News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – to patch or not to patch?

    Posted on March 31st, 2018 at 13:18 Susan Bradley Comment on the AskWoody Lounge

    I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates.  But after reading this and especially Kevin Beaumont’s tweet about the risk of Spectre/Meltdown [low risk] versus the risk of the bug introduced by ALL of the updates released since January,  [high risk] one is kinda stuck between a rock and a hard place.

    The problem is between January and March there are a lot of OTHER updates released in addition to the Spectre and Meltdown that are bundled in the Windows 7/Server 2012 R2 updates.  For those following the Woody patching recommendations I think I’m going to go even farther out on a limb and propose that if you are holding off on the March updates, you need to roll all the way back to pre-January and hold tight.

    Me personally, I still would determine how paranoid of a user base you have.  If there are users in your patching environment that they surf and click on ANYTHING, I’d hope you’d make them do their random surfing on an ipad, not a Windows machine (probably still with local admin rights) until this Windows 7 patching mess gets straightened out.  I don’t like telling people to roll back to pre-January updates, but neither do I appreciate Microsoft having constant side effects that are measurable and impactful and all that happens is that they keep on telling us that they are working on the issues and this will be fixed in a future release.  That SMB memory leak has been happening since January.  And in the Security triad of (Confidentiality, Integrity, and Availability)  information security, availability is important.  On servers in particular that SMB memory leak has availability side effects.

    I see many of you asking for the order of updates to install and right now my recommendation is:

    If you have any January through March update installed, make sure KB4100480 is installed.

    Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.

    And then Microsoft please please please, do something about these known issues and fix them, because it pains me greatly to publically type this.

    (Edit, please note that this only applies to 64bit not 32bit, apologies for not noting that. Also be aware that if you see any patch with AMD64 in the name, it applies to Intel 64 as well.)

     

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Patch Lady – to patch or not to patch?

    This topic contains 197 replies, has 57 voices, and was last updated by

     MrBrian 11 months, 2 weeks ago.

    • Author
      Posts
    • #179681 Reply

      Susan Bradley
      AskWoody MVP

      I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates.  But after reading this and especially Kevin Beaumont’s tw
      [See the full post at: Patch Lady – to patch or not to patch?]

      Susan Bradley Patch Lady

      Total of 23 users thanked author for this post. Here are last 20 listed.
    • #179696 Reply

      Zaphyrus
      AskWoody Lounger

      Just reconfirming, this apply to Windows 7 not Windows 10 right, Miss Susan?

      Just someone who don't want Windows to mess with its computer.
      2 users thanked author for this post.
    • #179699 Reply

      laidbacktokyo
      AskWoody Lounger

      Thanks for your kind confirmation of the current massive mess with yet all massive patches of 2018 even if this confirmation is some kind of a wet one.

      This approach matches my personal attitude when now I have the last of massive patches installed as KB4054518 rollup of Dec2017 but of course along with all IE11 updates also installed in standalone manner up to the present revision 11.0.57 of KB4096040 linked to the latest Mar2018 rollup preview KB4088881.

      The funniest point here is that as far as I remember there was similar mess with m$ win7 updating  last year that is to say from late April2017 KB4012218 (first tested & then hidden by me personally) till June2017 KB4022719 (first deployed permanently after a couple of months of easy life with outdated win7).

      Now awaiting for April patching fun.

      • #180291 Reply

        laidbacktokyo
        AskWoody Lounger

        BTW, I believe that if m$ would be unexpectedly & surprisingly smart enough to change their current attitude to at least win7/8 patching to a bit more decent & comfort way towards its customers then they could completely separate the present line of its massive rollup patching from the odd & muddy Meltdown & Spectre protection one.

        That is to create the independent patch concerning Meltdown/Spectre even if it will be temporary incomplete in part of Spectre protection for older hardware, and then update it upon further improvements readiness in same way as rollup patching line now, when every next patch installed replaces all previously applied ones.

        I guess such approach will be very much welcomed by many windows uses worldwide.

        Rgds,

        • This reply was modified 11 months, 3 weeks ago by
           laidbacktokyo.
        • This reply was modified 11 months, 3 weeks ago by
           laidbacktokyo.
    • #179708 Reply

      PKCano
      Da Boss

      I have something strange on two of my Win7 computers.
      Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed.

      I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?

      1 user thanked author for this post.
      • #179726 Reply

        Elly
        AskWoody MVP

        @ PK Cano-

        Group B patching… Win 7 Home, 64 bit… and they are all listed for me.

        Win 7 Home, 64 bit, Group B

        • #179730 Reply

          PKCano
          Da Boss

          I’ve been patching Group A, and doing Disk Cleanup once a month.
          Have you done Disk Cleanup?

          1 user thanked author for this post.
          • #179732 Reply

            Elly
            AskWoody MVP

            I do disk clean up just before installing the next month’s patches.

            Win 7 Home, 64 bit, Group B

      • #179727 Reply

        PKCano
        Da Boss

        UPDATE
        After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following:
        KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013.

        After rebooting, the computer was up to date with no other updates offered.

        Win7 Ultimate x64 Group A patching

        5 users thanked author for this post.
        • #179756 Reply

          woody
          Da Boss

          Very strange. Some weird supersedence kicked in?

        • #179767 Reply

          The Surfing Pensioner
          AskWoody Plus

          Alternative theories come to mind. Hey, am I glad I didn’t install the buggy patches! Felt kind of guilty about it at the time, mind.

          2 users thanked author for this post.
          • #180269 Reply

            Microfix
            AskWoody MVP

            @The Surfing Pensioner, I like yourself did not install Jan/Feb/Mar 2018 patches for both W7 Pro x32 and x64 machines albeit both in group A and one system offline. I found the whole issue of meltdown/ spectre et al too panic stricken and uncertain so, went on my gut instinct not to install the security patches.

            However, I did on my W8.1 and reverted back to an image from Dec 2017 with relative ease beginning of last week on the news that the MS security fixes in Jan/Feb for the exploit/ hole was actually made worse.

            Looks like the updated browser versions with AV updates will help for now without the sacrifice of performance. IMHO the fix outweighs the risk in this case.

            | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
              Can't see the wood for the trees? Look again!
            1 user thanked author for this post.
      • #179759 Reply

        Individualist
        AskWoody Lounger

        @pkcano

        I also use Group A…two Windows 7 SP1, one Dell Optiplex desktop, one Dell Inspiron laptop…I use Disk CleanUp after updates, and in looking I am seeing the same thing you describe. I am somewhat smart, but by no means a “techie”…as long as I use safe measures when online and avoid any patching until this is all cleared up and when we go to a higher Defcon rating, should I be somewhat alright? I have to date experienced no odd behaviors in either computers, and really don’t care to possibly mess anything up needlessly.

        A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

        • This reply was modified 11 months, 3 weeks ago by
           PKCano.
        • This reply was modified 11 months, 3 weeks ago by
           Individualist.
        • This reply was modified 11 months, 3 weeks ago by
           Individualist.
        • #179763 Reply

          PKCano
          Da Boss

          If you have installed the Jan and Feb Rollups and you decide not to roll back to Dec 2017. you should install KB 4100480 to mitigate the Total Meltdown vulnerability. Then I would sit tight and wait to see how this plays out.

          5 users thanked author for this post.
          • #179770 Reply

            moonbear
            AskWoody Lounger

            What about the patch for the ip issues? can that be skipped for now?

          • #179859 Reply

            Geo
            AskWoody Plus

            Win 7 x64.  Never did previews.  Did Jan and Feb roll ups.  Didn`t  do Mar unchecked 875 or 950.  Just did  checked 480.  No problems so far.

      • #179879 Reply

        Geo
        AskWoody Plus

        Me also. Jan, Feb 18 then Sep 17.  I also do disk clean up after every install.

      • #180270 Reply

        Microfix
        AskWoody MVP

        @pkcano I have encountered the same thing but not for W7 security patches, it was for MSRT. I declined the licence in MSRT and it only shows four previous months, anything prior to that, does not appear at all, they drop off the list.

        | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
          Can't see the wood for the trees? Look again!
      • #180298 Reply

        ch100
        AskWoody_MVP

        I would say that this is expected to some extent.
        Disk Cleanup probably did what was supposed to do in this case.

        3 users thanked author for this post.
    • #179714 Reply

      b
      AskWoody Plus

      How are things going this month for the 630 million users of 1709 (the version known around here as “unstable”)?

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker "Saluted blockhead" (Group ASAP)

      • #179719 Reply

        woody
        Da Boss

        1709 has had three cumulative updates so far this month.

        The last one — which is voluminous — finally fixed the “Delta” bug introduced in January.

        I’ve been so busy chasing all the patches this month that I don’t know if there are any additional problems with the three cumulative updates, thus far.

        4 users thanked author for this post.
    • #179718 Reply

      dgreen
      AskWoody Lounger

      I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?

      PKCano
      I just checked my install update list thinking to maybe roll back to December.
      The only one listed is kb4074598 (feb roll up)

      All the others are gone.
      I did install new hard drive in November and reloaded Windows 7 and went to Group A.
      I never did a disk clean up after any updates because didn’t want to remove old updates so this wouldn’t happen.  Obviously that didn’t work!
      So it looks like a roll back to december is impossible?
      Geeeeeeeeeeeez!!!

       

      EDIT TO ADD:
      Just checked my review of update history and the roll ups show that they were installed successfully but not showing up on my installed list. Strange!

      • This reply was modified 11 months, 3 weeks ago by
         dgreen.
      • This reply was modified 11 months, 3 weeks ago by
         dgreen.
      • This reply was modified 11 months, 3 weeks ago by
         dgreen.
    • #179720 Reply

      plodr
      AskWoody Plus

      I looked at two Win 7 computers (32 bit and 64 bit).

      I have all the Security updates I’ve manually done appearing for Oct, Nov. and Dec. 2017 in both computers.

      Got coffee?

    • #179737 Reply

      MrBrian
      AskWoody_MVP

      “Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.”

      Those who use Disk Cleanup to clean up Windows Updates should note that immediately after doing this, every Windows monthly rollup other than the newest installed Windows monthly rollup will be removed due to component-supersedence. If you then uninstall the newest installed Windows monthly rollup, you will find that no Windows monthly rollups are installed. To install the December 2017 Windows monthly rollup, you’ll have to either hide the March 2018, Feb 2018, and Jan 2018 Windows monthly rollups, or install the December 2017 Windows monthly rollup manually via the Catalog, or use Windows Update MiniTool with “Include superseded” ticked.

