• March 2018 Patch Tuesday

    Home » Forums » Newsletter and Homepage topics » March 2018 Patch Tuesday

    Author
    Topic
    #175231

    The patches are starting to appear. I’ll keep this post updated as the situation becomes more clear. The master list — the Security Update Guide — i
    [See the full post at: March 2018 Patch Tuesday]

    10 users thanked author for this post.
    Viewing 35 reply threads
    Author
    Replies
    • #175235

      AKB2000003 has been updated 3/13/2018 for Group B Security-Only and IE11 updates.

      14 users thanked author for this post.
      • #175333

        KB2952664/KB3150513

        KB3080149/KB3022345

        Should combine the telemetry for the two listed below as you have done with the two listed above. They both require the first update as prerequisites in order for the second one to even show.

        Right now you have it for Win7 as:
        KB2952664/KB3150513
        KB3021917
        KB3022345
        KB3068708
        KB3080149

    • #175239

      These updates appeared on my WSUS server about an hour before the patch Tuesdays official release time at 10:00 AM PDT (Redmon time).
      I don’t recall seeing the term “Server Next” since well before Windows 2016 was released.  And I don’t ever recall seeing Windows 10 version next as a name.
      Yet another head scratcher from Microsoft.

      Email from WSUS below:
      New Update Alert
      The following 5 new updates have been synchronized to WSUS2 since Tuesday, March 13, 2018 4:20 PM (GMT).

      Critical and Security Updates
      2018-03 Cumulative Update for Windows Server Next for x64-based Systems (KB4087658)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-03 Update for Windows Server Next for x64-based Systems (KB4087657)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-03 Update for Windows 10 Version Next for ARM64-based Systems (KB4087657)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-03 Update for Windows 10 Version Next for x86-based Systems (KB4087657)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-03 Update for Windows 10 Version Next for x64-based Systems (KB4087657)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      Regards,

      Jim

      2 users thanked author for this post.
    • #175237

      Noticed in the monthly rollup (KB4088876) that states:

      “Provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.”

      Given the recent announcement that MS would release microcode in addition to what OEM is doing, does the March Monthly Rollup include the microcode?

    • #175281

      Hello, I have a new Windows 10 laptop still in the box, never turned on. I am wondering how  you would recommend setting it up so it doesn’t automatically with the current updates as it starts up and goes through beginning stages. Also, for those updates that were found to have issues and they put “fixes” in new updates, what happens when people attempt to update after. Does it download the original and the fix or neither or does it ignore the bad one and the updated one takes care of them both?  Thanks for the help!  🙂

      • #175291

        The best way is to start up the first time disconnected from the Internet. That way you can choose a local ID and get all your settings right before you face the Microsoft update problem. Read on this site how to block the updates until you are ready.

        The updates for Win10 are cumulative, so each one carries all the earlier updates plus the current fixes. So you don’t have to do a whole lot of patches to be up to date

    • #175292

      Installed two updates: 12 bug fixes and 13 security fixes.

      No issues. What’s all the fuss about?

      (Windows 10, version 1709.)

      “daft glutton”

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      1 user thanked author for this post.
      • #175295

        @b
        You signed your post this time?

        • #175297

          Just with Woody’s nickname for those of us in Group “M” on whom the rest of you rely.

          Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

          1 user thanked author for this post.
          • #175302

            Acknowledging your spirit of sacrifice, we thank you for your service.

            Our thoughts and prayers are with you.

             

            Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

            MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
            Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
            macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

            14 users thanked author for this post.
          • #175376

            It’s not nice to poke fun at those that trust MS updates only to have their main source of productivity/income replaced with trouble shooting the OS for days on end. If you truly believe they are all lying, that makes you the conspiracy theorist rather than those who stay informed reading sites like this one.

