advice re not installing anything until MS-DEFCON 3 or greater, which I’ve not heard of, until just-now. I’ll be you have a particular link that defines/explains it; may I please get that from you? Please also tell me what should be checked and/or unchecked on the “Choose how Windows can install updates” screen (e.g., Recommended Updates: check or not?, etc.) I already changed the Important Updates option to have it let me choose download & install. Also, there is a statement at the bottom: Note: Windows Update might update itself automatically first when checking for other updates. Read privacy statement online (link). Is this anything of concern?

      I imagine I’ll need to check here often, now, for the MS-DEFCON 3 occurrence, as I’m guessing the number of ‘members’ prohibits you from sending that info via email, am I correct?

    • #32202 Reply

      Jo

      Don’t you think the “Oct. 2016 Security Monthly Quality Rollup” will be replaced by the Preview Rollup of November next week?

    • #32203 Reply

      ch100
      AskWoody_MVP

      Is it the EMET issue?

    • #32204 Reply

      woody
      Da Boss

      No. That’ll be a separate, new entry.

    • #32205 Reply

      woody
      Da Boss

      There’s a tab at the top of the page that explains the MS-DEFCOn system. I talk about it in all of my books.

      There’s another tab that explains how to set Automatic Update.

      Windows Update may update itself. Don’t worry about it.

      You can check here often, if you like. Or you can follow me on Twitter, @woodyleonhard. Or you can look at the RSS feed (I use ighome.com). Or you can watch my columns on InfoWorld, http://infoworld.com/blog/woody-on-windows . I seem to have a lot of those lately.

    • #32206 Reply

      woody
      Da Boss

      Perhaps someone else here knows of a good Win 8.1 Update scan speedup trick?

    • #32207 Reply

      Ricardo

      When I try to use te “Microsoft Update Catalog” for downloading updates, IE11 crashes directly after I hit the download button.
      I can however search and select items, so the add-on is properly installed.
      Anybody else had this happening? I’ve got two machines with that same problem.

    • #32208 Reply

      Jo

      Good to know. Thank you!

    • #32209 Reply

      walker
      AskWoody Lounger

      @woody:

      I’m sure I inquired about this previously, however I’m in Group B, and leaning towards changing the “NEVER CHECK for updates” to the “Check for updates but let me choose whether to download and install them”.

      At least this way I can see what is “pending”. I’m sure you stated more than once that both settings accomplish the same purpose, other than the “NEVER CHECK” users accept all responsibility to
      be certain to do the checks themselves.

      Can you please verify this once again? I think I’ve reached “meltdown” just trying to keep up with all of the many discussions and reading them all. Thank you again, Woody…. You are the “BEST”. 🙂

    • #32210 Reply

      Xi

      First, I used Win 8.1 inbuilt troubleshoot and it found and fixed something and Win Update all emptied everything in update history & hidden updates and made no updates to be installed. However, the never ending check for updates still persists. No auto check in background too.

      The same happened with WindowsUpdateDisagnostic.diagcab from Windows Update FAQ.

      The DISM “RestoreHealth” & “StartComponentCleanup” fails even in clean boot and sfc scan too fails to fix corrupted files.

      Only Error checking for main partition is fine.

      The system restore shows only today’s Windows Module Installer.

      Even if KB2919355 is already installed months earlier, I’m trying to install KB2919355 using standalone installer with some hope that it’ll fix the issue but it is taking longer time searching for updates on the computer.

      @woody: What should I do? How to fix this issue without reinstalling the OS?

    • #32211 Reply

      BHODF

      @ewh;

      “I did the change in firebug, and the main text changed to black.”

      Is that action for Woody or individual readers?

    • #32212 Reply

      woody
      Da Boss

      I believe it’s for individual readers. I tried to find something analogous in the WordPress controls, and couldn’t find anything.

    • #32213 Reply

      woody
      Da Boss

      I haven’t a clue. Perhaps abbodi or ch100 can help?

    • #32214 Reply

      woody
      Da Boss

      The only difference between the two settings is a flag that appears – sporadically – down in the notification area, next to the clock.

      Other than that, I don’t know of any other difference. For all intents and purposes, they’re the same thing.

    • #32215 Reply

      walker
      AskWoody Lounger

      @woody: Thank you so very, very much for the prompt and reliable response. I appreciate your help more than words can ever say. 🙂 🙂 🙂

    • #32216 Reply

      poohsticks
    • #32217 Reply

      prk280

      FYI, Today I changed my name from JO to prk280.

