News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • April 2018 Patch Tuesday is here — and it’s a biggie

    Home Forums AskWoody blog April 2018 Patch Tuesday is here — and it’s a biggie

    This topic contains 128 replies, has 50 voices, and was last updated by

     PKCano 1 year, 2 months ago.

    • Author
      Posts
    • #183395 Reply

      woody
      Da Boss

      I’m just starting to digest all of it, but Martin Brinkmann has his usual all-encompassing overview on the ghacks site. Top points, from my point of v
      [See the full post at: April 2018 Patch Tuesday is here — and it’s a biggie]

      10 users thanked author for this post.
    • #183396 Reply

      PKCano
      Da Boss

      AKB2000003 has been updated for April Group B Security-Only Updates

      14 users thanked author for this post.
    • #183406 Reply

      MikeFromMarkham
      AskWoody Lounger

      It doesn’t seem that any of the Windows 7 patches address the Total Meltdown vulnerability introduced in all the 2018 patches so far. Guess I’ll just stay patched through December 2017 and wait for further developments.

      2 users thanked author for this post.
      • #183408 Reply

        PKCano
        Da Boss

        I believe Total Meltdown was addressed for Win7 in KB 4100480 offered through Windows Update and available for download from the MD Catalog.

        3 users thanked author for this post.
        • #183411 Reply

          Seff
          AskWoody Plus

          Indeed, but what we need to know in due course is whether the April rollup includes that fix for Total Meltdown or simply maintains the same vulnerability as the January, February and March rollups.

          I’ve been waiting to see what happens on this point, but if there is still a vulnerability in the April rollup then I do intend to install the fix through KB4100480 and, once approved, I’ll install the April rollup itself. Is it necessary in those circumstances also to install KB4099950? I’ve rather lost track of what that particular update is for!

          1 user thanked author for this post.
          • #183416 Reply

            PKCano
            Da Boss

            KB 4099950 fixes the problem with fixed IP addresses disappearing from NICs and NIC configuration being lost. Yes, it should be installed.

            2 users thanked author for this post.
            • #183419 Reply

              Seff
              AskWoody Plus

              Thanks PK, but do I assume that the fixed IP problem derives from the March rollup, so if that hasn’t been installed, whether it is still needed presumably depends on the situation with the April rollup? Given that all updates come with significant risks these days, it’s important that we only install those that are absolutely necessary given what else we are installing. Installing updates that provide fixes for problems we don’t have because we didn’t install the updates that created them is likely to cause its own problems!

              1 user thanked author for this post.
            • #183427 Reply

              Pim
              AskWoody Plus

              I have not installed the March cumulative update, the last updates I installed are the February cumulative update plus KB4100480. Today I get offered both KB4099950 and the April cumulative update. I therefore assume that KB4099950 has not been included in the April cumulative update.

              2 users thanked author for this post.
            • #183666 Reply

              OldBiddy
              AskWoody Lounger

              @pkcano, I think in one of your previous posts you mentioned following this order for installing March patches:

              Follow this order
              1. kb4099950
              2. kb4088878
              3. kb4100480
              4. kb4096040

              I’ve installed the middle two patches before seeing your post. Is it too late to install the first and last patches in your order? I only have one laptop not connected to a network. Thanks for your help!

            • #183668 Reply

              PKCano
              Da Boss

              Yes

            • #183705 Reply

              OldBiddy
              AskWoody Lounger

              So, yes meaning it’s too late to install kb4099950 and kb4096040 if you have already installed kb4088878 and kb4096040 ? Does that mean my machine is vulnerable?

            • #183706 Reply

              PKCano
              Da Boss

              Sorry. I meant yes, you should install kb4099950. If you are not having a problem with IE11 failing to starting, you may not need kb4096040, but it won’t hurt anything to install it if you want to cover  all bases.

              2 users thanked author for this post.
            • #184106 Reply

              walker
              AskWoody Lounger

              @pkcano:  Is the KB4088878 update, “safe”, if it is not checked?  It seems that there could be serious problems for some computers.    It is definitely unchecked which in the past we’ve always been told to “not change”.   Thank you for any guidance you may be able to provide on this one.   Your help is most sincerely appreciated, as always.    🙂

            • #184109 Reply

              PKCano
              Da Boss

              If it’s unchecked, don’t install it.

              1 user thanked author for this post.
        • #183463 Reply

          MikeFromMarkham
          AskWoody Lounger

          I’m definitely confused… I thought KB4100480 was only useful if I’d applied any patches since December, which I have not done… And do I need to apply any of the 2018 patches for Windows 7 before installing KB4100480? Does anyone know for sure?

          • #183465 Reply

            PKCano
            Da Boss

            You don’t have the Total Meltdown vulnerability – it was a result of installing Jan, Feb, and Mar patches. KB 40100480 was the fix AFTER applying those patches.

            5 users thanked author for this post.
        • #183579 Reply

          GoneToPlaid
          AskWoody Plus

          Correct. KB4100480 is the fix for Total Meltdown which is CVE-2018-1038 which was reported by Ulf Frisk.

           

          4 users thanked author for this post.
      • #183434 Reply

        abbodi86
        AskWoody_MVP

        April Rollup KB4093118 does supersede (contain) update KB4100480 and KB4099467

        14 users thanked author for this post.
    • #183421 Reply

      Pim
      AskWoody Plus

      And here I go again: Office 2007 received updates again, for the 6th consecutive month after it was officially declared EOL in October 2017.

      1 user thanked author for this post.
    • #183425 Reply

      laidbacktokyo
      AskWoody Lounger

      As usual I gave an immediate try install to KB4093118 (Monthly Rollup) for win7.

      At the first glance it looks same as all previous massive patches of 2018 – at least so far I see both chaotic dwm.exe errors in log and leftovers in taskbar of already closed windows as reported by me repeatedly like here:

      Patch Lady – new update for Windows 7 KB 4100480

      Then a bit of odd stuff:

      1. It seems m$ gets nuts with IE11 version numbering – now it’s version of the integrated update is again v11.0.56:

      https://support.microsoft.com/en-us/help/4092946/cumulative-security-update-for-internet-explorer

      which is literally same as it was of KB4089187 included into KB4088875 March rollup.

      KB4096040 included into KB4088881 March rollup preview was of v11.0.57

       

      2. There is a sense to install KB4099950 – 29KB registry patch concerning this key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI  marked as Recommended before KB4093118, otherwise it’s remaining uninstall in offering list.

      I’ll duly prompt further testing results.

