January Patch Tuesday overview

[woodyDa Boss]

My summary: What you’re witnessing is a colossal “Sky is Falling” routine, aided and abetted by folks who are going to make money from the havoc. Don’
[See the full post at: January Patch Tuesday overview]

17 users thanked author for this post.

Heavenly, anita.yk, alpha128, walker, Noel Carboni, HiFlyer, JDeC, wdburt1, SueW, Fred, David F, OscarCP, Cascadian, AJNorth, Elly, Tiernan, Pepsiboy

[BobbyBAskWoody Lounger]

Sound advice as ever from @woody some of us who have been around these “infernal machines” a long time are truly bewildered as to the amount of speculation, conjecture, “falling sky predictions”.
I my self am just going to use the tried and trusted “Patch Prohibition” Woody style until the situation clears and hard facts and figures emerge and a raising of the “Defcon”. It seems, however, there may be a performance hit coming as inevitable consequence.

7 users thanked author for this post.

HiFlyer, JDeC, SueW, Tiernan, lurks about, Pepsiboy, woody

[woodyDa Boss]

Likely some performance hit with the Windows patches, but I’d be surprised if you even noticed.

And if your three-year-old computer turns to sludge, be of good cheer. We now have decent alternatives, like Chromebooks.

NO! Put DOWN that brickbat. <gd&rvvvf>

1 user thanked author for this post.

HiFlyer

[PKCanoDa Boss]

Or Macs, or Linux (how many flavors?)

7 users thanked author for this post.

doriel, walker, HiFlyer, AJNorth, Bill C., Pepsiboy, woody

[FakeNinjaAskWoody Lounger]

I’m more worried about the CPU possibly slowing down after updating, since Microsoft claims that “Ohh Windows 7 and 8.1 users will have it worse”, what a coincidence, right? I don’t believe a word that comes from Microsoft, if this is true, they are probably doing it on purpose to force people to Windows 10, it wouldn’t be the first time. If my CPU really does slow down, I don’t even know if it’s worth updating my system. Please post your thoughts on this when we know more.

5 users thanked author for this post.

Heavenly, anita.yk, HiFlyer, Cartoonist Aaron, JDeC

[woodyDa Boss]

It’ll be an ongoing theme.

I don’t believe Microsoft is intentionally sabotaging Win7 and 8.1 customers. But I do believe they stand to make a whole lot more money if the laggards move to Win10.

7 users thanked author for this post.

Heavenly, anita.yk, HiFlyer, JDeC, BobbyB, FakeNinja, AJNorth

[Bill C.AskWoody Plus]

Given GWX, etc. I too do not believe it is intentional.

That said, I bet the corporate marching orders say nothing about trying to avoid degrading Win7 or Win8.1 user experiences.

1 user thanked author for this post.

anita.yk

[anonymous]

I agree, i’m not believing a word microsoft says any longer because of their disgraceful behaviour over the GWX campaign and beyond. They might well be genuine but that summary already reads to me as: win7/8/.1 = bad, win10 = good (upgrade NOW!).

You need to update your BIOS or UEFI

The problem with this is that some of us are using a BIOS that will likely never again be updated, i believe the last update for my gigabyte p55 dates back to 2010. I think they did roll out a management engine update for legacy systems but i haven’t been able to apply it because my i5-750 cpu doesn’t contain vPro.

-T

[CharlieAskWoody Plus]

Forgive me if this question has already been answered in the myriad of info. on this topic.  Does the MS Security Only patch for Group B’ers contain the Meltdown/Spectre/processor patch too?  I hope it does or we’ll all be forced into Group A.

Thanks so much for keeping us informed on this and all the other things Woody.

Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

1 user thanked author for this post.

JDeC

[PKCanoDa Boss]

Yes, being the security component of the patches, it does

6 users thanked author for this post.

HiFlyer, JDeC, Steve, Charlie, Pepsiboy, woody

[SeffAskWoody Plus]

Thanks for the article, Woody, a good read as always.

My concerns on all of this are not to do with any threat posed by Meltdown or Spectre, but the threat posed by the supposed fixes to any such threat. My two home desktops comprise an Intel machine with an AMD Radeon graphics card and an AMD Phenom II machine (with a Nvidia card) so I could end up being bricked in both cases. Add to that my natural reluctance always as a faint-hearted amateur to contemplate such dramatic and usually irreversible changes as a BIOS update and you can begin to see where my concerns are coming from.

I shall continue to sit back and do nothing except keep abreast of the advice and recommendations offered here, so far as both what to do and when to do it are concerned!

3 users thanked author for this post.

anita.yk, HiFlyer, OscarCP

[anonymous]

On both this 10 year old 32 bits Single core Intel Atom N280 (-HT-) clocked at 1666 Mhz Kernel~4.14.0-12.1-liquorix-686-pae i686 and on my other 4 or 5 years old Intel i3, I’ve beta tested the Windows 8.1 Security Only January updates.

I’ve had no problems and I haven’t noticed much slowdown because I barely use Windows on them.

Either way, I’ve uninstalled the updates on both machines because I think I’ll lose more with the performance slowdown compared with the potential exploitation risk AT THIS MOMENT.

I’ve saved the update files on a backup HDD, just in case for the future.

On Linux Mint Debian Edition 2 I use everyday on them, I’ve installed the 4.14.0 Kernel that still hasn’t implemented the software workarounds for Specter and Meltdown. There again, on this very old and very usable laptop, any performance tick is squeezed up to the maximum as this is still a very usable “typewriter” and I don’t want the ~5 – ~30% performance drop. I don’t want to spend money on a new laptop that still has a faulty CPU. NO!

I wonder if Intel is selling their affected CPUs on a ~5 – ~30% price discount…

No bitcoins to steal here, Sir Hacker. Please keep moving on, dear Sir…

1 user thanked author for this post.

doriel

[Noel CarboniAskWoody_MVP]

From Woody’s article:

Your three-year-old PC isn’t going to turn into a pile of sludge, in spite of what Microsoft says.

In fact, doesn’t it seem more likely at this point that it will become less functional if you rush to apply the patches right away?

I’ve seen graphs of system usage from enterprise monitoring systems. They show a drop in efficiency and an increase in CPU usage after the patches are applied. This is not happy news; it’s going to cost people real money.

Something I’ve not seen discussed (probably mostly because I’m not all knowing and have a lot of other things to do than browse the web scouting for Meltdown and Spectre info):

Let’s say you take the update (not a BIOS update, just the current crop of Windows updates)… Furhter, presume you see a definite loss in performance. Can you uninstall the update(s) and get back the lost performance? Or is this a trap door?

-Noel

9 users thanked author for this post.

walker, anita.yk, JohnW, HiFlyer, JDeC, BobbyB, AJNorth, FakeNinja, satrow

[woodyDa Boss]

Good question. I assume you can roll back the Windows updates, but not the firmware changes.

But I haven’t tried. Anybody out there know for sure?

1 user thanked author for this post.

HiFlyer

[mazziniaAskWoody Lounger]

One user, in the previous thread, posted a link to a discussion about using the vmware cpu microcode update driver for windows, freely downloadable.

I guinea pigged it, works like a charm ( my cpu seems has no ucode fix yet, but it got updated with an older fix from some years ago correctly ), it’s loaded/applied on installation .. then on reboot … gives the same advantages of the linux way of doing firmware patching, and can be removed in seconds.
If removed, the cpu simply reverts to the latest microcode in the bios.

my 2 cents, avoid the bios update and go this way… it’s not invasive, works as well as with a bios update, and can be reverted without hassles or reboots

3 users thanked author for this post.

anita.yk, MrJimPhelps, MrBrian

[Bill C.AskWoody Plus]

When I went to the MS Update Catalog, the January patches did say they were able to be removed.

You are so correct in your implication about BIOS/firmware updates.

Firmware and especially BIOS updates are far more risky. In the past, I have found BIOS installs and rollbacks are like baseball, you hit, miss or have a foulball. In the real world this works out to you successfully are able to install the new BIOS or firmware. However lets say the new BIOS or firmware update gives an unforseen problem on your system. You “may be able” to try re-installing the older BIOS or firmware update to fix the a problem. It may also be impossible (or at least have dire warning from the manufacturer) that installing an older version is not allowed. Therefore you cannot regress back and you have to live with the new BIOS. The foulball is when you attempt it and you brick the system into an unusable or unrepairable state.

BIOS updates and many firmware updates are not in my mind an average user thing, especially when they read the support literature cautions and are justifiably nervous. Sure there are now Windows based installs that are easy and usually reliable, and some even save a backup of the old BIOS, but if there is an error and you can no longer boot it gets pretty scary. I never race to install any BIOS or firmware update, and research as many sources as I can first. In fact most MB manufacturers caution against BIOS updates if your system is running well and has not exhibited the issues in the change log.

My experiences with UEFI is much more limited, and have been smooth, but I have read of some problems.

In a nutshell, if I did a BIOS or firmware update and it slowed the PC, I would either learn to live with it, or at least have a backup PC for use, before I even attempted to try to undo any update. SInce all the support info is now net based (oh, you did go to the OEM website and download the technical manuals first, right? Oh, they were dated 3 years prior… oops.), not having a backup PC or device to research how to fix it is like not having a life jacket in a boat.

12 users thanked author for this post.

Elly, Heavenly, HiFlyer, Karlston, SueW, BobbyB, Seff, Cascadian, Noel Carboni, woody, AJNorth

[MrJimPhelpsAskWoody_MVP]

Noel Carboni wrote:

Let’s say you take the update (not a BIOS update, just the current crop of Windows updates)… Further, presume you see a definite loss in performance. Can you uninstall the update(s) and get back the lost performance? Or is this a trap door?

Make sure you do a backup before installing the updates.

I run Windows as a VM within Linux. I regularly make a copy of the VM folder onto my other hard drive. So I could easily recover if an update hoses my Windows session.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

[JohnWAskWoody Plus]

I’ll let you know about the patches, when I get the courage to apply them.  I take images daily, so they should be easy to roll back from if the performance hit is ridiculous.

But as far as the hardware microcode or BIOS stuff, I’m not expecting anything from my mobo maker, since I am running a 6 year old 3rd gen Intel Core system…

[anonymous]

Did not feel slowdown of any of my i3, i5, and i7 Win7 HP/Lenovo PC; but I am not going to use a stopwatch to time them.

4 users thanked author for this post.

Charlie, HiFlyer, JDeC, woody

[krzemienAskWoody Lounger]

Great summary as always, Woody. But: Why Monday…?

1 user thanked author for this post.

HiFlyer

[woodyDa Boss]

OOOOPS. Trying too hard, I guess. Thanks!

1 user thanked author for this post.

HiFlyer

[SparkyAskWoody Plus]

That Header change was kinda freaky. After I made a post, it changed to Tuesday. I thought I posted in the wrong Thread.  I was thinking “Are there two different threads”
January Patch Monday overview
January Patch Tuesday overview

No Harm No Foul 🙂

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

[anonymous]

Actually, the article page says “Tuesday” but the comments page still says “Monday”

[woodyDa Boss]

That’s because it’s easy for me to change the main blog header – and devilishly difficult to change the header at the top of this page.

[CascadianAskWoody Lounger]

I misread it as humor and thought it was funny. Like labeling the after-action report or update as a bit of Monday morning quarterbacking. Maybe I’m the one working at it too hard with that connection.

[KirstyDa Boss]

woody wrote:

That’s because it’s easy for me to change the main blog header – and devilishly difficult to change the header at the top of this page.

Fixed! 😉

[OscarCPAskWoody Plus]

I have Waterfox in both Windows 7 (SP1, Pro, x64) PC (circa 2011) and  Mac (Macbook Pro, circa 2015) and I have updated it to 50.0.2 in both, without noticing any slowdown. It has the same fix for Spectre as Firefox. Have tested this by streaming some YouTube music+video in high resolution: it has loaded, played and sounded just fine. Pages loaded as quickly as before the patching. Same story in the Mac with Apple’s Safari, after updating it, with its fix, as well. Firefox, updated in the Mac, works also same as before, that I have noticed. Firefox no longer in my Windows PC, after the Quantum version, supposedly super-fast, turned out to be super-slow in my machine, for whatever reason, and I suspected it might be causing some logout troubles that started right after the Quantum update.

I don’t know what else, besides loading pages and streaming video+audio, could one do with a browser that would show a more significant slowdown. But this does not mean that such a thing is not possible. I just don’t know.

Now, one question about the additional BIOS update needed to complete the Meltdown and Spectre issues:

I have a really bad feeling about doing that, as it is (as someone else has pointed out here already) irreversible, whether it is done right or not. And very recent experience on the software side shows clearly that patching can be done wrong.

So, how risky could it really be if I leaved my BIOS alone and installed only the software patches, once my AV provider takes care of the Registry Key issue, some time next week, as it has promised?

Assuming, of course, that I always observe Good Internet Hygiene Practices: Use a good AV, keep patches up to date, do not open suspicious emails but delete them right away (if legitimate after all, the sender is likely to try some other way to contact me, if not, I’ll probably survive), sniff out unsolicited Web links and preferably never open them; not to go looking for free porno in dark places, etc.

I’ll really appreciate some advice on this. Thanks.

 

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[anonymous]

>So, how risky could it really be if I leaved my BIOS alone and installed only the software patches, once my AV provider takes care of the Registry Key issue, some time next week, as it has promised?

I too, would like to hear a few people weigh in on this as well.

[MrBrianAskWoody_MVP]

See https://www.askwoody.com/forums/topic/intel-has-released-microcode-update-v20180108-with-meltdown-spectre-fixes/#post-158220.

1 user thanked author for this post.

mazzinia

[mazziniaAskWoody Lounger]

I went your suggested way, yesterday (even if my cpu has no recent patch. Still got applied one from a few years ago, happily).
I think it’s a safer and more practical method to get all our cpus updated without incurring in side effects or risks.
And we have full control of the revision of the microcode we want to use ( bios, removing the driver, or any newer of choice, assuming it exists, by just using the package with the preferred month/year from intel )

1 user thanked author for this post.

