• Comments on AKB 2000003: Ongoing list of "Group B" monthly updates for Win7 and 8.1

    Home » Forums » Knowledge Base » Comments on AKB 2000003: Ongoing list of "Group B" monthly updates for Win7 and 8.1


    Due to the size of the first topic of this name, it has been closed – it was too big to load easily.

    Please feel free to ask questions about AKB2000003 here

    The old comments can be found here:
    Part One – Mar/17-May/17
    Part Two – Jun/17 to Feb/18

    4 users thanked author for this post.
    Viewing 143 reply threads
    • #170748

      Kirsty, I wondered why I couldn’t access the original page . . . I kept getting 504 Timeouts last week.  I had wanted to read any comments that might have pertained to January’s updates prior to installing them.

      Is it possible to select and copy the comments on January’s updates (if any) from that page and then paste them here in order to make sure nothing fell through the cracks?  That is, none of us in Group B missed reading something really important or helpful?

      Many thanks!

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
      2 users thanked author for this post.
      • #170794

        @suew there have been 504s on pages with barely any posts in recent days/weeks, so that may not have been the only issue. While the topic is now closed for new postings, it can still be read (if you can get past the 504s).

        If the problem persists, we might have to split the closed topic in two, but I might keep an eye on that, balanced with the other problems 😉

        2 users thanked author for this post.
        • #170897

          … it can still be read (if you can get past the 504s)

          Hmmm — I gave up after at least a dozen attempts!

          Thank you, @Kirsty, for your explanation (and your always helpful comments).  Indeed, it is a balancing act :).

          Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
          1 user thanked author for this post.
          • #172436

            The closed comments topic has now been split in two, which may or may not make it easier to access the old comments.

            2 users thanked author for this post.
            • #172477

              YaY!!  Thank you, Kirsty!!  Each link definitely makes it easier to access the old comments 🙂

              Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
    • #170771

      If this ‘forum’ software had a way to limit the posts-per-page (other than turning off the ‘nested’ display method), then it wouldn’t take so looooog and be so sloooow to load up a page of many posts.

      Topics on the main home page seem to be limited to a certain number (8 or 10?). If the number of posts/replies on a sub-topic page were limited to 30-40, then topics with lots of posts would not take so long to load (ludicrous speed or not).

      • #170795

        Ok @skiph, off-topic here, but to reply: no, that’s not an option (refer recent topics on nesting/threading/paging, and the various issues that caused) 🙂

        • #170930

          Yes, I know that. My main point was…why is not there a ‘feature’ of this software to limit a ‘page’ of posts to some finite number, preferably user selectable…as there is on number of other forums I frequent, ranging from bicycling to R/C quad copters.

          And BTW…I assume the “Notify me of follow-up replies via email” still isn’t working? I’ve checked that option on at least 2 recent topics, and never received any emails (and, no they haven’t been going into a spam folder).

          • #170943

            We have three options:

            > Let everybody post

            > Break posts into pages – but you really need to have linear (not indented) posts to make that work

            > Seal the topic off of further comments.

            I thought we’d get better speeds by turning the replies linear, and breaking the pages up into 10 or 20 posts. But it didn’t work out that way.

            If this ‘forum’ software had a way to limit the posts-per-page (other than turning off the ‘nested’ display method), then it wouldn’t take so looooog and be so sloooow to load up a page of many posts.

            And that’s at the crux of the problem. If you have nested replies, how would the software break them into pages? I struggled with that for a while, and finally gave up.

            3 users thanked author for this post.
          • #170944

            Oh. And “Notify me of follow-ups by email” is part of an add-on that will get upgraded before too long. In the interim, though, it doesn’t work – as you note.

            3 users thanked author for this post.
            • #170947

              It does work, intermittently. Some people get no emails at all, but I get several each day (and cannot guarantee that is all that I should be getting, though).

              It may have something to do with the email address, as @sparky noticed a few months ago.

            • #170953

              Oh. And “Notify me of follow-ups by email” is part of an add-on that will get upgraded before too long. In the interim, though, it doesn’t work – as you note.

              Does it help to “subscribe” to the topic?  btw:  I got six emails today.


    • #171748

      Is this KB4077561 only for 8.1 or for all OS? It looked like an 8.1 patch. If so, shouldn’t 8.1 be put with its name for reference?

      Jan 2018 KB 4077561 (release 1/24 for PIC/APIC stop errors) – Download 32-bit or 64-bit


    • #172948

      If one skips IE patches for a month or two, it is only necessary to install the latest one rather than each missed month correct?

    • #175844

      I found this article about problems with this month’s updates:


      Until further notice I won’t install this month’s(security-only) updates for Windows 7 SP1

    • #176090
    • #184423

      Hello all, can I ask for some advice please?

      I’m a Group B Windows 7 user . In late March, I was waiting patiently until MS-Defcon 3 arrived to install the March updates, and took the advice of Patch Lady’s post of 31st March to install KB4100480, the “Total Meltdown” patch.

      I’m now ready to install the March update, but have I done this out of sequence, i.e. by installing the March updates now will I be undoing the remedial work of KB4100480?

      Also, weirdly, Windows Update no longer offers me the March update. Obviously I’ll be downloading the March update manually, and I’m not sure if this is relevant, but I thought I’d mention it just in case.

    • #185150

      Hello everyone,

      Following are my notes about the Group B updates.



      The January 2017 update KB3212642 will not show up as installed after the March 2017 update is installed, because KB3212642 was superseded by the March 2017 update. This supersedence is not documented by Microsoft.

      There was no February 2017 update.

      The Security Only updates should be installed sequentially and in the order of their release dates, except for two notable exceptions which are described below.

      1. Install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from subsequently being blocked on some older CPUs. This was Microsoft’s way of saying “thanks” to users who installed Windows 7 on newer generation hardware such as on computers with AMD Ryzen CPUs, yet at the same time Microsoft inadvertently killed Windows Update for some older CPUs such as Haswell Core I5 CPUs and other CPUs.

      2. Install the September 2017 update before installing the August 2017 update since the September 2017 update includes newer updates for kernel mode drivers and the Windows kernel. The kernal mode drivers in the August 2017 update have issues. This is why you should install the September 2017 update before installing the August 2017 update.

      The October 2017 update may cause Jet DB issues with much older applications. A fix is available at:


      The November 2017 update may break printing for some Epson dot matrix and POS printers. Update KB4055038 is available to fix this issue.


      The 2018 updates for Meltdown and Spectre COMPLETELY FAIL to protect against the BranchScope security vulnerability which was publicly disclosed in late March 2018. BranchScope is a new variant of the Spectre (CPU speculative execution) class of vulnerabilities which were publicly disclosed in January 2018. BranchScope theoretically can be mitigated, yet doing so is far from easy.

      The QualityCompat regkey must be set before installing any 2018 updates. This regkey should be set ONLY IF ALL INSTALLED ANTIVIRUS SOFTWARE has been updated to be compatible with all 2018 updates, regardless of whether or not the antivirus software automatically runs when booting Windows or later is manually run, because most antivirus software installs low level I/O drivers which are loaded when Windows starts, regardless of whether or not the antivirus software itself actually runs when Windows starts.

      The upshot of the above paragraph is: Make sure that ALL installed antivirus programs have been updated to be compatible with the QualityCompat regkey BEFORE you install any of the 2018 updates.

      Windows Registry Editor Version 5.00



      The 2018-03-29 KB4100480 Windows kernel update must be installed immediately after installing any of the 2018 updates in order to address a kernel escalation of privilege vunerability. This update may be installed after installing the 2018 updates and rebooting.

      The January through March 2018 updates are inherently flawed by Microsoft. These flawed Meltdown updates expose ALL kernel and program memory to ANY program. This new expoit is called Total Meltdown. Microsoft themselves created this Total Meltdown flaw. NO MALWARE TECHNIQUES WHATSOEVER ARE REQUIRED IN ORDER TO EXPLOIT THIS FLAW.

      The March and April 2018 security only updates KB4088878 and KB4093108 still have issues (SMB server memory leaks and stop errors). KB4100480 Windows kernel update for Total Meltdown must be installed immediately after installing the March update. KB4099467 must be installed immediately after installing the March update to resolve stop error (ab) when exiting a Windows session.

      The April 2018 security only update will be presented and will install REGARDLESS OF WHETHER OR NOT the QualityCompat regkey is present and set within your Windows 7 computer’s registry. Why? Because Microsoft is trying to cover their collective rear ends in order to resolve the Total Meltdown vulnerability which Microsoft themselves created. The upshot is that, after installing this update and if your antivirus software is not compatible with the QualityCompat regkey, then your computer may BSOD on reboot. Microsoft kindly leaves it up to you in order to figure out how to resolve this issue.

      Best regards,



      3 users thanked author for this post.
    • #185166

      Is it correct that KB4100480, KB4099467 and KB4099950 are now included in the April KB4093108 update?

      1 user thanked author for this post.
    • #185171

      Is it correct that KB4100480, KB4099467 and KB4099950 are now included in the April KB4093108 update?

      That is a good question. The article for KB4093108 states that KB4093108 supersedes KB4100480, yet makes no mention about KB4099467 and KB4099950. Additionally, the Microsoft Update Catalog Package Details for KB4093108 do not list KB4093108 as superseding ANY updates whatsoever. Now, isn’t this a riot of fun to try to figure out?

      Yet at the end of the day, KB4099467 and KB4099950 still appear to remain stand-alone updates which are not part of KB4093108.

      Nothing verified, yet this is all that I have to say at the present time.

      1 user thanked author for this post.
    • #185314

      What will Group B folks be missing by never doing 4088878 on Windows 7 x64 machines that are up to date from February?  Are there stable updates from within 4088878 that can be done separately from the catalog?

      I’m wondering if March updates will eventually have to be installed or if “just” April 4093108 will be the way to go due to it containing fixes for things like 4100480 & possibly 4099467.

      Having only installed March MSRT last DEFCON 3, it’s a bit worrisome that the others might still need doing, so I’m hoping some can be avoided.  Perhaps I’m fooling myself.  Please advise, thanks.

      1 user thanked author for this post.
      • #185318

        Group B folks who do not install March update KB4088878 will be missing all the fixes contained in the patch. Security-only patches are NOT cumulative. If you do not install one, you never get the fixes contained in it.
        April security-only update KB4093108 takes the place of KB4100480 and KB4099467. But it does not contain the fix for NIC/IP address problems. You will need to download KB4099950 and install it manually BEFORE you install the March and April Security Only UPdates. (And, yes, you need both).

        As Group B you will also need to download and manually install the IE11 Cumulative Update every month.

        My suggestion is you manually install KB4099950, reboot, check to see if C:\Windows\LOGS\PCIClearStaleCache.txt file is present. If it is….
        Install 4088878 KB4093108 KB4092946 (in that order, not necessary to reboot in between), reboot.
        Wait for DEFCON 3 or above to follow Woody’s patching.

        4 users thanked author for this post.
    • #185323

      thank you for the response.  Helps to unmuddy the water a bit.

    • #185372

      Like the man said: Helps to unmuddy the water a bit. I would even say ‘a lot’.

      Held off any updates (or uninstalls) for more than a month. Just couldn’t keep up with all the patches and repatches, but now I was ready to give it a try – thanks to @MrBrian’s sum up.

      Had IE 4092946 and 4100480 already installed, and that turned out to be no issue when I just installed 4099950 > reboot > 4088878 > 4093108 > reboot.
      Everything’s working fine – for now.

      Thank you again & always @Woody @sb @MrBrian @PKCano!



      2 users thanked author for this post.
    • #186183

      Looking for clarification and a recommendation on the following.

      Group B. I haven’t updated since December so nothing from January through April. Above it says to install KB4099950 prior to the March KB4088878 update. But this article, https://www.askwoody.com/2018/patch-lady-kb4099950-gets-a-revision/, says KB4099950 does not apply to Group B patchers. Come time, do I install KB4099950 reboot and check for PCIClearStaleCache and then proceed or KB4099950 is not needed?

      For the January KB4073578 or KB4056897, February KB4074587 and March updates KB4088878. Is it advisable to hold off on those for a bit longer since they don’t contain any critical patches and seemed to cause many issues or it is not recommended to continue waiting on them?

      Thank you very much for sharing your knowledge.

      1 user thanked author for this post.
      • #186186

        Look for the answer to your questions to be finalized when Woody raises the DEFCON level to 3 or above. At the time, he will publish his recommendations in a blog post ans a ComputerWorld article.
        All the information is not in yet.

        3 users thanked author for this post.
    • #191492

      I have some possible adjustments for the list:

      KB3044374 was mentioned as don’t skip (in 2015), so maybe it shouldn’t be on the avoid/uninstall list.
      “so don’t think you can skip it”

      Add to junk list to not install / uninstall:
      If you still have KB3035583 installed somehow remove it?