      Rgds,

      4 users thanked author for this post.
      • #183436 Reply

        abbodi86
        AskWoody_MVP

        Another interesting thing about KB4093118 is that they removed IE 8 components (which were added in January 2018 to address Spectre mess)

        they also removed inetcomm.dll (Internet Messaging API)

        notice the drop in rollup size in catalog

        7 users thanked author for this post.
        • #184472 Reply

          bifido
          AskWoody Lounger

          and also hlink.dll (Microsoft Office 2000 component)

      • #183687 Reply

        laidbacktokyo
        AskWoody Lounger

        UPDATE:

        A bit of extra testing report:

        Well, while I definitely don’t wanna loose laptop performance with older hardware as Intel T9500 CPUID  10676, and both mentioned issues now mainly occurred/noticed with Meltdown protection disabled [when Spectre protection isn’t yet(?) provided by CPU firmware] thru InSpectre utility by adding 2 win7 default registry keys:

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ DWORD ‘FeatureSettingsOverride’ value = 2

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ DWORD ‘FeatureSettingsOverrideMask’ value = 3

        and changing the 1st key value from its default 2 to 3 as below doesn’t return any clear effect:

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ DWORD ‘FeatureSettingsOverride’ value = 3

        I’ve anyway changed above key value to 3 and then done a clean install of same version (not latest but assumed best) of nVidia driver but this time including its integrated PhysX performance component. And it seems resolved both issues.

        Anyhow, I’ll duly prompt here further issues if any.

        Meanwhile I assume this April rollup as more or less acceptable for a permanent deployment.

        Rgds,

        • #183747 Reply

          laidbacktokyo
          AskWoody Lounger

          UPDATE 2:

          Assuming the above combination of settings as a bit fragile I’ve finally:

          1. Set the 1st registry key to its default value according to InSpectre utility #7:

          KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ DWORD ‘FeatureSettingsOverride’ value = 2

          2. Replaced a nVidia driver to even older one but released by m$ itself.

          END

          1 user thanked author for this post.
          • #184232 Reply

            laidbacktokyo
            AskWoody Lounger

            UPDATE 3:

            Sorry, my optimistic guess regarding April full rollup KB4093118 was wrong.

            Same 2 issues again. Mainly – The Desktop Window Manager has encountered a fatal error (0x8898009b). Chaotic. A culprit remains unclear but when rollup removed both issues vanished immediately.

            Final present win7x64 config:

            1. KB4093118 removed & put to hidden list so win7 is now back to a massive patching status of Dec2017 full rollup KB4054518.

            2. KB4099950 29kb registry patch remains installed w/o any network issues both before its installation and afterwards.

            3. IE11 patch KB4092946 v11.0.9600.18977 build 11.0.56 installed as standalone and performs normally except that odd stuff in its build numbering when previous IE11 patch KB4096040 of late March was v11.0.9600.18954 build 11.0.57!

            4. Current list of hidden KBs:

            2018-04-10-Tue_3_M4300SSDHiddenUpdatesOf12Total_1OfWin103OfTelemetryKB4056894KB4057400KB4074598KB4075211KB4088875KB4088881KB4091290KB4093118

            Awaiting for April rollup preview fun. 🙂

            END

            Attachments:
            • #185304 Reply

              laidbacktokyo
              AskWoody Lounger

              UPDATE #4 – FINAL & FUNNY:

              Meanwhile I’ve installed April 10, 2018—KB4093108 (Security-only update) only for testing purpose aimed to narrow search for a culprit of both issues occurred if any of 2018 massive patches installed and got a funny result – there is no any sign of both issues with any value of win7 registry key of enabling/disabling Spectre and/or Meltdown protection as 0-1-2-3.

              Thus these issues aren’t related to security but to some of win7 new features introduced in 2018 massive patches.

              END

        • #184155 Reply

          abbodi86
          AskWoody_MVP

          FeatureSettingsOverride
          3 = disable both
          2 = disable Meltdown protection
          1 = disable Spectre protection
          0 = enable both

          5 users thanked author for this post.
    • #183431 Reply

      Anonymous

      As I posted elsewhere, I got the BSOD today so I uninstalled KB4088875 and KB4099467.  I am Group A and have windows 7  64bit.  I have Jan and Feb rollup installed.  I have KB41000480 and KB4099950 installed.  Should I keep KB4099950 installed?  I’m feeling deja- vu all over again!

      • #183435 Reply

        PKCano
        Da Boss

        please see #183430

      • #183448 Reply

        Individualist
        AskWoody Lounger

        @peacelady

        Hello…Don’t know if this is any help, but I pretty much did the same routine as you yesterday, it went well..the one thing I did differently however was to not install KB4099467, otherwise we installed the same items. My reboot was extremely fast and uneventful and my machine has performed without issue since…having done one extra test reboot just for good measure, again no issue. I will add that I usually run my computer pretty much 24/7…and only do a restart every 30 days or so, usually during updates, and a total shutdown and rest for cleaning and reboot every 3 months as a rule, unless I am seeing excessive memory usage, which is rare. I am a bit nervous now given your experience, but I wonder about the KB4099467 being the only differentiation in our installs.(I replied to you yesterday about adding someone’s username to your replies by using @ then name but it came up as anonymous!)

        Dell Otiplex 780 Windows 7×64 SP1 Group A

        A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

        • #183457 Reply

          Anonymous

          @individualist
          Hi — that drove me crazy yesterday because when I read the post I was sure it was you and then I saw Anonymous — too funny! I’m glad you are happily patched. I believe that MrBrian also shared that he also did not install KB4099467 and he did not get the BSOD. It was intermittent with me.
          I log out of my desktop computer every time I leave it so I log out many times a day — which may be why I get the BSOD sometimes. Maybe others leave the computer on all day and only log off once at night. Even though this is a home computer I am very security conscious so that I have to log on every time I come to use it — many times a day. I’m just guessing at the cause of the BSOD — I’m not a computer expert “I just play one on TV”. 🙂

          3 users thanked author for this post.
          • #183477 Reply

            EP
            AskWoody_MVP

            what kind of Win7 computer are you using, Peacelady? (specs are found by running either msinfo32.exe or dxdiag.exe)

            • #183483 Reply

              Anonymous

              @ep
              Windows7 Professional SP1 Intel (R) Core (TM) 64-bit Lenovo desktop.

