A new way of displaying monthly security patches

Topic

New Reply

I’m not sure exactly how this will roll out, but we’ve been warned. The Microsoft Security Response Center has just announced that, effective in Janua
[See the full post at: A new way of displaying monthly security patches]

Reply | Quote

Replies

I used to get Windows Defender definitions on my W7 Pro x64 machine every tuesday and friday, and today it wasn’t offered here… Did they change that too?

Reply | Quote

I don’t think so. The servers may be a bit slow today.

Reply | Quote

Man did I ever misread that at first…I thought it said “no KB articles”.
After looking at their site, meh, I’m ok with it. “Par for the course”, it seems.
I guess I’m expecting less from MS going forward, and that way I won’t be let down when they do even less than that.

Reply | Quote

So even though I was able to sucessfully complete a couple scans through the day it may be like MS didn’t “uploaded” the defender definitions yet via WU?

Reply | Quote

Or the servers are overloaded.

Reply | Quote

I guess it just means the security mitigations/CVE details that are in the bulletins
KB articles info and Update History summary will stand still

Reply | Quote

I guess it’s another move to blur the lines between security and non-security updates. Grrr…

Reply | Quote

I think you nailed it Michael, they’re making things more difficult to be in Group B with hopes of converting everyone to Group A.

Got news for ’em… myself along with MANY others will join Group C long before jumping on the “A-Train”!

Reply | Quote

http://i.imgur.com/aCukc27.jpg

My last defender update on W7 was on 11/4. I assume we still get them and if you don’t, you can manually check them under WD’s pull down menu.

It may be down atm or slow server as Woody mentioned since I tried checking for update via WD but it doesn’t seem to be responding (Status: Searching…).

Reply | Quote

Yes, my last update was 11/4 aa well… So you also have not received it via WU this week?

I tried to search straight through WD, and it “works”… It scans smacking fast, like 3 seconds to complete, and says there are no new definitions available, which I found odd since MS security software page claims there was definitions for yesterday (Nov 8th)… Hence is why I was concerned something bad could have happened here…

But if more people are not getting it via WU it’s likely a problem with the servers, or MS changing the day they deliver the definitions…

Reply | Quote

@Ed,

” myself along with MANY others will join Group C long before jumping on the “A-Train”!”

I’m already there…reluctantly…but there none the less.

I hope others will join me.

Reply | Quote

This may prove to be a premature post, but from what I see it appears to be an easier way to find what you are after, especially if you already know the update number.

More reasons to participate and read this column (and the new Forum when launched) and others.

Thanks Woody!

Reply | Quote

@Woody,

Just out of curiosity…if one is in Group B and did NOT install the October Security Only Quality Update, once the November Security Only Quality Update is downloaded from the MS Update catalogue, does one install October first, then November…or, does November’s Security Only Quality Update make one current?

Reply | Quote

We don’t have a lot of experience with it, but apparently you’d have to first install the October Security-only patch, then the November Security-only patch.

I have no idea – and no guidance – on what might happen if you install them the other way around.

Reply | Quote

Re: Win Defender updates. Null problemo here with MSE or WD fast definition updates on 8 or 9 Nov. I manually check 2-3 times a day.

Re: New ‘Blob’ updates;
To save time and confusion, how ’bout using as standard in askwoody;

SOQU = Security Only Quality Update

and

SMQR = Security Monthly Quality Rollup

JF

Reply | Quote

@louis Being in Group B, you lose the advantage of Windows update handling the supersedence for you and informing you what is missing.
Your options in that case would be to use MBSA or another tool which references wsusscn2.cab to verify the status of the security updates.

Reply | Quote

v1.231.1146.0 Antispyware definitions on 11/3. Probably just no new definitions atm cause I just did a update check today and there was nothing new.

Reply | Quote

My suggestions:

use
“Security-only Update”
and
“Cumulative Rollup”

—–
My reasoning:

Leave out “Quality” in both names – it’s a pointless and space-wasting adjective in this situation.

Leave out “Monthly” in the name of the Cumulative Rollup – it’s a given that does not have to be brought attention to, and both of them are monthly anyway.

Leave out “Security” in the name of the Cumulative Rollup — that word is there to confusingly make the two names look more alike.
(Or, to have a proper contrast with the “Security-Only” name of the Update, they could have called the Rollup the “Security and Non-Security” Rollup.)

Leave in “Security-only” in the name of the Update since that is an important and meaningful differentiator.

ADD in “Cumulative” to the name of the Rollup since I think that word will convey to all of us here what its contents are, and for which Woody-Group it is meant for (Group A only!)

—–
Or, could use:

“Group B Update”
and
“Group A Rollup”

Since that will make it very easy for the non-techie computer owners to follow,
and techies will know that the words “update” and “rollup” have each now been cemented by MS to stand for one specific type of update, whereas for a while they were using the words interchangeably.

—
Or, at its simplest:

“Update”
and
“Rollup”

E.g., “December Update”, “December Rollup”

Reply | Quote

@Louis,

If one does not yet have October’s Security-Only Update installed, installing ONLY November’s Security-Only Update would not make one current —

because each Group B Security-Only Update contains unique items that are only in that particular month’s Security-Only Update.

