• Microsoft pulls MS 3197868, the Win7 Security Rollup that blew apart Malwarebytes

    Thanks to Abbodi…

    Microsoft has pulled KB 3197868. You can search for it in the Update Catalog:


    That’s right. The November Monthly Rollup for Win7 ain’t there any more.

    I guess that settles the question of whether Malwarebytes or Microsoft made a mistake. Malwarebytes stated a week ago:

    This false positive was caused by Microsoft not digitally signing over 500 files included in “November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB3197868)”. Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future.

    and they haven’t changed their tune.

    Malwarebytes fixed the problem very quickly. If you’ve updated Malwarebytes Anti-Malware in the past week, you’re fine.

    Those of you in Group A who haven’t yet applied the November patches can go ahead.

    Remarkably, the Preview of next month’s Monthly Rollup is still in the Update Catalog. Sounds like Microsoft forgot to sign 500 files in the November Monthly Rollup, but remembered to sign them in the preview of next month’s Monthly Rollup.

    No idea if we’ll get KB 3197868 back before the turkeys gobble.

    UPDATE: On Wednesday evening, both November Monthly Rollups, KB3197874 and KB3197868, came back online. They’re marked “Last modified: 11/23/2016”. No idea why they were pulled – and Microsoft isn’t saying.