MrBrian

[MrBrianAskWoody_MVP]

Unfortunately there are reports that Windows won’t enable the protection if the microcode is updated this way.

[mazziniaAskWoody Lounger]

So should I remove that driver ?

At the moment the only thing is doing is updating the firmware of my cpu from 60C to 60F , and 60F was released some years ago. (saw it in an ibm release notes I managed to google )

Aka this update is not relevant for this whole spectre/meltdown.

I “think” it improved the cpu power management ( is less aggressive by looking at the probes, when not under load, while before was always near the max allowed ) and feels I got some very slight overall speed improvement

[MrBrianAskWoody_MVP]

“So should I remove that driver ?”

If there are other reasons that you prefer the newer microcode, I would keep it.

[walkerAskWoody Lounger]

@Mr. Brian:  I’ve been under the weather so am just now trying to get caught up, and there is so much here to try to understand I may be unable to get caught up.   I’m not familiar with a lot of what is being referred to (e.g.   spectre variant 2).  Unless each person posting references their OS, Group, etc., it is difficult to know what they are specifically referring to.

Not a “complaint” per se, however from my perspective it is difficult to tie these all together at times.   Thank you for all of the information you disperse to all of this Forum’s users.   It is all very much appreciated, and I’m hoping to get caught back up again one of these days.   I have no clue where we stand with the .Net Framework updates either.

Your diligent and flawless information is appreciated, as always.    🙂

1 user thanked author for this post.

MrBrian

[anonymous]

OscarCP said:
I don’t know what else, besides loading pages and streaming video+audio, could one do with a browser that would show a more significant slowdown.

I suggested some possible test scenarios in a reply to your earlier comment:

January security patches are out

Besides updating Waterfox, I suppose you have not installed any other available Meltdown-Spectre related patches, such as the CPU microcode update, MS’s Meltdown KB patch, driver update for affected GPUs, updates for non-browser affected applications, etc.

Also, since we we are not omniscient, it would be helpful to indicate your system specs, such as Win OS version, CPU exact model (eg. Intel Core  i7-5557U — & not simply “Intel” or “Intel i7” or “Broadwell”), GPU exact model, how much RAM, PC model/release year, etc.

Microsoft has already said that performance degradation is negligible for Win 10 users (but not Win 7/8.x users). The case might be the same for users with compatible & supported high-end hardware.

[anonymous]

Hi….I was wondering if anyone can clarify. I have a fairly new Dell desktop w/Win 10 (running 1709). It has a newer Intel processor. Last week I updated the meltdown patch (KB 4056892). Computer appears to be running fine.  Sooooo…..When I checked for updates yesterday (Patch Tuesday), all that was offered was MSRT and a Flash update.

Is that normal? I think this question was asked in another thread, but I am reading articles on the web that are confusing as they say a multitude of patches was released? Did I miss something?

Thanks so much!!!

 

[PKCanoDa Boss]

The patch you installed, KB 4056892, is the Cumulative update that is usually released on Patch Tues. It was released early because of the Meltdown/Spectre vulnerabilities. The other patches were normal Patch Tues patches.

There were a bunch of other patches released for different versions of Windows, Office. .NET, etc. If they did not apply to your machine, you would not get them.

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

It’s possible to update the microcode in Windows or Linux without a BIOS/UEFI update. In this case, the microcode update is temporary. See Intel has released microcode update v20180108 with Meltdown/Spectre fixes.

4 users thanked author for this post.

HiFlyer, OscarCP, abbodi86, woody

[SchnarphAskWoody Lounger]

As I have given this site whitelist status, the “Shop Related Products” advertisement found on the right side under “Recent Topics” and above “Recent blog posts” often displays very humorous contextual items. For the topic on this page, it suggests the following books:

Overview: A New Perspective of Earth

Black Tuesday Over Namsi: A True History of the Epic Air Battle of the Korean War

Swearing Cats: A Swear Word Coloring Book featuring hilarious cats

D*mn!: A Cultural History of Swearing in Modern America

 

As for my view on this particular “Sky is falling” topic, I’ll wait for MSDEFCON 3 or better as usual. I seriously doubt my 7 year old motherboard will get a new BIOS for this issue. I’m more afraid of the MS fix than this potential security hole.

*

[Noel CarboniAskWoody_MVP]

Got a VMware Workstation Pro 14.1.1 update today that claims to pass through more of the pertinent hardware info to the guest OSs, so I decided to try testing the latest crop of updates in my suite of VMs (Win 7, 8.1, 10).

I had to put the registry entry in place in my Win 7 and 8.1 VMs, as in those I’m not running an AV package. Without the registry entry the January update was not offered through a Windows Update “Check for Updates” run.

I benchmarked each setup before and after the update using PassMark PerformanceTest. Since PC systems – especially if run in a virtual machine – are prone to doing what they want when they want, I actually was not able to measure a statistically significant slowdown after vs. before the updates. This seems hopeful.

I haven’t done Win 10 VM testing yet, nor am I anywhere NEAR convinced to update my actual hardware systems yet.

-Noel

4 users thanked author for this post.

Jan K., windows7forever, dgreen

[SparkyAskWoody Plus]

This might be a little off topic but after reading Woody on Windows article he mentioned that there is a new version of Office 2010 Click-to-Run (14.0.7193.5000) So I checked my version of Office Starter 2010 and it shows version 14.0.7160.5000 which is a October 13, 2015 version.

Isn’t Office 2010 kept up to date automatically by using a technology called Click-to-Run?
Does the “Never check for updates” setting in WU prevent Office from auto updating?

When I try to update it sends me to a page telling me to use WU to do the updating.
Can I do a manual update, if so where can I find the correct update?

When I install the monthly patches I never see a Office update and Office 2010 never seems to auto update. I don’t use the program very often.

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

Attachments:

You must be logged in to access attached files.

[woodyDa Boss]

Office CtR is supposed to update itself. My guess is that, in the case, Microsoft’s running a bit behind.

1 user thanked author for this post.

Sparky

[MrBrianAskWoody_MVP]

See https://www.askwoody.com/forums/topic/click-to-run-is-an-office-deployment-technology-not-a-version-of-office/#post-146701.

[SparkyAskWoody Plus]

When I manually check for updates, by clicking this button it sends me to This Page which tells me to use Windows Update. Windows Update does not update Office 2010. So what gives. Is there another way to manually check for updates? Microsoft Update Catalog perhaps.

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

Attachments:

You must be logged in to access attached files.

[MrBrianAskWoody_MVP]

See https://blogs.technet.microsoft.com/office_integration__sharepoint/2016/06/23/determining-your-office-version-msi-vs-c2r/.

[SparkyAskWoody Plus]

Mr. Brian,

In the link you provided its say the following:

” To find out whether your installation is MSI or C2R, in the Microsoft Office application, such as Word or Excel, go to File > Account. If you see an Office Updates section, the installation is C2R: ”

When I go to File > there is no Account option in the list. So I don’t know what is going on. The MS Office Starter 2010 I have came with the HP laptop, I didn’t have to purchase it to use it. Maybe that is the reason why I don’t see a Account option in the list.  Unless they mean File > Help 

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

[MrBrianAskWoody_MVP]

Your first image contains “click to run” so I assume that’s what you have. I don’t know why you’re being sent to a Windows Update page.

[MrBrianAskWoody_MVP]

Your version is years old. See Update history for Office 2010 Click-to-Run products.

[KirstyDa Boss]

Is this page of any use to you? It’s one @ch100 shared last year, which I bookmarked 😉

[SparkyAskWoody Plus]

Kirsty,

That page you provide tells me the Latest Public Update for Office 2010 is KB4058103, Clicking on KB4058103 sends me to this info:

Excel 2010     Description of the security update for Excel 2010: January 9, 2018 (KB4011660)
Office 2010     Description of the security update for Office 2010: January 9, 2018 (KB4011658)
Office 2010     Description of the security update for Office 2010: January 9, 2018 (KB4011610)
Office 2010     Description of the security update for Office 2010: January 9, 2018 (KB4011611)
Outlook 2010     Description of the security update for Outlook 2010: January 9, 2018 (KB4011273)
Word 2010     Description of the security update for Word 2010: January 9, 2018 (KB4011659)

Am I suppose to install thee above? Seems like a little excessive to simply update one program.

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

[KirstyDa Boss]

@sparky
There do appear to be 6 updates, depending on which modules you have installed. However, for each of those KBs on the catalog, there are a number of language options to choose from for each “bitness”, as you probably found.

i.e. for KB4011610

I feel it is probably more helpful to use Method 3 to download from the Microsoft Download Center link, which gives you simpler language selection access than the MS Update catalog does. However, there is a caution about .msi updates not suiting all versions of installation, so this may not be suitable.

Good luck!

[The Surfing PensionerAskWoody Plus]

Sparky wrote:

When I manually check for updates, by clicking this button it sends me to This Page which tells me to use Windows Update. Windows Update does not update Office 2010. So what gives. Is there another way to manually check for updates? Microsoft Update Catalog perhaps.

This happened to me a couple of years ago, after a WU repair – that was in the old days before I discovered the prudence of installing only security updates. I lost all the tickboxes on the WU settings page and could only update my MO etc. via the catalogue. I won’t comment on the joys of that procedure! Then I decided to change my antivirus and installed MSE and a miracle happened: all the tickboxes came back and I have since been able to update all my MS products the old-fashioned way, via WU. It is actually much easier, as long as you keep your setting to ‘Never’ alternated with ‘Notify but don’t download’. So installing MSE will fix it, if you want to go down that route: there may well be alternative fixes I don’t know about.

[PKCanoDa Boss]

There are a BUNCH of ways to do lt it here and in the rest of this thread.

[SparkyAskWoody Plus]

PKCano,

I have never Edited the Registry so I’m a bit hesitant to venture into the unknown. With that said here is as far as I went:
Am I suppose to change the blue highlighted number 14a384d  to the number 0 and click OK ?

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

Attachments:

You must be logged in to access attached files.

[KirstyDa Boss]

That doesn’t look like the same registry entry, so I would not change that value (note the difference in the left hand column of the right panel).

First word of caution with doing any registry edit: always do a backup first! Go to File>Export and save a copy you can use to import should something go wrong 🙂

[PKCanoDa Boss]

@sparky

You are in the right place in the Registry. (See mine)
Write down the current information that is highlighted so you can change it back if necessary.
Change the blue highlighted to 0 (zero not oh)
Close the Registry
Open Word – choose “install updates only”
Close Word and open Windows UpdateChange settings
There should be a check box with “Updates for other MS Products” checked.
Be sure WINDOWS UPDATE IS NOT ON AUTOMATIC.
(If the check box is not there, try rebooting.)
Search for updates – uncheck whatever you don’t want to install and install all the Office patches. You may have to recheck several times to get all of them.

Attachments:

You must be logged in to access attached files.

[SparkyAskWoody Plus]

Just to let you know this is what WU Change Settings looks like right now before doing anything with the registry. “Updates for other MS Products” Box is checked. This is how it has looked from the day I purchased the computer Feb 2011. It is showing  14.0.7160.5000 which is October 13, 2015 version, so it has been updating up until that date.

What is interesting when I do the below:
“If you would like to update Office but can’t open any of your Office apps, try repairing your Office suite:
A. Go to Control Panel > Programs > Uninstall a program.
B. Find and select your version of Microsoft Office on your computer.
C. In the bar above, click Change.”
When I click on Change it tells me I have to be connected to the internet, I am connected. It is like the program can’t tell if there is a internet connection. Wow

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

Attachments:

You must be logged in to access attached files.

[KirstyDa Boss]

On my system (which may differ from yours), I get an option to Repair Office, by right-clicking (see below). Have you tried that, if you have the option? It may possibly help…
My apologies if you’ve already done this 🙂

Attachments:

You must be logged in to access attached files.

[KirstyDa Boss]

Sparky wrote:

When I click on Change it tells me I have to be connected to the internet, I am connected. It is like the program can’t tell if there is a internet connection. Wow

There are some errors that can occur with CTR that relate to being unable to open (I struck it about 12mths ago on a different machine, so I’m working from memory). It related to disabled services.

You could try typing Services into your Win search box (it may need right-click Administrator rights to edit entries), and check for items marked Office or CTR, to make sure they are enabled.

[SparkyAskWoody Plus]

I Fixed the update problem by doing the below:

Your Internet provider may have silently enabled IPv6. This is what happened to me. Apparently the Click to Run Manager doesn’t like IPv6. I went to my network adapter settings and unchecked that protocol and I was able to repair Office Starter. Link

It was as simple as A,B,C,D,E

Apparently Click to Run Manager doesn’t like IPv6 for some reason.

I selected “Use recommended settings” but that changed WU to “Install Update Automatically”  which I changed back to “Never check for updates” I also rechecked the IPv6 box after MS Office Starter 2010 Updated. Maybe from now on when ever there is a new office update I’ll have to do it again.

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

Attachments:

You must be logged in to access attached files.

2 users thanked author for this post.

woody, PKCano

[PKCanoDa Boss]

WOW! Good sleuthing !!

1 user thanked author for this post.

Sparky

[SparkyAskWoody Plus]

PKCano,

I was wondering if you or anyone has seen anything like this.

While trying to solve the MS Office Starter 2010 update problem and before fixing it,  I noticed in the Event Viewer, hundreds if not thousands of errors  (amdkmdag  62464) . These go back as far as the Event Viewer stores info 12-22-17. After researching, it has something to do with a piece of video that has not passed HDCP checks. That seems to jive because the error is created when I play a video online or offline. This is strange because it must have started happening within a few months.  I really don’t know what started causing this from happening. Other than taking up Event Viewer space,  there are no video problems.  This Link is what have found to disable it and suppress the messages.  Unless it has something do with recent patches. Any thoughts Appreciated.

Isn’t great when you’re trying to fix one problem and you find another.

 

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

Attachments:

You must be logged in to access attached files.

[PKCanoDa Boss]

I’m going to throw a wild guess.
Have you updated video or sound drivers recently?

[SparkyAskWoody Plus]

PKCano,
Have you updated video or sound drivers recently?

No not recently, but according to THIS ARTICLE you can totally disable AMD driver error reporting in the registry or disable DirectX Video Acceleration in your browsers and each media player.  I disabled DirectX Video Acceleration in Firefox and Chrome and amdkmdag 62464 event stopped when playing online videos. I have turned off DirectX Video Acceleration in Windows Media Player but the amdkmdag 62464 events still show up, but only six lines every time I play a video. I guess I can live with that. I hate to mess with the registry. I was thinking maybe if I reinstalled the Graphic drivers that may straighten out the cobwebs.

HP W7 Home Premium, SP1, 64-bit, AMD Phenom II, Group A

[anonymous]

I don’t understand why I didn’t receive a January 2018 monthly rollup for windows 7.  I only received an  update for KB4033342 (whatever that is).
I was not going to install the optional update.  But don’t know why Microsoft didn’t include the monthly rollup for January.

Should I be concerned? Any information/feedback would be greatly appreciated.

Edit to remove HTML

[PKCanoDa Boss]

KB4033342 is the .NET 4.7.1 installer for Win7.

To receive the Jan Rollup, your anti-virus program has to be up to date and has to put a ALLOW Regkey in your Registry. If the key is not there you will not be offered the Jan update through Windows Update. You can find out if your AV program is compatible here.

Also, the Jan update is causing BSODs with certain AMD processors. Microsoft has blocked the update temporarily from computers with those processors until the problem can be resolved.

Either one of those reasons may be why you did not receive the Jan Rollup.

4 users thanked author for this post.

HiFlyer, KarenS, JDeC, woody

[FredAskWoody Plus]

woody wrote:

Likely some performance hit with the Windows patches, but I’d be surprised if you even noticed. And if your three-year-old computer turns to sludge, be of good cheer. We now have decent alternatives, like Chromebooks. NO! Put DOWN that brickbat. <gd&rvvvf>

there really is quite a performance loss, for instance when copying many large datafiles;
no difference when typing a letter  ;-D

After all.. Just because we're paranoid doesn't mean they aren't out to get us.

[woodyDa Boss]

Thanks for the observation! By any chance, did you run some benchmarks?

[anonymous]

I’m on Windows 7 and I don’t get the Windows security patch at all when I check for updates now. Intel CPU, AMD video card.

Did MS pull it or what?

[woodyDa Boss]

Not clear why you didn’t get it. MS hasn’t released a list of affected AMD components, so that may be the problem. Might also be lakc of a suitable antivirus.

[anonymous]

Thanks for your replym PKCano.

re: KB4033342 is the .NET 4.7.1 installer for Win7?  YES, it’s for Windows 7.

BTW, I use McAfee for my antivirus protection.  When I went to the link you provided, it showed the following:
McAfee Endpoint Protection N Y Registry key change due soon

Not sure what that means.  Hopefully, Microsoft will notify me to update accordingly.

[PKCanoDa Boss]

anonymous wrote:

McAfee Endpoint Protection N Y Registry key change due soon

That means that McAfee doesn’t set the Regkey yet (probably still in testing) and the key’s  absence is why you didn’t get the Jan update. That is going to be a pre-requsite for updates, at least for a while.

[anonymous]

I checked that list when it was linked to somewhere in this blog.The only McAfee listed was Endpoint Security but I have McAfee Internet Security and have the patch and registry listing.

I also have the free limited version of Malwarebytes – just the manual scans not the anti-virus/real-time. Could that be what updated the registry? IIRC Malwarebytes was Y/Y on the list.

-fm

 

[PKCanoDa Boss]

It might be a good idea to check with the McAfee website to see if the IS suite is compatible.

[anonymous]

I just rechecked the McAfee Consumer Support site and found the following:

Windows Product Compatibility for McAfee Products
McAfee has performed validation testing on the following products and found them to be compatible:

• McAfee LiveSafe (MLS)
• McAfee All Access (MAA)
• McAfee Total Protection (MTP)
• McAfee Internet Security (MIS)
• McAfee Anti-Virus Plus (MAV+)
• McAfee Anti-Virus (MAV)
• McAfee Cloud AV

-fm

Edit to remove HTML

1 user thanked author for this post.

PKCano

[PKCanoDa Boss]

You should be good to go, then, when it is time to install updates (not yet!).

I would hold off on the .NET 4.7.1 though. There may be problems with it and/or it’s updates.

2 users thanked author for this post.

anita.yk, walker

[abbodi86AskWoody_MVP]

Unbootable state for AMD devices in Windows 8.1

released in MU catalog only

3 users thanked author for this post.

walker, MrBrian, woody

[woodyDa Boss]

Ok. I’ll bite. ?

If you can’t boot, how do you install the patch?

[MrBrianAskWoody_MVP]

This new update probably doesn’t help with recovery if you installed one of the faulty updates. From just looking at the file sizes of https://www.catalog.update.microsoft.com/Search.aspx?q=KB4073576 vs https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898, perhaps the new update should be considered the replacement for the security-only update?

3 users thanked author for this post.

anita.yk, woody, HiFlyer

[HiFlyerAskWoody Plus]

MrBrian wrote:

This new update probably doesn’t help with recovery if you installed one of the faulty updates. From just looking at the file sizes of https://www.catalog.update.microsoft.com/Search.aspx?q=KB4073576 vs https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056898, perhaps the new update should be considered the replacement for the security-only update?

https://support.microsoft.com/en-us/help/4073576/unbootable-state-for-amd-devices-windows-8-1-windows-server-2012-r2

Summary

An update is available to fix the following issue that occurs after you install January 3, 2018—KB4056898 (Security-only update) or January 8, 2018—KB4056895 (Monthly Rollup):

AMD devices fall into an unbootable state.

Available in MUC

[HiFlyerAskWoody Plus]

https://support.microsoft.com/en-ca/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

Microsoft has temporarily paused sending the following Windows operating system updates to this subset of older AMD processors:
January 3, 2018—KB4056897 (Security-only update)
January 9, 2018—KB4056894 (Monthly Rollup)
January 3, 2018—KB4056888 (OS Build 10586.1356)
January 3, 2018—KB4056892 (OS Build 16299.192)
January 3, 2018—KB4056891 (OS Build 15063.850)
January 3, 2018—KB4056890 (OS Build 14393.2007)
January 3, 2018—KB4056898 (Security-only update)
January 3, 2018—KB4056893 (OS Build 10240.17735)
January 9, 2018—KB4056895 (Monthly Rollup)

Edit to remove HTML

 

[woodyDa Boss]

HiFlyer wrote:

An update is available to fix the following issue that occurs after you install January 3, 2018—KB4056898 (Security-only update) or January 8, 2018—KB4056895 (Monthly Rollup): AMD devices fall into an unbootable state.

In a month full of falling-down-the-rabbit-hole comments, this one has to take the cake. A fix for a bug that renders a machine unbootable.

Either somebody’s badly delusional, or they have a tremendous sense of humor.

3 users thanked author for this post.

Elly, anita.yk, HiFlyer

[abbodi86AskWoody_MVP]

Yes, 4073576 matches security-only update components, with newer versions for some of them to fix the issue

3 users thanked author for this post.

HiFlyer, woody, MrBrian

[woodyDa Boss]

Any official superecedence?

1 user thanked author for this post.

HiFlyer

[HiFlyerAskWoody Plus]

woody wrote:

Any official superecedence?

Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2 Applies to: Windows 8.1, Windows Server 2012 R2 Standard

https://support.microsoft.com/en-us/help/4073576/unbootable-state-for-amd-devices-windows-8-1-windows-server-2012-r2

“This update does not replace a previously released update.”

[abbodi86AskWoody_MVP]

Nope 🙂
regular update do not supersede security updates, per Microsoft metadata rules

but metadata should not be relevant for security-only updates (i.e. users always install them manually)

2 users thanked author for this post.

HiFlyer, woody

[anonymous]

I am running AVG Antivirus on a W8.1 X64 Enterprise OS. According to AVG support, the antivirus software is compatible with the Windows Meltdown/Spectre patch and it sets the requisite registry key. However, as of yet, WU has not offered KB4056895 but is showing the MSRT for January and the security update for Flash Player. The story around the W8.1 patch is a bit murky and I wonder if MS is havening issues with it and is rolling it out slowly. I will not install it for quite awhile because of the incredibly unprofessional manner with which this is all being handled. As for BIOS/UEFI updates, I am running an Asus Z87-PRO Mobo with Z87 chipset and Intel I7 4770K CPU. I have not been able to get any useful information whatsoever as to whether the chipset driver and UEFI will be updated for this MOBO. About the only thing I currently believe is that class action lawsuits have been filed against Intel for securities law violations because of insider transactions and inadequate disclosures. After all, I believe Intel knew about all this back in June of 2017. Duh!

[PKCanoDa Boss]

The Rollup for Win8.1 KB4056895 was not offered early like the other Win patches, although the Security-only Update and the IE11 Cumulative Update were offered through the MS Catalog. I believe it is available through the Catalog now and can be manually installed (see link in @abbodi86 comment #158273 above) – with a warning of BSODs for AMD processors.

The rest of the Win updates came down the pipe normally.

[OscarCPAskWoody Plus]

Two questions:

(1) Is it necessary to set that Registry key first, in order to install the January Explorer 11 Security Only update?

(2) Why, to be protected from Meltdown, and maybe also Spectre, will it be necessary to update the BIOS, whenever that becomes possible?

And how much more “protected” will that make one’s machine?

Thanks.

 

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[MrBrianAskWoody_MVP]

“2) Why, to be protected from Meltdown, and maybe also Spectre, will it be necessary to update the BIOS, whenever that becomes possible?

And how much more “protected” will that make one’s machine?”

See https://www.askwoody.com/forums/topic/intel-has-released-microcode-update-v20180108-with-meltdown-spectre-fixes/#post-158220.

[OscarCPAskWoody Plus]

Thanks, MrBrian.

My current thinking, after reading the article you have pointed out to me, and previously mulling over some other information I had already come across, is that I am not going to have the BIOS modified with a patch, because that looks to me like taking a lesser risk than the risk of applying a bad patch, which seems to be happening these days. A lot. So I’ll just take my chances and what happens, happens. Which could be nothing, or a devastating catastrophe. Obviously, I’m betting on the former being the case, not the latter.

Also, if I understand this correctly, the main threat from Spectre is through using a browser and, at the very least, I already have installed the mitigations to this problem that came with the recent updates for two of the browsers I do use: Waterfox, Safari (in the Mac) and (next week, probably) Chrome. And whenever it is deemed safe to update, E 11.

Am I missing something important here?

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[bAskWoody Plus]

woody wrote:

We also have new versions of Office 2010 Click-to-Run (14.0.7193.5000) and Office 2013 Click-to-Run (15.0.4997.1000).

Does anyone know, or could anyone guess, why updates are never announced for Office 2016 Click-to-Run, which I believe must be by far the most-used version.

Microsoft Edge, Win 10 Pro 1909: Group ASAP (pioneer)

[MrBrianAskWoody_MVP]

Not sure but see https://support.office.com/en-us/article/Version-and-build-numbers-of-update-channel-releases-ae942449-1fca-4484-898b-a933ea23def7.

[woodyDa Boss]

I believe that “Office 2016 Click-to-Run” is, in fact, the latest Click-to-Run version of Office 365 Pro Plus. Any Office 365 experts out there?

[abbodi86AskWoody_MVP]

Because Office 2016 (essentially Office 365) have several update channels with different release cadence
it can be tracked here with more details about features, fixes… etc
https://technet.microsoft.com/en-us/office/mt465751

[MrBrianAskWoody_MVP]

abbodi86 has reported a problem with this month’s .NET monthly rollup for .NET Framework 4.7.1 at https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/.

8 users thanked author for this post.

walker, Pepsiboy, SueW, Jan K., HiFlyer, alpha128, OscarCP, woody

[alpha128AskWoody Lounger]

MrBrian wrote:

abbodi86 has reported a problem with this month’s .NET monthly rollup for .NET Framework 4.7.1 at https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/.

Wow, that’s a problem, especially since I’m planning to upgrade from .NET 4.6.1 to .NET 4.7.1 in the not too distant future.  I have hidden KB4055532 until Microsoft gets this straightened out.

[Jan K.AskWoody Lounger]

Thanks for the heads-up!

I’ve installed that .net update. Haven’t experienced any problems, but good to know if/when it should happen.

Seriously, Microsoft?

[anonymous]

Jan K. said:
I’ve installed that .net update. Haven’t experienced any problems, but good to know if/when it should happen.

If you fulfill ALL of the following conditions:

• MS .NET Framework 4.7.x
• KB4055002: MS .NET 4.6.x/4.7.x quality & security rollup patch (Jan 2018)
• Win 7 — the only affected OS so far

… you could try running a .NET-dependent program & change its font to see if you can trigger it to crash.

Afterall, that’s the primary purpose of Microsoft pushing out the patch.  🙂

https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/#comments

Lennart Bauer:
Removing KB4055002 solves this. Microsoft need to employ some testers …

Stephen Hogan – Progress Systems Limited :
I think *we* are the testers …

 

Edit to remove content. Please stay on topic.

2 users thanked author for this post.

alpha128, MrBrian

[SesshAskWoody Lounger]

According to that same page in the comments, Pavel Drtil offers a solution.

Replacing files from a working machine will fix the problem too:

c:\Windows\Microsoft.Net\Framework64\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont

c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont

I assume that “working machine” can also mean your machine before applying the update. So, perhaps copying these two files to another location before installing KB4055002 (or this month’s NET rollup), installing the update and then copying those files back and overwriting the new (corrupted) font files should fix the issue, too.

1 user thanked author for this post.

MrBrian

[abbodi86AskWoody_MVP]

Yes, that would work, or from Windows Installer backup cache
C:\Windows\Installer\$PatchCache$\Managed

while this will solve the visible issue with GlobalUserInterface.CompositeFont, KB4055002 has more underlying issues
as example, clr.dll will be reverted to 4.7.2117.0, as wel as many files
so you basically will have franken 4.7/4.7.1 installation

1 user thanked author for this post.

Sessh

[SesshAskWoody Lounger]

I see. So really, MS is just going to have to fix the patch and issue a V2 of it. I use this site to get all that information so hopefully, someone will post something when (if) it happens. Otherwise, I will just mark the patch as not usable in my archive.

[alpha128AskWoody Lounger]

anonymous wrote:

If you fulfill ALL of the following conditions:

• MS .NET Framework 4.7.x
• KB4055002: MS .NET 4.6.x/4.7.x quality & security rollup patch (Jan 2018)
• Win 7 — the only affected OS so far

… you could try running a .NET-dependent program & change its font to see if you can trigger it to crash.

Afterall, that’s the primary purpose of Microsoft pushing out the patch.

This concerns me.  I’ve got Win 7 and  I plan to install .NET 4.7.1 soon.

I already hid the Jan .NET roll-up patch based on early reports, but the situation seems to be even worse than it first appeared.

[Jan K.AskWoody Lounger]

I’ll just uninstall the “patch”, roll another zig, lean back and will eventually be informed here on Woody, when a reliable patch-patch has been released.

Business as usual…

No sweat or worries, and now I think about it…  .net 4.7 isn’t really for Win 7?

[anonymous]

alpha128 said:
I’ve got Win 7 and  I plan to install .NET 4.7.1 soon. I already hid the Jan .NET roll-up patch based on early reports, but the situation seems to be even worse than it first appeared.

Are you planning to install .NET v4.7.1 over v4.7, or over an older v4.x version ?

I’ve .NET v4.7 installed on Win 7 x64 since Jul 2017, & have not encountered any problems. I was holding out on installing .NET v4.7.1 because it has a few issues. but these are apparently resolved with the recently-released .NET v4.7.1 Update, which seems to be stable (no reported problems so far). So my plan is to upgrade to .NET v4.7.1 in the near future.

KB 4054856: .NET v4.7.1 Update (09 Jan 2018):
https://support.microsoft.com/en-us/help/4054856
https://www.microsoft.com/en-us/download/details.aspx?id=56480

Note that this .NET v4.7.1 Update is not a standlone .NET installer. It requires .NET v4.7.1 to be installed first.

As such, if you are going ahead to install .NET v4.7.1, remember to also install the .NET v4.7.1 Update, followed by Jan 2018’s Security Only patch.

2 users thanked author for this post.

HiFlyer, abbodi86

[alpha128AskWoody Lounger]

anonymous wrote:

Are you planning to install .NET v4.7.1 over v4.7, or over an older v4.x version ? I’ve .NET v4.7 installed on Win 7 x64 since Jul 2017, & have not encountered any problems. I was holding out on installing .NET v4.7.1 because it has a few issues. but these are apparently resolved with the recently-released .NET v4.7.1 Update, which seems to be stable (no reported problems so far). So my plan is to upgrade to .NET v4.7.1 in the near future. KB 4054856: .NET v4.7.1 Update (09 Jan 2018): https://support.microsoft.com/en-us/help/4054856 https://www.microsoft.com/en-us/download/details.aspx?id=56480 Note that this .NET v4.7.1 Update is not a standlone .NET installer. It requires .NET v4.7.1 to be installed first. As such, if you are going ahead to install .NET v4.7.1, remember to also install the .NET v4.7.1 Update, followed by Jan 2018’s Security Only patch.

I did install .NET 4.7.1 over 4.6.1 just today.  I checked for updates afterwards and the only .NET update that is being offered to me via Windows Update is Security and Quality Rollup for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4055532). It has already been noted elsewhere in this topic that Windows 7 users running .NET 4.7.1. should NOT install this update, as it overwrites 4.7.1 binaries with older 4.7 versions. KB4055532 was originally offered to me as a checked update. When I unhid it, it had changed to an unchecked update. I have hidden it again.

1 user thanked author for this post.

SueW

[anonymous]

alpha128 said:
I did install .NET 4.7.1 over 4.6.1 just today.  I checked for updates afterwards and the only .NET update that is being offered to me via Windows Update is Security and Quality Rollup for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4055532).

Just to be clear, Jan 2018’s .NET Quality-Security Rollup that is causing problems in Win 7 SP1 & Win Server 2008 R2 SP1 is independent from the .NET v4.7.1 Update — let’s call this “Hotfix”.

According to its KB article (link shown above), the Hotfix should by right be offered via Windows Update under the following KB nos. after .NET v4.7.1 is already correctly installed. Perhaps you could check Windows Update again in the upcoming days to see if the relevant Hotfix finally appears.

• KB 4054852:  For Win 7 SP1, Win Server 2008 R2 SP1
• KB 4054853:  For Win Server 2012
• KB 4054854:  For Win 8.1, Win Server 2012 R2
• KB 4054855:  For Win 10, Win Server 2016

On the other hand, if you manually download the Hotfix, it will be known as KB 4054856 (65.5 MB) instead — an all-in-one patch applicable to all supported Win OS versions.

There is no documentation why the .NET team chose to separate the .NET v4.7.1 Hotfix from the Jan 2018’s Monthly Quality-Security Rollup. But considering the unreliable Quality Rollup, perhaps we should be thankful for this standalone Hotfix, so that we can at least get some issues in .NET v4.7.1 safely patched without getting entangled by the Quality Rollup problems.

As such, .NET v4.7.1 users should install the said Hotfix (whether via Windows Update or via manual download), for it resolves 5 important functional issues — refer to its KB article for details.

[abbodi86AskWoody_MVP]

The .NET 4.7.1 reliability Update will not be offered separately on Windows Update
it’s bundled with the .NET 4.7.1 entry itself as companion update (hidden)

and if you manually installed .NET 4.7.1 previously (when it was released), then you also need to install the Update manually

the Update is separate because it’s specific for .NET 4.7.1, whereas the Rollup targets all 4.6 > 4.7.1 versions

3 users thanked author for this post.

SueW, MrBrian, PKCano

[anonymous]

abbodi86 said:
The .NET 4.7.1 reliability Update […] it’s bundled with the .NET 4.7.1 entry itself as companion update (hidden).

I see, thanks ! So users who install .NET 4.7.1 via Windows Update are in fact installing both .NET 4.7.1 & Jan 2018’s “Hotfix” update at one go.

Does Windows allow the bundled fix to be uninstalled (in the hypothetical event that it contains event-stopping bugs), whilst retaining .NET 4.7.1 itself ?

Meanwhile, I wonder why Microsoft is unable to write its KB articles for both the fix & the standlone .NET 4.7.1 installer to reflect the situation accurately, since:

• The KB patches listed explicitly in the article for the said fix will apparently not get displayed upfront in Windows Update;
• .NET 4.7.1 install via Windows Update vs. manual download has different patching method — bundled fix vs manually downloading the fix

[abbodi86AskWoody_MVP]

Yes, the reliability update can be uninstalled separately
for Win 8.1/10 it’s a separate msu
for Win 7 it’s a separate msp patch

the update don’t change the base .NET 4.7.1 version 4.7.2558.0, even though it patches/update most of its binaries

KB4033369 is .NET 4.7.1 itself for Windows 8.1
each new .NET 4.x release is expected to have some compatibility issues with programs targeted for older releases

[anonymous]

Just came across this MSDN blog post announcing the .NET 4.7.1  Reliability Update (“Hotfix” mentioned above), which provides a more comprehensive explanation (than MS’s KB article) on how the update can be obtained. Miraculously, there is even a detailed table & a FAQ.

Nevertheless, there are still users (eg. Ian Thomas & Phil S in the comments) who find the whole roll-out process confusing, esp. as to why the update is also identified by the same version no.

Which brings me back to my previous question: So it really seems that those who install the Reliability Update via the bundled route in Windows Update will not be able to uninstall it without also uninstalling .NET 4.7.1 runtime totally ? If yes, the Windows Update route makes it behave like a rollup, but only for users who installed it via this route. Why make a complex situation even more complex ?

The above is a pertinent issue, esp. since there have been 2 reports so far that the .NET 4.7.1 Reliability Update has caused problems under certain scenarios:-

James Auman [Win OS not stated]:
we sure had a lot of problems after letting this install via WSUS last night. PowerShell ISE crashed. SQL Server Management Studio crashed. Several third party apps. Don’t recall ever having issues after an update like this.

And … ASP.net app using .NET 4.5.1 fails to run after installing .NET 4.7.1 Reliability Update (KB 4033369) on Win Server 2012 x64 (Github).

[MrBrianAskWoody_MVP]

Articles KB4055002 and KB4055532 have modified with a known issue that links to “TypeInitializationException” or “FileFormatException” error in WPF applications that request fallback fonts after you install the January 9, 2018, .NET Security and Quality Rollup (KB4055002): “Windows Presentation Foundation (WPF) applications that request a fallback font or a character that is not included in the currently selected font return the following error messages:”

2 users thanked author for this post.

HiFlyer, abbodi86

[DrBonzoAskWoody Plus]

I was offered KB 4033342 as an important unchecked update by Windows Update on the 9th of January. Tonight I notice I’m no longer offered that.

It’s the .NET 4.7.1 upgrade for Win 7, so maybe MS recognizes the problem.

Win 7 Pro sp1 x64 core i-3

1 user thanked author for this post.

MrBrian

[abbodi86AskWoody_MVP]

The culprit is in the rollup update, not .NET 4.7.1 itself

2 users thanked author for this post.

walker, DrBonzo

[DrBonzoAskWoody Plus]

That seems pretty odd. Why would MS still offer me the rollup update (KB4055532) which is flawed but take away the .NET 4.7.1 offering which is OK? Seems pretty weird to me.

Just wondering.

[abbodi86AskWoody_MVP]

Have you installed the .NET 3.5.1 rollup KB4054998?
what’s the size shown on the .NET rollup?

1 user thanked author for this post.

DrBonzo

[DrBonzoAskWoody Plus]

I’ve never been offered KB 4054998, but when I looked it up on the MS support page I found KB 4055532, which I was offered on Jan 9 and have continued to be offered as an important checked update. I have not installed KB 4055532 and it’s listed as 64.8 MB. The .NET 4.7.1 update just stopped being offered. All the other offerings are the same since Jan 9, and I haven’t installed any of the January patches for anything.

[abbodi86AskWoody_MVP]

.NET updates are not offered separately, each entry represent all bundled .NET rollups
so even if you don’t have any .NET 4.x product installed, KB4055532 will be offered bundling .NET 3.5.1 update KB4054998

1 user thanked author for this post.

walker

[alpha128AskWoody Lounger]

DrBonzo wrote:

I was offered KB 4033342 as an important unchecked update by Windows Update on the 9th of January. Tonight I notice I’m no longer offered that. It’s the .NET 4.7.1 upgrade for Win 7, so maybe MS recognizes the problem. Win 7 Pro sp1 x64 core i-3

I checked, and when I first looked at Windows Update it said my system was up-to-date!  Then I clicked “Check for Updates” and it immediately came back with 2 Important and 2 Optional updates.  KB4033342 was being offered to me as a third optional update yesterday.

I wonder if Microsoft intended to re-release KB4033342, this time with the correct files to harden it against Meltdown.

[abbodi86AskWoody_MVP]

.NET 4.7.1 itself has no problems, and KB4033342 still have the same binaries

it’s KB4055002 rollup that holds the security fixes, and issues

1 user thanked author for this post.

walker

[alpha128AskWoody Lounger]

abbodi86 wrote:

.NET 4.7.1 itself has no problems, and KB4033342 still have the same binaries it’s KB4055002 rollup that holds the security fixes, and issues

I wonder then if Microsoft pulled the .NET 4.7.1 installer to prevent Windows 7 users from installing the .NET January roll-up on top of it and wreaking havoc.

But when the dust settles, and Woody changes the MS-DEFCON rating to 3, what I’m going to want is the one thing Microsoft is telling me I can’t have – a version of .NET 4.7.1 on Windows 7 that is hardened against Meltdown.

[MrBrianAskWoody_MVP]

“a version of .NET 4.7.1 on Windows 7 that is hardened against Meltdown.”

I haven’t seen any info indicating that .NET 4.7.1 hardens against Spectre/Meltdown. Citations appreciated.

[abbodi86AskWoody_MVP]

Maybe because QualityCompat registry is required to get .NET updates too

but i see that security fixes in .NET 4.7.1 rollup/security-only is dated 2017-11-22
that’s older than Windows security fixes, most are 2018-01-02

[alpha128AskWoody Lounger]

abbodi86 wrote:

Maybe because QualityCompat registry is required to get .NET updates too but i see that security fixes in .NET 4.7.1 rollup/security-only is dated 2017-11-22 that’s older than Windows security fixes, most are 2018-01-02

Yes, because the January .NET roll-up requires the QualityCompat registry key, I assumed that the 4.7.1 updates it contains were to harden it against Meltdown.  But perhaps it’s not the case after all.

At this point, I’m strongly tempted to let Paint.NET update itself, which will install both version 4.0.20, and .NET 4.7.1.

[MrBrianAskWoody_MVP]

There is a question and answer about the QualityCompat registry key in regards to .NET in the comments at https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/.

[anonymous]

Mr Brian said:
There is a question and answer about the QualityCompat registry key in regards to .NET in the comments at https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/

From what I can see, a user asked a clear & valid question, while the .NET developer provided a (self-confused) non-answer in response. To quote the same developer, there is obviously a “gap” somewhere from the get-go — & not just “in testing“.

Susan:
Why do these updates have the same antivirus registry key requirement as the Spectre/Meltdown patches?

Rich Lander [MSFT]:
The Windows 10 updates are the Spectre/Meltdown patches. Are those the updates you are referring to?

Meanwhile, the KB pages for Jan 2018’s Quality-Security Monthly Rollup & Security Only Update respectively continue to indicate that users of all supported Win OS versions MUST have the Meltdown-compliant QualityCompat registry key AND a supported antivirus.

[alpha128AskWoody Lounger]

abbodi86 wrote:

.NET 4.7.1 itself has no problems, and KB4033342 still have the same binaries it’s KB4055002 rollup that holds the security fixes, and issues

Today I upgraded my Paint.NET to version 4.0.20, and it first installed .NET 4.7.1, as that was a requirement.  Both upgrades went smoothly.

 

1 user thanked author for this post.

SueW

[MrBrianAskWoody_MVP]

From https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/: “Please avoid installing this update on Windows 7 or Windows Server 2008 R2.”

From https://github.com/dotnet/announcements/issues/53:

“The root cause of this problem is a MSI setup interaction between the .NET Framework January 2018 Rollup (KB4055002) and an already installed version of .NET Framework 4.7.1 product. The Rollup installer unexpectedly overwrites the 4.7.1 version of the GlobalUserInterface.CompositeFont file. This causes WPF operations that need this font file to fail.

All updates are extensively tested before they are provided to you. We are investigating the gap in our testing and will resolve that for our next release.”

 

3 users thanked author for this post.

HiFlyer, walker, DrBonzo

[PKCanoDa Boss]

MrBrian wrote:

All updates are extensively tested before they are provided to you. We are investigating the gap in our testing and will resolve that for our next release.”

Should that be chasm or abyss instead of gap?

5 users thanked author for this post.

HiFlyer, SueW, DrBonzo, Cybertooth, windows7forever

[DrBonzoAskWoody Plus]

Black hole, perhaps?

Testing failure or not, though, if they know something is wrong why are they still offering the rollup to me as a checked, important update?

My reading between the lines seems to say I would be OK installing the rollup as long as I don’t install the 4.7.1 update, but that doesn’t portend well for such time as I might decide to install 4.7.1 – even though they’ve stopped offering 4.7.1 to me. There just seems to be some nonlogical logic being invoked here. Then again, There’s a lot about MS I don’t understand these days.

[Jan K.AskWoody Lounger]

Well, Grand Canyon is a gap, isn’t it?

I was more puzzled by the “our testing” bit though…

[DrBonzoAskWoody Plus]

Well, I guess that might explain why, after several days of being offered the rollup update (KB4055532 for Win 7) as a checked, important update by Windows Update, it suddenly this afternoon went from being checked to unchecked.

[alpha128AskWoody Lounger]

DrBonzo wrote:

Well, I guess that might explain why, after several days of being offered the rollup update (KB4055532 for Win 7) as a checked, important update by Windows Update, it suddenly this afternoon went from being checked to unchecked.

Could be.  I hid KB4055532 when the first reports of trouble came in.

 

[KarenSAskWoody Lounger]

First I understand we are still under Defcon 2 and I am not installing anything but I just want to clarify:

We have Two Toshiba 2010 Satellite 64 bit Notebooks Win 7 home premium, one with i3CPU, one with i5CPU. Both with HD Graphics, both have Malwarebytes (free) and MSE (both MB and MSE with up to date updates).

When KB4056894 (Jan’s Security Monthly Quality Rollup) was first offered to us it was “checked”, then it was “unchecked” and now it is “checked” again.

My question is: When it does come time (Defcon3 or higher) to install will we be safe from the BSOD situation?

[woodyDa Boss]

By the time I move to MS-DEFCON 3, you’ll either be safe from BSODs or, at the very least, we should have a pretty good idea what machines will be safe.

Crowdsourced bug reports work pretty well….

7 users thanked author for this post.

HiFlyer, Pepsiboy, JDeC, SueW, KarenS, BobbyB, AJNorth

[anonymous]

Jan 9, 2018 4:31 AM (Meltdown & Spectre)

I received a fix from MS to Win 10 pro. it slows down my computer significantly. I attached results. Software used for testing was PerformanceTest 64 bit by Passmark. Hardware is Lenovo Thinkpad T440s model 20ARS04W00. First test was right before installing update. Next 3 after update. I could not first believe my eyes. But you can see results…

So Intel says that affect is not noticed by average user. That simply is not true.

Everybody who uses his/her computer every day like I do, will see (and pay) for the difference ;-(

https://communities.intel.com/thread/121215

5 users thanked author for this post.

HiFlyer, satrow, Sessh, Noel Carboni, woody

[Noel CarboniAskWoody_MVP]

Thank you; I’m hungry for real test results.

That particular set is alarming, however Passmark PerformanceTest (or any benchmark) is known to show quite variable results for disk testing. That’s the nature of PC systems; they do a lot of different things all the time. I’ve had run to run variances of 2 to 1 just doing subsequent tests. I’d really like to see a whole SERIES of before/after benchmarks. Also, PerformanceTest has some advanced tests that would be good, such as some real world simulations of disk loads…

I’ve benchmarked all my systems before and after updates for years. I’ve accumulated enough that if/when I install these latest patches I’ll be able to document a trend with statistical certainty. I’m also accumulating data doing other real world operations.

I’ve already found that I cannot sense a speed difference in virtual machines after vs. before the installation. But this may well be a situation where it HAS to be tested on the actual hardware to yield real results.

If I can find evidence that removing the Windows Update can be a fallback to restore prior performance I’ll go ahead and test it on my less critical system. Until then, like most here, it’s wait ‘n see.

-Noel

Attachments:

You must be logged in to access attached files.

4 users thanked author for this post.

AJNorth, HiFlyer, anita.yk, satrow

[satrowAskWoody MVP]

See also my comments.

[AJNorthAskWoody Plus]

NVIDIA GeForce Driver 390.65 WHQL Security Update

https://www.ghacks.net/2018/01/08/nvidia-geforce-driver-390-65-whql-is-a-security-update/

3 users thanked author for this post.

Seff, woody, MrBrian

[SeffAskWoody Plus]

Be wary of installing the new Nvidia graphics driver 390.65, there is a lot of adverse feedback on the official forums from people reporting slower game performance and BSODs etc. with this driver. The slower performance is ironic given that, according to one poster’s understanding, the new driver doesn’t provide additional security as Nvidia GPUs are not affected by the current concerns, but is instead intended to counter any impact on performance from other software patches for Meltdown and Spectre. I’ve no idea how true that understanding is.

For the moment, however, I’d advise relying on the same advice for new drivers that we apply to other updates – keep a watching brief for a few days but let others be the guinea pigs! That is, of course, in addition to the usual advice on replacing effective drivers – if it ain’t broke, don’t fix it!

2 users thanked author for this post.

AJNorth, MrBrian

[AJNorthAskWoody Plus]

So far, for the four systems on which I’ve installed 390.65 (which may also include updates to audio and PhysX drivers), there have been no discernible negative issues (Win 7 Pro x64; Intel i7 Ivy Bridge, Haswell and Skylake).

[liamZAskWoody Lounger]

In Windows 7 after running WU I got the Office 2010 updates but I am not getting KB4055532 or KB4056894, anybody knows why?

[HiFlyerAskWoody Plus]

liamZ wrote:

In Windows 7 after running WU I got the Office 2010 updates but I am not getting KB4055532 or KB4056894, anybody knows why?

Older AMD cpu??

Ck post #158461 above.

 

 

[PKCanoDa Boss]

It could also be because your anti-virus program has not set the Registry key to confirm compatibility.

1 user thanked author for this post.

HiFlyer

[liamZAskWoody Lounger]

Nope, I have an Intel Core 2 Duo CPU and I checked the registry and my Avira antivirus has created the key.

[JohnWAskWoody Plus]

I have one Windows 7 SP-1 Pro machine showing the KB4056894 Monthly Rollup available for download and install.

The AV I am running there is Bitdefender Free, and it has set the required registry value.

On my other two computers running Windows 10, they have the registry flag set by the AVs running in them, Avira Pro and Avast Free, respectively.  Good to go!

But not gonna apply any patches just yet though… 😉

[anonymous]

Woody,

Your computerworld article references changing the registry to disable the Equation Editor. I follwed the link to Microsoft and their article details the registries entries to modify. When I looked in my registry, I do not have an entry for: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}. I have 32 bit Office 2016 installed on a Win 10 Pro, 64 bit machine. Do I create the entries if they aren’t there?

Thanks in advance…

[PKCanoDa Boss]

If you are familiar with editing the Registry, yes, you can create the key.

Use caution editing the Registry.

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

The January updates removed Equation Editor 3.0.

1 user thanked author for this post.

woody

[woodyDa Boss]

MrBrian – It sounds like the updates removed the registry entry, too (????).

Anonoymous – Have you already installed this month’s Office patches?

[MrBrianAskWoody_MVP]

I don’t know because I haven’t installed the January updates yet. I posted this link somewhere on this site a few days ago: https://support.microsoft.com/en-us/help/4057882/error-when-editing-an-equation-in-office.

[anonymous]

Good morning, Woody.

No, I haven’t installed the January Office patches yet. I was going to edit my registry to disable the Equation Editor. That’s when I found that I did not have the registry entries referenced by the Microsoft article: https://support.microsoft.com/en-us/help/4055535/how-to-disable-equation-editor-3-0

 

1 user thanked author for this post.

woody

[woodyDa Boss]

The mysteries continue….

[MrBrianAskWoody_MVP]

From https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170021: “**Update: ** On 1/9/2018, Microsoft released an update for Microsoft Office that adds defense-in-depth configuration options to selectively disable the DDE protocol in all supported editions of Microsoft Excel.”

2 users thanked author for this post.

The Surfing Pensioner, woody

[OscarCPAskWoody Plus]

About that Equation Editor and its issues:

Power Point also has one. Any indication there is the same problems with it?

Thanks.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

1 user thanked author for this post.

woody

[SesshAskWoody Lounger]

Ok, so for future reference, if someone does not have the QualityCompat registry key, that only means that this month’s updates will not appear in Windows Update. If the user does not have a third party antivirus installed (and therefore no key) and installs the updates manually, there should be no problem right?

I am under the impression that the registry key is to prevent existing third party antivirus software from conflicting with the new update and causing a BSOD, so those without third party AV have nothing to conflict and therefore should be fine. Am I right on this?  Based on this MS support page, that seems to be the case. I just want to make sure because I will not be using antivirus software (aside from Defender) again.

[PKCanoDa Boss]

You can manually set the Registry key. See https://www.askwoody.com/forums/topic/january-security-patches-are-coming-shortly/#post-157982

Also, I found that the lack of the key does not prevent manual installation of either the SO of the Rollup. So you could go ahead and install the patch manually.

[SesshAskWoody Lounger]

That’s what I thought. It seems this key will be required for WU to give updates at all going forward. Yeah, I know the key can be added manually, but I am not thrilled about having to edit the registry (glad I won’t have to and I install all patches manually anyway) nor is it fair for the average user who certainly won’t want to go stumbling around in the registry.

I imagine I’ll skip the January update entirely once I inevitably get to it, but security updates after it I will (eventually) want to install… well, maybe. This has been one huge mess and it’s probably just the beginning. I am actually glad to be behind on updating TBH.

[MrBrianAskWoody_MVP]

There is a separate issue with some AMD processors.

[PKCanoDa Boss]

Oh, yes. That was a brain lapse on my part.

@mrbrian reminds us that you don’t want to do either of those things if you have an AMD processor!!!!

[280parkAskWoody Plus]

RE: Microsoft Office 2010 Click-to-Run

I have the Click-to-Run version of Microsoft Office Starter 2010 installed on my Windows 7 machine.  I opened Excel and clicked File>Help>Update Options and immediately got a blue screen with a lots of words about Windows closing to protect my machine.  The only way to get off that screen was to hold the on/off button for several seconds.  Except for a notification that Windows had recovered successfully, Windows rebooted normally.

I can’t recall ever previously having a blue screen event on this computer.

[anonymous]

I might not be reading this right, but is it correct to say that the last Office patches disable the Equation Editor? Meaning: it is not going to be possible to use it anymore?

Because I use the Equations Editor to write equations in some of my papers, presentations (PowerPoint) and technical reports, as a well as to be able to see them in those of other people that send me Word and PPT copies of theirs.

[abbodi86AskWoody_MVP]

Yes, latest update kills it

they propose another ways
https://support.microsoft.com/en-us/help/4057882/error-when-editing-an-equation-in-office

2 users thanked author for this post.

Elly, OscarCP

[DrBonzoAskWoody Plus]

There are other better ways than what MS suggests. Check out this and a few posts beneath it for my recommendations.

January security patches are coming shortly

2 users thanked author for this post.

Elly, OscarCP

[walkerAskWoody Lounger]

@anonymous:   What is the “Equations Editor?”.   I keep seeing reference to it, however have no clue as to what it is.     Appreciate any information on this one.    🙂

I see now that it’s related to the “Office programs”, so that’s the reason I didn’t know what it was.   I don’t have Office.

[OscarCPAskWoody Plus]

Again on the Equations Editor:

There is this statement in the Web site abbodi86 suggested: “You can insert and edit new equations using the editor built into Office version 2007 or later.”

Does this mean what I think it means, and the Equations Editor that will be removed by the update is the one in some very old version of Office, e.g. 2003 or even older? The Equations Editor has been a feature in Word, at least since I started using Windows, two decades ago. Now I have Office 2010 and 2016, so I am wondering if these will be left with Equations Editor still functioning after patching Office. I seriously hope so; this feature is a very useful one to me.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[OscarCPAskWoody Plus]

I think this answers my own question about the removal from Office of Equation Editor:

https://support.microsoft.com/en-us/help/4057882/error-when-editing-an-equation-in-office

The patch will prevent one from editing equations in very old documents, but the functionality –if not the old software that provided it — still is and will remain in Office. I’ll probably can live with that. I hope so.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[CybertoothAskWoody Plus]

The discussion on that page is confusing, to say the least. As you noted, they write:

You can insert and edit new equations using the editor built into Office version 2007 or later.

So, what gives? Once you apply this patch, can you still or can you no longer create equations in Office 2007?

 

[KirstyDa Boss]

Resolution

You can insert and edit new equations using the editor built into Office version 2007 or later. For more information about inserting and editing equations, see Write, insert, or change an equation. However, you will not be able to edit existing equations that were inserted using Equation Editor 3.0 in that manner.

Alternatively, the third-party app MathType enables you to edit Equation Editor 3.0 equations without security issues. MathType is now part of the Wiris Suite. You can download a free MathType 30-day trial at: http://www.wiris.com/equation_editor/microsoft

[CybertoothAskWoody Plus]

Thanks, I had indeed read that and it’s the exact reason why I made my post. The MS page raises more questions than it answers:

So, was there more than one “equation editor” in Word, and one of them was removed? Or did another equation editor replace the one that was removed? In which versions of Office did this “Equation Editor 3.0” reside, and how would one know which “equation editor” one’s copy of Office has (or had)??

 

[KirstyDa Boss]

According to the linked page, Equation Editor 3.0 was included in versions of Office older than 2007. Since v.2007, the function of Equation Editor has used a new native Equation Editor.

Check this answers.microsoft MVP answer for details (hope that helps).

So I understood that “Resolution” to say that using v.2007 or later (2007 – 2016), you can use the new native Equation Editor to create new equations and to edit equations made by the new native Equation Editor, but anything that had already been created using the old Equation Editor 3.0 could not be edited using the new native Equation Editor.

4 users thanked author for this post.

Cybertooth, SueW, Elly, OscarCP

[CybertoothAskWoody Plus]

Thanks Kirsty, I learned something new today.

I never knew before that Word 2007 had TWO ways to insert equations. And the one that’s being removed seems to be the one that I never knew existed!

1 user thanked author for this post.

Kirsty

[MrBrianAskWoody_MVP]

From Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1:

“An update is available to fix the following issue that occurs after you install January 3, 2018—KB4056897 (Security-only update) or January 4, 2018—KB4056894 (Monthly Rollup):

AMD devices fall into an unbootable state.”

This update can probably be considered a replacement for the January 2018 security-only update.

2 users thanked author for this post.

HiFlyer, DrBonzo

[DrBonzoAskWoody Plus]

I have an Intel core i-3 and Intel HD graphics; i.e., no AMD chips to the best of my knowledge. Does it matter which update I install, KB 4056897 (security only) or KB 4073578, which I presume is also security only? I’m going to wait until Defcon 3; just trying to stay even with the game.

1 user thanked author for this post.

HiFlyer

[MrBrianAskWoody_MVP]

On Windows 7 x64, I compared what KB4056897 installs vs. what KB4073578 installs. Considering just executable files, KB4073578 installs a newer version of some executable files.

4 users thanked author for this post.

woody, Elly, HiFlyer, DrBonzo

[DrBonzoAskWoody Plus]

I think I’m convinced it’s a replacement. But I do wish they would get rid of the old one and just have one security only update that would work for all machines whether Intel or AMD. I’m assuming the new one does in fact work for both brands of processor.

I wonder if MS has incorporated the changes they made in the new security only update into the January Rollup.

1 user thanked author for this post.

HiFlyer

[MrBrianAskWoody_MVP]

“I wonder if MS has incorporated the changes they made in the new security only update into the January Rollup.”

I would expect the February 2018 rollups and security-only updates to have the updated files.

3 users thanked author for this post.

JDeC, DrBonzo, HiFlyer

[MrBrianAskWoody_MVP]

Of the changed executable files between the two Windows 7 x64 updates (inspected with CBS Package Inspector), the only executable file that changed in size is hvax64.exe.

3 users thanked author for this post.

Elly, DrBonzo, HiFlyer

[HiFlyerAskWoody Plus]

MS certainly has added to the confusion by inserting “This update does not replace a previously released update.” In both “Unbootable state for AMD devices” articles.

 

https://support.microsoft.com/en-us/help/4073576/unbootable-state-for-amd-devices-windows-8-1-windows-server-2012-r2

https://support.microsoft.com/en-us/help/4073578/unbootable-state-for-amd-devices-in-windows-7-sp1-windows-server-2008

 

 

3 users thanked author for this post.

Microfix, woody, DrBonzo

[PKCanoDa Boss]

Both of the Security-only patches (KB4073578 for Win7 dated 1/12/18 and KB4073576 for Win8.1 dated 1/10/18) revised for unbootable AMD have been added to AKB2000003.

4 users thanked author for this post.

woody, JDeC, DrBonzo, HiFlyer

[HiFlyerAskWoody Plus]

PKCano wrote:

Both of the Security-only patches (KB4073578 for Win7 dated 1/12/18 and KB4073576 for Win8.1 dated 1/10/18) revised for unbootable AMD have been added to AKB2000003.

While waiting for Defcon 3 and Woody’s instructions…..

Should we consider installing ONLY these two new patches for AMD cpus? (to avoid boot problem)

Are either the earlier SOQUs for the month (4056897, 4056898)  or these new ones equally  o.k. for Intel cpus?

Or choose the new ones only?

 

 

 

2 users thanked author for this post.

SueW, DrBonzo

[PKCanoDa Boss]

Hmmm. Good question.

There is an ongoing discussion (above) about whether KB4073576 and KB4073578 replace the previous Security only patches or not. Read the MS pages (which are vagur) and the above discussion (see quotes from the pages) – and toss a coin?

2 users thanked author for this post.

DrBonzo, HiFlyer

[HiFlyerAskWoody Plus]

PKCano wrote:

Hmmm. Good question. There is an ongoing discussion (above) about whether KB4073576 and KB4073578 replace the previous Security only patches or not. Read the MS pages (which are vagur) and the above discussion (see quotes from the pages) – and toss a coin?

I’m in no hurry…..Let Little Mikey go first.

2 users thanked author for this post.

SueW, DrBonzo

[OscarCPAskWoody Plus]

Perhaps my question is premature, but here it is:

I have a Windows 7 Pro, SP1 x 64 PC, circa 2011. The the CPU is I-7 4-core, the display adapters are Intel HD Graphics Family and Radeon HD6770M. Given that the last one, in particular, is an AMD product, I would like to know: does this matter when deciding which of the two successive MS Security Only updates (so far!) out this month to install; and if not both, then which one?

I also have, originally installed in this PC by the manufacturer, the 3rd party graphics accelerator ATI Catalyst V 12.10 (the current version is 14.12).

I’ll appreciate an answer, whenever one is known. Thanks

 

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[MrBrianAskWoody_MVP]

The new update probably works fine with Intel processors. I’ll test this briefly on my Intel-processor computer within the next few days. If the old update works fine on your computer, then there probably is no compelling reason to install the new update. What we don’t know is whether the new update has problems that the old update doesn’t have.

5 users thanked author for this post.

JDeC, SueW, Elly, DrBonzo, HiFlyer

[MrBrianAskWoody_MVP]

As a test, I installed KB4073578 on two computers with two different Intel CPU models. I then rebooted and logged into a user account on each computer. There were no apparent problems. Since I am not in Group B, I then got rid of this update on both computers.

4 users thanked author for this post.

SueW, woody, Elly, DrBonzo

[DrBonzoAskWoody Plus]

Thanks MrBrian. For you to do that was certainly way beyond the call of duty.

It clarifies a lot about that update.

[PepsiboyAskWoody Lounger]

PKCano,

I’m running a HP G62 Notebook PC with
Win 7 SP1 x64
Intel Pentium P6100 2.0 GHz
4gb RAM
Vipre 10.1.4.33 Antivirus

As of last night, Vipre had sent the Registry change requirement to me, and Windows Update only showed the KB 89080 MSRT update.
This morning the registry update shows installed, AND Windows Update shows 11 updates available as “Important” and CHECKED.
Not listed in the following order, just the way I have them written down.
KB40568897 – Win7 Security only
40565688 – IE 11
4033342 – .NET Framework
4033852 – .NET Framework
4052852 – .NET Framework
4019990 – .NET Framework
4055532 – .NET Rollup
4055269 – .NET Security only
890830 – MSRT
4011611 – Office 2010
4073578 – Win7 Update

I STILL fail to understand WHY I get the updates for Office, (I do not have Office installed) and just what does .NET Framework do?
YES, I’m patiently waiting for DEFCON 3 or higher before installing ANYTHING (other than the Flash update I got days ago).

Also, I asked Vipre “Why it has taken so long for them to update their registry file”? Got no answer back as of this morning. Feels to me like they have been dragging their feet on this.

Sorry about the rant, just trying to stay informed.
Thanks, in advance for any and ALL help.

Dave

[PKCanoDa Boss]

I am confused by the list you have as showing in Windows Update.

These four updates are Windows Catalog manual download only (NOT through WU)
I do not understand why they should be showing up in Windows Update
KB4056897 Security Only Quality Update for Win7 dated 1/4/18
KB4073578 Security Only Quality Update for Win7 dated 1/12/18 fix for unbootable AMD
KB4056568 IE11 Cumulative Update for Win7
KB4055269 Security Only Update for .NET versions 3.5.2 – 4.7.1

These are normally offered through Windows Update
KB4033342 is the installer for .NET 4.7.1
KB4019990 in the d3dCompiler  required if you install .NET 4.7/4.7.1
KB4055532 .NET Rollup for Win7
KB890830 MSRT

KB4033852 is not listed in the MS Catalog by that number.
I don’t know why you are getting the Office 2010 update unless you possibly have the Trial ver. installed from OEM and you never bought it.

Edit to correct typo KB3033852 -> KB4033852

[PepsiboyAskWoody Lounger]

PKCano wrote:

I am confused by the list you have as showing in Windows Update.

These four updates are Windows Catalog manual download only (NOT through WU)
I do not understand why they should be showing up in Windows Update
KB4056897 Security Only Quality Update for Win7 dated 1/4/18
KB4073578 Security Only Quality Update for Win7 dated 1/12/18 fix for unbootable AMD
KB4056568 IE11 Cumulative Update for Win7
KB4055269 Security Only Update for .NET versions 3.5.2 – 4.7.1

These are normally offered through Windows Update
KB4033342 is the installer for .NET 4.7.1
KB4019990 in the d3dCompiler required if you install .NET 4.7/4.7.1
KB4055532 .NET Rollup for Win7
KB890830 MSRT

KB3033852 is not listed in the MS Catalog by that number.
I don’t know why you are getting the Office 2010 update unless you possibly have the Trial ver. installed from OEM and you never bought it.

PKCano,

Double check my list in my last post. KB3033852 is not there.
Thanks for the comments. No, I do not have a trial version of Office from OEM. I have tried to make sure there is NOTHING on this machine connected with Office. I do not like it and do not want it. I’m just trying to sort through all this stuff and be as patient as I can waiting for DEFCON 3 or higher. I would post a screen shot of Windows Update, but right now it is being stubborn and not letting me take a shot.

Thanks, again, for all the help.

Dave

[PKCanoDa Boss]

My typo – KB4033852 is not listed in the MS Catalog by that number

[Bill C.AskWoody Plus]

Just a quick question. Do you have the MSPowerpoint Viewer, the MSWord viewer, or the Office Compatibility Pack installed or showing in Installed Software? I have found that even if you uninstall MSOffice, these programs remain and will trigger certain Office updates in Windows Update.

Most of these are older programs (from either Office 2007 or 2010 era) that had to be installed manually if I remember correctly.

On one machine I dropped Office and went to LibreOffice, yet kept getting WU Office updates. I uninstalled all and the WU Office updates stopped.

1 user thanked author for this post.

Elly

[MrBrianAskWoody_MVP]

Tweet from Kevin Beaumont: “CVE-2018-0802 (new Equation Editor exploits) in wild now. Exploit which embeds any .exe and runs, using OLE Packager.dll function […]”

From Microsoft: CVE-2018-0802 | Microsoft Office Memory Corruption Vulnerability.

3 users thanked author for this post.

cesmart4125, woody, Elly

[MrBrianAskWoody_MVP]

Proof-of-concept video: Exploiting CVE-2018-0802 Office Equation Vulnerabilty.

1 user thanked author for this post.

woody

[PepsiboyAskWoody Lounger]

PKCano wrote:

My typo – KB4033852 is not listed in the MS Catalog by that number

PKCano,

OOOPPSS ! ! ! MY typo, no yours, it should be KB40528852 .NET Framework. My apologies.

Dave

[PepsiboyAskWoody Lounger]

Bill C. wrote:

Just a quick question. Do you have the MSPowerpoint Viewer, the MSWord viewer, or the Office Compatibility Pack installed or showing in Installed Software? I have found that even if you uninstall MSOffice, these programs remain and will trigger certain Office updates in Windows Update.

Most of these are older programs (from either Office 2007 or 2010 era) that had to be installed manually if I remember correctly.

On one machine I dropped Office and went to LibreOffice, yet kept getting WU Office updates. I uninstalled all and the WU Office updates stopped.

BillC,

NOPE, none of the above compatibility packs. Only have MS Works 7.0, LibreOffice and Open Office.

Dave

[Bill C.AskWoody Plus]

It could be the MSWorks install. Some versions of Works included a de-featured version of Word. I forgot to put that in my post as I once found that was an issue, but that was back in the XP or Vista days.

Another possibliky is there is still an unactivated image (or part thereof) of Office that was loaded by your OEM when you bought the PC.

There is something that uses core Office components that is triggering it. MS has pushed out some security updates for out of support Office versions. I have still gotten them on my XP machine a few months ago. That machine is not usually connected online, but I went to see if the Office 2007 patches would download and they did.

