News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 1: If you didn’t get the September updates installed, fuhgeddaboutit

    Posted on October 6th, 2018 at 05:35 woody Comment on the AskWoody Lounge

    My previous MS-DEFCON 3 setting didn’t apply to clicking “Check for updates,” of course. But this is getting stupid.

    There’s no good reason to update anything right now.

    Nothing.

    MS-DEFCON 1: Current Microsoft patches are causing havoc. Don’t patch.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums MS-DEFCON 1: If you didn’t get the September updates installed, fuhgeddaboutit

    This topic contains 75 replies, has 31 voices, and was last updated by  anonymous 5 months, 1 week ago.

    • Author
      Posts
    • #222184 Reply

      woody
      Da Boss

      My previous MS-DEFCON 3 setting didn’t apply to clicking “Check for updates,” of course. But this is getting stupid. There’s no good reason to update
      [See the full post at: MS-DEFCON 1: If you didn’t get the September updates installed, fuhgeddaboutit]

    • #222186 Reply

      anonymous

      I installed 1809 on all my machines at home and in my lab. I didn’t have a single issue.

    • #222197 Reply

      WildBill
      AskWoody Plus

      I can understand about Windows 10 whatever. I installed Windows 8.1 updates the evening of Oct. 1st. Nevertheless, if you’re on Win7 or Win8.1 & lollygagged for the week, I think it’s OK to install your updates ASAP. Or before Patch Tuesday for sure! Be sure to Backup, just in case…

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      6 users thanked author for this post.
      • #222870 Reply

        geekdom
        AskWoody Plus

        It’s always good to backup before there’s a problem.

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
    • #222220 Reply

      Rick59
      AskWoody Lounger

      With all the means that Microsoft and others have there surely must be a way to identify setups that are more prone to getting borked than others by updates.

      I have never had a significant issue with updates since the days of Win 98.

      I am not sure why I have been so fortunate but I try to run my machines as “lean” as possible and do you use tools for clean up like CCleaner.

      Updated 2 fairly new Lenovo laptops to 1809 without a hiccup this week and they seem to run a bit snappier than with 1803.

       

    • #222235 Reply

      FakeNinja
      AskWoody Lounger

      Thank goodness I didn’t install the updates when MS-DEFCON was on 3. I checked the update on Microsoft’s website and found soo many problems with it, so I just decided to skip it.

    • #222242 Reply

      GreatAndPowerfulTech
      AskWoody Lounger

      When Microsoft pulled v1809 yesterday, that should be a huge red flag that their OS is no longer the best one for people to use, other than businesses stuck using older software designed for Windows. Chromebooks run and update so smoothly today, they make Windows look like it’s on life support.

      GreatAndPowerfulTech

      4 users thanked author for this post.
      • #222292 Reply

        bknight721
        AskWoody Lounger

        I agree. It’s time to dump Windows unless you have a specific need. I’m going to Linux because I trust Google even less than I trust Microsoft. My disgust with Microsoft is fairly recent but I’ve hated Google and their [edited – kvetching] to privacy concerns since day one.

        Group "L": Linux Mint dual-booting Windows 10 Pro.

        5 users thanked author for this post.
    • #222250 Reply

      ht
      AskWoody Lounger

      Does this apply to September Win7 updates as well?

      1 user thanked author for this post.
      • #222257 Reply

        PKCano
        Da Boss

        Sept Win7 updates should be OK to install. NOTHING dated in October, though.

        8 users thanked author for this post.
        • #222333 Reply

          Charlie
          AskWoody Plus

          Thank Goodness.  I’ve already updated my Windows 7 computer with no problems so far.  Also, I’m a Group B’er.  My rapidly beating heart is slowing down a bit now after getting the **** scared out of me!  Thanks PKCano for that info.

          Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

          • #222345 Reply

            anonymous

            i was freaking, too… as i was right in the middle of patching when i saw the shift back to MS-DEFCON 1 while browsing on my iPad. Whew!

          • #222385 Reply

            Bill C.
            AskWoody Plus

            I am Win7-64Pro, Group B at home and also Group “L”. If Microsoft is trying to make me consider WIndows 10, they have utterly failed and continue to fail. Forget the slurp and snoop, forget the UWP and tiles, and forget the loss of control, but I cannot forget the glitches in updates and now the loss of personal files. I know you should have backup for “just in case’, but when ‘in case’ becomes the norm, no.

            They should have fired the advertising and PR folks and kept the QC folks.

            I am so glad I converted the organizational Win10 laptop to airplane mode and totally offline. It is on a release prior to 1703, and will stay that way, solely for ID production. And to think I was cseriously considering letting it update, and give Win10 a longer try…, will, uhhh, NO!!! Not now! I need a machine that is reliable when I need it. I see no progress just more of the same over and over, coincidentally, one definition of insanity.

            The last few days posts about 1809 and now DefCon 1 have provided hard evidence.

            Group “B” until EOL, then Group “L” and iPad.