      • This reply was modified 11 months, 3 weeks ago by
         MrBrian.
      4 users thanked author for this post.
    • #179741 Reply

      Seff
      AskWoody Plus

      Whilst grateful for the advice, my natural inclination is to say that as the Group A updates were successfully installed in January and February, and we are at DefCon 2 for March, with no problems encountered so far this year with my home Windows 7 machines which are running normally, I will sit tight and not start uninstalling updates and reverting to an old position.

      “Stability in the hand is worth two threats not yet in the wild”, or something like that!

      However, I will keep the situation under review as I read further comments and recommendations.

      5 users thanked author for this post.
    • #179747 Reply

      Purg2
      AskWoody Lounger

      In trying to assist a friend of mine on his Windows 7 machine, he is currently updated with the last security only, internet explorer & MSRT from February.  These were installed Group B style on March 10.

      I’m willing to “roll back” the January & February groups.  One thing still bothers me about it though.  The non-cumulative nature of the “security only” update bundle will require a reinstallation of Jan & Feb at some point.  Add the March group to the mix near the end of April or beginning of May (if at all) & this all starts to seem like a vicious circle.  Is FUD getting the better of us or is it just another case of  “this is the new normal” for M$.

      The only alternative I can see for my friend is to hold off on all the usual W7 March updates (including 4100480) hoping for a solution by the next update cycle.  Any other considerations missing in my findings?

      Win 8.1 Group B, Linux Dabbler

      2 users thanked author for this post.
    • #179749 Reply

      wdburt1
      AskWoody Plus

      Easy decision for me, since my patching has not advanced beyond late 2017.  I stopped after November hung up one of my Win7 machines for hours and I finally had to kill the power despite the admonition on screen warning me not to.  I intend to patch through December (security patches only) and stop until the smoke clears, maybe for good.

      Having not done Jan-Feb-Mar, I’m feeling smarter than I really am right now.  (Which of course is dangerous.)

      I don’t see a viable case for Group A over the last three months.

      • #179784 Reply

        OscarCP
        AskWoody Plus

        If my reading of the situation at MS is right, then yours might be a really long wait.

        1 user thanked author for this post.
      • #179803 Reply

        The Surfing Pensioner
        AskWoody Plus

        Nor me – the Group A mob who have been virtuously installing their monthly rollups are now in a bit of a pickle. What an interesting turn-up for the books!

        1 user thanked author for this post.
    • #179750 Reply

      Steve S.
      AskWoody Plus

      Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.

      Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.

      So far, no problems noted. (fingers crossed!)

      Caveat: My usage scenario is a relatively simple one.

      Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

      5 users thanked author for this post.
      • #179862 Reply

        Geo
        AskWoody Plus

        Did exactly what you did.  No problems so far.  Never did previews though.

        2 users thanked author for this post.
      • #179897 Reply

        AJNorth
        AskWoody Plus

        Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.

        Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.

        Which is how I’ve been spending my Saturday (until now) — getting a passel of Win 7 Pro x64 (and a few Home) machines squared away.

        Like yourself, the prospect of rolling every machine back to the December 2017 patch point was singularly unattractive.

        Therefore, I installed only the March MSRT, KB4096040 (the March Win 7 IE Cumulative Security Update) and KB4100480 (putting KB4099950 on hold until further word from On High).

        So far, nothing untoward to report (and I’ve even left my ‘phone on its hook).

        Crisis-Clinic-Larson

        Attachments:
        You must be logged in to view attached files.
        4 users thanked author for this post.
    • #179751 Reply

      moonbear
      AskWoody Lounger

      After checking my installed updates KB4057400 isn’t listed BUT it is listed in my update history. Do preview rollups not show up in the installed list?

      • #179774 Reply

        MrBrian
        AskWoody_MVP

        Do you have a newer Windows monthly rollup installed?

        • #179776 Reply

          moonbear
          AskWoody Lounger

          Yes I have the February rollup (KB4074598)

          • #179787 Reply

            MrBrian
            AskWoody_MVP

            If I recall correctly, only the newest Windows monthly rollup installed (including previews) is shown in Installed Updates.

            • This reply was modified 11 months, 3 weeks ago by
               MrBrian.
            • #179802 Reply

              moonbear
              AskWoody Lounger

              Ok, at least that’s settled. Now all I need to do is figure out whether rolling back or installing KB 4100480 is the better option.

              1 user thanked author for this post.
            • #179934 Reply

              abbodi86
              AskWoody_MVP

              Correct, because all rollups share the same internal CBS package name
              it’s like having multiple versions of KB2952664 installed, only the latest will be shown

              3 users thanked author for this post.
    • #179758 Reply

      alpha128
      AskWoody Lounger

      For a Windows 7 x64 user who is current through February, and wants to move forward, not backward, is this the correct patch order?

      1. Install KB4099950
      2. Install KB4088875
      3. Install KB4100480

      • #179775 Reply

        MrBrian
        AskWoody_MVP

        Looks good.

        2 users thanked author for this post.
        • #179827 Reply

          alpha128
          AskWoody Lounger

          Looks good.

          Thank you!

          I’m not going to install anything tonight.  The weather has been windy and the power has gone out (briefly) three times.  Maybe tomorrow.

      • #179865 Reply

        Geo
        AskWoody Plus

        875 and 950 are unchecked.  I didn`t install them. 480 checked did install it.  No problems.

      • #180345 Reply

        alpha128
        AskWoody Lounger

        No fooling – I did what I said I was going to do and installed these three patches in this order:

        1. KB4099950
        2. KB4088875
        3. KB4100480

        So far there are no apparent problems.

        1 user thanked author for this post.
    • #179760 Reply

      gkarasik
      AskWoody Lounger

      “And then Microsoft please please please, do something about these known issues and fix them, because it pains me greatly to publically type this.”

      Hi Susan,

      I appreciate your research on the issue, but I’m curious why “it pains [you] to publically type this?”

      GaryK

      • This reply was modified 11 months, 3 weeks ago by
         gkarasik.
    • #179769 Reply

      dgreen
      AskWoody Lounger

      Uninstalled Feb. kb4074598, and Jan. kb4056894 rollup updates successfully. (group A)
      Never installed March anything offered.
      Will sit tight and wait for MS to get their act together….
      hopefully in April…..

    • #179773 Reply

      WildBill
      AskWoody Plus

      I’m on Windows 8.1, but not crowing at all. I really feel for those on Windows 7, because these problems aren’t your fault, they’re Microsoft’s. If this is another scam to con Win 7 users to upgrade to Win 10, then it’s totally wrong. Since Microsoft abandoned Win 8.1 for the enterprise, they don’t care if we upgrade. With more users still on Win 7, they’re a target. I don’t trust Nadella, since he cares about the cloud more than the desktop.

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      7 users thanked author for this post.
    • #179777 Reply

      OscarCP
      AskWoody Plus

      NASA has, at each center, a team of dedicated IT security people. I have not seen any reports from them, yet, warning about problems such as those mentioned here, or suggesting measures to resolve them. That probably will change, and soon.

      I am going to ask around. If that turned up any useful and practical information, I’ll let you know.

      Others using Woody’s and working also for, or with (such as myself, as a consultant), similar large organizations, might consider doing the same thing.

      1 user thanked author for this post.
    • #179782 Reply

      CADesertRat
      AskWoody Plus

      I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?

      Same here, KB 4054518 only shows up in WU “View Installed Updates” as having successfully installed, just no mention of it in Programs and Features installed updates. Just confirming your findings as I have read Mr. Brians response below.

      I thought I was the only one, LOL.

      Don't take yourself so seriously, no one else does 🙂
      Grp. A with 2 Win 7 Pro, also 2 Win 10 Pro currently 1803 (1 Desktop, 1 Laptop).

      1 user thanked author for this post.
    • #179778 Reply

      anonymous

      On two Windows 7 machines I have installed per Windows Update when Defcon was briefly 3:

      2018-2 Rollup KB4074598

      and

      2018-1 Rollup .NET KB4055532

      Do I have a memory leak? And do I need to Rollback to December?

      1 user thanked author for this post.
      • #179786 Reply

        PKCano
        Da Boss

        I believe the memory leak was introduced by the Jan Rolllup, so I would say yes.

        If you are not going to rollback you shouls install KB 4100480 to mitigate Total Meltdown, then hold off patching until MS gets this fixed.

        5 users thanked author for this post.
        • #180317 Reply

          anonymous

          Thank you for your answer,

          I decided to rollback the two machines. Since that is why Susan wrote the post in the first place. I feel that if only installing KB 4100480 was good enough. Than there would be no point in taking the drastic step to tell people to roll back.

          Note that after the roll back some updates will be listed as being installed on the current date. But when you check the KB numbers you will see that these updates are from before the Melt Down patches.

          BTW Both my machines are running on old AMD hardware. Let us hope that Microsoft can finally come up with a solid patch that freezes the melt.

          <!–DOCTY–>

    • #179793 Reply

      OscarCP
      AskWoody Plus

      According to the information on the update page of KB 4100480 in the Catalogue, this seems to be meant only for machines with AMD64 CPUs:

      “A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
      Architecture: AMD64
      Classification: Security Updates
      Supported products: Windows 7
      Supported languages: all ”

       

      • This reply was modified 11 months, 3 weeks ago by
         OscarCP.
      • #179796 Reply

        PKCano
        Da Boss

        AMD64 indicates a 64-bit computer, not the company AMD

        2 users thanked author for this post.
        • #179807 Reply

          OscarCP
          AskWoody Plus

          Yes…  And?

          • This reply was modified 11 months, 3 weeks ago by
             OscarCP.
          • #179810 Reply

            geekdom
            AskWoody Plus

            Do you have a 64-bit system or a 32-bit system?

            Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
            • #179813 Reply

              OscarCP
              AskWoody Plus

              x64.

            • #179910 Reply

              anonymous

              Then just install the x64 version of the patch if you so choose. AMD64 is the designation Microsoft uses for almost ALL of their 64 bit patches. They don’t differentiate between AMD and Intel unless the patch is specific to the manufacturer. In other words, if a patch is specific to either AMD or Intel architecture (32 or 64 bit), Microsoft will SAY SO in the patch’s title.

              That is what @satrow is trying to explain to you just below this post, and what @pkcano was trying to say in this post above here.

              Case in point: When MS earlier this year bricked many older AMD machines with the January patch, they released a patch just for AMD machines and only certain AMD processors. Windows Update was smart enough to figure out which specific AMD processor was on the machine (if any) and offer the AMD-specific patch if it was called for.

              Still unsure of what you’re being offered by Windows Update?

              Then check out the following link to the patch you might have been ready to install for March, KB4088875, if the current mess for March hadn’t developed: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4088875 and then click on the link that says “2018-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088875)”. You’ll notice that in the “Overview” tab, the supported architectures listed are “AMD64, X86”. In other words, ALL x64 and x86 architecture, even though Microsoft doesn’t come out and say it directly.