      Most(all?) of these never had any value and should be obsolete, so there is very little reason to have them installed.

      1 user thanked author for this post.
    • #192439

      I am in Group B with both a 32 bit Windows 7 desktop and a 64 bit Windows 8.1 laptop. Currently I haven’t patched anything since January. I skipped February and later since I absolutely rely on 2 factor authentication and read that February’s patches screwed that up and that March’s did not fix that. I know most people do use that so it might not be reported on much and maybe it got lost or forgotten about in the large amount of traffic here now. Does anyone know if it is safe for me to patch (security only) so that I will still be able to use my 2 factor authentication?

      Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

      • #192444

        The SmartCard problem has been fixed, if that’s what you are referring to.
        There have been other problems with this year’s updates. You might want to read over Woody’s DEFCON blogs and those topics where he summarizes the problems. Be sure to include the linked ComputerWorld Articles. There have been a number of hotfixes as well.

        There is a problem with the May patches uninstalling NICs in Win7 that has not been fixed.

        1 user thanked author for this post.
    • #193218

      It looks annoying, but I’d like to try this “Group B” thing. Basically, on a fresh new installation of W7 SP1, I install the followings:



      Uncheck all Roll-Up updates and problematic updates, keep only Security and .net framework/c++ redistributable updates and install all of them.

      Is that right? Also, for IDK what reason, another guy here says to install only Office updates starting from June 2017: https://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-updating-in-2018/291a9582-17a7-4942-8145-8d9f68265189?tm=1524412557788

      • #193220

        Although this is for Group A, read over the external to Windows Update and Windows Update settings in this post. Set them before you go online if they are available. Some will not be available until after updates are installed.

        For a Clean Install what I use (for Group B) is:
        Download KB3020369, KB3138612, KB3177467, and KB3172605 for your bitedness. (I know you are going to ask. Yes, all four)

        1. Install Win7. Reboot.
        2. If your installer does not include SP1, install SP1. Reboot.
        3. Open Administrative Tools\Services. Highlight Win Update Service and at top left click “Stop”
        4. Manually install the four downloaded patches in the order above. Reboot.
        5. In Windows Update Change settings – CHECK “Give me updates for other MS produces,” and set updates to “Never Check

        1. Check for updates
        2. If you don’t want the telemetry updates, HIDE the ones mentioned at the top of AKB2000003. You will have to keep watching for these every time before you install updates. Particularly KB2952664.
        3. To be sure you get all the necessary updates: HIDE the current “Security Monthly Quality ROLLUP,” check for updates, HIDE the next earlier “Security Monthly Quality ROLLUP,” check for updates. Repeat this procedure until you have hidden the “October 2016 Monthly ROLLUP.”
        4. Download and Install manually from AKB2000003, the Security Only Quality Updates from Oct 2016 to the current month and the latest Cumulative Update for IE11. Reboot wait 15 min. & check.
        5. HIDE any other updates you don’t want to install (drivers, anything that has caused a problem with your PC, features you don’t want, etc)
        6. Install everything else that is CHECKED in the “important updates” list. Reboot. (I like to do this in batches. (“Updates for Win7,”) reboot wait 5 min. & check, (IE11, .NET 4.5.2 or 4.6.1 ONLY, any additional  “Updates for Win7,” and in the optionals KB2670838 Platform Update), reboot wait 5 min. & check, (any “Update for User-Mode Driver Framework”, Update for Kernel-Mode Driver Framework,” and “Update for ActiveX Killbits”), reboot wait 5 min. & check, (“Security Updates for Win7”), reboot wait 5 min. & check, (“Security Updates for MS .NET”), reboot wait 5 min. & check, (anything else that is CHECKED in the “important updates” list), reboot wait 5 min. & check.)
        7. Repeat #5 and #6 until there is nothing left that is CHECKED in the “important updates” list.
        9. HIDE any UNCHECKED important updates that you don’t intend to install in the future.
        10. Reboot. Wait 30 minutes. Run Disk Cleanup, click “Cleanup System Files,” be sure Windows Update Cleanup is checked, click OK.

        I use Office 2010. I install all the checked important updates. from WU
        I also install the .NET Rollups that are checked important updates in WU.

    • #193267

      1) I noticed there is no Windows Update Cleanup in my Disk Cleanup options.

      2) I read many guides and none of them mentioned KB3138612, also KB3020369 is redundant since KB3177467 replaces it, as clearly stated on its page.

      3) Do you really have to install manually all the security-only updates? That’s really annoying… Why can’t you just select all  of them in WU and let it do the job for you?

      4) Do you instally ANY update that shows up for Windows Office 2010, even those from 2013?

      5) In the optional updates you don’t install anything?

      • #193281

        1) I noticed there is no Windows Update Cleanup in my Disk Cleanup options.

        Run Disk Cleanup, click on cleanup System Files. If you have run Windows update it will be there.

        2) I read many guides and none of them mentioned KB3138612, also KB3020369 is redundant since KB3177467 replaces it, as clearly stated on its page.

        (I know you are going to ask. Yes, all four)

        3) Do you really have to install manually all the security-only updates? That’s really annoying… Why can’t you just select all of them in WU and let it do the job for you?

        Security only patches are NOT offered in WU, only the Rollups. I thought you said you wanted to be in Group B.

        4) Do you instally ANY update that shows up for Windows Office 2010, even those from 2013?

        I use Office 2010. I install all the checked important updates. from WU

        5) In the optional updates you don’t install anything?

        Group B does not check “Give me recommended updates the same way I get important updates” in the WU settings. If you read Akb2000003 you will see the guidelines.

        1 user thanked author for this post.
    • #193268

      Even if IE updates are listed multiple times on https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ I have to install all of them? I just have to stick to that list anyway?

      • #193276

        The Internet Explorer updates are cumulative – only the latest one needs to be installed.

        1 user thanked author for this post.
      • #193283

        4. Download and Install manually from AKB2000003, the Security Only Quality Updates from Oct 2016 to the current month and the latest Cumulative Update for IE11

        3 users thanked author for this post.
        • #193302

          @PKCano:  I just noted my answer to the question I had.    It was a question regarding the cumulative update for the IE being for Group B.  I do apologize for something that I should  have known.

          I try to read everything, and occasionally I make a mistake, “this may be one of them”, for which I apologize if it is.    🙁

          Your invaluable assistance is sincerely appreciated, as always.   🙂

          • #193306

            IE11 Cumulative Update is part of the Rollup you install as Group A. You do not have to worry about the individual file. It is used by Group B.

            1 user thanked author for this post.
            • #193310

              @PKCano:  Thank you for your very clear reference to the IE cumulative update being part of the Rollup you install as Group A.    I sincerely appreciate the clear, concise reply.    Your expertise is outstanding, as it always is.   Thank you once again, PK.      🙂

    • #193307

      Just to be fully sure, do you need to install the following types of updates?

      1) C++ Redistributables

      2) Definition Update for Windows Defender

      3) Malicious Software Removal Tool

      These kind of updates are released constantly, so I would like to know if I really need them or not.

    • #193336

      Maybe dumb question: if I decide to install Microsoft .NET framework 4.7.2 manually (latest version available atm), will WU show me any updates for it?

    • #193472

      One thing that should be pointed out for the Group B guide:

      You can’t install all the standalone WU Security-only patches in a row: you have to turn off the WU update service -> turn on -> install one update and keep repeating this procedure or the MSU installer will get stuck into a loop of “searching for updates for this computer” as documented here:


      You can avoid doing this manually for every update by using this script:


      • #193632

        The Windows Security-only patches have to be downloaded from the catalogue and installed individually using the M/S standalone installer. I myself would have WU turned off whilst doing this, until I want it to do a search afterwards. But forgive me if I’ve misunderstood your point.

        1 user thanked author for this post.
        • #193680

          You misunderstood. Windows 7 has lots of unfixed bugs. One of them causes your PC to get stuck in a loop “searching for updates for this computer” when you the M/S standalone installers downloaded from the catalogue. That’s why you have to keep disabling and re-enabling the WU service after every single update.

          • #193682

            If you set WU to “Never check for updates” and disconnect from the Internet during the install, it may help you.

            And you can do a direct download from AKB2000003 – those are direct Catalog downloads

            1 user thanked author for this post.
            • #193812

              If you set WU to “Never check for updates” and disconnect from the Internet during the install, it may help you. And you can do a direct download from AKB2000003 – those are direct Catalog downloads

              That procedure works for me….every time.  No searching when I click to install the downloaded (from AKB2000003) and saved update.  Thanks again PK.


          • #193690

            My Windows 7 doesn’t have “unfixed bugs”. I’ve never had the problem you describe at all…………………………………..or any bug-related other problem, for some time now.

            4 users thanked author for this post.
    • #193616

      Under “Optional” updates I have “2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766)”, update framework driver mode, a lot of “update for windows 7 64bit based systems”. Should I Install them even if optional?

    • #195045

      @PKCano, @Kirsty, @Woody

      Seeing as we have probably 19 more months of Win7 Group B security-only patches & 55 more months of Win8.1 Group B security-only patches coming from MSFT, might I suggest splitting AKB 2000003 into separate AKBs, 1 for Win7 & another for Win8.1?

      As it is now, it will only keep getting larger and may eventually grow too big to keep together in a single post. Once support for Win7 stops in 2020, it would make more sense to separate out Win8.1 and why wait until it gets larger to do it?

      No real necessity to do it now but either way, I find this AKB to be extremely valuable especially to those who perform clean installs and wish to remain in Group B and I thank you all for keeping this AKB updated.

      Thank you.

      Group B / Win7 (Ultimate & Pro) [x64 & x86]

      Win7 - PRO & Ultimate, x64 & x86
      Win8.1 - PRO, x64 & x86
      Groups A, B & ABS

      1 user thanked author for this post.
    • #196019

      I have a 64 bit desk top 8.1 computer and try to follow AKB2000003’s direct catalog

      downloads for Group B.  However, today I checked my installed updates against his list only

      to find that I have somehow missed KB4012204 (March 2016) and KB402533 and

      KB4025252 (July), and both  April 2018 security updates.  Do I uninstall everything

      back to the first missed update and then install them again in sequence?  Your advice

      would be much appreciated.   Thank you. Jo


      • #196025

        The Security Only updates are not cumulative. Take the ones you are missing and install them in order (Stop the Windows Update Service – you do not need to reboot in between). You do not need to uninstall anything.

        The IE update is cumulative, so you only need the latest one.

    • #196229

      Was there ever a definitive answer whether or not KB4099950 applies to Group B or not? I have tried searching but can’t find an answer.

      What happens if the security only patches are applied and the user has the NIC/IP error that KB4099950 is for? Can KB4099950 then be installed to fix it or it must be run before the March Security Only KB4088878?

      Thank you.

      • #196238

        is not a Group B patch. Group B patches are Windows SO and IE11 Cumulative.

        However, you need to install KB4099950.
        If it was installed on your PC before April 17, you need to uninstall it and the March SO first b/c KB4099950 was modified 4/17. Then you need to download the current version of KB4099950 from the MS Catalog.  There are two files (an .msu and a .exe). To install, double click on the .msu – the .exe will be automatically executed in the process of the installation.

        Install KB4099950 before the March SO (do not reboot), install the March SO, and reboot immediately after.

        • #196720

          Thank you PKCano for posting the list of “Group B” Win7 updates. Please correct me if I have the following procedure wrong:

          I have downloaded the Jan-May Security Only updates, along with KB4099950 and IE11 KB4103768. I will install Jan, then Feb updates, followed by KB4099950 as I do not have the “C:\Windows\LOGS\PCIClearStaleCache.txt” file present. I will then install Mar, Apr, and May SO updates, followed lastly with IE11 KB4103768. If I have this correct, when do I reboot during the procedure?

          Thank you again.

    • #196267

      Double checking. https://www.askwoody.com/forums/topic/comments-on-akb-2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1-2/#post-185318 That post says to install KB4099950 and then reboot to check for Windows\LOGS\PCIClearStaleCache.txt file and the above says do not reboot and immediately install KB4088878.

      • #196273

        The instructions directly above are the correct ones after the revision 4/17.

        1 user thanked author for this post.
        • #196754

          The instructions directly above are the correct ones after the revision 4/17.

          PK;  I vaguely remember something about installing Feb SO before Jan SO because it had a fix for a problem.   Do you remember what that was about?

          • #196756

            Maybe the AMD thing?

            • #196759

              Maybe the AMD thing?

              That’s probably it.  I have 2 AMD win7 laptops I had to update, and I remember seeing  on AW to install Feb SO before Jan.     I did and had none of the problems about rebooting.

              I just can’t remember where the post was.  Thanks.   Senior Moments 🙁


    • #196274

      Thank you PKCano.