            2 users thanked author for this post.
        • #223412 Reply

          anonymous

          Just taken your advice and applied September’s updates to Win 7 Prof 64bit ASUS AMD system. No problems though a little worrying at one point. After rebooting I logged back in as Admin and that took a long time. Then logged in under a user account and that took ages during which I had an empty desktop screen except for a dialog box

          Setting up personalized settings for Windows Desktop Update

          Don’t recall seeing that before. Had visions of having all my desktop icons scrambled but it eventually loaded the desktop OK. Phew! I had backed up the C: partition beforehand just in case. The whole process must of taken an hour or more. I’ve better things to do in my life than fight Windows 🙁

          Alan, UK

      • #222579 Reply

        alpha128
        AskWoody Lounger

        I’m running Windows 7 Pro x64.  I installed the Windows 7 (KB4457144) and .NET (KB4457918) rollups on my computer yesterday (Oct. 6, 2018) without incident.

        When Woody raised the DEFCON level on Monday (Oct. 1, 2018),  I effectively ignored it until yesterday, as I do not have time to install updates during the week.

         

        • #222614 Reply

          Charlie
          AskWoody Plus

          Better get the September updates for Win 7 now because it’s the coming October updates and the Windows 10 1809 thing that are the real problem.

          Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

          1 user thanked author for this post.
    • #222251 Reply

      Arvy
      AskWoody Lounger

      Oh well, the W10.1809 update was an “interesting” adventure and easily recovered with no harm done thanks to three (3) full system backups with Terabyte IFW among others. :^)

      In fact, in my case, it was all quite smooth with no data loss at all, but probably best reverted until MS gets the installer mess sorted out … not that they’ll ever get it sorted out completely.  MS is among the worst offenders for failing to clean up obsolete code and registry entries and their “leftover” garbage is a major source of at least some of the update glitches and bad user experiences.

      Asus ROG Maximus XI Code board; Intel i9-9900K CPU; 32 GB DDR4-3600 RAM; Nvidia GTX1080 GPU; 2x512 GB Samsung 970 Pro M.2 NVMe; 2x2 TB Samsung 860 Pro SSDs; Windows 10.1809; Linux Mint 19.1; Terabyte Backup & Recovery
    • #222258 Reply

      John
      AskWoody Lounger

      I didn’t see a reason to be in a hurry for the 1809 upgrade.

    • #222262 Reply

      anonymous

      8.1 Group B here.

      I installed PK Kano’s updates of 4457143, 4457426 and 4463376 together with the net framework, Flash, and M$ Malicious Software Removal Tool offered by M$ and all seems well.

    • #222270 Reply

      geekdom
      AskWoody Plus

      Backup early.
      Backup often.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      5 users thanked author for this post.
      • #222415 Reply

        Jan K.
        AskWoody Lounger

        It’s even more important to have a tried and tested restore procedure!

        How to pick out single files for restore?
        Auto restore for differential files only?
        Bare metal restore?

        With backup and restore strategy in place, you can with peace on mind lean back, relax, light a little smoke and click, whatever you like. Even an innocent little click on “Check for updates”…

        See? Again the biggest threat to the system is Microsoft… well done, you.

        • #222421 Reply

          geekdom
          AskWoody Plus

          System Restore does not restore lost data.

          Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
          • #222593 Reply

            Jan K.
            AskWoody Lounger

            I’m certainly not talking about Microsoft Windows’ System Restore…. never found that to be entirely trusted.

            No, I was talking about third party backup/restore software. I like and use Acronis.

          • #222619 Reply

            OscarCP
            AskWoody Plus

            Using a restore point restores only System files to “bring the OS back to a previous state” (the one before the trouble started), for example the all-important Registry.

            To restore user’s data is what data back ups are for.

    • #222271 Reply

      Seff
      AskWoody Plus

      Just a suggestion, but when such an alarmist headline and brief article relates solely to one version of Windows, might it not be best for that to be made clear?

      7 users thanked author for this post.
      • #222272 Reply

        geekdom
        AskWoody Plus

        I figure the alarm is cautionary advice for all of us — regardless of version.

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
        3 users thanked author for this post.
        • #222302 Reply

          Seff
          AskWoody Plus

          There’s nothing in the article to say either way, but it would seem from the comments and from previous recent articles that the only thing that has changed since DEFCON3 is the 1809 debacle for Windows 10. No-one has given any reason not to install the September updates for Windows 7 and 8.1 yet the article is non-specific.

          It’s an odd one, because we’re approaching October patch day and therefore the DEFCON rating would be changing anyway, but it’s the alarmist nature of the headline and article that seems to distinguish this particular advice from that normally given at this stage of the patching cycle, and that would seem to be entirely down to Windows 10.

          I happily stand to be corrected, but it seemed to me that some version clarity was desirable in these warnings.

          3 users thanked author for this post.
          • #222306 Reply

            PKCano
            Da Boss

            Well, they backported a whole bunch of fixes from 1809 to the earlier versions of Win10 (RE the last set of CUs issued in Sept.). So no telling what the Win10 CUs (collectively) are going to hold.

            And you never can tell what they are going to do to Win7 next, but beware!!

            So that leaves only the small number of us Win8.1 users that are probably safe in October.

            I’ll go with DEFCON-1, for as much as I trust MS!!