              I sincerely hope this helps clarify things for you.

              EDIT html to text – content may not appear as intended

              4 users thanked author for this post.
      • #179797 Reply

        MrBrian
        AskWoody_MVP

        See section “Affected Products” at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038.

        1 user thanked author for this post.
      • #179801 Reply

        satrow
        AskWoody MVP

        “Architecture: AMD64” = all Windows x64 versions released in the last ~12 years.

        (Edit: 5 minutes late getting a quick reply in, time to retire this 2009 netbook?)

        • #179806 Reply

          OscarCP
          AskWoody Plus

          I have an x64 Intel chipset in my 7-year old HP, and dare think I am not the only one.

          So this should be made very clear. It is not a trivial fact.

          1 user thanked author for this post.
          • #179826 Reply

            satrow
            AskWoody MVP

            Your Intelx64 HP runs exactly the same Windows AMDx64 version as my Intel Ivybridge Xeon and i3’s do, there is no Intelx64 version of Windows.

            1 user thanked author for this post.
        • #179811 Reply

          OscarCP
          AskWoody Plus

          MrBrian,

           

          The link in there gets you to the same page of the Catalogue where you can find the  Description mentioning that the update is for machines with the AMD64 architecture.

           

          • This reply was modified 11 months, 3 weeks ago by
             OscarCP.
          • #179822 Reply

            satrow
            AskWoody MVP

            Architecture: AMD64 equates to all currently supported 64-bit versions of Windows.

            2 users thanked author for this post.
          • #179837 Reply

            satrow
            AskWoody MVP

            It does, even though it appears counter-intuitive.

            https://en.wikipedia.org/wiki/X86-64 and https://en.wikipedia.org/wiki/IA-64 also a search for AMD64 in your Windows folder should turn up an an awful lot of hits. I’d show you my hit list but I’m currently using a 2009 Atom nebook – x86 only…

            • #179848 Reply

              OscarCP
              AskWoody Plus

              Unfortunately, following your suggestion has not made it crystal clear that Intel’s x64 architecture is the same as AMD64. What I’ve found, in Wikipedia and elsewhere, mainly says that Intel’s x64 is similar, or based on AMD’s. Not identical.

              For example, this from https://superuser.com/questions/383711/whats-the-difference-between-intel-64-and-amd64  :

              “From what I’ve read extended Memory 64-bit Technology (EM64T) is Intel‘s implementation of AMD‘s AMD64 and the differences between the Intel64 and AMD64 are:

              • EM64T’s BSF and BSR instructions act differently when the source is 0 and the operand size is 32 bits. The processor sets the zero flag and leaves the upper 32 bits of the destination undefined.
              • AMD64 supports 3DNow! instructions. This includes prefetch with the opcode 0x0F 0x0D and PREFETCHW, which are useful for hiding memory latency.
              • EM64T lacks the ability to save and restore a reduced (and thus faster) version of the floating-point state (involving the FXSAVE and FXRSTOR instructions).
              • EM64T lacks some model-specific registers that are considered architectural to AMD64. These include SYSCFG, TOP_MEM, and TOP_MEM2.
              • EM64T supports microcode update as in 32-bit mode, whereas AMD64 processors use a different microcode update format and control MSRs.
              • EM64T’s CPUID instruction is very vendor-specific, as is normal for x86-style processors.
              • EM64T supports the MONITOR and MWAIT instructions, used by operating systems to better deal with Hyper-threading.
              • AMD64 systems allow the use of the AGP aperture as an IO-MMU. Operating systems can take advantage of this to let normal PCI devices DMA to memory above 4 GiB. EM64T systems require the use of bounce buffers, which are slower.
              • SYSCALL and SYSRET are also only supported in IA-32e mode (not in compatibility mode) on EM64T. SYSENTER and SYSEXIT are supported in both modes.
              • Near branches with the 0×66 (operand size) prefix behave differently. One type of CPU clears only the top 32 bits, while the other type clears the top 48 bits. “
          • #179841 Reply

            satrow
            AskWoody MVP

            Apologies for not being in a position to give detailed replies correcting your rather rapid-fire comments; I’m currently using one of those N-series Atoms from 2009 that doesn’t support AMD64… 😉

            • #179849 Reply

              OscarCP
              AskWoody Plus

              Lucky you.

              As to “rapid fire responses”: this is something I see as in need of urgent, and up front (main page), clarification. I don’t usually hang around a computer on Saturday evenings. Do enough of that during the week.

               

            • #179864 Reply

              satrow
              AskWoody MVP

              Lucky me indeed.

              1 user thanked author for this post.
            • #179926 Reply

              Cybertooth
              AskWoody Lounger

              @oscarcp,

              The designations are definitely confusing. The way I understand it is that “AMD64” is a nod to the fact that the folks at AMD were the ones who first developed the 64-bit CPU architecture. “AMD64” does not mean that you have an AMD processor in your PC, it means that you have a 64-bit processor (manufactured by whomever) in your PC.

              For information as to the company that made the CPU in your computer, you can open your Windows 7 Start Menu, then right-click on “Computer” in the right panel, then left-click on “Properties” in the resulting menu. This will open a new “System” window, where you can visually scan for the line that’s labeled “Processor.” This line will specify whether you have an Intel chip or an AMD chip in your computer.

               

              6 users thanked author for this post.
            • #179939 Reply

              Cascadian
              AskWoody Lounger

              It may be more than a nod. I have no inside information, but it always read to me as though there was an agreement that made more strenuous action not necessary.

              Intel had made their game changing reputation on the 8086. They capitalized on that reputation by continuing to evoke that success in subsequent chip names. Same branding idea that Boeing used with the 7×7 series of airframes.

              When AMD came up with their own game changing chip a quarter century later, it was very important to them that everyone know who did it first. I find it possible they did not like the idea of being represented by x64 as if it were some kind of lesser knockoff.

              4 users thanked author for this post.
            • #180730 Reply

              flackcatcher
              AskWoody Lounger

              True. And as usual in those days, lawyers were involved. Well, there are always lawyers….

              1 user thanked author for this post.
    • #179805 Reply

      georgea
      AskWoody Plus

      That is exactly what I’ve done.  The cure is worse than the disease imho.  I’ve rolled back group B updates on various Windows 7 machines so the last bundled patch was December 2018.  I will wait this out, practicing safe browsing of course (no IE, noscript, etc).  Altho I’ve been a Group B member, I’m not sure that’s viable any more.  Sorting out this unholy mess without giving in to the mothership in Redmond (aka joining Group A) is probably not worth my time.  Group A may be the only (less in-) sane way to move forward with Windows 7 at this point.  Heck – Windows 10 is looking better and better (in a relative sense at least).  Perhaps it’s time.

      • #179834 Reply

        anonymous

        Windows 10 is looking better and better…

        That is what Microsoft wants, is higher Windows 10 adoptions rates. Somethings work better, some not…purposely or by mistake.

        3 users thanked author for this post.
    • #179809 Reply

      bobcat5536
      AskWoody Plus

      Group A…I also ran Disk Cleanup and missing the updates in the Add/Remove. I ran Steve Gibson’s InSpectre scan and disabled the Meltdown fix and performance is back. So far everything is running good and I have not installed March updates. I’ve got WU buttoned up and on hold. Should I run KB410080 ?

      1 user thanked author for this post.
      • #179818 Reply

        PKCano
        Da Boss

        Yes, if you don’t roll back, you should install KB 4100480

        2 users thanked author for this post.
      • #179840 Reply

        MrBrian
        AskWoody_MVP

        In the Catalog, you probably should use “2018-03 Security Update for Windows 7 for x64-based Systems (KB4100480)”.

        1 user thanked author for this post.
    • #179814 Reply

      StruldBrug
      AskWoody Lounger

      W7 Home x64 Group B, currently up to date thru Feb18, including Oct-Dec17. I did a Disk Cleanup about a week ago. All appears to be operating normally, so I choose not to fix anything with a rollback, despite a vulnerability. I accept the risk. I will continue to sit on Mar until the Defcon goes to 3 or better, which probably won’t happen until after the Apr release. I maintain plenty of patience and strictly adhere to the B methodology. I read the threads daily and send Kudos to the crew, Da Boss has assembled here. Keep it up … you gals and guys are the best!

      • This reply was modified 11 months, 3 weeks ago by
         StruldBrug.
      4 users thanked author for this post.
      • #179884 Reply

        anonymous

        I have Win7 Pro Intel 32-bit. The KB4100480 is not for 32bit machines. Does any of this apply to me, should I roll back to December 2017? I only have applied updates using Groub-B Security Only patches.

    • #179832 Reply

      David F
      AskWoody Plus

      For group B and just for clarity, I ‘m assuming the IE patches do not need be rolled back as well (e.g. like KB4088835) ?

      • This reply was modified 11 months, 3 weeks ago by
         David F.
    • #179842 Reply

      moonbear
      AskWoody Lounger

      @mrbrian If I install KB 4100480, should I install KB 4099950 first? If the answer is yes, should I also reboot between updates even if I’m not prompted to do so?

    • #179853 Reply

      David F
      AskWoody Plus

      On a note of levity courtesy of Laurel and Hardy:

      “Well, here’s another nice mess you’ve gotten me into Sattya”

      Sadly it’s not a joke

      3 users thanked author for this post.
    • #179858 Reply

      CADesertRat
      AskWoody Plus

      Just curious, I am Grp. A and installed Jan. & Feb but held off on March. I just checked WU and as “Important” it shows 3 updates: 1- KB 4100480, 2- KB 2952664, & the MSRT for this month.

      Should I install the KB 2952664? I seem to remember that was the one that prepared you for W10 or was a telemetry update.

      Thanks

      Don't take yourself so seriously, no one else does 🙂
      Grp. A with 2 Win 7 Pro, also 2 Win 10 Pro currently 1803 (1 Desktop, 1 Laptop).

      • #179867 Reply

        bobcat5536
        AskWoody Plus

        I believe you remembered right…I always hide that one.

      • #180762 Reply

        CADesertRat
        AskWoody Plus

        I just installed MSRT & KB 4100480 and hid KB 2952664 on 1 of my W7 x64 computers before installing on any others. So far no problems.

        Since I have had no problems with the Jan/Feb rollups, I didn’t feel like rolling back that far so hopefully 4100480 plugs the hole.

        Thanks for all the advice folks.

        Don't take yourself so seriously, no one else does 🙂
        Grp. A with 2 Win 7 Pro, also 2 Win 10 Pro currently 1803 (1 Desktop, 1 Laptop).