1 user thanked author for this post.

woody

[mazziniaAskWoody Lounger]

Interesting, my Windows update (win7 x64) list of offered packages changed.

.net 4.7.1 got pulled and vanished ( was present but not checked, before )

and kb4055532 , the .net quality rollup, got changed to unchecked

2 users thanked author for this post.

AJNorth, MrBrian

[SeffAskWoody Plus]

At some point today my main machine is showing that the .Net Framework update for Windows 7 (KB4055532) has become unchecked…

Keep everything on hold folks, this story of ” An Everyday Month in the Life of Windows” still has a few chapters yet to be written!

1 user thanked author for this post.

AJNorth

[SeffAskWoody Plus]

Just to update my earlier comment to say that the .Net Framework patch has been unchecked on my other Windows 7 machine too.

[DrBonzoAskWoody Plus]

@mazzinia and @seff. Same exact thing happened to me a day or so ago.

My current status is I’m no longer offered 4.7.1 at all and the rollup (KB4055532) is now important but unchecked.

Every patch I’ve been offered in January has either been yanked or changed from checked to unchecked. Some of the yanked ones have come back, some haven’t. Even the group B patches seem to show up and disappear and then show up again in the Microsoft catalog. I keep thinking patch Tuesdays can’t get any worse, but this one is insane.

2 users thanked author for this post.

HiFlyer, AJNorth

[anonymous]

We have installed 2018-01 on 2012 R2. After this the service “ScanMail for Microsoft Exchange Master Service” does not start anymore. This is a service of the product “Trend Micro ScanMail for Microsoft Exchange”. The program version due to programs and features is 12.5.1300.

In another environment there is an older version of this product installed (rest of the environment is the same). There are no problems.

[PepsiboyAskWoody Lounger]

Another update from me. This morning’s Windows Update scan only shows KB890830 – MSRT, Important – UNCHECKED.  Now I am completely confused, as I have not installed ANY updates and there are no new updates showing as being installed.

WHAT THE (cussword) is going on???

Dave

[anonymous]

It looks as though Microsoft is getting reports from enterprise clients that KB4055532 is causing a few more problems. The latest is a problem with WPF ( Windows Presentation Foundation is a graphical subsystem by Microsoft for rendering user interfaces in Windows-based applications). There are no details released as yet.

I assume the KB has been changed to unchecked status because an ongoing investigation has validated one or all of the reported problems. It looks as though Microsoft sees these problems as isolated to just a few applications, otherwise they would have pulled it completely.

I have not seen anything yet that confirms that this KB has been pulled. Windows Update occasionally does weird things, so it can not be relied upon as a good indicator of what is going on at ‘the hive’. We see updates appear and disappear quite often and without rhyme or reason.

[mazziniaAskWoody Lounger]

https://support.google.com/faqs/answer/7625886

Retpoline

in short, Google is working on this issue ( spectre variant 2 , the one requiring patches that slow down us a lot ) , and found a way to fix the issue with sort of 0 slowdowns and no bios update.

How do we make Microsoft pull his jun… err beautiful patch and rewrite it to take advantage of Google’s smart programming teams ?

[alpha128AskWoody Lounger]

McAfee finally got their act together, and my employer pushed the January roll-up for Windows 7 (KB4056894) to my work computer today.

No BSOD, and no slowdown detected after installing the patch.

However, if you’ve disabled libraries, this is one of those months where you’re going to want to re-enable them before installing the updates.  Otherwise, you’ll lose the ability to rename folders in Windows Explorer.

1 user thanked author for this post.

AJNorth

[anonymous]

I’ve found something interesting, on a whim I checked Windows Update just to see what would happen since I don’t have the registry key yet for my AV and I thought that was required to even have the monthly rollup show up. After a couple minutes I got this months MSRT, .Net rollup and the 2018-01 quality and security rollup all checked and ready to install.

How is this even happening? The even stranger part is that the rollup is dated January 4th, wasn’t that patch pulled? Can someone please tell me whats happening here?

silverjack

[johnfAskWoody Lounger]

Hi Woody!

Would changing the hard drive to a Hybrid or SSD compensate for the performance loss these patches may have on a Windows System? Conversely, has anyone with a Hybrid/SDD seen a significant performance loss after applying the Meltdown/Spectre patches?

[anonymous]

I’m waiting until Defcon 3 to install my updates. I got a WIndows 10 1703 lenovo ideapad 320 with an intel inside processor. I will be sure to save my files on the usb drive before I install the updates.

AND I PRAY nothing happens-Of course it all turns out normal and good, BECAUSE I WILL NOT SPEND 2 WEEKS AND/OR ANY DAY or money if something should happen. I got ANIME MILWAUKEE 2018 on Feb 16-18th and my cash is FOR ANIME MERCH.

SO on the day of defcon3-I WILL MESSAGE woody to see what ones will be safe and alright to install. BECAUSE I WILL NOT let any microsoft mishaps or [edited] ruin my con week….And also I will hide Febs patches before they try anything even 1709 if it pops up.

H*** has no fury like an anime fan’s scorn. FEBRUARY IS MY month of fun, anime binging and vacation.

[MrBrianAskWoody_MVP]

Five Microsoft updates today so far:

Unbootable state for AMD devices in Windows 10 Version 1709

January 17, 2018—KB4057142 (OS Build 14393.2034)

January 17, 2018—KB4057144 (OS Build 15063.877)

January 17, 2018—KB4057402 (Preview of Monthly Rollup)

January 17, 2018—KB4057401 (Preview of Monthly Rollup)

3 users thanked author for this post.

HiFlyer, AJNorth, woody

[woodyDa Boss]

See https://www.askwoody.com/2018/windows-patches-are-rolling-out-now/

3 users thanked author for this post.

HiFlyer, AJNorth, MrBrian

[MrBrianAskWoody_MVP]

The most recent 4 KB articles at Windows 10 and Windows Server 2016 update history now have this issue listed: ‘After installing this update, servers where Credential Guard is enabled may experience an unexpected restart with the error, “The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart.” […]’

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

Windows 10 updates released today:

January 18, 2018—KB4073291 (OS Build 16299.201)

January 18, 2018—KB4075200 (OS Build 10586.1358)

January 18, 2018—KB4075199 (OS Build 10240.17741)

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

All of these updates are now available in the Microsoft Update Catalog.

[MrBrianAskWoody_MVP]

The files ndp47-kb4074880-x64[…].exe and ndp47-kb4074880-x86[…].exe currently in the catalog for KB4055532 (January 2018 .NET Framework monthly rollup for Windows 7) have a digital signature of January 11, 2018, which is newer than the original release date. Also, despite the fact that I installed the January 2018 .NET Framework monthly rollup for Windows 7 on Monday (I have .NET Framework 4.7), it is being offered again in Windows Update (it’s ticked).

2 users thanked author for this post.

walker, woody

[MrBrianAskWoody_MVP]

From CVE-2018-0792 | Microsoft Word Remote Code Execution Vulnerability and CVE-2018-0797 | Microsoft Word Memory Corruption Vulnerability: “01/18/2018     To address a known issue with installing security update 4011021, Microsoft is announcing the availability of security update 4011022 as a replacement. Customers who experienced problems installing 4011021 should install 4011022.”

2 users thanked author for this post.

HiFlyer, woody

[MrBrianAskWoody_MVP]

Important changes today to these articles:

Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880)

Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4055532)

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 (KB 4055002)

4 users thanked author for this post.

walker, SueW, cesmart4125, woody

[walkerAskWoody Lounger]

@Mr.Brian:    It only gets more and more confusing.    The information you supply, I hope will help, however it is becoming more and more of a morass.   Thank you for all of your invaluable help, as always.   🙂

[MrBrianAskWoody_MVP]

From https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002: “01/18/2018     On January 5, 2018, Microsoft re-released KB4056898 (Security Only) for Windows 8.1 and Windows Server 2012 R2 to address a known issue. Customers who have installed the original package on 1/3/2018 should reinstall the update.”

2 users thanked author for this post.

walker, woody

[MrBrianAskWoody_MVP]

From https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002: ’01/18/2018     Microsoft has released security update 4073291 to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”). Microsoft recommends that customers running Windows 10 Version 1709 for 32-bit systems install the update as soon as possible. Microsoft continues to work to provide 32-bit (x86) protections for other supported Windows versions but does not have a release schedule at this time. The update is currently available via the Microsoft Update Catalog only, and will be included in subsequent updates. This update does not apply to x64 (64-bit) systems.’

1 user thanked author for this post.

woody

[anonymous]

Thanks MrBrian.

Hopefully MS updates FAQ #7 on that page to at least refer to the version 8.0 revision note as this patch to Win10 1709 provides the first available Meltdown protection to x86 systems.

2 users thanked author for this post.

MrBrian, woody

[MrBrianAskWoody_MVP]

From CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability and CVE-2018-0786 | .NET Security Feature Bypass Vulnerability: “01/18/2018     To address a regression issue after installing security update 4055002, Microsoft has released security update 4074880 for Microsoft .NET 4.6/4.6.1/4.6.2/4.7/4.7.1 installed on supported editions of Windows 7 and Windows Server 2008 R2. Customers who have already installed KB4055002 should install KB4074880 to be protected from this vulnerability.”

2 users thanked author for this post.

walker, woody

[MrBrianAskWoody_MVP]

January 19, 2018—KB4057400 (Preview of Monthly Rollup) (applies to Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1)

2 users thanked author for this post.

walker, woody

[MrBrianAskWoody_MVP]

Issue has been added to Windows 8.1 January 8, 2018—KB4056895 (Monthly Rollup), Windows 8.1 January 3, 2018—KB4056898 (Security-only update), and Windows 8.1 January 17, 2018—KB4057401 (Preview of Monthly Rollup): “After installing this update, some systems running both PIC and APIC interrupt controllers may experience system crashes.”

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

Today’s new or updated .NET KB articles:

https://support.microsoft.com/en-us/help/4055532/security-and-quality-rollup-for-net-framework-3-5-1-4-5-2-4-6-4-6-1-4- Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4055532)
https://support.microsoft.com/en-us/help/4055267/security-and-quality-rollup-for-net-framework-2-0-sp2-3-0-sp2-4-5-2-an Security and Quality Rollup for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2 and 4.6 updates for Windows Server 2008 SP2 (KB 4055267)
https://support.microsoft.com/en-us/help/4055000/description-of-the-security-and-quality-rollup-for-the-net-framework-4 Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4055000)
https://support.microsoft.com/en-us/help/4055266/security-and-quality-rollup-for-the-net-framework-3-5-sp1-4-5-2-4-6-4- Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4055266)
https://support.microsoft.com/en-us/help/4055002/description-of-the-security-and-quality-rollup-for-net-framework-4-6-o Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 (KB 4055002)
https://support.microsoft.com/en-us/help/4054999/description-of-the-security-and-quality-rollup-for-the-net-framework-3 Description of the Security and Quality Rollup for the .NET Framework 3.5 SP1 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4054999)
https://support.microsoft.com/en-us/help/4054995/description-of-the-security-and-quality-rollup-for-the-net-framework-4 Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB 4054995)
https://support.microsoft.com/en-us/help/4054998/description-of-the-security-and-quality-rollup-for-the-net-framework-3 Description of the Security and Quality Rollup for the .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4054998)
https://support.microsoft.com/en-us/help/4054996/description-of-the-security-and-quality-rollup-for-the-net-framework-2 Description of the Security and Quality Rollup for the .NET Framework 2.0 SP2 and 3.0 SP2 for Windows Server 2008 SP2 (KB 4054996)
https://support.microsoft.com/en-us/help/4054993/description-of-the-security-and-quality-rollup-for-the-net-framework-4 Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4054993)
https://support.microsoft.com/en-us/help/4055001/description-of-the-security-and-quality-rollup-for-the-net-framework-4 Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4055001)
https://support.microsoft.com/en-us/help/4054170/description-of-the-security-only-update-for-net-framework-4-5-2-for-wi Description of the Security Only update for .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4054170)
https://support.microsoft.com/en-us/help/4054994/description-of-the-security-and-quality-rollup-for-the-net-framework-4 Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2012 (KB 4054994)
https://support.microsoft.com/en-us/help/4055270/security-only-update-for-net-framework-3-5-sp1-4-5-2-4-6-4-6-1-4-6-2-4 Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows Server 2012 (KB 4055270)
https://support.microsoft.com/en-us/help/4054171/description-of-the-security-only-update-for-net-framework-4-5-2-for-wi Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012 (KB 4054171)
https://support.microsoft.com/en-us/help/4054177/description-of-the-security-only-update-for-net-framework-3-5-sp1-for- Description of the Security Only update for .NET Framework 3.5 SP1 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4054177)
https://support.microsoft.com/en-us/help/4054997/description-of-the-security-and-quality-rollup-for-the-net-framework-3 Description of the Security and Quality Rollup for the .NET Framework 3.5 SP1 for Windows Server 2012 (KB 4054997)
https://support.microsoft.com/en-us/help/4054174/description-of-the-security-only-update-for-net-framework-2-0-sp2-and- Description of the Security Only update for .NET Framework 2.0 SP2 and 3.0 SP2 for Windows Server 2008 SP2 (KB 4054174)
https://support.microsoft.com/en-us/help/4055271/security-only-update-for-net-framework-3-5-sp1-4-5-2-4-6-4-6-1-4-6-2-4 Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4055271)
https://support.microsoft.com/en-us/help/4055272/security-only-update-for-net-framework-2-0-sp2-3-0-sp2-4-5-2-and-4-6-u Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 updates for Windows Server 2008 SP2 (KB 4055272)
https://support.microsoft.com/en-us/help/4054172/description-of-the-security-only-update-for-net-framework-4-5-2-for-wi Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4054172)
https://support.microsoft.com/en-us/help/4055265/security-and-quality-rollup-for-the-net-framework-3-5-sp1-4-5-2-4-6-4- Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows Server 2012 (KB 4055265)
https://support.microsoft.com/en-us/help/4055269/security-only-update-for-net-framework-3-5-1-4-5-2-4-6-4-6-1-4-6-2-4-7 Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4055269)
https://support.microsoft.com/en-us/help/4054183/description-of-the-security-only-update-for-net-framework-4-6-4-6-1-4- Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4054183)
https://support.microsoft.com/en-us/help/4054182/description-of-the-security-only-update-for-net-framework-4-6-4-6-1-4- Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4054182)
https://support.microsoft.com/en-us/help/4054181/description-of-the-security-only-update-for-net-framework-4-6-4-6-1-4- Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 for Windows Server 2012 (KB 4054181)
https://support.microsoft.com/en-us/help/4054176/description-of-the-security-only-update-for-net-framework-3-5-1-for-wi Description of the Security Only update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054176)
https://support.microsoft.com/en-us/help/4054175/description-of-the-security-only-update-for-net-framework-3-5-sp1-for- Description of the Security Only update for .NET Framework 3.5 SP1 for Windows Server 2012 (KB 4054175)

1 user thanked author for this post.

walker

[anonymous]

So, just to recap/confirm, when safe to do so, to update .NET Framework 4.7/4.7.1 on Win 7 Pro x64 will include:
– KB4033342 offline installer for .NET 4.7.1
– KB4074880 rather than, OR in addition to, KB4054183 within the KB4055532 bundle??
– KB4054856 ‘hotfix’

1 user thanked author for this post.

walker

[MrBrianAskWoody_MVP]

.NET Framework January 2018 preview rollup appears for me in Windows Update on Windows 7.

3 users thanked author for this post.

walker, woody, BrianL

[MrBrianAskWoody_MVP]

Issue added to Windows 10 Version 1703 January 3, 2018—KB4056891 (OS Build 15063.850): “After installing this update, some users may experience issues logging into some websites when using third party account credentials in Microsoft Edge.”

2 users thanked author for this post.

walker, woody

[MrBrianAskWoody_MVP]

The same issue was also added to the other 4 Windows 10 versions for the January 3, 2018 builds.

[MrBrianAskWoody_MVP]

New Microsoft support article: Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880).

2 users thanked author for this post.

walker, woody

[MrBrianAskWoody_MVP]

Blog post .NET Framework January 2018 Security and Quality Rollup was revised on January 21, 2018.

3 users thanked author for this post.

OscarCP, walker, woody

[MrBrianAskWoody_MVP]

Revised again on January 22.

[MrBrianAskWoody_MVP]

Revised again on January 24.

[MrBrianAskWoody_MVP]

Revised again on January 25. New comments also.

[walkerAskWoody Lounger]

@Mr.Brian:  There are so many different references to the .NET Framework (even worse than usual), I don’t know where to begin to start.   Any guidance on the .NET Framework mess will be very much appreciated.   Thank you so much for all of the invaluable information you make available to all us.     🙂  🙂

[MrBrianAskWoody_MVP]

When Woody gives the go-ahead to install the January 2018 updates, if you follow the Group A instructions, the .NET Framework January 2018 update will probably be installed.

1 user thanked author for this post.

walker

[walkerAskWoody Lounger]

@Mr.Brian:  Thank you very, very much for the guidance.   Without your expertise, outstanding knowledge, and dedication to providing help to all of us here, I know I could never function to keep my head above water.  I am very grateful, along with many  other members who appreciate your assistance more than words can say.     🙂   🙂

1 user thanked author for this post.

MrBrian

[MrBrianAskWoody_MVP]

From January 22, 2018, update for Outlook 2016 (KB4011123): “This update fixes an issue in which some attachments to plain text messages are removed when you forward the message.”

1 user thanked author for this post.

SueW

[CybertoothAskWoody Plus]

Today my wife finally gave in to installing several Windows 10 updates after Microsoft grayed out her PC’s screen, insisting on proceeding with the updates.

After a reboot, she could load Outlook but it would not send/receive email, and launching Internet Explorer or Edge merely opened a blank window. Internet connectivity seemed to have been lost. Well, I guess that’s one way to make sure your computer doesn’t get infected.

In addition, every program she tried to launch took an inordinate amount of time to open. It was as if the PC were wading through molasses. For the first time ever, she was receptive to the idea of ditching Windows 10 and switching to Linux.

I told her to uninstall KB4056891 and reboot. When the computer came back up, everything was working normally as before that update.

So the question now is: is there any way that she can block or otherwise permanently reject KB4056891 from installing? (She’s on Windows 10 Pro.) I told her that I doubt it, but that I would ask around, so here I am.

The irony of it is that before installing the problem update, the notification thingy at right was assuring her that “we have made improvements to your PC” or something along those lines. Yeah sure, you kept “improving” my wife’s PC till it broke. Next time, just leave it the F alone.

 

[PKCanoDa Boss]

I assume your wife is on 1703 with something less than Build 15063.850
My suggestion would be this.
Set your Internet connection to metered. Run wushowhide and hide KB4056891.
If not on Build 15063.786, download and manually install Build 15063.786 KB4053580.
Confirm that KB4056891 is still hidden.
Install other updates (IE11 Flash, Servicing stack,etc)

If you are brave, you can try KB4057144 Build 15063.877
Read the fixes on the MS pages.

If you are not brave, you might disable WU temporarily (I didn’t say that, did I?)

1 user thanked author for this post.

Cybertooth

[CybertoothAskWoody Plus]

LOL on that last line!

FWIW, she’s on 1703, build 15063.0.

For starters, I’ll change the connection to metered and install wushowhide, then I’ll look into the other measures you suggested.

Thanks very much!

 

[PKCanoDa Boss]

I suggested Build 15063.786 KB4053580 because I have it installed on two VMs and it seems (relatively) OK.

What I’ve done with my VM’s, and it’s made updates better (but longer) is to set Group Policy for no Delivery Optimization.
Windows Components\Delivery Optimization\Download Mode Enabled = 99 (simple download, HTTP, no DO)
also
WindowsUpdate\Configure Auto Update Enabled = 2

But if you manual download/install you don’t have to worry about DO

1 user thanked author for this post.

Cybertooth

[johnfAskWoody Lounger]

Hopefully, your wife’s pc will stay stable, but it won’t hurt to make a Linux Live CD or USB, and show her how to use it if an update hoses her pc again (at least until you have time to track down the issue). Rufus is one of the best iso burners out there…just download your favorite iso (I like Linux Mint or Linux Lite), and use Rufus to burn it to a decent sized flash drive (4 gigs or up).

[MrBrianAskWoody_MVP]

From “TypeInitializationException” or “FileFormatException” error in WPF applications that request fallback fonts after you install the January 9, 2018, .NET Security and Quality Rollup (KB4055002): ‘An update that resolves this issue was released on January 24, 2017, to Windows Update, WSUS, and the Microsoft Update Catalog. For more information, see the “How to get this update” section.’

[OscarCPAskWoody Plus]

Thanking MrBrian for yesterday’s update (#162022) on his comprehensive posting on the current .NET situation.

And hoping that is the last word ever on this most disappointing issue, although who can say that for sure anymore?

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

1 user thanked author for this post.

MrBrian

[MrBrianAskWoody_MVP]

From https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2: ‘While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”’

2 users thanked author for this post.

woody, abbodi86

[MrBrianAskWoody_MVP]

I would guess that this update merely sets the existing registry items that Microsoft documented weeks ago to disable CVE 2017-5715 mitigation in Windows. Reasons: a) tiny update size b) same update for multiple operating systems.

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

Test results: This update indeed does set the registry values documented by Microsoft. This update doesn’t appear in the list of installed updates. This update needs admin privileges to function properly.

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

From that link (my bolding):

‘Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption.

While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”’

3 users thanked author for this post.

cesmart4125, Elly, woody

[OscarCPAskWoody Plus]

I have deliberately not installed the (as it then turned out to be) faulty Intel microcode update, nor any such update from the manufacturer of my PC. Am I correct in reasoning that, therefore, I do not have to install this out-of-band update from MS?

As to what I do about MS updates these days: I have Windows 7 Pro, SP1, x64, and I have set Windows Update to “notify but let me install”, which I do manually from the Catalogue, after enough time has elapsed that it looks like it may be safe to do so.

I shall appreciate some advice clarifying what to do about this particular out-of-band update.

 

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

[MrBrianAskWoody_MVP]

I can think of two reasons one might run KB4078130:

1. Recently updated microcode, in conjunction with the January 2018 Windows updates, has caused issues on your computer that Microsoft mentions in KB4078130.

2. Recently updated microcode has caused, in conjunction with the January 2018 Windows updates, too much of a performance decline.

4 users thanked author for this post.

anita.yk, woody, Bill C., WildBill

[OscarCPAskWoody Plus]

MrBrian,

Thank you. Your answer makes it clear that someone in my situation does not have to install this out of band update, unless that person then goes inexplicably ahead and installs one of those problematic microcode updates.

Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

1 user thanked author for this post.

MrBrian

[MrBrianAskWoody_MVP]

Issue added to January 18, 2018—KB4073291 (OS Build 16299.201): “Because of compatibility issues with some versions of antivirus software, this update causes stop errors or abrupt reboots.” Speculation: The issue occurs only in x86 version because “This update provides additional protections for 32-Bit (x86) version of Windows 10 1709.”

Issue added to January 3, 2018—KB4056890 (OS Build 14393.2007): ‘Editing some group policies using GPMC or AGPM 4.0 may fail with error “The data present in the reparse point buffer is invalid. (Exception from HRESULT: 0x80071128)” after installing this update on a domain controller.’

1 user thanked author for this post.

woody

[anonymous]

I’m not updating Windows ever again! The January Patch Tuesday borked my start menu and Cortana.

 

1 user thanked author for this post.

walker

[anonymous]

KB4078130 – Having Right Clicked and ‘run’ the Windows Out of Band Patch (then re-booted) there was not sign of it in Windows Update History (nor the Updates Uninstall Log). Neither I nor the Microsoft Support Agent (who remotely accessed by PC for well over 30 Minutes looking for it) could find the bl*%#y thing. So, now, have no idea if it’s there and working, or never actually installed. The Microsoft Guy looked in the Registry, but he did not appear to be aware what he was looking for in there). So now I’ve know Idea if it’s installed or not. (Is there a quick search for those Registry Keys that might confirm that the Patch installed? I’m a computer duffer so don’t know how to search the Registry). Reluctant to try running the .exe file fom the Microsoft Catalog ‘again’ in case my Computer explodes or something).

[PKCanoDa Boss]

As an anonymous poster your replies must be moderated and may not appear immediately. You do not need to repost.

1 user thanked author for this post.

woody

[MrBrianAskWoody_MVP]

KB4078130 does not install or uninstall. It merely runs. Also, you need to make sure that you run it elevated. You can check if Spectre variant 2 mitigation is disabled by (after restarting computer) running InSpectre or a similar program. Here is a topic about KB4078130: https://www.askwoody.com/forums/topic/yet-another-surprise-patch-kb-4078130-for-all-versions-of-windows-disables-part-of-the-meltdown-spectre-patches/.

2 users thanked author for this post.

HiFlyer, walker

[PKCanoDa Boss]

KB4078130 was not issued through Windows Update for a reason. It is offered in the MS Catalog as a manual download ONLY for those who installed the faulty Intel firmware microcode. It does not “install” it only executes. It does not therefore show up in the “installed updates” and you cannot “uninstall” it from there.

It sets Registry values to disable only the mitigation against CVE-2017-5715. Users who do not have the affected Intel microcode do not have to download this update. You can read about it in the Microsoft pages here or in the blog post on this site. The latter mentions the Registry values set.

2 users thanked author for this post.

HiFlyer, walker

[HiFlyerAskWoody Plus]

“Neither I nor the Microsoft Support Agent (who remotely accessed by PC for well over 30 Minutes looking for it) could find the bl*%#y thing.”   #163951 anon.

“KB4078130 does not install or uninstall. It merely runs.”  #163961  MrBrian

The M$FT  support guy spent more than 30 minutes looking for it.

Suspicions confirmed.  (big guffaw)

3 users thanked author for this post.

woody, Elly, MrBrian

[PKCanoDa Boss]

The support guy obviously doesn’t consult AskWoody

6 users thanked author for this post.

walker, woody, windows7forever, Elly, MrBrian, HiFlyer

[MrBrianAskWoody_MVP]

January 2018 Preview of Quality Rollup (for .NET Framework) (January 26, 2018)

2 users thanked author for this post.

walker, woody

[abbodi86AskWoody_MVP]

He need to add 1709 cumulative KB4058258 too 🙂

https://support.microsoft.com/en-us/help/4057154/

1 user thanked author for this post.

woody

[walkerAskWoody Lounger]

@abbodi86:  Isn’t this one for Windows 10?  These NET Framework updates are very confusing to the novice user.  Thank you.

[MrBrianAskWoody_MVP]

“Are you sure?”

Reasonably sure. Compare the file sizes at https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056897 vs. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4073578 and also see the Windows 8.1 update discussion.

2 users thanked author for this post.

HiFlyer, DrBonzo

[DrBonzoAskWoody Plus]

I agree that the file sizes are the same and the wording of the MS support site for each of win 7 and win 8.1 patches to fix the ‘AMD problem’ is identical as near as I can tell, both of the support sites say that the new patch does not replace any previous update. To me, that implies the new patch isn’t a replacement.

On the other hand the MS wording implies that you don’t need the new patch unless you get a BSOD after installing the original patch. But, if you install the original patch and get a BSOD, how are you supposed to install the new patch?

Rest assured MrBrian, I’m not arguing with you, I’m simply trying to understand what’s going on at MS.

3 users thanked author for this post.

Elly, HiFlyer, MrBrian

[MrBrianAskWoody_MVP]

Notice also that the documentation for the new update don’t list the old update as a prerequisite.

3 users thanked author for this post.

Elly, HiFlyer, DrBonzo

[Author]

Posts