            4 users thanked author for this post.
        • #222310 Reply

          Demeter
          AskWoody Plus

          Windows update setting back to “Never check” with the big red “X”. Win 7 Pro SP1 x64, i7core Haswell

    • #222280 Reply

      Arvy
      AskWoody Lounger

      It may be noteworthy that, despite MS having “pulled” the W10.1809 (build 17763.1) update, the WaaSAssessment registry entries for my W10.1803 installation continue to include that update as follows:
      “LATESTSECURITYBUILDS”=”10.0.17134.285,10.0.17763.1”
      “LATESTBUILDS”=”10.0.17134.285,10.0.17763.1”

      So far, it appears to be inconsequential, but Check for Updates “seeker” caution would seem highly advisable as potential triggering of unintended results seems to be a Microsoft specialty.  Best always to maintain up-to-date backups in any case.

       

      Asus ROG Maximus XI Code board; Intel i9-9900K CPU; 32 GB DDR4-3600 RAM; Nvidia GTX1080 GPU; 2x512 GB Samsung 970 Pro M.2 NVMe; 2x2 TB Samsung 860 Pro SSDs; Windows 10.1809; Linux Mint 19.1; Terabyte Backup & Recovery
    • #222288 Reply

      anonymous

      This has not impacted the enterprise. They delay these upgrades until the dust settles. The MS testing strategy is working as designed. The consumers got hit by some very dangerous bugs that will not be passed onto the paying clients. The fact that some consumer systems have been ravaged is of no consequence to MS. Discovering a potential disaster is considered a success.

      Pulling a major Windows upgrade will not be an embarrassment to MS as it will never be reported on in the mainstream media. Unfortunately, consumers seldom access reputable tech sites like this one so they will be totally unaware of the situation.

      This QA failure will go mostly unnoticed and nothing concerning Windows testing is going to change. Upgrades being pulled is now the norm. Major build upgrades should not fail as they do now, though some isolated issues are to be expected. Windows is a dinosaur waiting for a giant meteor to take it out – that meteor will be labelled neglect.

      5 users thanked author for this post.
    • #222316 Reply

      GoneToPlaid
      AskWoody Plus

      I can understand about Windows 10 whatever. I installed Windows 8.1 updates the evening of Oct. 1st. Nevertheless, if you’re on Win7 or Win8.1 & lollygagged for the week, I think it’s OK to install your updates ASAP. Or before Patch Tuesday for sure! Be sure to Backup, just in case…

      I am Win7 Group B. I will install and test the September Win7 Security Only update on my test computer this weekend — after I do a backup tonight! The update does have the caveat that one must first install KB3177467 which is the servicing stack update which was released a few years ago.

      A note to all Win7 users: If you don’t have KB3177467 installed, you really really REALLY should install it. After installing KB3177467, you must reboot before you attempt to install any other Windows Updates.

      Notes about KB3177467:

      The big deal about KB3177467 is that it fixed some fairly obscure timing issues which could occur when new updates are being installed. These timing issues could cause updates to fail to install, and to report an installation error code which does not indicate the true cause of the failed attempt to install the update.

      Some Win7 users either blocked or did not install KB3177467 since they thought that it might be somehow related to Win10 and Microsoft’s GWX campaign. This is not true, yet I do understand why some Win7 users avoided this update since Microsoft originally presented this update as Optional or Recommended (can’t remember which).

      3 users thanked author for this post.
      • #222552 Reply

        Ed
        AskWoody Lounger

        @gonetoplaid

        “After installing KB3177467, you must reboot before you attempt to install any other Windows Updates.”

        I have to ask you this question AGAIN, it went unanswered the last time I questioned your claim that we MUST restart after installing an update that DOES NOT REQUIRE a restart.

        I updated 16 individual Windows 7 computers that I maintain last week by installing KB3177467, then KB4457145 and finally KB4463376 WITHOUT a restart between them. Every single system restarted perfectly fine and not one of the users have contacted me over the past week about having any issues at all.

        If you prefer to do these unnecessary restarts yourself that’s YOUR personal preference. You should state that instead of telling everybody they MUST do it!

        1 user thanked author for this post.
    • #222320 Reply

      GoneToPlaid
      AskWoody Plus

      Windows update setting back to “Never check” with the big red “X”. Win 7 Pro SP1 x64, i7core Haswell

      Presently there is no known reason why anybody running Win7 can not set Windows Update to:

      “Check for updates but let me choose whether to download and install them”

      Even if you are on Group W, you do want to use the above setting in order to make sure that Windows Update itself gets updated with updated time sensitive certificates (or whatever it is called). The upshot is that “Never check” could eventually lead to Windows Update not working in the future, in which the only solution is to temporarily set your computers date back in time in order to resolve this issue. This is the December 2017 thing in relation to Windows Update suddenly not functioning for users who either were using the “Never check” setting or who had not fired up the computer in months.

      9 users thanked author for this post.
      • #222344 Reply

        jburk07
        AskWoody Plus

        @Gone to Plaid,
        Thanks for this information, as I do tend to use the “Check but let me choose …” setting. However, even at that setting I was still hit by the December 3, 2017 date/expiration issue. I was updated through October 2017 at the time and was about to install the November rollup when the problem with Windows Update occurred.

        Group A Win7 x64 Home Premium SP1 Ivy Bridge

      • #222391 Reply

        Bill C.
        AskWoody Plus

        I may be mistaken, but if I remember correctly, the certificate issue also got updated via an MSE update, did it not?