    • #179855 Reply

      anonymous

      as i’m not going to rollback:

      before installing KB4100480, are there any bugs introduced by kb4100480?

      • #179872 Reply

        MrBrian
        AskWoody_MVP
        • #179959 Reply

          anonymous

          Well, I’ll wait a few days, if Defcon changes (normally around 5th of a month?) in install this along with others.
          Always have panic about installing updates and rebooting afterwards, so i’m rebooting as seldom as possible.
          which means: installing patches and rebooting once per month max.

          • #180323 Reply

            SueW
            AskWoody Plus

            .. i’m rebooting as seldom as possible.
            which means: installing patches and rebooting once per month max

            Just keep in mind that patches (updates) do not take effect until your computer is rebooted.

            Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

            • #180340 Reply

              anonymous

              I know. that’s exactly the reason why i wait regarding installation of this update.

              i’m patching only once per month, as soon defcon 3 is active, do reboots necessary due to patching.

              1 user thanked author for this post.
    • #179861 Reply

      anonymous

      There is a lot more confusion added to the advise when there is no specific reference to what architecture is being talked about. Just stating ‘Windows 7’ gives the impression that both are equally affected and the advise applies to both. I urge everyone to add 64 or 32 after Windows 7 to avoid this confusion. The problems and remedies are, at times, different.

      It would also be helpful when referring to monthly updates as either the rollup or the security-only update. Using just KB numbers works if the reader is familiar with that KB, otherwise it is not. With more KBs arriving at random (mostly for W7/64), the complexity has increased.

      By no means is this a complaint. It is just a suggestion.

      Everyone is trying to understand the situation, see what they should or should not do, and stay aware. We need as much clarity as we can muster right now or systems will get messed up unintentionally. Windows 7/64 and 32 may be in more trouble than Microsoft is owning up to.

      9 users thanked author for this post.
    • #179874 Reply

      bobcat5536
      AskWoody Plus

      After installing KB4100480..I’m now being offered KB4099950 as an optional update. Was not being offered this until I installed KB4100480. Any recommendation here ?

    • #179877 Reply

      OscarCP
      AskWoody Plus

      Before anyone here goes ahead with the advice to install KB4100480, and unless if offered to your machine by Windows Updates, or shows up when doing a search for updates, my suggestion is to:

      HOLD ON.

      In the Catalogue page for KB4100480 it says that it is for machines with AMD64 architectures.

      In response to my posting about this, and whether it really applies to Intel x64 machines like my own, I have got back, so far:

      (1) A way-to terse-answer from PKCano.

      (2) A series of postings to the effect that Intel x64 architecture is the same as AMD64, with references to Web pages that, in fact, indicate that they are similar, not identical. Is that good enough? Unclear, at this point.

      So, at least for myself, until this is made crystal clear, with a sufficiently long and well-referenced explanation, I am not removing or adding any updates, something that could bring along problematic side-effects.

      Of course, what you’ll do, is up to you.

      3 users thanked author for this post.
      • #179883 Reply

        MrBrian
        AskWoody_MVP

        What are the amd64 files in Windows 7 x64?

        3 users thanked author for this post.
        • #179892 Reply

          Cayennejim
          AskWoody Lounger

          In reference to installing patch KB4100480, it does say that it’s for 64-bit processors. I think you are correct in saying HOLD ON until Susan clarifies this. Since I have an AMD 32 bit processor, I will hold on installing that patch. (It also does not show up in my Windows Update). Group A. I can only access it through Windows Catalog).

        • #179928 Reply

          OscarCP
          AskWoody Plus

          MrBrian,

          Thanks for the link. I appreciate your desire to help.

          That said, I am going to wait until the end of next month, while taking a good look further into this, and then decide what to do about it. Maybe.

          In the meantime: none of the patches mentioned here shall be installed or removed from my PC.

      • #179885 Reply

        DrBonzo
        AskWoody Lounger

        There may well be physical differences between 64 bit chips made by AMD and those made by Intel, just as there are between different generations of 64 bit Intel chips. But when used in referring to the Windows operating system ‘amd64’ means 64 bit operating system regardless of whether the chip was made by AMD or by Intel. It is confusing, but to the best of my knowledge that’s what the terminology means. So as long as you pick the 64 bit patches you should be OK – at least to the extent that the patches are OK to begin with, but that’s why Woody has the Defcon system.

        8 users thanked author for this post.
    • #179895 Reply

      moonbear
      AskWoody Lounger

      @mrbrian I went ahead and installed KB 4100480, so far everything’s running fine. Would it be a good idea to hide the other patches offered through WU?

      • #179902 Reply

        MrBrian
        AskWoody_MVP

        If you follow my “install it or hide it” general update advice for Windows 7 and 8.1, you should hide the updates that you won’t install now.

        • This reply was modified 11 months, 3 weeks ago by
           MrBrian.
        • #179907 Reply

          moonbear
          AskWoody Lounger

          Ok then, I’ll go hide them now. Thanks for all the help.

        • #180359 Reply

          walker
          AskWoody Lounger

          Mr.Brian:   I sent another message a short time ago, however I just read the post about “installing or hiding”.    Is this message intended for “ALL” updates (including the March updates?).   I don’t make a move unless I’m directed that the MSDefcon has cleared an update or it has been approved in some other manner.   Apologies for the “lack of literacy with computers” (as always).     I think I’m beginning to get “dizzy”.   Thank you once again, as always.    🙂

    • #179881 Reply

      anonymous

      I think Susan doesn’t like telling people to uninstall updates is because it puts people in limbo.

      I am Group B and I have installed all security patches and the KB4100480 patch fix. Currently my Windows 7 machines are running fine and after these March updates, my systems actually feel cleaner if that makes sense.

      I am struggling to trust MS but I think we need to go with the latest advice and nobody can guarantee that  you will be safer and won’t have any problems if you roll back to Dec 2017.

      For me the Meltdown exploit is more dangerous, and I am sure hackers are working on this now. I am totally not convinced rolling back is a safer option if people have a system running well. But this latest fiasco should underline that Group B updating after feedback on patches is the best option.

      Saying that, I think disabling updates is becoming a viable option after this current mess is put to bed.

    • #179900 Reply

      anonymous

      I have to ask; With all its experience and resources, is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design. And that is unacceptable, to support a company with such low ethical standards.

      Given the context this is happening in, MS pushing Win 10 so hard, and the standard business model these days is more often than not deception (of the customer) rather than respect, it looks like one (brutal and dishonest) tactic to get people off Win 7 and onto Win 10.

      I don’t want Win 10, the ever mutating OS – so I’ll stick with Win 7 until I figure out Linux. Maybe some other OS is on the horizon? Anyway, I’m done with MS as soon as it’s practicable.

      5 users thanked author for this post.
      • #179908 Reply

        Kirsty
        Da Boss

        is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design

        Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time.
        🙂

        9 users thanked author for this post.
        • #179922 Reply

          AJNorth
          AskWoody Plus

          Then there is ordinary sloppiness — not to mention just plain lackadaisicalness.  (Gee, I can remember when companies took actual pride in their products and had genuine concern for their customers… that was then.  Sigh.)

          3 users thanked author for this post.
        • #179945 Reply

          anonymous

          How about incompetent ‘by design’? 🙂

          2 users thanked author for this post.
        • #180321 Reply

          Sessh
          AskWoody Lounger

          Personally, I cannot buy the “human error” or “unintended consequences” line because of GWX. It was malicious and it was most certainly intentional design 100%. After that, I can’t go along with anything being unintentional or by human error. They showed their hands with GWX which never really ended at all.

          Disbanding their Windows team feels like a child throwing a temper tantrum after not being able to get his/her way. Windows 10 has failed despite all their efforts. Not even giving it away for free was enough to offset all of it’s shortcomings. It means they have given up on Windows which was already sabotaged when they got rid of their QA testing team. All of this was by design. They had to have known all these problems would arise without a testing team to make sure these patches were ready and so I cannot consider the consequences of those actions as being “unintended” at all. They knew what they were doing and what the consequences would be just like the rest of us did when we heard of it.

          Cut costs to increase profits and who cares about the consequences. That’s called capitalism, something I’m not so sure is a good thing anymore.

          5 users thanked author for this post.
          • #180330 Reply

            anonymous

            AJNorth above, Agreed

            Sessh, Agree with you on MS.

            But if you go back in history greed not actually capitalism is the culprit. In the 1800’s and in the early 1900’s people with large companies ran everything. Teddy Roosevelt was one that passed anti-trust laws to stop this greed an control. It may be needed again, to review what is proper business practice and what is anti-trust or in this case, not trustworthy.

            2 users thanked author for this post.
      • #179936 Reply

        OscarCP
        AskWoody Plus

        It has been reported (someone also posted that here, at Woody’s, a few days ago) that Nadella has announced that MS is going to concentrate now on AI and Cloud services, so it is cutting the Windows’ engineering staff in half by moving 50% to work on those other projects. Not a word about improving the support for Windows, or any recent problems that require greater attention.

        Given that, staying with Windows 7, Windows 8.1, or moving on to Windows 10 and staying always current with its latest system upgrade, should make little difference when it comes to the patching problems that have been cropping up with such alarming frequency for some time now. It seems like a good bet to assume that they will continue to be with us for the foreseeable future. Or at least for however long Nadella and those who agree with him stay in charge of running MS.

        Being Group B is what one does to have at least some control of one’s own work while using Windows.

        Question is: for how much longer will still be wise to do that?

        • This reply was modified 11 months, 3 weeks ago by
           OscarCP.
        1 user thanked author for this post.
      • #180306 Reply

        anonymous

        If MS was an airplane or automotive manufacturer, this kind of incompetence (or whatever it is) would cause the NTSB to look at revoking the type approval certificates.  Long ago.

        5 users thanked author for this post.
    • #179920 Reply

      David F
      AskWoody Plus

      is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design

      Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time. 

      Perhaps, but this is happening every month now, how long can Microsoft hide behind being incompetent and stupid? Maybe they are totally incompetent but it’s still not acceptable

      • This reply was modified 11 months, 3 weeks ago by
         David F.
      1 user thanked author for this post.
      • #179944 Reply

        Kirsty
        Da Boss

        Oh yes, of course incompetence is always an option, but it seemed like that wasn’t the only possible other explanation… 😉

        Yes, I agree, they need to do better, a lot better. This needs to be the exception, not the rule!

        3 users thanked author for this post.
        • #179946 Reply

          anonymous

          “This needs to be the exception, not the rule!”

          But this is now the rule, not the exception. In fact this ‘new’ rule is becoming embedded. Before long people will be accepting this new norm. It seems some people already are.