             

            1 user thanked author for this post.
            • #175418

              Not speaking for b, only on what I’ve seen –
              10 has the tendency of negative posts and ridicule on its own; some people take it too far IMHO. Yet when someone (such as b) posts something positive about 10 or its updates, they’re usually ridiculed more or its insinuated that they’re lying, a shill, or full of it.
              What you say in your post is a 2 way street – keep that in mind (and it’d be nice if everyone actually did). Just because some people have trouble with an OS or a piece of software doesn’t mean everyone does; similarly, just because you don’t have trouble doesn’t mean others don’t. 10 isn’t for everyone, but at some point, everyone will have to “make a move” whether it’s running unpatched with an old version, upgrading and biting the bullet, or switching to Apple, Google (Chromebook), or a flavor of Linux.
              Being that 1703 and 1709 have been flawless for me on all my machines, I (like b) have basically given MS a longer rope and I do install patches as they’re released. If a machine goes up a creek, I have daily backups to restore from. I’m glad to be in a place to not fret over updates like I did with all my 7 machines over the last several years. (And yes, I do have workstations for “work”, as you mention.)

            • #175455

              Keep in mind that b and zero2dash are Win 10 IT Admins running the Win 10 Ent edition and who are well-versed in testing and recovering Win 10 from botchy updates and upgrades – unlike the average Joe and Jane running the Win 10 Home or Pro edition.
              Eg most average Joe and Jane do not have another test machine to test Win 10’s forced updates and upgrades before actually installing them on their “production” machine/computer.

            • #175535

              @ “anonymous” above:
              No sure if sarcastic or not…
              Yes I am on a team that manages Win10 Enterprise (both 1511 and 1703 builds) via SCCM for a large company with about 2,200 Win10 machines in the field including desktops, laptops, and Surfaces. We do delay updates for approximately 3 weeks from gen pop….they push out to test 1 week after patch Tuesday, then a small subset (mainly IT) the 2nd week, then when it’s all clear, 3rd week they go out to gen pop.

              I do run 10 Pro at home and in my VM’s, and all my physical machines back up every night at 5:30am via Veeam Endpoint. Initially I deferred upgrades for 365 days and updates for 30 days but have since extended that MS rope and now the only update control I practice on my machines is changing the active time so when updates install, my machines only boot when they’re not being used.

              Am I the typical “John and Jane Doe”, no, I’m not, but that doesn’t mean “John and Jane Doe” are having problems either. People who have problems, complain. People who don’t, don’t. Taking /r/Windows10 as anecdotal evidence, probably <5% of Win10 installs have problems and therefore complain. You (and others) may wish those numbers were more skewed, and more worse, but the fact is, they’re not.

            • #175681

              Dear zero2dash, et al.,

              Speaking for the gen pop, or general population in normal-speak, I don’t see what the hurry is for us, gen-poppers, to update anything, or has ever been, after any Patch Day in living memory, except, perhaps, for the few occasions when some actual plague of malware was really unleashed on the world.

              Sysadmins, who’s job is to take care of whole bunches of machines, have different priorities, so they tend to do things quite differently from us, gen-poppers (a.k.a. the hoi polloi.)

              Not being anybody’s sysadmin but my own, I have decreed, for now and forever, with the most severe penalties imaginable to any trespassers regardless of who they might be, that I must wait a while, rather patch right away and be, in consequence, summarily condemned to join the 5% of those who are, using Woody’s expression, left “spitting nails.”

              So, why is there even a discussion of this non-issue going on here?

              My motto: Be Group B, or die!

              Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

              MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
              Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
              macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

            • #176028

              Personally, I suspect that percentage of people who have complaints about Win10 is too low, actually.  Keep in mind that there are many people who own computers who just know how to surf the web and send email, and at a very, very basic level at that – and they do own Win10 computers because they’re used to Windows.  I help people like that with their laptops all the time, as part of my job (I work in the reference department at a public library, so we also do tech help).  I hear a LOT of complaints about Win10 from average users on a regular basis, including update issues, and many of them would never think of even looking for a tech site to look for help, much less voice their complaints.

              1 user thanked author for this post.
            • #175524

              Naw, @b isn’t lying. He sees the patching process differently from the rest of us. It’s an important point of view.

              Keep in mind that major problems only crop up on a minority of machines. How few is open to debate — only Microsoft knows, and they ain’t tellin’. In the majority of cases (with unusual exceptions like January’s crop) the problems only hit 1 in 10 or 1 in 100 machines. If you’re the “1” you’re going to be spitting nails. And for good reason.

              4 users thanked author for this post.
      • #175360

        I’m glad things worked out for you this time.