        I have had WU set to ‘Do not Check” for a long time. I do manually check during release weeks to see if there is anything released for my version of Windows and Office 2010. After review, I uncheck everything, and close it down to do research until the DefCon changes or the Master Patch List looks stable. I hit the December 2017 update failure with MSE, but I thought it was a busy server time out. I manually downloaded the MSE update file the next day and all was well. I had no issues with December’s Group B updates, or subsequent months.

        I also do not let my PC run. When I finish for the day, I turn it off. The next day is boots up fresh. This is mainly a habit from a period of time that our electric wires on the street were being upgraded due to frequent outages, and I figure if it is off at the surge protector, is cannot be hacked (that was a routine at work, except for certain days when IT pushed out the updates).

        4 users thanked author for this post.
        • #222720 Reply

          Ed
          AskWoody Lounger

          @Bill C…

          You are not mistaken Sir and your entire routine makes far more sense than the one you responded to!

      • #222575 Reply

        Demeter
        AskWoody Plus

        Thanks for the tip. I will modify settings to “Check but let me choose…”

    • #222321 Reply

      marklang
      AskWoody Plus

      I don’t understand this comment.   Certainly, the Windows 1809 is to be avoided.   However, previous messages, and the current master patch chart for September, say the regular cumulative updates for Windows 10 in September are safe to install.

      • #222615 Reply

        AlexN
        AskWoody Lounger

        There is a reason.  Once a new set updates on W10 comes out, clicking “Check for Updates” sends the latest updates down the chute to your computer.  If you haven’t downloaded September’s yet, then checking for updates will get you both September and October’s.  Depending on M$’s mood.

        Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
        A weatherman that can code

    • #222318 Reply

      anonymous

      Is this advice primarily targeted at Windows 10 systems, or does it also apply to Windows 7 and Windows 8.1?

      1 user thanked author for this post.
    • #222328 Reply

      PKCano
      Da Boss

      The September updates were passed under the DEFCON-3 rating and should be patched keeping in mind any comments/caveats in Susan’s Master Patch List.

      The DEFCON-1 rating applies to October patches – including, of course, Win10 v1809. Considering they backported a whole bunch of “fixes” from 1809 to the earlier versions of Win10 (RE the last set of CUs issued in Sept.), there no telling what the Win10 CUs (collectively) are going to hold in October. And Win7.1’s October patches are questionable until vetted as well.

      So, install September patches as needed. And DO NOT install anything with an October date stamp!!

      11 users thanked author for this post.
      • #222335 Reply

        Charlie
        AskWoody Plus

        Thanks again PK.  So this is all about the October updates.  They are not even out yet (at least for Win 7 users).

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

        • #222348 Reply

          PKCano
          Da Boss

          True, but you don’t want to leave your computer exposed to automatic (or accidental) updating. So DEFCON-1 is all about battening down the hatches for what’s coming (and the bomb that came in the form of Win10 v1809).

          3 users thanked author for this post.
    • #222366 Reply

      sldc88
      AskWoody Lounger

      Win 7 Home Premium SP1 x64

      I installed the september patches when Woody gave the all clear, but without having installed the servicing stack update KB3177467 beforehand. I haven’t encountered any problems so I am disinclined to install it now. I prefer to let sleeping dogs lie because I don’t trust Windows. Am I correct?

      • #222369 Reply

        PKCano
        Da Boss

        No, you are not correct.

        It is probably already installed on your computer and that is why you did not have a problem. It is very important to the Win7 system.

        3 users thanked author for this post.
    • #222368 Reply

      anonymous

      Did we ever get the all clear on the September .NET updates?  I’ve been putting the .NET updates off for several months now (maybe since the spring patch fiasco).

      • #222371 Reply

        PKCano
        Da Boss

        Please check the Master Patch List for the status of the Sept .NET patches.

        1 user thanked author for this post.
      • #222468 Reply

        sldc88
        AskWoody Lounger

        I re-checked. KB3177467 is not installed.

         

        Win 7 Home Premium SP1 x64. GroupB

    • #222373 Reply

      GoneToPlaid
      AskWoody Plus

      @Gone to Plaid, Thanks for this information, as I do tend to use the “Check but let me choose …” setting. However, even at that setting I was still hit by the December 3, 2017 date/expiration issue. I was updated through October 2017 at the time and was about to install the November rollup when the problem with Windows Update occurred.

      Yes, you could still be hit by this issue, depending on how often you actually reboot your Win7 computers! Win7 on all of my home computers is so stable that I generally do not reboot most of them until only after two weeks of uptime. I too encountered this issue on one Win7 home computer (a clone computer) which I had not booted up for around two months during late November 2017 through late January 2018. On that computer in which Windows Update failed to work, I temporarily set the computer’s date to Dec 1,2017 and then ran Windows Update. That fixed it, and then I reset the computer’s date to the then current date and time before rebooting.

      The upshot is that, in between the lines, you do bring up a really good point…

      1. All Win7 users should use the “Check but let me choose …” setting.

      2. Since Win7 is so stable and since many Win7 users do not reboot on a frequent basis, all Win7 users should run Windows Update at least once a week in order to make sure that they don’t miss installing any Windows Update servicing stacks in which the previously installed Windows Update servicing stack could be affected by an expiration date issue.

