Woody Leonhard's no-bull news, tips and help for Windows and Office
Home icon Home icon Home icon Email icon RSS icon
  • Windows 7, 8.1 patches are up

    Posted on January 10th, 2017 at 13:05 woody 145 comments

    OK, not exactly. Other than MSRT, there are no patches for 8.1, and only one small security patch (plus a Flash patch) for Win7.

    This month only we’re getting old-fashioned Security Bulletins (such as they are) plus the new Security Updates Guide.

    MS17-001 for Edge only – “important” (which means it isn’t really important)

    MS17-002 – Word 2016 and SharePoint Enterprise 2016 – critical

    MS17-003 – Flash Player but only on 8.1 and 10 – critical

    MS 17-004 – Only on Vista and Win7 – important

    Windows 7 

    January 10, 2017—KB3212642 (Security-only update)
    This update includes only security fixes. No new operating system features are being introduced in this update.

    January 10, 2017—KB3212646 (Monthly Rollup)
    Includes the Security-only update above, plus the non-security stuff in last month’s Dec. 13 Monthly Rollup.

    Windows 8.1

    “There are no security fixes or quality improvements for release on January 10, 2017. As such, there is no Security-only update nor Monthly Rollup release for this month.”

    That’s the lightest Patch Tuesday I’ve ever seen.

    Reminder: We’re still on MS-DEFCON 2. Wait to see what happens to everybody else.

    If that helped, take a second to support AskWoody on Patreon

    145 Responses to “Windows 7, 8.1 patches are up”

    1. inekemaa says:

      Today I saw that I can install an update for Bitsdefender KB915597 (definiotion
      Once it is installed, it can not be removed, say the information
      I am group B and install only security updates. What to do with this update?

    2. Terry Pickleson says:

      One more question. Do you think it’s plausible that Flash Player will be patched out of Windows 8.1 & 10 at some point? I mean with HTML 5 becoming the de facto standard and Flash just being a security hazard all around wouldn’t it make sense to patch it out? Or would it not be possible to patch it out?

      • ch100 says:

        I think Flash support will be discontinued at the time Adobe will discontinue it and it is not much time left until then.

    3. Perry Andrew says:

      Subsequent to installing KB3212646 for Windows 7-32 bit, I no longer get bubble saying “safe to remove hardware” when I use the disconnect feature located in the system tray. Although USB connected devices no longer appear in “Devices with Removable Storage,” there’s no way of knowing whether it’s truly safe to disconnect. The only way I can get the bubble to appear is by locating the connected device and ejecting it by right clicking in the context menu. I’ve tried rolling back my system to October 2016 (it works fine there) using a recovery disk, but I get the same problem after installing January, 2017 Security Monthly Quality Rollup KB3212646. Does anyone else notice this problem?

      • ch100 says:

        This is the current Windows 10 behaviour.
        The only way to know if it is safe to disconnect USB storage is to check Windows Explorer or Device Manager for the device to disappear.
        If it is not safe to disconnect, then Windows would warn you, but it may take a while, so waiting for that warning may not be the most reliable method.

        • messager7777777 says:

          @ ch100 ……. Fyi, Perry Andrew was referring to “installing KB3212646 for Win 7” n not for Win 10.

        • Perry Andrew says:

          I’ll just use “eject” from the windows explorer context menu. The “safe to remove hardware” balloon appears through this mode only. I’ll miss safely removing hardware via my system-tray though.

          • ch100 says:

            Thanks. This is interesting to know, so the baloon appears in Explorer, but not in the tray.
            My reference was about the tray behaviour, as I was not even aware of the Explorer functionality.
            I don’t see the Eject command in Windows 10 for anything other than CD/DVD. There may be a way to enable it though.

            • Perry Andrew says:

              The eject feature — through right-clicking in the explorer context menu — will not work if your USB device is an external hard drive with multiple partitions (there’s no eject feature available). In that case, I’m forced to use the system tray “safely remove hardware” feature. Again, there’s no balloon notification that it is indeed safe to remove. I’m sure this is a consequence of installing the Jan 2017 Sec. MQR KB3212646 for Windows 7. I’ve also tried to use the eject feature in control panel “Devices and Printers.” There’s no balloon-tip pop-up in the system tray indicating a safe hardware removal. As I mentioned previously, if I recover my OS from my December backup (I use Acronis True Image – has never failed me), the issue is resolved.