    • #196763

      Please correct me if I have the following procedure wrong:

      I have downloaded the Jan-May Security Only updates, along with KB4099950 and IE11 KB4103768. I will install Jan, then Feb updates, followed by KB4099950 as I do not have the “C:\Windows\LOGS\PCIClearStaleCache.txt” file present. I will then install Mar, Apr, and May SO updates, followed lastly with IE11 KB4103768. If I have this correct, when do I reboot during the procedure?

      Win7 / 64-bit / Group B

      • #196769

        Slight revision. Install in this order – reboot where indicated:
        KB 4074587 Feb SO
        KB 4073578 Jan SO
        KB 4099950 (be sure you download both files .msu and .exe – only double click .msu)
        KB 4088878 Mar SO
        Reboot – wait 15 minutes after login to proceed.
        KB 4093108 Apr SO
        KB 4103712 May SO
        KB 4103768 May IE CU

        4 users thanked author for this post.
    • #200431

      Hi PKCano,

      My laptop collapsed a few days ago and I had to pull it again from a image backup dated April 2017.  I have Windows 8.1 and always have tried to have my computer within the “group B” directives.

      So now, my Win8.1 is not yet updated and I am trying to decide when and how update it properly. The thing is: in Ask Woody it has always been recommended to wait until there is a MS-DEFCON Level 3, 4 or 5 before updating anything, but this rarely happen nowadays. I think I have seen it happen once in all this 2018 (I follow the posts but sometimes loose track for some weeks). Also, from Woody’s analysis in the last months (https://www.computerworld.com/article/3216425/microsoft-windows/microsoft-patch-alert-some-bugs-in-win-10-1803-fixed-others-persist.html) it seems like Win8.1 is stable and untouched by all the recent update problems.

      So, taking that into consideration and the fact that I want to create a new clean image backup and move on into something more productive,… I wanted to update.

      Would you recommend it?

      How would you do it? Any specific installation order other than the chronological one?

      Anything I can do regarding the Meltdown-Spectre situation from this whole 2018? I am not up to date about that, but my retailer (Asus) is not offering any BIOS update (they are only offering Intel 6th, 7th & 8th gen, and my processor is 3rd gen) and I would not want to waste any  processing power into fixing a “there-is-not-any-real-threat-yet” problem.

      I would gladly appreciate an answer. Thank you!

      • #200436

        First let’s get the correct information about DEFCON. The DEFCON rating only applies to the current month’s updates. The fact that we are at DEFCON-2 does not mean you can’t update anything. It only means that THIS month’s updates are on hold. Updates from previous months have been cleared (or not) and according to that month’s instructions are safe to install (or not). So th only on-hold as of today, are June 2018 Updates.

        My recommendation for your case:
        + You are up to date as of your April 2017 image.
        + Download all the security-only updates. the Dec. 2017 IECU, and the May IECU.
        + Set Win Update to “Never check.” Reboot.
        + Stop (not disable) the Windows Update Service. Leave the Services window open.
        + Start with the 2017 security-only updates you are missing and install them in order. Then install the Dec. 2017 IECU. You do not have to reboot between the patches.
        + Reboot, wait 15 minutes after login (Task Manager usage should drop to 0 or a very small number)
        + Stop (not disable) the Windows Update Service. Leave the Services window open.
        + Install the May 2018 Security-only update, then Jan-April SO, then the May IECU (Hopefully, installing May’s SO first will take advantage of fixes). If you find a second .exe file with any of the SOs, download it and put it in the same location as the patches but don’t click on it)
        + Reboot.

        What you are doing is updating to Dec 2017 and rebooting. You may want to make an image at this point b/c Dec 2017 is stable and before the M/S mitigation. Then catch up to date and wait for the DEFCON-3 for June patches.

        4 users thanked author for this post.
        • #200455

          Thank you for that quick response. It is really helpful, explicative and with very easy to follow instructions. I will do as you said.

          2 tiny follow-up questions:

          • You said to update until May 2018, but the 2018 June SO (4284878) and IECU (4230450) are listed as safe in the Patch list master. Should I still wait for the DEFCON 3?
          • That second .exe file you were talking about. I don’t understand what are you refering to. Is that the Jan 2018 KB 4073576 and Jan 2018 KB 4077561? Does that also include Nov 2017 KB 4055038 (as listed at the 2000003 post)? If so: do I download them and leave them in the same folder with the other SO updates but don’t click on them? Will they get installed somehow just by clicking in that month SO? Or in case I have to copy those .msi files somewhere. Where do they go specifically?

          About the DEFCON rating clarification. Thanks for explaning it. I get that is only about the current month updates. But in this situation, or whenever I haven’t had the time to update the PC in a few months it gets quite time-consuming to follow all the issues with every update / OS version / MSOffice / IE / Flash / Meltdown-Spectre… (although that has been easier in the last months/year with this post and the master patch list). So I usually rather wait until you see a general “go ahead”, or you have to invest a full morning or whole day going through countless posts and explanations since I last updated (more than a year in this case). But again, I feel like this rarely happen anymore.

          • #200462

            Should I still wait for the DEFCON 3?

            Yes, because in addition to the DEFCON number, Woody puts an article in ComputerWorld with further instructions.

            That second .exe file you were talking about.

            The second file (the .exe) will appear in the download link for the SO if it is still needed. The SOs have a .msu extension. If you also see an .exe when you click on the link, download it also. It has no KB number. It will get automatically executed in the SO installation process. You don’t have to do anything with it except put it in the same location (folder or whatever) as the SO.

            Woody will probably raise the DEFCON number this weekend or sometime during next week. Certainly before the next Patch Tues.

            2 users thanked author for this post.
            • #200688

              Thank you SO MUCH for these great explanations!

              Is all crystal clear now. I will proceed as told.

    • #208788

      Jul 2018 KB 4345459 (released 7/16/2018, replaces KB 4338823, fixes 0xD1 error, W3SVC, tcpip.sys) So, do I need to download and install also 4338823 or not? The last patch I installed was May 2018.

      • #208793

        Woody hasn’t changed the DEFCON level for July patches, yet. We are currently at DEFCON 1:

        Current Microsoft patches are causing havoc. Don’t patch.

        Non-techy Win 10 Pro and Linux Mint experimenter

        2 users thanked author for this post.
    • #210018

      Perhaps I’m reading this wrong.  It seems a correction might be in order.

      Jul 2018 KB 4338823 – Download 32-bit or 64-bit
      Jul 2018 KB 4345459 (released 7/16/2018, replaces KB 4338823, fixes 0xD1 error, W3SVC, tcpip.sys) – Download 32-bit or 64-bit
      Jul 2018 KB 4339093 (IE11) – Download 32-bit or 64-bit

      If 4338823 is the security only update for Win 7, how can 4345459 replace it when it is not a revision of 4338823?

      Isn’t 4345459 simply an additional update that is required to fix the stop error & not a new “security only” update?

      Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

      • #210026
      • #210031

        This issue you are referring to, Purg2, has surfaced repeatedly since KB 4345459 showed up last month, with variable results as to conclusions.

        In the interests of Patching Science, I recently performed the following two experiments: (1) Installed KB 4338823 (after creating  a restore point where I could beat a retreat to if the action got too hot after updating.) Then restarted and tested to see if my installed applications were working normally, performed the most important (to me) activities… and all seemed well. Then,  (2) at the instigation of DrBonzo,  I continued experimenting, and installed KB 4345459 following the previously mentioned steps, except for the restore point, as one seemed enough already. Again, everything copacetic.

        In conclusion: do (1), or do (1) and (2). Or, if you are really ambitious, maybe carry out your own experiment and install KB 4345459 by itself. My expectation is that, probably, you still shall live long and prosper.

        Group B. Windows 7 Pro SP1 x64, I-7, “sandy bridge” CPU.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #210032

        @anon 210026, thanks for the info.

        In the ghacks link, According to M.Brinkmann:    When you check the Update Catalog listing and there the package details, you see which updates KB4345459 replaces.  It does not replace 4338823.

        This is why I’m suggesting that the wording on the list is confusing to others & should be changed to reflect that 4338823 is still required.

        I’m not about to do that until the defcon changes.  I just want to get it right when the time comes to help my buddy get his Win 7 machine updated.

        , interesting, thanks.

        Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

        2 users thanked author for this post.
        • #210035

          FWIW, I patched WIN 7 Starter 32 bit last night. Did the IE 11 (4339093) first, then rebooted. Then I did OscarCP’s 1) and 2) with a reboot after each patch. Everything is fine.

          Also, there’s a post from Aboddi86 somewhere here on AskWoody where he states that 4345459 does indeed replace 4338823. I’ve gotta run right now, but I’ll try to find that post later. So, I think you could forget about the original SO patch (4338823) and just do 4345459 and be just fine. I did both just because I was curious and was using a guinnea pig machine.

          1 user thanked author for this post.
        • #210042

          @purg2 Look here and a few posts above and below it. It’s a short interchange between me and aboddi86 about the original SO patch and it’s replacement; i. e. KB4338823 and KB4345459, respectively.

          edit: forgot the link. Here it is


          1 user thanked author for this post.
        • #210050

          DrBonzo, I really appreciate the input & links.

          This post still has me concerned about the need for either 4338823 or 4345459, or both.

          /snip…..install KB4345459 only as suggested, or install both either will work

          Head hurts, will come back later to see what’s what.

          Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

          1 user thanked author for this post.
    • #211515

      W7 SP1 Home x64 Group B
      Installed all pertinent Aug updates after taking usual precautions and no issues.
      KB890830 MSRT
      KB4343899 OS Security Only
      KB4343205 IE Cumulative
      KB4345590 .Net Rollup

      Stopping phase of the IE restart took about 15 minutes. I was patient.
      Event viewer showed warning that ASP.Net setup couldn’t run because IIS was missing. I won’t enable it, either!

      So, there it is. Now in holding pattern for September.

      2 users thanked author for this post.
      • #211531

        ? says:

        Thank you for the update info StruldBrug, i also updated 5 win7 32bit (mixed Intel and AMD processors) for July and August with the SO’s, IE’s and MSRT’s and Office 2010 (on one machine). DISM kicked out KB2509553 MS11-030 from 04/11/2011 a LLMNR DNS resolution patch…

        1 user thanked author for this post.
    • #213924

      I follow Windows 7 Group B for the security only and internet explorer updates, I check every few days to see whether Woody has moved from Defcon 2 to Defcon 3 but I seemed to have missed when it was safe to install the July updates.

      Is it safe to install KB4345459 (sec only) and KB4339093 (IE)?

    • #215594

      OK, it’s now MS-DEFCON 4.

      Given that the July 2018 security only update for Windows 7 was considered unsafe to install, how do I now go about installing both the July 2018 and August 2018 security only updates safely? Surely, as soon as I install the July 2018 update and reboot, my system will, by all accounts, be in an unsafe state.

      I presume that I should forget about KB4338823 completely because KB4345459 is a complete replacement for it?

      And I presume that I need only install the Aug 2018 security only update for IE, KB4343205, because IE security only updates are cumulative?

    • #216134

      What does Group B (W7) do about .net framework for August? Microsoft Update Catalog provides a slew of downloads (.exe and .msi) when requesting KB4345590 or 4345679. Nothing offered in Windows Updates regarding .net in August. Please advise!

      • #216138

        Well, WU gave me KB4345590. Installed O.K.; no problems since.

      • #216139

        As I understand it, Group B doesn’t address .NET. So you need to decide whether you want the .NET Rollup or the Security Only patches. If you want the Rollup, just let Windows Update do the install for you – it “knows” which of the slew of downloads you saw your computer needs. If you want the Security Only, then I would suggest you download ALL – actually you should find 2 equivalent sets one set being .exe and the other being .msi, either set will do – of the slew of downloads you saw for 4345679. Then install ALL of them. You may find that all will install, or you may find only some will with others giving a ‘not applicable to your computer’ message. That usually just means your system doesn’t have the version of .NET that patch is for. When you’re done, you might go back and try to install any that didn’t install initially, just to be sure.

        Any way, that’s what I used to do and it served me well.

        PS – If you know exactly which versions of .NET you have, you can eliminate many of the slew of downloads you saw and only download/install the relevant ones. I used the brute force method because I think it’s a pain to find out which versions I have and I never remembered to write them down when I found out! There are ways to find out what versions you have but I don’t know them off the top of my head.

        Good luck!

        1 user thanked author for this post.
        • #216158

          The .NET version(s) that one has are listed in Control Panel > Programs and Features, under Microsoft .NET Framework n. ….
          I have 4.7.1, which replaced (and eliminated the listings of) 3.5.n, and perhaps some 2.n.

          3 users thanked author for this post.
      • #216142

        If you follow Steps B3 through B6 above you will find .Net updates will show up checked within Windows Update, if any are available. There isn’t telemetry associated with the cumulative .Net updates, if that is your reason for following Group B updating. So you can install any checked .Net updates… but don’t install any unchecked updates. Remember to uncheck the Monthly Quality and Security update before installing any other checked updates.

        Non-techy Win 10 Pro and Linux Mint experimenter

        3 users thanked author for this post.
    • #216159
      1 user thanked author for this post.
    • #216165

      RE: #216134 “What does Group B (W7) do about .net framework for August? Microsoft Update Catalog provides a slew of downloads (.exe and .msi) when requesting KB4345590 or 4345679. Nothing offered in Windows Updates regarding .net in August. Please advise!”

      Thank you for the responses to my inquiry (above), but I think some missed the point.

      1. Windows Updates does NOT show any .NET Framework patches for download. I hid July ones because of issues, but when I checked for August (a day or two ago), there were NO updates for .NET (checked or unchecked).

      2. I went to MS Catalog and looked for KB345590. It has a download link but when you click it, it shows 5 different files. If I read DrBonzo correctly, I guess I need to download these 5 files and install each of them if I want KB345590. However, does anyone know why Windows Update didn’t offer KB455590?

      Further Information:

      3. I am assuming I need .NET Framework patches because they provide security fixes, and I know I haven’t installed any for at least 2-3 months.

      Thank you.

      • #216170

        Perhaps some/all .NET patches inadvertently got installed without your knowledge? That sort of thing has been known to happen. Open Windows Update. On the left click on ‘view update history’ and look for .NET patches. Also on the left, click on ‘installed updates’ and check for patches.

      • #216185

        My MS Catalog search for 4345590 shows 3 lines. For each, the applicability is in the columns Title and Products. Select your edition; and note the bits: 32 (may be unlabeled), and 64.


    • #216168

      If you un-hide July .Net update and run Windows Update again, do you get anything different?

      Non-techy Win 10 Pro and Linux Mint experimenter

      • #216169

        Interestingly I haven’t done the August updates, and just checked Windows Update to see what is offered… and I don’t have any .Net updates offered that are checked.

        Non-techy Win 10 Pro and Linux Mint experimenter

      • #216171

        As of last night I was offered the KB4345590 patches by Windows Update on 2 Win 7 computers. Installed it on both machines via WU. This morning all I was offered and am currently being offered is .NET 4.7.2, which isn’t really a patch, but rather an ‘upgrade’ from 4.7.1.

    • #216605

      RE: #216165: .NET Framework Issues


      I checked like you suggested, and the only recent .NET Framework patches installed were from June ’18, so what I wanted was not inadvertently installed. Thank you for the suggestion, however, as well as your other comments.


      Yes, I realize this is what you get. I clicked on the appropriate one and was then offered 5 files to download (some ending in .exe and some in .msu plus another). My original question was in regard to whether or not I should download & install all 5 files offered or just specific ones. Thank you for taking the time to provide a screenshot. See below for the resolution.


      I did as you suggested (looked at hidden updates), and it turned out that the .NET Framework patch I had previously hid was KB 4345590, which is what I was looking for. Apparently, when I accessed the July Windows updates and hid some, it was actually in mid-August not July. Thus, I had hidden the August .NET Framework patch thinking it was the July patch. I subsequently downloaded & installed it.

      Thank you to everyone who replied and offered suggestions. A special thanks to Elly since his suggestion led to resolution of the issue.

      Over and out. Be Calm and Carry On the good work on askwoody.com.

      1 user thanked author for this post.
    • #216890

      Just mention: long list of KBs was superseded by KB4457145 and much more longer list of KBs superseded by KB4457144. Anytime we should consider steps of B group and supersedences, month by month it can change and honestly, not every month I rescan WU from scratch on clean W7SP1, but this month… I will.

      Look at catalogue for details…

    • #217884

      WS7 SP1 Home x64 Group B September 08 Beta Test
      Configuration: Simple home consumer with no network, no peripherals, no office, no Vmware
      Malware check: Eight scan tools run, including MSRT, and quarterly anti-rootkit, all clean
      System File Integrity: SFC-CBS log produced and quarterly SURT log, both clean
      Backup: New full image of system drive created
      KB4457145 OS Security Only
      KB4457426 IE Cumulative
      KB4457918 .Net Rollup
      KB4463376 IE Cumulative (fix)

      After each update that offered “restart now”, first started Task Manager and waited for Trusted
      Installer to complete. This took about 5-10 minutes. Then restart was selected.
      After each restart, Event Viewer was checked. Only warning showed after .Net update, IIS metabase
      updates were aborted … IIS isn’t installed nor is it wanted.
      Tested applications, known to require .net 4.5 and 4.6, all okay. Normal operations appear A-Ok.

      2 users thanked author for this post.
    • #219128

      ? says:

      just installed KB4463376-IE, and KB4457145-Sept. SO from here and KB890830, and KB4457044-.Net 3.5.1 (the part of the KB4457198-.Net rollup the machine wanted) using win update on win7-32bit and it came back up for air! I must have installed KB3177467 and then removed it because of problem(s) it had two years ago? the file remnants are probably in the SxS basement? or not.
      Anyway, the “b” style worked for September 2018 patches.

      1 user thanked author for this post.
    • #224354


      I follow Windows 7 (x64) Group B. I’m up to date on the security only and IE11 updates but I’m not up to date on the security only updates for .NET Framework 4.7.1

      I’ve searched the site and been onto the master patch list page but I’m not sure which ones to install. I would be extremely grateful if someone could tell me which security only .NET Framework 4.7.1 to install. Microsoft downloads the rollups and previews but I hide those.

      1 user thanked author for this post.
      • #224357

        On this MS page you will find the KB number for the different versions of .NET  SO for Sept, 2018. When you go to the Catalog, search for KB4457914 (this is the bundle for all the .NET SO updates). Then click on “download,” choose the link that applies to the .NET version.

        You can find the MS page by searching for the bundle KB number, clicking on the name of the update (instead of “download”), and in the box that pops up, choosing “More information.”

        3 users thanked author for this post.
    • #224383

      Thank you PKCano.

      On the Microsoft Update Catalogue, there are two updates for KB4457914 that mention Windows 7. Both mention 4.7.1. One mentions “for Windows 7”, the other mentions “Windows 7 and Server 2008 R2 for x64”, I presume it is the latter but would you please confirm that is correct, as I don’t want to download the wrong one.

      I presume that I will need to install previous months .NET updates before installing the September one, how far back should I go, the last one I have is February.

      • #224390

        If your computer is 64-bit, you should make sure that x64 is in the description. Some of the 32-bit do not have any x86, they are just plain.

        If you are installing security only (there have not always been one each month), I would install all that you have in date order. It is probably not necessary to reboot between.

        1 user thanked author for this post.
    • #224393

      Thank you.

      Looking at my hidden updates for .NET they are all previews or rollups, Microsoft doesn’t appear to have downloaded any of the security only. In order to check that I do have all the ones I need, where would I find the update KB numbers (if there are any) since February.

      • #224394

        Security-only updates don’t come through Windows Update.

        Look at the description of the Sept SO .NET. Use parts of it to search the Catalog (use a + between search terms). something like “2018 + security only update for .NET Framework” – should give you all for this year.

        To be honest with you, Group B is about telemetry. .NET Rollups should be safe in that respect. In fact, Group B instructions recommend the .NET Rollups. That way, you don’t have to worry about which update goes with which version – WU takes care of it for you.

        2 users thanked author for this post.
    • #224395

      Many thanks PKCano, in future I will install the .NET Rollups.

    • #225826

      Guys, is it possible to use NTLite and add all the updates manually to the ISO and still be in Group B, but without wasting hours to install all the updates by hand?

      1 user thanked author for this post.
      • #225957

        Guys, is it possible to use NTLite and add all the updates manually to the ISO and still be in Group B, but without wasting hours to install all the updates by hand?

        Hope you get some positive answers.

    • #229440

      Hello to @PKCano & @Kirsty! Since Microsoft has decided to include KB2976978 in the Monthly Rollup (interestingly, I still see it in Windows Update for my Win8.1 64-bit machine), I’ve finally decided to move to Group B this month. Besides downloading KB4462941 (Security Only update) & KB4462949 (IE11 Cumulative Security update) from the Catalog, should I also download & apply KB890830 (Malicious Software Removal Tool), KB4459924 (Security & Quality Update for .NET Framework), & KB4462930 (Update for Adobe Flash Player) from the Catalog as well?

      Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

      • #229444

        You should be able to install all the others from Windows Update. Hide the Rollup first. You can download the SO and IE11 CU from AKB2000003 (direct link to the Catalog).

        1 user thanked author for this post.
    • #232574

      Hi Woody/PKCano,

      I’ve been away for a while and am looking for a list of security-only updates for Windows 7 x64 that are safe to install starting September 2017 until now. I checked here but it’s unclear to me which ones are safe and which ones aren’t safe and should be avoided.

      Could it be possible to just post a list of recommended security-only updates for Windows 7 x64 that can safely be installed?

      Thanks in advance!

    • #234057

      I know, Group B is about Win SO updating, but still believe, this is right place for topic here.

      I am GroupB + .NET (secu and quality) and every month I do prepare such a collection of files and scripts, to be able install Windows in exact state of that month, in 3 ways (Group A, GroupB + NET 461 and GroupB + NET 452).

      Since, October was really poor month, later then usual, right now, Im closing (making) my “Win 7 – 10-2018” set and found something. Those “.NET secu and quality” … seems not to be so cumulative.

      In details, .NET 2018-09 (KB4457918) include these:
      – 4457044 – NET 3.5.1 patch
      – 4457038 – NET 4.5.2 patch
      – 4457035 – NET 4.6+ patch
      – 4019990 (D3 compiler for 4.7NET patch)

      In October, new secu and qua .NET “cumulative” (KB4459922) includes:
      – 4457008 – NET 351 patch (I presume replacing 4457044)
      – 4457019 – NET 452 (replacing 4457038)
      – 4457016 – NET 4.6+ (replacing 4457035)

      After clean install of my “Win7 GroupB + NET in 2018-10 state”, next WU scan ask to install KB4457918 (2018-09 .NET). wow, strange. I hit it and analyze WinUpdate.log, which shows me, KB4457044 (.NET 3.5.1 of 2018-09) has been installed.

      This shows me, those .NET patches are not so cumulative, as I presume (4.5 and 4.6 actually ARE cumulative, but .NET 3.5.1 not and I have to install 351 patch 2018-09 AND 2018-10)

      Any ideas why?

      Whats more confusing to me is the name, listed in MS Catalogue. In my language (Czech) its written (writing exact translation to EN)> 2018-XY cumulative update for security and quality. But WinServer2008R2 version (not translated in Czech version of MSCatalogue) in original> Security and Quality Rollup for …..

      Now, I am thinking, whats exact meaning of “Rollup” and “cumulative”. Is this MS bug or bad translation? Should it be cumulative, month after month those .NET updates? For anybody, not installing separate from scratch Win7 in 2 separate version (September and October) is this ….. simply invissible.


      2 users thanked author for this post.
      • #234064

        “Rollup” means a bundle. many patches together.
        The .NET Rollup contains individual patches for multiple versions of .NET. But the Rollup does not necessarily contain updates for ALL versions of .NET – in any given month, some versions of .NET may not have an update. If there have been no changes to one of the versions, there may not be a patch for it. But Windows Update doesn’t discriminate ahead of time – everyone gets the Rollup through Windows update. It only uses the individual patches that apply to each individual machine.

        “Cumulative” implies the current one contains current fixes plus all the previous fixes.

        3 users thanked author for this post.
    • #234128

      Jul 2018 KB 4345459 (released 7/16/2018, replaces KB 4338823, fixes 0xD1 error, W3SVC, tcpip.sys) Does this mean that you still have to install 4338823 before or that you can skip it on a new Windows 7 installation?

      Also, in the case I want to make an AiO W7 ISO with all the Group B updates already applied, what else do I need to be really complete? I added KB3020369, KB3138612, KB3177467, KB3172605, all the list of security updates till November 2018, I would need also the rest of importa updates + .NET + Office, but where to find those? I saw there are tons of apps like WHDownloader, Windows Update Downloader, etc. but most have discontinued support or list useless updates as “needed”/”adviced”, so I can’t seem to trust them…

      Maybe an expert here can help me.

      • #234135

        You only need KB 4345459.

        KB3020369, KB3138612, KB3177467, KB3172605 – These need to be added offline immediately after installing Win7+SP1. They will speed up the search for updates through Windows Update.

        Windows Update Mini Tool (WUMT) can help you download the updates. Many here use it. There are discussions about it’s use here on the site. Start by looking under  the “Tools” Forum. Then use the search box. on the right side of the site.

        You may find some information that will help here, and from this post to several below it. Realize these are a year old.

        1 user thanked author for this post.
        • #234164

          I see that now there is a new tool: https://www.askwoody.com/forums/topic/windows-update-manager-wumgr/

          Anyway, both important and recommended updates are mixed together, it doesn’t specify which one is under “category” column, nor it makes distinction for “.NET” which is under the category “Windows 7”. The only thing it can differentiate is “Visual Studio”, “Office” and “Windows Defender”…

          Also I don’t understand why you linked those posts PKCano: are you indirectly saying that you don’t believe in making the life easier embedding all updates in an ISO and you prefer to do everything manually on every single machine you come across?

          Anyway, I’m thinking to just embed all security updates and that’s it… I guess it shouldn’t take too much to install the rest which is just some minor hotfixes, .NET and Office… At least I hope, I’m gonna make a try on a new machine. Then I can just write down all extra stuff I had to install looking at WU chronology and embed it in the ISO for the next time I guess…

    • #234149

      “Rollup” means a bundle….
      “Cumulative” implies the current one contains current fixes plus all the previous fixes.

      Well, well. Thats valid theory, OK so far. And since MS in Czech translation of those KBs names use explicitly word “kumulativni” (cumulative), whats called Rollup in original english written name, at least this is bad bad translation, aghrrr.

      Still, I believe, its bug, a sort of. Even (KB) numbers of 2018-10 are lower than 2018-09 numbers, interesting. I personally have idea, why. And another interesting fact is, I do backtrace all my separate “Win sets”, month by month back in past (have them since patchocalypse) and found: however nobody ever said, their are cumulative (just Rollups), they actually ARE. All the time since 2016-10, every .NET related patches have been replaced during next  update (and effectivelly, they were cumulative, untill now).

      There are other facts supporting this concept – D3compiler patch (4019990, signature dated 4/28/2017) included in every next rollup …. or more complicated example: 2017-11 .NET rollup includes D3compiler patch (initially released 2017-05 rollup), 3.5.1 patch unchanged since 2017-09 rollup, 4.5.2 patch updated little bit 2017-10 (socalled swedish lang fix 🙂 of 2017-09 release and the only one updated at 2017-11 patch for 4.6 …. this is for me proof at least they tried to be cumulative.

      I am “digging” for these details with single reason – is it just a supredences/metadata error (like we saw plenty of them) or is this really remarkable change of concept of .NET patch model? In the second case, I suggest add some note to KB20000000000003 or anywhere you think its usefull.

      • #234198

        AKB200003 is not concerned with the .NET updates, only those related to Windows/IE11. The Group B patchers are encouraged to update .NET through Windows Update normally.

        The lack of the D3compiler causes problems for Win7 if .NET 4.7 (or later) is installed. It has been included to prevent these problems in the case of first-time install.

    • #234285

      Windows 7/Group B


      I posted this previously in the Questions: Windows 7 forum, but I think it may be the wrong place for questions regarding 2018 patches. Please forgive me if it’s incorrect to post it here.

      I rolled back from March, 2018 to December, 2017 and have installed no Windows updates in 2018 except for Security Essentials definitions. I work in video editing and production, and observed an impact to performance after the Jan. -> March, 2018 security only updates, hence the rollback.

      What do I need to install now in November, 2018 that will not drastically impact
      my computer performance? Is it safe to install the latest IE11 cumulative update?
      What about .NET framework updates–I am running version 3.5.30729.5420?

      I’ve read Susan Bradley’s post #218232 about installing all of the 2018 updates, then disabling Spectre/Meltdown protections via registry edits. Is this a viable solution or should I just stay put at Dec. 2017?

      Thank you,
      Win 7 Pro (x64) / Intel Core i7-3820QM (Ivy Bridge) / 16GB RAM / NVIDIA GeForce GT 650M

      • #234290

        The latest IE11 Cumulative Update should be OK. I have not heard anything about the .NET patches causing a slowdown.

        As far as the Security-only patches – I know there were slowdowns associated with the Jan-Mar patches. About the rest, well, that’s a question. You could install the patches and disable the Meltdown/Spectre protections in the Registry and see if that works. The patches can be uninstalled and the Registry setting set back to original if it doesn’t work. That’s a lot of work.

        Before you try anything like that, be sure you backup your data and make a full image of your computer. Then set a restore point along the way. And don’t forget you will need the Servicing Stack update as well.

        1 user thanked author for this post.
        • #234479

          Thank you PKCano for the info. Regarding .NET updates, I just checked Windows Update and found the following:
          2018-09_Security and Quality Rollup for .NET Framework (KB4457918)
          Security Update for Microsoft .NET Framework 3.5.1 (KB3122648)
          Security Update for Microsoft .NET Framework 3.5.1 (KB2972211)
          Security Update for Microsoft .NET Framework 3.5.1 (KB2973112)
          Which one(s) should I install? Also, should I install directly from WU or from the MS Catalog?

          Regarding IE11, should I go ahead and install KB4466536 immediately?

          I am going to give some more thought to the 2018 Security Only updates. That does sound like a lot of work to undue the updates should they slow my computer considerably.

          1 user thanked author for this post.
          • #234481

            I suggest you install the .NET through WU instead of trying to manually install the individual patches.. I think WU will install what you need.

            The IE11 patches are cumulative, so you should only need the latest one. Go ahead and install it.

            The Security=only patches are available here if you decide to install any of them. The links are direct downloads from the Catalog.

            2 users thanked author for this post.
            • #234485

              Which .NET update(s) should I let WU install? It shows three old security updates, along with the Security and Quality Rollup dated 9/11/2018.

            • #234493

              Install whatever is in WU for your version. Windows Update will handle whatever needs to be handled. Be careful not to get installers for later versions of .NET than what you have. I know the installer for .NET 4.7.2 sometimes shows up.

              1 user thanked author for this post.
            • #235002

              @PKCano:  How do we know which version we have of the .NET ?   I have nothing pending now, other than one unchecked .NET in the Optionals, and I won’t touch that one.  Thank you again for your wealth of information and guidance.   Great work!    🙂

            • #235005

              Since you are using Windows Update, you don’t have to worry about which version you have. Windows Update will install the right patches automatically when you do your updates.

            • #235009

              @PKCano:   Thank you for the very prompt, reply.  I am sincerely grateful for all of your help.   🙂

    • #234522

      There are three separate .NET updates listed in WU for my version (3.5.1):
      KB3122648, KB2972211, and KB2973112.
      There is also the Security and Quality Rollup for .NET Framework (KB4457918).
      Should I simply install the Security and Quality Rollup?

      1 user thanked author for this post.
      • #234523

        I would go ahead and let the older ones install as well. WU won’t overwrite newer files with older ones. If those are not needed they will simply not be installed, but it will satisfy whatever WU needs so they don’t keep showing up.

        2 users thanked author for this post.
    • #234524

      Okay, I will give it a go. Thank you.

    • #237962

      ? says:

      tired of waiting so i updated win7 32 bit with november so, ie, office 2010, and msrt, came back up for aire in fine fashion…

      the dism removed KB2892074, ms13-099, and KB3078601, ms15-080.

    • #239231

      As a Group B-er, I just downloaded “2018-11 Security Only Quality Update for Windows 7 for x64-based Systems (KB4467106)” from the “2000003” list.  Its .msu shows only 8.0 MB in size.  Since it’s been larger in the past, I also checked the Microsoft Update Catalog, and saw that its .msu size is 36.6 MB.

      Am I missing something (other than 28+ MB)?

      Many thanks in advance.

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
      • #239233

        I just downloaded it from AKB2000003 and the download showed 36.6MB for the x64 file. Same as from the Catalog.

        1 user thanked author for this post.
        • #239236

          Many thanks for your quick response, PKCano!  I just downloaded it again from AKB2000003 and it’s now 36.6 MB!  I’m relieved that it’s consistent with the Catalog.  Go figure . . .

          Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
          • #239239

            Actually, those links are direct downloads from the Catalog. So, whatever is up there, is what you get.

            2 users thanked author for this post.
            • #239263

              I thought so . . . that’s why I was concerned about the difference in size and wanted to confirm.  I have no idea how I got an 8 MB download, but it’s all good now, thank goodness.

              Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
    • #239294

      I also had the same experience as SueW had when I downloaded and saved the November Win 7 x6 (KB4467106) Security Only file from the “2000003” list on 12/7. At first I didn’t take note of the size of the file, and it was only after 2 attempts at trying to install it and receiving the following error & message: 0X8007000d “Data Is Invalid”, that I realized there was a problem with the file. It was at that point when I questioned the size of the file compared to previous Win 7 SO updates I’d downloaded and installed. I too went to the Microsoft Update Catalog and saw that the size of the download should be 36.6 MB rather than 8MB. I went ahead and downloaded the file from the catalog. It installed without a hitch along with the rest of the November SO updates. Later that same day, 12/7, I used the link from the “200003” list and downloaded and saved another copy of the same file, and it still only downloaded an 8MB file.

      I can also confirm that after that day the file downloaded from the “200003” link downloads the correct 36.6 MB file as PKCano has so indicated.

      1 user thanked author for this post.
      • #239295

        When you download a file, and don’t give the download time to finish, you will actually find two files. One will have the correct name, the other a .part “partial” extension, and the files won’t have the right size. Perhaps you didn’t wait long enough for the download to complete? Or maybe MS is messing up, b/c the links are actually direct download links to the MS Catalog. There is NO indirect download.

        • #239298

          PKCano, I have no clue as to what caused the link to download only an 8 MB file, but I can say with 100% certainty that the file had completely finished downloading to the location I intended, and the file has the same file name as the correct 36.6MB file. Not only that, as I previously stated, I was able to duplicate it by downloading it a second time about an hour later.

          I still have that second copy of the 8MB file if it is of any use to you.

          1 user thanked author for this post.
          • #239299

            Looks, then, like the monkey is on MS’s back. Thanks for the confirmation.

            2 users thanked author for this post.
            • #239301

              I’ll back up both of their claims, I also downloaded an 8,192 kb file three times using the direct link from here on December 5th before finally getting the correct one on the fourth attempt. I just chocked it up as a downloading issue on my end but obviously it wasn’t.

              1 user thanked author for this post.
            • #239513

              Over the weekend I remotely installed the Group B updates on several computers using direct download links from the Catalog and on NUMEROUS occasions downloaded these same “incomplete” files mentioned above. It happened while downloading both the SO update and the IE SO update and each time the errant file downloaded was exactly 8,192 kb.

              This has to be an issue with Microsoft as I downloaded these updates from computers scattered all around the US. Just figured I’d add this latest info in here so others downloading these screwed up files from M$ knows the problem absolutely is NOT on their end.

              1 user thanked author for this post.
            • #242080

              Btw the patches contain an hash code in the name, so you can immediately verify if the downloads are correct.

            • #242634

              anonymous:    What does      SO  mean?  With all of the acronyms, I get lost with some of them.  Any help would be most appreciated.

            • #242641

              SO stands for Security-Only

              1 user thanked author for this post.
    • #241314

      ? says:

      thank you for the info on the out-of-band IE patch. it also applies to IE8

    • #242610

      ? says:

      thank you for the “green” light and thank you PK for helping on Christmas!

      i did the out of band IE update the 19th along with the December SO, no problem(s). today i finished the updates on “B” style win7 32 bit systems. the machine with Office ’10 wanted me to download and run KB947821 the 151.6 MB “System Update Readiness Tool!” i scanned for updates after hiding this bad fish and it showed up for an encore and then slinked away on the second rescan ha, ha on you Microsoft… i skipped that ordeal (i’ve fallen in that trap b4), installed the patches and am on my merry way to happy new years!

      so, KB4471328-IE and KB4471328-Dec. SO on the 19th, and:

      KB4471987-.Net Dec. rollup (installed KB4470641 and KB4470640) and jacked up my fragmentation as usual.

      KB890830-Dec. MSRT (sans heartbeat telemetry).

      Office 2010 had 6:

      KB4461577-Excel, KB4461570-Office, KB4461576-Outlook, KB4461521-Power Point, KB4427172-Office, KB4461579-Office.

      ran disk cleanup\DISM and there were no updates removed this time. whew, glad that is over for a few days way to much care and feeding for windows 7, the XP downloaded and installed the December updates on the 11th in under 4, yes four minutes and the linux does not require user input to stay on the straight and narrow…


      2 users thanked author for this post.
    • #242815

      I’m in group B. I’ve been trying to download the Win7x64 November SO update. I’ve gone directly to the catalog (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467106) and it keeps giving me a faulty ~8MB file.  I saw in comments that people were eventually able to get the correct file from Microsoft, but I’ve been trying for some time and it isn’t happening.  Does anyone have a copy of the actual update they would be willing to share with me?

      • #242822

        You can download KB4467106 from AKB2000003 on this site. The links are direct download from the Catalog. However, when this happened before, the problem was on the Microsoft end, not in AKB2000003. People just kept trying till it worked.

        The file can not be uploaded to AskWoody, so the exchange would have to take place through Dropbox or some similar online storage. If you get the update from someone else, be sure to check the authenticity.

    • #242827

      Thanks, PKCano. As far as I can tell, the page you linked simply links directly to the catalog download I referenced. I did try getting the update from there originally, but since it’s the same source, no luck.  I’ve been trying to download this update since November, and now it’s almost January. Every single time I click it, it just gives me the unusable 8 MB file. I really hope someone has a copy and is willing to upload it somewhere.

      If no one does, is it OK to just skip this one and move on to the December update?

      • #242831

        The Security-only patches are not cumulative like the Rollups, so if you miss one, you miss it completely. Just keep trying with more frequency. Maybe you will get lucky.

      • #242842

        In my role as neighborhood Santa in the last few days, I’ve downloaded a bunch of patches from the Catalog. The MS servers have been, shall we say, very inconsistent as far as time required for successful download, whether downloads were successful, etc. etc. etc,. Using IE to download seemed to help as did a File —> exit command from the menu, and then a fresh restart of IE (IE 11 on all the computers I used) and then a download attempt. I ran into your problem a few times and as PKCano said, just keep trying.

      • #243086

        It may help to check your Download folder (or where-ever you save downloaded files to) and delete any existing copies of the file, then close your browser and dump your temporary internet files before trying to download it again.

        I had the same problem you’re having while updating numerous computers last week and it may just be a coincidence but going through that process a couple times worked on the last three I updated.

    • #243163

      I have a (possibly dumb) question.

      Topic 20000003 for Group B patchers says the following about the last patch for December:

      Dec 2018 (IE11) KB 4483187 – Download 32-bit or 64-bit (Released 12/19/2018 replaces KB4470199, fixes CVE-2018-8653 Scripting Engine Memory Corruption Vulnerability)

      If this patch replaces the one given just above it, why not strike out the listing above it, or better yet delete it altogether from the list? Not sure what the purpose might be of keeping it there.

      Thanks in advance.

      1 user thanked author for this post.
    • #309538

      PK – I’ve been too busy with other things to keep up after all these years of playing “I’m a B type, I can do this” with microserf. Finally I’ve gotten so far behind (family issues) that in trying to catch up I’ve found that I cannot do so. My last catch up was Sept 2018 – KB4457145. That worked, but when I tried to download KB4457426 and/or KB4463376 for IE nothing happened. No download, and no other  info. I checked my link and it’s fine.

      Am I screwed, or did I do something wrong here?


      • #309545

        The IE11 updates are CUMULATIVE. So you only need the last one. If you are patching through Dec 2018, use KB4483187. If you are using Jan patches, use the one for Jan. In any case, you need only one. The links to some of the earlier patches may not be valid if MS has pulled them b/c they’ve been superseded.

        • #310514

          normally the IE updates are supposed to be cumulative.

          however yesterday 1/13, I installed KB4480965 IE11 update on my Win7 system, rebooted and RAN Windows update again and it offered/listed the KB4483187 IE11 update. i don’t know why…

          on the other hand, when the KB4483187 IE11 update is installed (and I removed/uninstalled the old KB3185319 IE11 update from my Win7 & Win8.1 computers) and ran Windows Update, it no longer offered the old IE11 updates like KB3185319. so it looks like KB4483187 completely replaces KB3185319 & older IE11 updates.

          1 user thanked author for this post.
      • #309567

        I forgot to mention, the MS Catalog download (direct links in AKB2000003) has been messed up for a couple of months. People have been getting 8MB files instead of the patches (Read above complaints) even when downloading directly from the MS page. Be patient and try again. Eventually it seems to work.

    • #310515

      note – see my recent post above PKCano’s about KB4483187

    • #310842

      So noted EP. Thanks for the information.


    • #318551

      ? says:

      i updated win7 32 bit (Dell 4300 Dimension with Intel 2.8 MHz SL7EY, 1GB PC133 ram) today using the links on AKB2000003 with no issues. Windows update (after the standalone January SO and IE11) offered KB4481480 January .Net rollup and KB890830 January MSRT also no installation issues. i will wait a bit longer (better DEFCON position) to update the remaining 3 machines.

      thank you!

      1 user thanked author for this post.
    • #319939

      ? says:

      Thanks for the January ’19 green lite! makes me nervous to wait around for the dust to settle while the badness never takes a day off…

      updated 3 win7 32 bit pro machines (2 AMD, 1 Intel processors) and 1 with office ’10 using “B” style. the Jan SO and IE-11 stand a lone links downloaded from here with no problems.

      One quirk was the .Net KB4481480 Jan roll-up that for the first time i can recall required no restart to complete the installation? see:


      https://docs.microsoft.com/en-us/dotnet/framework/index if interested.

      The .Net update ngen / mscorsvw.exe took 4-6 minutes to run the servicing routine on all three machines, and wrecked my disk fragmentation, as usual. If interested Defraggler shows the (temporary) scrambling to specific files on the drive caused by .Net updates.

      The Office 2010 had KB2553332, KB4161614 (unchecked), KB4461625 (Word), KB4462157, and KB4461623 (Outlook).

      Thanks again for doing all the leg work to keep us from falling down the rabbit hole and saving all the precious brain cells!

      1 user thanked author for this post.
    • #323614

      Hey, everybody, this is quite big one, this needs to be clear and EP probably should write it with BIG RED font

      note – see my recent post above PKCano’s about KB4483187

      PKCano insist those IE patches are cumulative and thats simply not true or clear.

      If you are patching through Dec 2018, use KB4483187. If you are using Jan patches, use the one for Jan. In any case, you need only one.

      Next “second Tue” approaching, so I also made some tests with January WU state. And I have the same idea as EP. In general, IE patches should be cumulative, but that Dec2018 incident (out of band ie patch KB4483187, replacing regular KB4470199) is not that fashion. Because, January IE patch KB4480965 in theory, it should include features/fixes from 4483187, but it seems it doesnt. Tried that in GroupA way, tried that in GroupB way, after all updates (including Jan IE 4480965), next WU scan asks for KB4483187.

      Whats more confusing, MS Catalogue about KB4480965, it mention, it is replacing both Dec IE patches. Strange, MS confirm its cumulative (by mention in catalogue) and also deny it (with WU scan result). This could be supredences problem or even worse – that idea about “cumulative IE” is not valid anymore.

      And since, we, the people of group B, rely on exact information, without possibility to verify it by WU scans, this should be investigate very carefully. Personally, I also will do some research about the similar situation in Sept IE patches (KB4457426 vs KB4463376).

      This deserve more care, that just “So, noted”.


      p.s. PKCano, if you really do bielive “only just 1 last IE patch”, why there are so many of them in official “Group B list”

      • #323621

        p.s. PKCano, if you really do bielive “only just 1 last IE patch”, why there are so many of them in official “Group B list”

        Because, by definition, they are cumulative.
        The list is populated monthly and the past ones are not removed. It is ongoing.

        The problem you are seeing is because there can be a difference between metadata supersedence and component supersedence. A patch can REPLACE the components of  another patch and still not METADATA supercede it.

        An example of this the Monthly ROLLUP and the Monthly ROLLUP PREVIEW.
        The Monthly ROLLUP (issued on Patch Tues) is composed of three parts: non-security patches, security patches, and the IE11 CU. It is a SECURITY Update and is CHECKED in the Important Update list.
        The Monthly ROLLUP PREVIEW (issued on the third Tues of later the same month) is composed of four parts: the three components of the Monthly ROLLUP plus the non-security updates for the following month. It REPLACES the Monthly Rollup component-wise, but because it is a NON-SECURITY update, it cannot METADATA SUPERCEDE the the Rollup. Therefore, it appears in Windows Update as an UNCHECKED Optional Update. A non-security update does not metadata supercede a security update.

        You have the same situation with KB4483187. It REPLACES KB4470199, but it does not METADATA supercede it, so you will keep seeing it. But if you install it, it will not overwrite the following month’s IE11 CU components because the later CU has COMPONENT supercedence.

        Windows Update works on metadata supercedence. The actual Updating Process works on component supersedence.

        5 users thanked author for this post.
    • #327571

      ? says:

      ok, so i patched 4 machines on 2\14 Valentines’ Day, still use IE on all Windows installs, boo who.


      1 XP Pro had 8 patches KB4887085 was pulled for wrecking havoc before i ran Microsoft Update (thanks for the warning MSFN!) took 3 minutes total to patch XP.

      all Win 7 Pro, 2 AMD 1 Intel

      the SO’s i picked up here, thank you! then Microsoft Update offered: ( i peeked inside KB4486564 on Linux box using FF of course and did not see any stuff i did not want and it is smallish at 17.9MB.)

      KB4487078- Feb. .Net S & Q (43.1MB, mscorsvw.exe took 14 minutes to run on all 3 machines)

      KB4486563- you know what i did with that (Extreme Prejudice)

      KB890830-Feb. MSRT (also small 2.1MB, last month was 6.0MB)

      Office 2010 had 8 patches, ‘nuf said, bonus it still works!

      also cleaned and shut off Shell Bags, one machine had over 2000 entries and 800+ deleted folders. and my post update cleaning system is now easier (faster)

      again, many thanks for all you do Ishmael, PK and others…

      1 user thanked author for this post.
    • #329487

      Sorry in advance for such a blasphemic question, but really.. it’s still unclear to me whether or not GroupB are prescribed to integrate either of those two KB into their Gold Windows 7 x64 Installer Media Image:

      • Service Pack 1 (KB976932)
      • Enterprise Rollup Update (KB2775511)
      • Convenience Rollup Update (KB3125574)

      It does seems clear to me that SP1 is a sure go, but is it for GroupB, without any post-deploy “defusing” operations ?

      • #330634

        @owdrtn your question about Installer Media images isn’t related to the monthly Group B updates in AKB2000003. I suggest you post your question in the AdminIT Lounge forum, perhaps in the Managing Updates in Organisations topic of that forum.

        • #331009

          Is there not any GroupB-dedicated thread covering not exclusively monthly updates for win7 and 8.1 , but any updates ?

          • #331032

            Group B is only about telemetry in Win7/8.1 updates. The rest of the updates follow general guidelines like the rest of the people.

          • #331033

            Here is such a thread started by Oscar CP last year:-

            Home › Forums › AskWoody support › Windows › Windows 7 › Windows 7 patches › The Ease of Group B patching

    • #329879
    • #339744

      I’ve recently discovered the Simplix Pack to create a fully updated image of Windows 7, but I’m wondering whether it’s better or worse than the list here provided. I’m asking for some feedbacks based on the list of updates that the latest version of the program integrates: https://pastebin.com/UhAf8s3c To me it looks like it integrates lots of useless old updates and that it doesn’t use Security-only updates.

      Basically I’m asking if it’s better to use a fully updated W7 image where I integrate the Security-only patches found here on AskWoody or use the updated W7 image created with the Simplix Pack.

      • #339754

        I suspect any updated image you find that was made after October 2016, when Microsoft started the Rollups, will include the Rollups and not the Security-only Updates. The updated images will be all the Rollups included until the date of imaging (there was a new Win7 image current through Nov 2018 made just recently).

        If you want the Security-only patches, you will need to use an older ISO and manually update. The list in AKB2000003 are direct links to the MS Catalog, so if you use them, you have the latest SO patches.

        • #339906

          This is not a downloaded ISO image, it’s a tool that automatically downloads all the needed updates (excluding telemetry updates) and integrates them in your own WIM image. The tool gets updated every month with the latest updates.

          I was only asking for a feedback about the updates that got integrated into my W7 SP1 original install.wim compared to a integrating just the AskWoody list.

          • #339922

            You might read Canadian Tech’s method for clean installing Windows 7 without telemetry (if telemetry is the issue for you): AskWoody #188268 and answers.Microsoft Updating Windows 7 in 2018.

            I don’t have any experience with the Simplex Pack, and would have to go through its listed updates manually, to see what type of updating they are using… maybe someone will answer with more experience that can tell you. The link to pastebin just shows a very long list of included updates to have to weed through.

            I’ve installed using @Canadian Tech’s method, and it went smoothly, and my Windows 7 has been very stable… and is telemetry free.


            Non-techy Win 10 Pro and Linux Mint experimenter

            • #340037

              My doubt is about how is it possible that Simplex Pack is telemetry free while not using the security-only updates? I checked and all the KB starting with 4 in the AskWoody list are missing. Anyway, I don’t honestly understand this Canadian Tech guy. Why just install security-only updates till May 2017? That makes no sense for me… As for system images, I’ve never used them, and I’d prefer to avoid them if possible. As I said, I can already make a perfectly stable ISO integrating all the security-only updates and then installing the extra ones that I’m prompted to. Of course my real objective would be to know in advance which are the “extra ones” that Windows Update is going to offer me so that I could integrate everything in one shot and not having to install 1 single update.

            • #340229

              You might find better answers by posting your question in the Windows 7 Support forum, as Knowledge Base articles are generally considered references, rather than a place to ask for help.

              Non-techy Win 10 Pro and Linux Mint experimenter

              1 user thanked author for this post.
            • #348717

              @Elly:  I inadvertently did a “thanks” to a Group B, subject.    My apologies, and thank you for all of the other good postings you make!   🙂

              1 user thanked author for this post.
    • #340478

      PK – Sorry to bother again, but I’ve been trying to update the Jan KB4480964 on my W7 and after downloading I get the “message” that this update is not applicable to my computer. I’ve been using the x64 updates for quite sometime, so I’m confused/bemused by this response.

      Should I try the x32 version, or is there some other thing (that you may know about) that is currently going on?



      • #340480

        The link (direct link to Catalog) gives me the correct download (with 8.1. KB4480964, and x64 in the file name). Look at the file size. I’m showing 34+ MB. Sometimes MS  Catalog has a problem and the files size is considerably smaller, doesn’t work. (Also check to be sure you didn’t install the Rollup)

        1 user thanked author for this post.
        • #341040

          I’ve tried a few more times and nothing works. Ive even waited an hour or so for the larger file to arrive. I also swept the floor looking for some kind of eff-up on my part that would have allowed my Win 7 system to to think it was something else. I did not find anything on this unit that should prevent an update from microsloth to become downloaded. Unless, of course that it is W7 and not W8.1

          I’m absolutely confused by this; you guys have always come up with an answer, or a work-around when this kind of s**** occurs. If I need to upgrade this PC to W8.1 I’m ready to do that. My wife won’t be, but that’s my problem and not yours.

          Any help is most wanted and hoped for.



          • #341048

            Well, KB4480964 is for Windows 8.1. You say you have a W7 computer, which I take to mean Windows 7. So I think it’s a good thing you’re getting the message that it (KB4480964) isn’t applicable to your computer.

            Edit: If you want the January Security Only patch for Win 7 you want KB4480960.

            2 users thanked author for this post.
            • #342182

              Roger that DrB. YOU sir, are correct. Anyone needing the Jan 2019 Win7 64-bit update should pay close attention, since it was not available on the “Group B” update site here at Woody’s. Clanking in to Widders own site for updates and (taking time to go fill the wee dram glass) allowed the download for that appropriate 4480960 update to arrive and, subsequently be installed.


            • #342186

              The Win7 patches are ABOVE the Win8.1 patches.

              KB4480960 IS available in its proper place.
              You have to look in the Win7 patches, but the KB number you asked for was for Win8.1 which was stated in my original answer.

              1 user thanked author for this post.
    • #341253

      ? says:

      ok, so i downloaded KB4490628-SSU 32bit (4.2MB) patch from here and ran it from the desktop. 10 seconds to install it, no trusted installer running afterwords. shows installed in event viewer\setup and Microsoft Update, CBS log shows a 51kB run (was empty prior to updating.) prefetch shows wusa, trusted installer and vssvc.exe ran successfully, as well.

    • #341326

      PK, I don’t know how else to do this, so I’m asking this question as a reply to an unrelated issue.

      And it’s a big ASK.

      I have a Windows 7 machine that I haven’t turned on since 2015. It was right in the middle of that mess with Windows Update – it took hours and hours to update Windows 7, if it updated at all. In the midst of that we moved. I boxed that PC up and didn’t unpack it until last weekend. Still haven’t turned it on let alone connected to the web.

      I want to resurrect that machine. I’d like it to be Group B – security only updates. I don’t want the spectre and related updates. I also wish to avoid the modern telemetry add-ons. I just want my old Win7 machine up and running securely.

      Now to the big ASK! What steps should I take to bring this machine back to life – albeit a mostly secure if not fully updated life? Even if you choose not to respond to this ASK you’ll have my eternal respect as one of Woody’s MVP’s.

      Thanks in advance, RamRod.

    • #342581

      Just so that you know – KB 4489873(the security-only update for IE11, Windows 8.1, 64 bit March 2019) still does not work well with my Halo Spartan Strike game – missing sound and possibly other problems. I have uninstalled it for normal game-playing.  I haven’t noticed any problems with the March 2019 Windows 8.1 64 bit update.


    • #348103

      ? says:

      thank you for the not April fool’s day green light!

      updated 3 win 7 pro 32 bit machines 2 AMD 1 Intel and one with Office 2010:

      KB890830-March MSRT


      KB4462226-Office, KB4018363-Access, KB2589339-Office, KB4461626-Office, KB4462229-Outlook…

      manually installed the March SO, IE, SU and SSU and bonus being PRO machines haven’t seen hide nor hair of KB4493132 nag

      1 user thanked author for this post.
    • #1496554

      ? says;

      Wow, it is already MAY! (still snowing here, currently 36 degrees outside) only 8 more months of win7…

      thanks to the Woody’s wise patch system and all the helping elves, too. all i had were the 2 B patches and MSRT plus the Office 2010 patches on one machine and they came back for more in fine style. i ran DISM and came up with 2 patches from 2014 and 2015 KB3033929 and KB3003743 both of which caused problems for lots of folks when they were originally released. KB3003743 MS14-074  was so troublesome that Woody wrote about it on Infoworld “Microsoft’s Black Tuesday Toll,”


      i log most every patch that is removed after monthly patches and am wondering why they were breaking machines when originally released and why are they being removed from SxS 4 or 5 years later? Especially when the OS is soon to be relegated to the pages of history?

      Anyway, many more thanks for helping us make through yet another “Black Tuesday!”

    • #1628446

      Typo in ongoing list (and in https://www.askwoody.com/forums/topic/may-2019-patch-tuesday-arrives/#post-1621530):

      pciclearstatecache –> pciclearstalecache.

      1 user thanked author for this post.
    • #1662885

      ? says:

      just did 3 win7 pro 32 bit, 2 AMD, 1 Intel. got the IE-29.1MB and SO-72.3MB + pci..29.5KB. here then the rest through update chute. Office 2010 had 2, KB44645672.9MB and Outlook KB4464524 12.1MB plus KB890830-May MSRT-6.8MB. threw away the rest of the bad fish. the PciClearStaleCache.exe did not run. the KB4499406-43.2MB .NET (KB4495606 for me) ran cleanup for 13-14 min. after reboots. and as usual did the tasmanian devil fragmentation routine all over my HDD’s. i notice a problem is surfacing (i should have waited a little longer? to patch.) i eagerly await the day my kester will be too far away for microsoft to reach and i will never forget the wasted hours and stressed machines trying to patch because microsoft wanted me to do things their way.

    • #1663493

      ? says:

      let me see? what constructive things could i do with all the time i will have after my cruel microsoft task master fades into the distant past? humm, i know, i’ll keep pushing the limits of my newfound friend linux…

      thanks, PK! wake me up from my post patching glow when i will then have to rip out all of the May 2019 patches because somebody forgot to build them correctly… (again)

    • #1747876
      • #1747879

        It’s because the topic is closed to new comments that the text is different to a normal topic. However, the current site issues have changed how closed topics are displayed, making them a little harder to read currently.

        1 user thanked author for this post.
        • #1750738

          Ahh thanks, be nice if that could be fixed. Like you said, super hard to read!

        • #1751389

          A hokey little trick –
          (This works on Win 7 / Firefox; I assume OK in other environments too.)

          Click anywhere in the article (sets focus):
          Edit > Select All -OR- just Ctrl+A
          This will highlight everything: white text, on a blue ‘highlighter’, on a white page background.

          To cancel, just click anywhere.

          This is nice when one is contending with (e.g.) white text on a white background.

          2 users thanked author for this post.
    • #1766168

      Yet again the file hashes for the cumulative security update for IE11 (KB4498206) do not match the table of hashes here. I know it’s in the filename but it’s a bit disconcerting when there’s a mismatch like that and filenames can easily be changed. Probably give the May update a miss since it’s cumulative anyway.

      • #1766176

        Compare the Win7 x64 May IE11 files as an example.
        The top one is from the MS Catalog.
        The bottom one from the AKB2000003 download link.
        They appear to be the same.

        • #1766299

          Yes but that’s the filename, if you look at the table (under ‘File information’) in the link to the cumulative update i posted that hash in the filename doesn’t match any of the SHA1 hashes listed. Nor does SHA256 if you check the file from a command prompt using certutil -hashfile. This happened in january as well and i skipped that update. I’m sure it’s safe but you know, it’s microsoft we’re talking about here and since they are cumulative i’d rather just skip an update. I’m group b by the way.

          • This reply was modified 4 years, 9 months ago by T.
    • #1864697

      I apologize if this is another repeat question on the topic, but I have some questions regarding KB4490628 & KB4474419.

      I have KB4474419 installed, but not KB4490628.  Am I correct in reading PKCano’s post that KB4490628 has to be installed on it’s own? Also is it possible to install it even though I have already installed KB4474419 or does it need to go KB4490628 and then KB4474419?

      Thanks for your time & help!

      • #1865117

        Yes, KB4490628 (all Servicing Stack updates, as a matter of fact) has to be installed exclusively, ie, by itself. Install it by itself, wait 5 minutes for the install to complete, then reboot your computer.

    • #1867115

      ? say:
      just started patching win7 32 bit thanks to woody’s June green lite. already KB4508646 -IE has hijacked my blank tab page and put on a plethora of their self serving (news, weather, sports and so much more)  junk… to return to blank second tab had to go into settings and return it to the way I had it. ie-blank page. so I’ll see what else they decided was better for me and report back, the so-called-patchin’ day is still young

      • #1867127

        They probably hijacked your default search engine and changed it to Bing too.

        • #1867284

          ? says:

          well, no bada Boing, yet, bing this!

          changed my accelerators back to enabled (E-mail with windows live, map with Bing, translate with Bing.) turned on Dom storage, turned off pop-up blocker, and mscorsvw.exe was running when i first rebooted from the 2 stand-alone-b patches. i did install the office 2010 2.0 filter pack, what the heck? been at this on the first machine for 1 hour and 45 minutes…

          i’ll report back after today’s torture session. by the way my linux machine from which i’m now speaking was automagically FULLY PATCHED (as usual) when i fired it up this morning

    • #1867475

      ? says:

      whew, recap: 3 Win7 32 bit pro

      kb4508772 june SO, kb4508646 june ie, from here. wu hide (all) the effluent, then kb890830 july msrt and office 2010 word kb4461619, kb3114879-filter pac 2.0 (contains 2 Odffilt.dlls 6-11-2019 file date and 2 Visfilt.dlls Sept 10 2018.) mscorsvw.dll ran on all 3 machines even though no .Net patches were installed. saw WMP re-re-re setup and Windows Desktop Update go by during the stand alone reboots?

      nothing from dism\disk clean-up. only took 6 hours, and i still have to run the rest of my clean up routine.

      glad there are only a few more to go!

    • #1901260

      ? says:

      Green Flag so

      just installed the July MSRT and .Net rollup latest MSE definitions on first throw-away windows 7 Pro

      whoopise, I forgot to install the July Security Telemetry Only patch,

      I guess it is still working if you can read this…

      thanks everyone

      • #1901265

        PKCano says:

        Don’t forget the July IE11 CU

        • #1901286

          ? says:

          oh, yeah i was so excited that the missing pieces of the SO+telem did not blue screen me that i was remiss in mentioning the July IE cumulative patch. i cleaned up after and the DISM did not spit out any old KB’s either. the .Net scrambled up my hdd as usual so i ran defraggler quick style to get it reasonably straight before running Defrag C:\  /h /u /v after reboot. so we will see how this plays out i guess. i do not like skipping the SO but i do not like all the gunk that comes with the appariser since winX in definitly not in my future. 3 hours for 1 machine and i have 3 more to go, maybe tomorrow

          thanks PK!

    • #1902146

      @pkcano:  I am Win 7, x64, Home Premium, Group A, and I don’t use the IE11.  This is not something that can’t recall the last time I updated.   Am I “out in left field” on this one?  Thank you for any assistance you may have on this issue.    Your help is appreciated very much, as always.

      :  I sent a reply to your message about the July IE11, and somehow I was logged out, and the message is probably listed under “anonymous” now (?).   If so, my apologies, I don’t know what occurred.    🙁

      • #1902147

        The IE11 update is part of the Monthly Rollup you install as Group A. You do not need to worry about it. It is for Group B. This whole thread is just for Group B, not for Group A.

        • #1903166

          @PKCano:  Thank you so much for the clarification.   I’ve had health problems for the past several months, and I can see from the “topic” alone that I am waaaaaaaaaaaaay off base with this one.  I’m still in a “recovery” period.  Thank you for your patient and guiding assistance.   🙂

    • #1907872


      Thanks for posting those telemetry updates.  I discovered that I had two of them, dating from April 2017.  I should have checked before, but I thought that I had hid all of them.

      They were installed in a mass update when I reinstalled Windows 8.0 from a recovery partition and then upgraded to Windows 8.1.  My old Windows 8.1 had become flaky.

      Needless to say, the offenders have been uninstalled.

    • #1911922

      Im holding off on aug updates but this popped up this morning in optional update:

      August 17, 2019—KB4512514 (Preview of Monthly Rollup)

      any idea what this is?

      also this pc is a fresh install of win 7 ultimate and totally patched till aug and a driver update just popped up too.

      advanced micro devices inc driver update for amd smbus

      Im hesitant about it as pc is working exceptionally well atm.  Thoughts?

      • This reply was modified 4 years, 6 months ago by amber438.
      • #1911930

        MS issues a Preview Rollup each month, usually a week after Patch Tuesday, that is meant for testing of the coming month’s non-security fixes by IT departments and the like. Each time, it is an UNCHECKED OPTIONAL patch and is not meant for general installation/usage.
        It contains the patches in the current Rollup (non-security, security, IE11 CU) plus the coming month’s non-security fixes for testing purposes.

        KB4512514 is a Preview of Monthly Rollup

        1 user thanked author for this post.
    • #1912254

      ? says:

      Dear Microsoft,

      you lost me at KB4507456 July SO (plus Telemetry) which means i’m missing patches for:

      KB2813347- MS13-029 RDP 7.0 Client 4-9-2013

      KB2868626- MS13-095 XML Sigs (DOS) 11-12-2013

      KB3005607- MS14-071 Audio (EOP) 11-11-2014

      KB3033929 SHA-2 Code Signing 3-10-2015

      KB3051768- MS15-054 Management Console (DOS) 5-12-2015

      KB3108670-MS15-130 Uniscribe (RCE) 12-08-2015

      KB3138962-MS16-027 Windows Media (Windows Integer Underflow Vulnerability) (RCE) 3-08-2016

      i’m wondering how KB3133977 (bit locker fix) will work since i checked the “NO SYSTEM RESERVED,” box when i installed Windows 7 (trust their encryption?), and KB4474419 v2 the second SHA-2 patch will figure in the mix?

      and please explain why all the feverish interest in patching Windows 7 since it is laying in the trench waiting for the final dirt to be applied?

      so, it looks like August “B” style patching (or any patching for that matter) will be verrrry interesting…

      1 user thanked author for this post.
    • #1919718

      Win 7 group B here. Confused with Jun/Jul updates:

      Jun 2019 KB 4503269 – Download 32-bit or 64-bit
      Jun 2019 KB 4508772 – Download 32-bit or 64-bit (Released 6/20/2019 fixes MMC error, Custom Views in Event Viewer)

      – Should I install both?

      Jul 2019 KB 4507456 – Download 32-bit or 64-bit (NOTE: contains KB2952664 functionality known as the “Compatibility Appraiser”)

      – Is that telemetry? Any workaround?

      • #1919725

        For the June update, all you need to install is KB 4508772.

        Jul 2019 KB 4507456 – Is that telemetry?

        Yes, that is telemetry.
        You can skip the update if you want to avoid the telemetry.
        But the update has other security fixes that you will not have if you don’t install it.

        The workaround is in AKB2000012 – follow @abbodi86 ‘s procedure.

    • #1926450

      I have been in Win7 Group B since October 2018.
      As July 2019 SO (KB4507456) contains KB2952664 telemetry, are there the same amount of telemetry if I switch to Group A now?

      • #1926479

        KB4507456 contains the Compatibility Appraiser (KB2952664 functionality) only.

        The Rollups have the KB2952664 functionality PLUS diagtrack service and WMI autologger which are part of CompatTelRunner.exe operations.

        It is easier to follow Group A patching. Group B is getting more complex as time goes on.
        You should go ahead and install one of the July patches because there are other security fixes beside the included telemetry.

        Either way, you can neutralize the telemetry by following the instruction in @abbodi86 ‘s AKB2000012.

        • #1926532

          I was in Group A before October 2018. My system should have diagtrack service and WMI autologger already. Both Group A and B have Compatibility Appraiser now, so I would switch to Group A. Thank you for clarifying.

    • #1942820

      ? says:

      patched 1 win7 pro 32bit BIOS boot dual core: no KB3133977, had KB4490628 (inst. 04/02/2019) updated (standalone) KB4474419 to August v2, took 1 minute to install then rebooted back to desktop and then updated MSE to see if it fixed the recent patching errors (failures) and it did. next up was (standalone) KB4511872-August IE (rebooted normally) 2 minutes from shutdown back to desktop. waited 12 minutes for Trusted Installer to finish then installed KB4512486-August SO (standalone) took 1 minute to install, rebooted with several pauses before getting back to the desktop (4 minutes) and while waiting for trusted installer updated MSE with no errors. next started scanning wu for updates (ran for 4 minutes) and produced 2 Important checked patches: KB4512506-August rollup and August MSRT (7.5MB) plus 3 unchecked Optional updates: KB4512514 2019-08 Preview Rollup (183.6MB), KB4512193 2019-08 .Net Preview, and KB4503548 2019-08-.Net v4.8. hid everything except the KB890830 August MSRT (3 minutes to install). rechecked for additional updates (1 minute) with no extras. locked down wu and checked Task Scheduler for additional tasks (none) and no new Services either/or disabled/re-enabled. CBS.log grew from essentially empty to 63,509kB which will be emptied along with Software Distribution\Download folder during the next after patching clean-up. i also checked to see if any of the missing kb’s from the July SO i skipped (see 1912254 above) were patched but no joy, maybe next time?

    • #1943828

      ? says:

      finished 3 more win7 32bit (BIOS boot machines-no KB3133977 Bitlocker patch), only one more “cloned,” safety box left to do. the one with office 2010 had 3 patches:

      KB4475506-Office (2.9MB), KB4475573-Outlook (12.1MB), and KB4475533 (13.3MB) no restart necessary.

      threw away KB4512506 2019-08 SMQR (182.8MB) checked Important, and 3 unchecked Optionals

      KB4512514 2019-08 PMQR (183.6MB) 08/20/2019, KB4512193 2019-08 .Net rollup preview (27.2MB) 08/21/2019, and KB4503548 .Net 4.8 (74.3MB) 08/13/2019.

      installed KB890830-August MSRT (7.5MB) on all machines as usual (heartbeat is disabled).

      the only weirdness was the way KB4511872 and\or KB4517297 installs. it took 5-6 minutes and configured thusly: reboot from desktop to finish install>starting>black screen>please wait>prepairing to configure>configuring>shutting down>rebooting>starting windows>please wait>welcome>back up to desktop. only 4 more months of patching ordeals until Christmas…

    • #1944102

      ? says:

      ran Disk Cleanup\DISM on the last machine i updated and KB4474419v1 from 3/2019 gets pulled. also KB2563327-SVG Graphics, KB2732487-bluetooth sleep hibernate stop error, KB2763523-DHCPv6 connectivity DUID, so there u have it! -67.9MB

    • #2017087

      In Step B5 “Get Rid of Problematic Updates”,  it says that if you have  no intention of updating to Windows 10 in the near future,  look for KB3150513 and uncheck the box.  Should you modify Step B5 to mention that we should also look for KB4493132 and uncheck that box also?   Woody discussed KB4493132 in his ComputerWorld article of December 5, 2019 as being a “Get Windows 10” nag patch for which we should uncheck the box.

    • #2038089

      I’m wondering why there are no comments about any updates for Windows 7/8.1 updates since September 8 in this topic. Is there a reason for it?

      • This reply was modified 4 years, 2 months ago by Skunk1966.
      1 user thanked author for this post.
    • #2100311

      To whom it may concern, the November 2019 SO has superseded the December 2018 one.

      Regards, VZ

    • #2110913

      While I mourn the passing of free updates for Windows 7, I am transitioning to two computers running W8.1.  Thanks to PKCano for helping me be a “Group B” member in the past and hopefully the next 3 years!

    • #2134812


      I have the same question as “Skunk1966” posted several days ago (post #2038089) that hasn’t been addressed by anyone yet. This thread jumps from September 8th to December 9th showing no posts during a 3 month time period! Are posts from this time frame available someplace else?

      I need to update two computers in Group B from August 2019 thru January 2020 and for some strange reason the exact time period I need info for is missing here. I seem to remember at least one SSU needs to be installed during this time frame and I’m seeking help getting the proper installation order for SO Updates from August 2019 thru January 2020 along with exactly when to install any SSU that’s required.

      Thanks in advance!

      • #2134814

        Ed, you’re looking at the discussion of the patch list, not the patch list itself. Look HERE, scroll down to the bottom for the 8.1 patch sequence you seek. (It is up-to-date.)

        1 user thanked author for this post.
        • #2134838

          Yes, I realize this is a DISCUSSION of the patch list and that’s exactly what I’m looking for, I already have all of the SO update files downloaded.

          I distinctly remember discussions between October & December about installing at least one SSU before installing particular SO Updates on Win 7 and that’s what I’m trying to find out. The list of updates doesn’t show any prerequisites required after September but I seem to remember at least one SSU released after KB4516655.

          I normally stay on top of all this Group B stuff but due to unforeseen circumstances that I won’t go into I’ve gotten several months behind. If you scroll through this entire thread looking at the post dates don’t you find it a bit odd that nobody discussed anything at all here during an entire 3 month period?

          • #2134855

            Got it – thanks for the clarification.

            I’ve seen a TON of Group-B patching discussion during that timeframe, but most of it was tacked-on to other discussion topics, or was part of the typical “These new patches were released today” sort of topics that usually started by Woody or one of the MVPs.

            You’ll probably have to go searching to find the info you’re looking for.

      • #2134825

        AKB2000003 has been up to date since Patch Tuesday, Janusty 14, 2020. It is for Group B patches only (SO and IE CU), and has never been for other Win7 patches like the SSU, .NET, MSRT, etc.

        • #2134862

          I know the SSU FILES aren’t provided here but if an SSU is required before installing a SO Update it’s normally shown as a prerequisite in the list of update links. I’m not seeing ANY SSU required in the links after KB4516655 in September… but I seem to recall discussions about installing particular SSU files either before or after particular SO updates AFTER September.

          The last SSU I installed was KB4516655 in September… do I need to install any others before attempting to install all of the SO Updates posted in the list from September thru January?

          • #2134868

            If you look at the MS Support page for the SO, down toward the bottem the SSU is usually listed (on the CU Support page as well).

            If you run Windows Update and install the Rollup, the SSU is served up last. THis is what happens to the unwashed masses on Automatic. I always use this for my installs and I have had no problems (8 Win7 every month plus those I support) in spite of what MS publishes. On the other hand, many of the posters have installed the SSU first.

            There has been discussions about this among Group B as well. And it has been done both ways with the same results. If you search for the SO’s KB number on the site you will see the discussions.

            FYI: The installs the last couple of months have been taking longer than usual, and some have experienced two boots.

            • #2134944

              PK:  Will the Windows 7 portion of the Ongoing List of Updates end with the January 2020 updates?  And will there be any reason for those of us with Windows 7 to look at AKB 2000003 any more (especially those such as myself who have or are planning to get a license for Extended Security Updates)?  I note that there was a comment by abbodi86 back in December which said “December Security Only KB4530692 include ExtendedSecurityUpdatesAI placeholder manifest. This probably indicate ESUs will continue with dual Rollup/SO model.”    I’m not sure I understand what he’s saying there because I’m not an expert,  but if what he’s saying actually occurs,  it makes me wonder if I would need to switch from SO updates to rollups if I get an ESU license.

            • #2134948

              The only reason you would need what is currently on the list (as of Jan 14, 2020) is if you had a problem and had to reinstall the OS.
              I don’t know if MS will continue with the Rollup/SO model or it will be Rollups only. I suspect they will not be making improvements to Win7 and the patches will, for all practical purposes, be security-only in nature, even if they split OS and IE11 updates. But I’m just guessing.

              If there is still any prupose to the Group A/Group B patching, we may continue to add the latter to AKB2000003, But if there is only one patch, delivered through WU, I don’t see the justification.

              1 user thanked author for this post.
            • #2138117

              PK:  Thanks for your response.  I have few more questions:

              1.  My understanding is that in order to be eligible for the ESU,  I will need to switch from Group B to Group A,  and install monthly rollups from this point forward.  Is that correct?

              2,  If so,  what is the procedure for doing this?  Do I simply install the February rollup when Woody gives the go-ahead for February?   Or is there something else I need to do?

              3.   Also,  I remember reading on this website where you advised a member to install the October 2019  rollup,  but I can’t remember where I saw that.  So is that true that I would need to start with the October rollup?

              I will appreciate your response.

            • #2138122