(This is in contrast to the Group A Rollup of each month, which is meant to be cumulative, and therefore is supposed to include the prior months’ patches as well as the current month’s.)

Therefore, to install the last two months’ Security-Only Updates in one sitting,
in the order intended by Microsoft,
one would install October’s Security-Only Update (then make sure that the installation went well, restart the computer, etc.),
and then one would install November’s Security-Only Update.

This should work just the same as installing those two Updates 4 weeks apart, which most of Woody’s Group B followers will have done, and hopefully that will go without a hitch for you.

—-
Or, you could install October’s Group B Security-Only Update now, and decide to continue to be one month behind the main set of Group B installers, and therefore wait another few weeks before installing November’s Group B Security-Only Update.

If I go into Group B, that is what I am thinking of doing — in order to give the most recent Security-Only Update some extra time to throw up any issues that it might be causing for people.

Reply | Quote

You need both, installation order doesn’t matter, but better to be by the month order

Reply | Quote

Good suggestions. I think I’ll stick to Microsoft’s original terminology – Security-only Update and Monthly Rollup. Although they’re less than ideal, they seems to be the terms used internally, and map directly to the marketing terms we now see in refined posts.

Reply | Quote

@Abbodi86,

Re: “installation order doesn’t matter”

I am just checking for my own clarification — has Microsoft stated that each month’s Security-Only Update is going to be standalone, and will never assume/require antecedent patches from prior months’ Security-Only Updates to already have been installed?

I know that they said that if you need to uninstall a prior month’s Security-Only Update because it is causing your system problems,
or if you decide never to install a particular month’s Security-Only Update because you are concerned that it might cause your system problems,
that you can do that and continue to have the other months’ Updates (past and future) on your computer…
so does this mean that the installation order really does not matter?

[If so, I wonder how they will handle patching something in an Update that they’ve already touched upon or slightly modified in a prior Update.
They seem to have to revisit some parts of the system several times (with several different patches or with several versions of the same patch) when trying to solve some of the more complex issues.
The Updates aren’t cumulative – I guess – so they won’t contain the prior Updates’ fixes, or do I misunderstand what they mean by “cumulative”?]

—
Even if it is the case that every Update is totally standalone —
if it is possible for the computer owner to choose to install them in the order that they were originally released, that is probably the safer way to do it.
(Which everyone here has indeed already suggested to Louis; I’m just re-stating it.)

Reply | Quote

Is ‘Blob’ the name of Woody’s new appendage (where he’s going to house us)?

Reply | Quote

Or I guess it was ‘Blob-like’ appendages, that he called us.

How cheeky!

(The text font is so dark now I can hardly make out the words.)

Reply | Quote

There is a subtle nuance here.
Monthly Rollup implies a “Recommended” patch, while Security Monthly Quality Rollup implies “Security”.
See where I am going?

Reply | Quote

I didn’t suggest the order of installation to Louis, but it is my point of view too, that it is preferable to install in the order of release.
However, in a technical sense, abbodi86 is right that the order should not matter. The suggestion to install as they are released has more to do with the practicality of avoiding unknown bugs and being safer than with any pure technical considerations. In theory at least, TrustedInstaller.exe should take care even if there are overlapping components and keep only the latest version of each.
In Windows 8 and later, there is an additional process which takes over from TrustedInstaller.exe, but the principle is the same.

Reply | Quote

Same here…

Same version and still no update…

Reply | Quote

Yep. I’m sure Microsoft put “Security” in the name of the Monthly Rollups specifically to entice people to install them.

I also think, like you, that “Recommended” is going away before too long.

Reply | Quote

It might also be to convince non-technical managers that the monthly rollup is the right patch to install in relation to compliance, as it appears to be a more comprehensive security patch than the security-only patch.
One of the posters here had this problem apparently, saying that they “have to” install the security-only patch.
Treating supersedence as they did in November, by applying only the security-only, the monthly rollup still appears that it is not applied and has the word security in it.
By applying the monthly rollup only, the security-only included does not appear as not installed.
I don’t know how MBSA sees this situation as I am not a regular user of that tool, somehow deprecated but still useful.

Reply | Quote

Today, friday, after no tuesday update, the definitions for Windows Defender hit my machine via WU as the expected schedule…

Let’s now wait and see if next week there will be a tuesday update or if it was changed to only fridays now…

Reply | Quote

@ch100

Re: “In Windows 8 and later, there is an additional process which takes over from TrustedInstaller.exe, but the principle is the same.”

Tell me about the ‘additional process’ please.

JF

Reply | Quote

@Doc

“Let’s now wait and see if next week there will be a tuesday update or if it was changed to only fridays now…”

Why wait? Manually check via WD as often as you want. New definitions are released several times each day.

Push, pull, click, click. Get updates that quick.

Reply | Quote

I too on Friday morning and saw a WU notification. New WD definition v1.231.1698.0 (1.8MB). Since you saw it too, there should be no issue whatsoever. I wouldn’t worry about this from now on as sometimes they may miss a day where you would expect a definition update when there was just nothing new to add. When it comes, it’ll come.