    • #183443 Reply

      anonymous

      What confuses me still is why Microsoft continues to patch Office 2007 when documented end-of-life occurred in October 2017. From Microsoft:

      “Office 2007 has reached the end of its support lifecycle, meaning there are no new security updates, non-security updates, free or paid assisted support options, or online technical content updates. Customers who are using Office 2007 products and services should move to Office 365 or upgrade to supported versions of Office products and services, such as Office 2016.”

      Mind you, I’m not complaining, I’m just confused. Why does Office 2007 get patches while Vista, XP, 2003 do not? I just don’t understand.

      Anyway, I guess we’ll sit back and watch the message boards for any reported problems. Like Magneto quipped in X-Men (The Last Stand), “In chess, the pawns go first.”

      I’m not surprised that Microsoft postponed 1803. The update servers will be hammered this week. Pulling down gigabytes 1803 won’t help. Better to do a staggered release.

      Of course, the possibility exists of a show-stopper bug, but that’s par for the course.

      2 users thanked author for this post.
      • #183469 Reply

        abbodi86
        AskWoody_MVP

        Maybe some unannounced Enterprise corporates paid to keep it alive a little longer, like Windows 10 Education and Enterprise editions got 6 more months of support

        or it’s there is just some soul left at Microsoft

        2 users thanked author for this post.
      • #184197 Reply

        ch100
        AskWoody_MVP

        Windows 2003 is a cash cow for Microsoft. This OS still gets updates, but it all comes at a price for the large enterprises not migrated yet. Probably not so critical as they sound, but useful nevertheless, especially that many of those enterprises paying for support are potentially prime targets for malware and attacks.
        There may still be vulnerabilities in all versions of Office which require patching for the sanity of the Internet very much like the out-of-band XP patch of few months ago and this takes precedence over short term financial gains like in the case of Windows 2003.

        1 user thanked author for this post.
    • #183454 Reply

      BobT
      AskWoody Lounger

      I haven’t installed the March updates yet, but did install just the 4100480. Do I need to re-install that after installing the March Security updates? (Group B), since those apparently introduce the hole also? As in will those override the fix.

    • #183462 Reply

      anonymous

      Any word on whether Microsoft fixed the Total Meltdown silliness?

    • #183470 Reply

      anonymous

      I have not installed KB4099950 because it came out after the March rollup got installed. KB4099950 was sent by windows update and it is still unchecked, on my W7 x64.
      – Is that why it is unchecked, because it is a prerequisite to the March update, which I have already installed?

      If I leave the March rollup as is and install KB4099950 before the April monthly rollup, will the script make the changes it is designed to make, or do nothing?

      As I have had no problems with any of the bugs in the March rollup, including the network problems, I am thinking I can hide KB4099950. However, I am unsure if there will be a price to pay down the road if I do this.

    • #183478 Reply

      pulsar
      AskWoody Lounger

      Win 7, 64 bit non techie Group A here. Last week I installed KB41000480 and KB4099950. The March roll-up was never offered and I would not have installed it even if it had been. I’ve seen some discussion about KB4099467, which I have never been offered either. Today, I was offered the April roll-up (which I will hold off on until Woody gives the ok) but not offered KB4099467 again. Is KB4099467 something that I should be installing? Thanks for all the help and guidance!

      1 user thanked author for this post.
      • #183479 Reply

        PKCano
        Da Boss

        @abbodi86 says this about the April Rollup

        April Rollup KB4093118 does supersede (contain) update KB4100480 and KB4099467

        3 users thanked author for this post.
      • #183491 Reply

        Anonymous

        @pulsar
        KB4099467 I believe is only available from the Windows Update Catalog and is supposed to fix the BSOD problem. However, there is a tricky installation for it: First install KB99950. Then install KB4088875 but you must “reboot later” by clicking “cancel” before the computer reboots. Then you go to the Update Catalog and download KB4099467 and then reboot. I don’t believe I was able to perform this correctly.

        2 users thanked author for this post.
      • #183493 Reply

        Anonymous

        @pulsar
        My previous answer only applied to the March rollup (I’m Group A). From what I’m reading KB4099467 will be included in the April rollup and we will not have to do the intricate installation that I was referring to.
        Please correct me if I am wrong fellow sufferers. 🙂

        1 user thanked author for this post.
    • #183480 Reply

      EP
      AskWoody_MVP

      Ahhh, the KB2952664 update for Win7 SP1 and KB2976978 update for Win8.1 have a new date (4/8/2018) listed on MS Update Catalog.
      WU is offering these updates again today thru recent WU scans on my Win7/8.1 machines – rated as Important but not checked.

      by the way, I went ahead and installed the KB4093118 update on my family’s Dell Inspiron 620 computer running Win7 and have found no problems so far. seems like MS did make amends with this April 2018 update.

      Others should wait for either woody or susan to give the okay for the april 2018 updates if there are unforseen problems.

      7 users thanked author for this post.
      • #183565 Reply

        alpha128
        AskWoody Lounger

        Ahhh, the KB2952664 update for Win7 SP1 and KB2976978 update for Win8.1 have a new date (4/8/2018) listed on MS Update Catalog. WU is offering these updates again today thru recent WU scans on my Win7/8.1 machines – rated as Important but not checked.

        Same here.  In addition to the April Rollup for Windows 7 (KB4093118), Windows Update once again offered me infamous snooping patch (KB2952664).  I hid that immediately.

         

    • #183503 Reply

      T
      AskWoody Plus

      Are microsoft still peddling the lie that win 10 is the most secure windows? From where i’m sitting it looks like another patching month has arrived with the most number of vulnerabilities going to the aforementioned.

      At the moment i’m more inclined to never install march security-only due to the many unknowns. It was never even offered to me in update and you had to go through a labyrinthine effort just to get it to show up so no, i might leave well alone and accept the risks.

      2 users thanked author for this post.
      • #183534 Reply

        Noel Carboni
        AskWoody_MVP

        The phrase “most secure” is meaningless and unprovable, not even accounting for there being no measure of benefit tied to it. Thinking in the extreme, a computer that’s powered-off is really quite secure, you have to admit – but it is also useless.

        I’ve noticed that Microsoft occasionally makes statements about data it has received from its own telemetry, selecting months where there have been fewer reports of certain malware found on Windows 10 than some other versions and claiming a “win” for Windows 10, even though the tables turn in subsequent months. I’m not sure what statistics they could even be using to determine a “security” level… Are there exploits or infections that get by Windows Defender but which somehow get reported? Wouldn’t a system that successfully detects and blocks malware – and reports that in – actually be considered secure? Do they count systems that were almost infected? For me it all starts to fail a “sniff test”.