      Again, thanks a million for mentioning the issue which you encountered along these lines. I mentioned that I temporarily set my affected computer’s date to Dec 1, 2017 since there is some issue as to exactly the date which one should use. You mentioned that setting Dec 3, 2017 worked for you. Yet I vaguely recall that the so-called “official” date to use was Dec 10, 2017, which did not work for me? Perhaps you might recall what you read in terms of the date to use in order to resolve this issue. All I know is that temporarily setting my computer’s date to Dec 1, 2017 is what allowed me to run Windows Update such that Windows Update updated itself, and then after resetting the computer’s date and time to the current date and time and rebooting, Windows Update was once again working.

      Best regards,

      –GTP

       

      4 users thanked author for this post.
      • #222616 Reply

        jburk07
        AskWoody Plus

        @gonetoplaid,
        I didn’t mean to say that I temporarily reset my system’s date to 12/3/17, but that was the date I remember the problem happened. The date stuck in my mind because I was actually sort of in the middle of updating one laptop when it happened that day (naturally I would have picked that day to update). The bottom line is you’re right: I temporarily reset the date to 12/1/17 on that laptop and then finished the rest of the updates. That was probably the date that was recommended here on AskWoody. On the other laptop, I waited until 12/5/17, after Windows Update had been fixed, to install the updates. (Both laptops are Windows 7.)

        The thing that threw me was that I had actually already installed the November rollup (just that one update) on that first laptop earlier that day, December 3. (I guess Check for Updates hadn’t run that morning, or maybe the actual expiration time hit during the day?) Then after I restarted it and went back to Windows Update, I saw the screen with the red X, and Check for Updates kept failing. At some point I decided to go work on updating the other laptop and got the same result, so I finally realized the problem was not with my computer.

        Group A Win7 x64 Home Premium SP1 Ivy Bridge

        • This reply was modified 5 months, 2 weeks ago by
           jburk07.
    • #222380 Reply

      Joulia.S
      AskWoody Plus

      Well Woody,i installed all Windows 7 Updates on my laptop

      a day after your ‘ go ahead ‘ – wish i had waited longer –

      but everything works just fine,haven’t noticed any problems YET !

      Hope it stays that way and will forthwith wait longer after your ‘ ok ‘to update.

      Regards.

      Windows 7,Home Premium 64 bit - Lenovo laptop
      Group A - Intel (R)Core i7 Processors -

    • #222488 Reply

      anonymous

      Speaking of updates, specifically on Windows 7, did anybody notice the following? …

      With KB4457145: after installing it and rebooting, when it restarted, at “preparing to configure your computer”, it went “shutting down” and restarted, thus doing a second reboot. First time I noticed this behavior.

      With KB4463376: after installing it and rebooting, at “Starting Windows” with the black screen and logo, below it another text line appeared showing what looked like registry entries displayed one after another. Is this normal?

      If anybody cares to share their opinion, you are welcome.

      1 user thanked author for this post.
    • #222513 Reply

      Mele20
      AskWoody Lounger

      The title is confusing.  Why is it a bad idea to install the SEPTEMBER Windows 10 update (there is only one – the cumulative update KB4457136) even now after the 1809 fiasco?

      I installed it for 1709 on October 1 (and a forgotten, from July, servicing stack update) when we were still at MS defcon 3.  Why would it be bad to do that NOW if I had been sick or something and hadn’t gotten it done earlier?

      I guess I don’t understand the Master Patch list as it says install an earlier cumulative update from Sept!  Why?  Logically, seems to me that if you are waiting until the first part of the next month before you install the previous month’s cumulative update that you would want the most recent one from that month rather than one from several weeks earlier.  I don’t understand “preview of next month”.  I have installed the last cumulative update each month not one in the beginning of that month.  Am I just lucky that I haven’t had problems?  With the Sept patch, am I to understand I got some hybrid something that includes stuff from 1809?  Since I am on 1709 that sounds crazy.

       

      • #222515 Reply

        PKCano
        Da Boss

        The patches that are approved for installation are the ones released on Patch Tuesday. Updates released after Patch Tuesday are “Previews” for the next month’s patches and are meant for testing by IT Professionals to see if they will cause a problem with the following month’s Cumulative Update. The “Previews are usually NOT released through Windows Update and are not meant for general public installation. If you download them from the Catalog and manually install them, you take what you get if they cause problems.

        We do not recommend installing “Previews” unless you have a specific problem.

        Edit: I failed to mention the exception to the “Previews” are “hotfixes,” which are issued on an emergency basis to fix a specific immediate problem. These may be needed by certain people whose problem(s) require immediate attention. They are most often not available through the Windows Update chute either.

        • This reply was modified 5 months, 2 weeks ago by
           PKCano.
        3 users thanked author for this post.
        • #222617 Reply

          OscarCP
          AskWoody Plus

          I have been getting the next month’s “Preview” updates for Win 7 from Windows Update (set to “check but let me install”) every month, sometimes even on or very soon after Patch Tuesday, along with the patches for that month, at least as far as I can remember with any certainty, and I have always hidden them. Which has also kept me wondering: why send them also to someone like me, a home/small business user and not a system administrator or anyone else professionally obliged to test those future patches in order to see if they are fit to install when the time comes for doing that? Could that be because I have Win 7 Pro?

          Maybe this thread could be a good way to finally get to know the answer to this persistent question? If so, my thanks to whomever answers it.

          • #222620 Reply

            PKCano
            Da Boss

            The Preview Rollups are always UNCHECKED in the OPTIONAL update list and are not delivered through Windows update unless you intentionally check them. They are not installed in the normal Windows Update process.