Reply | Quote

@Woody: With all of the references about the “Group A”, and “Group B” updates – – – I would opt for something “simple” such as poohsticks recommended:

“Group B Update”
and
“Group A Rollup”

Since we are still in MS-DEFCON 2 status, the instructions are to continue to “WAIT” until you provide the “all clear” with a higher MS-DEFCON rating. Correct?

Thank you for all of your continued assistance with the myriad of current issues with the MS “situation”.

Reply | Quote

Correct.

I like the terminology, but I need to stick with Microsoft’s terminology (at least until it makes me gag with a “Quality” stick).

Reply | Quote

@clueless

That is the cool part… It doesn’t work that way…

The WD built in search relies on WU components… So if a new update is not pushed into WU itself the WD internal search will find no updates and claim it is up-to-date…

If you want to get those definitions as soon as they come out of the oven you must download them straight from MS security software page as a standalone package…

But anyway don’t now if you read another related comments I made here (on other posts) regarding WD, but long story short, I don’t really use it… I just raised this question in first place because not receiving the definitions on the expected schedule could mean an indicator of my WU client going bad… But apparently they changed that schedule, or missed a day… So now wait and confirm…

Reply | Quote

Yes, that is the update, same version and size…

We will be able to confirm that on next tuesday… If an update hit, they missed a day, if it doesn’t, well, they probably just changed it from twice to only once a week…

Regarding that, don’t know if it makes any sense, but I read somewhere that the WD for W7 (which is different from WD from W8.1 and W10) is an “unsupported tool”… Perhaps the eventual (still to be confirmed) reduction in update frequency might be somewhat related to it’s end of support life?

Reply | Quote

Why?
TiWorker.exe (aka TrustedInstaller Worker)

Reply | Quote

Thank you

Reply | Quote

Thank you, Woody. There’s so much discussion about these updates, it makes me dizzier than I usually am. “WAIT” is the watchword!

I appreciate your guidance more than words can say!

Reply | Quote

@Doc:

“The WD built in search relies on WU components… So if a new update is not pushed into WU itself the WD internal search will find no updates and claim it is up-to-date…”

Thanks for the good info. Is it the same for MSE on Win7?

Reply | Quote

Despite MSE having absorved WD scan-on-demand functionality in Windows 7, and doing it fairly similar to WD, it is a more complete solution, with a different purpose, and as a different software it also receives it’s denitions updates in a diverse way…

MSE definitions are not pushed via WU “KB” packages, as the only updates you get this way are either build ones, or the whole client… They are obtained straight by the software, which knowing MS way of writing I could assume it relies on some IE based service as other Windows components such as WU itself…

I don’t have much usage experience with MSE myself, but as far as I know it receives it’s updates on a daily basis (unlike WD’s “official update” twice a week, now maybe once), and definitions itself are created multiple times per day, which can be download straight away using the internal search or, just like WD, through standalone packages…

Reply | Quote

@abbodi86

Why? ?
TiWorker.exe (aka TrustedInstaller Worker)

:-)اطلبوا العلم من المهد إلى اللحد

Reply | Quote

الحَمْد لله‎‎

Reply | Quote

Supermoon over Pismo beach tonight

Reply | Quote

Any clams?

Reply | Quote

@woody;

Not around here. 50°5′0″N 8°15′0″E

JF

Reply | Quote

@Doc;

Thanks Doc. I really appreciate the info. I’ll monitor MSE to see how often it automatically send updates (Win7 SP1x64. Right now I check 2-3 times a day manually and have “Never check” on WU.

Reply | Quote

Ach! That must be the OTHER Pismo Beach.

Reply | Quote

Is this a top-secret message disguised in code?

“supermoon at pismo beach
any clams
50°5′0″N 8°15′0″E
ach
the other pismo beach”

…An image comes to mind of Cary Grant in an island hut – such as the character he played in “Father Goose” –

see the photo of him holding the radio handset:
https://hopewellslibraryoflife.wordpress.com/2016/02/19/cross-generational-cary-day-5-of-cary-grant-week-father-goose/

Reply | Quote

@Woody;

Du hast recht.

Reply | Quote

Gott im Himmel!

Reply | Quote

HA!

The reference is from one of my favorite scenes in Dragnet – https://www.youtube.com/watch?v=YHRPCUu9RgU

Reply | Quote

@skcitshoop

November 14, 2016 at 12:59 am

“Is this a top-secret message disguised in code?”

We could tell you, but then you’d be terminated with extreme prejudice.

cc: The Enforcer

Reply | Quote

touché
بارك الله فيكم

i remember entring this reply 12 hours ago, don’t know why it didn’t go through

Reply | Quote

[Not sure why it didn’t get through. I miss Arabic – even more challenging than Thai.]

Reply | Quote

No, i’m sure the problem is at my end
i’m having network glitches for couple of days

Reply | Quote

Gott im Himmel,

Teufel im Menschen

Reply | Quote

Microsoft also maintains a spreadsheet with updates data. See “Microsoft Security Bulletin Data” (https://www.microsoft.com/en-us/download/details.aspx?id=36982).

Reply | Quote