        The odor of marketing is apparent in statements like “Windows 10 is the most secure Windows ever”. That one’s right up there in my book with “Save up to 50% – and more!

        -Noel

        11 users thanked author for this post.
      • #184226 Reply

        anonymous

        Like so many others, I’m done with Windows 10 now. I couldn’t stand the forced build upgrades and the compatibility issues they brought with them, so I managed to get hold of a copy of LTSB from work. I used it for a couple of months and it was tolerable. Until in the last few days… it forced on a Synaptics touchpad driver that for some reason causes my left touchpad button to double-click instead of single click when only briefly pressed. (HP’s own Synaptics driver works fine.) This was despite the fact I had the GPO enabled to exclude drivers from Windows Update and also had the driver hidden via wushowhide.diagcab. In fact, I wasn’t even able to hide the update again yesterday because it was already hidden previously.

        So, this evening, it managed to get the driver on. And I promptly restored a Windows 8.1 backup image I had. That’s it for me. I’ve used every version of Windows since 3.00a and even Vista didn’t infuriate me as much as 10 does. It makes me sad to think that this is most likely the end of the line for me with Windows.

        1 user thanked author for this post.
    • #183508 Reply

      MrBrian
      AskWoody_MVP

      Some notes about the Windows 7 April 2018 Windows updates:

      1. KB4093118 and KB4093108 contain v6.1.7601.24094 of files ntoskrnl.exe and ntkrnlpa.exe, which is newer than the v6.1.7601.24093 files ntoskrnl.exe and ntkrnlpa.exe contained in the Total Meltdown fix KB4100480. (My analysis of KB4100480.) Thus, KB4093118 and KB4093108 very likely fix Total Meltdown without needing to install KB4100480.

      2. KB4093118 and KB4093108 contain v6.1.7601.24093 of file win32k.sys, which is newer than the v6.1.7601.24061 file win32k.sys contained in KB4099467. (abbodi86’s analysis of KB4099467.) Thus, KB4093118 and KB4093108 very likely fix the same issue fixed by KB4099467 without needing to install KB4099467.

      Total of 21 users thanked author for this post. Here are last 20 listed.
    • #183528 Reply

      StruldBrug
      AskWoody Lounger

      W7 x64 Home Group B
      Decided to take the point this time for April. I turned off scr and put VShield into install mode, but left NVT OSA and MSE running. I ran OS KB4093108 1st and IE KB4092946 next. Each asked for restart, which I did. Also checked event viewer, services, and devices after both restarts … no problems. So, mission complete. I just made an image two days ago and thought it was my turn to test. Most should wait for a good Defcon though. I might just be lucky.

      6 users thanked author for this post.
    • #183532 Reply

      gkarasik
      AskWoody Lounger

      I have a test 2012 R2 Server on which kb4093114 (April Rollup) is failing to install. Is anyone else seeing an install problem with this rollup?

      GaryK

      GaryK

      1 user thanked author for this post.
      • #183541 Reply

        Microfix
        Da Boss

        @gkarasik: Thank you for the heads-up.

        Hopefully someone with 2012 R2 Server will be along soon to assist you or confirm the issue.

        Description of patch:

        KB4093114 — Windows 8.1 and Windows Server 2012 R2 April 2018
        Lifted blocking of updates via Windows Update and WSUS if “antivirus compatibility” Registry key was not set.
        Security updates to Internet Explorer
        Microsoft scripting engine
        Microsoft graphics component
        Windows Server
        Windows kernel
        Windows datacenter networking
        Windows Hyper-V
        Windows virtualization and kernel
        Windows app platform and frameworks.
        ActiveX printing issue in IE.
        SVG rendering issue causing high load issue in IE.
        Custom controls identifying issue in IE.

        kb4093114 (April Rollup) is failing to install on 2012 R2 Server

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #183543 Reply

      anonymous

      Asking for some confirmation here.

      Win 7 32-bit (so not affected by Total Meltdown, I gather), Group B, only installed March IE patch, not the security-only one or any of the others yet. But with critical RCEs in the April ones, I will install them quickly, and will do March too while at it. So, is it right to do it like so, including the order:

      4099950 (static IP fix, and do have that)
      4088878 (March security-only)
      4099467 (logoff BSOD fix)
      4092946 (April IE patch)
      4093108 (April security-only)

      Or would either or both of 4099950 and 4099467 no longer need to be installed, as the description for 4088878 says 4099950 will be automatically installed along with it and MrBrian’s post above would indicate that 4093108 includes 4099467? But in that case, even if not necessary, would it be harmful to install them anyway, and just reboot after? Because it seems like it’d be safer to just install all instead of rely on the possibility that some are included in others, but not sure whether that won’t cause issues, if the same file will be updated by multiple updates installed at once. (And I don’t want to risk BSODs, and with one fixed by 4099467 (and possibly also 4093108) and another by 4093108, don’t want to reboot after 4088878 without having those installed as well.)

      — Cavalary

      • #183547 Reply

        PKCano
        Da Boss

        Installing 4099467 (logoff BSOD fix) should not hurt anything, but is probably not necessary as @mrbrian says it is contained in 4093108 (April security-only). However, Windows Update is “smart” enough not to overwrite later versions of files with earlier ones.

        I have always installed the IE11 Cumulative Update after the security patch, in your case, last.

        3 users thanked author for this post.
      • #183548 Reply

        MrBrian
        AskWoody_MVP

        That order looks right to me. KB4099467 shouldn’t be needed because you’re installing KB4093108, but be sure to not reboot in between installing KB4088878 and KB4093108. It shouldn’t be harmful to install KB4099467 if you want to though, but be sure to not reboot in between installing KB4088878 and KB4099467.

      • #183576 Reply

        anonymous

        Thank you, to both of you.

        @pkcano: I always installed the IE patch before the security-only one, didn’t seem to hurt anything so far.

    • #183550 Reply

      MrBrian
      AskWoody_MVP

      “The old restriction on compatible antivirus products has been lifted on Win7 and 8.1 — it was already lifted on Win10.”

      The restrictions apparently haven’t been lifted for those updates for which they have already been applied to. I just did a test in Windows  x64 using Windows Update MiniTool with “Include superseded” ticked. Without the QualityCompat registry item, there were 302 applicable updates. With the QualityCompat registry item, there were 311 applicable updates.