        • Perry Andrew says:

          Thanks for the info. Yes, I have another PC using Windows 10, and the notifications are different in system-tray ejected devices. Unfortunately, this is a direct consequence of installing KB3212646 for Windows 7. Without going into detail, it’s likely that this update altered a registry key in HKEY_CURRENT_USER >> Software >> Microsoft >> Windows >> Current Version >> Explorer >> Advanced >> EnableBalloonTips. It’s not a simple fix.

          • ch100 says:

            What I said is that Microsoft may intend to align Windows 7 with Windows 10 from that point of view.
            Most users including systems administrators are careless when it comes to ejecting USB devices and just pull them out. So I think Microsoft just changed the behaviour of the notification to be more aligned with the behaviour of the majority of users. I agree that this is annoying for those of us who care about the integrity of our data and devices and would take an extra click to eject safely.

      • abbodi86 says:

        No issue here

        KB3212646 actually do not have any new fixes related to USB or devices

        • Perry Andrew says:

          I forgot to ask. Do I need to recover my OS pre-October, and do the Security Only Rollups from that point forward? I can’t find the Security Only Rollups for October or November 2016 on Microsoft’s support site.

          • ch100 says:

            It is your choice.
            I would say stay mainstream and install whatever comes to have your system as intended and fully supported.
            Other people would recommend otherwise.

      • GoneToPlaid says:

        Hello Perry,

        KB3212646 is the January 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. This rollup installs deep telemetry by updating the Universal C runtime libraries, as do the October through December Quality Rollups. I suspect that the updated C runtimes with telemetry are interfering with your USB drivers. So what you want to do is to uninstall the Quality Rollups and instead install the equivalent Security Only Rollups. Here is a link to my PDF which lists Windows 7 updates which are Win10 related, or which install telemetry, or which are known to cause other issues:


        For the Quality Rollups, see the Comments column which lists the Security Only KB update number which you can download from the Microsoft Update Catalog.

        • Perry Andrew says:

          Thanks for that! I’m OK with using workarounds to safely delete hardware – for now. So far, unplugging my USB devices hasn’t caused any data failure on the drives. I did note that, when I do a properties-check on the connected device in Device Manager, the Removal Policy setting had switched from “Better Performance” to “Quick Removal (default).” I’ve always had my USB devices configured for “Better Performance.” So, I had to switch them all back. This is likely a consequence of updating to KB3212646. Odd! The deep telemetry needs to be removed from my system. I’ve noticed a substantial slow-down in browsing with Firefox, etc. I’m going to recover my OS from a backup pre-October 2016 and work from there with the Security Only Rollups. Such fun!

          • GonToPlaid says:

            Nah. You can sequentially uninstall the Monthly Quality Rollups which have telemetry, and then uninstall any other updates shown in my PDF file which installed telemetry, and then install the Monthly Security Only rollups. That might be faster than reinstalling from your pre-October backup since you would first have to back up all new data files since that last good backup.

        • Clueless says:

          @Gone to Plaid

          Many Thanks for the link to your PDF list.
          Have you any other goodies which might benefit a ‘clueless’ user?
          Always learning.

        • abbodi86 says:


          Maybe you should be certain of things before spreading them as facts

          Monthly Rollup do not contain Universal C runtimes, and those has nothing to do with telemetry, they are merely Visual C++ redistributables like other versions (2005,2008,2010,2012,2015,2017)

          apparently, you confusing Universal C with “Unified Telemetry Client”, which is included in the Rollup, but has no impact at all on the devices or system functionality

          • GonToPlaid says:

            Alright. I was a bit confused. Nevertheless, with the December Security Monthly Quality Rollup accidentally installed instead of the Security Only Rollup, I noted a slowdown of my computers, apparently due to the telemetry which was continuously being gathered. This slowdown disappeared once I uninstalled that Security Monthly Quality Rollup and installed the Security Only Rollup. Just a guess, but I think that my antivirus program didn’t like dealing with the telemetry monitoring which was going on.

          • messager7777777 says:

            @ abbodi86 ……. About Universal C Runtime updates in Win 7, others believe they r connected to Telemetry n the Win 10 upgrade. …
            ElderN replied on Feb 01, 2016

            At least some of these SFC problems are because you have KB3068708 installed and if you were to read in the Additional information section about the update it is known to cause allegedly benign errors from sfc /scannow:


            No troubleshooter will resolve those problems, but you can try.

