Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • July 2017 Patch Tuesday rolls out with another load of updates

    Home Forums AskWoody blog July 2017 Patch Tuesday rolls out with another load of updates

    This topic contains 100 replies, has 30 voices, and was last updated by  fred 7 hours, 1 minute ago.

    • Author
      Posts
    • #124368 Reply

      PKCano
      AskWoody MVP

      On July 11, Microsoft has once again rolled out a deluge of patches for Windows and other Microsoft products. Martin Brinkmann at ghacks.net provides
      [See the full post at: July 2017 Patch Tuesday rolls out with another load of updates]

      2 users thanked author for this post.
    • #124381 Reply

      Microfix
      AskWoody Lounger

      ‘Windows 8.1: 24 vulnerabilities of which 2 are rated critical, 21 important, and 1 moderate’

      ‘Internet Explorer 11: 7 vulnerabilities, 5 critical, 2  important’

      Given the risk factor of NOT updating in Group B, I have taken the plunge to install both relevant patches and as yet see no adverse effects on my W8.1 Pro x64 after a couple of hours in use. (also the Adobe Flash patch for W8.1)

      PS: I do have an offline system image just in case for this system.

      Windows 7 is offline (internet connection) and will wait until MS-DEFCON level is at 3

      | Group B: W8.1 Pro x64 | | Group C: 3 x Linux Hybrids x64 | | Group ?: Windows XP Pro x86 |
        No problem can be solved from the same level of consciousness that created IT - AE
      • #124587 Reply

        ryegrass
        AskWoody Lounger

        I installed KB4025337 security only update for my Windows 7 x 64 computers yesterday and have had no issues so far.

        1 user thanked author for this post.
    • #124382 Reply

      Seff
      AskWoody Lounger

      Did I read that correctly? Windows 10 has more vulnerabilities than either of its less secure predecessors? Hmm.

      Thanks for the info, as always.

      • This reply was modified 2 weeks, 2 days ago by  Seff.
      2 users thanked author for this post.
      • #124388 Reply

        Microfix
        AskWoody Lounger

        Well noticed, W10 and Edge seems to have more vulnerabilities than the ageing W7 and IE11, I find this odd considering that W10 is the flagship OS.

        | Group B: W8.1 Pro x64 | | Group C: 3 x Linux Hybrids x64 | | Group ?: Windows XP Pro x86 |
          No problem can be solved from the same level of consciousness that created IT - AE
        2 users thanked author for this post.
        • #124391 Reply

          anonymous

          Well, Edge is just a fork from the IE code base and claims that Edge is a brand new browser written from scratch, is pure nonsense.

        • #124415 Reply

          Sessh
          AskWoody Lounger

          Windows 7 can be made more secure than Windows 10 if one has EMET installed on their Win7 box. Of course, EMET is on the geeky/nerdy side and not for the novice, but I’ve recently started fooling around with it which is always fun with new software.

          The only way to make Windows 10 more secure than Win7 + EMET is if EMET is also installed on Windows 10 since Windows 10 does not provide all the key features of EMET by itself. Anyway, just thought that to be interesting.

          2 users thanked author for this post.
          • #124499 Reply

            Erik
            AskWoody Lounger

            Sessah, I haven’t heard of EMET before but am interested. I am not a novice but somewhat of a self taught intermediate. I found the download link from microsoft for EMET: https://www.microsoft.com/en-us/download/details.aspx?id=50766

            Is all you have to do is download it? You make it sound like a novice can’t handle it, if that’s all you have to do. Let me know as I would like to have it on my computers.

            It also says that microsoft will stop supporting it on July 31st, 2018. https://mspoweruser.com/microsoft-extends-emet-end-life-date-18-months/ After that date I wonder if it is still ok to keep installed?

            One interesting thing is that in your article it shows that the only difference between W7 and W10 (both with EMET is the fonts are more secure in W10. It seems that was only due to an update in v5.5 and only addressed W10 (I suppose they could have made it for W7 if they wanted but did not do it).

            3 users thanked author for this post.
            • #124520 Reply

              Sessh
              AskWoody Lounger

              I say it’s not for the novice because there are quite a few geeky settings involved and EMET can cause problems (program crashes etc..) if you configure things improperly. I chose to completely go the manual route with configuration as the recommended program configuration consists mostly of programs I don’t even have on my PC and never will, so I decided to go at it manually. I too am self taught, but I consider myself to be somewhere in between “intermediate” and “geeky” with the capacity to be more geeky.

              You download it and install it; it’s very user friendly, but it’s the settings that are where the potentially confusing and overwhelming geeky stuff comes into play.  This page is a great start if interested.

              As for EOL, I am not nearly as paranoid and scared of such things as many other people seem to be. Just because something hits EOL doesn’t mean it instantly becomes insecure and unsafe to use. EMET may not be updated again until it’s EOL date and I imagine it will be a very effective security tool for years after for legacy users. As has been said around here before, the biggest risk to your PC is you and your actions. I used WinXP for nearly three years after EOL with zero problems. It all depends on the user. EMET seems like a very solid program and will not be useless any time soon. So, for me personally, I don’t worry too much about FUD surrounding EOL of software. That’s just me, though. 🙂

              Windows 10 has some elements of EMET built in, but many features are not included which is why manually installing EMET on Windows 10 is the only way to get the full benefits. That may change, but with how often W10 gets major changes to it, I imagine it will be a constant revolving door of security holes with new ones being created as fast as they are closed. I’d be running it if I had Windows 10, that’s for sure. Still, it’s impressive that Windows 7 can still be a top of the line secure OS despite it’s age and I imagine that can be the case for quite awhile longer.

              2 users thanked author for this post.
          • #124501 Reply

            anonymous

            Isn’t EMET gonna be retired next year? I find it to be a shame, it’s a good piece of security software.

          • #124504 Reply

            PKCano
            AskWoody MVP

            EMET support will end next year.
            Somewhere I read (don’t remember where) that MS is going to integrate EMET into Win10.

          • #124536 Reply

            GoneToPlaid
            AskWoody Lounger

            Note that the following optional and recommended Windows 7 updates break some features in EMET. You will want uninstall these three optional or recommended updates before installing EMET on Windows 7 computers. Uninstall in the following order:

            KB3185278, Optional, September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, Breaks EMET if you also have security update KB3175024 installed

            KB3172605, Recommended, July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, Breaks Intel bluetooth drivers, was re-released again on 2016/09/13

            KB3161608, Optional, July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, Plethora of issues, breaks EMET. Superceded by KB3172605

            1 user thanked author for this post.
      • #124389 Reply

        satrow
        AskWoody MVP

        Windows 10 has more vulnerabilities than either of its less secure predecessors?

        A lot more when you add in Edge.

        1 user thanked author for this post.
    • #124385 Reply

      Kobold Curry Chef
      AskWoody Lounger

      In my WSUS environment, today’s Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4025252) seems to have detection problems. On the WSUS status report for that update, it shows as “installed” for all systems that should get it. This is true on both of my WSUS servers, which are not replicas of each other.

      Naturally, my systems do not have this update installed.

      The 32-bit version of this update does not have this detection problem.

      Anyone else seeing this?

      1 user thanked author for this post.
      • #124392 Reply

        Kobold Curry Chef
        AskWoody Lounger

        Additionally, Security Update for Microsoft Office 2010 (KB3203468) 32-Bit Edition incorrectly shows as “installed.”

        The other patches that would apply to my Win7 test systems are detecting correctly, though.

      • #124397 Reply

        anonymous

        I noticed this too. I approved the ie cumulative update along with the security monthly quality rollup on a couple of test machines (win 7 x64). After the monthly quality rollup was installed, the machines then detected the ie update. But, after you “install” the ie update they then re-detect that they still need it. As it turns out, the ie updates are included in the security monthly quality rollup, which seems to be a change from previous months. Why the detection errors are there, I can’t explain.

        • #124399 Reply

          PKCano
          AskWoody MVP

          The “Security Monthly Quality Rollup” is composed of three parts: security updates, non-security updates, and the IE11 cumulative update. If you install it, you do not need to install the standalone IE11 Cumulative Update.

          If you install the “Security Only Quality Update,” it contains only security patches. Then you also need the IE11 Cumulative Update as well.

          5 users thanked author for this post.
          • #124400 Reply

            Kobold Curry Chef
            AskWoody Lounger

            In our case, we’re using the “Security Only” versions of the Win7 cumulative updates.

            • #124401 Reply

              PKCano
              AskWoody MVP

              The Security Only Quality Update is NOT cumulative.
              The IE11 patch is cumulative and the Security Monthly Quality Rollup is cumulative.

              2 users thanked author for this post.
            • #124402 Reply

              Kobold Curry Chef
              AskWoody Lounger

              Got it.

              Just to be clear, we are using the security-only ones. The detection failure is happening before any of today’s updates are installed. It’s not a case of me installing the KB4025341 monthly rollup by mistake and then wondering why IE11’s update isn’t needed.

              (I don’t think you were saying that, but I wanted to be clear about what I was seeing.)

      • #124622 Reply

        anonymous

        A synch today on my WSUS at approximately 1:00 PM PDT had an updated KB4025252.  This has fixed the detection problem for this patch on WSUS at least.

        A check with the Win Update client back to MS did not show the new revision.  But that might be due to caching on Akamai servers?

        -JD

        1 user thanked author for this post.
    • #124393 Reply

      anonymous

      Interestingly, Microsoft states ‘If you have not installed the latest version of Comodo Internet Security Suite, you will not have this Windows Update offered to your device automatically.’ So, Windows 10 CU 1703 users  have to ditch Windows Defender and install CISS to get the update? Of course, not, but yeah, it’s Microsoft… Third-class management, third-class software…

      1 user thanked author for this post.
      • #124425 Reply

        anonymous

        The Comodo update requirement only applies if you already have Comodo security software installed.

        If you have no Comodo software installed, the MS update will be offered per usual.

        1 user thanked author for this post.
    • #124404 Reply

      PKCano
      AskWoody MVP

      AKB2000003 has been updated 7/11/2017 – Group B Security Only patches and IE11 Cumulative Update

      8 users thanked author for this post.
    • #124405 Reply

      Cybertooth
      AskWoody Lounger

      Well noticed, W10 and Edge seems to have more vulnerabilities than the ageing W7 and IE11, I find this odd considering that W10 is the flagship OS.

      What, don’t you believe Microsoft’s line that 10 is the MOST SECURE version of Windows in history?!?

      Hahahaha…. (just kidding, of course)

       

      1 user thanked author for this post.
    • #124408 Reply

      anonymous

      So where do I read the details of the vulnerabilities? I’m not seeing any details but the summary and then it leads in circles.

      • #124411 Reply

        PKCano
        AskWoody MVP

        On the main blog page – hit the “Home” button at the top
        There are two links, one in the first line, and one in the second line. The first takes you to the Microsoft Security Update Guide, the second links to the ghacks website.

        • This reply was modified 2 weeks, 2 days ago by  PKCano.
    • #124417 Reply

      fred
      AskWoody Lounger

      Interestingly, Microsoft states ‘If you have not installed the latest version of Comodo Internet Security Suite, you will not have this Windows Update offered to your device automatically.’ So, Windows 10 CU 1703 users have to ditch Windows Defender and install CISS to get the update? Of course, not, but yeah, it’s Microsoft… Third-class management, third-class software…

      😀

    • #124424 Reply

      abbodi86
      AskWoody MVP

      I hope they start incorporating old fixes into Win 7/8.1 preview rollups this month, they already 5 month behind the announced schedule :@

      • #124430 Reply

        mindwarp
        AskWoody Lounger

        Considering all of the problems with patches lately, postponing adding more stuff into the 7/8.1 updates is probably a good idea.  Something that just hit me – I wonder if the way the cumulative updates are made nowadays is connected to what seems like more widespread new bugs from patches.  The old service packs were based on a similar concept, but I don’t recall post SP issues a la what happens now, so that makes me wonder if they’re being built the same way or not.

        • #124905 Reply

          ky41083
          AskWoody Lounger

          According to MS, one major reason for switching to the cumulative update model for all supported OS’s, was to reduce issues caused by updates. They have and still do claim, it reduces issues by making sure (forcing) a collection of updates to all be installed at the same time, rather than allowing users to cherry pick updates, and end up with update combinations that simply weren’t tested.

          If what we are currently seeing actually is the “reduced issue” version, I can only cringe at what would be the “full issue set” version…

    • #124427 Reply

      anonymous

      Two observations: first, I tried to download the security only update from the Update catalog using IE and failed, receiving error code 8DDD0020. The update page would flash on, and then the error page would show. Switching to Firefox, I had no problem. This was just with the Windows update. The IE 11 update worked smoothly.

      Second: 2 months ago I assembled a new machine, upgrading to a corei3 Skylake and Asrock mobo. I then Win 7 Home on it, using my old install disk (SP1) and updating with those updates recommended here for group b. In June I found my system automatically updated, and I am unable to make WU never check or check but let me decide. It tells me this is enforced through group policy. HUH?? This is Win7 home, what group policy. As this is not my main computer, I just disabled WU in services. I tried to find a group policy setting, but hate to mess with the registry. I don’t know enough.

      I just wanted to share this with you. I don’t see it as a major headache. I don’t browse with this, update with stand alone installers I move over via my home network, and it’s behind 2 firewalls (router and Windows own).

      1 user thanked author for this post.
      • #124442 Reply

        anonymous

        Thnx. Here too, postpone or stop windows-update from running automatically is gone! At least it doesn’t work anymore as it used to. Why? Are there new ways to stop this auto-update?

      • #124475 Reply

        Microfix
        AskWoody Lounger

        I’ve been using This on W7 Pro x64 (SP1+) for ages.

        There is a setting within the program to alter WU services, may be worth a try in your case. The beauty of this program is, that you have a choice to install it or use it as a portable program.

        | Group B: W8.1 Pro x64 | | Group C: 3 x Linux Hybrids x64 | | Group ?: Windows XP Pro x86 |
          No problem can be solved from the same level of consciousness that created IT - AE
        2 users thanked author for this post.
        • #124632 Reply

          MikeFromMarkham
          AskWoody Lounger

          Winaero Tweaker is indeed a very useful and powerful program. I’ve been using it recently on my HP Stream 7/Windows 10 Home tablet to find out just how much I can regain control of the OS. So far I’ve disabled Cortana, the lock screen, automatic updates of  pre-installed Store apps and a few other things. Also cleaned up context menus, reinstalled classic Windows 7 games, and a bunch of other stuff just to see if I could.  But I also accidentally changed a Boot option today that borked my tablet and rendered it unable to start. Fortunately I don’t use this tablet for anything but testing, so I just need to reset it and reinstall the handful of programs I’m trying out and I’ll be back in business again soon. Just have to remember not to go near boot options again until I have time to make a full backup just in case! The joys of computing never end…

          2 users thanked author for this post.
          • #124659 Reply

            BobbyB
            AskWoody Lounger

            Just to add to what @mikefrommarkham & @microfix said, Winaero Tweaker is an awsome well put together bit of software and regularly updated, I have never had any problems with it, the web page is full of awsome tips as is the regular nightly mail, with inside gossip and stuff you either never knew or forgotten tips and tricks. All gloriously free of advertising, he also does a range of classic Windows Games and retro appearence Windoze stuff, should the aesthetics of Win10 not be your “cup of Tea.”

            1 user thanked author for this post.
      • #124477 Reply

        BobbyB
        AskWoody Lounger

        @anonymous yeah happens here as well roughly about every 6 months check out this web page
        https://social.technet.microsoft.com/Forums/ie/en-US/bc52a083-27e6-4184-9f58-9f5e0c0e6714/my-windows-update-is-controlled-by-system-administrator-in-windows-7-help?forum=w7itprosecurity
        If your cool with editing the registry, as usual backup, copy reg, have a recovery strategy.
        Ohh and just check the symptoms are the same as you describe, sounds similar but hey.
        OBTW it suggests GPOL I have access to mine on Win7Prox86 but you dont on Win7Home, but if you did its never been set in the GPOL as M$ and a few others suggest. Hope this helps 🙂

      • #124528 Reply

        PKCano
        AskWoody MVP

        In June I found my system automatically updated, and I am unable to make WU never check or check but let me decide. It tells me this is enforced through group policy.

        See reply #124487 for instructions “how to get the settings back”

        1 user thanked author for this post.
      • #124798 Reply

        anonymous

        anonymous wrote on July 11, 2017 at 10:44 pm:
        “In June I found my system automatically updated, and I am unable to make WU never check or check but let me decide. It tells me this is enforced through group policy. HUH?? This is Win7 home, what group policy.”

        That sounds worrying … To have mandatory Windows Updates enforced in Win 7 Home Premium via some user-inaccessible Group Policy setting that was mysteriously changed/ activated at the backend.

        Coincidentally, just before I came here, I was reading about another user (deanwoman) who reported at the official MS forum that the sneaky KB2952664 was repeatedly downloaded & installed w/o permission at end June 2017 — even though her up-front settings are locked at not to download or install any Windows Updates.

        Something seems to have happened in June 2017 that caused users’ machines to quietly auto-download & install Windows updates, regardless of users’ settings. The situation might possibly be more widespread than it seems. My guess is that most users who previously locked down their machines against unwanted MS intrusions (& hence beguiled into a false sense of security) did not really notice the recent violations.

        Is it possible for MS to sneak in unwanted changes via security KB patches, or even via some backdoor means ? I understand that some MS IP addresses are hard-coded into the OS design & impossible to block.

    • #124447 Reply

      fred
      AskWoody Lounger

      Thnx. Here too, postpone or stop windows-update from running automatically is gone! At least it doesn’t work anymore as it used to. Why? Are there new ways to stop this auto-update?

      Looking for new ways to postpone /and-or/ switchoff auto-update again.

      • #124487 Reply

        PKCano
        AskWoody MVP

        This is how to get the Windows Update pulldown menu settings back:

        1) Hold WindowsKey + R
        (is hold Start press R on your keyboard)
        or use Start\Run
        2) Type: “regedit”
        Hit Enter

        3) Go to:
        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

        Find AUOptions.
        Double Click AUOptions or Right Click Modify

        You can change the values data from 1 through 5

        1. Install updates automatically
        2. Check for updates but let me choose wether to download and install them
        3. Download updates but let me choose wether to install them
        4. Install updates automatically / Never Check For Updates
        5. Enable the option box to choose manually

        #4 is the choice you want

        Edit: See correction in choice #1

        • This reply was modified 2 weeks, 1 day ago by  PKCano.
        3 users thanked author for this post.
        • #124628 Reply

          anonymous

          Anonymous Ed here: Thank you for the info. I don’t mind editing the registry if I am certain I know what I’m doing. this means following a trusted instruction. 🙂

        • #124862 Reply

          anonymous

          PKCanto wrote on July 12, 2017 at 5:04 am:
          Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
          Find AUOptions.

          For Windows 64-bit, perhaps the below associated key may need be checked & manually set as well — in case it isn’t automatically created & populated with the same DWORD value ?

          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU
          → AUOptions = 4

          • #124868 Reply

            PKCano
            AskWoody MVP

            Correct. If it’s not there, create it

    • #124450 Reply

      anonymous

      Surprisingly on my WSUS the 2016 KB4022715 is not marked as superseded through the new KB4025339. But I assume the new one replaces the old one? I am confused.

    • #124457 Reply

      anonymous

      Unbelievable.

      Remember KB3203467 for Outlook? (https://support.microsoft.com/en-us/help/3203467/descriptionofthesecurityupdateforoutlook2010june13,2017).

      That caused multiple problems. So a fix was issued, KB3015545 (https://support.microsoft.com/en-us/help/3015545/june-27-2017-update-for-outlook-2010-kb3015545). That multiplied the problems (https://www.reddit.com/r/sysadmin/comments/6k09bj/outlook_2010_update_kb3015545_causing_crash_when/).

      On July 5th, a manually downloadable patch was issued: kb4011042 (https://support.microsoft.com/en-us/help/4011042/july-5-2017-update-for-outlook-2010-kb4011042) .  Now that patch has been pulled as well: Update 4011042 for Microsoft Outlook 2010 that was released on July 5, 2017, is not currently available. This article will be updated as soon as the update is available again.

      I still have not installed KB3203467, because the last time I looked, it showed up as unchecked. But I’d like to, soon, it being a security update. Or does anyone know if it is addressed in this round of updates?

      ~Annemarie

      4 users thanked author for this post.
    • #124495 Reply

      jescott418
      AskWoody Lounger

      Was so happy to be greeted with a screen prompt that Windows had updates that needed to be installed with a re boot. Oh joy I thought, another pull of the Windows bandit machine to see if I am lucky or not so lucky with these updates. I agree with Paul Thurrott, I thought Microsoft claimed Windows 10 would have much less reboots with updates?? I cannot remember a month where I did not reboot at least once for a update. In fact I think I reboot Windows 10 more now than ever.

      • This reply was modified 2 weeks, 2 days ago by  jescott418.
    • #124505 Reply

      Erik
      AskWoody Lounger

      UPDATE:Security patches for Microsoft Office are now available. Considering last month’s fiasco, it’s probably an excellent idea to let the lemmings (er…Guinea Pigs) jump off the cliff first. Unless you desperately need patches to fix patches to fix patches….
      Office 2007 (5)

      Does anyone know if this fixed the outlook 2007 issue with last month’s patch?

      1 user thanked author for this post.
    • #124506 Reply

      MrBrian
      AskWoody MVP

      According to Microsoft, there are no known exploits targeting the vulnerabilities fixed by this month’s updates; source: The July 2017 Security Update Review.

      Another SMB vulnerability was fixed this month; source: Microsoft Patch Tuesday – July 2017.

      1 user thanked author for this post.
    • #124510 Reply

      MrBrian
      AskWoody MVP
      • #124886 Reply

        ch100
        AskWoody MVP

        Windows 10 and 2016 only, to clarify for those who may be looking for the versions released for the older operating systems.
        For Windows 10 and 2016 the .NET Framework rollup is packed together in a larger rollup with the Windows specific fixes, so there is only one big rollup instead of two.
        It is all explained at the top of the article from @mrbrian‘s post.

        1 user thanked author for this post.
    • #124515 Reply

      MrBrian
      AskWoody MVP

      The July 2017 Windows 7 security-only update probably fixes Outlook Issue #5 because it includes a very recent version of SearchIndexer.exe.

      • This reply was modified 2 weeks, 2 days ago by  MrBrian.
      • This reply was modified 2 weeks, 2 days ago by  MrBrian.
      3 users thanked author for this post.
    • #124533 Reply

      anonymous

      Like Annemarie (anonymous) wrote in her blog post, I, too , have not installed KB3203467, since it is unchecked and multiple issues have been reported with the update.  This morning, my computer ran Windows Update and picked up the July 2017 updates.  Interestingly, KB3203467 is still shown unchecked and the new July update, KB3203468, is not shown.  Have others experienced this as well?

      • #124538 Reply

        Kobold Curry Chef
        AskWoody Lounger

        On my test machines, KB3203467 is installed. KB3203468 is not showing as available via WSUS. (In fact, WSUS says KB3203468 is already installed, which is not true.)

        When I downloaded the KB3203468 (32-bit) update from Microsoft’s site, and tried to install it manually, it said it wasn’t applicable. Not sure why yet.

      • #125174 Reply

        anonymous

        I ran the updates this weekend: got all the regular July-patches for Win7 32bit Home, but KB3203467 still unchecked and, like July 12, 2017 at 11:47, the new July update, KB3203468 was NOT offered. Only got the other 2 Office2010-security-updates.

        ~Annemarie

        EDIT to remove html

    • #124535 Reply

      itmaster68
      AskWoody Lounger

      Looks like the Office attachment bug fix:
      https://support.microsoft.com/en-us/help/4011042/july-5-2017-update-for-outlook-2010-kb4011042
      has been pulled.. it has been pulled twice now.. This patch was not even in the catalog or WSUS or Microsoft updates..
      I really need them to fix this and give me a way to deploy

      • This reply was modified 2 weeks, 1 day ago by  itmaster68.
      1 user thanked author for this post.
    • #124540 Reply

      Ian Gerald
      AskWoody Lounger

      No issues with the July update which was done on both my Lenovo and HP laptops, Both are sporting Windows version 1511.

      IGS

    • #124551 Reply

      anonymous

      Will the July (or future equivalent) .NET Framework rollup get a Windows 7 SP1 or Windows 8.1 version in the near future?

    • #124557 Reply

      anonymous

      DEFCON 2 – in case you all missed it.

      Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

      Volunteer Piñatas: remember, your tush is swinging in the wind.

      1 user thanked author for this post.
    • #124558 Reply

      anonymous

      > Windows 10 version 1703: 27vulnerabilities of which 2 are rated critical, 23 important and 1 moderate Note: Windows 10 version 1507 will no longer receive security updates.

      What about 1511?

      Also: do the security patches to Win10, IE11 and Netframe include any upgrades to higher versions (1703) or return components that were killed with scripts (Edge, Cortana, etc)?

      • #124570 Reply

        PKCano
        AskWoody MVP

        Information for Win10 patches and the associated version\Build  numbers are listed in the Windows 10 Update History. Click on your version on the left

        • #124662 Reply

          anonymous

          Thanx.
          What about my second question?

          • #124677 Reply

            BobbyB
            AskWoody Lounger

            Strangely just reading about this on a seperate issue. Possibly our learned MVP’s may be able to cast more light on the issue, such as mysterious changed registry settings, customisations reversed, deleted files restored, etc
            I’ll go out on a limb here and say theres never any really in depth detail over and above what M$ puts out on its page as to whats changed unnanounced. Its probably a good idea after installing one of those Cumm. updates just to have a quick look though your system and check.
            Its caught me once or twice as well alas 🙁

    • #124559 Reply

      anonymous
      • #124568 Reply

        PKCano
        AskWoody MVP

        For reference, KB4022725 is the June CU for Win10 1703

    • #124572 Reply

      anonymous

      Just found you today, Woody, searching for reliability of 2952664 update, and very glad to see your warning.  I remember you from Windows Secrets.  We beginner and intermediate users need lots of help!  🙂

      Thank you from Annie

      2 users thanked author for this post.
    • #124614 Reply

      samak
      AskWoody Lounger

      1. Download updates but let me choose wether to install them 2. Check for updates but let me choose wether to download and install them 3. Download updates but let me choose wether to install them 4. Install updates automatically / Never Check For Updates 5. Enable the option box to choose manually #4 is the choice you want

      So options 1 and 3 are the same? Also, can you explain option 4, the two parts seem contradictory to me?

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      • #124617 Reply

        PKCano
        AskWoody MVP

        #4 – the two ends of the pulldown – Automatic/Never

        1 user thanked author for this post.
        • #124633 Reply

          anonymous

          Anonymous Rd again. I thanked you upthread, still in moderation at this point. I went into registry, but see no setting marked as WU. I’m adding a screenshot. Is the setting available on a Win7 Home system?

          screenshot of registry editor

          • #124638 Reply

            PKCano
            AskWoody MVP

            3) Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

            If you have never edited the Registry before, you need to get help from someone who knows what they are doing. You can seriously mess up the computer. This is the Registry location you need. Read the rest of the instructions carefully. Do not do this if you do not understand the instructions.

    • #124654 Reply

      NetDef
      AskWoody Lounger

      Looks like Outlook 2010 search works again after these patches.  We’re deploying that fix tonight . . . the rest I am holding off until next week.

      • #124658 Reply

        itmaster68
        AskWoody Lounger

        The outlook patches did not fix the search problem, the OS roll up fixed search isue

        1 user thanked author for this post.
    • #124682 Reply

      anonymous

      Thank you again, PKCano. I am aware I can do serious damage if I improperly edit the registry. No, I have not done anything at this point in terms of the current discussion. I did go to HKLM, then software, which I opened; then down the tree to Policies, then opened the branch and went to Microsoft, then to Windows. I see no entry Windows Update. I’m not going to mess with anything. I think I’m where you are pointing to. I am curious why I don’t see what it is you reference.
      I’ll try the screenshot again. Maybe I’ll get it right this time. 🙂
      Thanks again. Ed

      screenshot of reg edit

      • #124685 Reply

        Kirsty
        AskWoody MVP

        When using Dropbox as your https image source, you need to change the suffix to make it show (now done, to make sure yours worked). Check out this topic for further details.

        • #124690 Reply

          anonymous

          Ah! Thank you very much! 🙂
          Ed

    • #124752 Reply

      anonymous

      Let me repeat my question: Do the security patches to Win10, IE11 and Netframe, if applied to 1511 (1) upgrade to higher versions (1703) or (2) return components that were killed with scripts (Edge, Cortana, etc)?

      • #124921 Reply

        woody
        Da Boss

        (1) The Win10 1511 rollup should NOT change the version of Windows. I’ve never heard of that happening.

        (2) Some of the monthly rollups DO switch default settings, bring back deleted Windows apps, and the like. MS has been trying hard to correct that behavior, and they’ve largely succeeded, but I still see occasional reports of problems.

    • #124919 Reply

      Jan K.
      AskWoody Lounger

      Visited a friend yesterday, who up until now has been a very happy and worryfree Win10 user… since latest update not so any more, as he’s now getting blue screen with a code, he’s identified as driver for wireless router.

      I didn’t “examine” his setup, as I’m at a loss here. If he uninstall the updates (and which one btw.?), wouldn’t it just be re-installed by his auto-all system?

      I could only give a lame idea of searching manufacturer’s site for latest driver and install that through his system management section… driver may be rejected as being “older”? and since everything is on forced auto, wouldn’t it just be replaced anyway?

      Any advice for him?

      • #124920 Reply

        PKCano
        AskWoody MVP

        See this thread
        https://www.askwoody.com/2017/july-11-security-only-patch-kb4025337-causes-bsod/
        I wonder if MS is including drivers in the updates now???

        • #125018 Reply

          Jan K.
          AskWoody Lounger

          He is – or rather: was – running Windows 10….

          If he was running Win7, I would disable auto updates, uninstall wireless driver in system management, reinstall previous driver, reboot and… voila! Issue solved.

          But in this Win 10 environment with forced updates, I’m lost and don’t know how to attack the problem…

          He’s quite upset. Though he retired earlier this year and doesn’t have work as such, he still do some photographic and video jobs, and as he puts it “If this was my business and I had people working, this problem would have cost me a fortune, as we can’t get work done!”

          I could only mumble and mention my Microsoft retirement plan, but seriously… Microsoft expect business done under this new “service experience”?

          It’s a (costly) joke.

    • #124925 Reply

      CraigS26
      AskWoody Lounger

      To get things going for Grp A – W7-64 users I had / installed just 4 Importants & NO Optionals:  KB4025341 July Rollup —  MSRT —  KB3191907 2010 Excel (32b) KB3213624 2010 Office(32b)

      Made a Macrium  Image just prior to Update ……All is well …………

      WU Grp A - Win 7-64 Hm Prem / Hm-Stdnt Office '10 - ESET EIS - MBAM Prem 3 - SuperAS PRO - Diskeeper 15 - NO Java or Flash

    • #125080 Reply

      Geo
      AskWoody Lounger

      Grp A,  Win 7  home premium,  SP1,  X64,   AMD Sempron 145 processor,  Nvidia GeForce 6150SE,  Office 2010. Downloaded  KB4925341.  Everything works . No printing problems either. Also MSRT X64  Kb890830.

      • This reply was modified 1 week, 5 days ago by  Geo.
      1 user thanked author for this post.
    • #125189 Reply

      anonymous

      Having difficulty downloading kb4025339 tried 2/3 times today just won’t install.  Windows 10 laptop. Novice so don’t know what to do.  Just going to turn off if it fails again and hope for a resolution

      • #125191 Reply

        PKCano
        AskWoody MVP

        You have Win10 1607. Are you using Windows Update to update?
        Please let us know the information on your PC and an error message, if you received any – Computer Mfg, model, CPU, Graphics drivers, chipset drivers, security software.

        • This reply was modified 1 week, 4 days ago by  PKCano.
    • #125196 Reply

      anonymous

      Thank you. No error message. Just update failed to download try again.  Using Windows update all other updates loaded ok including a net.4 one.  At the moment it is sitting at installing 10% but has been stuck there ages.  Have turned laptop off now. Don’t know these other things it’s a hp laptop top. Windows 10 home. Edition W.10 V 1607. Don’t know cpu.  Memory 4g.  Storage 1 TB.   64 bit X 64 based processor.   Could try from catalog but unsure how to do this

    • #125198 Reply

      anonymous

      Forgot to say bullguard security but turned that off no difference.

    • #125975 Reply

      MrBrian
      AskWoody MVP

      Two updates are now listed at Release Notes – July 2017 Security Updates as having issues.

      2 users thanked author for this post.
      • #125977 Reply

        abbodi86
        AskWoody MVP

        Well, all Windows 8.1 installations should already have KB3000850 since December 2014

        • This reply was modified 6 days, 10 hours ago by  abbodi86.
        2 users thanked author for this post.
        • #125981 Reply

          ch100
          AskWoody MVP

          Well, all Windows 8.1 installations should already have KB3000850 since December 2014

          It depends on your audience 🙂
          There have been only 2.5 years since December 2014.

    • #126335 Reply

      MrBrian
      AskWoody MVP
    • #126339 Reply

      MrBrian
      AskWoody MVP

      Four updates are now listed at Release Notes – July 2017 Security Updates as having issues.

    • #126647 Reply

      MrBrian
      AskWoody MVP
    • #126795 Reply

      MrBrian
      AskWoody MVP

      Another issue (and its workaround) was added for KB4025333, the July 2017 Windows 8.1 security-only update: “Japanese IME may hang in certain scenarios.”

      • #126821 Reply

        anonymous

        That’s what happens when you take a “change everything, no wait change it in a completely different way, no change it again — wait what were we doing? Were out of time just ship the code we can fix it later and we never need to test anything” coding style. If you get lucky it only blows up when you do the same thing when you “fix” the code again for the 3rd time.

        5 years later you have HUGE pile of “not MY problem” code.

    • #126837 Reply

      fred
      AskWoody Lounger

      That’s what happens when you take a “change everything, no wait change it in a completely different way, no change it again — wait what were we doing? Were out of time just ship the code we can fix it later and we never need to test anything” coding style. If you get lucky it only blows up when you do the same thing when you “fix” the code again for the 3rd time. 5 years later you have HUGE pile of “not MY problem” code.

      Being a victomized “testuser” since windows1 I am out of calling-words…. just very tired of these money-wolfes-practices, and just asking how long it will takes before people wiil smash these windowpractices  ‘-(

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: July 2017 Patch Tuesday rolls out with another load of updates

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.