News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • January patches for Win7, KB 4480970 and KB 4480960, break networking

    Home Forums AskWoody blog January patches for Win7, KB 4480970 and KB 4480960, break networking

    This topic contains 76 replies, has 29 voices, and was last updated by  anonymous 3 months, 3 weeks ago.

    • Author
      Posts
    • #245300 Reply

      woody
      Da Boss

      Tell me if you’ve heard this one before. I first read about it on Günter Born’s site, but word is starting to spread: The KB4480970 (Monthly Rollup) a
      [See the full post at: January patches for Win7, KB 44080970 and KB 4480960, break networking]

      8 users thanked author for this post.
    • #245306 Reply

      WildBill
      AskWoody Plus

      I’ll wait for the Computerworld article, but the tinfoil-hat guy in my brain says this is just the beginning of a MS plot to irritate Windows 7 users monthly. Why? To upgrade to Win 10 whatever, of course! “See? Windows 7 is old & starting to break down. Don’t stay unprotected in 2020, upgrade to Windows 10 ASAP. It’s better now!”

      “No, we’ll still be rolling out new versions twice a year (more or less).”

      “Well, the monthly patches shouldn’t break every month. But if they do, we’ll fix them. Just like we have all along. We promise Windows 10 will be better. Upgrade Now… pleeease?

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      7 users thanked author for this post.
      • #259483 Reply

        anonymous

         I figure 7 breaks reaches end-of-life soon enough and Microsoft need to support 7 until then even if only a handful of users  are left. My logic says they are using recent graduates or other ‘cheap’ programmers on maintaining old software while their gun programmers are working on things that will earn profit in future.

      • #264898 Reply

        BobT
        AskWoody Lounger

        The great thing about 7 is that I can choose what to install every month, and when!

        I can also uninstall it no problem if it does cause problems, and it’s totally up to me when I try again! Control at my fingertips, lovely!

        1 user thanked author for this post.
        • #304728 Reply

          anonymous

          The problem is that backing out these KBs does not fix the issue.  I use Remote Desktop Connection every day and these patches broke it.  Now I wait patiently for the geniuses at MS to fix their error.  Go to Windows 10?  Sure but I would have to update all my hardware first.

      • #268897 Reply

        Charlie
        AskWoody Plus

        This kind of news is both irritating and scary.  MS is scaring me right out of their store!  I’m already getting familiar with Linux and it’s looking like that’s going to take the place of the OS I use for surfing the web.

        If MS doesn’t get their act together soon it’s all over.  Nothing to go figure, it’s plain as day.

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

    • #245329 Reply

      sproket90
      AskWoody Lounger

      Tell me if you’ve heard this one before. I first read about it on Günter Born’s site, but word is starting to spread: The KB4480970 (Monthly Rollup) a[See the full post at: January patches for Win7, KB 44080970 and KB 4480960, break networking]

      can confirm it broke a HP Z440 workstation this morning

      1 user thanked author for this post.
    • #245352 Reply

      Morty
      AskWoody Plus

      Krebs On Security quoted you:

      It generally can’t hurt for Windows users to wait a day or two after Microsoft releases monthly security updates before installing the fixes; occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.

      Case in point: Computerworld’s Woody Leonhard notes that multiple organizations are reporting problems with their file-sharing operations after installing this month’s patch rollup.

       

      10 users thanked author for this post.
      • #245370 Reply

        woody
        Da Boss

        Excellent.

        If you’re watching, thanks for the nod, Brian!

        1 user thanked author for this post.
    • #245374 Reply

      fk5353
      AskWoody Plus

      Networking is DEFINITELY badly broken. No Windows 7 machine should apply this update. All of our test systems died a horrible death. A quick fix is to do a System Restore and disable Automatic Updating if it is not already disabled.

      • #245957 Reply

        woody
        Da Boss

        Are you seeing an oem<number>.inf NIC disabling problem, or one more like Martin’s description, where a person who’s an admin on the target machine can’t log on?

        • #264913 Reply

          fk5353
          AskWoody Plus

          The primary NIC is reinstalled so it is a variation of the oem<>.inf issue. Once it reinstalls it works fine to the internet, mail, etc. A more serious issue for us is problems with SMB2. This is causing *very* slow network access to the file servers.

          Update – we have “fallen back” to testing with our Samba file servers. With some tweaking to the protocol settings, they can be made to work correctly with the update even as we continue to have “issues” with the Windows file servers. It’s pretty sad when Samba works but not Windows.

          Does anyone know why Microsoft chose to start modifying SMB2?

      • #304876 Reply

        anonymous

        I tried restore and that did not fix the problem.

        • #305935 Reply

          PKCano
          Da Boss

          Have you tried uninstalling the update?

    • #245845 Reply

      ashfan212
      AskWoody Lounger

      Windows 7 x64 Home Premium Group A.

      I have NOT installed the January updates and do not plan to until further clarity.

      I am trying to understand what is “smbv2” and whether the January monthly rollup networking issues would adversely affect a single computer if installation was attempted.

      • #246158 Reply

        woody
        Da Boss

        It’s my understanding that the problem only crops up if you’re trying to log into a patched machine over the network – and if the person doing the login uses an account that has admin privileges on the receiving end.

        But I’m not 100% sure about that.

        2 users thanked author for this post.
        • #305268 Reply

          anonymous

          I’ve got several Win 7 Pro machines here.  The ones with the patches have broken Remote Desktop Connection.  The ones without the patches can access all computers using Remote Desktop Connection, even the ones that have been patched.  So the patch breaks RDC from working on the patched computers.  You get the message “Remote Desktop Connection error The Local Security Authority cannot be contacted” when you launch RDC and try to connect to another computer from a patched machine.

          • #306110 Reply

            PKCano
            Da Boss

            Try uninstalling the update.

            • #308442 Reply

              anonymous

              I would like to but when I go to uninstall and look for the updates I find the KB4480970 (Monthly Quality Rolllup) and a KB4480063 (Update for Microsoft Windows) installed on Jan 9.  Now the problem is that when I look at the update history I don’t see the KB4480063 listed.  So do I uninstall both or just the KB4480970.  Note that there were 7 patches installed on my computer on January 9.

            • #308624 Reply

              Elly
              AskWoody MVP

              Check ‘Installed Updates’ (found near bottom of left panel  of Windows Update). It will list the updates that are installed, and you can uninstall them from there.

              Win 7 Home, 64 bit, Group B

            • #308625 Reply

              PaulK
              AskWoody Lounger

              4480063 is a .NET update. See https://support.microsoft.com/en-us/help/4480063/ .
              As the title of this thread indicates, it is the Monthly Rollup Updates that are trouble makers.
              Remove 4480970.

      • #253770 Reply

        anonymous

        The primary NIC is reinstalled so it is a variation of the oem<>.inf issue. One it reinstalls it works fine to the internet, mail, etc. A more serious issue for us is problems with SMB2. This is causing *very* slow network access to the file servers.

        2 users thanked author for this post.
        • #314878 Reply

          cesmart4125
          AskWoody Lounger

          I was born BC, before computers.  Please tell me what SMB2 is.  Is it the same as smbv2?  And what is SMB?

          Thanks for your help.

          Attachments:
    • #245844 Reply

      anonymous

      So what kind of symptoms are users having?

    • #247352 Reply

      anonymous

      I have small home network with 2 PC’s and 3 tablets and sharing is enabled to allow file transfers between them. Is this going to break that? I can see my shared folders and files on the other computers through the navigation pane on each computer.

      • #247848 Reply

        PKCano
        Da Boss

        The patches haven’t been out for an entire day. We’re on DEFCON2. I would recommend waiting till the dust settles and we know more about the issues before trying to patch. Lately, Microsoft has been known to leave bad patches out there for 4-5 days before pulling them, and even longer before releasing a fix.

        Wait.

        6 users thanked author for this post.
        • #248362 Reply

          anonymous

          Thanks…I take that to mean maybe it will.  Holding off.

    • #248423 Reply

      anonymous

      Question about the new Windows 10 update KB4100347 for Skylake Intel Microcode update.

      Is this something that should be hidden right from the start or is this a wait and see item. The last chipset updates, I hid, and have never installed?

      • #248467 Reply

        PKCano
        Da Boss

        The Intel microcode patches issued by MS have frequently caused problems. I would continue to hide them for the time being. There are no Meltdown/Spectre exploits in the wild that I know of.

        1 user thanked author for this post.
        • #248787 Reply

          anonymous

          Thanks..Will do.

    • #254836 Reply

      BobbyB
      AskWoody Lounger

      The Register has its usual Tongue in Cheek article on the latest patching debacle for Win7 and apparently Server 2008 R2: https://www.theregister.co.uk/2019/01/09/windows_7_network_broken/
      Reddit has a few choice Solutions in its usual style: https://www.reddit.com/r/sysadmin/comments/ae5njm/warning_for_windows_7_kb4480970_smbv2_shares/
      Looks like the best solution is to remove the errant patch, well we always have SMB1.0 to fall back on …..oh wait 😉 (Sarcasm)
      Definite quote of the Week from Krustyy on Reddit on patching strategy:
      I think I have my automated deployment rules set to something glorious.
      2nd Tuesday: do nothing. Spend a week looking for complaints like this.
      3rd Tuesday: download and deploy to test group.
      4th Tuesday: Deploy to all systems.
      Haven’t had an issue yet.

      Seems to Mirror, somewhat, what we have been doing round here for years 🙂

      4 users thanked author for this post.
      • #264354 Reply

        OscarCP
        AskWoody Plus

        I am a single user, not on anybodies’ LAN or the administrator of anything that I cannot see by looking around me. But this is precisely my own approach, except that my “test group” is just me.

        2 users thanked author for this post.
    • #256202 Reply

      WoollyMammoth
      AskWoody Lounger

      Why would anyone go there without the Patch Lady’s ok?   Part of my System Admin Procedures now (I even tell the wife)

      WM
      --
      Win7Pro SP1
      new Dec 2011
      rebuilt Jun 2016
      & still going nicely

    • #260367 Reply

      Demeter
      AskWoody Plus

      Win 7 Pro, SP1 x64, i7Core, Haswell, Group A. Patched through Dec. ’18 with the exception of KB4483187 and KB4471987 which I was hesitant to apply so didn’t. Update setting changed to “Never check” “the minute I see status change to DEFCON 2. Stand down fellow Win 7’ers.

    • #264892 Reply

      OscarCP
      AskWoody Plus

      Network shares can no longer be achieved via SMBv2 in certain environments.

      I do not understand a word of this, but am making the wild guess that it means that a home user like me, with neither a PC connected to a LAN, nor the administrator of a LAN, has nothing to worry about here? Whether I’m correct or not about this, and because I see no immediate need for it, am in no hurry to install patches for at least another three weeks; by then I’ll have seen enough to act accordingly. Also, being Group B, I do not install rollups (except for .NET ones).

      Group B, Windows 7 Pro, SP1, x64, I-7 quad “sandy bridge.”

    • #264911 Reply

      zero2dash
      AskWoody Lounger

      Luckily I caught this article today and was able to put a halt to my employer’s patching this coming weekend. I’ll never understand why they apply patches so quickly after release, but in any event, this article helped us avert ours (and our customers’) disaster, for the 7 and 2008 R2 boxes still out in the wild. We’re also holding off on 8.1 / 2012 / 2012 R2 patching as well. (Again, not sure why we don’t do this anyway, but – that’s above my pay grade.)

    • #264912 Reply

      warrenrumak
      AskWoody Plus

      It’s just M$ trying to force all Windows 7 users to upgrade to Windows 10. Go figure.

      Nah.  I mean, I get that it’s a fun conspiracy theory to bandy about, but Microsoft’s recent track record of sloppiness is affecting all supported versions of Windows.

      How does that adage from the Jargon File go?  “Never attribute to malice that which can be adequately explained by stupidity.”

    • #264922 Reply

      anonymous

      Two servers – 2008r2 on real hardware and 2008r2 on headless VirtualBox/Debian. After 44080970 – many errors 4625 “NULL SID”, “Invalid handle”

    • #287083 Reply

      anonymous

      KB4480970 is also breaking Network Level Authentication. As with SMB, if the user trying to RDP into the machine is local and is an admin, an error occurs “The Local Security Authority cannot be contacted.” This also generates Event 4625 c0000008 on the target computer. You can still RDP using the real “Administrator” account since UAC is not active for that one. The fix is to use the policy to disable LocalAccountTokenFilterPolicy, as per https://support.microsoft.com/en-ca/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows.

      • #292395 Reply

        mn–
        AskWoody Lounger

        Oookay… so that then disables the User Account Control for pretty much all remoting…? And what effects will this then have on security in general?

        I mean, sure we knew that UAC is far from perfect…

         

        Oh well. Guess we’ll need to just give everyone who needs admin access a separate admin account and not delegate rights to the primary account, just as was always thought to be the better way technically but too difficult for many end users… ?

        What this does is discourage all privilege separation especially in the Home versions of Windows, where it was officially Not A Problem(tm) that non-admins may not be able to log in.

    • #289675 Reply

      bsfinkel
      AskWoody Lounger

      Now you see the problems that arise when MS puts all of the patches into one.  If one assumes that one patch in 20 (for example) is going to have a problem or some sort (whether major or minor), and MS puts 20 patches into one mega-patch, then the probability that the mega-patch will have a problem approaches 100%.  I assume that there are no major security-related patches in this mega-patch.  If there were, then the user (or sysadmin) would have to decide whether to install the patch to get the security fix or non install it due to other problems.  I know about mega-patches from my previous work as an IBM mainframe system administrator involved with reviewing and installing patches.

      I would like to install multiple patches each month – each one to fix a specific problem.  Then I could ignore patches that have problems while still getting the benefits of the other patches.

       

      • #291544 Reply

        SteveTree
        AskWoody Lounger

        Its easier to diagnose and uninstall one rollup than 20 separate patches😒 It is also easier to read up on a single update in Master Patch List.

        Group A (but Telemetry disabled Tasks and Registry)
        Win 7 64 Pro desktop
        Win 10 32 Home portable

        • #297963 Reply

          bsfinkel
          AskWoody Lounger

          Yes, it is easier to uninstall one patch than to determine which one of a handful of patches is bad.  When you uninstall the mega-patch, you lose the benefits of all of the other patches, which MS has created to resolve problems.  And, I assume that even with my limited knowledge of the internals of Windows, I would be able to determine from the MS-supplied documentation which patch is causing the problem.  The only reason, as far as I can tell, that MS is bundling patches is because there are “spyware” patches that users were not installing, and MS wanted these patches installed.

          2 users thanked author for this post.
          • #298351 Reply

            PKCano
            Da Boss

            Definitely the case with KB2952664 incorporated into the Monthly Rollup.

            1 user thanked author for this post.
    • #292097 Reply

      anonymous

      Thanks, the reg fix works!  I have linux, win xp, win 10 and one win 7 pc.  SMB was broken on all but now works normal!

      Mrbeezer

    • #298858 Reply

      TheOwner
      AskWoody Lounger

      Dont know what you mean by file sharing or networking. On my Win 7  systems i share files trough Homegroup and a didnt notice any problem.

    • #308234 Reply

      anonymous

      As a result of this absolutely spectacular incompetence, we’re switching every single one of our clients’ computers from “update automatically” to “download and wait.”

       

      • #308327 Reply

        Geo
        AskWoody Plus

        I wouldn`t even check ‘Down load” and wait.  I would  check  the box ” Check for updates but let me choose whether to download and install them. “

        • #308330 Reply

          Microfix
          Da Boss

          Either that or better still, ‘never check for updates’ then
          chime in to AskWoody for heads up on the situation 😉

          ********** Peng/Wins x86/x64 **********

          - µfix

          1 user thanked author for this post.
        • #308376 Reply

          anonymous

          Anon, Geo, Microfix, I like these ideas but for a company or clients how about setting Win 7 to update on Monday night or very early tuesday morning (your time) BEFORE the MS updates are released? This would give a week before install.

          If updates could be told to update automatically the week before patch tuesday that would allow 3 weeks for it to settle.

          Your ideas??

      • #308334 Reply

        PKCano
        Da Boss

        “Never check for Updates” works even better. That makes it totally manual and when you want it.

        If you set it to “”Download and let me choose when to install” it will download, but the updates will be installed at the next shutdown/start or restart unless you take action to prevent it.

        4 users thanked author for this post.
    • #308419 Reply

      anonymous

      Had a customer bit by this, their Quickbooks broke after the machine hosting the Quickbooks master file applied KB4480970 and rebooted Tuesday. Spent several hours researching the issue and found the answer in this thread.

      Set all their machines to “Never Check for Updates” – at least those where Windows Update wasn’t already screwed up beyond repair.

      Thanks MS!

       

    • #308782 Reply

      bsfinkel
      AskWoody Lounger

      I have a simple question.  I have a single Windows 7 Professional 32-bit system.  It does not contact any other computer via Windows.  Is it safe to install the patches?  Are there any reported problems with the monthly .NET mega-patch?

      • #308783 Reply

        geekdom
        AskWoody Plus

        Wait to patch. MS-DECFON is at 2.

        Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
      • #308784 Reply

        PKCano
        Da Boss

        We are on DEFCON2 which means we recommend waiting to patch until the DEFCON number is 3 or greater. We are reporting the problems as we hear about them, which doesn’t mean the list of issues we currently know about is complete. As far as I know, following the DEFCOM system has not put anyone’s PC in jeopardy. It has saved a lot of anguish in the past.

        However, no one is obligated to follow the DEFCON system.

      • #308813 Reply

        RetiredGeek
        AskWoody MVP

        If you computer is a standalone that doesn’t interact with the internet or other computers in a local net and is working properly why patch at all?

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

        1 user thanked author for this post.
        • #308827 Reply

          bsfinkel
          AskWoody Lounger

          I never said that my machine did not connect to the Internet.  If that were the case, how could I patch it? What I meant is that the machine is not on a LAN and is not part of a Windows Work Group.

    • #308844 Reply

      anonymous

      I am a secretary, not an IT pro at all!! There are 2 computers networked and because of the most recent MS update on the main admin computer, I can’t get into the QuickBooks software that runs the business. I’ve already tried to back out the update on the main terminal, it didn’t work. I’ve also tried going back a day, but the update wouldn’t allow it! I’m going out of my mind with the IT jargon here but trying to muddle through. If there is anyone out there who can help, I need the help!! 🙂

      • #308925 Reply

        anonymous

        You could try using  the standalone installer to remove the updates.

        Type ‘cmd’ in the search box

        Right-click on it and choose run as administrator.

        Enter the following

        wusa /uninstall /kb:4480970 /quiet /norestart

        After that completes enter

        wusa /uninstall /kb:4480960/quiet /norestart

        After that runs, restart the computer.

        1 user thanked author for this post.
    • #309133 Reply

      anonymous

      The KB articles for both of the offensive patches have been updated with information on known issues along with purported fixes.

       

      Look at the known issues section.

      The issue with loss of the NIC in devices is only a workaround to fix.

      The issue with Win 7 KMS activation looks to be fixed at the MS backend, with a link to an article about affected systems.

      The issue with loss of share (and I think RDP) access to systems is fixed by a new patch.
      https://support.microsoft.com/en-us/help/4487345

      That last issue also says, “This does not affect domain accounts in the local “Administrators” group. ”

      And then there is a tidbit about known issue concerning the Jet database which I had not seen mention of before now.

      Regards,

       

      Jim

      • #310605 Reply

        bsfinkel
        AskWoody Lounger

        I did a “search for updates”, and I do not see any new updates.  I would have expected MS to take these new, fixing patches and release them through Windows Update.  But maybe MS will not release them until the fixes are re-packaged into the existing two mega-patches.

    • #309171 Reply

      Steve
      AskWoody Plus

      I never said that my machine did not connect to the Internet. If that were the case, how could I patch it? What I meant is that the machine is not on a LAN and is not part of a Windows Work Group.

      You can patch by downloading the new patches from the Microsoft Update Catalog onto a USB Flash drive, sticking it into one of the USB ports on the non-connected computer(s), and executing it thereupon.
      Lucidly, you have a connection to the World-Wide Web. So this is possible. It refutes your prime question.  At my abode, the Windows 7 Pro, x64 computer can only connect to the W-WW via v.92. So when Woody signals here it is OK to install patches, noticing the sizes of the patches being offered, this is the sensible way to do it. (I am not spending three hours out of a four-hour v.92 session downloading Windows patches. X-[)

      Important links you can use, without all the fluff or sales pitch = https://v.gd/sdr28
    • #310410 Reply

      gromit01904
      AskWoody Lounger

      I’ll wait for the Computerworld article, but the tinfoil-hat guy in my brain says this is just the beginning of a MS plot to irritate Windows 7 users monthly. Why? To upgrade to Win 10 whatever, of course! “See? Windows 7 is old & starting to break down. Don’t stay unprotected in 2020, upgrade to Windows 10 ASAP. It’s better now!” “No, we’ll still be rolling out new versions twice a year (more or less).” “Well, the monthly patches shouldn’t break every month. But if they do, we’ll fix them. Just like we have all along. We promise Windows 10 will be better. Upgrade Now… pleeease?

      Dagnabbit!  My tinfoil hat is telling me the same thing!  Amazing…..

      "The exercise of curiosity requires a risk, a sacrifice--a commitment."
      Malcolm Gladwell

    • #312332 Reply

      bsfinkel
      AskWoody Lounger

      There are two things with my computer that I do not understand.  I have not installed KB4481480 nor KB4480970 (per the recommendations of this forum).  But when I backed up my machine last Monday, I noticed that “manifest” files for these two mega-patches w2ere on my C-drive and backed up.  The c:\Windows\WindowsUpdate.log states that these two patches are “downloaded and ready for installation”.  Why does Windows Update pre-process these patches before I install them?

      Yesterday my machine was running slowly; it had been 22 days since the last reboot.  I did a reboot, and when Windows 7 was operational, I noticed changes in the fonts used in the various application windows.  I have not researched what changed, and I have no idea what I could have installed or changed that would cause this.

      And, additionally, as I did a “search for updates” to ensure that I had not yet installed the two mega-patches, I saw a new patch – “KB4481488 2019-01 Preview of Quality Rollup for .NET …”  One of the mega-patches  is a 2019-01 .NET patch.  Is this new patch really a 2019-02 (i.e., February) preview?  Why issue a preview patch for next month when there are problems with the January .NET patch?

      • #312356 Reply

        PKCano
        Da Boss

        What is your Windows update setting? If it is set to “Download Updates but let me decide when to install them,” Windows will download the patches and install them on the next reboot if you do not take steps to prevent it. We recommend setting Windows to “Never check for updates.” That way, you do the checking manually when you want to do so.

        The “Preview” patches are UNCHECKED OPTIONALS. They are usually issued the week after Patch Tuesday (or later). We do not recommend installing unchecked patches.

        • #312364 Reply

          bsfinkel
          AskWoody Lounger

          “Download updates but let me choose whether to install them”.  I run MSE, and I want the MSE updates installed.  But, since MSE definition updates are auto-installed, I assume that these MSE patches are not controlled by this setting.

          I know about preview patches.  I was questioning the designation “2019-01 Preview”, which refers to January.  But if this is the February preview for .NET, does it contain fixes for the problems introduced in the January .NET mega-patch?  If not, will this new patch be updated to do this before the February .NET mega-patch is released?

           

          • #312375 Reply

            PKCano
            Da Boss

            The “Preview” issued in the third week o the month is the “Preview” for that month, not the preview for the coming month, because it is titled by the month in which it is issued.

    • #314732 Reply

      bsfinkel
      AskWoody Lounger

      I have basic questions about Windows Update.  If we are still at MS-DEFCON 2 on Feb. 12, meaning that the January mega-patches have not been installed, will the January patches be included in the February patches? If so, will there fixes for the January problems in the February mega-patches?

      Are the monthly mega-patches cumulative?  If so, would this make the patches huge?  And will Windows Update re-install the pieces that have already been installed?

      1 user thanked author for this post.
      • #314742 Reply

        PKCano
        Da Boss

        The Patch Tuesday updates for all versions of Windows are Cumulative. That means January updates contain December’s patches, and November’s patches, and October’s patches…..

        The February updates for Windows will be Cumulative. For Win7/8.1 the cumulative updates are large. They have been large for a long time.

        Although we are at DEFCON2 for January patches, The December patches and everything before that do not fall under the January DEFCON rating. Once the previous patches have DEFCON approval (December and all before) they retain their rating. So even when we are at DEFCON2 for the January patches, all the earlier updates are not under DEFCON2 and are available to install given the caveats for each of them individually.

        1 user thanked author for this post.
        • #314954 Reply

          mn–
          AskWoody Lounger

          For Win7/8.1 the cumulative updates are large. They have been large for a long time.  

          Actually I wouldn’t say that, because in comparison… given how the Windows 10 cumulatives tend to grow pretty quickly after main release…

          W10 1607 / Server 2016 cumulatives are up to ~1.4 GB by now. 1803 has almost caught up to 1709 too, both in the 800-900 MB range, while 1809’s is still just 122 MB…

          KB4480970 for Windows 7 is a mere 240 MB and KB4480963 for 8.1 is ~365 MB. (All sizes for x64)

           

          So yeah, it’s all relative. And yes, going with the delta packages for W10 makes a lot of sense… if you can maintain the sequence, like before rollups.

          • #315297 Reply

            anonymous

            Comparing one version or Windows to another, one roll-up may be larger than another but that doesn’t make any of them small. The inclusion of unchanged previously installed patches makes all roll-ups unnecessarily bloated.

             

    • #315872 Reply

      anonymous

      Anyone test KB4487345 yet? If all it does is disable LocalAccountTokenFilterPolicy then we are no better, the filter policy is a security measure, disabling it is unsatisfactory…

    • #325043 Reply

      anonymous

      I have tested it and got nothing. After installing it ask for restart and I was hoping that that it will bring me out from this nightmare but I am there.

    • #330193 Reply

      anonymous

      Well, I was going to test KB4487345, but did not need to. I had assumed the FEB patches would have the same networking issues as the JAN ones, but nope, FEB patches have been applied and no RDP/SHARE issues. I also checked the registry for LocalAccountTokenFilterPolicy and it’s not there. So why bother with JAN, the FEB are cumulative and do not have the issues 🙂

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: January patches for Win7, KB 4480970 and KB 4480960, break networking

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.