            That KB is part of the Windows Customer Experience Improvement Program (CEIP) and some folks think that participation is an attempt from Microsoft to spy on them, their system and their activities and choose to opt out of the CEIP.

            Many folks just blindly install all the MS updates that are offered thinking that they must really be necessary since MS is offering them to you so why not install them? Then when you read about what they do you might not be so thrilled with having them installed.

            There are a handful of other updates that are part of CEIP and also efforts by MS to get you to upgrade your system to Windows 10 so what you can do is if you have the updates installed, uninstall them and then hide them so you never see them again then see how your sfc /scannow behaves.

            Here are some updates that you might want to think twice about having on your system taken from this topic (as usual don’t pay any attention to the replies from the Microsoft engaged Support Engineer “experts”):


            Here is a list of updates you don’t need from Wilders Security Forum that you might also check out:

            KB2952664 Compatibility update for upgrading Windows 7
            KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
            KB3021917 Update to Windows 7 SP1 for performance improvements
            KB3022345 Update for customer experience and diagnostic telemetry
            KB3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1
            KB3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
            KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
            KB3080149 Update for customer experience and diagnostic telemetry

            KB2976978 Ease upgrade to latest version of Windows

            KB2977759 Ensure compatibility to Win10

            KB2999226 Windows 10 Universal C Runtime (CRT) for earlier OS’s

            KB3090045 applies to some reserved devices that are upgrading to Windows 10 from Windows 8.1 or Windows 7
            KB3123862 adds capabilities to some computers that lets users easily learn about Windows 10
            Excerpted from …

            • abbodi86 says:

              Well, others do not understand the situation, they just see the word “10” and start to panic 🙂

              UCRT is just a modern C runtimes, and it’s embedded/included in Visual C++ Redistributable 2015 and the upcoming 2017 version

              for Vista/7/8/8.1 it’s deployed as separate update package
              for XP (yes it’s supported), it’s part of the Redistributable package

            • ch100 says:

              “Many folks just blindly install all the MS updates that are offered thinking that they must really be necessary since MS is offering them to you so why not install them? Then when you read about what they do you might not be so thrilled with having them installed.”

              I am only asking you one thing. When a new Service Pack is released, do you question everything that is included in that Service Pack?
              The updates released monthly are the same thing like Service Packs, only installed in an incremental manner.
              If Microsoft is to release a new Service Pack for Windows 7, they would include everything, including the telemetry patches and reset the base at some stage.

              • messager7777777 says:

                @ ch100 ……. If M$ r to release a Win 7 SP2, which most users doubt M$ will, n publicly state that Telemetry updates r included, I would refuse to hv the SP2 installed on my Win 7 SP1 cptr.
                ……. This is no different from me previously perusing every important update from M$ b4 installing n … refusing M$’s Telemetry updates on my Win 7 SP1 cptr since Sept 2015 n later being in Group C/W(= refusing all updates from M$). Today, my non-updated Win 7 SP1 is still running fine – of course, together with safe-browsing practices n an AV program installed, … notwithstanding the many FUD from M$ shills/apologists.

                If M$ r to release a Win 7 SP2, they will likely hide their Telemetry updates inside the SP2 n won’t inform the users about them, in order to trick the users to ignorantly install their Telemetry updates(esp if they r NSA spyware).
                ……. This would be similar to how M$ hid their GWX KB3035583 inside the security update for IE 11, ie KB3139929, in April 2016 n tricked many tech-savvy Win 7 users into ignorantly installing the GWX/Win 10 scheduled upgrade.
                To each his/her own.

                • abbodi86 says:

                  “f M$ r to release a Win 7 SP2, they will likely hide their Telemetry updates inside the SP2 n won’t inform the users about them”

                  This simply a false accusation
                  all telemetry updates are announced clearly by MSFT

                  do you think you will know about KB3075249 or IE11 one without such announcement? no.

                  • ch100 says:

                    Too much FUD here on this site and there are few posters who although are trying hard, have only a partial understanding of the issues involved, but genuinely believe otherwise.

        • JHSydney says:

          May be slightly off-topic, but since v50+ Firefox it system overheads have ballooned. It regularly uses 900MB-1.5GB RAM on my Win7Ent system. I’ve tried all Ffx-suggested tips’n’tricks, to little effect.