            They are sent to all computers that use Windows Update because MS doesn’t maintain a list of all consumers (like you) to exclude.

            3 users thanked author for this post.
    • #222639 Reply

      anonymous

      Windows 7 SP1 64bit, Group B. Suspect September 2018 update problem.

      Anyone using Web of Trust WOT in IE11 that has a new crash that happened after the September updates please take note.

      On the 5th I installed IE11 KB4457426 and opened a web page and it was fine (or so it seemed). I continued with the installs of the September patches. All seemed well.

      On the 6th I went to a site in IE and it crashed. After research, it turned out to be Web of Trust (WOT) for IE11. I have had it for years and it worked well. It was dated June of 2015 in IE Add-ons section. Disabling WOT stopped the crashes. There does not appear to be a recent version for IE.

      It was fine until a September update was installed. Also, installing KB4463376 did not help at all.

      Hope this helps someone.

      1 user thanked author for this post.
    • #222645 Reply

      TheSuffering
      AskWoody Lounger

      I’ve been holding back on updating my win7 machine ever since the network card bug appeared, I am thinking of just waiting another month to see if they fix it. Is there any urgent exploit out in the wild that I should watch out for?

      • #222646 Reply

        PKCano
        Da Boss

        You should read through this thread and Woody’s ComputerWorld article on Sept patches.

        1 user thanked author for this post.
        • #222679 Reply

          TheSuffering
          AskWoody Lounger

          I see. Seems like I should be fine by waiting another month, thanks

      • #222797 Reply

        anonymous

        TheSuffering, What OS, bit, and Network card do you have?

        My friends and I have not had any issues with that, but it is also obvious to us that our network cards were not affected since nothing ever happened.

        If you can give complete information of your PC, maybe others can give advise.

        Holding off from this OLD problem is not wise to never update for months. But we do understand your worry.

        Group B, Windows 7 64 bit, Broadcom network card

        • #222860 Reply

          TheSuffering
          AskWoody Lounger

          I’ll be honest, I dont know how to check. Care to give me step by step instructions?

          • #222896 Reply

            Elly
            AskWoody MVP

            For OS and bit go to Start, right click on Computer, and choose properties.

            For network card, go to Start, open Control Panel, and click on Device Manager. Look at Network Adapters, and it will be listed.

            There may be easier ways to find this out, but this works on my laptop (Win 7).

            Win 7 Home, 64 bit, Group B

            1 user thanked author for this post.
            • #222920 Reply

              TheSuffering
              AskWoody Lounger

              Both are win7 Pro. My main machine has a Intel Centrino Advanced N 6200 AGN along with a Marvell Yukon 88E8057 PCI E Gigabit Ethernet controller. As for the netbook I carry around to do work on it has a Realtek PCIe Family controller and a Realtek rtl8191se wireless lan 802.11n PCI E NIC

    • #222685 Reply

      gborn
      AskWoody_MVP

      Windows 7 SP1 64bit, Group B. Suspect September 2018 update problem. Anyone using Web of Trust WOT in IE11 that has a new crash that happened after the September updates please take note. On the 5th I installed IE11 KB4457426 and opened a web page and it was fine (or so it seemed). I continued with the installs of the September patches. All seemed well. On the 6th I went to a site in IE and it crashed. After research, it turned out to be Web of Trust (WOT) for IE11. I have had it for years and it worked well. It was dated June of 2015 in IE Add-ons section. Disabling WOT stopped the crashes. There does not appear to be a recent version for IE. It was fine until a September update was installed. Also, installing KB4463376 did not help at all. Hope this helps someone.

      Is that old thing WOT still alive? Just a reminder: https://borncity.com/win/2016/11/07/web-of-trust-harvesting-an-selling-users-surfing-data/ 

      5 users thanked author for this post.
      • #222812 Reply

        anonymous

        Hello Gunther, It is an privilege to speak to you. Yes We do still use WOT however the newer version in our other browsers. I do know about the URL sanitizing problem WOT had back in 2016. The WOT used in our IE was to give a margin of safety for doing a google search and not going to a malicious site.

        It did work quite well, and did protect us. IE was used maybe 1% of the time for known, good, respectable sites. But, it was there in case we did do a search or accidentally went to a questionable site.

        NO PERSONAL INFORMATION or SITE (like banking, medical, etc.) was ever used with those IE and WOT computers.

        Is WOT still alive? It seems to be for web browsers other than IE.

        Thank you for posting.

        Again a pleasure to speak to you and thank you for being here at Woody’s.

    • #222690 Reply

      Mele20
      AskWoody Lounger

      The “Previews are usually NOT released through Windows Update and are not meant for general public installation. If you download them from the Catalog and manually install them, you take what you get if they cause problems.

      Thank you for the explanation.  I have not used Windows Updates since 2004 on an XP Pro computer (when I got mad because Windows Updates site ate my entire  history and Microsoft tried and couldn’t get it back so I stopped using Windows Updates and never looked back).  I permanently disabled Windows Updates in XP Pro and Win 8.0 Pro and would enable it in Services only when I had to update…that was after Microsoft made it so the stand alone installer would no longer work unless Windows Updates was enabled… and then disabled it again as soon as I finished the updates.  Plus, since 2004 on XP Pro, Win 8.0 Pro and now Windows 10 Pro, I have updated manually by downloading each update from reading the Bulletin and KB articles.  (From 2001-2016 I was a prolific poster in the Security Forum at dslreports.com and this was how most of us did it…read each Security Bulletin and the KB and then pick and choose and manually download and install and most of us did not use Windows Updates at all).