      On the day before October’s new patches were released, I finished installing all of the critical and important updates for Windows including the latest cumulative update for Internet Explorer 11. Some recommended and optional updates for Windows remained uninstalled.

      This TechNet page indicates that October’s updates address Internet Explorer vulnerabilities that are rated critical.

      https://technet.microsoft.com/library/security/ms16-118

      I am inclined to stay away from Internet Explorer until I am ready to put on this month’s patches.

      Thank you for the reply and confirming that the Microsoft Update Catalog add-on is safe to install.

      Given all the confusion about the Update Catalog, the Download Center, and Windows Update I am leaning toward putting myself in Group A.

    • #32218 Reply

      prk280

      FYI, Today I changed my name from JO to prk280.

      Thanks for the reply.

      I have never used the Microsoft Update Catalog and would not try to do so without adding the Active X control.

      As I said in my new comment to poohsticks just above, I am leaning toward putting myself in Group A. I still might like to look at the Microsoft Update Catalog out of curiosity.

    • #32219 Reply

      ewh

      Meant for woody, but folks with browsers that support custom css for sites could do what they need. Firefox supports a user defined CSS along with add-ons that support users creating custom styles for sites.

      I do not use WordPress, so my post was to indicate the actual resource clients retrieve that affects the font color. Do not know if WordPress supports direct admin maintenance of stylesheets. I would hope it does. You can try to direct edit and then see if WordPress overwrites anytime you do later edits via WordPress’s interface.

    • #32220 Reply

      woody
      Da Boss

      It may support direct manipulation of the stylesheets. I’ll see if my Web folks can do it.

    • #32221 Reply

      woody
      Da Boss

      Hi, JO!

    • #32222 Reply

      prk280

      The notification of your reply went to the same email address as before my name change to prk280, just as I wanted.

      Thanks for your help Woody.

    • #32223 Reply

      Xi

      Are you referring to abbodi86?

      How to contact them? They both don’t have links on their comments for contacts.
      If you could help me, please ask them to read my comments and provide assistance asap.

    • #32224 Reply

      Xi

      Try with another browser using catalog update direct link which I assume you’ve already installed. I’m suggesting this since we’ve seen more problems/bugs reported on the addon.

      Just add the KB’s to the q value in the link:
      “http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=”

      Downloads from catalog is ease with other browsers. No errors/crashes.

    • #32225 Reply

      TooLoose

      Thanks. I did (and do) have my settings set to notify me of new downloads and let me decide. Microsoft over-rode my setting and installed it at night when the computer was not in use. When I woke the computer up, it was already set at that point where it installed and needed to reboot.

    • #32226 Reply

      cma6

      I have been unable to figure out how to download specific updates from MS download center, e.g. KB3188740

    • #32227 Reply

      cma6

      ” “Security and Quality Rollup for .NET” KB 3188740. ”
      Where does one find that one?

    • #32228 Reply

      woody
      Da Boss

      Windows Update is the easiest spot.

    • #32229 Reply

      cma6

      When I type in the KB# and search on this site
      https://www.microsoft.com/en-us/download
      I have not been able to find any downloads.

    • #32230 Reply

      woody
      Da Boss
    • #32231 Reply

      cma6

      Thanks for the MS URL; now I see it.

    • #32232 Reply

      Willie

      I have left some updates alone–like Time Zone updates for Russia or Egypt, etc. Why do I need them anyway?!!!

    • #32233 Reply

      Willie

      I sent you a comment 2 minutes ago. Please reply. Thx

    • #32234 Reply

      woody
      Da Boss

      Alas, I rule this site with a velvet iron hand. 🙂

      I, personally, review every post before it appears.

    • #32235 Reply

      woody
      Da Boss

      You probably don’t. That’s why I talk about Group B.

    • #32236 Reply

      KatieH

      KB319391 installed on 10-14, a little prematurely, I think, since I didn’t read all the askwoody threads on the new update system. You advise waiting a little while before taking this step. Immediately, I had problems in IE11(Dell Inspiron, Windows7-64, SP1). The Explorer window froze every time I did a Google search. It didn’t just freeze the tab with the Google search, but froze all other tabs too. I then had to kill all explorer processes, but even that was difficult because it kept trying to reload the dead tabs.

      I uninstalled today and thus far (fingers crossed)the Explorer seems to be its old self. Lesson learned. Also, after the uninstall it took my computer almost an hour to “prepare to reconfigure Windows.

    • #32237 Reply

      Rio

      “Security Monthly Quality Rollup” instead of “Security and Quality Monthly Rollup” – isn’t that like saying “peanut butter sandwich and jelly”?