          Then there’re the two quite large Flash processes, etc.

          IE11 usually maxes RAM needs at 350-500MB. WTF?

          • ch100 says:

            It is the new “normal”.
            Consumers telling engineers what to do and there was so much pressure on the Firefox developers not to be left behind Chrome that they broke their own browser due to the fact that Chrome was using multiprocess and they didn’t.
            This means that like with Chrome, the users who will benefit will be those with huge resources and Internet bandwidth, while the others will have to catch up or be left behind.

          • DonnaT says:

            I noticed the same with FF and tried to fix it, to no avail. I usually check on occasion and if it’s really huge, I shut down FF and restart. Not very elegant, but I don’t know what else I can do except switch browsers. And I like FF. Do not like this new behavior!

    4. Toa Of Justice says:

      KB3212646 slowed down startup programs for me. After I uninstalled KB3212646, my startup programs went back to normal.

      • Gal says:

        you should install KB3212642 not KB3212646 !!!

        • Toa Of Justice says:

          That worked for me. Thank you.

        • Walker says:


          Where can the KB3212642 (Security-only update) be found?? Haven’t seen anything yet about it.

          I’m not planning on installing anything, however need to know where to find this one. Would it be in the MS Catalog, under Win 7, x64?

          Thank you for your help. 🙂

        • Toa Of Justice says:

          Unfortunately, tonight I noticed the same slowdown of startup programs again. Uninstalling KB3212642 brought my system back to normal.

          • Chris M says:

            I am group A. I have previously hidden KB3212646 as advised.

            Even though we have returned to DEFCON-3, I’m not sure I’d like to install KB3212646 yet without a comment from our great leader Woody on the “startup program slowdown” concerns.

            Thank you everyone for your feedback so far!

            Stay vigilant.

    5. Bill C. says:

      I just found an interesting development on a former work colleague’s Win7-64 SP1 Home laptop after the update session for the January patches (Group A).

      She turns WU to “Never” right before patch Tuesday, and then waits for a the go ahead from an IT person at work as she was hit with the Intel BT glitch a few months ago and he helped her out and recommended she wait a few days for the updates. She had just gotten the go ahead to update and executed a manual WU scan and installed the January rollup and MSRT. Normally after the patching she returns the laptop to notify, but do not download/with give recommended updates unchecked.

      When she checked the Update History, it showed a sting of failed MSE updates, but the applet itself never showed a failed update. I told her to ask her friend first, but he was not familiar with MSE.

      I told her to leave the WU on never and uninstall MSE and reboot. I sent the URL to download the most recent version of MSE. She ran and installed it and I walked her though the settings and said wait a few hours and then run a quick MSE scan to see if it updated the definitions before the scan, and it updated successfully. Later in the day after getting the go ahead from her friend to set it back to notify only with recommended updates unchecked, she checked the Update History and found it had done an automatic definitions update successfully.

      What was interesting was that she said the WU system was no longer on Never, but was set to full automatic for updates with recommended updates still unchecked. I asked if it was possible she did not say OK and backed out without confirming and she said no. I asked her what version of IE she had and she said that too was set to allow auto updating.

      I installed the January rollup on the old laptop I was ‘gifted’ (now a Group A canary in the coal mine) and then checked IE and it too was set to update itself. I did not do an MSE uninstall/reinstall. Unfortunately, I had never checked the IE checkbox after the prior rollups.

      Has anyone heard of the January Rollup (or earlier) or the new MSE new installs resetting WU or IE update settings?

      Stay vigilant!

    6. messager7777777 says:

      @ Bill C ……. Installing MSE or some other M$ software will reset Windows Update setting to automatic. This is “normal”.

      • Bill C. says:

        I understand some MS software did change WU if you asked for updates.

        However, I have reinstalled MSE at least 3 times on each of my Win7 machines and never had it change WU settings. Of these installations, only 2 were installs of the most current version. Even those installed on 2 different machines left the WU settings alone.

        I know because I religiously check WU settings as well as services.msc after all MS patching/updating since GWX.

        The only time I ever found a change in WU was when I installed MS Office a few years ago (pre-GWX), and more recently Office 2013 for a friend, and when I first upgraded to IE11 way back.

    Leave a Reply