      5 users thanked author for this post.
      • #183555 Reply

        abbodi86
        AskWoody_MVP

        Without QualityCompat the metadata chain is not complete, and i get two rollups 2017-12 and 2018-04

        PCIClearStaleCache.exe is now bundled within rollup KB4093118 msu file, and applied automatically by WU
        so KB4099950 doesn’t really matter now

        8 users thanked author for this post.
        • #183558 Reply

          MrBrian
          AskWoody_MVP

          “PCIClearStaleCache.exe is now bundled within rollup KB4093118”

          I confirmed that KB4093118 contains file PCIClearStaleCache.exe, which KB4099950 also contains.

          KB4093108 does not contain PCIClearStaleCache.exe. Thus, it appears that Group B should apply KB4099950 before installing KB4088878.

           

          7 users thanked author for this post.
          • #183608 Reply

            planet
            AskWoody Lounger

            I didn’t install 4099950 before 4088878 due to error. I’m not having any network issues. Should I install 4099950 now?  Would there be any problems or should I ignore it and continue onwards in Group B without it. Thanks for input.

            Group L (Linux Mint 19)
            Dual Boot with Win 7
            Former
            Group B Win 7 64 bit

            1 user thanked author for this post.
            • #183611 Reply

              MrBrian
              AskWoody_MVP

              I think you should still install KB4099950.

              3 users thanked author for this post.
            • #183612 Reply

              planet
              AskWoody Lounger

              Thank you MrBrian. I will install before April’s SO and IE updates when DefCon rating changes.

              Group L (Linux Mint 19)
              Dual Boot with Win 7
              Former
              Group B Win 7 64 bit

              1 user thanked author for this post.
    • #183556 Reply

      anonymous

      Not sure what’s wrong with updates for Windows 10 Pro 1709 and Windows 8.1/Server 2012 R2 this month, but it took ages to install and restart (3 times longer than usual). Best of all, after restart, Windows was complaining about Windows activation on some Windows 10 boxes and it took a few more restarts until Windows finally figured that Windows 10 Pro is properly licensed. Wonder what expert approved the updates. Well, Microsoft — the patchwork company..

    • #183563 Reply

      anonymous

      April Security Only  Windows 7 64 bit patches  probably cleans up some of the mess from the Meltdown Spectre patches.

      Some fixes and kernel reliability improvements sounds like it will be worth installing when Woody gives the green light.

      Maybe next month I might consider Group W. How to get off this update treadmill and still feel secure. Damned if I do yet damned if I don’t.

    • #183567 Reply

      geekdom
      AskWoody Plus

      Installation Report

      • KB4093118 for Windows 7 installed on two systems.
      • Both systems rebooted without error.

       

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
    • #183572 Reply

      Mr. Natural
      AskWoody Plus

      I installed the 1709 update on my personal laptop last night and my laptop didn’t crash! Amazing! Did not see any errors and laptop seems fine.

      Red Ruffnsore reporting from the front lines.

    • #183577 Reply

      anonymous

      Can anyone conform whether or not these three are included in KB4093118?

      KB 4099950 (NIC/IP-fix)

      KB 4096040 (IE11-fix)

      KB 4099467 (Stop error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session)

      ?

      ~Annemarie

      • #183582 Reply

        PKCano
        Da Boss

        @abbodi86 and @mrbrian have confirmed that KB 4099950 (NIC/IP-fix).KB 4099467 (Stop error 0xAB), and KB 4100480 (Total Meltdown) are in KB4093118. See their comments earlier in this thread.

        I have not seen information on the KB 4096040 (IE11-fix).

        • #183584 Reply

          anonymous

          Thanks PKCano!

        • #184204 Reply

          ch100
          AskWoody_MVP

          Now it is clear that KB4099950, while included in the 2018-04 Monthly Update, most if not all of the times is missed due to a bug in the bundling mechanism. The better option is to install it manually or from WU when offered, regardless of the order. It fixed issues with 2018-03 Monthly update, it fixes issues with 2018-04 update and will likely fix issues at any time in the future.
          It is not a core patch as such and it can be skipped by a large majority of users, but it fixes an issue for the remainder of users, which are more likely to be enterprise users who use virtualisation in specific ways. KB3125574 includes an equivalent update as far as I know and may be a better alternative for those affected by this issue.
          https://support.microsoft.com/en-us/help/2550978/0x0000007b-stop-error-after-you-replace-an-identical-iscsi-network-ada
          There is much more attention than it is necessary given to this patch.

          2 users thanked author for this post.
      • #183605 Reply

        MrBrian
        AskWoody_MVP

        KB4093118 doesn’t list the Internet Explorer issue that KB4096040 fixed. Also, the fix included in KB4096040 was already included in KB4088881 according to Microsoft.

    • #183583 Reply

      Anonymous

      I just checked Brian Krebs comments section on KB4093118 reviews.  Two people who installed it on Windows 7 Professional computers now can’t access the computer getting message on Startup “user profile not found.”  Then underneath it says okay — they click okay and it logs off.  Then it comes back and the same thing happens.  Anyone else aware of this?

      6 users thanked author for this post.
    • #183594 Reply

      anonymous

      See also: https://www.reddit.com/r/sysadmin/comments/8bfha6/kb4093118_breaking_ipconfigs_on_vmxnet3_vms/dx6kw55/

      Can anyone explain wat 4B and 3B stand for?

      ~Annemarie

      1 user thanked author for this post.
    • #183600 Reply

      anonymous

      There seems to be a problem with 4099950 and 4093118 when delivered through WU/WSUS: the seesntial .exe is missing, all that gets downloaded is .cabs…

      https://www.reddit.com/r/sysadmin/comments/8ba4sm/patch_tuesday_megathread_20180410/dx6n7e8/

      https://www.reddit.com/r/sysadmin/comments/8bfha6/kb4093118_breaking_ipconfigs_on_vmxnet3_vms/dx6kw55/

      3 users thanked author for this post.
      • #183616 Reply

        zero2dash
        AskWoody Lounger

        Yep – just came to post that email myself.
        They recommend people download the full MSU from the Update Catalog because WU and WSUS are broken.
        MS gets dumber by the day, I swear.

      • #183629 Reply

        Anonymous

        Windows 7 Professional 64 bit Group A — I’ve got Jan. & Feb rollups installed plus KB4100480 and KB4099950.  Question:  should I uninstall KB4099950 and re-install it from the Catalog?

        1 user thanked author for this post.
        • #183633 Reply

          PKCano
          Da Boss

          No need to uninstall it. It is included in the April Rollup – whichh you DO NOT want to install yet

          4 users thanked author for this post.
      • #183660 Reply

        Geo
        AskWoody Plus

        Speaking of 950.  I didn`t download it yet. I just had it sitting there.  Today with the April patch 950 disappeared from my WU.

