Don’t install any updates yet – but here’s where to find them

Topic

New Reply

We’re going to be discussing today’s patches, but DON’T ASSUME THAT YOU SHOULD INSTALL THEM. You have plenty of time to wait and see if they break any
[See the full post at: Don’t install any updates yet – but here’s where to find them]

Reply | Quote

Replies

Same for Windows 10 version 1511?

Reply | Quote

Yes.

Reply | Quote

Do you think is safe to just install the .NET rollup?

Reply | Quote

I wouldn’t touch it until we’ve heard the screams of a thousand dying souls.

Reply | Quote

As a novice, there are 5 updates with the same KB. Which one or ones do I get?

Reply | Quote

Hi Woody. Just wanted to point this out.
Apparently the October rollup includes the fixes from the September rollups for 7/8.1 according to the update history.
https://support.microsoft.com/en-us/help/22801
https://support.microsoft.com/en-us/help/24717

Reply | Quote

Again, MS shows it’s “quality” in that KB3192391 knowledge base “More Information” has no data and displays an “Sad Face” emoticon.

https://support.microsoft.com/en-us/kb/3192391

MS: “For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.” – and we’ll show you a sad face… 🙂

Reply | Quote

It’s as if a million machines screamed out in horror and then were suddenly bricked.

Reply | Quote

As I suspected, you can use the IE Tab extension to browse the site in Chrome (and I assume also Firefox). Also, you can go here to see all the updates for 7: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=Windows+7 (and then sort by the “Last Updated” column)

Reply | Quote

Yep. That’s as expected. See the description in https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history

This security update includes improvements and fixes that were a part of update KB3185278 (released September 20, 2016), and also resolves the following vulnerabilities in Windows:

Security updates to Windows authentication methods, Internet Explorer 11, Microsoft Graphics component, Microsoft Video Control, kernel-mode drivers, Windows registry, and Microsoft Internet Messaging API.

Reply | Quote

Any word on the windows update speed up for the month?

Reply | Quote

Yeah, the RSS listing is really incomprehensible.

If you have 64-bit Win7, you want this one:

October, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3192391)

If you have 32-bit Win7, take this:

October, 2016 Security Only Quality Update for Windows 7 (KB3192391)

But, again, DON’T UPDATE ANYTHING YET.

Reply | Quote

According to the site, under “Package Details”, 3192391 replaces:
Security Update for Windows 7 for x64-based Systems (KB3124280)
Security Update for Windows 7 for x64-based Systems (KB3139852)
Security Update for Windows 7 for x64-based Systems (KB3140410)
Security Update for Windows 7 for x64-based Systems (KB3145739)
Security Update for Windows 7 for x64-based Systems (KB3153171)
Security Update for Windows 7 for x64-based Systems (KB3153199)
Security Update for Windows 7 for x64-based Systems (KB3161664)
Security Update for Windows 7 for x64-based Systems (KB3167679)
Security Update for Windows 7 for x64-based Systems (KB3175024)
Security Update for Windows 7 for x64-based Systems (KB3177725)
Security Update for Windows 7 for x64-based Systems (KB3178034)
Update for Windows 7 for x64-based Systems (KB2846960)
Update for Windows 7 for x64-based Systems (KB3156417)
Update for Windows 7 for x64-based Systems (KB3187022)

I’m interested to dig those all up and see what those were for.

Reply | Quote

Got Silverlight (3193713) and .NET (3188740)

Also got Security+non-security Rollup (3185330) but not Security Rollup (3192391) – is that because the latter is contained de facto in the former?

Until further notice I’m retiring to the bunker with a hotline to Woody (to whom, many thanks once again).

Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.

Reply | Quote

Ah, apparently the newest (Security) updates highlighted above are not showing up in that list (which should show all Win7 updates).

Reply | Quote

To the bunker!

Don’t install anything. Wait for everybody else to get hit.

Reply | Quote

Good ones!

Reply | Quote

HARRRRR!

Reply | Quote

That’s why I’m in the bunker 🙂

Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.

Reply | Quote

Good Morning Woody,

I just did this procedure and got to the correct page for downloading the October Security Update (I didn’t download it). This seems to work, as I had done this experiment awhile ago.

Much thanks and appreciation for all you do for us; and thanks also to all who contribute.

Procedure: (I’ve set this up in One Note and as such, the link works. You can either set it up in One Note, or manually input this into your browser).

1) Click on: http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KBxxxxxxx

2) This brings up a Google Search box. Delete the “xxx’s” and input the KB # you are looking for.

3) This brings up the XML document dealing with the KB.

4) Locate Security Update for Windows 7 (it’s 3/4 of the way down the page).

5) Highlight / Select the for http://go.microsoft.com (it’s right below the title line).

6) Right Click on the selection and select “Go To”

7) This will take you to the correct page for the download.

Chip

Reply | Quote

So if I choose to not install the monthly rollup KB 3185330 and go with the security updates only, do I still install the rollup for .NET framework 3.5.1, Silverlight,and software removal tool from Windows Update or just ignore Window Update all together ?

Reply | Quote

That gets you to the 32 bit download

Reply | Quote

1st, trying to access the KB3192391 download page with IE11 fails with:

“Object does not support property or method ‘addEventListener”.

Anybody experienced this?

2nd, the first time I tried to download with Firefox, the download got stuck at 16s left.

3rd, second attempt to download seemed OK, but apparently you cannot JUST DOWNLOAD KB3192391–it is automatically installed at end of download. This is how I discovered one effect of disabling the WU service: install fails with error 0X8070422.

Comments?

Reply | Quote

KB3192391 is only on the Microsoft Update Catalog.

Install NOTHING!

Reply | Quote

KB 3156417 is on my hidden list because it is roll up for May. Surely this should not be in the security update? Forgive me if I’m stupid, but my head is pickled with all this. I am Group B but feeling very much that will have to surrender and go to Group A or else do nothing at all.

Reply | Quote

@Megan Ryan,

Your prior question about a speed-up patch for this month (which appeared on another blogpost’s discussion thread, a day or two ago) was later answered by a few people.

The short answer is: There will no longer be a separate Windows Update speed-up patch.

So we don’t have to worry about that anymore.

From now on, all normal Windows patches will be included in a big, monthly rollup/update.

A. If you are in Group A, you will get any speed-up patches that Microsoft puts out.

B. If you are in Group B, you may or may not get a speed-up patch, depending on whether Microsoft calls it a “security” or a “non-security” patch.
If Microsoft calls it a “non-security” patch, then you won’t get it by following the Group B instructions.
But the question is, would you even need a “speed-up” patch if you are in Group B, because by definition, Group B instructions call on people to download a rollup/update from the Update Catalog, and not from Windows Update (which is where the manually-downloaded speed-up patch has recently been useful).
Probably you wouldn’t even need a speed-up patch anyway, in order to let you have a quick installation of the rollup/update that you have downloaded manually from the Update Catalog.

C. If you are in Group C/W, you are now the master of your own domain, and speed-up patches are all part of a bad dream. 😉

Reply | Quote

Cup o’ tea, sir?

—
If you don’t get that reference, I can find the post that it refers to, so it makes sense. 🙂

Reply | Quote

Megan, I’ve located the initial replies, here:
https://www.askwoody.com/2016/ms-defcon-2-get-patched-and-turn-off-automatic-updates/comment-page-2/#comment-101807

Reply | Quote

+1

Reply | Quote

Don’t worry about it. Tiny patch, not likely to cause you any grief one way or another.

Reply | Quote

Well I installed the updates on my test installation. No problems so far. But if anything goes wrong then my main Windows installation will have updates locked down and I’ll join you in the bunker. I mean having two Windows installations does offer a sort of safety net. In case I brick one then I won’t have to waste 3 hours reinstalling right away.
But I’m going to bet most of you don’t have two separate Windows installations.

Reply | Quote

@Steve,

I believe Woody’s instructions are to not download/install **anything** today,
whether it is from Windows Update or from the Update Catalog,
and whether it is in the big Windows rollup/update or is a separate small thing like a Silverlight update might be.

Woody will give us further instructions in a week or two, after learning more about how the new update system works, and hearing about any bad after-effects that the early adopters (=the people who do go ahead and download/install new updates/rollups in the next 2 weeks) are experiencing.

Until Woody gives a clear go-ahead to download/install — which means making a change in his “DefCon” number — any information and discussion that Woody will share with the public about Microsoft’s new Windows Update system will only be for knowledge-sharing purposes.

(Of course, if one is an IT person who manages this sort of thing for other people’s computers as a job, of course the above instructions do not apply, and one has one’s own row to hoe/headaches about this!)

Reply | Quote

automatically installs at the end of the download…

Chuckle, I got a fleeting mental image of poking a sleeping snake with a stick!
😉

Reply | Quote

woody: KB3192391 for Win7 SP1 and KB3192392 for Win8.1 are also available from MS Download Center:

https://www.microsoft.com/en-us/search/result.aspx?q=kb3192391&form=dlc

https://www.microsoft.com/en-us/search/result.aspx?q=kb3192392&form=dlc

Even KB3194343 for Win8.1 is also there at MS Download Center as well:
https://www.microsoft.com/en-us/search/result.aspx?q=kb3194343&form=dlc

Reply | Quote

I looked up the support documentation for the
security-only Win 7 Oct 2016 patch, KB3192391, and read that the update is available for download from the Microsoft Download Center, in addition to the Microsoft Update Catalog. I checked and verified that I could locate and download the KB3192391 packages from the Microsoft Download Center website. This seems to be contrary to what Microsoft said – that the security-only updates would be available solely from the Microsoft Update Catalog.

Reply | Quote

That is due to your Firefox Settings. It defaults to a Firefox download directory.

In Settings, under general, make sure in the Downloads Section, that the selection is to “Always ask me where to save files.

After changing to that I never had the auto installation issue in Firefox with executables like .exe and .msi, but I never downloaded an Update Catalog file with Firefox. FOr those I use IE11.

Reply | Quote

Just wanted to say that I just did a manual check for updates. I took the precaution of installing KB3172605 the other day, and it seems to negate the slow update check hell that I had to go through last month… the check took about one minute, if that.

Reply | Quote

I should have added that the Microsoft support documentation for KB3192391 has direct download links from the Microsoft Download Center.

The Microsoft Support documentation for KB3192391 can be found here:
https://support.microsoft.com/en-us/kb/3192391

Reply | Quote

Try downloading from here?

https://www.microsoft.com/en-us/download/details.aspx?id=53993

Reply | Quote

So they’re already including non-security updates into the security only rollup? Why am i not surprised.

Reply | Quote

MSRT and Defender definitions still remain safe and good to go, right?

Reply | Quote

Any feedback yet whether it’s still taking hours and much CPU useage for the updates to be located for Win 7?

Reply | Quote

Based on previous experience, it should be KB3185330. However if you are fully patched and with the system working correctly, you don’t need any speed-up patches.
And do not install anything yet.

Reply | Quote

Moreover, “replaces” does not necessarily mean “includes.” Most simply, it means “makes it unnecessary” – so it could be, for example, that it contains a bug-fix or something that was previously released as non-security, but is now part of the security update as well. Or at least, that’s what it should (and certainly used to) mean, but what MS means by it now is possibly up for debate.

I wonder, does this mean that all those could be cleaned up with the WU disk clean-up utility after the update is eventually applied? In other words, how will that utility handle the transition? Surely, it shouldn’t matter how the package was delivered… all the machinery outside the search/download should function the same way as before, no?

And something else I’m curious about, if WU is not doing any searching (stuff is being manually acquired from the Catalog) does it even need that SoftwareDistribution folder? I mean, that’s ~1GB just wasted right there. Not that I can’t live without it but, man, I hate wasting anything!

Reply | Quote

My WU still check update today. Maybe it’s problem, that I don’t have (fix) update KB3177467 :-/ ?

Reply | Quote

Does disabling actually prevent installation of updates? When installing a manually downloaded update, I typically stop WU service beforehand. Of course, stopping and disabling are not the same thing, and it does seem to start itself again at some point, so if it can’t do it maybe it errors out – but I always thought it was TrustedInstaller that takes over the actual installation.

Reply | Quote

Are you sure you didn’t select “open with” instead of “save file” in the dialog that Firefox pops out on start of download? There’s nothing that can force you to install it automatically, it’s just an .msu file!

Reply | Quote

Yes, one effect of disabling WU service is an error while installing an update from a website. Re-enabling the service temporarily could give a nasty surprise if you just disabled the service without turning off downloads in the UI. If you’re really nervous, perhaps pull the internet cable or turn off wireless before re-enabling the service. Could check your WU settings with no internet, and even install in that state.

Reply | Quote

Looks like it may be a long wait time again … and no speed up patch. I have my system set to check for updates but only notify me. So far I’m 60+ minutes of ‘Checking for Updates’ with 1 CPU core pegged and still no updates. So, business as usual …

Reply | Quote

Further digestion on my part basically shows things are as many (Woody, abbodi, and I believe also ch100) speculated…

If you get the “security only” update from either the Update catalog or the MS download site, you get only the fixes released for October.

If you get the “security & quality rollup” from Windows Update (most likely), or the Update catalog or MS download site, you get September’s security updates, along with October’s.

IOW if you keep your system up to date (though maybe not on patch day like MS would prefer), you only need the “security only” update.

If you are behind, use the “security & quality rollup”.

The picture is clearer now. At least right now, I’m not as scared as I was yesterday. 🙂

Again guys – highly recommend you grabbing the IE Tab Chrome/Firefox extension. You can also use the “Auto URL” functionality to make any tabs going to http://catalog.update.microsoft.com/v7/site/* automatically open in the IE Tab extension, so you don’t even need to click on the IE Tab button in your browser after trying to load the page in Chrome or Firefox. Very handy!

Alternately, just download it from the MS site. Look up the KB, and check out “Method 2” – those are the links to DL from the MS site, NOT the Update catalog.

Reply | Quote

Keep in mind – don’t do ANYTHING at this point.
This is patch day – don’t install ANYTHING.
Give it at least a few days, if not weeks….

Reply | Quote

There are also security-only updates for .NET. The keyword that brings them forward is “only” (or maybe there is a better one, but I couldn’t think of it):
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=october+2016+only+framework

Even then, they are not exactly at the top of the list… of course, if you know the exact kb number it’s easier – but there are variations based on the .NET and OS version.

Reply | Quote

@fp:”trying to access the KB3192391 download page with IE11 fails with: Object does not support property or method ‘addEventListener.
Anybody experienced this?”
Same here, I just tried to download it with IE 11 and failed. Anyway, as it has already been mentioned, we should NOT install anything.

Reply | Quote

Is this the right place to download from https://www.microsoft.com/en-us/download/details.aspx?id=53990?

Does Windows Update have to be set to on or off in order to install the above?

Does Windows Update include things that one has to install that are not part of the security only update? I am confused by mentions that some things are available separately (.net framework ? and MSRT).

Reply | Quote

Looks like the “Security Only Update” vs. “Security and Quality Rollup” choice that applies to Windows also applies to .NET. The Security Only .NET is KB3188730 (Win7/2008R2) and KB3188732 (Win8.1/2012R2).

Reply | Quote

I am in no hurry to install anything from any source. However, I am curious about the Microsoft Update Catalog which I have never accessed.

When I click on Rss links to the catalog (for example, Woody’s first clickable link in this post) using Google Chrome I get a page where I am unable to click, delete, or insert anything. Any ideas why?

Also, although I have never done it, would it not be easier to access the catalog by simply using Internet Explorer?

Thanks.

Reply | Quote

@Woody: It appears Microsoft has changed their mind once more. The security only rollup is available as direct download from the KB article. It redirected me here:

https://www.microsoft.com/en-us/download/details.aspx?id=53990

We need to pay attention to the latest news.

Either someone at Microsoft realized that the higher ups are doing a massive blunder by restricting this update to Catalog/WSUS and sneaked in the links the KB article OR Microsoft themselves were pushed into a corner by the enterprise sector to have those download links easily available.

Either way, being able to download the security only update without going through Update Catalog is a good thing.

Not such a good thing is the fact that this rollup has a high chance of including the bugs of the security updates it supersedes or replaces.

Reply | Quote

Yeah, when Woody says ‘DO NOT DOWNLOAD’ He isn’t kidding.

Reply | Quote

Good grief! Thanks for the heads up. I hadn’t noticed it.

Reply | Quote

Am I missing something here? The security only updates for October 2016 appear to be available at the regular MS Download site by way of any of the TechNet Security Bulletins for the same month. The Microsoft Update Catalog is NOT needed?

So for example

https://technet.microsoft.com/library/security/MS16-124

has links for the actual KB 3192391 patch file at

https://www.microsoft.com/en-us/download/details.aspx?id=53990

or not?

Regards,
shopper55

Reply | Quote

OOps,sorry, evidently I missed the very last two posts

Regards,
shopper55

Reply | Quote

@fp
I got the same thing, clicked the ok, and found nothing downloadable. However, I then clicked on the link under More Information which brought me to a Microsoft help page. Using the KB number in the search box got me a link to the catalog page, but with the wrong KB number (go figure). Inputing the proper KB number gave me the proper page. I added it to the cart (haha) and was then able to download.
No-I DID NOT install anything; it sits happily quiescent in my downloads folder.

Reply | Quote

I haven’t installed any speed-up patches that I know of. I’m now up to 2.5 hours of still checking for updates, so it seems like previous months, but maybe even worse? I’m on Win7 x64 that had nothing but a few optional updates available as of yesterday. And it took less than a minute to check 24 hours ago

Reply | Quote

Now this is interesting. I just clicked on Woody’s original link using Firefox. I chose the correct version (X64) and reached the page that had not worked for me earlier using IE11. I could check package details etc; and I was able to download. No problems. 6:40 Eastern time for the curious. BTW, I’m using NoScript, but had no trouble at all as MS is already whitelisted.

Reply | Quote

It would appear you’re right… I managed to find the security-only update’s download page just by Googling the KB number for it.

Reply | Quote

Looks like MSE definition update is running a little slow, but not out of line for Patch Tuesday. It took 9 minutes to do it all, with 5 in the search phase. This was after updating early this morning. (Updates through MSE…)

Reply | Quote

If you have KB3172605 installed, then it shouldn’t… I did 2 checks that took less than a minute each. Without that, I have no idea how long it would take.

Reply | Quote

This is in response to the last sentence of this post. I suspect Vista will be pretty much the same. I don’t think it would be worth it to Microsoft to change the way Vista updates this late into its lifespan since 6 months from today Vista support will end.

What would be the point? They plan for 7 & 8.1 to become fully cumulative starting next year I believe? Probably by the time that starts Vista will only have a couple months left or have just ended. Also more and more programs are dumping support for Vista.

Vista’s market share is through the floor but since Microsoft guaranteed support until 2017 they’re going to continue to patch it until its support ends in 6 months. 7 has a little over 3 years left, 8.1 has a little over 6 years left. Vista has 6 months. So I doubt it’ll change. I could be wrong. But seeing as how they didn’t announce the patching changes for Vista, then it’s unlikely it will go cumulative especially this late in the game.

Reply | Quote

I have one win 7 machine that I need to get updated now with the hand full of patches that are ok from September.

KB: 3177186, 3175024, 3182203, 3184122 and 3185319.

I didn’t get to this machine until about 3:30 pm CST. The updates are listed to download but it just spins and spins. A machine that did get updated earlier this am now just spins checking for updates. So nothing is working, not even the option to get Octobers stuff.

It’s obvious a speed up patch is now needed. If as some have stated there will not be a single one I can manually install how am I going to get the above patches installed?

No I do not want to install a roll up to get the single speed up I need as I only want to get the September patches installed at this time. If I let it run for 24 hrs will it finally install them? If not what are my options? Thanks.

Reply | Quote

Ends up that Vista’s very different. More in the morning, in InfoWorld.

Reply | Quote

Looks like kb3172605 fits the bill.

Reply | Quote

Believe me, it’s easy to do. Hundreds of posts today.

Reply | Quote

Here’s one problem with the new update model: If one update in the rollup fails, the entire rollup fails.

GaryK

Reply | Quote

True.

Reply | Quote

I’m no computer expert, but I have installed all the important updates from Windows Update and my Windows 7 machine is working perfectly OK. Sorry, but I don’t understand what all this fuss here and in other sites is all about!

Reply | Quote

It will probably finish within 24 hours.

Only way I’ve seen to speed up Win7 scans is by installing both KB 3020369 and KB 3172605. See http://wu.krelay.de/en/ for details about problems with both. (Yes, 3172605 breaks bluetooth on Intel machines, but Intel has a new driver.)

Reply | Quote

Two big questions:

1) Did the rollup include more snooping?

2) If something in the rollup breaks, how will you fix it?

As long as you’re in Group A, and the rollup has no bugs, you’re home free.

Reply | Quote

Woody,

By now can I install 2952664? Or is it still something to avoid? Some say it’s necessary for future updates (and it does say it doesn’t have W10 stuff anymore in it).

If it’s necessary (or even merely harmless) I figure I’ll install it.

Reply | Quote

Hi Alberto. I’m going to give you the benefit of the doubt and assume you’re not a troll: If you take care of multiple users–anywhere from five to five thousand–and an Outlook security update cripples Outlook so that those five to five thousand users can’t use their email and they start calling you in an angst-ridden panic and you have to first figure out what the problem is and then second manually uninstall the offending update from five to five thousand PCs, you might begin to understand all the fuss.

GaryK

Reply | Quote

🙂

Reply | Quote

Good question. See my post, which just went up

https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/

Reply | Quote

1) Honestly I’m not too sure about the snooping. Long ago I uninstalled Windows 10 telemetry updates and hid them and they are still hidden.
2) The rollup Update KB3185330 is shown in the list of installed updates, so it can be uninstalled if it causes any problems. I’m not sure if this is the right answer to your question though!

Reply | Quote

Well, I guess what you said makes perfect sense if you are managing multiple systems. From a home user’s perspective, this article and other similar ones on the web seem a little overcautious.

Reply | Quote

Snooping is a very squishy topic – we don’t know what Microsoft is doing to Win7 at this point.

The whole update can be uninstalled. But individual updates cannot. Thus, for example, if a non-security patches causes bad side-effects, you have to roll out the security patches, too.

As long as the patches are OK, everything’s great.

Reply | Quote

Again, it all boils down to whether you accept Microsoft’s snooping, and how to recover if something goes bump in the night.

Reply | Quote

Thank you Woody for your insightful replies

Reply | Quote

Just checked my updates for October and MS sent me KB 3188740, KB3185330 and malicious update KB89830. I may have seen mention of KB3185330 but I have never seen KB3188740. I turned updates off again and left them where they were. I think I might be a little lost.

Reply | Quote

Perhaps the reason that the updates are offered through the Download Centre this month is because the Update Catalog is not yet “fixed” for other browsers as Microsoft had promised to do earlier?

Once the Update Catalog has been fixed then the updates may no longer be available from the Download Centre, as Microsoft said before.

Hope for the best. Prepare for the worst.

Reply | Quote

The catalog is pretty sparse I noticed

By the way click more information on each update pack after running WUD, it breaks down the MS number,

EX
https://support.microsoft.com/en-us/kb/3185330
-supposedly fixes a update released last month (didn’t install it)

https://support.microsoft.com/en-us/kb/3188740

https://support.microsoft.com/en-us/kb/2952664 – phone home garbage

Reply | Quote

On reflection, I think this is a serious problem. If you have a failure with one of the security updates (or even one of the optional updates) included in the rollup, you don’t get *any* of the security updates for that month, and possibly longer. There needs to be code in the rollup that allows it to proceed with every update it can even if a portion fails; further, comprehensive info about the exact failure–which update, what error code–should be published in an error message.

GaryK

Reply | Quote

It certainly is a serious problem. In fact, it’s worse.

For those in Group A – the folks who are taking the “Security Monthly Quality Rollup” – if one part of the rollup causes problems, you have to uninstall the whole rollup. If the problem lies in one of the non-security patches, you have to take out all of the security and non-security patches for that month.

It also isn’t clear how rolling back cumulative updates will work. Not a simple problem.

Reply | Quote

Quite possible.

Reply | Quote

Relax. Wait for MS-DEFCON 3, and I should have full details.

Reply | Quote

Keep posting good questions!

Reply | Quote

Well my toshiba satellite laptop doesn’t have intel blue-tooth.

It has a AMD Vision, energy star, and epeat gold from what I see on my computer side near the keyboard.

So would it be safe to install 3172605 on my laptop? Of course I will wait until after Halloween to install it and test it on my dad’s computer.

Reply | Quote

Why install it now? Wait until you’re ready to get serious about patching.

Reply | Quote

@Gary Karasik,

Why start at 5 users? I take care of just 2 computers – my computer and a relative’s, and if that person’s email stopped working or computer wouldn’t turn on, my phone would be ringing, beeping and buzzing (and it has in the past, even though I lived thousands of miles away and it was the middle of the night for me)! 😉

Reply | Quote

@JO,

I may or may not have had the same problem as you.

I don’t use Chrome, I use IE 11 — but last week when I was experimenting with uploading something from the Update Catalog for the first time, I had a doozy of a time trying to use Woody’s link to the update that I was seeking. I described my tussles here on this site, in another discussion thread.

I did not manage to get Woody’s direct hyperlink to work, but I was able to successfully use the Update Catalog by going straight to its initial home page (I did a search for that on the Microsoft Help/Support site, and I clicked on the link that search threw up for me), installing the add-on that the Update Catalog requires (which I’d never had before on my computer), and doing a search for the update I was looking for.

Reply | Quote

@Woody,

Intel does not have new drivers for all the affected Windows 7 drivers.

I don’t think they have one for mine.

And it appears that they plan not to create a new version for a substantial group of older drivers/customers.

The same old list is still going around — the following comment is dated October 3rd but the list of drivers is the old one, from August 9:
https://communities.intel.com/thread/104851

They do not list all their drivers, and they say
“A solution for additional adapters will come a few weeks later.”
But has there been a newer list created?

—-
In the link to the 3-page-long discussion thread that you quoted above — hyperlinked under “Intel has a new driver” —

if you read the last page of comments, there are many users whose drivers Intel has decided not to replace,
and what Intel tells people like them (and me) is:

“As we mentioned, it is not possible to provide a fix for older adapters.
Bluetooth will function if you remove the updates and prevent Windows from applying them;
or, you can proceed with the Windows updates knowing that Bluetooth will not work.”

So, you can either have Windows Updates and have KB 3172605/3161608 and go with Group A downloading,
or you can have your computer’s Bluetooth working.
One or the other.

===
Therefore, this is the *second* bad Windows patch that, through no fault of my own, with my computer set-up still being the same as it came originally from the factory, is going to prevent me from being in Group A and accepting Windows Updates as Microsoft intends me to.

Reply | Quote

Basic question:

On a computer running Windows 7 SP1 with Windows Update set to “Never check for updates (not recommended)” is it safe now to click the “Check for updates” button or should I wait until Woody moves to MS-Defcon 3?

I do not intend to actually install any new updates until Woody moves to Defcon 3, but I would like to see if previously pending updates are still pending.

Reply | Quote

I need to post a correction to part of what I wrote just above:

The link that you linked to in your comment earlier, hyperlinked under the words “Intel has a new driver”, is:
https://communities.intel.com/thread/106442

In that link, there are only two posts and it’s just on one page. The guy who made the first post actually couldn’t get the instructions to work, and had to do some fancy technical stuff on his own (which a non-techie like me would not know how to do) in order to push it through.

The one response to his post gave a link to a longer discussion thread in case it shed more light on the problem. The link was to this thread: https://communities.intel.com/thread/104414

And it is the 3rd page of THAT thread which I was trying to direct your attention to.

This goes directly to the third page:
https://communities.intel.com/thread/104414?start=30&tstart=0

And there are posts like the following:
“Intel (or Microsoft) is going to have to do something about the drivers for the discontinued Bluetooth adapters. Starting in October, Microsoft will be releasing Windows7/8… updates only as roll-ups, meaning if they include the patch that breaks Bluetooth, you can’t avoid it and receive other updates”
“intel ..dont forget your customers! “not possible” is no solution.”
“It is ms-patchday and the laptop runs now hours-long with high CPU-usage and is nearly not usable. Should that be the future every month from now on? or install ms-patch and lose the bluetooth-functionality?”

—
—
So if readers here have Intel Bluetooth on a computer that is more than 2 years old, don’t assume that you can go right into Windows Update “Group A” or that you can safely install KB3161608/KB3172605 — first, check out which Intel Bluetooth driver is in your machine, see if it’s on the list of drivers that Intel has published a fix for, and get that fixed, prior to forging ahead with Windows Updates.

If Intel has not provided a fix for your Bluetooth driver, you will either have to
1) lose the Bluetooth functionality in your machine (and get lots of error messages in your Event Viewer even if you never try to use the Bluetooth feature!) or
2) not accept cumulative Windows Updates from now on.

Reply | Quote

Should I just download KB3192391 and the other downloads, avoiding the two monthly rollups?

Reply | Quote

The KB3188740 is nothing more than a NET rollup for win 7 sp1 sorry.

Reply | Quote

I am-I’m waiting until after Halloween like ya said wait 2-3 weeks until things are Level 3.

I mean I got some Halloween stuff I wanna watch and stuff to read too. I mean seriously when I heard of Patch-O-Geddon for October, I thought “You should wait until October is over to see if anyone found a way to speed up WU and what KB updates are safe.”

I mean I gotta install the speed up in the morning, defrag and regain MB and such the night before and exactly at Midnight I scan and install updates and be in bed by 1am or so.

I ain’t wasting a morning or afternoon or evening installing updates and missing on stuff to catch up on.

Plus after I install, I turn off WU so I don’t get disturbed of any updates for awhile. Trust me in the past-MICROSOFT’S updates and stuff has disturbed parts of my day and time.

Reply | Quote

So I am gonna wait it out until everything is okay to install. I like things to be simple and easy than complicated.

Reply | Quote

How wood 1 go about finding “.NET security-only” updates using the Microsoft Update Catalog without knowing the KB number. All I see is the KB for the .NET security + non-security rollup. And, by the way, whose ever idea it was to shoehorn “Quality” into every other statement needs to be thrown a BOOT PARTY!

Reply | Quote

Oh shoot I can’t. KB3192391 is only for 86-bit ><.

Reply | Quote

Never mind. Found the 64-bit version ^^;. Hopefully this will work better than the monthly rollups.

Reply | Quote

Well…I am a home user, Alberto and I think you must be one of the lucky ones……… and I’m glad your experiences have proven good……. but think you should understand that other’s experiences have not been as good as yours… and I feel your comments/views are a bit belittling to other’s points of view. If you had been subjected to some of the things that people have had to dig themselves out of because of dodgy patches (not to mention the dreaded GWX drama) you perhaps would have an understanding of the animosity that people have towards updating. It is not a seamless procedure as it used to be some years ago…… and as some have said the USERS are the BETA Testers for MS. So the concern and the angst that people feel is a very genuine thing and should not be belittled simply because you haven’t experienced these things……… or perhaps you have and haven’t even realised that you have. Be very aware that Snooping/collecting of your data is going on even if you don’t think this is happening on your machine. It could very well be so. If that doesn’t concern you – then as Woody says…… your home and dry! LT

Vision without ACTION is a DAY DREAM
Action without vision is a NIGHTMARE

Reply | Quote

Just for info. I have CEIP turned off and still get this update

Reply | Quote

+1

Reply | Quote

@poohsticks
In your specific situation, with old hardware for which Intel is not providing updated drivers and unless you trust abbodi’s method of extracting the WU agent only from KB3172605, I suggest continuing to update until it really becomes a functionality problem. Then you should really stop updating, but unfortunately you may find yourself in the same situation with the current users of Windows XP, i.e exposed to all sort of Internet nasties, although it is very possible not to be affected at all.
I still find using the computer taking precedence over a presumable security threat which may never materialise. Unfortunately a lot of users affected by viruses do not realise it or realise it late and there is no definitive solution to this problem even from the major antivirus manufacturers.

Reply | Quote

This is just an imaginary problem. A failing patch is a failing patch, regardless of its complexity. For you as end user it is absolutely the same thing.

Reply | Quote

@Woody:

Is it best to have the Win Updates set at “NEVER” until you reach MS-DEFCON 3? Or is it all right to have it set at “Check for updates but let me choose whether to download and install” to see what’s out there?

For Group B, how do we know which are the Security Updates only, so we don’t install all of the others that Group A wants (the non-security, etc.).

Apologies, however I’m “lost” here, trying to determine if it’s OK to change my settings to “Check for updates but let me choose to download and install”. At least with this setting I can see what’s “available”, and which one(s) I’m supposed to DL & install for Group B when you change to MS-DEFCON 3. (Also which “roll-ups” is Group B supposed to install?)

Your help, as always, is appreciated. Thank you. 🙂

Reply | Quote

Chill. If you have updates set to “check” or “never” you’re fine, both of them behave identically at this point.

Wait for the MS-DEFCON level to change.

Reply | Quote

^ this

Reply | Quote

you’re still being snooped on in win10 even though you’ve hidden those telemetry updates.
They knew a lot of users would block them so they hardcoded the privacy invasion into the system.

Reply | Quote

The Security-only update for .NET 3.5.1 is KB3188730. This is the counterpart to KB3188740, which is the Security and Quality Rollup for .NET 3.5.1.

KB3188730 at the Microsoft Catalog:
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3188730

KB3188730 at the Microsoft Download Center:
https://www.microsoft.com/en-us/download/details.aspx?id=54007

Downloads are available for 32-bit and 64-bit Windows 7.

Reply | Quote

Did I say five? Sorry–I meant two. 🙂

GaryK

Reply | Quote

Woody: I’ve been busy with other things but wanted to thank you for this information.

Reply | Quote

BEWARE: The dreaded KB 2952664 snooping patch is now being offered as “Important” and is checked by default. Uncheck and hide before proceeding to decide on any other patches.

Reply | Quote

It’s only checked by default if you’ve selected the Windows Update setting marked “Give me recommended updates the same way I receive important updates.”

See http://www.infoworld.com/article/3130076/microsoft-windows/win-781-patchocalypse-springs-a-few-surprises.html

Reply | Quote

i installed KB3192391 should I uninstall it.

Reply | Quote

Hi Woody,

I’m new to this, and I’m confused, worried and don’t know what to do.

In September, I was advised that while I’m not patched with the latest security updates, I should Not be connected to the internet as all business & personal data (including online banking and credit-card passwords)are at-risk and compromised. With that advice, I feel a sense of urgency to get patched, but I’m set at “Never check for updates…” and waiting for Defcon 3. Am I missing something? How do I stay safe while waiting for Defcon 3?

Please forgive me, I’m tech-challenged. I would really be grateful if my worry and confusion could be relieved. Thanks.

Reply | Quote

Thank you for the link for KB3188730!!!!

Reply | Quote

@CH100,

I can’t be in Group A anyway, due to not being able to install the “important” update kb3033929,

so my plan is to be in Group B if I can,

and if that doesn’t work, I’ll go to Group C/W.

My understanding of update kb3172605 is that it is not important/security, at least it was not on my Windows Update scan for my machine as of Monday night.

So my impression is that I do not need to worry about kb3172605, since it appears that most people are trying to get it in order to speed up their Windows Update scanning.

My Windows Update scan late on Monday night was quick, something less than 10 minutes (that is how long I was away from the computer).

I also have the understanding that I don’t need to worry about kb3172605 to speed up my Windows Update scanning if I plan to be in Group B anyway and must download the Security-only update/rollup from the Update Catalog.

Perhaps that understanding is incorrect, because I don’t know why lots of folks here are making a big deal about needing to make sure that their WU scans quickly in October and about downloading kb3172605 straightaway. 🙂

Maybe my Windows Update scan was fast on Monday night, yet it wouldn’t have been on Tuesday morning after the new patching system was introduced — I have not wanted to test my Windows Update at this risky “DefCon” level.

But even if that is the case (if my Windows Update has become slow again), I am not sure why I’d be using Windows Update from now on, if all the patches I will have access to, with Group B, are going to be manually available in the Update Catalog.

I have had a bad migraine for the last 2 days, probably barometric-pressure-related, and I’m trying not to think about things that are not immediately important (because concentrating hurts). So I’m fine with being confused on some issues, as long as I play it safe with my own machine in this moment — meaning “do nothing”! 🙂

Reply | Quote

“So my impression is that I do not need to worry about kb3172605, since it appears that most people are trying to get it in order to speed up their Windows Update scanning.”

This is correct. The only important agent as classified by Microsoft at the moment is KB3138612 and that one should be installed by everyone who cares about the scanning time.

Reply | Quote

… so the older (and less suspicious, and not Intel Bluetooth antagonistic) KB 3138612, along with KB 3020369 are sufficient for Win7? If so, I better get the main post modified.

Reply | Quote

A couple of people at krebsonsecurity.com are reporting problems after updating:
“This time the mandatory Windows update pulled down some obscure Intel sound driver that wiped out my Realtek sound driver.”
“The above has happened, also on my win 10,8.1,8, and win7 machines.”
https://krebsonsecurity.com/2016/10/microsoft-no-more-pick-and-choose-patching/#comments

Reply | Quote

OMG. Thanks for the link!

Reply | Quote

Installed KB 3185330 on Windows 7 x64 laptop. Afterwards, when I open Internet Explorer 11, there’s a pop-up box asking me to choose Microsoft default settings or stay with my current settings. It then will not allow me to finish the action, and the only way to continue is to open the Task Manager to close IE 11.

Reply | Quote

I’m confused, does this mean that automatic update downloads don’t work anymore? Starting Tuesday whenever I turn on my computer ‘service host local services (13)eats up my cpu and keeps my laptop fan running continuously. The top item in the services is ‘windows update’, if I STOP this process my cpu goes back to normal. Either way my download updates but don’t install shows NO UPDATES.
do I have to manually download these now?

Reply | Quote

You’re fine. If you last got your security patches 4 or 6 months ago, there’s nothing pressing.

Wait for MS-DEFCON 3.

Reply | Quote

See http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

Reply | Quote

WSUS now looks like a total mess.

We have things called:
Security Only Update
Security Only Quality Update
Security and Quality Rollup
Security Monthly Quality Rollup

as well as a whole pile of old style:
Security Update(s)
for:
– Windows Server
– Silverlight
– Office
– .NET
– Adobe Flash Player

So Microsoft has put the zero-day IE11 fix for MS16-118 into KB3185330 and KB3192391, which are “Security Monthly Quality Rollup” and “Security Only Quality Update”… But with “Quality” in there, doesn’t that mean they are Group A patches, meaning to get the fix you need to accept the snooping?

Reply | Quote

Woody, I notice that in your new article “Win 7/8.1 ‘patchocalypse’ springs a few surprises” you said:

In addition, the security patches are available as one-off downloads through the Microsoft Download Center. If you don’t want to install this month’s entire security-only update, you can pluck off each individual patch and install it by going to the relevant TechNet article and clicking on the download link. For example, MS16-124/KB 3193227, the Security Update for Windows Registry, can be downloaded and installed all by itself.

However, what I find is that the download links only allow me to download the “Security-only Rollup” KB3192391 or the “Security Monthly Quality Rollup” KB3185330, not the individual security patches.

Did I miss something here?

Hope for the best. Prepare for the worst.

Reply | Quote

from your article = Those who continue to use Windows Update will get all of Microsoft’s Windows patches. According to your windows 8.1 book I’ve consistently let windows update download the updates and installed them only when you said it was safe to do so. Again does it now mean that windows automatic update does not work and I have to manually download them? Should I buy an apple computer?

Reply | Quote

Noting that drastic!

First, make sure you have automatic update turned off – as described in my books.

Then, read this and decide if you want to be in Group A or Group B

http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

Then wait. Seriously. At some point the coast will be more-or-less clear, I’ll move us to MS-DEFCON 3, and have full instructions at that time.

Reply | Quote

Oh boy.

Yes, they only point to links for the Security-only or Monthly Rollup patches.

My InfoWorld article is wrong.

I’ll get it corrected in the morning. Sorry about that – and thanks for the correction!

Reply | Quote

Hi Lizzytish,

Thank you for your reply. I’m sorry but I didn’t mean to belittle anyone’s opinion. Maybe because I’m not a native English speaker so I wasn’t using the most appropriate words. I do apologize if anyone has felt this way.

Going back to Updates, maybe like you said I was lucky. Quite honestly, My Windows 7 Update has always been set to Automatic including recommended, and I never had a single problem or uninstalled an update. Only after my netbook display adapter was found incompatible for Windows 10, and telemetry became aggressive towards the end of the free upgrade period and started running on every boot that I uninstalled KB2952664 and other GWX updates because they were slowing down my machine on boot.

As far as collecting data or what’s refereed to here as snooping is concerned, I’m OK with it (and this is just my opinion). I trust MS will only collect performance data, and think If everyone denies MS this data, how will MS know if Windows is functioning properly on the countless hardware configurations out there, or provide fixes if needed? Or maybe because I feel I have nothing worthy of snooping on! What are they going to find on this old man’s machine anyway? Other than few news sites, a couple of email sites (one of them belongs to MS) and a couple of Internet card game sites. Please note this is just a layman’s opinion and not belittling anyone 🙂

Reply | Quote

That “Security Only Quality Update” KB3192391 is supposed to contain the security content of KB3185330 without the non-security content.

If all you want is security updates this will be the one you want.

Of course, Woody’s advice is to wait some time until it is safe to patch, anyway.

Hope for the best. Prepare for the worst.

Reply | Quote

Please stop using gray text on your website. Please use black so older people with marginal eyesight can read posts.

Reply | Quote

@Michael,

Oh, that list is different from the list that someone else gave here!

As far as I can remember, the other list I saw here didn’t indicate that there were both:

Security Only Update
and
Security Only Quality Update

What is the difference between those two updates?

Does the “quality” descriptor mean that it’s a cumulative patch?

Reply | Quote

@Michael,

I think I have figured it out, by looking at the other list that someone else, contributor “Olaf”, provided to a different discussion thread here —
what you are seeing might be a mixture between the .NET updates and the normal updates.

According to that other list, the .Net update packages and the normal update packages are named slightly inconsistently, which I think was a mistake that Microsoft should fix
[ see my post: https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/comment-page-2/#comment-102181 ]

Olaf says that they are the following:

NET
1. Security Only Update for .NET
2. Security and Quality Rollup for .NET

Windows
1. Security Only Quality Update
2. Security Monthly Quality Rollup

[Olaf’s post: https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/comment-page-2/#comment-102147 ]

Therefore, the “Security Only Update” and the “Security Only Quality Update” are two different things altogether, and not two different versions of the same thing.

—
It appears that the ones called “update” are not cumulative, and the ones called “rollup” are cumulative.

Reply | Quote

@Woody,

When you posted tonight in the following comment: https://www.askwoody.com/2016/dont-install-any-updates-yet-but-heres-where-to-find-them/comment-page-3/#comment-102172

that your info in the Infoworld article about this (http://www.infoworld.com/article/3130076/microsoft-windows/win-781-patchocalypse-springs-a-few-surprises.html )

is wrong, does that mean that what “Tudor” saw and described above is now NOT the way it is working anymore?

Reply | Quote

@Woody,

Or was it the above information from Shopper55 that is now no longer working and which you will change your InfoWorld article to reflect?

I am confused about what Tudor said and Shopper55 said – did they say the same thing?

Is neither/both way(s) not the way things are working anymore?

Reply | Quote

It’s complicated 🙂

Tudor and shopper55 are both correct. I was wrong in the way I interpreted the comments – but not completely wrong. I’ll have the change made as soon as my editors are awake.

Reply | Quote

See http://www.infoworld.com/article/3130076/microsoft-windows/win-781-patchocalypse-springs-a-few-surprises.html

It’s lousy terminology.

Reply | Quote

I’ve tried fiddling with the contrast on the site, and come to the conclusion that I’m not adept enough with this WordPress skin to fix anything without clobbering something else. Sorry.

Reply | Quote

Worth remembering… if you use the Chrome browser, Google search, ChromeOS, Android, Alexa, or one of a myriad of products or services, you’re also being snooped.

Like you, I’ve come to terms with the intrusiveness. Which is why I use Win10.

Reply | Quote

I have my system set to notify me of updates but not install, so this morning when my computer was poised to restart to finish the download, I got suspicious. KB 3185330 was one of the three updates. When I tried to investigate this patch from the MS link, the description said nothing and just referred me to another document. Looks like they are hiding something.

I checked and KB 2952664 is sitting in the optional updates ready for installation. I will not install it.

Can I uninstall and hide KB 3185330? I am not a techie but am a fan of privacy and not being forced to actions without my consent.

Reply | Quote

Took the plunge, with the full package, and something’s weird. Checked for updates again after installing it and rebooting, took somewhat longer than before, and now I have the servicing stack update listed as important, wasn’t there before, and nothing else. No optional tab anymore, with the 4 updates (including a driver) I had left there. Don’t seem to have been installed though.
So what did it (or I) mess up? :/

Reply | Quote

That’s really good to know that you’re also using Win 10. Actually I upgraded all my household computers to 10 except for one which had incompatible display, and I love it. I was quite surprised and pleased that Win 10 actually runs better than 7 even on my 8 year old core 2 laptop!

I’m not trying to advertise Win 10 here! Just sharing my lucky story 🙂

Reply | Quote

Hey Woody,
Something has happened that has changed my Windows Update settings on my main machine to “Check and Install Automatically”, also both “Recommended Updates” and “Other Microsoft Updates” check-boxes were ticked again.

I’m using 8.1 Pro and I just put a group policy in place to prevent automatic updates, I’m hoping this doesn’t happen again.

However, now KB3185331, KB2976978 and KB3188743 are pending restart and I’m not sure how to prevent this. Should I just install and hope for the best?

It is mighty annoying having to constantly babysit your operating system, it’s like a dog that can’t be trusted in the kitchen alone…

Reply | Quote

Installing some programs will flip the setting without warning. Best bet is to go ahead and install, then immediately manually uninstall.

Reply | Quote

It’s nice to meet you Alberto….. and your explanation is most appreciated. Somewhere along the line I did once include the Privacy Statement that MS issued, (it would be easily available if Googled or whatever SE you use) but in it, it quite catagorically states that by using Win10 you give MS the right to all your data on your PC for their use.
They do state that they won’t use your emails or personal files………. but to me the inference is that they can perhaps at some future date, but also infers that they have got it, but won’t use it (for now). Maybe you would call this bordering on paranoia….. but I feel that what’s on my computer is for me to decide who I share it with……… and not a third party. As people have said it’s becoming more and more difficult to keep that privacy and security around one’s personal life on line and sometimes in real life.

People have made the distinction on this forum….that even if Google et al are the same……they most of the time work outside of your computer when you are browsing, sending emails, social networking etc. MS are bringing this into our Computers……. and that’s the difference.

And there lies the rub!

So besides the privacy issues there is also the issue of dodgy patches that can really brick your computer and cause so much angst. Just this week a member in one of the groups I’m in…. and is on Win10….wrote this email and I quote:

“I got everything working and then my laptop crashed after the updates.

I hate Microsoft!!!!!”

and this is something that happens very consistently. She’s not the only one… their number is legion!

So it’s an issue………. that’s why people come to this site and sit at Woody’s feet…….. as well as all the others who share their thoughts with us. And that’s why we hold off and watch and listen before we update. MS’s culture has changed considerably….. it used to be a far nicer experience for us all ….. including themselves……… Now it’s……… well different! LT

“Sometimes when things are falling apart, they are just falling into place.” – Anonymous

Reply | Quote

Thanks for the reply Woody. How would one tell that it is the 32 bit download? Perhaps my reading of the page was incorrect. I run 64 bit and would naturaly need that one. Thanks, Chip

Reply | Quote

Sorry LT, I have to contradict you here. Windows Update was never a seamless procedure. It is actually better starting with Windows Vista compared to XP times since the introduction of the so-called CBS, but it is still a mess, maybe a different type of mess.

Reply | Quote

The naming sucks. If it includes “x64” that’s the 64-bit version. If there’s no “x” then it’s the 32-bit version.

Reply | Quote

poohsticks:

Thank you for the reply. Here is what I have learned, which you and many others may already know:

In Woody’s October 11 post “How to scan the Microsoft Catalog for security patches”

https://www.askwoody.com/2016/how-to-scan-the-microsoft-update-catalog-for-security-patches/

Woody has a link to his InfoWorld article covering the same topic.

http://www.infoworld.com/article/3112862/microsoft-windows/how-to-check-the-microsoft-update-catalog-with-any-browser.html

There are currently six comments at the end of that article and Woody explains there that in order to read the RSS feed for the Microsoft Update Catalog one’s browser must have an “RSS interpreter.” Apparently Chrome does not have one and therefore an “extension” such as “RSS Subscription extension (by Google)” must be added. Having never previously added an extension to Chrome I am hesitant to add one now given all the changes to Windows Update. It should be easier to identify the source of problems should they arise during the next several weeks as new Microsoft updates are installed (always after Woody gives the OK) if the changes to my computer are kept to a minimum. Similarly, I am reluctant to install the add-on that Internet Explorer seems to need to use the Microsoft Update Catalog. In addition, I am generally reluctant to use Internet Explorer for any purpose until this month’s security patches, which apparently include fixes for Internet Explorer, are installed.

Reply | Quote

Ah!……well guess compared to how it is NOW and how it was say 2 years ago or so….. to me it would have appeared seamless …… merely because I wasn’t paying attention more than likely……… and I wasn’t tripped up so to speak……. but yes I would perhaps have done better to have termed it differently!!! Good call ch100!!

Reply | Quote

Just for what it’s worth: KB3185330 (full) and KB3192391 (security only) both include the security update for Internet Explorer. Which is weird, because (at least on my system) IE’s security update is also seen as a seperate update. I don’t like it by the way. It messes my favorites folder.

Reply | Quote

Rolled out the updates to about 275 Win 7 machines last night after successful testing. Have about 30 users reporting Outlook freezing and IE not working. Off to roll back – thanks again MS.

Reply | Quote

Why are you installing updates? We are on DEFCON2 – don’t install anything until Woody gives the go-ahead.

Reply | Quote

Check your settings. They should read “Ckeck for updates but let me decide whether to download and install.”
If you have it set to “Download but let me decide when to install” it will download updates in the background and install them the next time you reboot.

KB3185330 is the new Oct Security + non-security monthly rollup. At this point you can TRY to uninstall it and reboot. Be sure you have the settings “Check but let me choose whether to download..” or “Never check for updates” correct first. I don’t know if anyone has tried to uninstall the new rollups or not, or how successful it is.

Reply | Quote

UPDATE: rolled back KB3185330 and the issues with Outlook 2010 and IE 11 freezing went away.

Reply | Quote

+1

Reply | Quote

If you narrow it down, yell read loud!

Did you use Security-only or Monthly rollup?

Reply | Quote

Really doubt I waited more than until the 2nd day after release to install security updates, almost always it’s within 24h, so wanted that, and when I saw, even in Woody’s Infoworld article, that the bundle should only include October security updates and the September non-security bundle, not new stuff, said might as well.

Otherwise things seem fine so far. And actually using IE (another reason to install at least the security updates, with the one for it not separate anymore) and not having issues with it at the moment. If anything, at least so far, some odd access denied errors that kept being logged as from my security software lately seem to have stopped now.

But worried about that change to WU, since my main concern in all of this (past the risk of serious system problems) is not to end up with forced automatic updates in Win 10 style.
As long as I get to choose, I tend to be in that 2nd group listed by Woody in an article as typical for those who don’t have it set to auto, as in check, give it a day or two to see if word of anything really bad reaches me, if not install everything*…
* Since the push for Win 10 and telemetry started, the “everything” excludes updates I knew shoved that down one’s throat. But besides that…

Reply | Quote

We had a similar issue with KB3185278, so I’m guessing that was included this month in KB3185330, but it’s just a guess at this point.

Reply | Quote

Thanks. I’ll keep my ears open and see if anybody else reports it.

What are the symptoms?

Reply | Quote

This will fix the issue for us and then we can roll-out the update again: https://support.microsoft.com/en-gb/kb/3185278

Symptoms: IE 11 starts up blank and unresponsive. Outlook 2010 freezes when using the Reading Pane. McAfee Endpoint Security partially shuts down.

Reply | Quote

@Woody: When can we install the security only/security only quality updates manually? Have you tested?

Also, many have issues with Windows Update on Windows 8.1(mostly x86 and on older devices). Manual check for updates take hours but doesn’t complete. However, after struggle, patch Tuesday updates listed in Widows Update, then everyday auto check for updates happen peacefully. Inbuilt troubleshooter and latest troubleshooter from windows update FAQ site find some issues and does fixes but the issue still persists. Is there any workaround/fix?

Reply | Quote

@Bill;

“Please use black so older people with marginal eyesight can read posts.”

+1

I’ve got the same problems.

I’ve found changing the screen viewing angle gives better contrast.

Check out the ease of access center.

Some techies on this forum might help out here.

Reply | Quote

Wait.

Wait for teh MS-DEFCON level to hit 3 (or higher).

Reply | Quote

@Woody: In re: KB3185278, this was an UNCHECKED Optional update received September 20th.

It was not installed, per last recommendation (for Group B) to not install the unchecked Optional updates (it was 60.2 MB).

There were no Security Updates pending, just 3 UNCHECKED Optionals. Setting is “NEVER CHECK FOR UPDATES” and has been since I set it up for the Group B – – per instructions.

Is there anything I should know about the above referenced Security Update as it relates to KB 3185278? There were a total of 3 Optional unchecked updates (and no Security updates) when I set it for Group B requirements.

I will just continue to wait until the MS-DEFCON level shows the “all clear” and there are more detailed instructions on how each “Group” is to proceed. Thank you for your invaluable help. Don’t know what we would do without you, and your contributors.

🙂

Reply | Quote

Grey text: My 80+ year old father used to complain about the same thing when he was still alive. I’m not there yet.

A suggestion: If you want more contrast, get an M-VA or other “VA” monitor, which are well known for superior contrast vs. TN and IPS monitors. TN monitors are very common in typical consumer displays such as you would find at a big box store. IPS displays have made some inroads but are often preferred photo work. VA displays originally were considered too contrasty for photo work but are now contenders for that use, while retaining their superior contrast.

I work with text and numbers all day long and believe me this has been a subject well worth investigating. You will have to do some online research to find out what type of panel a particular monitor uses.

Reply | Quote

Thank you once again LT and Woody for your informative replies. You guys are simply AWESOME. I’ve been a computer user even before Windows came into existence and computers had no keyboards, but I’m learning quite a lot on this site.

I can relate to other people’s concerns regarding updates but during XP days. I remember that SP2 caused my “then” new PCMCIA wireless card to stop working. I was so frustrated that I uninstalled SP2 and disabled WU completely for almost two years. Only when several other software started requiring SP2 that I reactivated WU and luckily found that the wireless issue had been fixed.

But that was XP. Since I had no issues with Windows 7 updates in the past and hope this will continue. I will continue to install the monthly rollups as they become available and will try to report to you the results so others will be warned in case of trouble.

Reply | Quote

@JO,

I think that the IE add-on that the update catalog requires is supposed to be quite safe to accept on one’s computer, no one has said otherwise here.

Do you have your IE patched up through September’s patches?
If you do, I don’t think there is any concern about people using IE for the rest of this month while putting off installing October’s IE patch
(while waiting for Woody to give the “okay” to install October’s patches).

Reply | Quote

Change the color setting in https://www.askwoody.com/wp-content/themes/gear_askwoody/style.css. There are two occurrances where it is defined, div.main and body. Looks like div.main is the one to change. Change it from “#666666” to “black”. I did the change in firebug, and the main text changed to black.

Reply | Quote

Thank you.

What about the Windows 8.1 x86 issue? The internet is good and much faster. However, the Win Update Check taking long time.

Reply | Quote

Yes, but we have some test systems that I always push updates to to see if they break anything in our specific environment. 🙂

Plus, a zero-day flaw, in my view, does warrant speedier evaluation than waiting almost to next month’s updates.

Reply | Quote

Especially since the word “Quality” has been tossed into the Security Only Update name for Windows, but in .NET it’s just called “Security Only Update”…

Yep, Microsoft Standard Operating Procedure…

Reply | Quote

You only create problems which should not exist by not using IE with the required ActiveX Control for the Microsoft Update Catalog. Please also read @poohsticks reply which is absolutely valid.
You have to use the right tools for the purpose, beyond any bias.
Or you don’t need to use the Catalog at all if you decide to patch only from Windows Update as the other method (Group B) is currently supported only for businesses which have specific compliance requirements.

Reply | Quote

Yep, thanks for that.

Honestly, I was headdesking over this. I wonder if the patches were named differently because they came from different teams (ie. the Windows team vs the .NET team) and somewhere a memo didn’t get passed along about naming.

Reply | Quote

Seriously, “pushed into a corner by the enterprise sector to have those download links easily available”?
Isn’t the Catalog the repository for businesses in addition to direct downloads for those with specific support agreements?

Reply | Quote

Well, some of us have testing machines where we can test any issues particular to our environment without affecting production users. I usually wait about a week for really loud screams before rolling out to test PCs/users, then, unless things break, wait until Defcon 3.

Reply | Quote

New to this Forum due to the latest Updates because I didn’t want to install 119.4 MB(!) unless absolutely necessary, nor do I care to have any for IE since I don’t use it & don’t care to as I prefer Mozilla, at home (and can only HOPE they get rid of it at work since it continuously has to “recover webpage” grrr, but that’s another story!) I’m very glad Google search brought me here, and I’ve decided to take your advice re not installing anything until MS-DEFCON 3 or greater, which I’ve not heard of, until just-now. I’ll be you have a particular link that defines/explains it; may I please get that from you? Please also tell me what should be checked and/or unchecked on the “Choose how Windows can install updates” screen (e.g., Recommended Updates: check or not?, etc.) I already changed the Important Updates option to have it let me choose download & install. Also, there is a statement at the bottom: Note: Windows Update might update itself automatically first when checking for other updates. Read privacy statement online (link). Is this anything of concern?

I imagine I’ll need to check here often, now, for the MS-DEFCON 3 occurrence, as I’m guessing the number of ‘members’ prohibits you from sending that info via email, am I correct?

Reply | Quote

Don’t you think the “Oct. 2016 Security Monthly Quality Rollup” will be replaced by the Preview Rollup of November next week?

Reply | Quote

Is it the EMET issue?

Reply | Quote

No. That’ll be a separate, new entry.

Reply | Quote

There’s a tab at the top of the page that explains the MS-DEFCOn system. I talk about it in all of my books.

There’s another tab that explains how to set Automatic Update.

Windows Update may update itself. Don’t worry about it.

You can check here often, if you like. Or you can follow me on Twitter, @woodyleonhard. Or you can look at the RSS feed (I use ighome.com). Or you can watch my columns on InfoWorld, http://infoworld.com/blog/woody-on-windows . I seem to have a lot of those lately.

Reply | Quote

Perhaps someone else here knows of a good Win 8.1 Update scan speedup trick?

Reply | Quote

When I try to use te “Microsoft Update Catalog” for downloading updates, IE11 crashes directly after I hit the download button.
I can however search and select items, so the add-on is properly installed.
Anybody else had this happening? I’ve got two machines with that same problem.

Reply | Quote

Good to know. Thank you!

Reply | Quote

@Woody:

I’m sure I inquired about this previously, however I’m in Group B, and leaning towards changing the “NEVER CHECK for updates” to the “Check for updates but let me choose whether to download and install them”.

At least this way I can see what is “pending”. I’m sure you stated more than once that both settings accomplish the same purpose, other than the “NEVER CHECK” users accept all responsibility to
be certain to do the checks themselves.

Can you please verify this once again? I think I’ve reached “meltdown” just trying to keep up with all of the many discussions and reading them all. Thank you again, Woody…. You are the “BEST”. 🙂

Reply | Quote

First, I used Win 8.1 inbuilt troubleshoot and it found and fixed something and Win Update all emptied everything in update history & hidden updates and made no updates to be installed. However, the never ending check for updates still persists. No auto check in background too.

The same happened with WindowsUpdateDisagnostic.diagcab from Windows Update FAQ.

The DISM “RestoreHealth” & “StartComponentCleanup” fails even in clean boot and sfc scan too fails to fix corrupted files.

Only Error checking for main partition is fine.

The system restore shows only today’s Windows Module Installer.

Even if KB2919355 is already installed months earlier, I’m trying to install KB2919355 using standalone installer with some hope that it’ll fix the issue but it is taking longer time searching for updates on the computer.

@Woody: What should I do? How to fix this issue without reinstalling the OS?

Reply | Quote

@ewh;

“I did the change in firebug, and the main text changed to black.”

Is that action for Woody or individual readers?

Reply | Quote

I believe it’s for individual readers. I tried to find something analogous in the WordPress controls, and couldn’t find anything.

Reply | Quote

I haven’t a clue. Perhaps abbodi or ch100 can help?

Reply | Quote

The only difference between the two settings is a flag that appears – sporadically – down in the notification area, next to the clock.

Other than that, I don’t know of any other difference. For all intents and purposes, they’re the same thing.

Reply | Quote

@Woody: Thank you so very, very much for the prompt and reliable response. I appreciate your help more than words can ever say. 🙂 🙂 🙂

Reply | Quote

Yes, that was what I conjectured in my earlier post at:

https://www.askwoody.com/2016/what-do-you-knowthink-about-kb-2952664/comment-page-2/#comment-102181

Reply | Quote

FYI, Today I changed my name from JO to prk280.

On the day before October’s new patches were released, I finished installing all of the critical and important updates for Windows including the latest cumulative update for Internet Explorer 11. Some recommended and optional updates for Windows remained uninstalled.

This TechNet page indicates that October’s updates address Internet Explorer vulnerabilities that are rated critical.

https://technet.microsoft.com/library/security/ms16-118

I am inclined to stay away from Internet Explorer until I am ready to put on this month’s patches.

Thank you for the reply and confirming that the Microsoft Update Catalog add-on is safe to install.

Given all the confusion about the Update Catalog, the Download Center, and Windows Update I am leaning toward putting myself in Group A.

Reply | Quote

FYI, Today I changed my name from JO to prk280.

Thanks for the reply.

I have never used the Microsoft Update Catalog and would not try to do so without adding the Active X control.

As I said in my new comment to poohsticks just above, I am leaning toward putting myself in Group A. I still might like to look at the Microsoft Update Catalog out of curiosity.

Reply | Quote

Meant for woody, but folks with browsers that support custom css for sites could do what they need. Firefox supports a user defined CSS along with add-ons that support users creating custom styles for sites.

I do not use WordPress, so my post was to indicate the actual resource clients retrieve that affects the font color. Do not know if WordPress supports direct admin maintenance of stylesheets. I would hope it does. You can try to direct edit and then see if WordPress overwrites anytime you do later edits via WordPress’s interface.

Reply | Quote

It may support direct manipulation of the stylesheets. I’ll see if my Web folks can do it.

Reply | Quote

Hi, JO!

Reply | Quote

The notification of your reply went to the same email address as before my name change to prk280, just as I wanted.

Thanks for your help Woody.

Reply | Quote

Are you referring to abbodi86?

How to contact them? They both don’t have links on their comments for contacts.
If you could help me, please ask them to read my comments and provide assistance asap.

Reply | Quote

Try with another browser using catalog update direct link which I assume you’ve already installed. I’m suggesting this since we’ve seen more problems/bugs reported on the addon.

Just add the KB’s to the q value in the link:
“http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=&#8221;

Downloads from catalog is ease with other browsers. No errors/crashes.

Reply | Quote

Thanks. I did (and do) have my settings set to notify me of new downloads and let me decide. Microsoft over-rode my setting and installed it at night when the computer was not in use. When I woke the computer up, it was already set at that point where it installed and needed to reboot.

Reply | Quote

I have been unable to figure out how to download specific updates from MS download center, e.g. KB3188740

Reply | Quote

” “Security and Quality Rollup for .NET” KB 3188740. ”
Where does one find that one?

Reply | Quote

Windows Update is the easiest spot.

Reply | Quote

When I type in the KB# and search on this site
https://www.microsoft.com/en-us/download
I have not been able to find any downloads.

Reply | Quote

Try using this:

https://www.askwoody.com/2016/microsoft-update-catalog-now-works-with-any-browser/

Reply | Quote

Thanks for the MS URL; now I see it.

Reply | Quote

I have left some updates alone–like Time Zone updates for Russia or Egypt, etc. Why do I need them anyway?!!!

Reply | Quote

I sent you a comment 2 minutes ago. Please reply. Thx

Reply | Quote

Alas, I rule this site with a velvet iron hand. 🙂

I, personally, review every post before it appears.

Reply | Quote

You probably don’t. That’s why I talk about Group B.

Reply | Quote

KB319391 installed on 10-14, a little prematurely, I think, since I didn’t read all the askwoody threads on the new update system. You advise waiting a little while before taking this step. Immediately, I had problems in IE11(Dell Inspiron, Windows7-64, SP1). The Explorer window froze every time I did a Google search. It didn’t just freeze the tab with the Google search, but froze all other tabs too. I then had to kill all explorer processes, but even that was difficult because it kept trying to reload the dead tabs.

I uninstalled today and thus far (fingers crossed)the Explorer seems to be its old self. Lesson learned. Also, after the uninstall it took my computer almost an hour to “prepare to reconfigure Windows.

Reply | Quote

“Security Monthly Quality Rollup” instead of “Security and Quality Monthly Rollup” – isn’t that like saying “peanut butter sandwich and jelly”?

Reply | Quote

HA!

Yep, they’re all Quality. Every single bit.

Reply | Quote

I’ve tested all of these updates on my VM’s for Windows 7. It appears that one of the KB’s, and my guess is, KB3192391, as my last test was only to install the October Security Only Quality Update, now launches this website when opening IE 11 after the update reboot.

https://mybrowser.microsoft.com/iewelcome?bpa=1

Not a huge issue for home users, but it is for an enterprise environment.

I’m looking into removing this setting.

We had previously applied the EOL notification for IE back in January and disabled the Win 10 notifications along with not deploying Windows feature updates for more than 6 months now.

Reply | Quote

OUCH. So KB3192391 hijacks the IE 11 start page? (Temporarily, I assume?)

Reply | Quote

Apparently there is an IE11 security update which is included in KB3192391. MS16-118 is listed as “critical” for IE11 in Windows7-64. The question now is whether it is advisable, necessary, or even possible to download and install MS16-118.

The Explorer start page wasn’t hijacked unless I input a Google search. Other pages loaded just fine. However, once I did a Google search in a new tab, the other tabs froze in addition to the tab with the Google search.

Reply | Quote

It’s as “clear as mud”!!! Wonder what else they can do to make it all as obfuscated as possible!!!

Reply | Quote

Hi!

Is it safe to install KB3192391 yet?

Reply | Quote

Wait!

There’s nothing in KB3192391 that you need – as long as you don’t use Internet Explorer or Edge, and you don’t open unknown RTF files in Word.

Wait for the rest of the problems to shake out.

Reply | Quote

🙂

Reply | Quote

Is Adobe owned by Microsoft?!
This is ridiculous
“Install and enable free Acrobat Reader DC to view PDFs”
Why not “Install Google Chrome/Firefox/Safari/Opera to browse the web” or “Set Google Search as the default search provider”

Reply | Quote

You have an advertisement on the page from Google to use Google Chrome – top right. That problem is created by Google and not by Microsoft.

Reply | Quote

“Some people report getting KB 3199209 on their Win10 1607 machines.”

Assuming one has turned off automatic download/install on a Win 10 machine, and then along comes an update like KB3192391, where the wisdom, after several weeks, is not to install it.
Them after another few weeks on patch Tuesday, we will nevertheless have updates we want or have to install, say a security update KB1234568. How in Win 10 can one then install the later update KB1234568 but avoid installing KB3192391?

Reply | Quote

By using wushowhide.

That’s why I haven’t yet given the go-ahead to install 3199209. It looks good, but I want to give it a few days to ferment.

There’s no immediate pressing reason to install it, as best I can tell.

Reply | Quote

Woody,
Thanks for the reply. I meant to exam the case where you finally decided that KB3199209 should not be installed. Then, 5 weeks later, we want and need to do additional Win 10 updates. Is there a method to install those later updates but exclude KB3199209?

Reply | Quote

Hi Woody, I’ve got the updates and it recommended to Install. I would like to ask you if these updates are secure or some of them can harm my computer? may you please advise me on which ones are secure and which are not. Thank you. KB2267602 (definition 1.229.2042.0), KB3188743.KB3185331,KB3194343,KB3174644, KB3175024,KB3177186,KB3178539, KB3184122,KB3184943,KB3185911,KB3187754, KB3182203, KB890830
Your advice is very important to me as we live in a country where is no computer specialists who can sort out computer if anything will go wrong.

Reply | Quote

WAIT!

There are no updates currently on offer that you absolutely need. As long as you don’t use IE or Edge, and you don’t open RTF files in Word from unknown sources, you’re fine.

Reply | Quote

If that were the case – I think 3199209 will prove to be OK – yes, you can exclude one specific update by using wushowhide. If we get to that point, I’ll provide full instructions.

Reply | Quote

Hi Woody, Where I can check if some update are secure? Microsoft sent me updates for devices that are not in my computer like Canon printer, Windows Defender that I am not using and never installed, Windows malicious software removal tool. I cannot understand what is going on with Windows.There are 14 Importand updates and 27 optoional and I’ve been lost what is really needed and what only will clog my computer. Are there any tutorial on how to recognise what updates are really needed for the PC, any links? Thank you Woody

Reply | Quote

Thank you very much, Woody. I am feeling like a heavy stone fallen from my head! Thank you, and I am glad to discover your web-site today. There is another message I sent you, hope you will answer. Have a nice day.

Reply | Quote

Sure. See the links above for the MS-DEFCON system, and Automatic Updates.

Basic idea is straightforward: Don’t install anything until we’ve switched to MS-DEFCON 3 or 4 (or even 5). When you see the new MS-DEFCON rating, there will be detailed instructions on what to install, and how to do it.

You can check back here from time to time, link to my RSS feed, follow me on Twitter @woodyleonhard, or keep an eye on my InfoWorld columns. I’m going to be writing more about monthly patching in InfoWorld, in the future.

Reply | Quote

Woody, I really need your help now, PLEASE. I have Windows 8.1, and installed GWXStopper 2.40, so far it worked well. Today, when I decided to update my Windows, the window opened saying “Your Upgrade to Windows 10 is ready. Restart your computer.” How I can rid off that Windows 10 from my computer? Please help me.

Reply | Quote

That’s’ great, Thank you so much, surely I will keep in touch with you, Woody. I cancelled all updates, but I even couldn’t imagine Windows will install also Windows 10. What a company! I cannot trust them any more! Is it possible to switch to other operating system?

Reply | Quote

If you don’t specifically need Windows programs, you should really look into getting a Chromebook – although the snooping is worse on the Google side.

Reply | Quote

You shouldn’t be getting any free upgrade “offers.”

I’d say restart your computer and if you get shoved into Windows 10, see this:

http://www.infoworld.com/article/3074096/microsoft-windows/hit-by-an-unexpected-windows-10-upgrade-heres-how-to-recover.html

Reply | Quote

So there is no way to exploit Security Update for Microsoft Graphics Component (3192884) via Firefox?

Thanks in advance!

Reply | Quote

I’m not aware of anything in particular with Firefox. Do you have a link?

Reply | Quote

I’m back, but this time I have a story.

As I reported before, MS installed some crap on my computer without my permission. I have my update settings set to inform me but let me decide.

Today they attacked my other computer in the house. It’s a laptop, Windows7. It came with W10 but I uninstalled it.

This afternoon when I booted up my computer wouldn’t start. I turned it on and off a few times and then finally a Start Up Repair screen popped up. I ran it and after some time the computer booted. There was a big GWX10 inventory list on my desktop. And a GWX10 icon, too. And an invitation to download a monthly quality update, KB 3185330. Cough – Cough.

I uninstalled GWX but I don’t know what to do with this monthly quality update because I don’t want it on this computer. They already forced it on my other computer.

Is this legal?

Any suggestions on what to do?

Reply | Quote

Same thing happened to me. I uninstalled the update. Now what???? This happened back in the summer with an update. I did a restore and that worked and now I install each update one at a time so I can grab the culprit if I get an immediate problem.

Reply | Quote

Thanks for all the info, Woody; I’ll be sure to read through all of it; especially being someone who got hit by that nasty Ransom virus —— yup, 12 years of work-product, my consultancy business, my “Journey Through Breast Cancer” journal, family photos, etc. etc. etc., all encrypted “as though they never existed;” (yet, somehow, Outlook still thrives, go fig), and I kept the computer just in case someone finds a “cure” —— so, as you can imagine, I’m quite skeptical and leery at times about what to do so THAT never happens, again, and quite grateful that the ‘man who wrote the books’ is the one giving out this important advice! Let me just say, “THANK YOU” again! Now, however, I’ve become a bit on the leery side since there’s been no chatter in this forum since the 20th, except for this last one on the 25th … where did everyone go?!

Reply | Quote

AskWoody is getting hundreds of posts a day. I don’t publish main articles all that frequently – looking at a shift in several things. (He says mysteriously.)

Reply | Quote