      With Windows 10 Pro, I immediately killed Windows Updates in every way possible.  Since there are almost no useful KB’s anymore, I use the Microsoft Catalog instead and I didn’t know (as there is no indication in the catalog) that the updates after patch Tuesday are previews.

      I’m still confused because if we are supposed to only install the patches that come out on Patch Tuesday then why the long wait until the early part of the next month before this site gives the ok to install them?  Those patches released on Patch Tuesday have not changed in the slightest in the ensuing weeks…the cumulative update that may have changed more than once after patch Tuesday you have explained is a Preview patch.  So, why is there even a defcon system if we are only supposed to choose the Patch Tues cumulative update in the Microsoft catalog as there is no point in waiting as the patches after that are Previews?

      Maybe I still don’t understand Windows 10 after almost a year of using it (and hating it).  On my Windows 8.0 Pro computer, I deliberately chose (as I did on XP Pro) to NOT upgrade to a Service Pack (hence I don’t have 8.1).  I was not worried, still am not worried about threats on that computer.  Windows 10 is very different and I deeply hate it as I cannot run the version of the OS that came on the computer when I purchased it for the 5 years until I buy a new computer.  I have always felt it was very foolish to get service packs on a heavily used, heavily tweaked computer as problems would abound.  Here I am with a new animal called Windows 10 that forces me to upgrade at least every 365 days.

      • This reply was modified 5 months, 2 weeks ago by
         Mele20.
      • #222697 Reply

        PKCano
        Da Boss

        The purpose of the DEFCON system is to delay installation of patches until any problems are known.
        For example, a patch has a bug that causes deletion of User data during installation. If you delay installation of updates, the reports of that bug may prevent you from installing it and experiencing a loss. If you install it immediately, you’re toast.
        By waiting until the DEFCON go-ahead is given, at least you know where the pitfalls are. And that may take several weeks.

        5 users thanked author for this post.
    • #222866 Reply

      Seff
      AskWoody Plus

      Windows update setting back to “Never check” with the big red “X”. Win 7 Pro SP1 x64, i7core Haswell

      The upshot is that “Never check” could eventually lead to Windows Update not working in the future,

      No disrespect, but does anyone else here agree with that? It’s the first time I’ve seen it advised that we don’t use the “Never check” setting, and Woody is recommending it again today.

      1 user thanked author for this post.
    • #222886 Reply

      anonymous

      There are few absolutes in life. This will come down to varying opinions. To be clear, before acknowledging other views, I read Woody Leonhard and AskWoody advice as unequivocally never check. From the Computerworld article

      If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)”, and click OK.

      This has been consistent advise for as long as I’ve followed here.

      The opposite view is the Microsoft approved method of install everything without question. And there are many administrators with documented reasons for their preferred protocol which would fall somewhere between the two.

      None of these are bulletproof. Thanks to Microsoft’s broken offerings. The advantage of Woody’s advice is the owner of the hardware has the control/burden/responsibility of keeping the system up to date. And the safest up to date status is a comfortable distance from bleeding edge. The idiom “If you want it done right, do it yourself” applies. There are hazards introduced into this system by our partner, Microsoft.

      But I pose the question, do you trust the partner that broke it to fix it? Or do you step in to have direct oversight of the repair and maintenance?

      My answer is to follow advice here at AskWoody. Where I find guidance to oversee the process in all items. Those I already understand well, and the new ones I need help with.

      3 users thanked author for this post.
      • #222895 Reply

        Seff
        AskWoody Plus

        I agree. The reason for my comment was to establish whether the contrary opinion to the established one here was just a rogue opinion, or one that had additional support. It seemed to be sufficiently significant to merit further discussion.

        • #222909 Reply

          Elly
          AskWoody MVP

          I understand why Woody recommends Never Check… the option to check and let me choose leads to updates being checked as recommended or important sitting in Windows Update… and turning off your computer (or power loss) that causes a reboot while those updates are not manually unchecked or hidden (and applied clicked) will cause them to be installed. Being on Never Check, checks are only done when you manually initiate them, and you can decide to uncheck or hide as appropriate.

          I see that the Check but let me choose is recommended by @gonetoplaid. I am not clear from his description as to what about Never Check would cause problems with Windows Update. Personally I use Never Check… but it did take some getting used to Windows warning me that this wasn’t a recommended setting…

          Win 7 Home, 64 bit, Group B

          • #222919 Reply

            Seff
            AskWoody Plus

            the option to check and let me choose leads to updates being checked as recommended or important sitting in Windows Update… and turning off your computer (or power loss) that causes a reboot while those updates are not manually unchecked or hidden (and applied clicked) will cause them to be installed.

            There’s a critical difference between “download and let me choose when to install” – which can lead to installation happening when the computer is rebooted, and “let me choose when to download and install” which does not lead to that happening.

