Newsletter Archives

• “Get Windows 10” nagware patch, KB 3035583, coming again to Windows 7

  Posted on May 3, 2016 at 14:02 CDT by woody • Comment in the Forums

  You’d think they would’ve learn from the KCCI experience, but noooooooo…

  InfoWorld Woody on Windows

  Windows Patches/Security Get Windows 10, KB 3035583, KCCI

• What’s up with Windows Defender Offline?

  Posted on May 3, 2016 at 12:12 CDT by woody • Comment in the Forums

  Got an interesting message from SG:

  I downloaded the latest defender offline for both 32 and 64 bit systems. Neither one works – they say that the definitions are not up to date?. An older version from several months ago still runs without that problem. I am using Win7 to download them. mssstool32.exe and mssstool64.exe

  Any ideas?

  Windows Patches/Security Windows Defender Offline

• Windows 8.1 removing “installed” updates

  Posted on May 2, 2016 at 12:22 CDT by woody • Comment in the Forums

  This in from Noel Carboni:

  Scheduled nightly on all my systems I run a script I’ve developed that gathers and logs various information that will be useful if something goes wrong or I’m investigating something that’s been found to be changed.  More information and a copy of this script is available here if you’re interested:

  http://win10epicfail.proboards.com/thread/114/watch-system-changes

  I just reviewed the output from my script on one of my Win 8.1 systems, comparing it to prior runs and I noticed something – specifically the section where installed updates are listed.  I found a REDUCTION in the number of installed updates between the nightly runs on 4/26 and 4/27.  Doing a bit of sleuthing I discovered it was the CbsTask that removed them, apparently as part of regularly scheduled system maintenance.

  Specifically, these KBs were removed in the wee hours of April 26:

  KB3018467

  KB3019215

  KB3035017

  KB3035487

  KB3035527

  KB3049989

  KB3060746

  KB3069114

  KB3072633

  KB3080446

  KB3087039

  KB3087390

  KB3099864

  KB3101183

  KB3101246

  KB3102939

  KB3105115

  KB3107998

  KB3108347

  KB3108381

  KB3121212

  KB3121260

  KB3126041

  Per the event logs, the deed was done starting with these events:

  Log Name:      Application

  Source:        ESENT

  Date:          4/26/2016 3:14:55 AM

  svchost (8036) Instance: The database engine (6.03.9600.0000) is starting a new instance (0).

  Log Name:      Application

  Source:        ESENT

  Date:          4/26/2016 3:14:55 AM

  svchost (8036) Instance: The database engine started a new instance (0). (Time=0 seconds)

  Log Name:      Application

  Source:        ESENT

  Date:          4/26/2016 3:14:55 AM

  svchost (8036) Instance: The database engine attached a database (1, C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb). (Time=0 seconds)

  Log Name:      Setup

  Source:        Microsoft-Windows-Servicing

  Date:          4/26/2016 3:17:15 AM

  Initiating changes for package KB3018467. Current state is Installed. Target state is Absent. Client id: CbsTask.

   

  Then there were many more like the above over the next minute, listed as “Current state is Absent.”, “Current state is Installed”, or “Current state is Superseded.”, and all with “Target state is Absent.”  The activity completed at 3:18:15.

  This activity didn’t occur as a direct result of a Windows Update, though it may have been indirectly related to the most recent Windows Update run a few days prior.  The machine does NOT do automatic updates (Windows Update is disabled except when manually initiated), and the most recent manual run was on the 22nd.  These removals just happened as a result of a regularly scheduled maintenance job, apparently.

  Assuming this activity is normal and to be expected, I guess these updates must be rescinded, superseded, or no longer applicable for some reason?   I Googled a few of them and didn’t get any clear reading on that.

  Thinking back I can’t say I remember noticing this particular kind of activity before, though it could be it just didn’t catch my eye – Windows Updates didn’t USED to be things one had to watch as carefully as we do today…

  Heh – the things our computers do late at night when we’re not around, eh?

   

  I thought this might be interesting for your readers.  I’d love to hear others’ comments and insights on this activity.

  Windows Patches/Security Windows 8.1 disappearing installed updates

• Updates of questionable value

  Posted on April 30, 2016 at 06:31 CDT by woody • Comment in the Forums

  Periodically I publish lists from folks who have different ideas about what constitutes a good patch, as opposed to a useless or even harmful patch.

  I’d like to kick off the latest round with a comment posted by Bob(maybe)OrNot. If you have a list to contribute, please chime in the comments:

  We should have a list somewhere of various updates we are questioning or avoiding. Also a list of known good updates for each month (and/or the last 2 months before that).

  “Junk” (have no benefit to the user, aka telemetry)
  “Win10 prep related updates”
  “Thought to cause some people trouble”
  “Microsoft released this update, but they don’t know what it does yet (no KB article)”
  etc…

  My junk/10 list:
  KB3035583
  KB3123862
  KB3022345
  KB3068708
  KB3080149
  KB3075249
  KB3090045
  KB3139929 (did the next month’s update include KB3146449?)

  8.1 only:
  KB2976978
  KB3072318

  7 only:
  KB2952664
  KB3021917
  KB2977759
  KB3081954

  Windows Patches/Security bad patches

• Turn off Windows Update if you want to force-feed individual patches

  Posted on April 29, 2016 at 20:24 CDT by woody • Comment in the Forums

  Good note from DC:

  I like you assumed that standalone KB updates should install without running any Windows Update checks however this doesn’t appear to be the case if you have the Windows Update service running and/or your internet connection open.

  If your Win7 system is suffering from the “frozen” Windows Update issue and you want to manually install the two KB updates (3138612 & 3145739) then you need to stop the Windows Update service (wuauserv) before attempting to run the MSU installer(s) and also temporarily disconnect your internet connection.

  When you run the manually downloaded MSU installer it will attempt to open an internet connection via the Windows Update service – this then triggers the endless “Searching for Updates …” message. The MSU installer doesn’t require this internet check to proceed – but if available will fall into the same “hole” as the normal Windows Update system. If you prevent the connection it gives up on the “Searching for Updates ….” check after a few seconds and proceeds with the install. I assume this is because the MSU installer (Microsoft Update Standalone Package) is treated as part of the Windows Update family and attempts to “phone home” for advice – rather than accept you are calling the shots.
  Windows Patches/Security Windows Update

• Are you having trouble with Win7 patch KB 2952664 and Norton Identity Safe?

  Posted on April 29, 2016 at 09:58 CDT by woody • Comment in the Forums

  Can you reproduce this? From reader TB:

  Windows 7 update kb2952664 has been around in several versions for about two years now. The latest came to me on 13 April 2016 – and it had a surprise inside!

  First, the routines and applications contained in this update all date from either March or April 2016 – it’s all new stuff.

  What’s REALLY new is that the Microsoft Compatibility Appraiser that’s installed seems to be more aggressive. I use Norton Antivirus and Identity Safe. These products don’t work with Microsoft’s Windows 10 browser, Edge and this is not new news. However, this update seems to take action: when I installed it, I could not access Identity Safe, even though I am running Windows 7. Apparently, the update modifies some of the code that Norton uses.

  Why am I so sure? This was the only update I installed. When I installed it, Norton’s toolbar told me to ‘Access Vault’ in the Identity Safe box. If I pressed on that button, I saw a message: ‘ Reboot needed’. I did that, and nothing changed. There was no way to access the Identity Safe vault. When I uninstalled the update, Identity Safe worked again, the same way as it did before.

  Determining what needs to be done and leaving flags for Windows 10 to use is one thing. Disabling software I paid for and should be able to use while I use Windows 7 is something else.

  Windows Patches/Security KB 2952664, Norton Identity Safe

• MS-DEFCON 3: Get patches installed, but tread lightly, and roll back Office 2013 Click-to-Run

  Posted on April 28, 2016 at 12:59 CDT by woody • Comment in the Forums

  With almost a hundred patches arriving since the last time I moved to MS-DEFCON 3 (March 16), the Windows and Office patching scene looks as daunting as ever. Microsoft didn’t release any patches on Tuesday of this week (the fourth Tuesday of the month is a traditional fur flying fest), so I’m feeling more confident that y’all have time to get things caught up. I suggest you do get caught up before the next round arrives – Office patches are due out on May 3, and heaven only knows if we’ll get a Windows 10 cumulative update before the next Patch Tuesday, May 10.

  This month, if you have Vista or Windows 7, you can spend hours and hours and hours waiting for Windows Update to run its course – or you can run out ahead of the insanity, by using the KB3138612 and KB3145739 scan speedup proposed here on AskWoody.com, and codified by poster EP.

  Here’s where we stand.

  Vista: If you haven’t yet followed the trick for speeding up Windows Update scans, use the method described in this InfoWorld article to first grease the skids. Start Internet Explorer and verify (Help > About) that you’re running Internet Explorer 9. Apply all outstanding patches, but DON’T CHECK any update boxes that are unchecked.

  Last month, I warned Vista users about KB 3139398 and KB 3139852, but the first appears to be good to go, and the second has already been superseded by KB 3145739 – so if you followed my directions earlier and installed KB 3145739 already, in order to speed up your scans, the old KB 3139852 won’t even appear.

  Windows 7: If you haven’t yet followed the trick for speeding up Windows Update scans, use the method described in this InfoWorld article to first grease the skids. Yes, that means you should install KB 3145739 manually.

  Step 1. If you haven’t checked recently, crank up Internet Explorer. Don’t use it to go to any sites, but click the gear icon in the upper right corner, choose About Internet Explorer, and verify that you’re on IE 11. If you aren’t yet on IE 11, make sure the box marked “Install new versions automatically” is checked, then click Close. That’s the easiest way to upgrade to IE 11. There may be an IE 11 upgrade sitting in Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). If so, keep it checked.

  I don’t recommend that you use IE. (Hey, Microsoft’s already put it out to pasture; that’s what Edge is all about.) But you need to update it, and keep it patched, because Windows still uses bits and pieces of IE in various places.

  Step 2. Run GWX Control Panel and set it to block OS upgrades.

  Step 3. Go into Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). Click the link that says “XX important updates are available.” Check the boxes next to items that say “Security Update,” but do NOT check the box for KB 3146706 – it’s probably unchecked anyway. (Yes, KB 3139398 is OK.) If you need to keep up with time zone changes in Oblast, Altai Republic or Zabaykalsky Krai, check the box for KB 3148851 and/or 971033. UNCHECK the boxes next to Important items that only say “Update.”

  Step 4. On the left, click the link that says Optional. Uncheck every box that you see. Yes, I’m saying that if a box is checked, uncheck it. If you uncheck the box next to “Upgrade to Windows 10 Pro, Version 1511, 10586 box.” Windows Update will check it again for you. Don’t be alarmed. GWX Control Panel will protect you.

  There’s a lot of debate about the advisability of installing the April Office patches, and it appears as if a couple of them have been pulled. Susan Bradley in her nearly-biblical Patch Watch column in Windows Secrets Newsletter (paywall) recommends that you install KB 3114566, KB 3114888, KB 3114993 and non-security patch KB 3114996, if any of those should appear. Personally, I’d skip the non-security patch, but I’m just ornery that way.

  Those of you attached to corporate networks need to be aware of some problems. The 3114996 KB article has a warning about the patch and Exchange Server. KB 3114941 is showing problems on some Lync 2013 (Skype for Business) and Outlook 2013 installations. For those of you who aren’t attached to a corporate network, you should be fine.

  Step 5. Click OK, then Install updates.

  Step 6. Back in Windows Update, on the left, click the link to Change settings. Make sure “Important Updates” is set to “Check for updates but let me choose whether to download and install them,” and uncheck the box next to “Give me recommended updates the same way I receive important ones.”

  Step 7. Click OK and reboot.

  Step 8. This one’s important. Unless you want to look like Metinka Slater, the weather forecaster on Des Moines station KCCI, you need to run GWX Control Panel again. That’ll ensure Microsoft didn’t install anything untoward. (Note: GWX Control Panel has a “Monitor Mode” option. If you choose to use that option, you won’t need to run GWX Control Panel again – it’s already running. Personally, I don’t use Monitor Mode. I don’t like to leave anything running if I don’t have to. So I run GWX Control Panel manually, twice.)

  Windows 8.1: I haven’t heard of any appreciable Windows Update speed-up by using the KB3138612 and KB3145739 trick. Follow the instructions for Windows 7, but in Step 3 go into Windows Update by right-clicking on the Start icon and choosing Control Panel.

  Windows 10: If you’re using the metered connection trick to block updates, unblock the metered connection long enough to get caught up. There have been lots and lots of reports with problems with the cumulative update KB 3147458 but they don’t appear to be any worse than usual. If you hit a problem, be sure to drop John Wink a line. This eleventh Win10 cumulative update should bring your version of Windows up to build 1511 OS version 10586.218 – what I like to call Windows 10.1.11.

  If you blocked KB 3140741, dated March 22, you should install it, too. 3140741 is a different kettle of fish. It “updates the servicing stack” in Windows 10, which means it makes changes to Windows Update. Since it’s a Win10 patch, it’s forced just like all the other patches. Originally there were several reported problems with 3140741, but I haven’t heard many screams lately. Yes, you should install 3140741 if you’ve blocked it. If it doesn’t install properly, don’t sweat it – hide it again and forget it. Servicing stack updates come and go, and there will be another one some day.

  Office Click-to-Run: For the first time, I’m going to start including Office Click-to-Run in my MS-DEFCON ratings. There have been problems reported with Office 2013 Click-to-Run version 15.0.4815.1001. Microsoft recommends that you roll back to Office 2013 build 15.0.4805.1003. It’s not easy.

  For those of you using Click-to-Run, I would appreciate hearing about any problems you’ve found – and help me fill out this part of the MS-DEFCON advisory!

  Everybody: Either watch here on AskWoody.com, or follow me on Twitter (@woodyleonhard) or Facebook to keep up on the latest. Microsoft’s releasing patches at a breathtaking rate. It’s a jungle out there. And if you catch something, shoot me email (click on the mail icon in the upper right corner of this page), or post a reply to this blog.

  I’m putting us at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  My usual boilerplate advice:

  For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches is a clear sign of impending insanity. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). If Windows Update has a patch but the box isn’t checked, DON’T CHECK THE BOX. It’s like spitting in the wind. I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

  P.S. Yes, you read that right. I now recommend that you Win7 and 8.1 users only install Security Updates. For many months, almost all of the non-security updates Win7 and 8.1 customers have received are specifically designed to push them to Windows 10, or to increase Microsoft’s ability to snoop on Win7 and 8.1 machines. No thanks.

  Thanks, as always, to Susan Bradley and her in-depth work in Windows Secrets Newsletter.

  Windows Patches/Security April 2016 Black Tuesday

• In praise of “WSUS Offline Update” for speeding up Windows 7 patches

  Posted on April 26, 2016 at 15:58 CDT by woody • Comment in the Forums

  Reader SH took WSUS Offline Updater for a spin. It’s an open source (GNU GPL) program that lets you install updates offline – no network connection necessary – for both Windows and Office. Several folks have asked me if it makes the chore of installing Win7 patches any faster. Here’s his report:

  Hardware: Dell Vostro 220s, Intel Core 2 Duo 2.9GHz, 3 GB RAM (surplus system from client trade-up)

  Software: Wiped hard disk, Fresh install of Windows 7 Pro, 64 bit, SP 1, from a bootable USB thumb drive.

  System NOT connected to the internet, Windows Update was in “Never check for Updates” mode after Windows was installed.

  Loaded full package of WSUS Offline Updater from a USB thumb drive to a folder on the hard disk, ran it from there.  Updates were from an April 13 download (didn’t bother to re-download a newer batch).

  Started WSUS at 9:50 pm, it installed about 7 updates then needed a manual reboot

  Re-started WSUS at 9:58, it did some checking, it wanted to install IE 11, so did that, it took about 3-4 minutes, and rebooted

  Re-started WSUS at 10:01.  It installed about 6 updates, the started “creating a list of missing updates, this could take awhile (be patient….)”.  I checked it from time to time, got doing other things, checked back at 11:09, it was still ‘checking’. During this time the hard disk was running pretty steadily, and good old svchost.exe was running at 50% CPU usage.

  Finally about midnight, it got done checking, came up with 142 updates to install and started on that.  I watched some being installed, when it got to about 40 installed, I gave up and went to bed.

  Got up the next morning, and it was done with the 142 updates, had finished at 1:46 AM.

  I rebooted, it did the ‘configuring updates’ thing, phase 1 of 4, etc, took about 20-25 minutes to do the pre-shut down/restart configuring, then booted back to the desktop.

  I started the next round of WSUS Offline about 8:10 AM, it started another ‘creating list of missing updates (be patient…)’, but this time took only about 5 minutes, found about 4, I skipped the Windows Defender update and the MS Security Essentials install, so it only installed 1 update (KB2532531), then needed a reboot.

  Started the next phase at 8:30, it did ‘creating a list of missing updates (be patient…)’, this time it took about 5 minutes to come up with NONE found.

  Update history shows 11 updates in the Windows Update app, but in Programs & FeaturesàView Installed Updates, that lists 162 updates.

  Some of the ‘bad’ Updates that were NOT installed were KB3035583, KB2952664.

  Others installed were KB3139398, KB3139852, and the 2 possible update speed-up checking fixes KB3138612 and KB3145739.

  After WSUS Offline updater was done, I hooked the system up to my network and the internet, installed GWX Control Panel, to see if any updates WSUS had installed might have turned any Windows 10 updating on.  What was on was “Get Win 10 icon app allowed” and “Are Windows 10 upgrades allowed”, so I shut those off and put GWX Control Panel in Monitor mode.

  I then went to the Windows Update app at 9:18 and turned on “Check for updates, but allow me choose whether to download and install them”, that kicked off an update check. That got done before 9:30, found 7 Important and 68 Optional updates.

  I selected 4 of the 7 (skipped the Defender update and the Malware scan), it downloaded them in about 2 minutes, created a restore point and installed them in about 1 minute. Then needed a reboot.

  I then went back into the Update app and downloaded the Malware scan and Defender updates, 87MB, in under a minute, and did the scan and installed the Defender file.

  I ran one more manual check, it found only one more update in under a minute, downloaded and installed it in under 2 minutes.

  Rebooted, ran a manual Update check again and that found no more updates, still just the 68 optional ones.

  So, other than the initial 2 hours of ‘creating a list of missing updates…’, and the 1 hr, 45 minutes it took to install the big 142 updates batch, the remaining steps went pretty fast, much faster and with less operator intervention than doing it using the in-Windows update app.

  Supposedly the whole process can be automated with a command line modification to the install process that will auto-reboot the PC and pick back up where it left off.  Some comments I read said that sometimes caused problems, so I did not try that, wanted to see what the manual mode process entailed.

  I’ve attached 3 screen shots of the updates found after the WSUS offline updater process and a manual check was run.  I did not try to install or care about the 68 optional updates (this was only a test…), perhaps Woody and others can review them and see if there are any that are worthwhile or that should be avoided.

  If I was doing this on a ‘real’ system, I would re-run the WSUS downloader process again to have it check for any late updates, as mine were about a week out of date so I figured I’d just run it with what I had and see how many more the real update checking process might find (7 I guess) and how fast it would then download those using the regular process (pretty fast).

  As I mentioned, I’ve been getting official referbed Windows 7 systems for my clients to finally get them off XP.  Those systems come with SP1 on them and some updates, but sill have been requiring numerous checking the regular way, waiting to find the updates, then waiting to download them, then waiting for them to install, then repeat until all updates have been found.

  If and when I get any more of those referbed systems, it will be interesting to see if WSUS Offline can update an already partially updated system up to ‘current’ status faster than doing it manually.

  I know doing massive updates to Windows 7 is in the dying stage, as pretty soon it will be very hard to buy new Win7 systems, and Windows 7 has been very resilient to needing total re-installations (unlike XP).  But I wish I’d found this utility years ago, might have gotten more sleep!

  

  Windows Patches/Security WSUS Offline Updater

• Is Microsoft using security patch KB 3146706 to break pirate copies of Windows 7?

  Posted on April 26, 2016 at 09:01 CDT by woody • Comment in the Forums

  More evidence – and an English description of the mysterious “Ghost” pirate version of Win7, prominent in China.

  An accident? Or a fortuitous attack vector?

  InfoWorld Woody on Windows

  Windows Patches/Security 0x0000006B, Ghost, KB 3146706

• Slow updates for Vista? KB 3145739 solves that, too

  Posted on April 25, 2016 at 13:25 CDT by woody • Comment in the Forums

  Interesting note from ER:

  After several days of testing KB3145739 on Windows Vista SP2, the Vista version of that patch also worked in fixing the Windows Update “forever” problem.  Got it working on the fourth or fifth try.  Now WU is responding a lot quicker on Vista SP2.

  The real reason why KB3145739 didn’t work on Vista on the first few attempts is because I installed it on a fresh or “clean” install of Vista and did not have the previous Vista security updates installed from August 2009 to all of year 2015.  I had to use tools like Autopatcher or WSUS Offline Update utility to manually download & install the 150+ Vista SP2 security updates from 2009 to 2015 before the KB3145739 fix could actually work.

  I’m beginning to think KB 3145739 is the magical cure. Just hope it works on the updates next month.

  Windows Patches/Security KB 3145739, vista

• Time to install March updates KB 3139852 and KB 3139398?

  Posted on April 24, 2016 at 18:17 CDT by woody • Comment in the Forums

  Another good question from TJ:

  The 2 March updates which were we were told to NOT install, have not had
  any further mention, and I was wondering if I missed an “all clear” on them or
  are they still on the “recommend you do not install” list?

  I have these 2 hidden, and wonder if I should “unhide” them if MS changes anything
  on them. These are from March:

  KB 3139852 and KB 3139398

  Your advice is most appreciated. I can see that you are extremely busy with everything
  that is occurring with MS at the present time (again), in addition to your work on the
  Windows 10.

  Yeah, times are interesting….

  KB 3139852 has been superseded by KB 3145739. When we move to MS-DEFCON 3 or 4, I’ll likely recommend you install 3145739, just to speed up scanning for updates. You probably won’t even see 3139852.

  KB 3139398 is an odd USB driver fix. It’s still having problems installing on some machines, but if you remove any USB drives in the machine and disable your antivirus, it’ll probably go in fine. There’s a discussion of further problems here on SpiceWorks. Do you need to install it right now? No. I don’t know of any exploits as yet.

  Windows Patches/Security KB 3139398, KB 3139852

• Do I need to update the Windows Update client, KB 3138612?

  Posted on April 24, 2016 at 17:49 CDT by woody • Comment in the Forums

  Short answer, no. I’ll probably change the recommendation when we back down from MS-DEFCON 2, and start slipping in the April Windows 7 security patches.

  Got a good question from AH, and it all boils down to this:

  – Does an up-to-date WUC currently increase the danger of MSFT being able to slip W10 in through the cat-flap or is it genuinely a benefit to the WU process?

  – If I decided that I wanted an up-to-date WUC, could I just install the latest KB and then all the preceding WUC updates would disappear from my hidden list?

  – Can I install multiple WUC updates in one go without causing problems, or would they have to be done one at a time with particular attention being paid to supersedence?

  I have the latest version of GWX Control Panel installed and monitoring as I type, and I am currently on hold, waiting for you to change the MS-Defcon status before I install diddly.

  I don’t know if the latest versions of the Windows Update program add any more snooping capabilities to Windows 7, but I highly doubt it. The problem is that we simply don’t know – and won’t ever know – what info Microsoft is starting to collect from Windows 7. Moreover, if they’re collecting more information (probably on behalf of other updates), I’m convinced they’re handling the information in accordance with commonly accepted privacy principals. You may or may not like, say, Google’s privacy record. But Microsoft certainly hasn’t done anything worse than Google. I think.

  If you want the latest Windows Update program, yep, you just install KB 3138612.

  Every indication I have at this point says that the settings controlled by GWX Control Panel have been respected, and will be respected. Thus, if you’ve run GWX Control Panel, you should be free from the blight of sneaky Windows 10 upgrades.

  Windows Patches/Security KB 3138612, Windows Update
• « Older Entries

  Newer Entries »