        Problem is, there’s a valid reason why folks react the way they do. And it’s not just here on AskWoody. Sure, this site tends to be more vocal because (I believe) the average technical ability is much higher here than at many other tech help communities.

        I’m very familiar with your unique posting style and comment history. But one has to admit that (especially recently) MS patches haven’t had a great track record. People aren’t making this stuff up just because they dislike Microsoft. In many cases, people dislike Microsoft because of what Microsoft has done, whether it’s forced upgrades like GWX, countless buggy patches, and show-stopping compatibility issues. And it’s not a rare thing anymore, it’s become an almost monthly affair.

        Windows 10 has changed so many things about Windows, and some of these changes are regressive.

        1 user thanked author for this post.
      • #175417

        My 1709 machines pulled down the updates and installed with no issues as well.
        I’ll reiterate once more that I’ve had 0 issues with 1703 or 1709 or the updates for either, on several machines of varying configurations (some physical, some virtual). IME MS has done better on those versions with updates than all other versions of Windows.

    • #175294

      Known Issues for March 2018 updates

      (Windows 7) SMB Servers may leak memory after installing the update — Fix in the works.
      (Windows 7) Stop error on machines with the Physical Address Extension (PAE) mode disabled — Update is not delivered to 32-bit systems with PAE disabled.
      (Windows 7) Stop error on machines not support Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2) — Fix is in the works.
      (Windows 7 and 8.1) No updates for systems without compatible antivirus solution or Registry key set — Set Registry key:

      XXX

      XXX = unable to insert code due to security of WordPress, see Ghacks March 2018 updates

      All the more reasons not to update until MS-DEFCON 3 if any of these specifications are relative to your system.

      Thanks again to Martin Brinkmann for a rapid investigation to this months patches!

      Keeping IT Lean, Clean and Mean!
      3 users thanked author for this post.
    • #175304

      And again Office 2007, which officially “died” in October 2017 (EOL), received resuscitation: it received March updates. It has received monthly updates up till now without any exception. This does raise a question: are all vulnerabilities in Office 2007 still being patched or just some of them? The last couple of months Office 2007 received less patches than Office 2010, I noticed. This could mean two things: either Office 2007 has less vulnerabilities or not all vulnerabilities are patched. Because there is no statement whatsoever about why MS keeps patching Office 2007 that is a question I do not dare to answer. Fortunately I jumped to Office 2010 in August last year, so I do not have to worry about it. But this patching practice for Office 2007 is weird and certainly unclear.

      ASRock Beebox J3160 - Win7 Ultimate x64
      Asus VivoPC VC62B - Win7 Ultimate x64
      Dell Latitude E6430 - Win7 Ultimate x64, Win10 Pro 22H2 x64 (multiboot)
      Dell Latitude XT3 - Win7 Ultimate x86
      Asus H170 Pro Gaming - Win10 Pro 22H2 x64

    • #175314

      KB 2952664 disappeared from Windows Update (even the hidden ones) on Saturday when I checked…
      It’s back… and thinks its important, too! So important, that it is tucked away, safely hidden once more…

      Non-techy Win 10 Pro and Linux Mint experimenter

      4 users thanked author for this post.
      • #175390

        I had wondered if the metadata change would have made the reissued and promoted KB2952664 appear on the KBNew list from headliner links near top of page. Many old patches have had edited articles listed and caught by MrBrian’s listing machine. But not our dear friend. Microsoft likes to keep its mysteries to themselves.

    • #175313

      It seems the date and month of Spring creators Update (1803 have been decided)

      I naturally going to skip 1709 and will install 1803 until Woody approves its installation.

    • #175318

      Don’t tell me how Edge is so much more secure than IE.

      Likewise, don’t tell me how Win10 is so much more secure than 7 or 8.1 despite attempts of microsoft pr to convince us otherwise. The number of vulnerabilities every single month is proof enough.

      1 user thanked author for this post.
    • #175319

      Am I the only one that has noticed that a link to a Microsoft web page given in the main “March 2018 Patch Tuesday” article on the Home page gives a 404 error, Sorry, Page not found:

      https://support.microsoft.com/en-us/help/4091666

      There’s at least one other invalid link to another MS page:

      https://support.microsoft.com/en-us/help/4091664

      Note that these are errors on a major MS page discussing ‘fixes’ to various problems. Apparently, MS does not check its web page ‘programming’ any better than it checks it patches.

      PS: another one,

      https://support.microsoft.com/en-us/help/4091663

    • #175322

      Woody,

      you’d have to be a real glutton for punishment — and a daft one at that

      Well, that certainly sounds like me! ???

      So away we go… Of course this was done on my backup computer which has just been imaged 2 days ago!

      Haven’t found a problem yet…

      FYI: Dell XPS 8700 Win 10 16299rs3_release 170928-1534.

       

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

    • #175339

      This is related to Intel Microcode Updates for the Meltdown/Spectre problems which haven’t occurred in the wild yet. When they are applied during MS-DEFCON 3 or higher, will they be obtained through Intel or Microsoft? Still not sure which will be the source. BTW, here’s the Intel Microcode Revision Guidance PDF as of March 6. More have gone to Production, including Ivy Bridge, which is my product.

      Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
      Wild Bill Rides Again...

      2 users thanked author for this post.
      • #175350

        My Ivy Bridge isn’t on the list as far as I can tell ( i7-3770, stepping E1, Ivy Bridge-DT )

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

      • #175513

        You might be able to get the microcode update via an update from Microsoft and/or a firmware update from the device manufacturer.

        • #175522

          @Mr.Brian:  I found the name of my Core-3, a long time ago, and at that time it was considered to be safe.    I did not write it down at the time, and can’t recall which one it was.  Is there the procedure I used the first time to locate it still available?  Thank you for any information you  may be able to provide, and all of the other invaluable advice which all members are very grateful for.    🙂

    • #175338

      Finally, Microsoft felt that Windows 10 Pro 1709 boxes should receive cumulative updates again and removed the block preventing updates showing up via Windows Updates. It’s remarkable that Microsoft refused to provide Windows 10 Pro 1709 users Windows updates for more than 2 months.. Nonetheless, most of Microsoft’s sites (i.e. msdn.microsoft.com) no longer play well for Internet Explorer 11. Looks like the deliberately mess with their sites to force users switch to a different Web browser.

    • #175342

      Am i the only one that finds fishy that they lift the antivirus ban from updates?

      Sounds to me that they want to force the Spring creators update…..

      1 user thanked author for this post.
      • #175349

        I think Microsoft is lifting the anti-virus restrictions because they feel the anti-virus programs are, for the most part, compliant/compatible.

        1 user thanked author for this post.
        • #175371

          well I won’t deny that that is one of the reasons of the lift, however I still believe that is the cause.

    • #175351

      Another glutton for punishment with no obvious issues with the 1709 update on either my work computer (i7-7700, Win 10 64-bit Enterprise) or Surface Pro 4.

      Maybe this will give me the nerve to install it on my home machines. 😉

    • #175358

      Am i the only one that finds fishy that they lift the antivirus ban from updates? Sounds to me that they want to force the Spring creators update…..

      Thinking the same here

      * _ the metaverse is poisonous _ *
    • #175361

      Well, this just ain’t my day. I almost had this comment finished and hit a wrong key or something and lost it. I’ll try to do another one.

      So, I have all the known — at least to me — settings in place on all three of my WIN 10 1607 Pro computers to keep MS from force feeding any of them the WIN 10 1709 Upgrade. I’m not going to take the time to list all the settings I’ve made and programs I use to accomplish this again (I’m a “hunter and pecker” typist and I’m too upset to go through that again), but trust me, I have my computers locked down like the gold at Ft. Knox, doing all the things we’ve talked about here in the Lounge.

      Today, on my Desktop Computer, I fired up Windows Update Blocker to turn Services back on so I could check for updates with Windows Update Mini-Tool, and hide them until Woody goes to MS-DEFCON 3 this month. (I check often for updates and apply any Windows Defender virus definitions immediately, which is usually every day.)

      But today? Surprise, surprise, surprise! After I had hidden all the monthly updates and had updated the Windows Defender virus definitions, before I could go back to Windows Update Blocker to turn Services back off, guess what popped up? Why, it was the good old Windows 10 Update Assistant and the upgrade to WIN 10 1709 was speeding right along!

      I cursed a few times, shut down the computer with the ON/OFF Button on the CPU, unplugged the router power cord to shut down the Internet connection, and cursed a few more times.

      So, right now I have a pretty little shortcut to the Windows 10 Update Assistant on my desktop, and two new folders on the root of my C:/ drive: $GetCurrent and Windows 10 Upgrade. The $GetCurrent folder is created during the upgrade process. It contains a log file about the last Windows upgrade. The Windows 10 Upgrade folder has a slew of files and folders and, since it contains Windows10UpgraderApp.exe, I’m guessing it’s the files for the upgrade to 1709.

      Now mind you, all this is AFTER uninstalling the Update for Windows 10 for x64-based Systems (KB4023057) through Revo Uninstaller, and running CCleaner, System Mechanic and the Windows Disk Cleanup program, set to Clean up System Files. I  see that the Windows 10 Update Assistant has magically reappeared in Revo Uninstaller also.

      But that ain’t all, folks! I checked my other two computers, where both have had Services turned off with Windows Update Blocker and Protect Service Settings checked, and have NOT run the Windows Update Blocker to turn Services back on. In other words, all settings have been in place to keep MS from forcing the WIN 10 1709 Upgrade. All I did was turn them on today and boot them up.

      OK, right now I know what you’re thinking … I bet you’re thinking that the Update for Windows 10 for x64-based Systems (KB4023057) and the Windows 10 Update Assistant has automagically appeared on the other two computers, right? Well, you’d be wrong … only the Update for Windows 10 for x64-based Systems (KB4023057) has automagically appeared on the other two computers! Somehow, it’s made it’s way through all the settings and Applications to keep MS from force feeding them the WIN 10 1709 Upgrade! Only after KB4023057 installs does  Windows 10 Update Assistant appear.

      Well, that’s my story and I’m sticking to it. But I can’t tell you how angry I am right now. I’ve taken my anxiety meds, [edited – please keep on topic, and remember the Lounge Rules]

      Really, I’m so sick of dealing with all this insane WaaS stuff I’m getting real dad-gummed close to getting this piece of crud off all of my computers and replacing it with, oh, I don’t know, Linux? Vista? XP? Anything but the “greatest Windows operating system ever!” I call bullsh*t on that.

      So, I just don’t know where to go from here. I’ve got that danged Update for Windows 10 for x64-based Systems (KB4023057) just sitting there on all three of my computers just waiting to get it’s fat, sweaty palms on the Windows Update Service so it can do it’s dirty deed. And as far as I know, you can’t get rid of it. And if you do … it’ll be back. I’m sure Satya and his merry band of mischief makers will eventually figure out a way around Windows Update Blocker, too. Don’t doubt me on that, folks. We’re all going to eventually succumb to WaaS and it’s dastardly ways, or else!

      Well, I’m just going to sit tight right where I am until I’m in a better mood and can think straight again. Right now, I’m so angry I can’t. If anyone has any suggestions, I’d appreciate them. Really. I’m utterly at a loss.

      Thanks for taking the time to read all this. I know it’s really long, and probably confusing. You folks are the greatest!

      P.S. Double clicking the Windows Update Assistant on my desktop presented me with the following propaganda. Yea, right … but at least cancel update on the second window does in fact cancel the update.

      Capture1

      Capture2

      4 users thanked author for this post.
      • #175368

        Just thinking… Isn’t / aren’t there any folder(s) you can take ownership and remove enough permissions so Windows cannot write to the disk, borking and therefore avoiding that unwanted update?

        1 user thanked author for this post.
      • #175454

        If you manually kick a check for updates, you trigger a potential check in to the Windows 10 feature update.  What deferrals did you have in place and do you have CBB/semi annual set to be deferred 365 days?  As if you just have it deferred until it’s declared current branch for business, 1709 has been declared as “baked”.  You need to push off that deferral for the 365 day value.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
        • #175676

          Hi, Susan. Welcome to AskWoody. Your knowledge and articles are a great big plus to a great Website!

          In Group Policy, I have both Select when Feature Updates and Quality Updates are received set to Disabled. I think this was part of the setup instructions when I started using the Windows Update MiniTool to manually control updates and upgrades, I don’t remember for sure.

          However, I’ve been using WUMT for quite a while now, and it’s worked flawlessly, except for one Cumulative update that wouldn’t finish installing until I turned off my antivirus program, which had nothing to do with WUMT, naturally. It’s been great for postponing the monthly updates until Woody lights up MS-DEFCON 3, or skipping updates completely, and for skipping the 1703 Upgrade completely, and the 1709 Upgrade … until yesterday.

          It seems MS has made some changes that has blown up my current update/upgrade plan. As soon as it detects Windows Update Service running, it immediately begins upgrading to the latest version of Windows 10. Looks like we all may eventually be forced to update/upgrade according to MS’s plans, not ours.

          They began by ignoring the deferral settings in 1703. Looks like their next step is to get everyone forced onto the latest version whenever they like, no matter the user settings. When called on it, they just say, “Oops”, and keep on rollin’.

          Thanks for your input. I’m stuck with all three of my computers locked down where, hopefully, MS can’t get through to install the 1709 Upgrade. I’m hoping to be able to wait until 1804 is ready before doing another upgrade. I hate it that I may not be able to do any updating, either, though, in order to keep 1709 at bay. I definitely have some thinking and deciding to do.

      • #175481

        23057 is not the culprit for that but usually 23814. I have both of them hidden and sometimes they pop their head out of the hidden list and I hit them with the hammer again ^^.

        2 users thanked author for this post.
        • #175648

          anonymous, I’m sorry, but I’m in the dark as to what 23057 and 23814 are?

          • #175649

            Short for KB 4023057 and KB 4023814

            1 user thanked author for this post.
            • #175657

              Duh … I still need some sleep! LOL

              However, I used to keep both of these updates hidden and didn’t install them. I don’t think they’re even offered to me anymore (I’m not sure), but I’m sure neither has been installed on any of my computers.

      • #175515

        A problem with some Windows 10 update blocking methods is that when updates are turned on, automatic updates may start downloading and installing. Perhaps that’s what happened to you. In my opinion, what is needed is a method that stops automatic Windows 10 updates; I will be testing this method for hopefully doing so soon.

        KB4023814 is an update that installs the Windows 10 Update Assistant. See this post for how to get rid of the Windows 10 Update Assistant.

        1 user thanked author for this post.
        • #175639

          @MrBrian … I followed the instructions you provided for how to get rid of the Windows 10 Update Assistant to the letter. Since the Assistant had been installed on the desktop computer, every step was pertinent to it. BTW, when I booted the desktop this morning, up popped the Update Assistant again and installation of 1709 began. There was, indeed, a Scheduled Task set to run the Assistant at startup. Unbelievable!!

          On the other two computers only the KB4023057 Update was installed, so it was mostly just uninstalling that and checking that the other items were already as they should be.

          One other strange thing, though, is that I’ve been keeping KB4023814 hidden, along with KB4049411, KB4033631, and KB4056254, and none were ever installed on any of my three computers. I did a search just to make sure, and they couldn’t be found. Anyhow, hopefully I now have everything cleaned up and blocked again, For now. But as soon as any of my computers connect to Windows Update Service again …

          Thank you very much for your help.

        • #175661

          Supposedly (KB4023814 => Windows 10 Update Assistant) cannot be uninstalled, at least not easily.

          I have seen many posts on how to disable the totally obnoxious Update Assistant; yes you use the Task Scheduler, but no need to get into triggers or anything else; simply disable the three tasks listed below

          > Microsoft > Windows > UpdateOrchestrator

          UpdateAssistant

          UpdateAssistantCalendarRun

          UpdateAssistantWakeupRun

          So far on my three home PCs, Microsoft has not yet re-enabled these tasks. Don’t be surprised if they do, so check regularly.

           

          1 user thanked author for this post.
          • #175679

            Thanks, Terry. Doing what you suggests was part of the routine suggested by MrBrian, and I’ve done that on all three of my computers. So far, so good.