          1 user thanked author for this post.
        • #179953 Reply

          OscarCP
          AskWoody Plus

          Kirsty,

          Yes, absolutely, there is another explanation:

          Nadella and his people now think that supporting an old-fashioned, not cool anymore, activity such as maintaining the Windows OS  as a working tool is not really what they ought to be doing anymore.

          “Dear user of Windows, my very good man, woman, person, it, whatever: the world has moved on. Time for MS to move along with it.”

          “But, wait! How about the agreement to maintain those systems, keeping them safe and stable until their appointed end of life?”

          “Whaaat? I can’t hear you. Speak in proper Cool, like me, or stop wasting my time.”

           

          • This reply was modified 11 months, 3 weeks ago by
             OscarCP.
          • This reply was modified 11 months, 3 weeks ago by
             OscarCP.
          1 user thanked author for this post.
    • #179957 Reply

      byteme
      AskWoody Lounger

      Win7 Home Premium 64-bit.
      Intel i7-3770.
      Stand-alone (non-networked) PC.
      A proud member of Group B since 2016.
      Updated thru February.

      Four hours ago I sucked it up and installed KB4100480, because I know it pains Susan to watch us uninstall updates. Or perhaps that wasn’t the reason. In any case, the install/reboot went smoothly, and I’ve been using various programs since, and all seems normal.

      And that is the only update I’ve installed since installing the February Group B updates on March 5th.

      3 users thanked author for this post.
    • #180255 Reply

      GoneToPlaid
      AskWoody Plus

      UPDATE After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following: KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013. After rebooting, the computer was up to date with no other updates offered. Win7 Ultimate x64 Group A patching

      Interesting. On one of my Win7 computers, I had run disk cleanup on February 11, 2018. About a week ago I manually ran Windows Update. To my surprise, WU had me reinstall the following updates.

      Optional:

      Update for Windows 7 for x64-based Systems (KB3092627) 09/08/2015

      Important:

      Security Update for Windows 7 for x64-based Systems (KB2862152) 11/12/2013
      Security Update for Windows 7 for x64-based Systems (KB3022777) 01/13/2015
      Security Update for Windows 7 for x64-based Systems (KB3076895) 08/11/2015
      Security Update for Windows 7 for x64-based Systems (KB3084135) 09/08/2015
      Security Update for Windows 7 for x64-based Systems (KB3001722) 11/10/2015

      It would appear that Disk Cleanup is not to be trusted. Perhaps other later updates marked the above updates as being superseded when in fact they were not? The above updates did not show up in Windows Update for re-installation until after all current updates were hidden such that WU reported that there were no updates available for my computer. Only then, and after manually checking for updates again, did the above updates show up.

      • #180258 Reply

        MrBrian
        AskWoody_MVP

        I’ve seen this behavior before. It’s one of the reasons that I recommend to use Disk Cleanup of Windows updates (followed by a restart, where the cleanup happens) only immediately before checking for Windows Updates.

        3 users thanked author for this post.
        • #180329 Reply

          anonymous

          Mr Brian, Agreed. Run the Disk Cleanup only when the computer is running perfectly and -before- one is ready to do updates.

        • #180357 Reply

          DennyC
          AskWoody Lounger

          Every time I’ve tried to run Disk Cleanup including the windows update files, my Win 7 Pro machine gets stuck on the reboot.  Ultimately, I’m forced to do a hard power down and system restore which negates cleaning up the system files.  The disk cleanup is not an option for me if I include the windows update system files.

      • #180373 Reply

        GoneToPlaid
        AskWoody Plus

        Of note, I just had the exact same issue after uninstalling the January Security Only update. This occurred on my other virtually identical Win7 machine in which the only difference is that the MB has a Z97 chipset versus my main Win7 machine’s Z87 chipset. On the virtually identical Win7 computer with the Z97 chipset, I had run Disk Cleanup on 2018-01-14. And I had to reinstall the same six much older Windows Updates. Those updates of course only showed up after all current available updates were hidden.

        And on this virtually identical Win7 computer, I just discovered that some CBS log files had grown to around 2GB in size. Thus I just blew out the contents of the CBS folder, and I just rebooted so that Windows would generate new CBS log files which will be up to date. Note that blowing out the contents of the CBS folder, if the log files and/or zipped versions of older CBS log files have grown to very large sizes, results in a faster reboot since Win7 isn’t having to churn through very large and deficient older log files. In fact, a new replacement CBS log file is generated almost immediately after rebooting. In this particular case, the new CBS log file only contained information about the update which I had just uninstalled (the January 2018 update) and reported that the installation package was no longer available. This is as expected.

    • #180256 Reply

      anonymous

      Susan,  does this apply to 32 bit???  My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.
      If things don’t improve for March is it ok to skip a month and wait for April?  Any help much appreciated.

      • #180277 Reply

        James Bond 007
        AskWoody Lounger

        Susan, does this apply to 32 bit??? My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.

        If things don’t improve for March is it ok to skip a month and wait for April? Any help much appreciated.

        To the best of my knowledge, no, this should not apply to 32 bit Windows 7.

        The KB4100480 emergency security update for the Total Meltdown flaw is for 64 bit Windows 7 only and does not apply to 32 bit systems. Your 32 bit system is not vulnerable to it.

        And as 32 bit Windows 7 systems only start receiving Meltdown “fixes” beginning with the March rollup or security-only update, your system has not received these fixes anyway. (Meltdown “fixes” were delivered to 64 bit Windows 7 systems starting in January and so 64 bit Windows 7 systems that had any of the January / February / March rollups installed were susceptible to the Total Meltdown flaw.)

        Hope for the best. Prepare for the worst.

        1 user thanked author for this post.
    • #180288 Reply

      Microfix
      AskWoody MVP

      (Edit: 5 minutes late getting a quick reply in, time to retire this 2009 netbook?)

      Retire from MS windows maybe but you can just stick an LXDE hybrid OS on it and use it for surfing (limits due to hardware within), done that years ago with a 2010 netbook. Also runs WinXP offline nicely with integrated SATA drivers within the ISO.

      back on topic..

      | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
        Can't see the wood for the trees? Look again!
      2 users thanked author for this post.
      • #180304 Reply

        anonymous

        When my 2009 Acer netbook’s XP Home Edition reached EOL I installed Lubuntu.  It’s been performing well ever since and I don’t miss Windows at all.

        4 users thanked author for this post.
    • #180322 Reply

      rhp52
      AskWoody Lounger

      What about the Outlook updates? I’m using 2007 and have 3 security updates waiting. Are these OK to install or should I wait on Defcon 3? I checked the Office forums but saw no info posted there. Thanks.

    • #180324 Reply

      rhp52
      AskWoody Lounger

      Win7 SP1 Home Prem x64

      Intel Core I5 2500K

       

      I just installed KB 4100480 along with the latest MSRT and my computer powered down after install as usual but this time it did not reboot. Computer remained on but I had to hit the reset to get it to reboot. First time this has happened in 7 years.

       

    • #180325 Reply

      GoneToPlaid
      AskWoody Plus

      If you follow my “install it or hide it” general update advice for Windows 7 and 8.1, you should hide the updates that you won’t install now.

      Perhaps update your update advice to mention why one should hide updates which they do not wish to install? The reason of course being that newer updates might not show up in WU if WU presently is showing updates which have not been hidden.

      3 users thanked author for this post.
      • #180405 Reply

        MrBrian
        AskWoody_MVP

        Thanks for the suggestion :).

        I updated my unofficial instructions to add a link to this post.

    • #180336 Reply

      Susan Bradley
      AskWoody MVP

      Things to keep in mind  — when you see AMD64 it means both an AMD and an Intel 64 bit support.  AMD actually invented the 64 bit platform first, but bottom line if you see AMD64 it is applicable to both and AMD or an Intel system.

      Susan Bradley Patch Lady

      4 users thanked author for this post.
      • #180368 Reply

        OscarCP
        AskWoody Plus

         

        Dear Patch Lady,

        A note of thanks, and a small request:

        (a) Thanks for coming out and clarifying the meaning of AMD64.

        I’ll take your word for it, as searching the Web for an equally clear and unambiguous statement on this question has proven futile.

        Still and all, I do find it quite odd that, in the harshly competitive and secretive world of commercial enterprises, the name of one of them is tolerated in a term of art. That is common practice in science and engineering, where the names of the inventors or discoverers are often included in the name of their creation (Boltzmann constant, Simpson’s rule, Pythagoras’ theorem, Hooks’ module, Koch’s bacillus, etc.); but science and engineering, while highly (and often not fairly) competitive, are both essentially cooperative, collegial endeavors. Chip making? Not so much.

        (b) Unrelated to the above, one small request:

        Would you, please, include in all your postings the link to the current version of your Patches’ list?

        And thank you, also, for your good and useful work.

         

         

      • #180369 Reply

        Microfix
        AskWoody MVP

        IIRC it was the AMDx64 Opteron (code name) single core CPU that was the first, had one many moons ago.  Like most AMD cpu’s of that era, they ran hotter than intels equivalent performance/ speed offerings therefor requiring larger noisier fans for better cpu cooling.

        | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
          Can't see the wood for the trees? Look again!
        • This reply was modified 11 months, 3 weeks ago by
           Microfix.
        • #180378 Reply

          GoneToPlaid
          AskWoody Plus

          Ah, I remember the AMD Opteron CPUs. We skipped that since at the time we had three computers which used AMD Athlons which had the large vertical heat sinks and fans and which were serving us very well. You bring back memories for me. The three computers with the Athlons survived a direct lightning strike to a power pole which was roughly 200 feet from the house. I say “survived” since the only things which had to be replaced were the power supplies for those computers. The other two Intel computers completely fried — power supplies fried, motherboards fried, the CPUs fried, and the serial ports fried.

          Back down memory lane, I had an AMD K6-2 300 MHz CPU in which the CPU fan completely died. Did the CPU cook? No, it did not since it properly monitored its thermals. I replaced the CPU fan and that K6 CPU hummed along for around another year before I decided to replace it first with a K6 450 MHz CPU and finally with a K6 550 MHz CPU. Ah, the good old days were when Microsoft actually cared about its customers and released Windows XP updates which were fully vetted by the no longer existent Windows Update Quality Assurance Team.

          Those were the good old days in the sense that I never had to worry about installing any Windows Updates. This, sadly, has been what has been lost under Nadella — trust that Windows Updates will not cause anything from minor to extremely serious issues after installing Windows Updates. It is what it is, and this is apparently the way that Nadella likes it — perhaps to support his delusional idea to investors that Windows is no longer relevant to Microsoft’s bottom line in which Nadella has banked absolutely everything on the Cloud? If I was an investor in Microsoft, I would and should be taking a really deep and hard look into this scenario since all prudent investors should know that it is unwise to put all of one’s eggs into one basket — let alone into a company which extols only one single path forward. Yet this is nothing more than my personal opinion and for what it is worth.

           

          4 users thanked author for this post.
          • #180396 Reply

            OscarCP
            AskWoody Plus

            Looking at the most recent commentary on the Web from various specialized publications, including financial ones investors are likely to read, I have found only fan-boy type raves admiring Nadella’s vision and rapturously fawning interviews of the man himself. What gives?

             

             

            • This reply was modified 11 months, 3 weeks ago by
               OscarCP.
            3 users thanked author for this post.
            • #180495 Reply

              wdburt1
              AskWoody Plus

              The financial press is both oriented toward short-term performance (of the kind you get from milking a dying franchise) and sucked in by the promises of tech.  Not surprisingly, many investors, particularly the big institutional ones and hedge funds, also fit this description.

              In the articles that appeared a few days ago concerning Microsoft’s de-emphasizing Windows, the spin was to explain this as an effort to redeploy resources into the company’s “fast-growing” cloud initiatives.  I didn’t see anyone asking whether products like Edge have been successful; instead, writers simply apply a credulous belief in tech.  It’s practically a cliche to have tech companies that haven’t made a profit and in many cases don’t seem to have a clear plan to do so, yet are valued by credulous investors at billions of dollars.  Satya Nadella fits right in.

              3 users thanked author for this post.
            • #180608 Reply

              Bill C.
              AskWoody Plus

              “It’s easier to fool people than to convince them they have been fooled.”

              ~~ Mark Twain

              5 users thanked author for this post.
          • #180596 Reply

            Microfix
            AskWoody MVP

            (Off topic) My recollections of a great cpu, which I had for many years on a home built rig, was a gem, the (retail) Slot1 intel Celeron 300A stock at 66MHz (clocked to 100MHz) that ramped up to 450MHz no problem with minimal extra cooling, albeit a 128kb on-die-cache compared to the extortionately priced flagship PIII 450 which had 256k on-die-cache at the time. All done on an Abit BH6 mobo that could run any game thrown at it with an nvidia TNT2 AGP graphics card. Those were the days, so much fun!

            Sadly the overclockers are now a thing of the past as modern day Operating Systems won’ t allow it.

            thanks for the memories Gone to Plaid!

            (Back on topic)

            | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
              Can't see the wood for the trees? Look again!
            • #180613 Reply

              Bill C.
              AskWoody Plus

              Sadly the overclockers are now a thing of the past as modern day Operating Systems won’ t allow it.

              thanks for the memories Gone to Plaid!

              You can still do overclocking with Win7, 8.1, and even with Win10, as well as some Linux distros. A number of new MBs have dual UEFI setups to allow booting in an overclocked state.

              I have OC setting for my GPU and RAM for certain games, but have not used them in years as the box ages, and I do not want to overstress or tank old hardwawre. It is easier to set an XMP memory profile than do an OC.

              Given the speed of new CPUs the “need” for OC has diminished, unless you are in the crowd that shoots for massive benchmarks. It is interesting to see the setups that use liquid nitrogen or dry ice for cooling. Practical, no (maybe?), but interesting yes.

              Unfortunately, what used to be interesting experiments has been eliminated by the need to defend and preserve my Win7-64Pro install from bad poatches all while fending off the MS Borg.

              As B.B.King sang, “The thrill is gone.”

    • #180337 Reply

      Susan Bradley
      AskWoody MVP

      My deepest apologies, because I don’t have any 32bit devices under my patching control I forgot to note that this issue only impacts the 64bit platforms.

      Susan Bradley Patch Lady

      2 users thanked author for this post.
      • #180343 Reply

        DrBonzo
        AskWoody Lounger

        @susan FWIW, yesterday I went to the update catalog to get the 4100480 update for a Win 7 Starter 32 bit. “odd”, I thought. Only 3 entries, one for Win7 64 bit, one for Embedded Win 7 and one for Server 2008 (not sure about the last one, but something like that.)

        Then I remembered the issue doesn’t affect 32 bit. Got a bit of a chuckle out of that, and trust me, I don’t usually get any chuckles out of updating/patching.

    • #180344 Reply

      DrBonzo
      AskWoody Lounger

      A data point for Win 7 Pro SP1 x64 Group B current through February patches.

      Just installed KB4100480. no apparent issues or drama, normal restart, no detectable slowdown (although I’m not a ‘heavy’ or ‘intensive’ user by any means).

      4 users thanked author for this post.
    • #180348 Reply

      bosun1
      AskWoody Lounger

      Win7 Pro, 64bit, AMD 8 core CPU FX-8320e, 16 gigs memory

      Multi-boot capability, Win7, Win10, Ubuntu, Mint.

      Macrium Reflect backup, uninstalled 5 updates to get back to December.

      Ran Windows Update, 3 Net updates, about a dozen windows updates,  some of which went back to 2015, one of which was on my naughty list which I didn’t install.

      Installed. Windows Update again, nothing recommended here showed up.  Just downloaded and  installed 4100480 & 4054521, neither of which showed up in Windows update.

      I’ll do another back up.

      Wondering why I just don’t shut off the internet for Windows and stick with Linux..I lost interest in this OS/computer nonsense long ago..

    • #180361 Reply

      anonymous

      is it safe to install IE update KB4096040 ?

    • #180370 Reply

      GoneToPlaid
      AskWoody Plus

      Every time I’ve tried to run Disk Cleanup including the windows update files, my Win 7 Pro machine gets stuck on the reboot. Ultimately, I’m forced to do a hard power down and system restore which negates cleaning up the system files. The disk cleanup is not an option for me if I include the windows update system files.

      This could be caused by either cancelling the installation of an update, or by an update which failed to install. This results in a plethora of update related files which are not properly cleaned up. Ask the experts here about how to discover and then how to eliminate such cancelled or failed updates.

      • #180558 Reply

        anonymous

        I have the hang up problem at the end of the re-start. It says that has reconfigured 100%, the notice goes away but then it just stays busy and I cannot do anything. I do have several cancelled and failed updates in my update history. So, what is the best way to take care of this problem?  Win 7 64bit sp1

        • #181129 Reply

          GoneToPlaid
          AskWoody Plus

          Regarding the hangup, here are two options:

          1. When it is obvious that the computer has hung after displaying Configured 100%, try typing Ctrl-Alt-Delete. For some updates in which an additional update needs to also be configured, this will cause the additional update to also be configured, and you should fairly quickly see the logon screen.

          2. If #1 didn’t work and after the computer is obviously hung, wait five minutes and watch the disk activity light for your hard drive. If you see that the disk activity light is blinking only once every 1 or 2 seconds, press the reset button on your computer to force a reboot. After rebooting, you probably will see a message about configuring updates. Do not be alarmed if this message displays an update number which is in the thousands, since the update number is related to the core build of Windows and not any Windows Update itself. Your computer will now be past the hung update and will then install whatever additional updates which you had wanted to install. You should see a progress screen for these additional updates, and then see your login screen.

          If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update. Accomplishing this is beyond my expertise. Yet there are experts here who can help you. I suggest that you register with this web site so that you can then get the help that you need.

           

          • This reply was modified 11 months, 3 weeks ago by
             GoneToPlaid.
          1 user thanked author for this post.
    • #180374 Reply

      anonymous

      Stand-alone Win7 Pro SP1 x64 Haswell Group B here. All 2000003 security and IE updates installed till February.

      After succesfully and unproblematically installing Mar 2018 (IE11) KB 4089187 (and reading all the do’s and don’ts and maybe’s here), I took the plunge and installed KB 4100480 as well today. Didn’t want to roll back.
      All seems fine.

      Happy Easter!

      3 users thanked author for this post.
      • #180430 Reply

        anonymous

        You might want to install KB4096040 which replaces KB4089187. 😉

        • #180460 Reply

          anonymous

          Thanks, but it’s not on Group B’s 2000003 list (yet).
          Master Patch List says “Only install if you have installed the March Windows 7 updates”, which I have not. It serves to counter IE not starting because of an invalid SHA1 certificate. A problem I did not encounter.

          Waiting for gurus @pkcano or @susan Bradley (or one of the other demigods) to give a Go!

          • #180467 Reply

            PKCano
            Da Boss

            As an anonymous poster, your replies have to be moderated and thus may not appear immediately.

            • #180575 Reply

              anonymous

              Thanks for letting us know but what I think he meant was the “Go” from  Woody  with a defcon change.

    • #180377 Reply

      mexx3
      AskWoody Lounger

      I was also offered this

      https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=38e83d6e-03a3-45cf-8d9d-f7bac51ce9e2

      Since i haven’t seen this one above, is it save to install?

      • #180383 Reply

        PKCano
        Da Boss

        For reference:
        this is KB 4033342 the installer for .NET 4.7.1

        • #180390 Reply

          mexx3
          AskWoody Lounger

          For reference: this is KB 4033342 the installer for .NET 4.7.1

          PKCano, thanks a lot mate, i totally forgot to add it.

        • #180935 Reply

          walker
          AskWoody Lounger

          @pkcano:  Is this one “safe” to install since it’s so “old” (KB4033342)  Not checked ??   Also I have another question….

          What is the Disk Cleanup, and is it safe to install this on our computers.    I am one of the computer illiterates, and don’t know “which end is up” so all advice is very helpful for me.

          Thank you once again for everything you post for all of us who are just the regular users who have no knowledge about what is occurring in many instances.    Your help is absolutely invaluable, along with others who are also wonderfully gifted with so much expertise and knowledge.      I’m Win 7, Home Prem., x64, Group A.    🙂

          • #180940 Reply

            PKCano
            Da Boss

            KB4033342 is the .NET 4.7.1 installer. If it’s UNCHECKED – leave it alone. We don’t install un ticked updates.

            Disk Cleanup is part of Win7 and is already on your computer.

            1 user thanked author for this post.
            • #180964 Reply

              walker
              AskWoody Lounger

              PKCano:  My apology for not seeing your reply the first time – – – – I did have problems getting the site to function, so that must have been the problem.   Thank you so very, very much for the information you provided.   I will now annotate the update to ignore (or hide?) for the present time.   Your information was wonderful – – – – Thank you once again!    🙂

    • #180434 Reply

      RamRod
      AskWoody Lounger

      Not.

      Just spent the afternoon putting up the walls around my wife’s computer, a Lenovo Yoga Book. This computer is not a beast – it’s a lightweight. Got it for her to read her Nook books, Pinterest, Facebook, Gmail, and light surfing. She uses Word 2013. It’s WinX-1607, mercifully.

      Windows Update had brought the machine to its knees. The machine was basically useless. So, up go the walls. The MS cure is much, much worse than the disease.

      Turned off Windows Update Service. Stopped and Disabled it. Rebooted.

      Removed 4023057 by uninstalling it. Removed MS Update Assistant – how’d that thing get on my computer?!

      Ran WUSHOWHIDE. Hid everything except malware removal tool and Windows Defender updates. Installed Spybot Anti-Beacon. Blocked everything with that aging utility. Ran Defender Quick Scan – nothing – as expected.

      Did everything I could to block MS from altering my wife’s computer. Bad MS. Bad.

      An hour after turning the machine back to my wife she comes up and plants a big one on my lips and says ‘Thanks User Support Guy!’. The machine is useful once again. Guess I still got a little magic the girl fancies.

      Poor, poor MS. I watched IBM diminish years ago and wondered how such a massive organization with lots or really smart folks could miss the mark so wide. Now to watch MS do it again makes me wonder if some PhD candidate in suicidal tendencies of large American corporations should pick the on-going demise of MS as a dissertation subject. Just saying.

      Thanks Patch Lady & Woody.

      • This reply was modified 11 months, 3 weeks ago by
         RamRod.
      5 users thanked author for this post.
      • #181131 Reply

        GoneToPlaid
        AskWoody Plus

        Your last paragraph, just before your thanks to Patch Lady and Woody, was a riot to read since it hits the nail on the head. Instead, I think that we eventually will see dissertations by college students who are working on their PHDs.

      • #181374 Reply

        RamRod
        AskWoody Lounger

        An update: A day later the wife pushes her Yoga Book across the table to me and says ‘It’s doing it again.’ The magic was over, and I’m not as good at blocking MS as I hoped. Sure enough the MS Updater is reinstalled and is downloading some new version of WinX. Windows Update is re-enabled! I stopped it and disabled it the day before. UGH!

        Stopped Windows Update Service again. Disabled it – again.

        Went to task scheduler – Aha! More stuff in there that automatically runs at 1:00 a.m. everyday. Disabled all scheduled tasks that I could relate to either Windows Update and, a new one here, the Windows Update Ochestrator. Noticed one task labeled ‘self healing’!!! Went to Services and yep – a new service that I’d never seen before. Stopped and disabled.

        So, stop naughty services. Disable scheduled tasks. Hope and pray. And keep reading Woody. Wish someone would work out a procedure that we could execute that would block all of the self-healing paths MS has backdoored. Or frondoored. No difference – they haven’t knocked in any case. Trespassing on my machine. Bad MS. Bad.

    • #180441 Reply

      anonymous

      I reinstalled Windows between Jan/Feb, so I didn’t see the one I was supposed to uninstall to. Rather than try to figure out, I elected to try the new kernel patch by itself. It seems to have gone without a hitch.

      Man, using an SSD is so much better for this sort of thing.

    • #180490 Reply

      anonymous

      If it has reached the stage where Susan Bradley is worrying about this, (meant as a compliment), then MS has a serious problem, whatever the reason for it.

      This is a company in the business of causing trauma to its users, even if not by design.

      I recall reading here long ago, I think it was Woody, who said that you can run a Windows computer without updating for around 9 months without panicking…(The latest fiasco with 4GB memory leaks is unbelievable). If you feel up to it, go group W after following her advice, and if you can, seriously consider alternative operating systems. It starts to get ridiculous just trying to figure out what you do and don’t need anyway. Does anyone have the time to just user their computer instead of this patching angst (even when it works?)? Just an opinion. If there is some ultra Meltdown/Spectre exploit reported, then yes, you have to patch.

      2 users thanked author for this post.
    • #180509 Reply

      anonymous

      Apparently I’m unable to uninstall the February patch, yeesh. It’s in my update history but when I view installed updates to remove it, it only shows me January as the latest of the monthly patches.

      With that said though, I don’t have any Intel parts in my PC so will I be “okay” to just keep Jan/Feb and see what April patches offer?

      • #180519 Reply

        PKCano
        Da Boss

        Two questions:
        Does your update history say the Feb patch failed? (assuming Win7 that would be 4074598 Rollup, 4074587 security-only, or 4075211 Preview)
        Is the QualityCompat Registry key, set by your anti-virus, still in place with the correct value?

        • #180545 Reply

          anonymous

          Hey PKCano, my update history says Feb 4074598 Rollup was successful installing, and I have the registry key set up correctly (I run ESET and Malwarebytes)

          • #180553 Reply

            MrBrian
            AskWoody_MVP

            Perhaps you uninstalled KB4074598 already?

            • #180556 Reply

              PKCano
              Da Boss

              Then he wouldn’t see the Jan Rollup listed, would he (Considering recent discussions) unless he re-installed it?

            • #180577 Reply

              MrBrian
              AskWoody_MVP

              If the user installed KB4056894 and then KB4074598, and later uninstalled KB4074598 and rebooted, KB4056894 should still be installed unless Disk Cleanup of Windows Updates was run recently.

              • This reply was modified 11 months, 3 weeks ago by
                 MrBrian.
          • #180554 Reply

            PKCano
            Da Boss

            If you are wanting to roll back:
            Uninstall Jan Rollup for Windows, reboot, wait 15 minutes after login, run search for updates.
            Hide any Rollup for Windows later than Dec 2017 and re-run scan for updates until you are offered the Dec 2017 Rollup.
            Install the Dec Rollup and whatever old individual Windows patches that are offered checked by default.

            2 users thanked author for this post.
            • #181132 Reply

              GoneToPlaid
              AskWoody Plus

              Yep, that is the way to do it. Except I would add, wait 15 minutes after you have logged onto Windows since a lot of stuff is delayed until the user actually logs onto Windows.

              1 user thanked author for this post.
    • #180522 Reply

      rhp52
      AskWoody Lounger

      Getting out of a no-boot situation after installing Windows updates

      Thanks, but I’ve had no issues. It rebooted after i pushed reset, followed by the ‘ installing windows update screen’.  I checked and the the update shows ‘installed’.

    • #180557 Reply

      Charlie
      AskWoody Plus

      As a Group B’er since last year I have only been installing “Security Only” updates and IE updates as directed by the A000003 page which I’m very grateful for.  I’ve had no problems & everything seems to be working well with the Jan. & Feb. S.O. updates installed.  My WU is still showing the Feb. Group A monthly rollup for Win 7.  That’s the only thing out of the ordinary I’ve noticed.

      Can I continue to do the Group B updates as usual?  It seems that the Group A rollup updates are the ones causing this mess.  Please forgive me for being confused here, this is a lot to take in.  I’ve never had to uninstall an MS update and really don’t want to now if possible.  Thanks.

      Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

      • #180561 Reply

        PKCano
        Da Boss

        The Group B Jan/Feb security-only patches contain the same problems as the Rollups. So what is said applies to both Group A and Group B.

        It is your choice to roll back (uninstall) or not, but understand that the same cautions apply to both.

        2 users thanked author for this post.
    • #180569 Reply

      Sproots
      AskWoody Lounger

      My experience since following Win7 X64 Group B for Jan-Feb has been a slowly deteriorating environment on my single PC.

      For some reason Unzipping files using 7zip began taking two steps longer, you could see that the program was stalling trying to write the uncompressed data to my SSD.

      The same issue started when copying files from my Raid Array HDD to the SSD.  The copy would stall and then the copying files popup window would come up and slowly chunk through the copy until complete.

      I was seriously worrying that I had the start of SSD failure (several years old but health and SMART check ok with plenty of over-provisioning and space available).

      I decided to roll back after seeing this post, just to check. And now file copies are back to instantaneous.

      Miss Susan, you have saved me much stress and costs, Thank You!

      • This reply was modified 11 months, 3 weeks ago by
         PKCano.
      • This reply was modified 11 months, 3 weeks ago by
         Sproots.
      3 users thanked author for this post.
      • #181383 Reply

        GoneToPlaid
        AskWoody Plus

        Yep, writing to SSDs are particularly impacted. I believe that the March update makes matters worse. It has to do with the 4K blocks used by SSDs. This causes a tremendous amount of overhead after installing the Meltdown/Spectre patches. Conventional platter hard drives are the least affected.

    • #180618 Reply

      The Surfing Pensioner
      AskWoody Plus

      Windows 10 is looking better and better

      What’s to like about Windows 10?

      3 users thanked author for this post.
    • #180720 Reply

      Erik
      AskWoody Lounger

      Susan, I am currently Windows 7/8.1 Group B. Both are patched through January with no problems so far. I held off February’s patches due to the reported issue with two factor authentication. I currently use a military common access card (CAC) from home. In the past I have had many problems getting the CAC card to work so I didn’t want to mess with this. I was reading in some posts that this was not fixed in the security only patches and that you have to get the rollups (which I wont do). Is this true? If so could you let us know if and when this is ever fixed in the security only patches. I am also holding off on March’s patches at your advice. Since I have not had much issue with January’s I will wait and see and leave them for now.

      Another question, I haven’t been able to find the answer to and maybe you might know:

      KB3127916 for Office 2013 – documentation shows nothing on what it is for. I found from a good source that it is for Contactpicker.dll but I have no idea what it is doing for it.

      KB3191872 for office 2013 – This update deletes or hides the From Microsoft Azure Marketplace option from the Power Pivot ribbon, because the Microsoft Azure Marketplace service is no longer exists.

       

      What seems strange to me is that it is something like 64 MB and contains changes to 14 .dll files. For something so simple is deleting or hiding Azure, it seems like it is an excessively large file with many changes. Is something else there? I wouldn’t be surprised if MS sneaked something else there now a days and only telling you about one thing in it seemingly benign.

    • #181003 Reply

      PKCano
      Da Boss

      My support of (other than my own) computers has purposely dwindled from an unbelievable number to 3 desktop and 1 laptop Win7 plus 1 desktop and 1 laptop Win10 1703. I couldn’t keep up the large number OS supports and moderate too.
      So here are some of my observations:

      Two of the Win7 desktops are “Joe” users. They both have Jan and Feb Rollups installed, neither are being offered the Mar Rollup in WU. I had them stand pat – installing only MSRT and Office. Hid .NET 4.7.1 installer.
      I thought about having them install KB 4100408, but since neither are big computer users, decided to wait.

      The other desktop and laptop are my son’s. They also have Jan and Feb Rollups installed. He has a metal-working business. On his desktop (Dell XPS 27″ all-in-one quad core i7, 16GB RAM 4-5 yrs old) he usually has multiple DesignCad drawings, multiple large .PDFs, QuickBooks, and Chrome open at the same time. He has seen a HUGE slowdown in the computer lately – reports circle going around, long page loads, etc.
      For him, I am considering the rollback to Dec. 2017. See if it relieves some of the resource loss. At the same time I’m considering long term effects of rollback on the integrity of the OS, considering MS’s problems with supersedence.
      If I do this I am also considering doing the standalone IE11 CUs monthly to keep IE up to date, though he uses only Chrome. The security-only patches seem to have the same problems as the Rollups, so they’re out.

