Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Here’s what you need to know about this month’s patches

    Home Forums AskWoody blog Here’s what you need to know about this month’s patches

    This topic contains 134 replies, has 33 voices, and was last updated by  anonymous 3 months, 4 weeks ago.

    • Author
      Posts
    • #184092 Reply

      woody
      Da Boss

      Although there have been some fixes, the patching situation is changing very rapidly. There’s no reason to apply any of this month’s patches just yet.
      [See the full post at: Here’s what you need to know about this month’s patches]

      12 users thanked author for this post.
    • #184094 Reply

      geekdom
      AskWoody Lounger

      The lack of Microsoft documentation is troubling.

      Group G{ot backup} Win7|64-bit|SP1|TestBeta

    • #184095 Reply

      Heavenly
      AskWoody Lounger

      I am in the UK

      on the 11th the patches appeared for me

      There were three important Patches  one being the KB890830 malicious tool update

      Today the other 2 important Patches have disappeared and I am just left with  KB890830

      there are 4 optional ones which I never install

       

      • #184096 Reply

        Heavenly
        AskWoody Lounger

        I am in the UK on the 11th the patches appeared for me There were three important Patches one being the KB890830 malicious tool update Today the other 2 important Patches have disappeared and I am just left with KB890830 yhere are 4 optional ones which I never install

        I should have said I am using Win7 SP1  – sorry about the omission

        1 user thanked author for this post.
    • #184102 Reply

      MrBrian
      AskWoody MVP

      “As of this moment, it looks as if the manual Win7 Security-only patch KB 4093108 fixes the phantom NIC bug and static IP zapping bug”

      KB 4093108 probably doesn’t fix these issues on computers that already have them. Rather, KB 4093108 probably doesn’t cause these issues on computers that don’t already have them. KB 4093108 doesn’t contain the file pci.sys. A recent version of pci.sys might have caused these two networking issues in the March 2018 updates.

      • This reply was modified 4 months ago by  MrBrian.
      5 users thanked author for this post.
    • #184105 Reply

      anonymous

      I had two patches appearing yesterday and only one today

    • #184122 Reply

      GoneToPlaid
      AskWoody Lounger

      A note about the Win7 April updates. Microsoft states:

      “Windows Update and WSUS will offer this update to applicable Windows client and server operating systems, regardless of the existence or value of the “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” registry setting. This change has been made to protect user data.”

      Think about the above statement since the April updates fix the Total Meltdown vulnerability which Microsoft created in their January 2018 through March 2018 updates. It is not that the QualityCompat setting has been lifted for the April updates and all future updates. Instead, the truth is that Microsoft is performing damage control by forcing the delivery of the April fixes for Total Meltdown to everyone — regardless of the existence of the QualityCompat setting, and regardless of whether or not fixing Total Meltdown by installing the April updates might cause problems with any non-compatible antivirus software.

      2 users thanked author for this post.
      • #184159 Reply

        Bill C.
        AskWoody Lounger

        My take is now, “Never attribute to incompetence that which is best described as deliberate.”

        One month of bad patches, accident and fool me once, 2 months, well fool me twice, 3 months, even the uninformed see trends, but 4 months it has to be a deliberate plan that is working correctly.

        4 users thanked author for this post.
    • #184126 Reply

      zero2dash
      AskWoody Lounger

      MS has definitely “gone to plaid” (to borrow from a fellow member’s name here and quote from one of the funniest movies ever).

      I think the general consensus for safe patching is 30 day deferral on Win10, and at this point, 7 & 8.1 – be in Group W (no updates) since December 2017.

      The lone exception I think anyone can take with these older OS’s is that AFAIK, the IE, .NET, and Office updates over the last few months have not been problematic. Those are OK to install, other than you shouldn’t install April’s for a few more weeks if you value your sanity. Like Woody says, “leave it to the unpaid beta testers”.

      2 users thanked author for this post.
      • #184133 Reply

        geekdom
        AskWoody Lounger

        Like Woody says, “leave it to the unpaid beta testers”.

        These days we are all unpaid beta testers. Patches are changed and finalized only to have new patches-to-patches arrive after multiple releases. You makes your backups and you takes your chances.

        I find Microsoft’s documentation rather abysmal.

         

        Group G{ot backup} Win7|64-bit|SP1|TestBeta

        • This reply was modified 4 months ago by  geekdom.
        7 users thanked author for this post.
      • #184268 Reply

        GoneToPlaid
        AskWoody Lounger

        I agree with what you said. In fact, all of my Win7 computers are now on Group W since December 2017.

        1 user thanked author for this post.
    • #184128 Reply

      dksmikey
      AskWoody Lounger

      I work in a lab with several PCs that after this month’s and last month’s updates , got stuck in a re-boot loop.  We had to uninstall then hide the monthly rollups.  Interestingly it happened on PCs that have a RAID setup.  Not all RAID PCs had this issue. Pretty confusing.  Any thoughts ?   We have these PCs setup to automatically download and update only important updates.

      Thanks for your help,

      Michael

      1 user thanked author for this post.
      • #184130 Reply

        PKCano
        AskWoody MVP

        There are many different versions of Windows. First, we need more information about the OS and the computers. What version(s) of Windows do you have? What Updates were installed (KB numbers)? Are your computers behind a Server or stand-alone?

    • #184135 Reply

      anonymous

      Speaking of fonts being rendered in kernel, also saw that this was an important reason listed by MS for why “earlier versions” would see a bigger performance impact of Spectre/Meltdown fixes than 10. And since vulnerabilities related to it keep popping up, would it be possible for MS to patch it, as a security patch, to make fonts no longer be processed in kernel in 7/8.1 either? (That they likely won’t either way is another matter, asking if they could, if anyone knows enough to say.)

      Otherwise, Win 7 32-bit group B, installed updates yesterday. Since I hadn’t installed anything but IE patch in March, order was 4099950, 4088878, 4099467 (but, just judging by size, wouldn’t this supersede 4088878? probably was analyzed somewhere on here, but when I see hundreds of comments, it’s daunting to start searching), 4092946, 4093108. Only rebooted after installing all. Networking works (and do have static IP), no missing profile on boot, no BSODs so far.

      Can confirm, however, that after 2018-04 bundle showed up in Windows update initially, checking now only gives me 2018-02 as important and 2018-03 preview as optional, so neither March nor April bundles are available anymore.

      3 users thanked author for this post.
    • #184145 Reply

      OscarCP
      AskWoody Lounger

      Woody wrote in Computerworld:
      “For the non-Win7 patches, there’s no immediate need to install anything. If the font phunnies heat up, we’ll keep you posted, but for now the situation’s unbelievably complex and devolving rapidly.”

      “Devolving”: a good word for it. Now and forever? That is the question.

      And as zero2dash has suggested here: things are “Gone to plaid”. Indeed. In reverse gear.

      So far, only five Office 2010 Updates and the MSRT have shown up in my Windows Updates’ list, plus the Rollup (which I’ve hidden, as usual).

      Group B, Windows 7 Pro, SP1, x64.

      • This reply was modified 4 months ago by  OscarCP.
      • This reply was modified 4 months ago by  OscarCP.
    • #184157 Reply

      abbodi86
      AskWoody MVP

      Proud user of Windows 8.1, less market share hussle, but better experience 🙂

      5 users thanked author for this post.
      • #184188 Reply

        ch100
        AskWoody MVP

        I think you enjoy a good experience with Windows 8.1 updating mostly because you take advantage of the same kernel used in Windows 2012 R2, which is still the flagship OS for Microsoft.
        I would say that nobody at Microsoft really cares about Windows 8.1 and they care a lot less than about Windows 7, which is on its way to obsolesce fast.
        There is also a certain amount of understanding of the technology which helps… 😀

        1 user thanked author for this post.
        • #184199 Reply

          DrBonzo
          AskWoody Lounger

          Bully for Microsoft!!

          But, guess what? I no linger care about them either, so it’s mutual!

          Sorry for the mini rant, I couldn’t resist. 🙂

      • #184500 Reply

        anonymous

        Just joined you in the same boat.

        I’ve upgraded one physical and one virtual system so far, with another physical machine to do. With Classic Shell, it’s not bad at all, and definitely more responsive than Windows 7 (which I still love). But let’s face it, Win7 is on the chopping block. I’ve realized it’s time to move on.

        Win8.1 (w/Classic Shell) FTW!

        Interestingly, the admins at work are upgrading the last few Win7 boxes to 8.1 as well. We’re mostly a Mac shop, but Win10 is not welcomed there (even some my coworkers don’t like Win10).

        1 user thanked author for this post.
    • #184161 Reply

      Seff
      AskWoody Lounger

      The April rollup appeared checked as usual on both my Windows 7 x64 machines as part of the initial offering, but it’s now unchecked on both machines. I also have KB4100480 (not previously installed) and the MSRT offered on both machines, along with five Office 2010 updates on my admin machine. All those are checked. I have KB4099950 as an unchecked optional update on both machines, again not prcviously installed – I only installed the MSRT and those Office 2010 updates that were checked from the March updates.

    • #184162 Reply

      anonymous

      so still no solution for march win7 patchocalypse in sight…  i still haven’t applied march patches, too much panic… so i’m still on february patch state… i hope there is still no malware in the wild exploiting the big crater which came with jan/feb patches…

      2 users thanked author for this post.
      • #184270 Reply

        GoneToPlaid
        AskWoody Lounger

        You are better off rolling back to December.

        2 users thanked author for this post.
      • #184348 Reply

        anonymous

        rollback causes even more panic for me, so i’ll wait a bit…

        • #184585 Reply

          GoneToPlaid
          AskWoody Lounger

          Well, I did it on all three of my Win7 home computers without any issues.

          1 user thanked author for this post.
          • #184592 Reply

            anonymous

            If I uninstall kb4056897, kb4073578 (January) and kb4074587 (February), what else do I have to uninstall in order to rollback? ie updates?
            Are there any dependencies?

            • #184650 Reply

              GoneToPlaid
              AskWoody Lounger

              You don’t have to worry about rolling back the IE updates. All you have to do is to uninstall the Jan and Feb 2018 Windows updates.

    • #184164 Reply

      Peacelady
      AskWoody Lounger

      I’m in Group A, windows 7 64-bit:  I’m now being offered 4088875 unchecked and 4093118 has disappeared.

      History:

      December 4054518 is now “not applicable”.  January 4056894 is now “not applicable”.  (I tried installation from the catalog).

      February 4074598 is installed.

      I have 4100480 installed and 4099950 installed from catalog.

      I have 4088875 and 4099467 uninstalled.

      I actually had to combine my notes and make a presentation book so I can keep track of all the permutations.

      Anyone have any advice, tips, suggestions for me?  Am i somewhat protected from bad stuff with what is installed/uninstalled?  This group is a blessing.

    • #184172 Reply

      MrBrian
      AskWoody MVP
    • #184178 Reply

      dgreen
      AskWoody Lounger

      Windows 7 Home Premium 64 bit. Group A
      Computer rolled back to December last week.

      Just unhid KB4091290 and kb4099950 and did a windows update check.
      here’s what I got offered and what is left in my “hidden” updates.

       

       

      • This reply was modified 4 months ago by  dgreen.
      • This reply was modified 4 months ago by  dgreen.
      • This reply was modified 4 months ago by  dgreen.
      Attachments:
      You must be logged in to view attached files.
      3 users thanked author for this post.
    • #184194 Reply

      rhp52
      AskWoody Lounger

      My April update is gone and I’ve got the March update back unchecked KB4088875, along with KB4091290- unchecked. 4100480 installed and 4099950 installed. 4096040 as well.

      Win7 sp1 x64

      • This reply was modified 4 months ago by  rhp52.
      • This reply was modified 4 months ago by  rhp52.
      1 user thanked author for this post.
    • #184237 Reply

      EH
      AskWoody Lounger

      I have KB4056897 (Jan.) and KB4074587 (Feb.) Security Only updates installed, along with KB4099950; all other security updates are up to date through KB4054521 (Dec. 2017). I do video editing and production in Adobe Premiere Pro and After Effects, and have noticed a performance drop after installing January’s KB4056897.

      Should I uninstall Jan. and Feb. security updates and stay at Dec. 2017? Do the April updates address the performance hit caused by the Jan. update? I have Gibson’s InSpectre blocking Meltdown protection (Performance: GOOD), but I’ve read that it doesn’t block all aspects of the Jan. update.

      Windows 7 (x64) / i7-Ivy Bridge / Group B

      • #184498 Reply

        SueW
        AskWoody Lounger

        Should I uninstall Jan. and Feb. security updates and stay at Dec. 2017?

        FYI – If you decide NOT to uninstall Jan. and Feb. Security Only updates, please consider installing KB4100480 as soon as possible.  At least you will fix the TotalMeltdown vulnerability that was introduced as a result of installing these Jan. & Feb. updates.

        To get the KB4100480 update, use this link to the Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Home.aspx.  Just type the KB number into the search box and, from the results, make sure to select x64.

        Hopefully someone else will address your other questions/issues.

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

    • #184240 Reply

      anonymous

      Two of my Windows 7 pro users contacted me today to report that when they had come in this morning their computers had rebooted some time during the night and were now logging in with strange messages about “temporary profile” and missing all their icons and data.

      Of course this meant the computers rebooted sometime during the night and their profiles were hosed.  Both users had Windows Update set to automatic and indicating a last update at 3am.  Sure, we recovered the profile, but why, again, should this be required?

      Good job Microsoft!

      So the tally continues…

      Computers damaged by exploits resulting from being un-patched…  Zero!

      Computers damaged by Microsoft…  Quite a few, plus two and counting!

      5 users thanked author for this post.
      • #184246 Reply

        Bill C.
        AskWoody Lounger

        A friend called me this morning and said he had the login issue. He had noted the time, and it was right after the only updates in 2 days, the MSE definitions update that updated the malware detection engine.

        He does not use the PC daily and keeps it off when not in use. He was lucky as after the reboot Win7Pro-64_SP1 loaded a temp profile and then rebooted and was OK.

      • #184250 Reply

        geekdom
        AskWoody Lounger

        “Sure, we recovered the profile, but why, again, should this be required?”

        anonymous:

        64-bit or 32-bit?

        Some users have reported that recent updates to Windows 7 32-bit machines have caused corrupted profiles.

        Group G{ot backup} Win7|64-bit|SP1|TestBeta

        • This reply was modified 4 months ago by  geekdom.
        • #184289 Reply

          anonymous

          anonymous:

          64-bit or 32-bit?

          The computers in question were 64-bit.

          1 user thanked author for this post.
          • #184929 Reply

            geekdom
            AskWoody Lounger

            anonymous of 64-bit:

            Do you have Microsoft Security Essentials (MSE) as your virus checker?

            Group G{ot backup} Win7|64-bit|SP1|TestBeta

      • #184503 Reply

        anonymous

        One of my clients contacted me last Saturday (April 7) about login problems and missing data. After dropping by for a look, it turned out that she was also experiencing the temporary profile issue. Saw that a recent update (Windows Defender) might have been to blame.

        I resolved everything, fixed the registry, installed a few other Windows Updates (July / August 2016 roll-up with the WinUpdate patch improvements), and it’s been running fine ever since.

        • #184516 Reply

          geekdom
          AskWoody Lounger

          anonymous of Windows Defender:

          What version and bitness of Windows does your client have?

          Group G{ot backup} Win7|64-bit|SP1|TestBeta

          • #184528 Reply

            anonymous

            Windows 7 Pro 64-bit.

            Haven’t run into a temporary profile issue in many years.

            • #184535 Reply

              geekdom
              AskWoody Lounger

              Did you mean MSE (Microsoft Security Essentials) anti-virus software associated with Windows 7 as opposed to Window Defender associated with Windows 8, 8.1, 10?

              (There is Windows Defender within Windows 7, but it normally remains disabled.)

              You may want to read: https://www.askwoody.com/forums/topic/profiles/

              Group G{ot backup} Win7|64-bit|SP1|TestBeta

              • This reply was modified 4 months ago by  geekdom.
              • This reply was modified 4 months ago by  geekdom.
            • #184544 Reply

              anonymous

              I want to say it actually was Windows Defender, but let me double-check on that (I had been awake over 36 hours at the time). I’ll try to connect with the individual this weekend.

            • #184679 Reply

              anonymous

              OK, I was able to remote into her computer this afternoon and check the answer to your question.

              To confirm, she is running Win7 Pro 64-bit.

              However, I misspoke about Windows Defender. It is actually MSE (as you suspected). I’ll blame the fatigue. I do agree that Defender is less prevalent on Win7 systems.

              This client said her computer worked fine on Wednesday, April 4, and Thursday, April 5. No issues with boot, shutdown, or usage. However, when she turned on her computer on Friday, April 6, Windows created a temporary profile for her. She tried rebooting as well as a full shutdown, but no change. She got frustrated and shut it down for the day. When she turned it on Saturday afternoon, Windows continued to log her in with a temporary profile. That’s when she called me.

              Here’s the text version of a screen grab for her WU history from March 30 through Saturday, April 7 before I arrived:

              3/30/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.263.1766.0)

              3/31/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.263.1832.0)

              3/31/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.263.1850.0)

              4/2/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.263.1934.0)

              4/4/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.265.36.0)

              4/5/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.265.102.0)

              4/7/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.265.211.0)

              4/7/2018 – Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.265.215.0)

              Timing wise, I’d be looking at Definition 1.265.102.0 installed on Thursday, April 5 as a possible culprit. No other updates were installed within this time span.

              She says her computer has been working normally since Saturday, following the repairs, with no further profile glitches.

            • #184710 Reply

              geekdom
              AskWoody Lounger

              To confirm, she is running Win7 Pro 64-bit.

              However, I misspoke about Windows Defender. It is actually MSE (as you suspected). I’ll blame the fatigue. I do agree that Defender is less prevalent on Win7 systems.

              “There is Windows Defender within Windows 7, but it normally remains disabled.”

              Here is the longer explanation. Windows Defender in Windows 7 is anti-spyware only. Microsoft Security Essentials is anti-virus software. When Microsoft Security Essentials or any other anti-virus software is installed on Windows 7, Windows Defender is disabled.

              Window 7, in other words, requires anti-virus software which must be installed on the system.

              Group G{ot backup} Win7|64-bit|SP1|TestBeta

              • This reply was modified 4 months ago by  geekdom.
        • #184703 Reply

          geekdom
          AskWoody Lounger

          I resolved everything, fixed the registry, installed a few other Windows Updates (July / August 2016 roll-up with the WinUpdate patch improvements), and it’s been running fine ever since.

          Depending on how you feel about Microsoft updates, you might consider updating through at least 2017; there are numerous security updates for vulnerabilities. This link explains the difference between Group A, B, and W patching: https://www.askwoody.com/2018/2000011-group-a-group-b-and-group-w-whats-the-difference/

          MS-DEFCON System described above and numerically shown indicates when it’s safer to install monthly patches.

          Group G{ot backup} Win7|64-bit|SP1|TestBeta

          • This reply was modified 4 months ago by  geekdom.
    • #184259 Reply

      NoLoki
      AskWoody Lounger

      I just noticed that KB4093118 KB Article was updated today.

      https://support.microsoft.com/en-ca/help/4093118/windows-7-update-kb4093118

      Users reporting networking problems. One user on Reddit complained that their dispatch company’s wifi settings got wiped out. As the patch went missing for a few hours just a while ago, I wonder if they made some code changes and re- released it – it is back.

      1 user thanked author for this post.
    • #184252 Reply

      anonymous

      my wsus server tells me the 118 patch just got expired and reissued.

    • #184273 Reply

      MrBrian
      AskWoody MVP

      The metadata for KB4093118 changed again on April 12 according to the Catalog. KB4093118 should now be listed in Windows Update without resorting to unusual steps, and it now appears ticked-by-default for me.

      The issues with KB4093118 regarding the two networking issues have apparently been resolved if the article for KB4093118 is accurate.

      5 users thanked author for this post.
      • #184274 Reply

        MrBrian
        AskWoody MVP

        Notes that were not present in an older version of article KB4093118:

        Note:

        • This update replaces update 4100480, Windows kernel update for CVE-2018-1038.
        • Resync is required to get newer revision of this KB for WSUS environment”
        • This reply was modified 4 months ago by  MrBrian.
        3 users thanked author for this post.
      • #184276 Reply

        MrBrian
        AskWoody MVP

        Text added to section “Improvements and fixes” of KB4093118:

        • “Addresses an issue where a new Ethernet Network Interface Card (NIC) that has default settings may replace the previously existing NIC, causing network issues
        • Addresses an issue where static IP address settings can be lost”
        • This reply was modified 4 months ago by  MrBrian.
        • This reply was modified 4 months ago by  MrBrian.
        5 users thanked author for this post.
    • #184295 Reply

      MrBrian
      AskWoody MVP

      From CVE-2018-1038 | Windows Kernel Elevation of Privilege Vulnerability: “04/12/2018     Added an FAQ to inform customers running Windows 7 and Windows Server 2008 R2 that security updates 4093118 and 4093108 released on April 10, 2018 include the update for CVE-2018-1038. Customers who install either of these updates released on April 10 will be protected from this vulnerability.”

      CVE-2018-1038 is the Total Meltdown vulnerability.

      8 users thanked author for this post.
    • #184336 Reply

      dgreen
      AskWoody Lounger

      Here’s my window updates check this morning.
      Windows 7 64 bit Home Premium Group A

      updates-important-April-13

      • This reply was modified 4 months ago by  dgreen.
      • This reply was modified 4 months ago by  dgreen.
      Attachments:
      You must be logged in to view attached files.
    • #184341 Reply

      dgreen
      AskWoody Lounger

      Also, I want to comment about MSE activity yesterday.
      There were 3 updates yesterday for MSE, and one waiting for me this morning.
      Usually I have 1 or 2 a day.

      Windows 7 64 bit Home Premium Group A

    • #184387 Reply

      clasof56
      AskWoody Lounger

      Being an old fart and kind of obstinate when it comes to forced updates, i have been going a different way for the past several years.  i am on win7.   i have stopped all updates. i keep regular backup images.   i use Palemoon 26.5, an older version that works perfectly for me and downloads movies and tv easily.  i work entirely off of a flash drive on my pc.  portable browser and all sandboxed.  i am on 8 hours a day and go everywhere and do anything.  for anything money related i use Opera vpn which works just fine and plenty fast enough.  startpage and duckduckgo for search and gmail  in Opera private window all by itself.  in several years two of us using this same set up on two computers have experienced zero problems.   just my take.   Clas

      Clas

      7 users thanked author for this post.
      • #184432 Reply

        anonymous

        When people say they have a VPN, I ask VPN to where? You trust wherever the VPN exits to the internet more then you trust the path to the internet at your ISP? How is that any better unless you are on public wifi or an untrusted connection?

        Also how reliable is a flash drive? They have no diagnostics and the bad (or retired in the case of flash wear leveling) sector management is blackbox at best and non-existent at worst. Why not work from a faster and/or more reliable storage medium?

      • #184922 Reply

        anonymous

        Clas, looks like you are doing quite well but I would investigate Opera. In 2016 it was sold to a chinese firm. Whos VPN are you using?

        https://en.wikipedia.org/wiki/Opera_(web_browser)

         

    • #184413 Reply

      Noel Carboni
      AskWoody MVP

      As Dustin Childs notes on the Zero Day Initiative site, five of the critical bugs are variations on an old, tired theme: a “bad” font can take over your machine, if you’re running in admin mode.

      This of course presumes you have your browser set to download web fonts.

      There are ways in most browsers to disallow that. Lo and behold the fonts you already have on your machine get used instead, and you can actually read things online with them.

      The presumption is that everyone needs to allow external entities to download things to their computer in order for them to enjoy the web. Personally, my enjoyment of the web is best accomplished without security intrusions.

      -Noel

      4 users thanked author for this post.
      • #184435 Reply

        anonymous

        I have that disabled as well. It’s too bad many websites have no fallback for this case (replace missing symbols-fonts with images). Fonts (usually symbols for buttons) show as blank or in some cases as fake Japanese-like symbols. Some font show as smaller poor quality (bad smoothing) “equivalent” fonts (dell.com drivers for one).

      • #184587 Reply

        anonymous

        I was able to block remote fonts in firefox but I cannot follow directions for Chrome.  They say to right click on icon and click on properties and add –disable-remote-fonts. 
        Click on what to bring up properties?

        • #184590 Reply

          Peacelady
          AskWoody Lounger

          I was able to block remote fonts in firefox but I cannot follow directions for Chrome.  They say to right click on icon and click on properties and add –disable-remote-fonts. 
          Click on what to bring up properties?

          Sorry this came up as anonymous – I forgot to log in. 🙁

          • #184638 Reply

            JohnW
            AskWoody Lounger

            You can block remote fonts in Chrome and Firefox simply by using the uBlock Origin extension in both browsers.  There is a setting for ‘Block remote fonts’ in the uBlockO dashboard.

            The advantage to this is that you can block them globally, but still allow remote fonts on a site by site basis with a couple of clicks.  I just allowed Woody’s site, because blocking fonts here breaks the icons at the top of the post edit window.

            https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts

            4 users thanked author for this post.
        • #184635 Reply

          Noel Carboni
          AskWoody MVP

          I know nothing about Chrome – I have chosen not to use it. I’m hoping someone who does and is expert in configuration will chime in.

          That being said, from what you describe it sounds like the –disable-remote-fonts switch has to be added to the command line that starts the browser. How do you normally start your browser? From a desktop icon or shortcut in your start menu? From an icon pinned to the Taskbar?

          -Noel

          1 user thanked author for this post.
      • #184671 Reply

        Peacelady
        AskWoody Lounger

        Thanks John and Noel –looks like U Block Origin is the way to go!  In addition to info on patching, I greatly appreciate these insights into keeping our computers safe.  As much as I think I know, there is always more to learn.

        1 user thanked author for this post.
      • #184850 Reply

        JohnW
        AskWoody Lounger

        Hey Noel, I have a related question I was hoping maybe you could answer.

        So far I have not seen an article discussing or comparing the differences and/or risks of downloaded fonts (web fonts) vs. ‘Untrusted fonts”.  Untrusted fonts are any font installed outside of the’%windir%/Fonts’ directory.  Are there actually two issues here?

        I followed this method, and it broke a few local application UIs that use untrusted fonts.  But this policy setting had no effect on downloaded fonts on web pages.  So are these vulnerabilities related?  Is the same potential GDI vulnerability present in both cases?

        https://docs.microsoft.com/en-us/windows/security/threat-protection/block-untrusted-fonts-in-enterprise

        In any case, I also mitigated the risk of web fonts using uBlock Origin.

        Thanks in advance for any insight you can share!

    • #184479 Reply

      Peacelady
      AskWoody Lounger

      @Noel Carboni
      Please forgive my ignorance. If I am not an Admin then I don’t have to alter the settings for downloadable fonts in Google or Mozilla? Many thanks for all that you provide us.