            The former setting should definitely be avoided, while the latter setting has the advantage of letting you know what updates are being offered so that you can make an informed choice about whether and when to install them. However, at this stage of the update cycle there’s certainly an advantage for followers of this site in using the “Never check” setting and only making a manual check when advised that it is safe to do so.

            2 users thanked author for this post.
          • #222927 Reply

            OscarCP
            AskWoody Plus

            Elly,

            GoneToPlaid gave this reason:

            2. Since Win7 is so stable and since many Win7 users do not reboot on a frequent basis, all Win7 users should run Windows Update at least once a week in order to make sure that they don’t miss installing any Windows Update servicing stacks in which the previously installed Windows Update servicing stack could be affected by an expiration date issue.

            I understand this to mean that a problem could happen when people do not reboot their computers often enough, and their version of Windows Update itself is not updated when it should be (which I believe happens once in a blue moon, but it does happen). So then the version still on the PC is an old one that no longer works properly, or at all.

            Does this answer explain sufficiently what GoneToPlaid meant?

            For my part, since June 2011, when I bought my current Windows 7 PC, and so even before there were any serious concerns about the frequent occurrence of bad patches being sent from MS, I have had Windows Update set to “Check for updates, but let me choose when to install them.” And by he way, although this might be unnecessary, I am in the habit of turning the machine off when my day is done, because I’m not comfortable with leaving it (or any other equipment of real importance to me) running unattended for very long.

            Also I am not sure why “Never check” is said to be, not just a little safer, maybe, but definitely much safer than “Check but let me choose”: if a supposedly malevolent MS was determined to impose an update without giving the user a say on it, could it not do it as long as Windows Update is alive in the operating system, regardless of whether checks are made with it or not? Or else bypassing Windows Update altogether and using some other means?

            Group B, Windows 7 Pro, SP1 x64.

        • #222916 Reply

          anonymous

          Yeah, I guess I kind of packed that in a single line and lost in in the middle of the sandwich.

          And there are many administrators with documented reasons for their preferred protocol which would fall somewhere between the two.

          If there is a documented procedure to follow within an administered system, and its community of users, that can interpret the various options and give guidance on appropriate action, there may be several satisfactory plans available. There is a hazard in taking one element from plan 29alfa and applying it to plan theta13. The entire protocol would need to be reviewed to bugcheck all unplanned impacts from the changed element. Or just cinch up your five point harness and hold on tight.

          Woody’s reputation is built on methods even a dummy can use. And I take no offense to that. It allows me to concentrate on things more important to me — like productive work, family, and recreation. The advice here does not have to be followed by everyone. But diverting from the documentation makes giving additional advice more complex.

          I do think you were cautious in your word choice, but I’m going to avoid labeling rogue, adventurous, intrepid, (where’s that thesaurus) and simply call it different from the advice clearly given by Da Boss. It can be followed, but it adds complexity to an already simplified system. That’s fine when things are running smoothly.

          When glitches happen, and instruction needs to be given or questions need answering, simple is much, much more clear. Each new acknowledgement for this setting here and that setting there makes the core piece of advice that much harder to follow.

          “Check but let me choose” or “Never (not recommended)” by Microsoft may seem to be a minor distinction right at this moment. But Microsoft has been known to alter the deal, and will likely alter it further in the future. “Check but let me choose” is just another task the system must perform in the background, with possible attendant conflict. Whereas “Never” means it will be done when I have decided that WU can the full attention of resources and I have manually requested the action. This leads to the discussion of just exactly what is the definition of the word check. But that has been covered in other topics.

          • #222953 Reply

            Noel Carboni
            AskWoody_MVP

            For what it’s worth I personally exert several additional levels of control over whether and when update checks are done for my critical Win 7 system.

            0. As mentioned up thread, I have Windows Update settings jammed to “never check” and only initiate update checks manually.

            1. I disable the Windows Update service entirely except for when I want to do an update check.

            2. My firewall is normally configured to block the Windows Update service (should it find a way to run) from reaching the Microsoft update servers and I have to reconfigure it to do an update check (a trivial operation, but not one Microsoft can do unilaterally).

            3. Even with all that, I run a task nightly that checks and logs all the settings and the versions, sizes, and dates of all Windows components so that I can detect if anything has been changed.

            4. And I’ve surrounded my systems with backups and backups of backups.

            -Noel

            1 user thanked author for this post.
    • #222956 Reply

      anonymous

      Win 7×64, Group B here. I got here after the switch to DEFCON 1 (I usually wait until almost the last day to patch), so I figure that I can wait to install the September patches some other time. However, I noticed something very strange and am wondering what to do.

      When I happened to click “View update history,” I noticed that a single update had been installed on October 2, though my settings are always locked down. KB2999226 seems to be a problematic patch; since Acrobat Reader DC automatically updated on the same day, that’s my best guess as to how it got there. (Yes, I know some have recommended getting rid of that program, though I never had problems until now.)

      I’m hoping to be able to uninstall the update, but I’m wondering whether Reader might stop working. (I don’t have Office 365 or any other programs that this update has been connected with.) Does anyone have any other theories about how this might have happened, or any reasons why I shouldn’t go ahead with the uninstallation? (Adding to my headache, I noticed another “problem” update on the list that had been there for a while, that I’m almost positive I’d checked for in the past and it wasn’t there.) Thanks to anyone for their input.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 1: If you didn’t get the September updates installed, fuhgeddaboutit

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: