Search Results for '3177467'

[Volume Z]

3177467 doesn’t make a difference either. The 3-somethings are relics of the pre-SHA-2-era. Then again you can’t start off with anything newer than KB4490628 because it’s a prerequiste to the later SSUs.

KB4490628 ist the one to start with.

3 users thanked author for this post.

MrChaz, Microfix, abbodi86

[EP]

you should NOT be installing KB3020369 anymore as it is already obsolete and replaced by newer updates like KB3177467, KB4490628 and KB4580970 & KB4536952 and greater

when installing Win7 from scratch, include KB3177467 or better and discard KB3020369

• This reply was modified 2 months ago by EP.

[ch100]

This is an ongoing discussion.
I would say the SSU should be installed by itself instead of has to.
There are SSUs indeed which have to be installed by themselves, KB3177467 being a good example for Windows 7.
Most other SSUs are not required to be installed separately, although this is certainly the best practice when installing manually.
An example in favour of my statement would be that when installing from Windows Update, the SSU is bundled and installed with other updates in one step.
Another one would be when using WSUS (or SCCM leveraging WSUS), although the SSU comes separately there, it can be bundled and installed with the other updates coming on Patch Tuesday to avoid unnecessary multiple reboots. At least this is the most common practice.

[abbodi86]

Server 2012 R2 was skipped too 🙂

what’s wrong on having SSU for one or certain Windows only?
they never were synced together for downloevel Windows, except for last few months (KB3177467 was released on its own for Win 7)

and yes, 2019-12 SSUs for Win7/2008/2008R2 are only to update ExtendedSecurityUpdatesAI.dll component

1 user thanked author for this post.

nazzy

[PKCano]

You should only need the SSUs I linked to. But installing old SSUs, like KB 3177467 from Dec 2018, won’t hurt anything as long as it’s done in chronological order and one at a time. It’s just not necessary unless the later ones won’t install.

1 user thanked author for this post.

tom341

[tom341]

So on the servicing stack side of this would i need to also install KB 3177467 (Dec 18 ssu)? or just the latest which you linked to?

[EP]

but KB3020369 is an obsolete update and KB3177467 should be used instead. avoid using KB3020369 since windows update does not offer that one anymore

KB3177467 was originally released in late September 2016 but got a V2 release on October 2018 as a “security update”. download & install KB3177467 from MS Update Catalog:

https://www.catalog.update.microsoft.com/Search.aspx?q=3177467

• This reply was modified 1 year, 2 months ago by EP.
• This reply was modified 1 year, 2 months ago by EP.

[EP]

whoops. it seems the KB4516655 servicing stack update fails to install on Win7 systems without the previous SSU KB4490628 update installed (MS made a boo-boo on their support article 4516655 saying it superseded the KB4490628 update but in reality it was not. on the MS update catalog site, MS got the info about KB4516655 correct where it does NOT replace KB4490628 but KB4516655 does replace KB3177467)

so I take back my statement of KB4516655 superseding KB4490628 in my previous post as KB4516655 truly requires the older KB4490628 update installed first.

• This reply was modified 1 year, 2 months ago by EP.

[EP]

all except KB3020369 which the August 2018 Win7 ISOs have KB3177467 instead

[EP]

AVOID installing KB3020369 as THAT update is OBSOLETE and replaced by newer updates like KB3177467 and KB4490628.

Substitute KB3020369 with either KB3177467 or KB4490628 as either one can be installed first

[PKCano]

There is a new servicing stack since that method was written. You should install KB4490628 in place of the older KB3177467. But basically, that is still a good method.

[ardvark]

One more question… does Kb4490628  require removal of the old Stacking Kb3177467 or will the ne one just replace it?

Regards, ardvark

[Speccy]

-For separate updates, CBS handle files per assembly component version, update package version does not matter at all

you can install 10 SSUs, CBS is smart enough to make the latest one with higher components version to be effective

in this case: KB4490628 v6.1.7601.24383 < KB3177467 v6.1.7601.23505

Thank you!!! Now it suddenly made sense. 🙂

I just dig into the first “main” .mum (of the “package chain”, let’s put it this way, overlooking the fact that the whole package contains multiple .mum files) and didn’t realize that the “final” Servicing Stack version was both at the end of the “package chain” (in the last .mum) and also in the package contents (in the very own name of the sub-directories!).

But you meant

“KB4490628 v6.1.7601.24383 > KB3177467 v6.1.7601.23505″

right? 🙂

– SSUs are always safe, Windows users should accept this fact and stop struggling about to install them or not

He he… Point taken. 🙂 But I was not struggling (or expecting anyone here to go into the lengths I did), just testing. 😉

– removing the permanence tag is what made KB3177467 to be removed,

Yes.

editing KB4490628 mum file has no effect here

Right. In this case, I simply edited it for “compliance” (and to describe it correctly as a “Security Update”).

separate update package name = no direct relation or effect (SSUs)
chained update package name = auto supersedence (W10 CUs or W7 Monthly Rollups)

I see. That explains why KB4490628 won’t remove KB3177467 (only new, updated releases of a given package – or an updated, different package that embedds that one as one of multiple dependencies [chained updates] – may actually remove it).

abbodi86, once again: Thank You. I was wrong. I didn’t understand correctly a few important things about the package supersedence model. You posted perfectly: shortly, but enlightening – and generously shared invaluable knowledge (we grasshoppers try to learn something new each day… you taught me a lot, today). 🙂

2 users thanked author for this post.

Elly, RDRguy

[abbodi86]

– For separate updates, CBS handle files per assembly component version, update package version does not matter at all

you can install 10 SSUs, CBS is smart enough to make the latest one with higher components version to be effective

in this case: KB4490628 v6.1.7601.24383 < KB3177467 v6.1.7601.23505

– SSUs are always safe, Windows users should accept this fact and stop struggling about to install them or not 😀

– removing the permanence tag is what made KB3177467 to be removed, editing KB4490628 mum file has no effect here

separate update package name = no direct relation or effect (SSUs)
chained update package name = auto supersedence (W10 CUs or W7 Monthly Rollups)

Regards.

5 users thanked author for this post.

Elly, RDRguy, Speccy, ve2mrx, PKCano

[Speccy]

Hi abbodi86,

I do realize KB4490628 is a separate update from KB3177467 (not only because the KB numbers are different), but shouldn’t the former be replacing (superseding) the latter?

And, if so, isn’t the incremental version numbering relevant?

In which case yes, the exclusive tag DOES have an interest here and yes, installing multiple SSU versions with conflicting version numbers MIGHT be causing undesired side-effects (of which the fact of the KB4493132 “EOL nagging update” not being consistently offered is a minor issue, compared with the potential problems that might arise due to the SSUs conflicting and blocking each other).

You are totally right in the assumption that, under “normal” circumstances, SSUs are usually safe and should be installed prior to other security and cumulative updates. I also admit having the wrong info: in fact, I already wrote before that I’m NOT an MVP – just another dude here trying to help people – and, therefore, I lack the skills and expertise required to fully grasp the technical complexity and subtle inner details of how XML works (and Microsoft uses it). Therefore, please correct me and help us to better understand and handle this complex subject. I do appreciate reading and learning from the valuable comments and knowledge that you and other MVPs kindly share with us! 🙂

I am truly sorry for over-complicating things up (I really tried not to…) but, right now, from what I’m able to understand about the inner details of how SSUs work I can not endorse your recommendation to promptly install KB4490628 (SSUv3) ASAP. Instead, I can only recommend people to WAIT and see if Microsoft releases an updated (fixed?) version of the SSU – that will automatically handle and fix what, in my view, is a complete mess.

Most of our readers should stop reading right now and decide if they should, or should not, install KB4490628 (SSUv3) immediately or, at least, wait until we’re at MS-DEFCON 3: what follows below is not for the faint-hearted.

You see… I was actually able to create a working, updated version of my Windows 7 system with SSUv3 *ONLY* and SSUv2 removed (my “beta testing” branch). Here’s how:

cd %WINDIR%\servicing\Packages
takeown /F Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.2.5.mum /A
takeown /F Package_for_KB4490628~31bf3856ad364e35~amd64~~6.1.1.2.mum /A
cacls Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.2.5.mum /E /G BUILTIN\Administrators:F
cacls Package_for_KB4490628~31bf3856ad364e35~amd64~~6.1.1.2.mum /E /G BUILTIN\Administrators:F
notepad Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.2.5.mum

Removed the ‘permanence=”permanent”‘ attribute of the <package> tag, saved the .mum file and exited Notepad. Then,

notepad Package_for_KB4490628~31bf3856ad364e35~amd64~~6.1.1.2.mum

changed the ‘releaseType=”Update”‘ attribute to ‘releaseType=”Security Update”‘, added the

<mum:packageExtended xmlns:mum="urn:schemas-microsoft-com:asm.v3" exclusive="true"/>

tag right above (before) the closing </package> tag, saved the .mum file and exited Notepad. Finally, I removed SSUv2:

dism /online /remove-package /packagename:Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.2.5

and now I’m left with (a properly installed?) SSUv3 *ONLY*:

C:\>dism /online /get-packages /Format:Table|findstr KB3177467

C:\>dism /online /get-packages /Format:Table|findstr KB4490628
Package_for_KB4490628~31bf3856ad364e35~amd64~~6.1.1.2
| Installed | Security Update | 2019/03/27 01:23

Under Control Panel > All Control Panel Items > Programs and Features > Installed Updates, KB4490628 is listed as

Security Update for Microsoft Windows (KB4490628)

with no “Uninstall” option (as expected, because it is a permanent update).

I tried WU: it appears to be working well. I rebooted and tried again: all OK.

Isn’t that how we should expect KB4490628 to behave like? 🙂

1 user thanked author for this post.

RDRguy