Is there an unofficial Security SP3 for Win7 now Microsoft has ended support?

Topic

New Reply

Hi,

Now that Microsoft has stopped issuing patches (to the general public) for Win7, has anyone created an unofficial SP3 that applies only security patches?

The only way of doing this – that I know of – is to apply the official SP1 , then the unofficial SP2 (KB3020369 then kb3125574), then individual monthly ‘security only’ patches from mid 2016…

So how many security only patches is that? ~40 (some months didn’t get a patch).

It’s been a while since I did the ‘security only’ patches, I got bored of trying to find them, download them, and apply them one at a time.

In addition to the above, I see Microsoft has been up to its old tricks, sneaking feature updates into security only patches:

https://www.computerworld.com/article/3408496/new-windows-7-security-only-update-installs-telemetrysnooping-uh-feature.html

So my question is; has anyone created a ‘security only’ rollup than can be applied after kb3125574, to save having to individually apply the multitude of monthly security updates – many of which require a reboot?

The only other way of making a Win7 computer secure would be to install the latest (and last) bog standard monthly rollup (which contains all previous patches and all the feature updates), and then run some scripts to pull all the undesirable telemetry patches out.

 

Thanks.

Reply | Quote

Replies

There is no SP3 that I know of.

The Security-only Updates and the IE11 Cumulative Updates can be found in AKB2000003. There are notes where the content is not standard. Yes, you need to update IE11, even if you do not use it as a browser, b/c it is an integral part of the OS. There is no Rollup that I am aware of.

You also need the Servicing Stacks. These are not listed in AKB2000003.

See AKB2000012 for @abbodi86 ‘s method to neutralize telemetry.

Reply | Quote

Hello PKCano,

This is what I was afriad of. It’s great that someone has gone to the trouble of writing this guide, but just patching a Win7 box is going to take all day – literally if you wait for the reboots to complete after each patch application. You need a lot of time on your hands to go down that road.

It’s not the fault of the people that have written the guide, it’s Microsofts fault for deliberately avoidng another service pack. Like they can’t afford to create it…LOL.

Is there no way of hacking a standard monthly roll up after it’s been applied to remove all the telemetry? I wonder if anyone has tried this.

Reply | Quote

You can run a batch file to install the SOs without a reboot in between. The IE patch is Cumulative.

Did you read AKB2000012? You can set the script as a Scheduled Task to run on startup.

Reply | Quote

Hello PKCano,

Yes, my mistake. I thought the W10Tel.cmd script described in AKB2000012 needed to be run after all the ‘security only’ updates, but it’s to be run after the last ‘monthly rollup’ to neutralize telemetry. This means only the latest monthly rollup needs to be installed instead of all the individual security updates (as the monthly rollup is a cumulative patch).

Thanks.

Reply | Quote

There’s an enterprise rollup but no sp3

https://support.microsoft.com/en-us/help/2775511/an-enterprise-hotfix-rollup-is-available-for-windows-7-sp1-and-windows

This was built to let businesses update to fully patched faster.

As far as the telemetry you can block it at the firewall.

Reply | Quote

I don’t know if you have seen the recent “What would you put on a Windows 7 “rescue” disk?” thread, but the contributor “dg1261” included a couple of links to the “www.sevenforums.com” site at comment #2239330 which may be of interest to you.

I have no personal experience of any of this, but on a quick reading there seems to be a link to a Zip file containing an (unofficial) executable to install windows updates following the guidelines of Canadian Tech (a MVP of this parish) i.e. ending in May 2017. (From memory this was just before MS introduced a bug in the June 2017 security only update which they only fixed in a later cumulative update?).

Or I may have misunderstood the sevenforum links completely. Anyway the links may be interest?

 

Reply | Quote

You might want to check out this web site: https://download.wsusoffline.net/

Scroll down the page a bit, and you will find the last version that supported downloading Windows 7 updates, that would be version 11.9

Once you get into the program, there is an option to download “security only” updates instead of “quality rollups”. You will have to use the “Legacy Windows” tab on the program screen, then select “use ‘security updates’ instead of ‘quality rollups’”

I used to use this program to update a fresh installation of Windows 7 on a new hard disk, took anywhere from 2 to 4 hours (depending on the “horsepower” of the system) after first installing Windows 7.

Usually a second computer is used to download all the needed files, then transfer the whole package to the target system via a thumb drive (it works better if the process is run from the target systems’ hard disk). It does take awhile for the program to download all the files (especially the “security only” ones), and that of course depends on your internet connection speed. The last “group B” (security only) updates I used this for back in November 2019 totaled a little over 4GB for the program and the updates.

All of this is done with no connection to the internet on the target system (other than long enough to get it activated before you start the update process) until all the updates have been installed then Automatic Updates are turned off before connecting to the ‘net.

This program has been discussed in the past here on AskWoody.com, and info on it can be found at their web site and other places on the internet. Other pages at the web site are in German, so if you browse around, you will have to have translation turned on in your web browser.

Reply | Quote