    • #32238 Reply

      woody
      Da Boss

      HA!

      Yep, they’re all Quality. Every single bit.

    • #32239 Reply

      Jason

      I’ve tested all of these updates on my VM’s for Windows 7. It appears that one of the KB’s, and my guess is, KB3192391, as my last test was only to install the October Security Only Quality Update, now launches this website when opening IE 11 after the update reboot.

      https://mybrowser.microsoft.com/iewelcome?bpa=1

      Not a huge issue for home users, but it is for an enterprise environment.

      I’m looking into removing this setting.

      We had previously applied the EOL notification for IE back in January and disabled the Win 10 notifications along with not deploying Windows feature updates for more than 6 months now.

    • #32240 Reply

      woody
      Da Boss

      OUCH. So KB3192391 hijacks the IE 11 start page? (Temporarily, I assume?)

    • #32241 Reply

      KatieH

      Apparently there is an IE11 security update which is included in KB3192391. MS16-118 is listed as “critical” for IE11 in Windows7-64. The question now is whether it is advisable, necessary, or even possible to download and install MS16-118.

      The Explorer start page wasn’t hijacked unless I input a Google search. Other pages loaded just fine. However, once I did a Google search in a new tab, the other tabs froze in addition to the tab with the Google search.

    • #32242 Reply

      walker
      AskWoody Lounger

      It’s as “clear as mud”!!! Wonder what else they can do to make it all as obfuscated as possible!!!

    • #32243 Reply

      Erik

      Hi!

      Is it safe to install KB3192391 yet?

    • #32244 Reply

      woody
      Da Boss

      Wait!

      There’s nothing in KB3192391 that you need – as long as you don’t use Internet Explorer or Edge, and you don’t open unknown RTF files in Word.

      Wait for the rest of the problems to shake out.

    • #32245 Reply

      ch100
      AskWoody_MVP

      🙂

    • #32246 Reply

      ch100
      AskWoody_MVP

      Is Adobe owned by Microsoft?!
      This is ridiculous
      “Install and enable free Acrobat Reader DC to view PDFs”
      Why not “Install Google Chrome/Firefox/Safari/Opera to browse the web” or “Set Google Search as the default search provider”

    • #32247 Reply

      ch100
      AskWoody_MVP

      You have an advertisement on the page from Google to use Google Chrome – top right. That problem is created by Google and not by Microsoft.

    • #32248 Reply

      cma6

      “Some people report getting KB 3199209 on their Win10 1607 machines.”

      Assuming one has turned off automatic download/install on a Win 10 machine, and then along comes an update like KB3192391, where the wisdom, after several weeks, is not to install it.
      Them after another few weeks on patch Tuesday, we will nevertheless have updates we want or have to install, say a security update KB1234568. How in Win 10 can one then install the later update KB1234568 but avoid installing KB3192391?

    • #32249 Reply

      woody
      Da Boss

      By using wushowhide.

      That’s why I haven’t yet given the go-ahead to install 3199209. It looks good, but I want to give it a few days to ferment.

      There’s no immediate pressing reason to install it, as best I can tell.

    • #32250 Reply

      cma6

      Woody,
      Thanks for the reply. I meant to exam the case where you finally decided that KB3199209 should not be installed. Then, 5 weeks later, we want and need to do additional Win 10 updates. Is there a method to install those later updates but exclude KB3199209?

    • #32251 Reply

      Tina

      Hi Woody, I’ve got the updates and it recommended to Install. I would like to ask you if these updates are secure or some of them can harm my computer? may you please advise me on which ones are secure and which are not. Thank you. KB2267602 (definition 1.229.2042.0), KB3188743.KB3185331,KB3194343,KB3174644, KB3175024,KB3177186,KB3178539, KB3184122,KB3184943,KB3185911,KB3187754, KB3182203, KB890830
      Your advice is very important to me as we live in a country where is no computer specialists who can sort out computer if anything will go wrong.

    • #32252 Reply

      woody
      Da Boss

      WAIT!

      There are no updates currently on offer that you absolutely need. As long as you don’t use IE or Edge, and you don’t open RTF files in Word from unknown sources, you’re fine.

    • #32253 Reply

      woody
      Da Boss

      If that were the case – I think 3199209 will prove to be OK – yes, you can exclude one specific update by using wushowhide. If we get to that point, I’ll provide full instructions.