      ————-

      Have managed to keep both the Win10 1703 Pros on 1703 by finagling. Feature updates set 365, quality updates set at 0, no pause. GP: WU Automatic = 2 notify download & install, Download set to 99 simple (no peering). Connected Customer Experience and Telemetry Service – Disabled (keeps turning back on). Tasks: All under Application Experience, Autochk, and CEIP Disabled (some turn back on). Tasks under Update Orchestrator – two USO, sched scan, Refresh settings, MusUx Disabled (some keep turning back on).
      Have found that I can’t get rid of KB 4023057 from the WU queue with wushowhide unless I disable the sih and sihboot Tasks under WU then run Disk Cleanup and reboot immediately before wushowhide. Only then can I hide KB 4023057 using wushowhide and have it is out of the WU queue so I can install just the CU update.
      Have had to uninstall KB 4023057 and delete the Windows\updateassistantv2 folder on occasion.
      Both are still on latest build of 1703 (966), but I dread the emergency call from the office manager saying an upgrade is in progress or the machine is borked.

      3 users thanked author for this post.
    • #181001 Reply

      anonymous

      I did a fresh install one week ago and installed kb4074598. My only activity was visit microsoft support pages and askwoody with IE11 but for peace of mind should i reinstall windows? I want to have a reliable installation and create a disk image.

       

      • #181010 Reply

        MrBrian
        AskWoody_MVP

        Does the computer have any new issues after installing KB4074598?

        • #181020 Reply

          anonymous

          Sometimes i’m facing a black screen when i restart windows.

          1 user thanked author for this post.
    • #181133 Reply

      GoneToPlaid
      AskWoody Plus

      KB4074598

      I am gonna guess that the black screen may be due to the fact that the Windows graphics component was updated by this update. Do your Windows event logs show anything? If so, then apparently we have yet another issue with this update.

    • #181160 Reply

      Pepsiboy
      AskWoody Lounger

      Here are 2 screen shots of what showed up in Windows Update this morning. I am surprised that EVERYTHING is checked. I have downloaded and installed NOTHING from this list, just letting all know what I got this morning. I’m tempted to hide all of them, but, will wait for defcon numbers to change and MAYBE install some.

      Dave

       

      MWSnap000-2018-04-04-03_32_26

      MWSnap001-2018-04-04-03_32_37

      Attachments:
      You must be logged in to view attached files.
      1 user thanked author for this post.
      • #181334 Reply

        AJNorth
        AskWoody Plus

        To borrow a phrase, Fascinating, Captain!

        Both KB4088881 and KB4099950 — as well as the reappearance of our old friend KB2952664 — appeared on my WIN7 Pro x64 box (yesterday), but were all optional and unchecked (WU set to Check but let me choose…).

    • #181302 Reply

      PKCano
      Da Boss

      UPDATE UPDATE UPDATE               KB 4096040

      KB 4096040 has been added to AKB2000003 for Group B.

      KB 4096040 replaces the March 2018 IE11 Cumulative Update for IE11 (KB 4089187) and fixes the “IE11 doesn’t start after installing KB 4088187” error.

      6 users thanked author for this post.
      • #181323 Reply

        SueW
        AskWoody Plus

        @PKCano, if KB 4096040 replaces KB 4089187, would it make sense to either delete the March 2018 (IE 11) KB 4089187 line & links (or line through this line & links) on the 200003 Ongoing list page in order to ensure someone doesn’t download and install this original March 2018 (IE 11) update anyway?

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

        • This reply was modified 11 months, 3 weeks ago by
           SueW. Reason: Clarification
        • #181330 Reply

          PKCano
          Da Boss

          If people installed the original patch and don’t have a problem, then it probably not necessary that they install the patch with the fix. If they don’t have a problem, I don’t want them to think they have to uninstall.  I bolded the fact that it was a replacement, so anyone installing from now on will know.

          The fixes will be included in the April Cumulative Update, out in less than a week.

           

          6 users thanked author for this post.
    • #182586 Reply

      fl
      AskWoody Lounger

      This message chain has taken a few detours, and many side discussions are being carried on. I’m a Group B updater, who has installed the Security only updates from January and February. I’m considering following Susan’s suggestion to uninstall these Security updates, and then holding off on the March Security Only update until such time as Microsoft gets it right. I have two computers – both Macs running Bootcamp, one of which is 64 bit Windows 7 Pro SP1, the other 32 bit Windows 7 Pro Sp1.

      For the sake of clarity, can I please get confirmation before I do the following:

      Uninstall KB4056897 (Jan. Security Only)

      Uninstall KB4073578 (fix for unbootable AMD computers, which I installed “just in case”)

      Uninstall KB4074587 (Feb. Security Only)

      Install KB4100480 (the Meltdown/Spectre quick fix to forestall the issues introduced by the Jan. and Feb. Security patches) on my 64 bit machine, only if it is offered in Windows Update.

      Install KB4096040 (the updated IE11 Security Patch for March)

      And then hide any Rollups, Previews or other unchecked  or optional updates offered by Windows Update. Plan to hold off on installing any MS Security Updates for the foreseeable future, until such time as Woody and Susan deem them safe.

      Is this a suitable plan?

      Mac Mini v. 6.2 (2012) with Win7 64 bit
      MacBook Pro v. 3.1 (2007) with Win7 32 bit
      Group B Updater

      • This reply was modified 11 months, 2 weeks ago by
         fl.
      1 user thanked author for this post.
      • #182591 Reply

        PKCano
        Da Boss

        If at any time you are offered KB 4099950 checked, go ahead and install it. Otherwise that looks OK.

        1 user thanked author for this post.
      • #182980 Reply

        fl
        AskWoody Lounger

        Thanks to everyone on this site – you’ve all been very helpful.

        I writing this post on Monday April 9, in the waning hours before the April Updates are released, in the hope that my experience may help others.

        As mentioned above, I have two Windows 7 SP1 Pro machines, both Macs running Bootcamp. One installation, on a 2012 Mac Mini is 64 bit, the other is on a MacBook Pro from 2007, and is 32 bit. The process was the same on both machines.

        1. I Uninstalled: KB4074587 (Feb. Security Only), KB4073578 (Jan. fix for AMD processors) and KB4056897 (Jan. Security Only), and re-booted. Following that, I ran GRC’s InSpectre and saw that I was NOT protected, but that performance was “Good”.
        2. I ran Windows Update and was only offered KB890830 (March MSRT) as Important and Checked, which I installed. I was also offered KB4099950 (March Fix for the Total Meltdown problems introduced by the Jan. and Feb. Security Updates) as Optional and Unchecked. This got hidden.
        3. I then downloaded and installed KB4096040, the revised March patch for IE11, followed by yet another re-boot.

        Everything appears to be running smoothly – and the 64 bit machine feels a little snappier.

        Just in case they become unavailable, I downloaded the Jan., and Feb. updaters for what was uninstalled, above, as well as KB4088878 (March Security Only), and KB4096040 (the IE11 Security update I installed above, just in case), and stored them in a folder (but didn’t install any of them). I tried to download KB4099959 (the Total Meltdown patch I hid in Windows Update above, but found that DuckDuckGo couldn’t find the page, and when I searched using Google, the page from the Windows Update Catalogue wouldn’t load (blank page instead). If I want to install it, I’ll have to un-hide it in W.U.

        So I’m back to where I was at the end of December 2017, more or less – Happy New Year Everyone!

        Mac Mini v. 6.2 (2012) with Win7 64 bit
        MacBook Pro v. 3.1 (2007) with Win7 32 bit
        Group B Updater

        1 user thanked author for this post.
        • #183136 Reply

          MrBrian
          AskWoody_MVP

          KB4099950 isn’t the fix for Total Meltdown.

    • #179890 Reply

      Cascadian
      AskWoody Lounger

      I will admit a touch of jealousy. Two months ago I would have judged you reasonably cautious. One month ago, unreasonably over-cautious. Now you have an enviable condition. Such is the evolution in this changing landscape. When in fact, what has really changed is our new understanding of what we didn’t know before.

      I remember Woody’s New Year’s Eve post reminding us of the value in an image dated 31DEC2017. And while I will very likely install KB4100480, as a personal choice, I see rolling back as also very reasonable. There on my shelf is an image that would make me just like amraybt. It will be there if I need it, I suppose.

      3 users thanked author for this post.
    • #180276 Reply

      James Bond 007
      AskWoody Lounger

      My Group B strategy has been to wait 2-3 months then catch up with the security-only and latest IE cumulative updates whenever the dust settles (e.g. during a relatively calm month with few or even no widely reported issues). I’m updated through Dec 2017 on both systems, but it feels like MS is really trying to push myself and others to Group W. I’m glad I waited to see how things would go since the mess that began in January.

      Group B, like you.

      After I became aware of the Total Meltdown flaw that Microsoft introduced with their Meltdown “fixes”, I have restored ALL my systems running Windows 7 x64 back to (or stopped patching beyond) the December 2017 patch level (4 used by me and several others used by family members), using system images prepared before by Acronis True Image.

      For me, the decision is simple. If Group B is no longer viable then I will simply stop patching. For now I shall stop patching the Windows 7 systems until I am satisfied that the mess has been resolved. If the mess is not resolved to my satisfaction, then those systems will remain at the December 2017 patch level, effectively becoming Group W. And by stopping patching there is the additional benefit of no performance degradation.

      But I can’t stop wondering : How can Microsoft be so incompetent? How can security update(s) supposed to fix security vulnerabilities make our systems even more insecure? Is this another attempt by Microsoft to “persuade” Windows 7 users like us to “upgrade” to Windows 10 by degrading the Windows 7 experience?

      Hope for the best. Prepare for the worst.

      8 users thanked author for this post.
    • #179930 Reply

      Cascadian
      AskWoody Lounger

      Too late. Ran that peculiar gauntlet before I ever met you. 😉

      Guess I did word that like an easy set-up, well turned. And I agree with your recap as well. I also think many approaches fit many people. It is the increasing disorder that causes concern. Everything indicates that rolling back by uninstall should go smoothly. But your refreshingly lighthearted description caused a smile. And gave me an opportunity to point out that even if that goes wrong having a year end full image with more recent data files backup can make a very bad day into a much simpler recovery.

      That comforting thought is what makes it possible for me to go forward with choices where I really do not know what might happen next.

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – to patch or not to patch?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: