Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Comments on AKB 2000003: Ongoing list of "Group B" monthly updates for Win7 and 8.1

    Posted on GoTheSaints Comment on the AskWoody Lounge

    Home Forums Knowledge Base Comments on AKB 2000003: Ongoing list of "Group B" monthly updates for Win7 and 8.1

    Tagged: , ,

    This topic contains 332 replies, has 43 voices, and was last updated by  anonymous 1 month ago.

    • Author
      Posts
    • #98204 Reply

      GoTheSaints
      AskWoody Lounger

      Thanks for writing this @pkcano.

      In my (Do Not Install) list I also have KB3022345 -SFC / corrupt files- (later replaced by KB3068708), I wonder whether you should also include this one as well?

      http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html

      gts

      2 users thanked author for this post.
    • #98207 Reply

      PKCano
      AskWoody MVP

      I don’t believe KB3022345 is related to telemetry/snooping, which the list is excluding.
      Also, KB3068708 should have superseded KB3022345, which would make excluding the latter unnecessary.

      2 users thanked author for this post.
      • #98478 Reply

        GoTheSaints
        AskWoody Lounger

        At the time KB3022345 reared its ugly head it was put under the banner of “snooping” as well as the corruption it caused after running SFC.

        http://sensorstechforum.com/uninstall-windows-update-kb3022345-a-k-a-diagnostics-tracking-service/

        I suggested this update because if anyone was to restore to factory or start afresh on their computer it would be better not to install this update as well even though KB3068708 did supersede it not much later. To my recollection 8708 was shipped out a short time later because of the uproar over the corruption error after the lab rats had installed it.

        In no way am I telling you how to suck eggs, only penning my (limited) knowledge on these types of updates.

        gts

        • #98482 Reply

          PKCano
          AskWoody MVP

          There was a huge list of updates to avoid during the GWX campaign that have since been superseded and/or retired. The above list is current updates that contain telemetry/compatibility that are likely to appear in Windows Update at the present.
          If you are doing a clean install of Win7 SP1 you may see some of the older updates. But a clean install is a whole other ballgame not covered here.

          • This reply was modified 9 months, 2 weeks ago by  PKCano.
          • This reply was modified 7 months ago by  woody.
          3 users thanked author for this post.
        • #98643 Reply

          ch100
          AskWoody MVP

          KB3022345 is no longer available, so the clean installs are safe.
          See my other answer in this thread, because in fact you raised a valid issue.
          KB3022345 should be added to the list, but for other reasons.

          2 users thanked author for this post.
      • #98642 Reply

        ch100
        AskWoody MVP

        I think KB3022345 should be added to your list for Group B users for the sake of consistency.

        A bit of background.
        KB3022345 is the first in the series continuing with KB3068708 and KB3080149.
        Because of KB3022345 was faulty, it was retired and replaced with KB3068708.
        KB3022345 is no longer available, but it was not uninstalled from users computers who installed it, only superseded (made inactive) as long as one of the other later patches is installed.
        The reason why I say this patch should be added to the list, is that at least in theory, someone could have installed it when available and stopped updating immediately after.
        In such a situation, that user would have the Diagtrack service installed and not having the fixed patches released after.
        Another situation would be when someone installed in the past all three patches.
        When you instruct them to uninstall KB3080149 and KB3068708, then automatically KB3022345 becomes active if installed previously. DiagTrack service would still be there and in the worst case scenario, the user is left with a faulty patch reactivated.

        EDIT: added relevant URLs
        http://www.infoworld.com/article/2926179/microsoft-windows/microsoft-confirms-patch-kb-3022345-breaks-sfc-scannow.html
        http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html

        • This reply was modified 9 months, 2 weeks ago by  ch100.
        • This reply was modified 7 months ago by  woody.
        5 users thanked author for this post.
        • #98651 Reply

          PKCano
          AskWoody MVP

          I agree with you analysis that the patch (thus DiagTrack) can be on the computer and that it is a telemetry patch. But we are not considering correcting all the ills GWX imposed by uninstalling patches.

          If you see one of those patches in your list of updates, UNCHECK the box next to the patch, so it won’t be installed.

          How likely is this to happen, whether the patch is currently installed or was never installed?

          • This reply was modified 9 months, 2 weeks ago by  PKCano.
          • This reply was modified 7 months ago by  woody.
          1 user thanked author for this post.
          • #98792 Reply

            woody
            Da Boss

            I think it’s highly unlikely, but it wouldn’t hurt to add KB3022345 to the list. Yes?

            2 users thanked author for this post.
            • #98794 Reply

              PKCano
              AskWoody MVP

              Go ahead and add it.
              But I don’t believe it’s going to show up on WU for people to uncheck.

              2 users thanked author for this post.
            • #99208 Reply

              ch100
              AskWoody MVP

              I think we misunderstand each other, while we agree on the issue.
              This patch is no longer offered as it is retired by Microsoft.
              The issue is if some people installed it in the past and now they uninstall the patches that supersede it KB3068708 and KB3080149, they should go all the way and uninstall KB3022345 as well, only if it was installed.
              When an updated patch (KB3068708) is installed, the old one (KB3022345) is not removed, only made inactive, unless the user runs disk cleanup or uninstalls manually.

              We are talking about old installations here with hundreds of patches installed and which potentially have KB3022345 since the time when it was available, not about new installs.
              It took about 1 month for this patch to be superseded and removed from Microsoft servers, so there is a good chance that some people installed it at the time when it was available, either by ignoring Woody’s recommendations, or by not even knowing that there are such recommendations somewhere on the Internet.

              • This reply was modified 9 months, 2 weeks ago by  ch100.
              • This reply was modified 7 months ago by  woody.
              3 users thanked author for this post.
    • #98521 Reply

      Canadian Tech
      AskWoody MVP

      Thanks for this excellent compilation and guide.

      CT

    • #98611 Reply

      walker
      AskWoody Lounger

      @woody:

      Is it all right to “hide” the January 2017 Security Monthly Quality Rollup for Win 7, x64 since I will never install it, or is it best to just leave it there?   Several “old” updates disappeared (drivers only) so only one of those remains.   All unchecked.  I’ve never seen any directions on what should be done with these “rollup updates” for win 7, when I am in Group B, and will never install them.  Thank you for all of your invaluable help, and the WONDERFUL Defcon 5 rating!     🙂   🙂   🙂

      • #98612 Reply

        PKCano
        AskWoody MVP

        It is best not to hide the updates. Uncheck them before you install. The Jan one will go away when MS releases the next cumulative. (since it will be included in the next one)

        4 users thanked author for this post.
        • #98638 Reply

          walker
          AskWoody Lounger

          @pkcano:    Thank you for responding…..   I was thinking along those lines, however wasn’t sure until I asked you.    Now I can proceed as I thought was proper.

          🙂   🙂   🙂

    • #99201 Reply

      anonymous

      Woody,

      I was looking through my installed updates and found KB3021917 (installed 3/3/2015).  If I uninstall that, am I going to cause problems?  I seem to be running fine now.

      Thanks, Chip

      • #99203 Reply

        Kirsty
        AskWoody MVP

        Hi Chip,
        You should be able to uninstall KB3021917 without causing issues.
        This article by Martin Brinkmann on ghacks.net may be of assistance to you.

      • #99204 Reply

        radosuaf
        AskWoody Lounger

        You can uninstall without any worries.

        MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit PL
      • #99206 Reply

        ch100
        AskWoody MVP

        Uninstall it and it will go away gracefully, like most of the other Windows Updates.
        If you are OK with it, there is very little need to uninstall it though.
        It is not known to be harmful, only more or less useless.

        • This reply was modified 9 months, 2 weeks ago by  ch100.
        • This reply was modified 7 months ago by  woody.
    • #99381 Reply

      anonymous

      Question: with those security only monthly patches, would all of them have to be installed one at time (with rebooting I assume) or can one simply install the latest one on the list?

      • #99395 Reply

        PKCano
        AskWoody MVP

        The security-only patches are NOT cumulative. You have to install them one at a time.

        So – install the first (earliest date), reboot if asked, install the next, reboot, install the next, reboot…….

        1 user thanked author for this post.
    • #99616 Reply

      anonymous

      Anon here from yesterday evening about the updates. Another question (which is probably redundant, but…): Does WU have to be enabled in order to download the security updates? I get an error message because I have WU disabled.

    • #99620 Reply

      PKCano
      AskWoody MVP

      You can download the security-only patches from the MS Catalog with Windows Update Service disabled – because it is like downloading any file (music, e-mail, etc).
      You can install the updates manually with Windows Update set to “Never check for updates.”

      But to install the updates manually you go to Control Panel\Administrative Tools\Services, highlight the Windows Update Service and then click on “Stop” at the top left. You do not “disable” the service. It needs to remain on the normal setting, ie automatic or manual.

      EDITed for content

      • This reply was modified 9 months, 2 weeks ago by  PKCano.
      • This reply was modified 9 months, 2 weeks ago by  PKCano.
      • This reply was modified 7 months ago by  woody.
      1 user thanked author for this post.
      • #99679 Reply

        anonymous

        Many thanks for your help. I kind of figured it was that, but I wasn’t too sure about it. I did reset WU to Manual and did set it “stop”.

    • #101236 Reply

      PKCano
      AskWoody MVP

      Links updated 3/14/2017

      2 users thanked author for this post.
    • #103014 Reply

      anonymous

      Thanks for this list.
      Sticking to Group B, I guess we should also avoid the Security and Quality Rollup for .NET Framework, so you could also add the Security Only updates to this list.

      As of now, there’s only the December one, and it’s for Framework 4.6.2.

      Win 7 – KB3205406

      Win 8.1 – KB3205410

      • #103016 Reply

        PKCano
        AskWoody MVP

        There is no reason to avoid the .NET updates. They are OK.

        The Group B recommendations are to avoid the “Security Monthly Quality ROLLUPS for Windows”, and to download/install the “Security Only Quality UPDATE” and the security patch for IE11.

        1 user thanked author for this post.
    • #103781 Reply

      PKCano
      AskWoody MVP

      Links updated 3/23/2017

      2 users thanked author for this post.
    • #105399 Reply

      anonymous

      Are KB 4012212,KB 4012204, KB 4016446  and the net framework patch safe to download/install yet Win7,march 2017

      • #105402 Reply

        PKCano
        AskWoody MVP

        The MS-DEFCON number is still 2 – which means to WAIT. There have been problems with some updates.

        Woody will raise the DEFCON number to 3 or above when it is safe to install updates and he will publish instructions at that time.

    • #105468 Reply

      ozbadcat
      AskWoody Lounger

      Hi Guys …. I am in Group B security only am just a little confused regarding the IE ( hotfix) patch KB4016446 and wonder if it is necessary to apply to March Security only – KB4012204 ???

      From reading – It seems to be more specific to the March Cumulative IE ( KB4013073 ) version

      Hopefully someone can help

      Thanks, Rick in Oz

    • #105484 Reply

      Goofy
      AskWoody Lounger

      How did you know that the March 2017 IE Hotfix was available?  Where does MS post that info so smart people like u can tell dumb people like me that it exists?

       

      P.S.  Thanks for providing the above info for the 8.1 group B’ers.

      • This reply was modified 8 months, 3 weeks ago by  PKCano.
      • This reply was modified 8 months, 3 weeks ago by  PKCano.
      • This reply was modified 8 months, 3 weeks ago by  Goofy.
      • This reply was modified 8 months, 3 weeks ago by  Goofy.
      • This reply was modified 7 months ago by  woody.
    • #105499 Reply

      anonymous

      @PK,

      Any thoughts on KB3177467? which seems to predate the Oct 2016 patchocalypse.

      TIA

    • #105530 Reply

      Pepsiboy
      AskWoody Lounger

      Woody,
      Well, KB3150513 reared its’ ugly head again this morning on our desktop machine and got HIDDEN again. I manually installed the March Security update and MSRT on both machines. SO FAR, no problems.
      Many thanks to all that have helped me keep my sanity with all the MS garbage out there.

      Dave

      • #105536 Reply

        PKCano
        AskWoody MVP

        You also need the patch for IE11 (even if you don’t use it). It used to be included in the security patch, but no longer. So there will be two you need each month from now on.  Links to the download are here

        https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/

        You should not hide the Monthly ROLLUP. If you uncheck it before doing WU install, it will be UNCHECKED and won’t get installed. Yes, it will come back checked on reboot, but if you leave it like that, it will be replaced by the next month’s ROLLUP. You just have to remember to uncheck the ROLLUP before you do installs.

         

        • This reply was modified 8 months, 3 weeks ago by  PKCano.
        • This reply was modified 7 months ago by  woody.
        3 users thanked author for this post.
    • #105581 Reply

      anonymous

      Okay so for manual patches-We just gotta install the 3 for March manually and then scan Windows Update and hide the monthly roll thingy and also any of the KBS to watch out for if I’m correct. I’ll install the updates monday night and then do a scan tuesday night for updates and go from there-On the morning of tuesday and wednesday I’ll do a defragment and such so my computer is fine. 🙂

      I like to ensure I get back some MB after doing the updates, but it’s easy to follow. Also it’s good to have this kind of system for looking out for windows versions updates-it’s easier to know which ones to install and not to install.

       

       

    • #105732 Reply

      walker
      AskWoody Lounger

      @pkcano:       Are the following to be downloaded from the MS Catalog?   It does not indicate what the first one is, however I think it is the March Security Only Update (?).

      Mar 2017 KB 4012212 – Download 32-bit or 64-bit

      Mar 2017 (IE) KB 4012204 – Download 32-bit or 64-bit
      Mar 2017 (IE Hotfix) KB 4016446 – Download 32-bit or 64-bit

      I’ve been away from the computer for several days, and it seems there have been a few problems I’ve not read about.   I will keep looking.  Thank you VERY MUCH for everything you have posted.    I hope the list  – – – –  Published 23 March 2017 rev 1.1 – – – is up to date?

      Thank you once again for all of your hard work, and help with this monthly “process”.    🙂

      • This reply was modified 8 months, 3 weeks ago by  walker. Reason: Attempted to correct name of PKCano
      • This reply was modified 7 months ago by  woody.
      • #105734 Reply

        PKCano
        AskWoody MVP

        Are the following to be downloaded from the MS Catalog? It does not indicate what the first one is, however I think it is the March Security Only Update (?).

        The list is up-to-date. Please note

        Here are the Security-only patches, starting in October 2016, when the “patchocalypse” took effect. Make sure you download and install the version that matches the “bittedness” of your machine.

        In addition, there are links for the IE11 patches.
        The links for March 32-bit or 64-bit will auto download the update for you.

        1 user thanked author for this post.
        • #105739 Reply

          walker
          AskWoody Lounger

          @pkcano:  Thank you very much for the information….   I’ve gotten behind because of illness and trying to get caught up is difficult, however with your most kind assistance I’m hoping it will all go well.   I am most grateful  🙂

        • #107290 Reply

          walker
          AskWoody Lounger

          @pkcano:  I could not locate a reference (I thought I saw) to the IE Hotfix  KB4016446.   I thought it stated that unless you had installed another update that you”DID NOT NEED” the KB4016446 Hotfix.

          This is referring to the KB4016446, correct?   Thank you for your verification on this one.   Very much appreciated!!  🙂

          Edited to remove contend

          • This reply was modified 8 months, 1 week ago by  walker.
          • This reply was modified 8 months, 1 week ago by  PKCano.
          • This reply was modified 8 months, 1 week ago by  PKCano.
          • This reply was modified 8 months, 1 week ago by  PKCano.
          • This reply was modified 7 months ago by  woody.
          • #107300 Reply

            PKCano
            AskWoody MVP

            The reply you are looking for is here
            refers to KB4016446

    • #105748 Reply

      Goofy
      AskWoody Lounger

      Received “Advanced Micro Devices, Inc driver update for AMD SMBus” today thru Windows Update — Important/Check Marked.  Under the heading, Window 8.1 and later drivers.  Never saw the and later drivers addition before.  Guess this might be needed if I was getting ready to go to Win 10 — *crickets*

       

      • #105749 Reply

        PKCano
        AskWoody MVP

        I wouldn’t install it even if you are getting ready to go to Win10

    • #105979 Reply

      Silver_Crow
      AskWoody Lounger

      Will it hurt your system if you install multiple patches before a restart? (such as installing 4012212, 4012204 and 4016446 THEN restarting.)

    • #106122 Reply

      grams
      AskWoody Lounger

      Thank you so much!

    • #106274 Reply

      LH
      AskWoody Lounger

      I just sent a post beginning “I’m confused”.  Now I am even more confused.  I checked the top of the page before submitting the post to ensure that I was logged in.  When I pressed submit, it failed with the message “are you sure you want to do that?” (sounds like something out of a video game!).  I pressed submit again – this time it went OK, but when I checked I found that the message was “awaiting moderation”.  So – checked the top of the page again, to find that I had been logged out.  Is there a time limit involved here?

      LH (in case this also gets me logged out).

    • #106272 Reply

      anonymous

      I’m confused (not unusual for me)!  I am on Win7 Group B.  I source patches each month from WU (important Office patches) and MS Update Catalog (Win7 Security Only and .NET patches) – but wait for the all clear before installing.  I completely missed the IE11 patch and subsequent hotfix.  Thanks to your post, I have now downloaded these (but not yet installed).

      For my future reference, where are the IE Security Only patches to be found these days?  Not in WU, and I could think of no search parameters that were successful in MS Update Catalog.  I was sure that I had previously found these in earlier months since the October 2016 changes.

      Apologies if this has already been answered – I am still finding my way around the new Lounge.

    • #106935 Reply

      Canadian Tech
      AskWoody MVP

      PKCano. Thanks again for this great entry. I have been gradually doing this for all of you 150 client computers. I’m about 1/2 way done. They were not previously updated since October.

      Questions:
      Are IE patches and the patches that fixed the patches, safe to install yet?
      Are they going to re-issue fixed patches or just leave the mess the way it is?

      CT

      • #106938 Reply

        PKCano
        AskWoody MVP

        The IE patches for March are good. You need the hotfix only if your are running Dynamics CRM 2011.

        3 users thanked author for this post.
        • #106941 Reply

          Canadian Tech
          AskWoody MVP

          Thanks for clarifying that.

          CT

          1 user thanked author for this post.
        • #107359 Reply

          walker
          AskWoody Lounger

          @pkcano:  My most sincere apologies for overlooking your reply.   I have been seriously ill for almost 3 weeks, and when one is this sick for this long, it affects not only the body but the mind.   I am so humiliated by my faux pas.

          I thank you so much for all of the outstanding, hard work you do for all of us on this website.   You deserve a BIG “GOLD STAR” for your exemplary contributions and I don’t know what we would do without you!!    🙂

      • #109625 Reply

        Canadian Tech
        AskWoody MVP

        PKCano, just to update you. I have completed my sweep of my 150 client computers using Oct, Nov, Dec, Jan security only patches. Also the IE patch and all Office patches prior to March. Also .net up to March. You saved me a bunch of time and provided some peace of mind.

        Judging from the torrent of WU messes being served up by MS lately, I am not at all certain I will do any more updates.

        CT

    • #106963 Reply

      FakeNinja
      AskWoody Lounger

      About these security only updates, where do they come from? Do Microsoft make them and why? I thought they started putting security, telemetry and all that in one single monthly update, why are they making security only updates aswell?

    • #106965 Reply

      PKCano
      AskWoody MVP

      There are two methods of patching Windows.

      Microsoft delivers the “Security Monthly Quality ROLLUP for Windows” through Windows Update to the PC. It contains both Security and non-security updates and is cumulative. Cumulative means that this month’s ROLLUP contains the previous month’s ROLLUPS. It is available to all Windows Users.

      For those people who do not want the non-security, Microsoft provides the “Security Only Quality UPDATE for Windows.” It contains only the security patches. It is not available through Windows Update. The patches must be downloaded from the Microsoft Update Catalog and manually installed. Because it is easier to find, we provide links to the Catalog for these Security Only UPDATES each month.

      In Woody’s terminology, those who install the ROLLUP are in Group A. Those who choose not to install the ROLLUP, but instead manually install the Security Only UPDATE, are called Group B.

      5 users thanked author for this post.
      • #107053 Reply

        FakeNinja
        AskWoody Lounger

        I just think it’s weird Microsoft would be kind enough to provide the security only updates when they’re doing everything they can to get people to upgrade to windows 10. I really hope they won’t stop doing this.

        • #107078 Reply

          Canadian Tech
          AskWoody MVP

          It is far from an act of kindness. They are doing it because they have little choice but to provide the support demanded by their large customers. However, this company now has a track record of untrustworthiness.

          Don’t be surprised to find patches to security-only updates buried in patches of the other type.

          It would be a mistake to assume this continued support.

          Couple that with a clear track record of incompetent development of the Windows Updates themselves and it is clear that Updates of Microsoft products is a minefield.

          CT

          5 users thanked author for this post.
    • #107303 Reply

      anonymous

      Could the first post be updated to reflect that info? That the hotfix is only necessary under those conditions.

      • #107307 Reply

        PKCano
        AskWoody MVP

        This will be revised Tuesday (Apr 11) to reflect the April patches. I will add that then.

        1 user thanked author for this post.
    • #107582 Reply

      PKCano
      AskWoody MVP

      Updated 4/11/2017

      NOTICE: The patches for IE11 ARE CUMULATIVE

      Edited to add IE11 information

      • This reply was modified 8 months, 1 week ago by  PKCano.
      • This reply was modified 7 months ago by  woody.
      3 users thanked author for this post.
      • #107590 Reply

        radosuaf
        AskWoody Lounger

        We already know that security-only is not really security-only… I keep wondering if I should reinstall clean and join group C/W.

        MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit PL
        • This reply was modified 8 months, 1 week ago by  radosuaf.
        • This reply was modified 7 months ago by  woody.
    • #107891 Reply

      James Bond 007
      AskWoody Lounger

      Apparently this list only contains the “security only quality update” and the IE cumulative security update, but not other security only updates such as the .NET security only update KB4014985 released this month.

      I believe the .NET security only update is not included in the “Security only Quality Update”. Therefore I am convinced that for complete Group B patching you have to apply the “Security only Quality Update”, the IE cumulative security update, and the .NET security only update (if there is one). Please correct me if I am wrong about this.

      Is there a reason why the .NET security only updates are not included in the list?

      Hope for the best. Prepare for the worst.

      • #107894 Reply

        PKCano
        AskWoody MVP

        The .NET updates do not contain the MS telemetry and are considered to be safe for installation (at DEFCON 3 or above) for Group B.

      • #107898 Reply

        PKCano
        AskWoody MVP

        Here is an explanation of the difference between Windows patches and patches for other MS software https://www.askwoody.com/forums/topic/group-b-and-patch-blocklists/#post-106970

      • #108992 Reply

        glnz
        AskWoody Lounger

        To James Bond 007 and PKCano –
        Thanks to MS making this very confusing, your valiant efforts here to clarify are still hard for non-techs such as myself to follow. But I’m responsible for keeping my wife’s mini-SOHO as secure as possible, so I’m trying.

        This month – April – I have NOT yet installed kb4014985 – which is security only (?) update for the .NETs for Win 7 Pro 64-bit.
        However, James Bond 007’s question above seems apt. Should I install this?
        PKCano – I think you intend us to wait until you’re at Defcon 3, and today we’re still at Defcon 1, so not yet?

        ALSO, I downloaded the installation files from Windows Update Catalog, and it gave me FOUR files, not one. They are:

        ndp46-kb4014552-x64_32e1c3af9a27962c93682fc66584803baa729782.exe
        ndp46-kb4014558-x64_900b63e9c928af1224ba91e4a0d0a14cceee92f6.exe
        windows6.1-kb4014573-x64_12e4991474e5150382f317efd3fcbd8a13090ce5.msu
        ndp45-kb4014566-x64_95b57712424a36cac3fc2f27fcc12e4555a80afd.exe

        Does that look right?
        If I install, is there a particular order to run them?
        Thanks again.

        • This reply was modified 8 months ago by  glnz.
        • This reply was modified 7 months ago by  woody.
        • #108994 Reply

          PKCano
          AskWoody MVP

          You only install the one for the version of .NET you have on your computer. Check which ver you have, then the information you need is here

          1 user thanked author for this post.
    • #107940 Reply

      anonymous

      I’m new here. An old but thankful guy for all the expertise being shared here.

      I successfully installed KB4012212 & KB4012204 shown at top of this forum (this was before the Apr additions). I’m using Win7 Pro SP1 64bit.

      Having 5 of the 6 offending KB’s, I then went on to uninstall them & included KB3075249 having seen that referenced somewhere herein or elsewhere from a linked reference. I did this from the Control Panel Installed Updates listing. Everything went fine and restarting, whenever prompted, after each one. I reviewed the Installed Update list after each uninstall to verify its removal.

      The last one (KB2952664) however is the problem. The Windows response message was the same as for all the others (successfully uninstalled). After the restart and checking the installed update list to verify it’s gone, I discover it is NOT! It remains listed, BUT now shows the then current date of 4/10/2017 as the installed date, NOT the previously shown date of 10/18/2016.

      Is this a real issue? Is it readily (easily) solved? How? Thanks.

    • #107948 Reply

      PKCano
      AskWoody MVP

      Yes, it’s a problem and No, it’s not easily solved. KB2952664 has had 23 iterations. When you uninstall one, the next one earlier shows back up. You have to uninstall all of them.

      And – you have to keep them from getting reinstalled. In other words, you have to keep hiding them when they show up in Windows Update (the latest one is dated March of this year).

      There is a command line uninstall, but you have to have the version number of each one to do it that way.

      Edited to correct context

      • This reply was modified 8 months, 1 week ago by  PKCano.
      • This reply was modified 7 months ago by  woody.
    • #107990 Reply

      samak
      AskWoody Lounger

      Yes, it’s a problem and No, it’s not easily solved. KB2952664 has had 23 iterations. When you install one, the next one earlier shows back up. 

      I think this should read “When you uninstall one…”

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      1 user thanked author for this post.
    • #108052 Reply

      anonymous

      KB4014661 is Cumulative update right ? that means if i install KB4014661 im no longer need to install KB4016446 and KB4012204 or any other previous released one ?

      • #108192 Reply

        PKCano
        AskWoody MVP

        It is not clear at this point whether the IE11 updates form the Catalog are cumulative. So at this point I would recommend installing  – March first (KB4012204) then April (KB4014661). It won’t hurt anything to do this. When we verify one way or the other, the wording will be changed on AKB2000003.
        You only need the hotfix (KB4016446) if you are running CRM 2011.

        Update:

        Updated 4/11/2017

        NOTICE: The patches for IE11 ARE CUMULATIVE

        • This reply was modified 8 months ago by  Kirsty. Reason: Updated info
        • This reply was modified 7 months ago by  woody.
        1 user thanked author for this post.
        • #108241 Reply

          walker
          AskWoody Lounger

          @pkcano:

          The MS-DEFCON 1 is what it’s set at now which means we should not install ANYTHING?

          I’m up-to-date with March.

          I have not checked out the latest “updates”, and haven’t seen anything other that what you posted about  April above (April (KB4014661).   I’m confused (my usual state) so just wondering what is transpiring.

          Thank you once again for all of your wonderful help.  It is very much appreciated!  🙂

          • #108243 Reply

            PKCano
            AskWoody MVP

            March updates are OK.
            April updates are still on DEFCON 1.

            2 users thanked author for this post.
            • #108399 Reply

              walker
              AskWoody Lounger

              @pkcano:    Thank you for the clarification about the APRIL updates being on MS-DEFCON1.

              Is it “safe” to install the April updates you have listed for Win7 (64).  I think there are 2 of them, one the Security Only, and one for the IE.    Is this correct?  Apologies for not understanding.

              This is what’s on the list:

              Apr 2017 KB 4015546 – Download 32-bit or 64-bit
              Apr 2017 (IE11) KB 4014661 – Download 32-bit or 64-bit

              Thank you for your clarification with this.   Your help is invaluable to those such as I, who are totally “lost” with some of these things.  Thank you so much for your patience, and your outstanding help.     🙂

               

            • #108405 Reply

              PKCano
              AskWoody MVP

              April updates are on DEFCON1 – that means WAIT until DEFCON number is 3 or above

              2 users thanked author for this post.
            • #108566 Reply

              walker
              AskWoody Lounger

              @pkcano:  Thank you SO much for verifying what I thought.  Your help is appreciated more than words can express.  You are indispensable, and highly esteemed by ALL!    🙂

              1 user thanked author for this post.
        • #113720 Reply

          owdrtn
          AskWoody Lounger

          Lifetime Cumulative, or Cumulative only from the new servicing rollup model circa oct-2016 ?

          • #113726 Reply

            PKCano
            AskWoody MVP

            As of March 1, 2017 there is also a download patch for IE11. The patches for IE11 ARE CUMULATIVE.

            The IE updates were a part of the security-only updates until March.
            They are cumulative since Oct 2016.

            1 user thanked author for this post.
    • #108084 Reply

      anonymous

      Anonymous from 4/12/2017 @12:35pm here (regarding KB2952664 above)

      Thank you PKCano & samak for your responses. I’m most appreciative.

      Just so I understand correctly, I’ll keep uninstalling as long as it keeps reappearing. Once it stops appearing, be sure to hide it if/when it shows up in Windows Update.

    • #108389 Reply

      212louis
      AskWoody Lounger

      Just an FYI,

      W7 x64, SP1, Chrome browser.

      I recently encountered a never before seen MS catalogue “error” while attempting to download the April Security Only Update directly from the catalogue:

      “windows update catalog error 8DDD0010”

      After some googling around and ending up at the MS Community an answer was offered that allowed the download window to open correctly: Manually inserting https:// in the catalogue address bar in front of the www. Click “All Replies” and go to Page 3.

      https://answers.microsoft.com/en-us/ie/forum/ie11-iewindows8_1/windows-update-catalog-error-8ddd0010/ffcd76a1-48d6-432f-a5a7-a2d1084c4efe

       

      • This reply was modified 8 months, 1 week ago by  212louis.
      • This reply was modified 8 months, 1 week ago by  212louis.
      • This reply was modified 7 months ago by  woody.
      1 user thanked author for this post.
    • #108415 Reply

      PKCano
      AskWoody MVP

      The patches for IE11 ARE CUMULATIVE

    • #108990 Reply

      glnz
      AskWoody Lounger

      pkcano – many thanks for this thread!  I am using it to keep safe the two Win 7 Pro 64-bit machines in my wife’s mini-SOHO.  Also my own.

      HOWEVER, last month (March), on another thread, two weeks after March Patch Tuesday, I asked whether Woody and you had given the green light to the FULL MS update, and you (I think it was you) said OK.  Then I ran the full update and all is OK on our Win 7 Pro 64-bit machines

      In other words, I start in Plan B on Patch Tuesday and follow your list here, then if things look OK two weeks ± later, I go to Plan A.

      So, which is the best thread on this forum to ask you two weeks later whether I can install the full update/Plan A (or whether you think there are still problems and I should continue to hold off)?

      Thanks again!

      • #108991 Reply

        PKCano
        AskWoody MVP

        When the DEFCON number at the top of the HomePage is 3 or above, Woody posts the instructions for updating and it is safe to install (following his instructions).

        1 user thanked author for this post.
      • #109352 Reply

        Elly
        AskWoody Lounger

        In other words, I start in Plan B on Patch Tuesday and follow your list here, then if things look OK two weeks ± later, I go to Plan A.

        @glnz- Are your Plan A and Plan B referring to updating Group A or Group B? Be aware that these Groups are two different ways of updating your computer, based on your needs and decision. Both Group A and Group B wait for Defcon 3 or above to install patches, but they install different patches. If you have been following the Group B updating of security only patches, and then install the Monthly Rollup for Group A, you have moved to Group A… The monthy rollup is cumulative and includes telemetry that Group B has decided not to install. Waiting to install patches isn’t dependent on Group… it just lets all the bugs be found by others, and hopefully fixed, before you install them, whether you are Group A or B.

        So… you would check the Defcon number at the top of the Home page before installing any updates, no matter which group you have chosen. Installing before Woody gives the all clear will ensure your status as an unpaid beta-tester… and finding the possible bugs on your own system!

        When Woody gives the all clear, he also does a post on updating for that month, what bugs were discovered and fixed, and links for instructions on updating. For example, the last time Woody cleared the updates was here: https://www.askwoody.com/2017/ms-defcon-3-time-to-get-windows-and-office-patched-but-watch-out-for-these-buggy-critters/

        It alerts you to the change… and provides a link to the full instructions. At that time, you can follow the updating instructions for your Windows operating system, and Group choice.

        Just waiting two weeks isn’t the same as waiting until it is cleared, although one would hope that the worst bugs are identified and fixed by then.

        Some of the people here are technically able, and install the updates right away, and post their findings. If their system gets screwed up, they are able to fix it. So you will see that people are doing this, and reporting no problems, or if they are having problems. That doesn’t mean a non-techy like me will be jumping in and updating… until the all clear is given.

        PKCano kindly maintains the list here, for people who have chosen to update via the Group B method, because the security only updates are not available through Windows update.

        Forgive me if I have assumed wrong, and you already know all this. I’ve been sensitized to how newcomers to the site don’t understand what is being referred to, having referred many family and friends here, and then having to answer their questions.

        Happy and safe computing to you!

         

        Elly-

        Win 7 Home, Group B

        4 users thanked author for this post.
    • #109714 Reply

      anonymous

      Thank you for this list. Please Note: ClamWin gave a warning for kb4012204 along the lines of “can’t filter win.exploit something”. What is going on? Have not installed. Not suggesting it is these links. Update: even worse Win.Exploit something 2017 listed for the IE update. Haven’t installed anything since October. Downloading these for a fall-back folder. So, probably a bit behind with all this. Thank you PKCano for this excellent resource. Please note I think ClamWin is a very good AV and I’m not that sure that these are false positives.

      • #109718 Reply

        PKCano
        AskWoody MVP

        The links above are directly to the Microsoft Update Catalog.

        1 user thanked author for this post.
    • #109739 Reply

      anonymous

      This is exactly the type of article I am looking for! 😀

    • #109848 Reply

      anonymous

      Is there a post or thread that contains the direct links for the security only .Net patches like this excellent one for the Windows and IE ones?

    • #110152 Reply

      Canadian Tech
      AskWoody MVP

      @pkcano, Request. I have a problem with your posting here. I need to send an email to my clients with a few selected links that you list here. Problem is that this posting is far to complicated to send them to. I need to simply send them the links. This posting does not have the links that I can do that with.

      What you post is convenient for users of this site, but not for re-posting. Can you provide the actual links????

      CT

      • #110157 Reply

        PKCano
        AskWoody MVP

        If you right-click on the individual link and choose “copy link location,” then paste it into an e-mail, you can send them the individual link to the MS Catalog.

        1 user thanked author for this post.
        • #110159 Reply

          Canadian Tech
          AskWoody MVP

          Thanks PK. In Windows 7, the selection is Copy shortcut.

          CT

          • #113891 Reply

            ch100
            AskWoody MVP

            @CT
            This is because you use IE, while @pkcano provided the same information for Firefox 🙂

        • #110818 Reply

          walker
          AskWoody Lounger

          @pkcano:  Is the list showing the update information now “up-to-date”?  The only one I see is the one showing published date of April 13th.  Understand there is information on InfoWorld too, and trying to figure all of this out is confusing.    I know I’m okay because I have “Ivy Bridge” or something like that because it was verified a while back.   I see we’re at Defcon 3 now.

          Thank you for all of the hard work you do to provide advice to try to keep us “safe”.  You help is definitely outstanding.      🙂

    • #110819 Reply

      CADesertRat
      AskWoody Lounger

      This morning KB4014985 throws an error when you click on “Download”.

    • #110856 Reply

      CADesertRat
      AskWoody Lounger

      Sorry

    • #111030 Reply

      anonymous

      Just want to thank you again for the work you put into this on going thread PKCano.

      I just installed the April Security Only update KB 4015546 on my Win7 desktop and the Security Only update KB 4015547 on both of my Win8.1 laptops. I also installed the  IE11 update on the laptops (I don’t have IE on the desktop). I did install security updates for .NET too.

      I follow this site daily and check for the Security Only patches every month as I will try to remain in “Group B” for as long as possible. Thanks to this site I have been able to do this.

    • #111083 Reply

      Pepsiboy
      AskWoody Lounger

      PKCano,

      Many thanks for keeping this thread going and keeping it updated for us.

      I installed the April Security only updates listed last night. So far, everything seems to be OK. Please keep up the good work. Without it I, among many, would be overwhelmed by all the MS garbage (just being polite).

      Dave

    • #111103 Reply

      fl
      AskWoody Lounger

      Thanks very much for this extremely helpful information.

      Mac Mini v. 6.2 (2012) with Win7 64 bit
      MacBook Pro v. 3.1 (2007) with Win7 32 bit
      Group B Updater

    • #111177 Reply

      MrBrian
      AskWoody MVP

      For Microsoft updates from April 2017 and later, one can also use Microsoft’s Security Update Guide to get download links for both monthly rollups and security-only updates. To display security-only updates, set checkbox “Security Only” to checked. The Product column contains links to monthly rollups.

      Use the textbox to filter by operating system:

      Windows 7 x64: use filter “Windows 7 for x64” (without quotes)
      Windows 7 x86: use filter “Windows 7 for 32” (without quotes)
      Windows 8.1 x64: use filter “Windows 8.1 for x64” (without quotes)
      Windows 8.1 x86: use filter “Windows 8.1 for 32” (without quotes)

      • This reply was modified 7 months, 3 weeks ago by  MrBrian.
      • This reply was modified 7 months ago by  woody.
      2 users thanked author for this post.
    • #111485 Reply

      anonymous

      Started updating my machines today (now at Defcon 3), so far two HP machines (one lap top running Win7 Home Prem and one Desktop i5 running Win7 Pro both did an extra restart on the Windows Security only iinstall.  Ran the usual other stuff first (Net and Software Removal tool) which required a restart, then the Group B package which did a restart and configuring windows up to 100 per cent then then shut down and restarted and went to configuring windows and no percent count but finally the sign in screen.  Then ran the IE updates which restarted as expected.  Both machines have Intel chips.

      Will be interesting to see if the behavior continues with the Dell i7 desktops and Dell i5 laptop which I won’t get to until tomorrow.

      Since I’m running cableCARD tv tuners and Media Center I don’t really trust MSFT updates having been burned a couple of times in the past.

      • #111494 Reply

        anonymous

        Yeah i noticed a double restart myself, i thought for a moment it had gone into the endless  reboot loop

    • #111667 Reply

      JohnW248
      AskWoody Lounger

      Update on double restarts,  having completed seven machines, five of them had a double restart on the Win Security stand alone updater.  Win 8.1 pro did not (Lenovo laptop) and the new Dell i5 Laptop did not (couple of years old but just had to replace the HD and re-install Win7 Pro).

      Have one machine left, but this appears to happen more often than not.

    • #112160 Reply

      ht
      AskWoody Lounger

      I ran “check for updates” today. I am still being offered the March 2017 kb4012215 (rather than April 2017 kb4015549) Security Monthly Quality Rollup for Win7 x 64 based systems. Is anyone else having this experience?

      I am in group B, updates are current through March 2017 Security Only kb4012212, March 2017 Cumulative Security for IE 11 kb4012204 and IE hotfix kb4016446. I’d unchecked but not hidden the March Rollup per PKCano’s instruction, expecting it to be replaced with the April Rollup.

      I have downloaded and am ready to install April 2017 security only kb4015546 and April 2017 cumulative security for IE 11 kb4014661, but wonder if I should do this IF MS has pulled April 2017 Rollup kb4015549 – it appears it is downloadable via the MS update history page.

      • #112165 Reply

        PKCano
        AskWoody MVP

        Go ahead and install the April security-only and IE patches. With the vulnerabilities introduced by the Shadow Brokers, you need the protection.
        Just be sure to uncheck anything that says “Security Monthly Quality ROLLUP for Windows

        2 users thanked author for this post.
        • #112202 Reply

          ht
          AskWoody Lounger

          PKCano, is it unusual that April Rollup didn’t replace the March Rollup, since I didn’t install but didn’t hide the latter?

          • #112205 Reply

            PKCano
            AskWoody MVP

            If you had hidden the April Rollup, the March Rollup would show back up. But since you didn’t hide either, I have no explanation.
            I would go ahead and install the April security-only and IE patches. The March Rollup should disappear for sure when the May Rollup shows up if you don’t hide March’s. If that’s not the case, then we should try to figure what’s going on.

            The reason last month’s Rollup disappears is because it is contained in this month’s Rollup, If you don’t hide Rollups, they are replaced (superseded) by the next later one.

            1 user thanked author for this post.
            ht
      • #112181 Reply

        Kirsty
        AskWoody MVP

        @ht

        I am still being offered the March 2017 kb4012215 (rather than April 2017 kb4015549) Security Monthly Quality Rollup for Win7 x 64 based systems. Is anyone else having this experience?

        From my experience, after installing the current security-only monthly updates, I am still offered the Security Quality Monthly Rollups, which I hide. After hiding this month’s “quality rollup”, it becomes a game of whack-a-mole, being offered the previous month’s “quality rollup”, etc. etc. etc. It is safe to ignore the “quality rollup” you are being offered, if you choose to stay as Group B updating.

        4 users thanked author for this post.
    • #112890 Reply

      anonymous

      Just finished installing Apr individual updates KB4015546 and KB4014661 without problem. Then ran WUD which revealed 9 important updates. I installed the Update for .NET 4.5.2 (KB4014559) also without problem. Thanks for all your help!

      I’d appreciate advice/guidance on some of the other offered important updates:
      1) Are MS Office 2007 security update KB’s 3141529, 3191830, 3191827, 3191929 and 3127890 (all dated 4/11/17) okay to install?

      2) A Security Update for Silverlight (KB4017094, dated 4/11/17) appears. When I click on the link for more info I’m taken to a MS page with the message “This page doesn’t exist.” Below that message in grayed-out text the following appears: CV:xnH/iQbSKdED7YTP.O. Below that is the message “Try searching for what you need.” Typing in the KB4017094 in the search field produces some linked references that provide much less than helpful (in my opinion) information. Is this really something important to be installed?

      Thanks for any insight/help you may have to offer on these two concerns.

      • #112896 Reply

        PKCano
        AskWoody MVP

        Yes, you need to install the Office 2007 updates.

        If you have Silverlight (a browser add-on) installed on your computer, you need the security update for it.
        If Silverlight is installed on your computer and you don’t want/need/use it, it is OK to uninstall it, then you do not need the security update.

      • #113007 Reply

        anonymous

        Author of #112890 here. Thank you PKCano.

        Re Office Updates – Installed without problem.

        Re Silverlight – It is on computer but I don’t know if its needed or used. I primarily use Firefox and Silverlight is no longer supported. IE11 only used very occasionally. For now its been disabled in IE. Whether to uninstall Silverlight or install its security update depends on my browsing experience with it disabled.

        In running WUD this AM I was surprised to see a new cumulative security update for IE11 being offered (KB3008923 dated 12/9/2014). This update’s details window, package details tab shows 2987107 & 3003057 as the updates being replaced. None of these updates currently appear in my installed updates list.

        Being reluctant to install a 2-1/2 year old update after just installing the most recent cumulative security update, I am again seeking your wise counsel. Thanks.

        • #113011 Reply

          PKCano
          AskWoody MVP

          In running WUD this AM I was surprised to see a new cumulative security update for IE11 being offered (KB3008923 dated 12/9/2014).

          See the main Blog article on KB3008923. UNCHECK it if you are installing updates. Leave it alone. It caused problems in it’s day and has been superseded. No telling what’s going on with MS.

        • #113012 Reply

          Canadian Tech
          AskWoody MVP

          I will offer my 2 cents. When I see Silverlight on a client computer, I recommend it be removed. Then and only if they find they have a need for it, install it at that time. Silverlight is largely unused now.

          CT

          1 user thanked author for this post.
    • #113641 Reply

      owdrtn
      AskWoody Lounger

      starting in October 2016

      Suggestion: the following part of this post: starting in October 2016

      Might be relevent for those trying to catch up the B-Way on machine that have not been properly maintained prior to Oct-2016.

    • #113663 Reply

      PKCano
      AskWoody MVP

      AKB2000003 Updated 5/9/2017

      2 users thanked author for this post.
    • #113738 Reply

      Pepsiboy
      AskWoody Lounger

      Well, here is more fuel for the fire.

      I just opened Windows Update, and what a shock. There are no longer ANY hidden updates listed, and there are 9 Important and 6 Optional updates available.
      Listed as Important and checked:
      KB4014981 April Security and Quality Rollup for .NET Framework
      KB3008923 Cumulative Security Update for IE 11
      KB954430 Security Update for Microsoft XML Core Service Pack 2
      KB973688 Microsoft XML Core Service 4.0 Service Pack 2
      KB2952664 Update for Win 7 X 64
      KB3068708 Update for Win 7 X 64
      KB3080149 Update for Win 7 X 64
      KB971033 Update for Win 7 X 64

      Listed as Important Unchecked:

      KB3021917 Update for Win 7 X 64

      Listed as Optional:

      KB4015552 April Preview Monthly Quality Rollup for Win 7 X 64
      KB2574819 Update for Win 7 X 64
      KB2592687 Update for Win 7 X 64
      KB2830477 Update for win 7 X 64
      KB3080079 Update for Win 7 X 64
      KB3102429 Update for Win 7 X 64

      No mention of KB4019263 Security Only Update or KB4018271 Update for IE 11.
      Make me wonder “What did I miss, or why is MS messing with my machine?

      Dave

      • #113739 Reply

        PKCano
        AskWoody MVP

        No mention of KB4019263 Security Only Update or KB4018271 Update for IE 11.

        These two patches are not offered through Windows Update. Only through the MS Update Catalog (or the links above)

        KB2952664 Update for Win 7 X 64 KB3068708 Update for Win 7 X 64 KB3080149 Update for Win 7 X 64 KB971033 Update for Win 7 X 64

        I wonder if you accidentally clicked on “Restore hidden updates”?

        • #113741 Reply

          Pepsiboy
          AskWoody Lounger

          PKCano,

          No, I did not click on “Restore Hidden Updates” by accident. I have not been in Windows Update for about 3 days. This afternoon I thought I’d check, WOW, what a surprise. Do you think I should hide some or all of them and carry on, or something else?

          Thanks, in advance.

          Dave

          • #113745 Reply

            PKCano
            AskWoody MVP

            KB2952664 Update for Win 7 X 64 KB3068708 Update for Win 7 X 64 KB3080149 Update for Win 7 X 64 KB971033 Update for Win 7 X 64

            I assume these were hidden. If so, re-hide them.

            The rest you should leave alone until the DEFCON number changes to 3 or above. We’ve no idea what this month’s patches will bring at this point!

        • #118456 Reply

          walker
          AskWoody Lounger

          PKCano:   I started another message to you, however it disappeared so I will start it over again.  I don’t know what I did or didn’t do to get the stand-alone Security Only KB4019263 to install successfully.   It seems that there may have been changes to the method which I used in the past (just stopping the WU Service).   Running Win 7, x64, Home Prem.

          I downloaded the update, and stopped the “Win Update Service), and then tried to get it installed.   It reflected that it was initializing, and then installing, however then there was a message that it “failed”.      Are there “new steps” to installing the stand-alone updates?  I did not attempt the IE Cumulative update, only the Security only.

          I have no clue as to what I’m “doing, or not doing” to cause this problem.   Could you please provide guidance for me with this problem?  I definitely need these updates, however I must be missing something that may be “new”.   I most sincerely appreciate  your help.   I am totally lost and do not want to repeat any error I may have made.  I definitely did not click on the 32 bit, so that’s not the problem.    Thank you for any help you may be able to  provide.

          • #118458 Reply

            PKCano
            AskWoody MVP

            There is nothing new in the procedure.
            Look in the update history and see if either KB4019264 or KB4019263 are listed as “successful”
            If KB4019264 is there, you will not be able to install KB4019263.
            If KB4019263 is there and shows “successful,” you already have the update.
            If neither are there “successful,” reboot the computer, wait 10 minutes after you login without doing anything, and try to install again.

            1 user thanked author for this post.
            • #118502 Reply

              walker
              AskWoody Lounger

              @pkcano:  I do not have either of these updates installed.  The one which noted “Failed”, KB4019263 is not installed, and I did not have KB4019264 installed (the Security Monthly Quality Rollup).    So I have neither of them.

              Back in April I had my first “Failed” update, which was KB4014661.  This was the IE11 Cumulative update.    Nothing I did would get it successfully installed, so at that time we felt that the  next IE update  (KB4018271) would probably bring it back to where it should be.      After failing with the KB4019263 install, I did not attempt to install the May IE11 update (KB4018271).

              If I’m understanding you correctly, I should attempt to DL & install the KB4019263  as follows:

              “If neither are there “successful,” reboot the computer, wait 10 minutes after you login without doing anything, and try to install again”.
                               ***************************************
              I hope to have time tomorrow to try that.  The first time I had the problem was on April 29th, and I attempted numerous times to get it installed without success.   I hope that this will do the trick.  Thank you very, very much for your most appreciated help!   🙂

               

              • This reply was modified 6 months, 3 weeks ago by  walker. Reason: Structure of message not well defined
    • #113747 Reply

      owdrtn
      AskWoody Lounger

      I can see 4018271 already listed here (GroupB-approved KB list).
      Have you guys gone over some audit/review of this KB in order to claim it’s free from telemetry?  (filelist review, network audit/lookup for MS phoning home, reg changes, etc etc..) ? I just find it weirds it’s getting listed here so quickly ..

      a very brief look at the file included with this kb already show some “telemetry potential” ..
      Diagnosticstap.dll
      Javascriptcollectionagent.dll
      Diagnosticshub.datawarehouse.dll
      Ticrf.rat
      Ieetwcollector.exe
      Ieetwcollectorres.dll
      Ieetwproxystub.dll
      to name a few.. (note that I make no assumption here as I have no idea what those file actually does, windows doesn’t provide such information, and I haven’t nor intend to R.E/digg those, windows stole enough of my lifetime with their mess)

    • #114012 Reply

      Rusty1963
      AskWoody Lounger

      Hi all,

      I’m not sure exactly where to post this question, but since this page is to do with updates, I figured it would be OK.

      I got caught out last month, and my windows update was stopped when I installed one or other of the updates, I was told that Kaby Lake is no longer supported…..

      I uninstalled those updates and it seems that my uninstall was successful…..

      I have just received notification of updates , KB4019264, 4019112 and 890830.

      I am loathe to allow M$ to use my computer for blackmail so I won’t install them until I get some kind of feedback.

      Has anyone looked at them in detail, and if so, what is the verdict ?

      Thanks !

      Graphic design, Animator, Moviemaker, Editor and Photographer. Amateur computer techie.

      • This reply was modified 7 months, 1 week ago by  Rusty1963.
      • This reply was modified 7 months ago by  woody.
    • #114621 Reply

      glnz
      AskWoody Lounger

      Wall Street Journal has just now published a top-front-web-page article captioned “Major Cyberattack Sweeps Globe, Causing Disruption”.

      It’s at this link :  LINK

      If we’re on Plan B, are we protected?

      • #114624 Reply

        PKCano
        AskWoody MVP

        You need to be patched through April – either the Rollup or the Security-only

        1 user thanked author for this post.
    • #114687 Reply

      owdrtn
      AskWoody Lounger

      @pkcano @woody
      Who’s maintaining this list ? it’s being actively updated, but some listed KB are either missing or superseded by now.. reported a couple already but haven’t got any feedback, so I guess it’s useless to report them here again..

      • #114786 Reply

        PKCano
        AskWoody MVP

        Click on the link. If the update is downloadable, it is still available in the Catalog. It has not been retired. This is an ON-GOING list.

        1 user thanked author for this post.
    • #114858 Reply

      owdrtn
      AskWoody Lounger

      ON-GOING

      Culprit might be my limited english here, i’ll have a look at the distinction of the “ongoing” word vs “up-to-date” . Thanks for specifying.

      Just want to point out however, that I didn’t refer to the catalog’s availability of those KB listed here, but their relevence in regards to their “supersedence” & “B-Group” properties …

      • #114864 Reply

        PKCano
        AskWoody MVP

        It is ALSO up-to-date. The May patch is included and is relevant to Group B.
        However, with the DEFCON level at 2, the May patching has not been approved.

        1 user thanked author for this post.
        • #114905 Reply

          walker
          AskWoody Lounger

          @pkcano:   Is it “safe” to CHECK for updates if you don’t install any of them?   I see references to updates that I don’t have listed because I have it set to “NEVER CHECK”, and only check for updates to see what’s been added.   I do not install anything at that time, only “check for updates”.

          Because of all of the problems with the malware issue, I’ve been afraid to do my usual “check for updates”.   I’ve seen that some users appear to have their computers changed in ways that they did not direct, so I don’t know what to think anymore.

          Thank you for the wonderful help, and guidance you provide to all who depend upon your outstanding expertise and knowledge!   🙂

    • #114983 Reply

      Volume Z
      AskWoody Lounger

      For the sake of keeping things simple I’m suggesting to remove KB3212642, KB4012204, KB4016446 and KB4014661.

      The January Security Only Rollup has turned out to be fully incorporated in (superseded by) any subsequent Security Only Rollup to date, i.e. Security Only Rollups of March, April and May.

      No need to mention the Cumulative Security Update for IE  by definition supersedes any of its predecessors.

      Regards, VZ

      1 user thanked author for this post.
      • #114984 Reply

        PKCano
        AskWoody MVP

        There are no Security Only ROLLUPS.
        The rest are still downloadable from the Catalog and have not been retired. When that happens they will be removed.

        • This reply was modified 7 months, 1 week ago by  PKCano.
        • This reply was modified 7 months ago by  woody.
        2 users thanked author for this post.
        • #115017 Reply

          Volume Z
          AskWoody Lounger

          Are you saying in order to be superseded, any given update also must be retired?

          The January Security Only Rollup, that isn’t one, has been superseded by the March as well as the April and May Security Only Rollups, that aren’t ones, to the effect KB3212642 must be considered obsolete.

          Regards, VZ

          • #115021 Reply

            ch100
            AskWoody MVP

            @pkcano only says that the retired/expired updates are no longer available in the Catalog which is correct. Nothing to do with supersedence in this matter.
            Not all superseded updates are expired and not all expired updates are superseded. Some of the expired updates are retired because they were considered by Microsoft as faulty or problematic for a large number of users.
            There may be instances when some expired updates are still available for few hours or days, but this is due to delays in synchronising the Catalog interface.
            I believe, although I am not 100% certain, that the expired updates are still available for download by directly accessing the download URL (if it is already known), but are no longer presented in the Catalog GUI or any other normal software used for updating Windows.

            3 users thanked author for this post.
            • #115035 Reply

              Volume Z
              AskWoody Lounger

              Thanks for the lesson in update retirement practice.

              Still the January Security Only Rollup has been superseded by the March as well as the April and May Security Only Rollups to the effect KB3212642 must be considered obsolete.

              Regards, VZ

               

            • #115062 Reply

              Kirsty
              AskWoody MVP

              Please note the “rollup” is not security only:

              Microsoft delivers the “Security Monthly Quality ROLLUP for Windows” through Windows Update to the PC. It contains both Security and non-security updates and is cumulative. Cumulative means that this month’s ROLLUP contains the previous month’s ROLLUPS. It is available to all Windows Users.

              For those people who do not want the non-security, Microsoft provides the “Security Only Quality UPDATE for Windows.” It contains only the security patches

            • #115563 Reply

              Volume Z
              AskWoody Lounger

              Please note that what constitutes a rollup is its consisting of several updates, which is equally true for the Security-Only package. It’s an update as well as a rollup. The term “Rollup” is not exclusive to the Security Monthly Quality thing.

            • #115626 Reply

              woody
              Da Boss

              Please note that what constitutes a rollup is its consisting of several updates, which is equally true for the Security-Only package. It’s an update as well as a rollup. The term “Rollup” is not exclusive to the Security Monthly Quality thing.

              Microsoft makes the terminology bad enough without superimposing a unique definition.

              There are two kinds of monthly Windows 7 and 8.1 patches:

              • Security-only updates, which must be manually downloaded and installed
              • Monthly Rollups, which can come from Windows Update

              Any other terminology only obfuscates an already bizarrely named system. The term “Rollup” has nothing to do with how many fixes are included.

              Please, you’re confusing me – and I assume everyone else. Stick with the common definitions when you post.

              3 users thanked author for this post.
      • #115246 Reply

        Elly
        AskWoody Lounger

        For the sake of keeping things simple I’m suggesting to remove KB3212642, KB4012204, KB4016446 and KB4014661. The January Security Only Rollup has turned out to be fully incorporated in (superseded by) any subsequent Security Only Rollup to date, i.e. Security Only Rollups of March, April and May.

        The practice of naming Security-Only Quality Updates and Security Monthly Quality Rollups so similarly was sure to cause confusion.

        PKCano maintains a list of Security Only Quality Updates for Group B. These are the people trying to avoid telemetry for the most part. Security Only Updates are not cummulative, or superceded at this point, and each month must be updated for the operating system to be protected. That would include  KB3212642, KB4012204, KB4016446 and KB4014661. Each one is needed.

        Those KBs are included in the Security Monthly Quality Rollups, which also have non-security updates in them. Group A updates by applying the current Security Monthly Quality Rollup, which is cummulative. So, if you are following Group A updating, you will have those KBs installed and you don’t need to go back and install them individually.

        But, someone who didn’t update this year, and wants to be Group B, should install each of the monthly Security Only Updates, to be covered. For these people, PKCano’s list is accurate and needed.

        Yes, this is a little complicated for someone to jump into new… but I’ve successfully brought reluctant friends and family up to date using this list, as well as following it myself month by month.

        Review, and chose a Group… then follow instructions as posted by Woody, for how to update that Group. Don’t try to apply instructions for Group A (who can just update by installing the current Security Monthly Quality Rollup) with those for Group B (who must install each month’s individually).

        There is a truth here, if you are careful in the naming. The KBs are all included in the Monthly Rollup, and that is cumulative and previous months don’t need to be installed. But that is only for Group A! The Security Only updates are not cummulative. Throw a little more confusion in, because there are .Net Security Only cummulative updates. Double check what is being referred to. Following instructions step by step has kept this non-techy safe and updated, with many thanks to the MVPs and Woody.

        Elly-

        Win 7 Home, Group B

        4 users thanked author for this post.
        • #115553 Reply

          Volume Z
          AskWoody Lounger

          That would include KB3212642, KB4012204, KB4016446 and KB4014661. Each one is needed.

          KB3212642 has been superseded by KB4012212, KB4015546 and KB4019263 to date despite the Security-Only packages being non-cumulative.
          KB4012204, KB4016446 and KB4014661 have been superseded by KB4018271 to date for the Security Update for IE being cumulative.

    • #115049 Reply

      anonymous

      @ Volume Z

      Still the January Security Only Rollup has been superseded by the March as well as the April and May Security Only Rollups to the effect KB3212642 must be considered obsolete.

      Does this mean that a Win 7 Group B user who has just done a reinstall, does not have to install the Jan 2017 Security-Only update?

      • #115539 Reply

        Volume Z
        AskWoody Lounger

        No you don’t, because in one or more scenarios you can’t.

        You cannot install KB3212642 after KB4019263.

        You cannot install KB3212642 after KB4015546.

        You cannot install KB3212642 after KB4012212.

        KB3212642 is fully included in, aka superseded by any of KB4012212,  KB4015546 and KB4019263.

        Do not reject before trying yourself.

         

        • This reply was modified 7 months ago by  Volume Z.
        • This reply was modified 7 months ago by  Volume Z.
        • This reply was modified 7 months ago by  woody.
        1 user thanked author for this post.
        • #115545 Reply

          Kirsty
          AskWoody MVP

          @volume-z
          KB3212642 is a security-only patch for Group B. It is not a cumulative patch for Group A, so your information is in error.

          Security-only patches are not cumulative. You have to install each of them, one by one.

          • #115549 Reply

            Volume Z
            AskWoody Lounger

            I didn’t say they are generally cumulative. All others must be installed one by one. The exception of KB3212642 is obsolete for being part of all of its successors.

            • This reply was modified 7 months ago by  Volume Z.
            • This reply was modified 7 months ago by  woody.
            • #115556 Reply

              Kirsty
              AskWoody MVP

              Could you please supply an authoratative source for that information @volume-z?

              MS Catalog is showing that only KB3212646 (the Group A patch) has been replaced by subsequent updates.

              3212642

              3212646

              Attachments:
              You must be logged in to view attached files.
            • #115573 Reply

              Volume Z
              AskWoody Lounger

              Only yesterday I wrote to a reply on another thread that the Catalog doesn’t indicate the supersedence. This leaves us with the challenge of accurate determination of supersedence of an update of our own, and I’m claiming that the sheer fact of KB3212642 not being installable after at least one other update is perfect proof.

        • #115561 Reply

          MrBrian
          AskWoody MVP

          I tested the claim “You cannot install KB3212642 after KB4015546” on Windows 7. It is accurate.

          • This reply was modified 7 months ago by  MrBrian.
          • This reply was modified 7 months ago by  woody.
          4 users thanked author for this post.
          • #115577 Reply

            Kirsty
            AskWoody MVP

            Does the KB4015546 issue relate to https://www.askwoody.com/forums/topic/for-you-testers-heres-how-to-spoof-a-kaby-lake-processor-inside-a-virtualbox-win7-vm/#post-108029?

            I suspect that even though the earlier update can’t be installed with the later update already installed, that the contents of the earlier update may not be installed.

            Might it be worth using the MS Baseline Security Analyzer?

            1 user thanked author for this post.
            • #115580 Reply

              MrBrian
              AskWoody MVP

              No.

            • #115599 Reply

              ch100
              AskWoody MVP

              It is always useful using MBSA or equivalent tool for the Group B users.

            • #115602 Reply

              Kirsty
              AskWoody MVP

              Thks @ch100

              If/when the Installed Updates didn’t show the earlier KB number as being installed, it would seem a logical step.

              1 user thanked author for this post.
            • #115604 Reply

              ch100
              AskWoody MVP

              The whole concept of following Group B based on lists if not managed is flawed.
              Using MBSA or another tool having wsusscn2.cab as reference are ways to work around the lack of use of professional management tools and confirm the level of patching and the security of the computer, which is even more critical in the current circumstances.
              Anything else is guessing and I am more than certain that a large number of those following Group B based only on lists of patches are not patched securely now after more than 6 months since that model was adopted.

            • #115597 Reply

              Bill C.
              AskWoody Lounger

              I also had that experience due to a Belarc report showing it as missing.

              1 user thanked author for this post.
            • #115609 Reply

              ch100
              AskWoody MVP

              If somebody can test and find out if Belarc uses wsusscn2.cab as reference as I believe it does, then it may be the reference tool to be recommended for Group B security compliance check.
              MBSA might be out of date and not fully maintained for Windows 7 or later and require custom installation to make it working. However it is reliable and very good reference.

              • This reply was modified 7 months ago by  ch100.
              • This reply was modified 7 months ago by  woody.
            • #115614 Reply

              Kirsty
              AskWoody MVP

              MBSA might be out of date and not fully maintained for Windows 7 or later

              Microsoft Baseline Security Analyzer 2.3 (for IT Professionals) :
              “MBSA 2.3 runs on Windows 8.1, Windows Server 2012, and Windows Server 2012 R2, Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP systems and will scan for missing security updates, rollups and service packs using Microsoft Update technologies. To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA will not scan or report missing non-security updates, tools or drivers.
              Please make sure you are running the latest Build (2.3.2211) of MBSA 2.3 that we released early January 2015”

              2 users thanked author for this post.
            • #115621 Reply

              ch100
              AskWoody MVP
            • #115884 Reply

              walker
              AskWoody Lounger

              @kirsty:  Is this Microsoft BaselineSecurity Analyzer ONLY for IT professionals?   I think I’ve seen it referred to numerous times, and have the impression it isn’t for the ” computer illiterate” such as I am.  I try not to exceed my very limited knowledge by installing programs which are not directed at my segment of the users here.  Thank you for all of the information you post here.   It is sincerely appreciated.   🙂

            • #115967 Reply

              Kirsty
              AskWoody MVP

              It’s title says “for IT Professionals”, and I’m sure some savvy computer users would be able to utilise it without too many problems. But as you say, it is not something that is likely to help less experienced users.
              (and thanks!)

        • #115572 Reply

          owdrtn
          AskWoody Lounger

          I was referring to the Catalog. I guess we can’t rely on it anymore just as WU..
          How have you found out about KB4012212, KB4015546 & KB4019263 to supersede 3212642 ?

        • #115578 Reply

          owdrtn
          AskWoody Lounger

          But should we take for granted that “not being able to install an update” means that it necessarily been superseded ? I mean.. It could just be another messy/broken supersedence chain by MS, or any other MS-flavoured-mess ?

          2 users thanked author for this post.
        • #115579 Reply

          MrBrian
          AskWoody MVP

          I did another test:

          1. Installed kb3212642 and rebooted.
          2. Installed kb4015546 and rebooted.
          3. Ran Disk Cleanup of (superseded) Windows Updates and rebooted.
          4. Uninstalled kb4015546 and rebooted.

          After this, kb3212642 remained in the list of installed updates. So in some ways kb3212642 doesn’t behave like a superseded update.

          3 users thanked author for this post.
          • #115582 Reply

            Volume Z
            AskWoody Lounger

            It does behave like a superseded update when uninstalled with March, April or May Security-Only present.

            It doesn’t require a restart.

            • #115586 Reply

              MrBrian
              AskWoody MVP

              Perhaps the test that I did is not appropriate for assessing whether one update supersedes another.

        • #115667 Reply

          woody
          Da Boss

          Again, please try to keep the terminology consistent. In the Microsoft milieu, there’s no such thing as a “Security-only rollup”

          3 users thanked author for this post.
    • #115317 Reply

      glnz
      AskWoody Lounger

      OK – I went nuts to backtrack and UNinstall rollups and reinstall security standalones to follow Group B.  Please take a look at the following sequence and confirm I’m OK (or not).  Windows 7 64-bit, and in the past I had installed both some of pkcano’s security standalones and some rollups.  I’m skipping “KB” to save time:

      Tonight, I proceeded in this order and got certain results in this order:

      UNinstalled rollup 4012215
      Installed standalone 3192391
      Installed standalone 3197867
      Installed standalone 3205394
      Then realized my UNinstall of rollup 4012215 probably revived earlier installed rollups, so I looked and UNinstalled more rollups in this order (using cmd wusa /uninstall /kb:xxxxxxx):
      UNinstalled 3212646
      UNinstalled 3207752
      UNinstalled 3197868
      UNinstalled 3185330
      Then tried to reinstall these older standalones from pkcano’s list at top here – which I had previously installed at various times before today – BUT my PC said each of these was already installed and so I could not reinstall them:
      3212642
      4012204
      4012212
      4014661
      4015546
      4018271
      4019263

      SO my issue is this:  These final pkcano-security seven – which I had installed in the past and cannot reinstall today – are they really still installed even though tonight I UNinstalled some rollups that might have “included” them?  These seven do still show up as installed in the Windows Update installed lists as of their original (past) install dates AND same on Belarc Advisor.

      Can I sleep soundly?  Or am I doomed?  Thanks.

      • This reply was modified 7 months, 1 week ago by  glnz.
      • This reply was modified 7 months, 1 week ago by  glnz.
      • This reply was modified 7 months ago by  woody.
      • #115391 Reply

        PKCano
        AskWoody MVP

        If you have not uninstalled them, they are still installed. You should be protected from the current WannaCry/Wanna/Crypt problems since you have the March patches installed. Just sit tight on the May patches until the DEFCON number goes up.

        1 user thanked author for this post.
        • #115392 Reply

          glnz
          AskWoody Lounger

          pk – thanks twice.

          But is there any safe way to test?

          • #115396 Reply

            PKCano
            AskWoody MVP

            The installed updates list is correct.

            • #115634 Reply

              glnz
              AskWoody Lounger

              PK – Just FYI that I ran MBSA (full report attached as a .docx) and it shows only that I am …

              Missing  2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264)

              So that looks good, I assume.  (Full report attached.)   Thanks.

              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  woody.
              Attachments:
              You must be logged in to view attached files.
            • #115643 Reply

              glnz
              AskWoody Lounger

              EDIT – PK – Ran an MBSA (report attached as a .docx) but I am worried about the results.

              1)  It says I am Missing   2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264)   Critical.  This was expected.

              2) … but it does NOT list ANY of the seven standalone security updates I mentioned above as being installed.  (From 3212642 to 4019263).  This was NOT expected and is worrying.

              So, do I need to install the KB4019264 2017-05 Security Monthly Quality Rollup just to be sure?

              Thanks.

              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  woody.
              Attachments:
              You must be logged in to view attached files.
            • #115654 Reply

              PKCano
              AskWoody MVP

              Group B does not install Security Monthly Quality Rollups for Windows.

              Group B does install Security Only Quality UPDATES for Windows
              Group B does install Cumulative Update for IE11

            • #115658 Reply

              glnz
              AskWoody Lounger

              PK – Yes, understood, and thanks for your infinite patience.

              My concern is only that, after I UNinstalled various rollups, MBSA does NOT show as “installed” the seven latest standalone Group B security updates.  My own Windows Update “installed” list shows these seven, but MBSA does not.

              And I am unable to REinstall those seven.

            • #115871 Reply

              glnz
              AskWoody Lounger

              Took my Win 7 64-bit PC offline, UNinstalled the ten Group B security updates I listed a few posts above and then REinstalled them.  They all now show in “View Update History” and “Installed Updates” with last night’s date.  However, they do NOT show in a new MBSA scan.  Instead, MBSA lists one missing update:  KB 4019264 2017-05 Security Monthly Quality Rollup, which I am avoiding as a born-again Group B person.

              So MBSA pushes the rollups and skips some (related?) individual security updates.  Bad show.

            • #115907 Reply

              glnz
              AskWoody Lounger

              And Belarc Advisor also shows the same ten standalone security updates as installed last night.  So just maybe I’ve put myself into Group B successfully.  (But in the end, how will we ever know?)

              FYI – Belarc also shows the Sept 2016 rollup KB3185278 as installed two nights ago on May 15, 2017.  This makes sense because I UNinstalled all the following rollups that night, and so (I am guessing) the immediately preceding rollup is automatically reinstalled (or maybe just re-disclosed from hiding).

              • This reply was modified 7 months ago by  glnz.
              • This reply was modified 7 months ago by  woody.
    • #115687 Reply

      MrBrian
      AskWoody MVP

      I briefly tested Belarc Advisor (latest version) last night with its latest security definitions on Windows 7 x64. It mistakenly listed KB4015546 as missing when KB4015546 was installed and KB3212642 wasn’t installed. When KB4015546 and KB3212642 were both installed, KB4015546 was correctly detected as installed.

    • #115870 Reply

      Pepsiboy
      AskWoody Lounger

      Well, on Sunday I broke protocol and installed KB4019263 and KB4018271. SO FAR, no problems. I figure that if this continues another couple days I’ll install KB4019264 and see hat happens. Yes, I’m being careful to back up EVERYTHING before the installs just to be safe.

      Maybe I’m being paranoid, but I’m trying to be cautious with all the scary stuff going on. I’ll post here with the results.

      Thanks to Woody and everyone else for the tips and help.

      Dave

      2 users thanked author for this post.
      • #115877 Reply

        walker
        AskWoody Lounger

        @pepsiboy:  Having tons of problems with misplaced paperwork and can’t locate the instructions on “How to Do a Backup”.   Could you possibly provide the details?  Any and all help is appreciated.

        • #115883 Reply

          PKCano
          AskWoody MVP

          The focus of this topic is Group B patching.

          Please create a new topic to discuss backups
          Thanks

          2 users thanked author for this post.
          • #115885 Reply

            walker
            AskWoody Lounger

            @pkcano:   My apologies, I will try to determine if there is a subject out there which could be utilized to refer on “back up directions”.   Thank you for all of your help!

        • #116088 Reply

          Pepsiboy
          AskWoody Lounger

          @pepsiboy: Having tons of problems with misplaced paperwork and can’t locate the instructions on “How to Do a Backup”. Could you possibly provide the details? Any and all help is appreciated.

           

          Walker,

          I back up to an external hard drive using “Click Free”. I’m not sure here to get it as my wife picked it up several years ago when I was on the road driving truck. Sorry I can’t be more help.

          Dave

          1 user thanked author for this post.
    • #115876 Reply

      anonymous

      Suggestion: It would be great if there’s also a list of the security-only updates for group B prior to the “patchocalypse” took effect, for those of us with fresh installs of Win7 machines, so that we also catch up with the older security updates.

      • #115882 Reply

        PKCano
        AskWoody MVP

        Suggestion: It would be great if there’s also a list of the security-only updates for group B prior to the “patchocalypse” took effect

        Prior to the “patchocalypse” Microsoft issued individual updates. Only beginning in Oct 2016 did MS issue Monthly Rollups (including security, non-security, and IE11 updates) and Security-only Updates (the security-only part of the update). So there are no “Security Only Quality Updates for Windows” prior to October 2016.

        1 user thanked author for this post.
        • #115969 Reply

          anonymous

          Thanks PKCano!

          Is there a need to get those pre-“patchocalypse” updates if the machine is up-to-date with the security only updates in AKB9000003?

          If so, what would be the recommended approach to get caught up with the updates prior to the “patchocalypse” for group B? Would there be a cumulative update or updates that would bring win7 machines up-to-date to the point before Oct 2016?

          • #115978 Reply

            PKCano
            AskWoody MVP

            The best way to do it, if you want Group B is this:

            Rules:
            The only patches you hide are the telemetry-related listed above.
            You DO NOT check anything that is UNCHECKED by default.
            You check the box “Give me updates for other MS Products.
            Set Windows Update to “Never check”

            1. Run Windows Update.
            2. UNCHECK all updates in the “Important list
            3. Hide any telemetry related updates.
            4. Highlight each update and CHECK only the ones dates BEFORE Oct 2016.
            5. Install the CHECKED updates. Reboot. Wait 10 minutes after logging in.
            6. Repeat steps 1-5 until the only updates left are dates Oct 2016 or after.
            7. Download the Security-only Updates from Oct 2016 until April 2017 and the April IE11 update. (you don’t need any you’ve already installed).
            8. Control Panel\Administrative Tools\Services – highlight the Windows Update Service and at the top left click “stop”
            9. Install the security only patches. beginning with the oldest, in order. You do not have to reboot between, just close the box. Install the IE11 update.
            10 Reboot, wait 10 minutes after login.
            11. Windows Update – UNCHECK onlySecurity Monthly Quality ROLLUP for WINDOWS” – Install the rest.
            12. Repeat 10-11 untill the only thing checked that is left is the Monthly Rollup.

             

            Edit to change content

            • This reply was modified 7 months ago by  PKCano.
            • This reply was modified 7 months ago by  PKCano.
            • This reply was modified 7 months ago by  woody.
            3 users thanked author for this post.
            • #117049 Reply

              anonymous

              Thanks PKCano! One more question regarding installing pre-October 2016 updates:

              In step 4, (apart from the telemetry updates mentioned in AKB2000003) should I also check the updates that do not have “security” in its title, i.e. “updates for windows 7 for x86-based systems (KB3138612)?” What about older cumulative IE11 update (from 2014) if I have already installed the version from April 2017? There is also one for ActiveX Killbits (KB2900986).

              In other words, with the exception of specifically mentioned telemetry updates, should I install ALL pre-October 2016 important updates?

            • #117054 Reply

              PKCano
              AskWoody MVP

              In other words, with the exception of specifically mentioned telemetry updates, should I install ALL pre-October 2016 important updates?

              The answer is Yes, install the pre-Oct 2016 patches that are checked by default. The old IE patch is the only one that would be optional (ie, your choice). It is not necessary, but it won’t hurt anything if it’s installed.

              • This reply was modified 7 months ago by  PKCano.
            • #117062 Reply

              anonymous

              Many thanks PKCano!

              I’ve installed all the pre-October 2016 updates that are checked by default.

              However, I’m still not able to install the January 2017 security-only update KB3212642. It indicates that this update is not applicable to my computer. Any way to install it? Other than this one, and the fact that I couldnt find the telemetry updates KB3022345 and KB3150513, I’m all up to date!

            • #117066 Reply

              ch100
              AskWoody MVP

              However, I’m still not able to install the January 2017 security-only update KB3212642. It indicates that this update is not applicable to my computer. Any way to install it? Other than this one, and the fact that I couldnt find the telemetry updates KB3022345 and KB3150513, I’m all up to date!

              – The January 2017 KB3212642 was discussed before for the same problem and while it is not clear why it is rejected after other updates are installed, you can assume relatively safely that your machine does not need it. Group B is supposed to be managed by Enterprise tools like WSUS and if you don’t use WSUS or an equivalent patching tool, you can only make assumptions based on best information available and @pkcano does a great job in maintaining those lists.
              – KB3022345 has been retired by Microsoft long time ago as it was faulty and is in the current list only because there is a chance that older Windows installations may still have it
              – KB3150513 is offered only if you also have KB2952664. Think about KB3150513 like a current definition for an engine provided by KB2952664 if you make an analogy with an antivirus product. KB2952664 and an antivirus product do not serve the same purpose, but the delivery mechanism is similar. If you didn’t install KB2952664 as it is commonly advised on this site, then KB3150513 is not offered

            • #117069 Reply

              anonymous

              Many many thanks!

          • #116536 Reply

            Volume Z
            AskWoody Lounger

            You’ll have more fun trying to install the January Update last.

            Also, you’ll want to ensure to run an appropriate version of the Windows Update Client. Install the April Update before initial search.

            Regards, VZ

    • #115908 Reply

      anonymous

      I have been doing Group “B” updates, but sometime recently my Windows Update settings have changed in that I now see in the Control panel on my WIN 7 PC that while I had the “Never Check for Updates …” option selected and the “Give me recommended updates …” unchecked, the checkbox and “Give me updates for Microsoft products and check for new optional Microsoft Software when I update Windows” option are no longer displayed/present. I would greatly appreciate if anyone could advise me as to what I must have done wrong and/or how to correct this? Thank You.

      • #115919 Reply

        PKCano
        AskWoody MVP

        the checkbox and “Give me updates for Microsoft products and check for new optional Microsoft Software when I update Windows” option are no longer displayed/present.

        If you uncheck (accidentally) the “Give me updates for other Microsoft Products,” it will no longer be offered. The instructions to put it back can be found at this Microsoft website

        • #116321 Reply

          anonymous

          This vbs worked great, and now I have that option back too. thx

          • #116448 Reply

            anonymous

            ..I had meant to put my screenshot in previous post, here it is now:
            https://s23.postimg.org/totw7dcq3/screenshot.jpg

            2 users thanked author for this post.
          • #117065 Reply

            anonymous

            How did you do it?

            • #117629 Reply

              anonymous

              Takes a few seconds…

              I went to the link he gave above, highlighted/copied the lines, and then opened a command prompt, and right click in the open area and clicked paste.. ..the lines were now there, and click enter. That’s it.

              Then I clicked the Windows Update button to start it (it was closed) and clicked the ”Change Settings” tab, and as shown in my screenshot above with what I have circled in red, there now appears that new option that was not there before!

            • #117632 Reply

              anonymous

              …ps, fwiw I used an Administrator Command Prompt and I have Windows 7 Pro

        • #117704 Reply

          owdrtn
          AskWoody Lounger

          The instructions to put it back can be found at this Microsoft website […]

          Thanks for sharing.

          that script create a new service however.
          The registry modif provided on bottom-most of the article is only persistant on WUA version 7.0.6000 and earlier. Are you aware of any registry workaround to it persistant on later version as well ?

          • #117711 Reply

            PKCano
            AskWoody MVP

            HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
            \PendingServiceRegistration\7971f918-a847-4430-9279-4a52d1efe18d

            ClientApplicationID = My App
            RegisterWithAU = 1

            • #117721 Reply

              owdrtn
              AskWoody Lounger

              please read my post entierely.. this is not persistent

    • #116316 Reply

      JKR
      AskWoody Lounger

      Thanks. Greatly appreciated!

       

    • #116725 Reply

      anonymous

      Hi folks, I’m a newbie working with a windows 8.1 x 64 and in Group B.  So far so good with the step by step instructions except, (and I apologize for any repetition – went over article several times), I am unable to uninstall KB2976978 through Windows Update from Control Panel.  Did some searching online and found afew posts on other forums (Microsoft related) stating this update cannot be uninstalled.  Is there a way to uninstall KB2976978?  I haven’t had the confidence or experience working with registry; however, with a detailed list of instruction or link, I’m sure I can do just fine.  Thank you all for the help!

      • #116980 Reply

        PKCano
        AskWoody MVP

        Try this:
        Set Windows Update to “Never check”
        Run Disk Cleanup\Cleanup System Files. – check Cleanup Windows Update and run the cleanup.
        Reboot your computer. Wait 10 minutes after login.
        Go to Windows Update and uninstall KB3150513 first if it’s there. Uninstall KB2952664.
        Reboot – check that it’s there.
        If not, check for updates and HIDE it if it shows up.

      • #117057 Reply

        PKCano
        AskWoody MVP

        Correction.
        I misread and gave instructions for Win7. You have Win8.1. KB2976978 may not be removable if you have a build from a later ISO. You can try the method I mentioned for Win7, but it may not be successful if you have the later build.

        • This reply was modified 7 months ago by  PKCano.
        2 users thanked author for this post.
    • #117084 Reply

      Volume Z
      AskWoody Lounger

      It would be great if there’s also a list of the security-only updates for group B prior to the “patchocalypse” took effect, for those of us with fresh installs of Win7 machines

      That list would be too demanding to maintain. Rely on Windows Update. You will know   important Updates are preliminarily complete (Monthly Rollup excluded) when KB3177467 is offered.

      However, you will not be offered KB3177467 with any Monthly Rollup available (unhidden). KB3177467 is a prerequisite for important KB3042058.

      For now, you will not be offered all of KB3168965, KB3149090, KB3138962, KB3123479, KB3033929, KB3005607 (Security), KB3182203 and KB2718704 (Important) with any Monthly Rollup available (unhidden).

      Above Updates have been replaced by Monthly Rollups only, going back to October 2016, and their offering will be suppressed in favor of the Rollup. They require manual installation or hiding of all Monthly Rollups.

    • #117081 Reply

      anonymous

      . . . ” unable to uninstall KB2976978″

      Followed PKCano instruction – May 20, 2017 at 5:25 pm and May 20, 2017 at 7:58 pm.  I couldn’t uninstall KB2976978.  I have a w 8.1 2013 edition, AMD A4-300 APU with Radeon ™ HD Graphics, 2.5 GHz.  Not sure if that info helps at this point.  I will continue following Group B info and see what happens.  I am thankful to all who have contributed to this topic.  And grateful for learning about updates, supersedence and telemetry.  Thanks again PKCano for all the help.

      EDIT html to text

      • #117114 Reply

        PKCano
        AskWoody MVP

        Please see my correction at #117057

    • #117358 Reply

      anonymous

      Yes, thank you.  Attempted instruction from correction #117057.   It’s a no go.  I’m guessing I have a later build as mentioned earlier.  Hmmm, it will be interesting to see what happens.  Thank you.

    • #117603 Reply

      MrBrian
      AskWoody MVP

      I strongly urge those who are in Group B due to telemetry concerns to set the operating system’s Customer Experience Improvement Program setting to no. See step 1 at https://www.askwoody.com/forums/topic/2000007-turning-off-the-worst-windows-7-and-8-1-snooping/ for details.

      • This reply was modified 7 months ago by  MrBrian.
    • #117923 Reply

      Noel Carboni
      AskWoody MVP

      I see only indirect mention of the following May 2017 Security-only (catalog-only?) updates for Windows 7 in this thread, above:

      • KB4019263 – Security Only Update for Windows
      • KB4018271 – Internet Explorer Security Rollup

      I had to dig through the catalog to find these. I was thinking that providing such a list was kind of the purpose for this thread. Did I miss something obvious? That happens to me more than I like.

      -Noel

    • #117944 Reply

      dhardyindr
      AskWoody Lounger

      Hi,

      I’m grateful to see this ongoing list for Group B, thank-you so much! I’m non-tech, but stubborn, and I would like to stay in Group B to understand more about my systems. Eg, I don’t know what Net framework means, but I am motivated to learn more to keep my systems in shape for my needs.

      Today I reviewed all security updates since Oct, and realized I had missed the Nov security only patch. It meant removing two patches, the Mar (Wannacry) & Dec’16 patches, applying Nov, and then catching up by reinstalling all after Nov, incl IE explorer 11 — although I will say that I did not update IE 11 for about 3 years on this Windows 8.1 Samsung ATIV 500T smartbook. Nothing ever happened, so I still have no idea what other software IE 11 affects? ; )

      All was good, so I activated Windows Updates, and installed 4 important ones:  Net framework, IE 11 cumulative, MSRT, and Adobe Flash security update.

      Issue #1:

      After restart, the pointer for my touchpad immediately had trouble– freezing, etc, so I did a second restart; this resulted in a Blue Screen with: SDBUS_INTERNAL_ERROR

      the message ‘promised’ a restart after collecting info, but it sat there, doing nothing. I forced shutdown and restarted, thinking I would need safe mode, but the normal start screen came up. I did a restore to a few days before. I have no idea what caused the blue screen, but am considering options now;  I had trouble before with this smartpad (Elantech?) after windows update, and I did the same thing, reset.

      Other than smartpad glitches after certain Windows updates, and last one was a year and a half ago (?), my system has been perfectly stable for a long time, following the advice here since 2015 when I was so annoyed by Windows 10 intrusiveness, and I managed to eradicate all signs of it forever : ).

      Issue #2:

      I checked all previous security updates and saw that I had many “Failed” Important ones, the last of which were Sept 18th, 2016. Some updated the next day. I checked the ones that never did update from Sept 18th, and saw that they were all for 64 bit machines. Mine is 32 bit.   Question: is this a legitimate interpretation of the failed installations? I had other security update failures, most in 2016 when I was actively fighting with Microsoft by not allowing Windows 10 on my machine. My bigger question is: do I need to go back and install all those security updates? I am unsure if the instructions for updates after October, 2016, ie. install all security updates and install in chronological order, also apply to all security updates before?

      My touchpad is not touchy at all until after certain Windows updates, which I have uninstalled twice before today, and then hunkered down with advice here to minimize the updates being installed.  Had no more issues, but important regular updates have not been timely for over a year maybe. I have read extensively and can’t find a solution for the touchpad itself.

      Am willing to be scientific and install updates one by one to find the culprit, but it’s scary for me to see the blue screen, truth be told. I still have a hard time remembering how to boot in safe mode and what to do when I get there. : )

      On Group B future: Also, as one who is not high tech but willing to work for it, I am willing to pay a small but reasonable amount regularly to keep in the loop and control my PCs future as a Group B member– I don’t expect those in the know to hold hands with the stragglers and offer valuable advice for nothing, is worth it to me to keep independent from Microsoft…. I have an HP mini PC Windows 8.1, bought last year and a new used Windows 7 Dell Latitude … to go with an as yet unopened Office2010, only for Word2010. I am a creative fiction writer and can’t stand the Office 365 complications. Both the HP mini and the Windows 7 systems have been purchased with an eye to keeping them running for years, offline after D-Day 2020. hehe.

      Regards and much appreciation for AskWoody forums and savvy Windows users here! Dawn

       

      • #117965 Reply

        PKCano
        AskWoody MVP

        I checked the ones that never did update from Sept 18th, and saw that they were all for 64 bit machines. Mine is 32 bit. Question: is this a legitimate interpretation of the failed installations?

        If you are in Group B and tried to install a 64-bit update on a 32-bit machine, it would definitely fail. Be careful when you download the security-only patches to get the right “bitedness.”

        BSODs are usually caused by problematic hardware drivers. Go to the manufacturer’s website and update the drivers for your machine. Then try to install the patches again. You will need the model number and maybe the serial number.

        • This reply was modified 6 months, 4 weeks ago by  PKCano.
        1 user thanked author for this post.
        • #117977 Reply

          anonymous

          Thanks so much, PK! Will do. I assume you mean ‘all’ drivers, because for sure it’s only my assumption as to what happened with the smartpad. Back in Sept, I wasn’t trying to control the security updates, but checking all the ones Microsoft downloaded; I thought they ‘knew’ the bitedness of my machine.  🙂

          Another idea occurred to me after the May updates. I downloaded an update for Flash, but I believe I uninstalled Flash from my computer a while ago, as per recommendations for security. It is not showing on my programs. Possibly I disabled it. Will check that. I use Flash only when I choose, through the browser.

          I think it’s a good idea now to keep a dedicated notebook for all changes to my system. Problem with not being tech savvy is that the info/knowledge gained from overseeing my own systems is sporadic and not based in real understanding.  Like learning a language and at first only learning critical phrases, not yet absorbing the big picture. thanks again.

          • #117980 Reply

            dhardyindr
            AskWoody Lounger

            Sorry PK, Just replied re: BSOD after updates, but reply is awaiting moderation, not signed in. Cookies etc all go at shutdown.  dawn

             

        • #118124 Reply

          dhardyindr
          AskWoody Lounger

          Re: BSOD after updates and actions to follow recommendations from PKCano

          I checked the ones that never did update from Sept 18th, and saw that they were all for 64 bit machines. Mine is 32 bit. Question: is this a legitimate interpretation of the failed installations?

          If you are in Group B and tried to install a 64-bit update on a 32-bit machine, it would definitely fail. Be careful when you download the security-only patches to get the right “bitedness.” BSODs are usually caused by problematic hardware drivers. Go to the manufacturer’s website and update the drivers for your machine. Then try to install the patches again. You will need the model number and maybe the serial number.

          Tried Samsung, patches not offered for my model #  from Thailand, given to me there by fam member end Nov 2014 who moved all personal computing to Apple. Researched more on other driver upload sites and discovered that only one driver was updated since then, Wacom Router  Mouse, Apri 2015.  AS at Nov 2014 tablet pen for writing was no longer working. No problems. The Elantech smartpad is working fine now; I did not update IE11, or Flash (I do not have installed now), or Visual Studio for Tools for Runtime.

          All other security, MSRT, and Net Framework patches are updated in order now and system seems stable. I restarted after security patches, and after each of the above two. No idea why BSOD happened, and if due to Flash or IE11, I am reluctant to find out, only because I know nothing about booting in safe drive on Win 8.1. Have tried to understand last 2 days from online reading, but it seems quite convoluted. Will do it if necessary.

          In device mgr, one series of driver has not worked from end Nov 2014, Intel Dynamic Platform & thermal Framework display participant driver, display driver, one more.

          Around that time, I updated this Notebook to Win 8.1 from Win 8 and gave desktop Win 7 facelift. Not sure if coincidence, don’t know exact date, I was still in Thailand.

          I have Office 365 still via same fam member acct, but only use my local acct, to avoid MS harassment as much as possible. Do not use interactively online; use Word 2013 as word processor. Changed settings to manual updates to avoid constant messages via banner on Word to upgrade to Office 2016. I did one Office update last year, for security, etc. via Word, manually, to sidestep automatic Office upgrades, was solution found after researching how to get rid of that horrible banner.

          Now taking steps to stay offline as much as possible and see what happens with the Wannacry upset. Starting yesterday,  listen to music on Youtube via earbuds and an inactive smartphone with wifi, no google acct turned on, etc. So no need to have internet on while working. heheh more productivity bonus also. So will control online usage even more, for email, updates, etc. Changed Google settings after reading about security flaw here, so no automatic downloads.

          Questions: (re: Important Updates)

          1. Is it still important to update IE11 if not using other Microsoft products? No Edge, Flash, Silverlight, etc. I am reading one thread from this forum now, but I don’t understand why it is so critical. I do not want to waste anyone’s time explaining, but would love to be pointed in a direction if one exists, to read and understand.

          2. How important to update Visual Studio 2010 Tools for Office Runtime? I did not update Office via Word yesterday; I did not update for maybe 2 years before March, no problems.

          Thanks again for your help on this! I spent 2 days on this in all, and now know more about my machine, so am happy.  dawn

           

           

          • #118127 Reply

            PKCano
            AskWoody MVP

            1. Is it still important to update IE11 if not using other Microsoft products?

            Yes, it is important to keep IE up to date even if you are not using it because it is an integral part of the operating system and other processes use it. Also, in Win8.1, flash is integrated into IE and is updates through Windows Update as opposed to a separate download/install (although you may have the Npapi Plug-in as a separate installation).

            Office has had many vulnerabilities. It is a good thing to keep it updates as well.

            2 users thanked author for this post.
            • #124687 Reply

              dpwoodpecker
              AskWoody Lounger

              I was browsing to get my laptop updated and saw a comment you had shared, PKCano, back in late May in reply #118127, about the necessity of updating IE11 even if the program is not being used as a browser. Hmmmph – I had never used IE even back while running on Windows XP so when I finally upgraded to Windows 7, I had uninstalled it. So please help:

              1. Where can I safely download a clean “unbloated” version of IE11?

              2. After install it, where can I find the necessary security-only WUs related to IE11? Are they cummulative or I would need to do a series of ones I’ve missed?

              3. Do I need to set any key parameters in IE options for security purposes, even if I will never run the program as a browser?

              4. How do I block so that IE is not get started as the browser by any programs/services? Firefox is currently set as the default browser and I have Chrome as secondary.

              Many thanks! —DP

    • #118009 Reply

      Al
      AskWoody Lounger

      Windows 7 pro group B person here – I’ve been careful with the updates using the lovely list you’ve been maintaining here. Quick question – had something new pop up on WU that I’m not sure if a group B should use or not. Kb2310138 comes up as a definition update for microsoft security essentials, but under “optional” updates. I normally ignore the optional ones, but I’m hesitant not to make use of something that’s security related. So, do I install or ignore it?

      Thoughts?

      Thanks as always for your help.

      • #118020 Reply

        PKCano
        AskWoody MVP

        If it’s in the “optionals” and unchecked, leave it alone until (unless) it shows up in the “importants” checked.

    • #118310 Reply

      PKCano
      AskWoody MVP

      Information for those of you Group B people who are contemplating a move to Group A.

      I have recently “sacrificed” one each of my Win7 and Win8.1 VMs to see the effects of moving from Group B to Group A. Let me preface this by saying I have been more or less a hybrid Group B. I have hidden ONLY the telemetry patches as defined in AKB2000003. I do not hide the Monthly Rollups, I just uncheck them before installing. I do not install the drivers from MS, but they are all unchecked optionals. Along these lines, I do not check anything that is unchecked by default.
      Since I did not install the telemetry patches, I did not have the Diagnostic Tracking Service installed. I have all the tasks under “Application Experience,” “Autochk,” and “CEIP” disabled in Task Scheduler. I have always had CEIP = NO
      I have ALWAYS had “Give me recommended” and “Give me updates for other MS products” checked. I have seen no adverse effects. I have been lucky in that I’ve had no problematic patches on any my machines. Since Oct 2016, there have been few “optionals” other than the “Previews,” and all have been unchecked by default.

      Since Nov 2016, I have downloaded and installed the Security-only Updates and lately the IE11 patches. These I have installed manually, then unchecked the Monthly Rollup in WU and installed the rest that were checked by default.

      To make the transition, I unhid KB3068708 and KB3080149 on the Win7 and KB3080149 (KB3068708 was not hidden or offered) on the Win8.1 (@MrBrian now recommends installing them), then installed those patches along with the Monthly Rollup.

      On the Win7, the tasks in the Task Scheduler under Application Experience, Autochk, and CEIP remained disabled. The Diagnostic Tracking Service was installed but was Disabled by default.
      On the Win8.1, the tasks remained disabled as well. The Diagnostic Tracking Service was installed and was on Automatic by default.
      CEIP = NO remained on both.

      2 users thanked author for this post.
      • #118315 Reply

        Noel Carboni
        AskWoody MVP

        Sharing experience is greatly appreciated.

        And of course there’s nothing now stopping you from disabling additional services if you want. I’ve found that the system will run fine without the Diagnostic Tracking Service enabled.

        Out of curiosity, do you monitor communications at all? If so, do you see the systems now regularly contacting anything they weren’t before?

        -Noel

        • #118317 Reply

          PKCano
          AskWoody MVP

          No, I don’t monitor. But if it slows down I’ll know where to look, since that is the only change I’ve made lately.
          BTW, I did disable the Diagnostic Tracking Service in the Win8.1 after the fact. If the VM increases in size drastically, (like blowing up a balloon with a hose pipe?), I’ll start looking for the data cache that can’t be sent .

    • #118354 Reply

      anonymous

      Did a recent catch up of security patches (one by one) and they all went fine bar January which said was “not compatible with your machine” Win764bit.

      Hope the January update wasn’t critical.

      Group B

       

      • #118404 Reply

        Volume Z
        AskWoody Lounger

        The January Update is more or less a negligible relic of a lackluster Patch Day. It’s a follow-up to KB3167679. So are KB4012212, KB4015546 and KB4019263. Considering the file size, KB3212642 seems to be nothing but a follow-up to KB3167679, making March, April and May Updates not only supersede KB3167679, but also that one’s January successor.

        Regards, VZ

    • #118418 Reply

      anonymous

      Thanks VZ, Really appreciate that help, Thanks! 🙂

    • #118420 Reply

      anonymous

      In AKB2000003, Step B2 states that the Windows Update Service should be stopped before installing a downloaded patch.  Why?  In previous months, I’ve followed woody’s instructions for Group B in his InfoWorld articles and he did not suggest stopping the Windows Update Service.  And my patches appear to have installed OK without stopping the Windows Update Service.

      • #118422 Reply

        PKCano
        AskWoody MVP

        In many cases stopping (not disabling) the service will shorten the “searching for updates” time. The service will restart on reboot.

        • #118430 Reply

          anonymous

          Thank you for the reply. However, in Step B2, I don’t understand what updates you are searching for.

          You first download the security-only patch and cumulative update for IE11 either by following the links in AKB2000003 or, as I do, directly from the MS Catalog. Then, you stop the Windows Update Service. Then you install the patches. And then you reboot. (This is my interpretation of the “substeps” in Step B2.)

          So what updates are you searching for? It is not until Step B3 that you need to search manually for additional updates using Windows Update. And, by that time, the Windows Update Service will have been restarted.

          • #118433 Reply

            PKCano
            AskWoody MVP

            The reference is not about using the “search for updates” link,
            When you double click on the downloaded .msu file, if you watch the box that pops up, you will find that the update installer goes through the process of searching for updates for a period of time (short or long). You will see it more readily if you install the IE patch without rebooting. Stopping the service and then leaving the Services window open while installing can, in some cases, reduce this time.

            • #118434 Reply

              anonymous

              OK, thank you once again. I’ll look out for this the next time I install a patch using a .msu file. As I stated previously, I’ve never stopped the Windows Update Service before running a .msu file (I use Start > Run… rather than double clicking) and I’ve never noticed any perceptible delay.

    • #118471 Reply

      anonymous

      Has MS dropped the security only patches for .net framework 4.6.1 for win7 sp1 x64? as I’m only seeing the security and quality ones in their ms catalogue there was an April security only patch

    • #118473 Reply

      anonymous

      Has MS dropped the security only patches for .net framework 4.6.1 for win7 sp1 x64? as I’m only seeing the security and quality ones in their ms catalogue there was an April security only patch

      https://support.microsoft.com/en-us/help/4019108/security-only-update-for-the-net-framework-3-5-1-4-5-2-4-6-4-6-1-and-4

      Says that it’s for Win7 sp1  but the catalogue says it’s for 2008 server ???

    • #118505 Reply

      ozbadcat
      AskWoody Lounger

      Has MS dropped the security only patches for .net framework 4.6.1 for win7 sp1 x64? as I’m only seeing the security and quality ones in their ms catalogue there was an April security only patch

      https://support.microsoft.com/en-us/help/4019108/security-only-update-for-the-net-framework-3-5-1-4-5-2-4-6-4-6-1-and-4

      Says that it’s for Win7 sp1 but the catalogue says it’s for 2008 server ???

      THANKS Anonymous – I did write to PKCano earler today about the EXACT same issue – earlier this week I was able to download NET Security Only patches 4014599 ( Net 4.5.2 ) and also 4014579 ( Net 3.5.1 ) and install them on my 3 computers – I then deleted them from downloads as I no longer needed them. Then a friend wanted me to install them on his machines but when I went to the Windows Update Catalogue they were NO LONGER THERE as individual downloads…… so I asked PKCano – if those individual patches had been pulled ????? …… something has happened ….

      He advised to then use the Security ROUNDUP version …. something I was trying to avoid ….preferring the Group B Security ONLY versions

    • #118530 Reply

      dgreen
      AskWoody Lounger

      Links to May security only .NET patches were uploaded last week, here: https://www.askwoody.com/forums/topic/security-only-net-updates-may-2017/

      Kirsty

      I just checked kb4019108 on the Windows Catalog site.

      That is listed as “May, 2017 Security Only Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB4019108)”

      There is nothing for Security Only Update for .Net Framework for 4.5 Windows server 2008 R2 for May.  There is only a “rollup”.
      Are they only offering a “rollup” now for .Net Framework?
      and…. do I really even need .Net Framework?

      Windows7 64bit Windows Server 2008 R2
      I checked my programs and I have 4.5 version of .Net Framework.

      • This reply was modified 6 months, 3 weeks ago by  dgreen.
      • This reply was modified 6 months, 3 weeks ago by  dgreen.
    • #120410 Reply

      PKCano
      AskWoody MVP

      AKB 2000003 “Ongoing list of “Group B” monthly updates for Win7 and 8.1″ was updated 6/13/2017 with June patches.

      • This reply was modified 6 months, 1 week ago by  PKCano.
      1 user thanked author for this post.
    • #120849 Reply

      woowoochow
      AskWoody Lounger

      PK Cano i am not certain about what to download for June the security only one is kb 4022717 not kb 402219 for group b is that right?

      • #120851 Reply

        PKCano
        AskWoody MVP

        You don’t mention what version of Windows.
        For June, KB4022722 is the the Security only for Win7
        For June, 4022717 is the Security only for Win8.1
        See AKB2000003 for the right patch. Be sure the bitedness is right (32-bit or 64-bit)

        And you need the patch for IE11 also.

        1 user thanked author for this post.
    • #121228 Reply

      1040ST
      AskWoody Lounger

      Hello and thank you PKCano, Woody, Kirsty, and everyone else for all of your help with these patches!

      Can you please clarify if it’s safe to patch through to June, or only through April?  On May 13, PKCano said the May patch has not been approved, and I’m not sure if the May and June patches are safe to install at this point.

      I’m on Windows 7 Pro 64-bit SP1 in Group B, and I haven’t patched since September, but I’m catching up now.

      I have a suggestion if it’s not safe to patch through to June: At the end of AKB2000003 where you list links to the monthly patches, please indicate somehow which ones have not yet been approved and should not be installed yet.

      Thank you very much!

      • #121234 Reply

        PKCano
        AskWoody MVP

        All the patches through May are OK to install (explanation to follow). Currently the June patches are on hold. So go ahead and catch up through May.

        The explanation for the patching: the MS-DEFCON method. See the number at the top of the webpage. If the number is 1 or 2, the current month’s patches are on hold. The reason being, that MS has been issuing bad patches with some regularity lately, and we don’t want to be the Beta tester Guinea Pigs.

        MS releases new updates on the second Tuesday of the month (Patch Tues). Shortly before this happens, Woody lowers the DEFCON number to 1 or 2 meaning don’t install this month’s patches yet. We wait, monitoring the Internet and reports here on AskWoody, to see what problems arise. This month (June) there is a printing problem in IE11 caused by the installation of the June Security Monthly Quality Rollup. The Rollup contains the Cumulative Update for IE11, so the stand-alone patch that Group B installs may also be involved. We are waiting to see if the problem is resolved.

        Somewhere before the next Patch Tues, when we know where the Updates stand, Woody will raise the DEFCON number to 3, 4, or 5 along with instructions for patching. At that point, it is safe to install the current month’s patches.

        For a full description of the MS-DEFCON system see the button in the menubar at the top of the site

        1 user thanked author for this post.
    • #122406 Reply

      anonymous

      I just discovered on a Windows 8.1 box that I somehow never installed the original October 2016 patch for Group B– but have installed all of the other Security Only patches. Does this mean I need to reinstall everything chronologically, or if I just install kb3192392 am I ok to keep using this machine?

      • #122430 Reply

        PKCano
        AskWoody MVP

        You can go ahead and install the patch. If it has been superseded, it probably just won’t install.

    • #122480 Reply

      anonymous

      Any update on Jun 2017 KB 4022722 security only update is safe to instal yet, also is there a security only patch for .net framwork 4.6.1 this month, just the last time i installed the  version of it via WUS  i observed a few oddities, which went away after installing last months security only .net update

      • #122494 Reply

        PKCano
        AskWoody MVP

        June patches are still on DEFCON 1 for a little while longer.

        The last Security only patch for .NET 4.6.1 was issued in May.
        .NET 4.7 was released in June, but there were some problems with Win7, so I would advise holding off on upgrading to .NET 4.7 for a while.

        • This reply was modified 5 months, 3 weeks ago by  PKCano.
    • #123045 Reply

      dgreen
      AskWoody Lounger

      PKCano
      First and foremost, thank you for all you do for us.

      You do not have KB4022722 on your download list for Group B for June’s Security Only Quality Updates.
      I downloaded the one you have listed but realized while it was downloading it was for Windows 8.1 64bit, not Windows 7 64 bit.

      Are you not recommending KB4022722?

      Windows 7 64 bit SP1 Windows Server 2008 R2 Group B

      Also,  I’m considering seriously of going to group A in July.
      Is there a thread that has all the instructions on how to go about doing that?
      Or is it just a matter of downloading the group A rollup or…
      am I in denial and it won’t be that simple. (sigh)

      • #123048 Reply

        ch100
        AskWoody MVP

        Also,  I’m considering seriously of going to group A in July.
        Is there a thread that has all the instructions on how to go about doing that?
        Or is it just a matter of downloading the group A rollup or…
        am I in denial and it won’t be that simple. (sigh)

        Just use Windows Update and install the rollups for Windows, .NET Framework and all updates for Office if you use Office products. You should also install all older updates which are offered.
        It is recommended for best experience and to get all enhancements released to date to check the box which says to show the Recommended updates as Important, but even if you don’t, you are still considered in Group A.

        Please avoid installing KB971033.
        I discussed this recommendation in another thread.

        Note: If you hid updates in the past, unhide everything now, or better reset the Windows Update database to start clean, following instructions posted here before.

        1 user thanked author for this post.
    • #123049 Reply

      dgreen
      AskWoody Lounger

      Also, I’m considering seriously of going to group A in July. Is there a thread that has all the instructions on how to go about doing that? Or is it just a matter of downloading the group A rollup or… am I in denial and it won’t be that simple. (sigh)

      Just use Windows Update and install the rollups for Windows, .NET Framework and all updates for Office if you use Office products. You should also install all older updates which are offered. It is recommended for best experience and to get all enhancements released to date to check the box which says to show the Recommended updates as Important, but even if you don’t, you are still considered in Group A. Please avoid installing KB971033. I discussed this recommendation in another thread. Note: If you hid updates in the past, unhide everything now, or better reset the Windows Update database to start clean, following instructions posted here before.

      ch100
      I purchased the computer in October 2013 from Staples.
      It came with Windows 7 64 bit SP1 Home Premium Windows Server 2008 R2 x64 installed.


      KB971033 was already installed (10/13/13).
      A little leery about uninstalling this as I thought this proved I had a “genuine” windows 7.
      I do not use Office.
      A couple of weeks ago  I unhid all the updates and caught up on all the “security” updates dating back to 2014.
      Other then Silverlight, these are the ones I have kept hidden.
      The other updates that are unhidden are the previews and optional updates, which are in italic and unchecked.  I didn’t think I needed to install them.

       

      Attachments:
      You must be logged in to view attached files.
      • #123055 Reply

        ch100
        AskWoody MVP

        If KB971033 was installed for such a long time and has not caused false alerts, then I think it should be left alone as is.

        The problem with past hidden updates is that the local database in order to be accurate needs to have corresponding references to Microsoft Update servers. Old updates or faulty updates are often retired and if those retired updates have been previously hidden, they can no longer be unhidden, sitting there orphaned and may or may not cause issues down the track. If you are comfortable with this situation, then you don’t have to do anything. I am not comfortable with this situation and this is why I insist against hiding updates.
        Th only easy way to recover and start clean is to remove the local database which is only a cached version of the configuration on Windows Update with supersedence relations, but dynamic, changing all the time when a scan is completed. By removing the local database and the folder structure surrounding it, a new local database would be built and some space would be recovered as older downloads in those folders which are no longer needed would be removed too.

        The updates which you see in Italic are those Recommended and I strongly recommend you to install them. By ticking the box which I mentioned in the previous post, you would see them moved in the Important category, no longer under Optional.
        But if you don’t want the Recommended updates (non-critical bug fixes or new features), you can live without. Expect some useful functionality to be broken, like Disk Cleanup or other functionality.
        I don’t have a recommendation about Optional updates. They are called Optional to be left to the user’s choice. I install them all on Windows 7 (only 5 in fact), except for the Preview ones and those which are likely to move under Recommended which I install then. One such update is the dreaded latest version of KB2952664 which sits now under Optional but will likely move later under Recommended.
        In relation to the Recommended updates, it is highly expected that in the next few months, a huge rollup comparable with the so-called SP2 KB3125574 to be released to include most previously released Recommended updates and possible some Optional updates. So you may get them at that time.

        Think about SP1. It contains Security, Critical non-security, Recommended, Optional and the less visible hotfixes released until that date. Can you select what to install out off a Service Pack?

        Silverlight is a different product which I install, but you don’t have to do the same. Silverlight is not part of Windows, it is an add-on which was supposed to be a competitor for Flash and it didn’t take off except for a very limited market. But now and then I encountered sites which require Silverlight. I don’t see a problem with it, like I don’t see for Flash if it is patched up to date and common-sense browsing is applied.
        Hiding Silverlight and updates has the same problem which I mentioned before, as the relevant updates keep changing and you may encounter situations where you cannot manage your own Windows Update, because your cache has become out of sync with what is stored at Microsoft.

        1 user thanked author for this post.
    • #124342 Reply

      PKCano
      AskWoody MVP

      AKB2000003 has been updated 7/11/2017 – July Group B patches

      4 users thanked author for this post.
      • #124348 Reply

        HiFlyer
        AskWoody Lounger

        AKB2000003 has been updated 7/11/2017 – July Group B patches

        Jul 2017 (IE11) KB 4025333 – Download 32bit or 64bit

        IE11 ???

        • #124352 Reply

          PKCano
          AskWoody MVP

          OOOPS! Fixed that mislabel
          Thanks

          • This reply was modified 5 months, 1 week ago by  PKCano.
          1 user thanked author for this post.
    • #124469 Reply

      Skunk1966
      AskWoody Lounger

      I just installed KB 4025333 4025337 for Windos 7 (x64). After rebooting my system I got BSOD. Started up in safemode and ran sfc /scannow. Rebooted in normal mode and again BSOD.

      In the end I couldn’t fix it so uninstalled KB 4025333 4025337 using wusa cmd. Rebooted in normal mode and all is fine again

      Edit: see clarification below

      • #124472 Reply

        anonymous

        KB 4025333 is for Windows 8.1 not for Windows 7. I think the windows update system should not let you install it in the first place.

      • #124474 Reply

        Kirsty
        AskWoody MVP

        Do you mean KB4025337?

        1 user thanked author for this post.
    • #124481 Reply

      Skunk1966
      AskWoody Lounger

      Do you mean KB4025337?

      yes sorry for typo

      • #124484 Reply

        PKCano
        AskWoody MVP

        For Win7 you should be installing KB4025337 (security only) and KB4025252 (IE11).
        KB4025333 is a Win8.1 patch.

        • This reply was modified 5 months, 1 week ago by  PKCano.
    • #124486 Reply

      Skunk1966
      AskWoody Lounger

      For Win7 you should be installing KB4025337 (security only) and KB4025252 (IE11). KB4025333 is a Win8.1 patch.

      that’s why I apologized for my typo; I meant to mention KB4025337 from the start

      • #124488 Reply

        PKCano
        AskWoody MVP

        Just checking the obvious – you did get the 64bit and not the 32bit, right?

    • #124489 Reply

      Skunk1966
      AskWoody Lounger

      Just checking the obvious – you did get the 64bit and not the 32bit, right?

      yes

      windows6.1-kb4025337-x64_c013b7fcf3486a0f71c4f58fc361bfdb715c4e94.msu

      • #124490 Reply

        PKCano
        AskWoody MVP

        Basically, that’s the very reason we have the DEFCON system – you have been a Guinea Pig for the rest.
        I need the answer to some questions. Then we are going to wait a couple of days and see if there are other similar reports. If so, I may put your problem up on the main blog for comments\suggestions.

        Windows home or other?
        Hardware: brand & model, laptop/desktop, processor, graphics, age of PC, etc?
        Security software: anti-virus, firewall, malware remover, exploit blocker, etc?
        Assuming you installed the security-only last month with no problems, have you installed any additional software since then?

      • #124500 Reply

        PKCano
        AskWoody MVP

        Thanks. Will let you know if I find information (or not).

        1 user thanked author for this post.
      • #124715 Reply

        PKCano
        AskWoody MVP

        I have moved discussion of this problem to
        https://www.askwoody.com/2017/july-11-security-only-patch-kb4025337-causes-bsod/

        Please check this location also

    • #124704 Reply

      glnz
      AskWoody Lounger

      Woody and PKCano – Regarding 2017-07 Security Only Update KB4025337, the MS web page https://support.microsoft.com/en-us/help/4025337/windows-7-update-kb4025337 says the following – what do you think?

      After installing the security updates for CVE-2017-8563, administrators need to set registry key LdapEnforceChannelBinding to enable the fix for the CVE. For more information about setting the registry key, see Microsoft Knowledge Base article <u>4034879</u>.

      See also  https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry .

      I have a standalone Dell Optiplex dual-booting Win 7 Pro 64-bit and Win 10 Pro 64-bit.  It is NOT part of a domain – just Workgroup at home.  If I install Security Only Update KB4025337 for my Win 7 64-bit, do I need to change the registry as indicated in these articles?

      Thanks.

      • This reply was modified 5 months, 1 week ago by  glnz.
      • #124723 Reply

        PKCano
        AskWoody MVP

        Home users should not be concerned with LDAP. This caution is directed to network administrators in a business or Enterprise environment.

        Personal opinion: I cannot imagine MS issuing an update through Windows Update that requires “Joe User” to edit the Registry when “Joe User” often has updates on Automatic, doesn’t know when they happen, and probably doesn’t know the Registry exists.

        • #127145 Reply

          ch100
          AskWoody MVP

          This patch implements new functionality which require registry editing only to take advantage of the new features. Without editing, that new functionality is not enabled. It is as simple as that and it is not the first update which implements this sort of thing.
          In this specific situation, @pkcano is right, the functionality involved is relevant only to enterprise users.

      • #124722 Reply

        anonymous

        I could well be wrong, but it seems that the registry edit is for Domain Controllers.  https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry

        says –

        “To help make LDAP authentication over SSL/TLS more secure, administrators can configure the following registry setting on a Domain Controller: ….”

    • #127143 Reply

      MrBrian
      AskWoody MVP

      I recommend two steps be added to the Group B instructions:

      1. Add step to turn off CEIP, just as was recently added to AKB 2000004.

      2. Add step “Wash, rinse, repeat” similar to what is in AKB 2000004.

    • #128442 Reply

      PKCano
      AskWoody MVP

      Group B Aug Security-only patches have been updated Aug 8 on AKB2000003

      Cumulative Updates for IE11 have been updated Aug 8 on AKB2000003

      • This reply was modified 4 months, 1 week ago by  PKCano.
      2 users thanked author for this post.
      • #128603 Reply

        walker
        AskWoody Lounger

        @pkcano:   I see that it’s too late for me to do the updating I planned.    I intend to get into  Group A, if possible.  Since the we are down to DEFCON 2 again, I am assuming that I should keep it on “NEVER” check for updates.     I only see on new one, the Monthly Quality Rollup (group A), however I’ve never seen ANYTHING about the catalog update instructions for the IE11, and I’m very concerned about that one as well.  Is there a link which refers to the IE11 updates that I can use for guidance?  Thank you for any assistance you may be able to provide.  Wish I could have had the time to get everything updated, however it was impossible.  Once again “thank you” for all of your invaluable help.   🙂

        • #128606 Reply

          PKCano
          AskWoody MVP

          If you are in Group A you do not need the IE11 update because it is part of the Rollup you will be installing through Windows Update.

          • #128627 Reply

            walker
            AskWoody Lounger

            @pkcano:  Thank you so much for that information!  That is “wonderful”!!  After my last fiascos (when in Group B) attempting the catalog update with the IE11, I felt that I had no opportunity to ever get it updated because of repeated failures.

            Thank you, more than words can adequately express!!  I am a “Happy, Happy Camper” !!   🙂   🙂

             

    • #128701 Reply

      plodr
      AskWoody Lounger

      I believe there is also a .NET update for .NET 4.6 and higher this month. KB4035510.

      • #128706 Reply

        PKCano
        AskWoody MVP

        The .NET updates are not part of Group B patches.
        So far, KB4035510 is for manual download only. It has not been delivered through Windows Update.

        1 user thanked author for this post.
        • #128854 Reply

          glnz
          AskWoody Lounger

          PKCano and gang – My Win 7 Pro 64-bit shows the following in Belarc Advisor.  I’m Group B.  Do you think I might be missing any updates for .NET?

          Microsoft – .NET Framework Version 2.0.50727.5483 (32/64-bit)
          Microsoft – .NET Framework Version 3.0.6920.5011 (64-bit)
          Microsoft – .NET Framework Version 4.0.41210.0 (32/64-bit)
          Microsoft – .NET Framework Version 4.6.1055.0
          Microsoft – .NET Framework Version 4.7.2053.0 (32/64-bit)

          If I’m missing anything, what do you suggest?  Thanks.

           

          • This reply was modified 4 months, 1 week ago by  glnz.
          • This reply was modified 4 months, 1 week ago by  glnz.
          • This reply was modified 4 months, 1 week ago by  glnz.
          • #128863 Reply

            PKCano
            AskWoody MVP

            Are you concerned about having all the security fixes?

            Be sure you have the latest version of Belarc Advisor v8.5c
            Run it and allow it to download the update databases. In the upper right corner there is a list of Security patches if you are missing any. (I’ve had some of the older ones say “not applicable to your system”).

            2 users thanked author for this post.
            • #128873 Reply

              walker
              AskWoody Lounger

              @pkcano:   Is Belarc Advisor v8.5c, safe, for all computers?  I’ve seen it mentioned previously, however just wondering if there have ever been any problems with utilizing it. Win 7, Group A (eventually I hope).

              Thank you for your advice on this one, and all of the other expert and reliable information you provide.  🙂

            • #128875 Reply

              PKCano
              AskWoody MVP

              Belarc Advisor is works on all Windows. It’s very informative.

              2 users thanked author for this post.
            • #128876 Reply

              walker
              AskWoody Lounger

              @pkcano:  Thank you so much for the guidance and advice on this.   I sincerely appreciate it.  Your expertise is absolutely outstanding!    🙂

    • #128732 Reply

      Skunk1966
      AskWoody Lounger

      I installed security-only KB 4034679 on Windows 7 Ultimate x64 this morning without any problem; after reboot no problems as far as I can tell up until now. Haven’t installed KB 4034733 (ie11 update) yet

    • #130746 Reply

      PKCano
      AskWoody MVP

      The download link to KB4039884 (hotfix for dual monitor bug) has been added to AKB2000003 for those who need it.

      Edit: Installing this hotfix has implications. See comments here and here before installing

      NOTE: KB4039884 (hotfix for dual monitor bug) has been removed from AKB2000003

      • This reply was modified 3 months, 3 weeks ago by  PKCano.
      • This reply was modified 3 months, 3 weeks ago by  PKCano.
    • #134669 Reply

      MrBrian
      AskWoody MVP

      Windows users (especially Group B) may be missing Microsoft security updates! (due especially to monthly rollups superseding some security-related updates from before October 2016)

    • #133352 Reply

      anonymous

      why here is not a list of legitimate updates for windows 7?

       

      • #133354 Reply

        PKCano
        AskWoody MVP

        The updates listed here are not delivered through Windows Update, but they ARE legitimate updates. They must be downloaded from the Windows Update Catalog and manually installed.
        They are for people who want to follow the Group B method of patching – security-only updates for Windows.

    • #133357 Reply

      win7forever2017

      and btw I have an account at askwoody

      but I can’t get my password

      and I forgot password option is not working

      the email I registered with is ” win7forever2017@gmail.com

    • #133355 Reply

      anonymous

      ok here is my idea

      since there is not a list of KB’s that are ok to install

      my intention is to basically download them one by one around 166 updates

      without the telemetry and snooping updates

      so the question is how I should chronologically installed ?

      I assumed from the year up to present year?

      I know it will take forever but here is the thing

      if I’m doing this then I don’t have to worry about microsoft drop the support of windows 7

      since I have all windows 7 updates saved on my secondary SSD

      however I love this askwoody web

      but it would be more simple for everyone

      to have a full list of win7 updates that are ok to install

      just saying…!!!

      • #133358 Reply

        PKCano
        AskWoody MVP

        We are no Microsoft. We do not catalog all the updates everyone needs for all versions of Windows.

        Please read AKB2000003 and AKB2000004 to see what this topic is about. Also, AKB2952664 will give you information about telemetry, which is one of the things Group B is avoiding.

    • #133630 Reply

      anonymous

      PKCano, are you going to update AKB 2000003 to show the Sept 2017 “Group B” monthly updates?  I understand Woody’s website and comments (bbPress) section were down for extended periods here in September but now everything appears to be returning to normal.    Woody’s blog entry “September Security patches for Windows and Office are out”, posted on September 12th, does show you (PKCano) advise KB4038779 is the Win 7 Security Only Quality update and KB4038793 is the Win 8 Security Only Quality update.

      • #133637 Reply

        PKCano
        AskWoody MVP

        For those of you in Group B – AKB2000003 has now been updated for September.

        Please see September 2017 Group B security only patches for windows 7/8-1

        Edit to add link and note update

        • This reply was modified 2 months, 4 weeks ago by  PKCano.
        • This reply was modified 2 months, 3 weeks ago by  PKCano.
        • This reply was modified 2 months, 3 weeks ago by  PKCano.
        • This reply was modified 2 months, 3 weeks ago by  PKCano.
        • This reply was modified 2 months, 3 weeks ago by  PKCano.
        2 users thanked author for this post.
        • #136124 Reply

          dpwoodpecker
          AskWoody Lounger

          (My apologies if this is a duplicate since I don’t see my original post added.)

          I’m in Group B and have just installed all security-only 64-bit Window 7 WUs given in this fabulous article. I have also left one checked box marked checked “Security and Quality Rollup for .Net Framework” and installed it along with checked boxes marked “security updates for Office 2007” (except ones for parts of the suites I didn’t install such as Power Point).

          I was double-checking the installed updates list after yesterday’s updates and see that the .Net updates are all for 32-bit whereas my computer OS is Windows 7 Pro  SP1 (64-bit). I cannot remember whether the checked box for .Net update specifically stated the bit edition but for sure the Office 2007 ones didn’t specify the bit edition. I’ve attached snip tool screen shots of the installed updates filtered with ’32-bit’ text.

          Please help: 1) do I first uninstall these 32-bit updates (at least those installed yesterday, both the .Net and for Office 2007)? 2) manually download and install the 64-bit editions of the .Net updates for installed frameworks?  and 3) where can I find the 64-bit versions for the 2007 Office to manually download?

          Any help anyone can give soon is much appreciated. —DP

          Edit to remove HTML
          Please convert the Word document to plain text before cut\paste.
          The HTML makes a MESS!

          • This reply was modified 2 months, 1 week ago by  dpwoodpecker. Reason: delete embedded format defs, attached files, updated inquiry
          • This reply was modified 2 months, 1 week ago by  PKCano.
          • This reply was modified 2 months, 1 week ago by  PKCano.
          Attachments:
          You must be logged in to view attached files.
          • #136132 Reply

            PKCano
            AskWoody MVP

            @dpwoodpecker

            64-bit computers can run 32-bit applications. Most Office 2007 installations are 32-bit.

            Windows Update is smarter than you are – it installed the right thing. If you try to download and install 64-bit where it installed 32-bit, it will simply tell you that it is not applicable.

            The OS is 64-bit, but all the applications may not be 64-bit. When you download updates for Windows (Security-only Update and IE Cumulative Update) they should be 64-bit, but Office and .NET are not Windows.

            You should be fine if you used Windows Update for everything except the Security-only Update and the IE Cumulative Update.

            • This reply was modified 2 months, 1 week ago by  PKCano.
            1 user thanked author for this post.
    • #134999 Reply

      plodr
      AskWoody Lounger

      Please stop the emails!

       

      5th attempt to unsubscribe from this thread.

      Every time I see this thread, it shows Login at the top. I login and it says I’m already logged in.

      Then I come to this thread – again and it shows Login rather than Logout.

      There is no unsubscribe link at the bottom until I submit my post. All I see is a P on the left and a submit button on the right.

      I have to say this is the weirdest forum software I’ve encountered.

      After I submit the reply, I can edit and unsubscribe – again because I get a pink error box that says Error: Are you sure you wanted to do that?

    • #135558 Reply

      anonymous

      this is totally crazy

      now I have to worry that Microsoft is handicapping Windows 7 on purpose in order to force me to upgrade ?!

      that’s it I’m jumping on Linux right now

    • #136398 Reply

      PKCano
      AskWoody MVP

      Tues, Oct 10, 2017

      Group B Security-only patches have been updated at AKB2000003

      2 users thanked author for this post.
    • #136920 Reply

      MrBrian
      AskWoody MVP
    • #136942 Reply

      Purg2
      AskWoody Lounger

      The other day this came to my attention after perusing the innerwebs for CEIP info.

      https://www.tenforums.com/performance-maintenance/16962-ceip-rundll32-exe-high-cpu-use-win-10-a.html#post346300

      How does this relate to action center settings of other versions of windows like Win 7 or 8?  Or is it purely a Win 10 tweak and/or a high CPU phenomenon?

      Am curious because those settings in my task scheduler are not disabled.

      Win 8.1 Group B

      • #136948 Reply

        PKCano
        AskWoody MVP

        Personal settings:
        On my computers, I have all tasks disabled under Application Experience, Autochk, and CEIP.
        Understand that these is some of the setting I use to reduce telemetry – not necessarily a recommended list for anyone else.

        1 user thanked author for this post.
    • #136957 Reply

      Purg2
      AskWoody Lounger

      Interesting, I see what you mean about personal preferences & whatnot.  I get the impression that this could go a number of different ways.  Basically not something for general use or something I might’ve missed.  Thanks PK.

      Win 8.1 Group B

    • #145683 Reply

      anonymous

      Thanks for the (safe) November updates. Thanks all the updates all the time!

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Comments on AKB 2000003: Ongoing list of "Group B" monthly updates for Win7 and 8.1

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.