    • #32254 Reply

      Tina

      Hi Woody, Where I can check if some update are secure? Microsoft sent me updates for devices that are not in my computer like Canon printer, Windows Defender that I am not using and never installed, Windows malicious software removal tool. I cannot understand what is going on with Windows.There are 14 Importand updates and 27 optoional and I’ve been lost what is really needed and what only will clog my computer. Are there any tutorial on how to recognise what updates are really needed for the PC, any links? Thank you Woody

    • #32255 Reply

      Tina

      Thank you very much, Woody. I am feeling like a heavy stone fallen from my head! Thank you, and I am glad to discover your web-site today. There is another message I sent you, hope you will answer. Have a nice day.

    • #32256 Reply

      woody
      Da Boss

      Sure. See the links above for the MS-DEFCON system, and Automatic Updates.

      Basic idea is straightforward: Don’t install anything until we’ve switched to MS-DEFCON 3 or 4 (or even 5). When you see the new MS-DEFCON rating, there will be detailed instructions on what to install, and how to do it.

      You can check back here from time to time, link to my RSS feed, follow me on Twitter @woodyleonhard, or keep an eye on my InfoWorld columns. I’m going to be writing more about monthly patching in InfoWorld, in the future.

    • #32257 Reply

      Tina

      Woody, I really need your help now, PLEASE. I have Windows 8.1, and installed GWXStopper 2.40, so far it worked well. Today, when I decided to update my Windows, the window opened saying “Your Upgrade to Windows 10 is ready. Restart your computer.” How I can rid off that Windows 10 from my computer? Please help me.

    • #32258 Reply

      Tina

      That’s’ great, Thank you so much, surely I will keep in touch with you, Woody. I cancelled all updates, but I even couldn’t imagine Windows will install also Windows 10. What a company! I cannot trust them any more! Is it possible to switch to other operating system?

    • #32259 Reply

      woody
      Da Boss

      If you don’t specifically need Windows programs, you should really look into getting a Chromebook – although the snooping is worse on the Google side.

    • #32260 Reply

      woody
      Da Boss

      You shouldn’t be getting any free upgrade “offers.”

      I’d say restart your computer and if you get shoved into Windows 10, see this:

      http://www.infoworld.com/article/3074096/microsoft-windows/hit-by-an-unexpected-windows-10-upgrade-heres-how-to-recover.html

    • #32261 Reply

      Erik

      So there is no way to exploit Security Update for Microsoft Graphics Component (3192884) via Firefox?

      Thanks in advance!

    • #32262 Reply

      woody
      Da Boss

      I’m not aware of anything in particular with Firefox. Do you have a link?

    • #32263 Reply

      TooLoose

      I’m back, but this time I have a story.

      As I reported before, MS installed some crap on my computer without my permission. I have my update settings set to inform me but let me decide.

      Today they attacked my other computer in the house. It’s a laptop, Windows7. It came with W10 but I uninstalled it.

      This afternoon when I booted up my computer wouldn’t start. I turned it on and off a few times and then finally a Start Up Repair screen popped up. I ran it and after some time the computer booted. There was a big GWX10 inventory list on my desktop. And a GWX10 icon, too. And an invitation to download a monthly quality update, KB 3185330. Cough – Cough.

      I uninstalled GWX but I don’t know what to do with this monthly quality update because I don’t want it on this computer. They already forced it on my other computer.

      Is this legal?

      Any suggestions on what to do?

    • #32264 Reply

      Tess

      Same thing happened to me. I uninstalled the update. Now what???? This happened back in the summer with an update. I did a restore and that worked and now I install each update one at a time so I can grab the culprit if I get an immediate problem.

    • #32265 Reply

      GirafeLady

      Thanks for all the info, Woody; I’ll be sure to read through all of it; especially being someone who got hit by that nasty Ransom virus —— yup, 12 years of work-product, my consultancy business, my “Journey Through Breast Cancer” journal, family photos, etc. etc. etc., all encrypted “as though they never existed;” (yet, somehow, Outlook still thrives, go fig), and I kept the computer just in case someone finds a “cure” —— so, as you can imagine, I’m quite skeptical and leery at times about what to do so THAT never happens, again, and quite grateful that the ‘man who wrote the books’ is the one giving out this important advice! Let me just say, “THANK YOU” again! Now, however, I’ve become a bit on the leery side since there’s been no chatter in this forum since the 20th, except for this last one on the 25th … where did everyone go?!

    • #32266 Reply

      woody
      Da Boss

      AskWoody is getting hundreds of posts a day. I don’t publish main articles all that frequently – looking at a shift in several things. (He says mysteriously.)

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Don’t install any updates yet – but here’s where to find them

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: