July 2017 Patch Tuesday rolls out with another load of updates

Topic

New Reply

On July 11, Microsoft has once again rolled out a deluge of patches for Windows and other Microsoft products. Martin Brinkmann at ghacks.net provides
[See the full post at: July 2017 Patch Tuesday rolls out with another load of updates]

2 users thanked author for this post.

MrBrian, Canadian Tech

Reply | Quote

Replies

‘Windows 8.1: 24 vulnerabilities of which 2 are rated critical, 21 important, and 1 moderate’

‘Internet Explorer 11: 7 vulnerabilities, 5 critical, 2  important’

Given the risk factor of NOT updating in Group B, I have taken the plunge to install both relevant patches and as yet see no adverse effects on my W8.1 Pro x64 after a couple of hours in use. (also the Adobe Flash patch for W8.1)

PS: I do have an offline system image just in case for this system.

Windows 7 is offline (internet connection) and will wait until MS-DEFCON level is at 3

Windows - commercial by definition and now function...

Reply | Quote

I installed KB4025337 security only update for my Windows 7 x 64 computers yesterday and have had no issues so far.

1 user thanked author for this post.

JDeC

Reply | Quote

Did I read that correctly? Windows 10 has more vulnerabilities than either of its less secure predecessors? Hmm.

Thanks for the info, as always.

2 users thanked author for this post.

Great Lake Bunyip, Microfix

Reply | Quote

Well noticed, W10 and Edge seems to have more vulnerabilities than the ageing W7 and IE11, I find this odd considering that W10 is the flagship OS.

Windows - commercial by definition and now function...

2 users thanked author for this post.

Great Lake Bunyip, Cybertooth

Reply | Quote

Well, Edge is just a fork from the IE code base and claims that Edge is a brand new browser written from scratch, is pure nonsense.

Reply | Quote

Windows 7 can be made more secure than Windows 10 if one has EMET installed on their Win7 box. Of course, EMET is on the geeky/nerdy side and not for the novice, but I’ve recently started fooling around with it which is always fun with new software.

The only way to make Windows 10 more secure than Win7 + EMET is if EMET is also installed on Windows 10 since Windows 10 does not provide all the key features of EMET by itself. Anyway, just thought that to be interesting.

2 users thanked author for this post.

HiFlyer, Erik

Reply | Quote

Sessah, I haven’t heard of EMET before but am interested. I am not a novice but somewhat of a self taught intermediate. I found the download link from microsoft for EMET: https://www.microsoft.com/en-us/download/details.aspx?id=50766

Is all you have to do is download it? You make it sound like a novice can’t handle it, if that’s all you have to do. Let me know as I would like to have it on my computers.

It also says that microsoft will stop supporting it on July 31st, 2018. https://mspoweruser.com/microsoft-extends-emet-end-life-date-18-months/ After that date I wonder if it is still ok to keep installed?

One interesting thing is that in your article it shows that the only difference between W7 and W10 (both with EMET is the fonts are more secure in W10. It seems that was only due to an update in v5.5 and only addressed W10 (I suppose they could have made it for W7 if they wanted but did not do it).

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

3 users thanked author for this post.

Elly, Sessh, HiFlyer

Reply | Quote

I say it’s not for the novice because there are quite a few geeky settings involved and EMET can cause problems (program crashes etc..) if you configure things improperly. I chose to completely go the manual route with configuration as the recommended program configuration consists mostly of programs I don’t even have on my PC and never will, so I decided to go at it manually. I too am self taught, but I consider myself to be somewhere in between “intermediate” and “geeky” with the capacity to be more geeky.

You download it and install it; it’s very user friendly, but it’s the settings that are where the potentially confusing and overwhelming geeky stuff comes into play.  This page is a great start if interested.

As for EOL, I am not nearly as paranoid and scared of such things as many other people seem to be. Just because something hits EOL doesn’t mean it instantly becomes insecure and unsafe to use. EMET may not be updated again until it’s EOL date and I imagine it will be a very effective security tool for years after for legacy users. As has been said around here before, the biggest risk to your PC is you and your actions. I used WinXP for nearly three years after EOL with zero problems. It all depends on the user. EMET seems like a very solid program and will not be useless any time soon. So, for me personally, I don’t worry too much about FUD surrounding EOL of software. That’s just me, though. 🙂

Windows 10 has some elements of EMET built in, but many features are not included which is why manually installing EMET on Windows 10 is the only way to get the full benefits. That may change, but with how often W10 gets major changes to it, I imagine it will be a constant revolving door of security holes with new ones being created as fast as they are closed. I’d be running it if I had Windows 10, that’s for sure. Still, it’s impressive that Windows 7 can still be a top of the line secure OS despite it’s age and I imagine that can be the case for quite awhile longer.

2 users thanked author for this post.

Elly, HiFlyer

Reply | Quote

Isn’t EMET gonna be retired next year? I find it to be a shame, it’s a good piece of security software.

Reply | Quote

EMET support will end next year.
Somewhere I read (don’t remember where) that MS is going to integrate EMET into Win10.

Reply | Quote

I heard that too, but I would keep it alive as long as Windows 7 support lasts.

Reply | Quote

Microsoft bringing EMET back as a built-in part of Windows 10

Reply | Quote

Note that the following optional and recommended Windows 7 updates break some features in EMET. You will want uninstall these three optional or recommended updates before installing EMET on Windows 7 computers. Uninstall in the following order:

KB3185278, Optional, September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, Breaks EMET if you also have security update KB3175024 installed

KB3172605, Recommended, July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, Breaks Intel bluetooth drivers, was re-released again on 2016/09/13

KB3161608, Optional, July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1, Plethora of issues, breaks EMET. Superceded by KB3172605

1 user thanked author for this post.

Elly

Reply | Quote

Seff wrote:

Windows 10 has more vulnerabilities than either of its less secure predecessors?

A lot more when you add in Edge.

1 user thanked author for this post.

Seff

Reply | Quote

In my WSUS environment, today’s Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4025252) seems to have detection problems. On the WSUS status report for that update, it shows as “installed” for all systems that should get it. This is true on both of my WSUS servers, which are not replicas of each other.

Naturally, my systems do not have this update installed.

The 32-bit version of this update does not have this detection problem.

Anyone else seeing this?

1 user thanked author for this post.

NetDef

Reply | Quote

Additionally, Security Update for Microsoft Office 2010 (KB3203468) 32-Bit Edition incorrectly shows as “installed.”

The other patches that would apply to my Win7 test systems are detecting correctly, though.

Reply | Quote

I noticed this too. I approved the ie cumulative update along with the security monthly quality rollup on a couple of test machines (win 7 x64). After the monthly quality rollup was installed, the machines then detected the ie update. But, after you “install” the ie update they then re-detect that they still need it. As it turns out, the ie updates are included in the security monthly quality rollup, which seems to be a change from previous months. Why the detection errors are there, I can’t explain.

Reply | Quote

The “Security Monthly Quality Rollup” is composed of three parts: security updates, non-security updates, and the IE11 cumulative update. If you install it, you do not need to install the standalone IE11 Cumulative Update.

If you install the “Security Only Quality Update,” it contains only security patches. Then you also need the IE11 Cumulative Update as well.

5 users thanked author for this post.

HiFlyer, SueW, JDeC, Great Lake Bunyip

Reply | Quote

In our case, we’re using the “Security Only” versions of the Win7 cumulative updates.

Reply | Quote

The Security Only Quality Update is NOT cumulative.
The IE11 patch is cumulative and the Security Monthly Quality Rollup is cumulative.

2 users thanked author for this post.

Kobold Curry Chef

Reply | Quote

Got it.

Just to be clear, we are using the security-only ones. The detection failure is happening before any of today’s updates are installed. It’s not a case of me installing the KB4025341 monthly rollup by mistake and then wondering why IE11’s update isn’t needed.

(I don’t think you were saying that, but I wanted to be clear about what I was seeing.)

Reply | Quote

A synch today on my WSUS at approximately 1:00 PM PDT had an updated KB4025252.  This has fixed the detection problem for this patch on WSUS at least.

A check with the Win Update client back to MS did not show the new revision.  But that might be due to caching on Akamai servers?

-JD

1 user thanked author for this post.

Kobold Curry Chef

Reply | Quote

Interestingly, Microsoft states ‘If you have not installed the latest version of Comodo Internet Security Suite, you will not have this Windows Update offered to your device automatically.’ So, Windows 10 CU 1703 users  have to ditch Windows Defender and install CISS to get the update? Of course, not, but yeah, it’s Microsoft… Third-class management, third-class software…

1 user thanked author for this post.

Fred

Reply | Quote

The Comodo update requirement only applies if you already have Comodo security software installed.

If you have no Comodo software installed, the MS update will be offered per usual.

1 user thanked author for this post.

ky41083

Reply | Quote

AKB2000003 has been updated 7/11/2017 – Group B Security Only patches and IE11 Cumulative Update

8 users thanked author for this post.

samak, HiFlyer, SueW, Elly, JDeC, abbodi86, Cybertooth

Reply | Quote

Microfix wrote:

Well noticed, W10 and Edge seems to have more vulnerabilities than the ageing W7 and IE11, I find this odd considering that W10 is the flagship OS.

What, don’t you believe Microsoft’s line that 10 is the MOST SECURE version of Windows in history?!?

Hahahaha…. (just kidding, of course)

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Microfix

Reply | Quote

So where do I read the details of the vulnerabilities? I’m not seeing any details but the summary and then it leads in circles.

Reply | Quote

On the main blog page – hit the “Home” button at the top
There are two links, one in the first line, and one in the second line. The first takes you to the Microsoft Security Update Guide, the second links to the ghacks website.

Reply | Quote

anonymous wrote:

Interestingly, Microsoft states ‘If you have not installed the latest version of Comodo Internet Security Suite, you will not have this Windows Update offered to your device automatically.’ So, Windows 10 CU 1703 users have to ditch Windows Defender and install CISS to get the update? Of course, not, but yeah, it’s Microsoft… Third-class management, third-class software…

😀

* _ ... _ *

Reply | Quote

I hope they start incorporating old fixes into Win 7/8.1 preview rollups this month, they already 5 month behind the announced schedule :@

Reply | Quote

Considering all of the problems with patches lately, postponing adding more stuff into the 7/8.1 updates is probably a good idea.  Something that just hit me – I wonder if the way the cumulative updates are made nowadays is connected to what seems like more widespread new bugs from patches.  The old service packs were based on a similar concept, but I don’t recall post SP issues a la what happens now, so that makes me wonder if they’re being built the same way or not.

Reply | Quote

According to MS, one major reason for switching to the cumulative update model for all supported OS’s, was to reduce issues caused by updates. They have and still do claim, it reduces issues by making sure (forcing) a collection of updates to all be installed at the same time, rather than allowing users to cherry pick updates, and end up with update combinations that simply weren’t tested.

If what we are currently seeing actually is the “reduced issue” version, I can only cringe at what would be the “full issue set” version…

Reply | Quote

Two observations: first, I tried to download the security only update from the Update catalog using IE and failed, receiving error code 8DDD0020. The update page would flash on, and then the error page would show. Switching to Firefox, I had no problem. This was just with the Windows update. The IE 11 update worked smoothly.

Second: 2 months ago I assembled a new machine, upgrading to a corei3 Skylake and Asrock mobo. I then Win 7 Home on it, using my old install disk (SP1) and updating with those updates recommended here for group b. In June I found my system automatically updated, and I am unable to make WU never check or check but let me decide. It tells me this is enforced through group policy. HUH?? This is Win7 home, what group policy. As this is not my main computer, I just disabled WU in services. I tried to find a group policy setting, but hate to mess with the registry. I don’t know enough.

I just wanted to share this with you. I don’t see it as a major headache. I don’t browse with this, update with stand alone installers I move over via my home network, and it’s behind 2 firewalls (router and Windows own).

1 user thanked author for this post.

ryegrass

Reply | Quote

Thnx. Here too, postpone or stop windows-update from running automatically is gone! At least it doesn’t work anymore as it used to. Why? Are there new ways to stop this auto-update?

Reply | Quote

I’ve been using This on W7 Pro x64 (SP1+) for ages.

There is a setting within the program to alter WU services, may be worth a try in your case. The beauty of this program is, that you have a choice to install it or use it as a portable program.

Windows - commercial by definition and now function...

2 users thanked author for this post.

Elly, BobbyB

Reply | Quote

Winaero Tweaker is indeed a very useful and powerful program. I’ve been using it recently on my HP Stream 7/Windows 10 Home tablet to find out just how much I can regain control of the OS. So far I’ve disabled Cortana, the lock screen, automatic updates of  pre-installed Store apps and a few other things. Also cleaned up context menus, reinstalled classic Windows 7 games, and a bunch of other stuff just to see if I could.  But I also accidentally changed a Boot option today that borked my tablet and rendered it unable to start. Fortunately I don’t use this tablet for anything but testing, so I just need to reset it and reinstall the handful of programs I’m trying out and I’ll be back in business again soon. Just have to remember not to go near boot options again until I have time to make a full backup just in case! The joys of computing never end…

2 users thanked author for this post.

Elly, BobbyB

Reply | Quote

Just to add to what @mikefrommarkham & @microfix said, Winaero Tweaker is an awsome well put together bit of software and regularly updated, I have never had any problems with it, the web page is full of awsome tips as is the regular nightly mail, with inside gossip and stuff you either never knew or forgotten tips and tricks. All gloriously free of advertising, he also does a range of classic Windows Games and retro appearence Windoze stuff, should the aesthetics of Win10 not be your “cup of Tea.”

1 user thanked author for this post.

Elly

Reply | Quote

@anonymous yeah happens here as well roughly about every 6 months check out this web page
https://social.technet.microsoft.com/Forums/ie/en-US/bc52a083-27e6-4184-9f58-9f5e0c0e6714/my-windows-update-is-controlled-by-system-administrator-in-windows-7-help?forum=w7itprosecurity
If your cool with editing the registry, as usual backup, copy reg, have a recovery strategy.
Ohh and just check the symptoms are the same as you describe, sounds similar but hey.
OBTW it suggests GPOL I have access to mine on Win7Prox86 but you dont on Win7Home, but if you did its never been set in the GPOL as M$ and a few others suggest. Hope this helps 🙂

Reply | Quote

anonymous wrote:

In June I found my system automatically updated, and I am unable to make WU never check or check but let me decide. It tells me this is enforced through group policy.

See reply #124487 for instructions “how to get the settings back”

1 user thanked author for this post.

ryegrass

Reply | Quote

anonymous wrote on July 11, 2017 at 10:44 pm:
“In June I found my system automatically updated, and I am unable to make WU never check or check but let me decide. It tells me this is enforced through group policy. HUH?? This is Win7 home, what group policy.”

That sounds worrying … To have mandatory Windows Updates enforced in Win 7 Home Premium via some user-inaccessible Group Policy setting that was mysteriously changed/ activated at the backend.

Coincidentally, just before I came here, I was reading about another user (deanwoman) who reported at the official MS forum that the sneaky KB2952664 was repeatedly downloaded & installed w/o permission at end June 2017 — even though her up-front settings are locked at not to download or install any Windows Updates.

Something seems to have happened in June 2017 that caused users’ machines to quietly auto-download & install Windows updates, regardless of users’ settings. The situation might possibly be more widespread than it seems. My guess is that most users who previously locked down their machines against unwanted MS intrusions (& hence beguiled into a false sense of security) did not really notice the recent violations.

Is it possible for MS to sneak in unwanted changes via security KB patches, or even via some backdoor means ? I understand that some MS IP addresses are hard-coded into the OS design & impossible to block.

Reply | Quote

anonymous wrote:

Thnx. Here too, postpone or stop windows-update from running automatically is gone! At least it doesn’t work anymore as it used to. Why? Are there new ways to stop this auto-update?

Looking for new ways to postpone /and-or/ switchoff auto-update again.

* _ ... _ *

Reply | Quote

This is how to get the Windows Update pulldown menu settings back:

1) Hold WindowsKey + R
(is hold Start press R on your keyboard)
or use Start\Run
2) Type: “regedit”
Hit Enter

3) Go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Find AUOptions.
Double Click AUOptions or Right Click Modify

You can change the values data from 1 through 5

1. Install updates automatically
2. Check for updates but let me choose wether to download and install them
3. Download updates but let me choose wether to install them
4. Install updates automatically / Never Check For Updates
5. Enable the option box to choose manually

#4 is the choice you want

Edit: See correction in choice #1

3 users thanked author for this post.

Elly, ryegrass, Fred

Reply | Quote

Anonymous Ed here: Thank you for the info. I don’t mind editing the registry if I am certain I know what I’m doing. this means following a trusted instruction. 🙂

Reply | Quote

PKCanto wrote on July 12, 2017 at 5:04 am:
Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Find AUOptions.

For Windows 64-bit, perhaps the below associated key may need be checked & manually set as well — in case it isn’t automatically created & populated with the same DWORD value ?

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU
→ AUOptions = 4

Reply | Quote

Correct. If it’s not there, create it

Reply | Quote

Surprisingly on my WSUS the 2016 KB4022715 is not marked as superseded through the new KB4025339. But I assume the new one replaces the old one? I am confused.

Reply | Quote

Unbelievable.

Remember KB3203467 for Outlook? (https://support.microsoft.com/en-us/help/3203467/descriptionofthesecurityupdateforoutlook2010june13,2017).

That caused multiple problems. So a fix was issued, KB3015545 (https://support.microsoft.com/en-us/help/3015545/june-27-2017-update-for-outlook-2010-kb3015545). That multiplied the problems (https://www.reddit.com/r/sysadmin/comments/6k09bj/outlook_2010_update_kb3015545_causing_crash_when/).

On July 5th, a manually downloadable patch was issued: kb4011042 (https://support.microsoft.com/en-us/help/4011042/july-5-2017-update-for-outlook-2010-kb4011042) .  Now that patch has been pulled as well: Update 4011042 for Microsoft Outlook 2010 that was released on July 5, 2017, is not currently available. This article will be updated as soon as the update is available again.

I still have not installed KB3203467, because the last time I looked, it showed up as unchecked. But I’d like to, soon, it being a security update. Or does anyone know if it is addressed in this round of updates?

~Annemarie

4 users thanked author for this post.

Bill C., HiFlyer, SueW, Elly

Reply | Quote

WHY unbelievable? That is exactly what should be expected.

Reply | Quote

I have not found any proof of why they pulled the updates.
Nevertheless, I downloaded them after they were released to deploy throughout our org, and have uploaded them to FileDropper to share. I did install the “bad” update (KB3203467), and then this update (KB4011042) on several machines and have had no problems. Outlook 2010 has behaved as expected.

outlookloc2010-kb4011042-fullfile-x86-glb.exe
SHA1: 56c4c15211c2e49e71fc9e1399e6b145e66386a6
SHA256: 7fa7c6ab0e923ea2d2f41913ddc155de8fb3cc6502d1662c786528f167e14480
https://www.virustotal.com/en/file/7fa7c6ab0e923ea2d2f41913ddc155de8fb3cc6502d1662c786528f167e14480/analysis/

outlookloc2010-kb4011042-fullfile-x64-glb.exe
SHA1: 3fa24d9dd7f72efcd86a982b1aab808a133736aa
SHA256: bb630843935befa01c71f349376d8731a72e52382ecfa05098e0764012e8bb7d
https://www.virustotal.com/en/file/bb630843935befa01c71f349376d8731a72e52382ecfa05098e0764012e8bb7d/analysis/

3 users thanked author for this post.

HiFlyer, SueW

Reply | Quote

Was so happy to be greeted with a screen prompt that Windows had updates that needed to be installed with a re boot. Oh joy I thought, another pull of the Windows bandit machine to see if I am lucky or not so lucky with these updates. I agree with Paul Thurrott, I thought Microsoft claimed Windows 10 would have much less reboots with updates?? I cannot remember a month where I did not reboot at least once for a update. In fact I think I reboot Windows 10 more now than ever.

Reply | Quote

UPDATE:Security patches for Microsoft Office are now available. Considering last month’s fiasco, it’s probably an excellent idea to let the lemmings (er…Guinea Pigs) jump off the cliff first. Unless you desperately need patches to fix patches to fix patches….
Office 2007 (5)

Does anyone know if this fixed the outlook 2007 issue with last month’s patch?

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

1 user thanked author for this post.

HiFlyer

Reply | Quote

According to Microsoft, there are no known exploits targeting the vulnerabilities fixed by this month’s updates; source: The July 2017 Security Update Review.

Another SMB vulnerability was fixed this month; source: Microsoft Patch Tuesday – July 2017.

1 user thanked author for this post.

ch100

Reply | Quote

.NET Framework July 2017 Security and Quality Rollup

3 users thanked author for this post.

HiFlyer, ch100, PKCano

Reply | Quote

Windows 10 and 2016 only, to clarify for those who may be looking for the versions released for the older operating systems.
For Windows 10 and 2016 the .NET Framework rollup is packed together in a larger rollup with the Windows specific fixes, so there is only one big rollup instead of two.
It is all explained at the top of the article from @mrbrian’s post.

1 user thanked author for this post.

HiFlyer

Reply | Quote

The July 2017 Windows 7 security-only update probably fixes Outlook Issue #5 because it includes a very recent version of SearchIndexer.exe.

3 users thanked author for this post.

HiFlyer, ch100, SueW

Reply | Quote

Is it included in the Windows CU? Because when I click on the links I end up here:
https://support.microsoft.com/en-us/help/4025344

Reply | Quote

The Jul security-only update for Won7/8.1 is one of the components of the Monthly Rollup for Win 7/8.1. So the Rollup should also fix the issue.

Reply | Quote

Like Annemarie (anonymous) wrote in her blog post, I, too , have not installed KB3203467, since it is unchecked and multiple issues have been reported with the update.  This morning, my computer ran Windows Update and picked up the July 2017 updates.  Interestingly, KB3203467 is still shown unchecked and the new July update, KB3203468, is not shown.  Have others experienced this as well?

Reply | Quote

On my test machines, KB3203467 is installed. KB3203468 is not showing as available via WSUS. (In fact, WSUS says KB3203468 is already installed, which is not true.)

When I downloaded the KB3203468 (32-bit) update from Microsoft’s site, and tried to install it manually, it said it wasn’t applicable. Not sure why yet.

Reply | Quote

I ran the updates this weekend: got all the regular July-patches for Win7 32bit Home, but KB3203467 still unchecked and, like July 12, 2017 at 11:47, the new July update, KB3203468 was NOT offered. Only got the other 2 Office2010-security-updates.

~Annemarie

EDIT to remove html

Reply | Quote

Looks like the Office attachment bug fix:
https://support.microsoft.com/en-us/help/4011042/july-5-2017-update-for-outlook-2010-kb4011042
has been pulled.. it has been pulled twice now.. This patch was not even in the catalog or WSUS or Microsoft updates..
I really need them to fix this and give me a way to deploy

1 user thanked author for this post.

SueW

Reply | Quote

No issues with the July update which was done on both my Lenovo and HP laptops, Both are sporting Windows version 1511.

IGS

Reply | Quote

Will the July (or future equivalent) .NET Framework rollup get a Windows 7 SP1 or Windows 8.1 version in the near future?

Reply | Quote

DEFCON 2 – in case you all missed it.

Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

Volunteer Piñatas: remember, your tush is swinging in the wind.

1 user thanked author for this post.

SueW

Reply | Quote

> Windows 10 version 1703: 27vulnerabilities of which 2 are rated critical, 23 important and 1 moderate Note: Windows 10 version 1507 will no longer receive security updates.

What about 1511?

Also: do the security patches to Win10, IE11 and Netframe include any upgrades to higher versions (1703) or return components that were killed with scripts (Edge, Cortana, etc)?

Reply | Quote

Information for Win10 patches and the associated version\Build  numbers are listed in the Windows 10 Update History. Click on your version on the left

Reply | Quote

Thanx.
What about my second question?

Reply | Quote

Strangely just reading about this on a seperate issue. Possibly our learned MVP’s may be able to cast more light on the issue, such as mysterious changed registry settings, customisations reversed, deleted files restored, etc
I’ll go out on a limb here and say theres never any really in depth detail over and above what M$ puts out on its page as to whats changed unnanounced. Its probably a good idea after installing one of those Cumm. updates just to have a quick look though your system and check.
Its caught me once or twice as well alas 🙁

Reply | Quote

https://forums.lenovo.com/t5/ThinkPad-P-and-W-Series-Mobile/BSOD-after-KB4022725-install/td-p/3732777

 

Reply | Quote

For reference, KB4022725 is the June CU for Win10 1703

Reply | Quote

Just found you today, Woody, searching for reliability of 2952664 update, and very glad to see your warning.  I remember you from Windows Secrets.  We beginner and intermediate users need lots of help!  🙂

Thank you from Annie

2 users thanked author for this post.

HiFlyer, Jan K.

Reply | Quote

PKCano wrote:

1. Download updates but let me choose wether to install them 2. Check for updates but let me choose wether to download and install them 3. Download updates but let me choose wether to install them 4. Install updates automatically / Never Check For Updates 5. Enable the option box to choose manually #4 is the choice you want

So options 1 and 3 are the same? Also, can you explain option 4, the two parts seem contradictory to me?

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

#4 – the two ends of the pulldown – Automatic/Never

1 user thanked author for this post.

samak

Reply | Quote

Anonymous Rd again. I thanked you upthread, still in moderation at this point. I went into registry, but see no setting marked as WU. I’m adding a screenshot. Is the setting available on a Win7 Home system?

Reply | Quote

PKCano wrote:

3) Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

If you have never edited the Registry before, you need to get help from someone who knows what they are doing. You can seriously mess up the computer. This is the Registry location you need. Read the rest of the instructions carefully. Do not do this if you do not understand the instructions.

Reply | Quote

Looks like Outlook 2010 search works again after these patches.  We’re deploying that fix tonight . . . the rest I am holding off until next week.

~ Group "Weekend" ~

Reply | Quote

The outlook patches did not fix the search problem, the OS roll up fixed search isue

1 user thanked author for this post.

ch100

Reply | Quote

Thank you again, PKCano. I am aware I can do serious damage if I improperly edit the registry. No, I have not done anything at this point in terms of the current discussion. I did go to HKLM, then software, which I opened; then down the tree to Policies, then opened the branch and went to Microsoft, then to Windows. I see no entry Windows Update. I’m not going to mess with anything. I think I’m where you are pointing to. I am curious why I don’t see what it is you reference.
I’ll try the screenshot again. Maybe I’ll get it right this time. 🙂
Thanks again. Ed

Reply | Quote

When using Dropbox as your https image source, you need to change the suffix to make it show (now done, to make sure yours worked). Check out this topic for further details.

Reply | Quote

Ah! Thank you very much! 🙂
Ed

Reply | Quote

Let me repeat my question: Do the security patches to Win10, IE11 and Netframe, if applied to 1511 (1) upgrade to higher versions (1703) or (2) return components that were killed with scripts (Edge, Cortana, etc)?

Reply | Quote

(1) The Win10 1511 rollup should NOT change the version of Windows. I’ve never heard of that happening.

(2) Some of the monthly rollups DO switch default settings, bring back deleted Windows apps, and the like. MS has been trying hard to correct that behavior, and they’ve largely succeeded, but I still see occasional reports of problems.

Reply | Quote

Visited a friend yesterday, who up until now has been a very happy and worryfree Win10 user… since latest update not so any more, as he’s now getting blue screen with a code, he’s identified as driver for wireless router.

I didn’t “examine” his setup, as I’m at a loss here. If he uninstall the updates (and which one btw.?), wouldn’t it just be re-installed by his auto-all system?

I could only give a lame idea of searching manufacturer’s site for latest driver and install that through his system management section… driver may be rejected as being “older”? and since everything is on forced auto, wouldn’t it just be replaced anyway?

Any advice for him?

Reply | Quote

See this thread
https://www.askwoody.com/2017/july-11-security-only-patch-kb4025337-causes-bsod/
I wonder if MS is including drivers in the updates now???

Reply | Quote

He is – or rather: was – running Windows 10….

If he was running Win7, I would disable auto updates, uninstall wireless driver in system management, reinstall previous driver, reboot and… voila! Issue solved.

But in this Win 10 environment with forced updates, I’m lost and don’t know how to attack the problem…

He’s quite upset. Though he retired earlier this year and doesn’t have work as such, he still do some photographic and video jobs, and as he puts it “If this was my business and I had people working, this problem would have cost me a fortune, as we can’t get work done!”

I could only mumble and mention my Microsoft retirement plan, but seriously… Microsoft expect business done under this new “service experience”?

It’s a (costly) joke.

Reply | Quote

To get things going for Grp A – W7-64 users I had / installed just 4 Importants & NO Optionals:  KB4025341 July Rollup —  MSRT —  KB3191907 2010 Excel (32b) — KB3213624 2010 Office(32b)

Made a Macrium  Image just prior to Update ……All is well …………

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

Grp A,  Win 7  home premium,  SP1,  X64,   AMD Sempron 145 processor,  Nvidia GeForce 6150SE,  Office 2010. Downloaded  KB4925341.  Everything works . No printing problems either. Also MSRT X64  Kb890830.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Having difficulty downloading kb4025339 tried 2/3 times today just won’t install.  Windows 10 laptop. Novice so don’t know what to do.  Just going to turn off if it fails again and hope for a resolution

Reply | Quote

You have Win10 1607. Are you using Windows Update to update?
Please let us know the information on your PC and an error message, if you received any – Computer Mfg, model, CPU, Graphics drivers, chipset drivers, security software.

Reply | Quote

Thank you. No error message. Just update failed to download try again.  Using Windows update all other updates loaded ok including a net.4 one.  At the moment it is sitting at installing 10% but has been stuck there ages.  Have turned laptop off now. Don’t know these other things it’s a hp laptop top. Windows 10 home. Edition W.10 V 1607. Don’t know cpu.  Memory 4g.  Storage 1 TB.   64 bit X 64 based processor.   Could try from catalog but unsure how to do this

Reply | Quote

Forgot to say bullguard security but turned that off no difference.

Reply | Quote

Two updates are now listed at Release Notes – July 2017 Security Updates as having issues.

2 users thanked author for this post.

ch100, abbodi86

Reply | Quote

Well, all Windows 8.1 installations should already have KB3000850 since December 2014

2 users thanked author for this post.

MrBrian, ch100

Reply | Quote

abbodi86 wrote:

Well, all Windows 8.1 installations should already have KB3000850 since December 2014

It depends on your audience 🙂
There have been only 2.5 years since December 2014.

Reply | Quote

.NET Framework July 2017 Preview of Quality Rollup

Reply | Quote

Four updates are now listed at Release Notes – July 2017 Security Updates as having issues.

Reply | Quote

Microsoft’s July 2017 patches: issues collection

Reply | Quote

Another issue (and its workaround) was added for KB4025333, the July 2017 Windows 8.1 security-only update: “Japanese IME may hang in certain scenarios.”

Reply | Quote

That’s what happens when you take a “change everything, no wait change it in a completely different way, no change it again — wait what were we doing? Were out of time just ship the code we can fix it later and we never need to test anything” coding style. If you get lucky it only blows up when you do the same thing when you “fix” the code again for the 3rd time.

5 years later you have HUGE pile of “not MY problem” code.

Reply | Quote

anonymous wrote:

That’s what happens when you take a “change everything, no wait change it in a completely different way, no change it again — wait what were we doing? Were out of time just ship the code we can fix it later and we never need to test anything” coding style. If you get lucky it only blows up when you do the same thing when you “fix” the code again for the 3rd time. 5 years later you have HUGE pile of “not MY problem” code.

Being a victomized “testuser” since windows1 I am out of calling-words…. just very tired of these money-wolfes-practices, and just asking how long it will takes before people wiil smash these windowpractices  ‘-(

* _ ... _ *

Reply | Quote

This issue has been added to the documentation of the Windows 7 July 2017 monthly rollup and security-only update: “Due to a defect in WLDAP32.DLL, applications that perform LDAP referral chasing can consume excessive or all of the available TCP dynamic ports after installing KB 4025337 and KB4025341.”

This issue has been added to the Windows 8.1 July 2017 preview monthly rollup: “NPS authentication may break, and wireless clients may fail to connect.”

1 user thanked author for this post.

Elly

Reply | Quote

Could this issue be what’s causing the BSOD on some of the older Win 7 machines after installing either of these updates? Just wondering. I don’t know enough about this stuff to answer that question for myself.

In any case, though, I wonder if MS will be offering an updated driver

Reply | Quote

It would seem quite unlikely, from reading the Known Issues reported in @MrBrian’s July updates link above, that the LDAP issue is related to BSODs

1 user thanked author for this post.

DrBonzo

Reply | Quote

This issue has been added to the documentation of Windows 10 Version 1703 Build 15063.483: “Installing this KB (4025342) may change Czech and Arabic languages to English for Microsoft Edge and other applications.”

Reply | Quote