    • #183610 Reply

      LTL
      AskWoody Plus

      Didn’t install any updates (except KB41000480) since February on my Group B pc (and don’t plan to do so till things get cleared up), but today I noticed something else:

      I took a lot longer than usual for my pc to get ready, and as I expected it was because of my AV.
      Its log showed that it had prevented an unauthorized connection attempt by conhost.exe, that a new firewall rule had been made for Outgoing UDP Ports 137 and 138 and that firewall rules has been updated Furthermore a new shortlink of the AV had appeared on my desktop (which only occurs when the engine is updated).
      So my guess is, that [something] is coordinated between MS and the AV.

      Can anyone here clarify what’s going on?

      (Note to TS: the tag that was showing in the field below my text pane read “2012 April Rollup”. Typo?)

    • #183622 Reply

      Noel Carboni
      AskWoody_MVP

      A data point:

      I’ve just done some fitness testing with the latest patches in my Windows 10 test VM, v1709, which now shows:

      ScreenGrab_W10VM_2018_04_11_125605

      Tests included Subversion operations and product builds with Visual Studio (after taking the latest VS 2017 updates)…

      So far, everything seems to work just fine.

      -Noel

      Attachments:
      • #183636 Reply

        Jan K.
        AskWoody Lounger

        So far, everything seems to work just fine.

        Hmmm… a most unexpected and highly suspecious behaviour…

        I would roll back ASAP!

        😀

        6 users thanked author for this post.
        • #183646 Reply

          Noel Carboni
          AskWoody_MVP

          LOL, well put.

          In all seriousness, I believe my experience helps prove the efficacy of a “wait to update to version X until version Y’s release is imminent” strategy with regard to Windows 10 – presuming you want to use the Pro edition for real work. Things get remarkably trouble-free 6 months or more after release.

          Here’s a bit more detail of what I’m thinking, presuming you want to run Win 10 on your hardware and want to minimize failures:

          1. Keep your hardware on the older version of the OS, and evaluate a new Win 10 release in a throwaway virtual machine when it first comes out, presuming you’re curious about new features, etc.

          2. Continue running your hardware on the older system, and download the ISO for the latest version when the OS is moved to the “Semi-Annual Channel”. Upgrade a VM directly from the older version using that ISO and begin to seriously evaluate it for fitness for purpose.

          3. At around the time the next major version is about to be released to the unpaid beta testing public, upgrade your hardware system from the ISO you downloaded (in step 2, roughly 3 months prior), then update it immediately to the latest patch level.

          The only thing we might hope for that would be better than this would be an ISO from Microsoft containing all the latest patches at the time of step 3, but that’s not likely to be provided.

          -Noel

          2 users thanked author for this post.
    • #183631 Reply

      anonymous

      I just ran windows update on two 32 bit windows 7 machines. The infamous compatibility update KB2952664 is back, and this time it’s shown as important 🙂

    • #183662 Reply

      Bill C.
      AskWoody Plus

      I just checked Brian Krebs comments section on KB4093118 reviews. Two people who installed it on Windows 7 Professional

      computers now can’t access the computer getting message on Startup “user profile not found.” Then underneath it says okay — they click okay and it logs off. Then it comes back and the same thing happens. Anyone else aware of this?

      I had this on April 6 at 12.34AM EDT. At that point I had NOT installed the March Security only KB4088878, KB4099950, KB4099467, or KB4100480.

      Multiple attempts at reboot did not fix it. The only updates had been installed in the past 2 weeks had been the daily MSE definition updates with the last being 1.265.111.0 on April 5 at 5.52PM EDT, and a Steam update after that on April 5.

      I discovered the issue whan I returned to the PC after dinner and an errand and found the internet connection was broken. I rebooted the cable modem, but it did not help. I then shut down and again rebooted the cable modem. Upon reboot I discovered the problem.

      I was able to get into startup repair mode and it was not successful and initiated a system restore to the previous day. It was successful and I was able to log-in. I checked Malwarebytes Premium and MSE for any detections or quarantines and nothing. I did a full scan with MSE, and initiated Chameleon scans with MWB, all negative. I also checked both the installed updates and the WU history and neither shows any activities except the MSE definitions.

      I then did a total backup of all my data.

      I checked the Windows logs and found a number of error events: 1502, 1508, 1515, 1511, 1500.

      As this is not a diagnostic section, I have not posted verbose descriptions.

    • #183663 Reply

      jelson
      AskWoody Lounger

      April Security Only Windows 7 64 bit patches probably cleans up some of the mess from the Meltdown Spectre patches. Some fixes and kernel reliability improvements sounds like it will be worth installing when Woody gives the green light. Maybe next month I might consider Group W. How to get off this update treadmill and still feel secure. Damned if I do yet damned if I don’t.

      AN answer — if you’re really up to it — is to do some serious hardening of your Win 7 system and employ a multi-layered defense. Best place for advice and expertise I’m aware of  –other sources appreciated– it is at MalwareTips forums; this post will get you started.

      Although Application Whitelisting & a Software Restriction Policy are at the top of the list, there’s one thing even more important: developing a regular routine of system imaging and data backup. I always image my system before & after I install Win Updates… or any program that hooks deeply into the OS.

      5 users thanked author for this post.
    • #183691 Reply

      Sailor
      AskWoody Lounger

      BSOD “PAGE_FAULT_IN_NONPAGED_AREA” when installing Windows 10 v1709 KB4093112 (error 0x800f0845).

    • #183694 Reply

      anonymous

      @YP

      Peacelady & Bill C

      I had the “user profile not found.” problem last week.  It happened after MSE (Microsoft Security E) installed the “new malware engine” fix.  I was not able to log into my non-administrator account.  My 64bit/Pro fixed itself upon restart.  I had to fix the profile problem on my 64bit/Premium; but my 32bit was OK.I used the link:

      https://support.microsoft.com/en-gb/help/947215/you-receive-a-the-user-profile-service-failed-the-logon-error-message

      and “Method 1” from the link.  Basically, use regedit to locate folder in ProfileList and rename the *bak file.  It was my first time and it really was not that bad.

      For me, it happened after MSE update because I had not installed any Win7 updates at that time.  I am in group B, and I have updated all 3 machines to March updates Monday.

      I hope this helps.

      1 user thanked author for this post.
      • #186974 Reply

        Anonymous

        April Rollup KB4093118 does supersede (contain) update KB4100480 and KB4099467

        I’m wondering if this statement is still true???

        Thanks to all!!!!!!

         

         

    • #183700 Reply

      KWGuy
      AskWoody Plus

      I GIVE UP!  Group B, on top of the Total Meltdown saga, is overwhelmingly confusing!

      When Woody gives the word, I want to join Group A.  Can I do so by “simply” installing the Monthly Quality Rollup and whatever else WU offers?  I’m current thru FEB 2018 Security only.  NO March updates installed.  As of today (4/11) WU is offering me only the FEB Quality Rollup (4074598) along with 4100480 and 2952664.

      Advice will be greatly appreciated!

    • #183719 Reply

      anonymous

      I’m seeing something curious on my Win7 SP1 64-bit Home Premium laptop. I’m Group A and installed only KB4100480 and KB4099950. On Monday the March Rollup KB4088875 was sitting in Windows Update, unchecked. I didn’t install it.

      I have WU set to check but let me choose etc. Yesterday, on Patch Tuesday, I was offered the April Rollup, checked, and the March Rollup no longer appeared, as expected. The same was true this morning. I noticed that KB2952664 had reappeared today so I hid it once again. Later I shut down for several hours. This afternoon when I turned the computer back on and Windows Update checked for updates, the April Rollup disappeared and the March Rollup is back again, unchecked.

      Of course, I won’t be installing the April Rollup until Defcon 3 anyway, but has this happened to anyone else?

      • #183729 Reply

        Elly
        AskWoody MVP

        Since I, too, have a Win7 SP1 64-bit Home Premium laptop, I was curious as to what Windows Update would bring me today. I am a Group B updater, and have Windows Update set to never check, and am updated through December 2017.

        Yesterday I was offered, and hid, the April Rollup. Last month, on Patch Tuesday, I had been offered, and hid March’s Rollup. I unhid it, to test for something, a few days later, and it disappeared, never to show up, checked or unchecked again.

        So, just now, I unhid the April Rollup, and ran a check for updates. The April Rollup disappeared, and March’s is still missing in action, too. Very curious…

        Win 7 Home, 64 bit, Group B

        5 users thanked author for this post.
        • #183735 Reply

          DrBonzo
          AskWoody Lounger

          @elly – Same here (Pro instead of Home Premium). Was offered the April Rollup earlier today for about 6 hours, then it disappeared and was replaced by the March Rollup Preview and the February Rollup – which is what I had been offered before the April Rollup showed up!. I’m current in patches through March (in other words through the following: 4100480, 4099950, 4088878, 4099467, and 4096040)

          The April Rollup is still in the Update Catalog, but I’m thinking it was, or is in the process of, being pulled?

          2 users thanked author for this post.
    • #183744 Reply

      Cybertooth
      AskWoody Lounger

      I GIVE UP! Group B, on top of the Total Meltdown saga, is overwhelmingly confusing!

      When Woody gives the word, I want to join Group A. Can I do so by “simply” installing the Monthly Quality Rollup and whatever else WU offers? I’m current thru FEB 2018 Security only. NO March updates installed. As of today (4/11) WU is offering me only the FEB Quality Rollup (4074598) along with 4100480 and 2952664.

      Advice will be greatly appreciated!

      No question that it it can be mighty confusing to follow the twists and turns caused by Microsoft’s patching incompetence. But once you sit down to carry out the monthly patching using the guidance given at Woody’s, you may find that it’s not nearly as complicated as it seems. That was my experience of it, anyway.

      To keep things simple, and Group B viable for you, you can ignore the ongoing back-and-forth of botched updates, withdrawn patches, and patches to patches, and just wait for Woody to reset the MS-DEFCON level to 3. That will probably be a few days before the May patches are due out.

      Since you are updated through February, just follow Woody’s and PKCano’s patching guidance for March 2018. I’m in Group B, and I installed the March patches over the weekend. I was relieved to find that it wasn’t as hard as all the ongoing drama would suggest.

      Take your usual precautions before updating (at least set a restore point, and preferably also do a system backup), and then do it. Good luck.

       

      3 users thanked author for this post.
      • #184156 Reply

        SueW
        AskWoody Plus

        @KWGuy, I think @Cybertooth offers good advice (providing you’re still willing to stay in Group B).  If it will help at all, here are the steps I took to update through March.  Like you, I had been updated through February: #182757.

        I also do not pay much attention until Woody gives the go-ahead with DEFCON 3 (or higher) for the next month’s updates . . .

        Good luck in whatever you decide.

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

        2 users thanked author for this post.
    • #183748 Reply

      Frwin
      AskWoody Lounger

      Hi, I’m W7 group A and following Woody’s advice, I didn’t install any of the March updates.

      I will wait for Woody’s April instructions, but i already have a question : I’ve always only used WU; if you download a patch from the catalog, is it applied automatically, does it go into WU,… ?

      This is my first registered post; I’m from France, so sorry for my poor English. And thanks again for all you do.

      • #183753 Reply

        DrBonzo
        AskWoody Lounger

        @frwin – When you download the patch, save it on your computer. It will either be a file or a file inside a folder. If it’s a file, just double click and follow the directions – usually all you do is click a few buttons – and it will install. When it’s done you typically will get a window asking if you want to restart now or wait. If no restart is required it will say so. If it’s a folder, open the folder, then double click the file you see and proceed as just described.

        Basically it’s just like installing a small program. You’ll get the hang of it during your first try.

        PS – Welcome to AskWoody, and, there’s nothing wrong with your English – it’s excellent.

        3 users thanked author for this post.
    • #183754 Reply

      anonymous

      So maybe it’s just me, but on my work computer (Windows 7 Pro, domain joined) and my home computer (Windows 7 Pro, standalone), I checked for updates yesterday and discovered they both had the Windows 7 2018-04 security update available as Important.  Today, I checked for updates this afternoon, and both the work computer and my home computer no longer have the update listed.  It’s gone.  Did it get pulled?

      1 user thanked author for this post.
      • #184021 Reply

        DrBonzo
        AskWoody Lounger

        See the three posts starting here:

        April 2018 Patch Tuesday is here — and it’s a biggie

        I don’t know if it got pulled or not. Last I checked, it was still offered in the Update Catalog.

        1 user thanked author for this post.
      • #184088 Reply

        COBKA
        AskWoody Lounger

        Not just you. I think it has been pulled. Not offered to my 2 Win7 64bit laptops today and the preview KB4088881 is still there.

        1 user thanked author for this post.
      • #184293 Reply

        anonymous

        I’m the anonymous from #183754.  Just checked my Windows 7 Pro machine at home, and the 2018-04 (KB4093118) update has returned (Thursday evening).  Not touching it until next week haha; want to see if it gets pulled again.

    • #184039 Reply

      dgreen
      AskWoody Lounger

      Windows 7 64 bit Home Premium Group A
      Had done a windows update check yesterday. KB4093118 was offered and checked.
      This morning, it is still being offered but now unchecked.

      After reading here this morning, I’m figuring that MS doesn’t want me to install April’s rollup through WU but rather go to the catalog?
      Of course not installing anything until we get the green light here.

      My computer remains rolled back to December without applying any patches at all.
      All previews and rollups not applied, that were hidden, are gone.(ie Jan Feb)

      KB4091290 and KB4099950 were/are still in my hidden list.
      Should I restore them?

      2 users thanked author for this post.
    • #184057 Reply

      MrBrian
      AskWoody_MVP

      Testing on my Windows 7 x64 virtual machine has revealed that KB4093118 has unusual behavior in regards to whether it is listed or not in Windows Update. Using Windows Update MiniTool with “Include superseded” ticked, KB4093118 is listed. Using Windows Update MiniTool with “Include superseded” unticked, KB4093118 is not listed. Usually this would mean that KB4093118 isn’t listed in Windows Update because it’s metadata-superseded by other listed update(s). But the metadata for KB4093118 for Windows 7 x64 shows that there are no updates that metadata-supersede KB4093118 for Windows 7 x64. I suspect that KB4093118 has update attribute supersedenceBehavior=1, just like KB4088875 does.

      6 users thanked author for this post.
    • #184062 Reply

      dgreen
      AskWoody Lounger

      Testing on my Windows 7 x64 virtual machine has revealed that KB4093118 has unusual behavior in regards to whether it is listed or not in Windows Update. Using Windows Update MiniTool with “Include superseded” ticked, KB4093118 is listed. Using Windows Update MiniTool with “Include superseded” unticked, KB4093118 is not listed. Usually this would mean that KB4093118 isn’t listed in Windows Update because it’s metadata-superseded by other listed update(s). But the metadata for KB4093118 for Windows 7 x64 shows that there are no updates that metadata-supersede KB4093118 for Windows 7 x64. I suspect that KB4093118 has update attribute supersedenceBehavior=1, just like KB4088875 does.

      MrBrian:
      So do you think because I have those 2 updates hidden KB4091290 and KB4099950 is why KB4093118  is unchecked now?  That they may be prerequisite to the April Rollup?

      1 user thanked author for this post.
    • #184083 Reply

      crypto3d
      AskWoody Lounger

      Has anyone noticed that KB4093118 is no longer offered when it was yesterday?  I have 4 Win 7 64 machines and all 4 had this pending yesterday.  I installed it on one and all was well.  This morning it is no longer offered on the other 3.

      1 user thanked author for this post.
      • #184101 Reply

        jburk07
        AskWoody Plus

        @crypto3d

        Yes, I had the same experience.   I was offered the April Rollup for one day, starting on Patch Tuesday.    On Wednesday afternoon after WU checked for updates, it was gone and the March Rollup was back, unchecked on my Win7 Home Premium SP1 64-bit laptop.   I had installed only KB4100480 and KB4099950 before the April Patch Tuesday. I have hidden KB4091290. See MrBrian’s posts at #184057 and 184064.

        Group A Win7 x64 Home Premium SP1 Ivy Bridge

        • #184137 Reply

          crypto3d
          AskWoody Lounger

          I had installed KB4099950 and KB4100480 and have no updates hidden.  Was offered 4093118 and then not offered it so I am not sure this has anything to do with having updates hidden, for me anyway.  This whole thing is a mess.  If I did not need Windows for a few things I would dump it.  I already run Linux Mint 18.3 and for 90% of what I do, it’s just fine.

          1 user thanked author for this post.
    • #184087 Reply

      rontpxz81
      AskWoody Lounger

      KB4093118 is listed in my Win 7 64 list again but unchecked-was checked yesterday.

      Install or not, and has anyone had any problems with it?

       

      • #184406 Reply

        geekdom
        AskWoody Plus

        Hide KB4093118 and do not install it… yet. The alert is at DEFCON-2 and the patch keeps changing.

        Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
        1 user thanked author for this post.
    • #184174 Reply

      MrBrian
      AskWoody_MVP
    • #184281 Reply

      gkarasik
      AskWoody Lounger

      @gkarasik: Thank you for the heads-up. Hopefully someone with 2012 R2 Server will be along soon to assist you or confirm the issue. Description of patch: KB4093114 — Windows 8.1 and Windows Server 2012 R2 April 2018 Lifted blocking of updates via Windows Update and WSUS if “antivirus compatibility” Registry key was not set. Security updates to Internet Explorer Microsoft scripting engine Microsoft graphics component Windows Server Windows kernel Windows datacenter networking Windows Hyper-V Windows virtualization and kernel Windows app platform and frameworks. ActiveX printing issue in IE. SVG rendering issue causing high load issue in IE. Custom controls identifying issue in IE. kb4093114 (April Rollup) is failing to install on 2012 R2 Server

      Just a followup on the off-chance anyone else ran into this–looking in the log (%windir%\windowsupdate.log), I saw several references to WSUS-related failures and warnings. I didn’t have WSUS installed, so I installed it. The update succeeded.

      I won’t attempt to make any sense of Microsoft’s requiring WSUS for the successful install of an update retrieved from WIndows Update because I think we are way past attempting to make any sense of MS 2.0/Nadella.

       

      GaryK

      2 users thanked author for this post.
      • #184310 Reply

        Microfix
        Da Boss

        @gkarasik: Thanks for the follow-up nice to read you got it sorted.

        It seems sense, logic and patch conveyancing are a mystery to MS.

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #184447 Reply

      anonymous

      Can we get a chart of ms-defcon levels on a weekly interval for the last 3 years to today?

      • #184454 Reply

        PKCano
        Da Boss

        Feel free to use the “Older Entries” link at the bottom of each page on the main blog to gather your data.

        1 user thanked author for this post.
    • #184527 Reply

      radosuaf
      AskWoody Lounger

      Office 2007 again? 🙂

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1809 64-bit
    • #184603 Reply

      nickyburnell
      AskWoody Lounger

      Now over 20 Win 7 Profile problems. It’s NOT fixable by the usual .bak reg fix as it’s not the same cause. All seem a little different but all had MSE

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: April 2018 Patch Tuesday is here — and it’s a biggie

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.