      • #184549 Reply

        Noel Carboni
        AskWoody MVP

        I’m not convinced – in light of Spectre / Meltdown especially – that things that load into the system without admin privileges are perfectly safe. We’ve been shown that they are not.

        I have personally always chosen to run with UAC disabled, for example, because I don’t believe that one can run stuff from online freely because you’re protected by not being privileged. I know a font isn’t an executable, but I still treat everything that’s downloaded as though it could do damage at any time. In short, the less that comes from abroad, the safer.

        So I guess the answer to your question is this: You may be better protected if you’re not browsing as an admin but I would still think about disabling font download. Just remember that because of doing so the “glitz” of the web might not be as shiny (anonymous above mentioned buttons without glyphs as a possibility). I personally consider a reduction in glitz a small price to pay for additional security. Always remember, if a particular web site balks at your security measures, there are always a lot of other sites out there…

        Edit: As an example, here’s a screen grab from a browser displaying a site that has buttons with special web font glyphs for button labels. As you can see, the fancy glyphs are not displayed, but you can still tell what the buttons are supposed to do by hovering over them…

        HoverButtons

        -Noel

        Attachments:
        You must be logged in to view attached files.
        2 users thanked author for this post.
        • #184586 Reply

          Peacelady
          AskWoody Lounger

          @Noel Carboni
          Thanks for explaining this. I am disabling font download in Firefox and Google. I had never known about this and am very grateful to you.

          1 user thanked author for this post.
        • #184662 Reply

          Sessh
          AskWoody Lounger

          That’s certainly a reasonable measure to take, but I find that disabling remote fonts globally in about:config (Pale Moon) breaks too many things. Even the uBlock window is full of nothing but glyphs including the power button and all the other buttons. As JohnW mentions, all the buttons on the top of the post reply window on this site are broken. That’s too much collateral damage for me.

          Like JohnW, I find that using the uBlock method is much better and can be toggled easier. Just go into the uBlock dashboard and it’s at the bottom of the settings list on the very first page. Toggling fonts on and off is as simple as clicking the “A” icon at the bottom right corner of the uBlock window (where the power button is) on a site by site basis while keeping remote fonts disabled everywhere else.

          4 users thanked author for this post.
    • #184491 Reply

      JohnW
      AskWoody Lounger

      That critical embedded font rendering bug leaves me a bit less warm and fuzzy waiting on the all clear on patching this month.  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010

      So I located a policy in Windows 10 to enable the “Untrusted Font Blocking” Group Policy setting in Computer Configuration | Administrative Templates | System | Mitigation Options.

      https://docs.microsoft.com/en-us/windows/security/threat-protection/block-untrusted-fonts-in-enterprise

      That option works, and you can monitor what it breaks in Windows event viewer.  I immediately noticed my Avira Systray was missing some icons.

      To look at your event log

      1.  Open the event viewer (eventvwr.exe) and go to Application and Service Logs/Microsoft/Windows/Win32k/Operational.

      2.  Scroll down to EventID: 260 and review the relevant events.

      C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe attempted loading a font that is restricted by font loading policy.
      FontType: Memory
      FontPath:
      Blocked: true

      There is a process to fix individual apps by either installing the fonts, or excluding  processes from the mitigation via registry entry.

      I chose the registry option, which is working for several apps so far.

      To fix your apps by excluding processes

      1. On each computer that has the app installed, open Registry Editor and go to the following registry subkey:
      HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<Process_Image_Name>
      For example, if you want to exclude Microsoft Word processes, you would use:
      HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe

      2. If the MitigationOptions key is not there, right-click and add a new QWORD (64-bit) Value, naming it as MitigationOptions.

      3. Add the value for the setting desired for that process:
      To turn this feature off. Type (hex) 2000000000000.

      1 user thanked author for this post.
      • #184560 Reply

        JohnW
        AskWoody Lounger

        And just to clarify the last part of the post about “fixing” individual apps.

        That is intended to bypass the mitigation being enforced by the “Untrusted Font Blocking” policy.

        If you have a trusted app that you want to allow these fonts with, you can “fix” an individual app so it works, but the policy still remains in effect for everything else.   So it is a compromise if you choose to allow some apps to use untrusted fonts.

        I was surprised at the number of applications that I had that had fonts blocked by this policy.  Many of them were local applications that had affected fonts used in their UI.  A couple even refused to launch until I “fixed” them.

        All in all I have allowed 12 trusted applications to use untrusted fonts.  It is a good feeling to know that everything else is locked down.  🙂

        • This reply was modified 4 months ago by  JohnW.
    • #184494 Reply

      anonymous

      Curiosity got the better of me and after making system partition images I tried the April 2018 security only and IE updates on my old 32 bit laptop.

      Windows 7: both installed OK with no side-effects noticed so far (not even the user profile problem reported by some elsewhere).

      Windows 8.1 (I have a dual-boot partition while looking at 8.1 as a possible successor to 7): Latest Sandboxie 5.24 is broken on installing 32 bit KB4093115 and gives the following errors:

      SBIE1113 Cannot find Nt system service, reason TABLE
      SBIE1113 Cannot find Nt system service, reason AcceptConnectPort
      SBIE1103 Sandboxie driver (SbieDrv) version 5.24 failed to start
      SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823
      SBIE1102 Sandboxie driver (SbieDrv) unloading
      SBIE1113 Cannot find Nt system service, reason TABLE
      SBIE1113 Cannot find Nt system service, reason AcceptConnectPort
      SBIE1103 Sandboxie driver (SbieDrv) version 5.24 failed to start
      SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823
      SBIE1102 Sandboxie driver (SbieDrv) unloading

      I tried re-installing Sandboxie, but these errors persist.

      Looking on the Sandboxie site, this problem has already been reported for the April 2018 Rollup KB4093114, but only affects W8.1 32 bit version and the 64 bit version is fine – see

      https://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=25673&sid=607a5629304ee54e9746c1ec6b1150f5

      Oh well! Time to copy back the system image – I don’t think I trust just uninstalling KB4093115.

      HTH. Garbo.

      1 user thanked author for this post.
      • #184628 Reply

        anonymous

        And supporting the finding of Barb at the above link, Sandboxie 5.24 works OK after the April 2018 security only update KB4093115 in Windows 8.1 64 bit on my other (slightly) newer laptop. (I’m typing this using Firefox in a Sandboxie sandbox after updating KB4093115.)

        The problem just appears to be with the Windows 8.1 32 bit KB4093115 (and presumably the security part of the KB4093114 Rollup).

        HTH. Garbo.

         

      • #185872 Reply

        anonymous

        A further update from me about this issue here:

        https://www.askwoody.com/forums/topic/patch-lady-business-view-of-updates/#post-185800

        HTH. Garbo.

    • #184522 Reply

      anonymous

      NOTE: Following is a repost. Original post, about 1400 CDT today, has disappeared from website; thus, reposting. Add’l note: Failed to mention in orig. post: pci.sys on my machine, in …\system32\drivers, is V. 6.1.7601.24056 modified 2/10/2018; also copies in other folders, V. 6.1.7601.17514, modif. 11/20/2010. FOLLOWING IS TEXT OF VANISHED POST EARLIER TODAY: In reply to above No. 184102, re April’s KB4093108 not causing PCI problems: Caution: Win7 x64 SP1; Haswell; Woody Group B consistently; Successfully applied Jan. thru Mar. B patches previously, incl. PCI-related patch KB4099950; April B patch KB4093108, and also IE patch, applied last night, with above post in mind. Rebooted OK. My bad: Did not try Net last nite. This morn. (Oh yeah, it’s Fri. the 13th!), problem: Could ping out and get reply, appeared to establish Net connection, but sites would not open in browser; AV updates stalled out; seemed similar to a firewall or DNS server problem. Fix (thank the Lord it worked!): Tried to merge registry export pre-last nite fix, of hklm\sys\currcontrol set\enum\PCI; got fail error, “some values couldn’t be imported…keys in use by system” etc.etc.; Deinstalled April B patch KB4093108; did system restore to prior-last nite patch; cycle modem/router, power off then reboot PC; am writing you now; All seems sweet. As someone else in this chain said, once burned, twice shy. Still have Suse Linux LEAP running on my VirtualBox, still learning Linux.

      1 user thanked author for this post.
      • #184564 Reply

        anonymous

        Followup to my prior post today: NIC problem w/ Win 7 x64; now, April group B patch KB4093108 installed successfully; my Net now works. I don’t understand the mechanics of it now; but here’s how I did it: Win7 won’t permit re-installing of March NIC-related KB4099950, so I first un-installed, then re-installed, it. Next, ran VB script from MS NIC-related KB3125574; then, installed KB4093108. Success! This is x64 Win7 SP 1; see specs in above original post. Hope this might help another one of you folks; Best; and sincere *Thanks* to Woody and rest of his folks, for all that you all do!

        3 users thanked author for this post.
    • #184526 Reply

      anonymous

      ? says:

      the other day my rant on mark z got lost somewhere in the slipstream however; me and Julius made it through the ides of (microsoft) march and now on to happy friday the 13th!

      just finished updating all the win 7 pro 32 bit machines, some Intel and some AMD, b style plus the XP Pro POS and report no problems (PAE or otherwise). updated one machine with 4 office 2010 april 3rd patches plus the now checked kb2965234 powerpoint fix as well.

      so, to quote a good friend, “Don’t be afraid,” just watch out for that black cat under the ladder…

       

    • #184541 Reply

      anonymous

      @YP: Group B & Updated  to March

      EH, regarding you Adobe performance hit after Jan updates, this is my own observation. I use Avidemux for video conversion.  I did notice some performance slow down with Jan & Feb updates.  I had just updated to March updates on Monday, which went amazingly well on my 3 systems (64bit/Pro &Home, 32bit netbook).  With the March updates, I actually think my video conversion seems faster.  Please note I have not done a lot since Monday, but my systems seems faster.

      Perhaps others can share their performance after March updates.  I know plenty of people on this site have updated.  Any comments on your system performance after updates.

      1 user thanked author for this post.
      EH
    • #184594 Reply

      Wibbly
      AskWoody Lounger

      Win 7 SP1 X64 Group B

      I had installed Jan and Feb security only patches but currently rolled back to December and treading water for now. I’m trying to keep up with things here so if/when it ever gets to something approaching normality I can get patched up to date again.

      🙂

      1 user thanked author for this post.
    • #184653 Reply

      anonymous

      Hi, I had one question : I didn’t install any of March patches, but I’d like to install now the Office ones, with WU; WU will give me other patches, like the April rollup, which I will probably install LATER (when MS-DEFCON changes).

      What do i do with these ones, so that I can eventually apply them later : uncheck or hide ? Is there a difference ? are they going to disappear from the WU list ? . Will they come back in a few days with a new search ?

      Thanks in advance

       

      1 user thanked author for this post.
      • #184655 Reply

        PKCano
        AskWoody MVP

        You can uncheck the ones you don’t want to install now, or you can hide them. The won’t go away unless they are replaced by a later update that supersedes them. If you hide them, you will have to remember they are there and unhide them when you are ready to install.

        Only the updates that are cheeked get installed.

        1 user thanked author for this post.
        • #184667 Reply

          rhp52
          AskWoody Lounger

          so, am I OK  if i didn’t install the March rollup and go ahead with the April rollup when it’s safe to?

          Could use some clarification please.

          Thanks in advance!

          Win7 sp1 x64 Grp. A

          • #184670 Reply

            PKCano
            AskWoody MVP

            Yes, you are OK. The Rollups are cumulative, so April contains March and before.

            3 users thanked author for this post.
            • #184673 Reply

              rhp52
              AskWoody Lounger

              Thanks for the clarification and thank you for helping us all.

              =Rob

    • #184724 Reply

      anonymous

      Hi all,

      I’ve just re-found Woody’s site after being an avid reader of the WWW and WOW newsletters back in the day.

      Not liking being updated with no notice, I’d previously used registry hacks to enable metered connections, then after updating to 1709 using the built in Metered Connection switch. I haven’t updated since December. (Win10 Home, 64-bit).

      I’ve tried to use the wushowhide tool, which says I’ve successfully hidden updates, but Windows Update still shows three patches and only gives me a Download option. Is this expected behaviour or have I done something wrong?

      • April Cumulative Update (KB4093112)
      • April Flash Security Update (KB4093110)
      • MSRT April Update (KB890830)
      • #184728 Reply

        Kirsty
        AskWoody MVP

        The use of wushowhide in Win10 is linked in AKB 2000005: How to update Windows 10 — safely
        – refer Step 2’s link, which then links to Woody’s ComputerWorld/InfoWorld article (see steps 2d – 2g, plus the rest of the information).

        • #184732 Reply

          anonymous

          So at Step 4 in the  Computer World article “Run Windows Update” means “Click Download”? I’m just really concerned this will download the three updates displayed.

          • #184745 Reply

            Kirsty
            AskWoody MVP

            I’m just really concerned this will download the three updates displayed.

            In step 2f of the ComputerWorld article, you use wushowhide to hide the updates you don’t want to install, as mentioned in Step 3 of AKB2000005:

            Step 3. Make sure the updates you don’t want are hidden, and vice-versa.

            Only then do you proceed to Step 4, where you run Windows Update – otherwise you will be installing updates you don’t want.

            However, be aware that taking a system image backup before proceeding to update has been recommended in recent months, to ensure the ability to roll back in case it becomes necessary.

            • #184747 Reply

              anonymous

              Yes, I’ve run through the wushowhide steps and wushowhide lists the updates as hidden. But Windows Update still shows all those updates, and only offers a “Download” option.

              I think I’ve taken a system image backup. I have the Western Digital version of Acronis TrueImage (Disk and Partitions > Full).

      • #184765 Reply

        PKCano
        AskWoody MVP

        I have run into the same problem in 1709 – not being able to run WU because the only thing offered was “Download.” If you click “Download” here, you are installing what you see.
        There are several things you can try to attempt to clear that list, but MS is cutting off the options. I have lately run into things my ID doesn’t have permission to change. And the last, I could not get rid of what was in the Donload queue.

        Here are the things I have tried:
        1. Delete the C:\GetCurrent folder.
        2. Delete the C:\Windows\UpdateAssistantv2 folder
        3. Uninstall (if you find) Remediation Shell (kb4023057) and/or Update Assistant in Control Panel\Programs & Features, Settings\Apps, and Control Panel\Installed Updates
        4. Stop then disable Services\Connected User Experience & telemetry
        5. Task Scheduler – disable everything under Application Experience, Autochk, CEIP, the sih and sihboot under WindowsUpdate, and what you can under UpdateOrchestrator.
        6. Run Disk Cleanup\Clean up System Files with everything checked except ActiveX
        7. Run CCleaner with all under “System” checked except the last three.
        8. Reboot

        All this may not work. What you are being offered is the latest Build. I am surprised the servicing stack (kb4099989) is not also listed. But if it is, you need it too. If you clear the queue and run “Check for updates” it will just load the same thing back into the list because those are the latest offered.

        • This reply was modified 4 months ago by  PKCano.
        1 user thanked author for this post.
        • #184782 Reply

          anonymous

          Thanks @pkcano.

          I’ll try your suggestions in a couple of days. It’s late here and I’m busy for a few evenings, but I’ll let you know how I get on.

           

    • #184750 Reply

      columbia2011
      AskWoody Lounger

      I’m wondering if KB4099950 is fully integrated in KB4093118 after last WSUS sync (12.04.18)? Or do I need to install all KB separately and download only from windows catalog?!

      I’m in mess!

      EDIT html to text

      • #184769 Reply

        PKCano
        AskWoody MVP

        KB4099950 and KB4100480 are included in the Monthly Rollup KB4093118. They are still offered CHECKED through Windows Update and I have installed them along with the Rollup without a problem.

        But those using WSUS should also read Susan Bradley’s advice here and here.

        2 users thanked author for this post.
        • #184777 Reply

          walker
          AskWoody Lounger

          @pkcano:  This   KB4093118 is an April update, and therefore should not be installed until “cleared”.      That is correct,  right?

          • #184778 Reply

            PKCano
            AskWoody MVP

            That is correct for most people. But I do testing like Woody or @mrbrian so it does not apply in my case.

            • This reply was modified 4 months ago by  PKCano.
            1 user thanked author for this post.
    • #185339 Reply

      EH
      AskWoody Lounger

      I currently have KB4056897 (Jan.) and KB4074587 (Feb.) Security Only updates installed, followed by KB4099950 (on 3/30/18).  I am also running InSpectre to disable the Meltdown mitigations.

      What should I install next? Would the April Security Only update do the trick? Also, would rolling back to Dec. 2017 make any sense now? I greatly appreciate any and all feedback and suggestions.

      Windows 7 Pro (x64) / i7-Ivy Bridge / Group B

      1 user thanked author for this post.
      • #185346 Reply

        PKCano
        AskWoody MVP

        Check for “C:\Windows\Logs\PCIClearStaleCache.txt”
        If it does not exist, uninstall KB4099950, reboot, download it from the Catalog and reinstall it, reboot, check for the .txt file again.

        If the file is there, and you are doing Group B, you will need the March and April Security-only updates (4088878 and 4093108) and the April IE Cumulative Update (4092946) – you may want to wait for DEFCON-3 or above.

        3 users thanked author for this post.
        • #185365 Reply

          DrBonzo
          AskWoody Lounger

          I installed KB4099950 from Windows Update (no restart required) and then KB4088878 from the Update Catalog. Unfortunately, I don’t have the PCIClearStaleCache.txt file. That means I should uninstall KB 4099950 and then reboot. But I’m afraid that if I do that I might lose my internet connection, IP address etc.

          So, it seems to me I should uninstall both KB 4099950 and KB 4088878 without a reboot in between, and then install both KB 4099950 and KB 4088878 from the Update Catalog, reboot, and when DEFCON goes to 3, KB4093108 with a following reboot.

          Or is there a shortcut that will also work?

          Thanks. I thought I was all set until I remembered I had installed KB 4099950 from Windows Update and didn’t find the PCI….txt file.

          • #185399 Reply

            GoTheSaints
            AskWoody Lounger

            @drbonzo,

            I installed KB4099950 on 9/4 and same as you PCIClearStaleCache.txt file wasn’t created. Yesterday I downloaded the updated version, then uninstalled 9950 only. Installed the new version and on reboot checked in the Log folder and the PCI…txt file was there.

            1 user thanked author for this post.
            • #185422 Reply

              DrBonzo
              AskWoody Lounger

              Thanks GoTheSaints, that’s useful and helpful info.

              I was just at the Microsoft support page for KB 4099950 and it said it had been updated on April 17 (today, where I am in the US) and that it was necessary to uninstall the original 4099950 and then install the April 17 version. When I went to the Update Catalog the 4099950 files were all listed as being updated on April 17. When I clicked on my version (Win7 x64) I got 2 files.

              So, now I’m curious if you installed 2 files as well. The 2 files were a stand alone package and also an exe file that I think installs the PCIClearStaleCache.txt file.

            • #185458 Reply

              GoTheSaints
              AskWoody Lounger

              I downloaded the MSU file and installed it but while it was installing there was a blip (near the end) but couldn’t say what it was as it happened really fast. On reboot pci.sys file had been updated to 6.1.7601.24056. I didn’t receive a second file.
              But I have just now checked the catalog and downloaded 9950 again and this time I received pciclearstalecache application file. So that is probably your second file.

              Read anonymous post #185410 and have a look at post #185413 in the thread he links to.

              I have not had any problems as yet but I’ll see what happens in the posts here.

              Investigated further and found the Application file has a higher Product Version than the one I installed which is 6.1.7601.24104. So do I run this? I’ll wait and see what others have to say.

              • This reply was modified 4 months ago by  GoTheSaints. Reason: typo
              • This reply was modified 4 months ago by  GoTheSaints.
              1 user thanked author for this post.
        • #185410 Reply

          anonymous

          PKCano and others. Woody has mentioned on another page there is a new KB4099950.
          https://www.askwoody.com/2018/microsoft-releases-major-update-to-win10-1703-and-the-usual-monthly-previews-for-win7-and-8-1/

          Going to the MS site for 4099950 it said:
          “If you have previously installed KB4099950 prior to April 17, 2018 please uninstall the older version of KB4099950 and reinstall to assure you have the most recent version.”
          https://support.microsoft.com/en-us/help/4099950/nic-settings-are-replaced-or-static-ip-address-settings-are-lost-after

        • #185516 Reply

          rhp52
          AskWoody Lounger

          PK- I installed the April Rollup 2 days ago. No problems.After reading about the KB 4099950 file I checked my Logs file and it was there. Now, does this mean I have to uninstall KB 4099950 and reinstall or am I good? Win7 SP1 x64

          Thanks!

    • #185433 Reply

      columbia2011
      AskWoody Lounger

      I checked WU today morning and got revised KB4099950. Already KB has installed and PCIClearStaleCache.txt correctly appeared in %windows%\logs\.
      In addition, in WU list appeared Previews of Quality May CU for Win7,Win8.1 as optional.

    • #185528 Reply

      fernlady
      AskWoody Lounger

      I installed KB 4099950 on April 7 and just uninstalled it a few minutes ago, checked for updates and it didn’t come back. Now what?

      Windows 7 x64 SP1 Group A

      Windows 7 Home x64 AMD Group A
      Realtek PCLe GBE Family Controller

      • #185536 Reply

        The Surfing Pensioner
        AskWoody Lounger

        I believe you’re meant to install the updated version from the catalogue, https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099950

        M/S don’t expect us to be totally reliant on WU any more, it seems.

        1 user thanked author for this post.
        • #185575 Reply

          abbodi86
          AskWoody MVP

          They fixed the KB4099950 issue with WU yesterday
          if you have it installed, uninstall it and let WU reinstall it

          you may also go with the manual way from the catalog

          1 user thanked author for this post.
      • #185544 Reply

        anonymous

        I would wait until Woody gives the go ahead, but you can get the updates from the MS Catalog.

        https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099950

        That is where to get the 4099950. Get the one for your version of windows.

        There is talk this may be included in the April rollup. Hold on and let others give advice here, since Woody is still telling us to wait.

        3 users thanked author for this post.
        • #185613 Reply

          rhp52
          AskWoody Lounger

          yes, It was stated here somewhere that KB4099950 was included in the April rollup. I installed the April rollup and checked for the file and it is there. That was my understanding and the reason for my question above.

          • This reply was modified 4 months ago by  rhp52.
          • #185741 Reply

            abbodi86
            AskWoody MVP

            The fix that KB4099950 have is what’s included in April Rollup, KB4099950 itself still separate and not included

            1 user thanked author for this post.
        • #185629 Reply

          DrBonzo
          AskWoody Lounger

          I wonder if KB 4099950 is also included in the April Security Only update?

          • #185742 Reply

            abbodi86
            AskWoody MVP

            No, because the component that cause the issue pci.sys is not updated or included in April security-only

            so, KB4099950 is needed only prior March security-only

    • #185538 Reply

      fernlady
      AskWoody Lounger

      I believe you’re meant to install the updated version from the catalogue, https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099950 M/S don’t expect us to be totally reliant on WU any more, it seems.

      Which one do I click on to download? The last one? Sorry for being so confused.

      Windows 7 Home x64 AMD Group A
      Realtek PCLe GBE Family Controller

      • #185552 Reply

        The Surfing Pensioner
        AskWoody Lounger

        Going by the specs you provided in # 185528, you need the bottom item in the list – 2018-4 Update for Win 7 for x64-based systems. I hope it behaves itself for you!

        1 user thanked author for this post.
      • #185555 Reply

        PaulK
        AskWoody Lounger

        One has to look at the information in both the Products column, and the System type in the Title.

        The variables (for this particular KB) are:
        – Windows Server 2008 R2
        – Windows Embedded Standard 7
        – Windows 7
        — matrixed with —
        – x64 [aka 64-bit]
        – Itanium
        – x86 [aka 32-bit]

        So, yes, you want #6 (64-bit).

        • This reply was modified 4 months ago by  PaulK. Reason: The Surfer beat me to it, but I'm leaving this as a filtering paradigm
    • #185573 Reply

      fernlady
      AskWoody Lounger

      hmm, I downloaded 2018-4 Update for Win 7 for x64-based systems but it didn’t install as far as I can tell. Can’t find it anywhere in  installed or history. oh well

      Windows 7 Home x64 AMD Group A
      Realtek PCLe GBE Family Controller

    • #185576 Reply

      dgreen
      AskWoody Lounger

      hmm, I downloaded 2018-4 Update for Win 7 for x64-based systems but it didn’t install as far as I can tell. Can’t find it anywhere in installed or history. oh well

      fernlady
      Look in your Downloads file.

      • This reply was modified 4 months ago by  dgreen.
      1 user thanked author for this post.
    • #185578 Reply

      fernlady
      AskWoody Lounger

      First place I went to because I used Firefox, it was there, I clicked on run the screen blinked and then nothing happened

      Windows 7 Home x64 AMD Group A
      Realtek PCLe GBE Family Controller

    • #185582 Reply

      OscarCP
      AskWoody Lounger

      Today I have been informed of a new Security and Quality etc. rollout for April, via Windows Update. I always install the Security Only patch from the Catalogue, never the Rollout.
      So I am wondering: is this just a quirk of Windows Update, or is there now, in the Catalogue, also a new patch replacing the original Security Only one?

      Group B, Windows 7 SP1, x64, Intel I-7 “sandy bridge”

    • #185591 Reply

      fernlady
      AskWoody Lounger

      I got it, I clicked on the .exe file first, Went back and read some posts and downloaded the .msu. It installed and I found C:\Windows\Logs\PCIClearStaleCache.txt. That’s enough for one day. Thank you all for your help.

      Windows 7 Home x64 AMD Group A
      Realtek PCLe GBE Family Controller

      • #185599 Reply

        The Surfing Pensioner
        AskWoody Lounger

        Well done! You’ll soon find yourself downloading and installing updates without even thinking about it!

        1 user thanked author for this post.
    • #185640 Reply

      Peacelady
      AskWoody Lounger

      I’m Windows 7 64-bit Group A.  Did not install March rollup.  Had installed KB4099950 previously from the Catalog.  Just now uninstalled it as there is a new and improved version of KB4099950.  Question:  should I install this new version or just wait for when I install the April rollup which in my understanding will include the new version of KB4099950.  Sorry if this question has been answered already — I’m getting patching overload.  Thanks again to all the kind people who are so helpful on this blog.

    • #185658 Reply

      anonymous

      I have two questions:

      1- What is the PCIClearStaleCache.txt file and how do I find if I have it?

      2- I installed KB4099950 prior to the 17th of this month. Does this imply that I have to uninstall it and then reistall it from the calog before installing the April security-only patch?

      Thank you for any advice on these two issues.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Here’s what you need to know about this month’s patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.