            How do you suggest we proceed with hiding the monthly updates until Woody gives us the MS-DEFCON 3 light, and postponing and/or skipping any upgrades we don’t want? I’m at a loss right now. I’m stuck with all three of my computers locked down where, hopefully, MS can’t get through to install the 1709 Upgrade. But as soon as MS sees that Windows Update Service is on, updating they go!

      • #175533

        Replying to one’s own post isn’t kosher, I know, but I could think of no other way to thank everyone for your help and suggestions. As soon as I get a little more sleep and rest, I’ll begin acting on each of your suggestions and input individually. I’ll probably have more questions also, but right now, I just need a some napping and resting time.

        Thanks again, and, please, anyone with more help to offer, keep it coming! 🙂

        I’m a stubborn old cuss and just hate to “surrender” to MS’s complete takeover of my computers! A great day to everyone and thanks again!

        1 user thanked author for this post.
      • #175568

        More info: If I recall correctly from testing in 2017, the Windows Update service must be enabled in order for wushowhide to function properly. When the Windows Update service is enabled, then, depending on your settings, automatic updates might start to download and install before you’re able to hide updates with wushowhide. One of the updates that might be downloaded and installed by automatic updates is KB4023814, which installs the Windows 10 Update Assistant, and then the fun begins.

        1 user thanked author for this post.
        • #175644

          Yes, Windows Update Service has to be running to use wushowhide, as well as WUMT, which is my favorite. I don’t think my reflexes are still fast enough to win the race to hide anything before MS starts the upgrade! LOL

    • #175363

      Windows 8.1 Group B Guinea Piggy here.

      All systems seem to go after this month’s security + flash updates.

      Now back to Linux Mint Debian. See you next month.

      1 user thanked author for this post.
    • #175369

      Out of curiosity, what build revision is this update supposed to bring Win 10 v1709 up to?

      From my test system that’s on 16299.251, I ran Windows Update and it just showed MSRT, an Adobe Flash update, and a Windows Defender definitions update.

      I don’t know how I’ve gotten it into this state, but as far as I can see I have one of the few Win 10 setups that’s hesitant to install new updates. I like it! Wish I knew which of the many things I’ve done that’s led to this enviable state. 🙂

      I do currently see Cumulative Update KB4088776, dated March 10, in the catalog… I think I’ll pull that onto this test system manually and see how it goes…

      -Noel

    • #175372

      Did the updates on a five year old Sony laptop, Win 10-64 bit.

      Download/install/cleanup/defrag 2.5 hours. No issues.

      Now will put the laptop back in it’s protective sleeve until next month.

      Back to the chrome book and iPad………

    • #175383

      Internet Explorer 11: 7 vulnerabilities, 2 critical, 5 important
      Microsoft Edge: 16 vulnerabilities, 12 critical, 4 important

      Don’t tell me how Edge is so much more secure than IE.

      By that criteria, Edge is more secure than Firefox (which got 18 security fixes today) and Chrome (which got 45 security fixes last week).

      Would you expect a 22-year-old browser to have more bugs than one being actively developed?

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      • #175402

        Yes, I would. Why would anybody want to take a step backwards and have more vulnerabilities in the newer one?

        Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

      • #175410

        Edge and IE are updated monthly. Google Chrome and Mozilla Firefox aren’t on a set monthly cycle. For example, Mozilla last released security updates for Firefox around the end of January 2018.

        Edge had 12 critical and 4 important.

        Firefox had 2 critical, 4 high, 7 moderate, and 5 low.

         

        Regarding Edge, it’s not Woody who’s saying Edge is more secure than IE. Microsoft has touted Edge’s security features in ads inside Windows 10 (among other areas). Thing is, most of those claims come from an older NSS labs report where SmartScreen was doing the heavy lifting. But the web evolves.

        Yes, Microsoft really wants us to use Edge, and security issues aside, the compatibility is still evolving. Hopefully Edge will fully supplant IE for all the right reasons.

        1 user thanked author for this post.
      • #175523

        Would you expect a 22-year-old browser to have more bugs than one being actively developed?

        I would expect Microsoft to tell the truth. Too much, I know.

        ASUS PRIME Z270-K * Intel Core i7-6700 * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * SanDisk Ultra 3D 1TB SSD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 21H2 64-bit
        1 user thanked author for this post.
    • #175400

      Hello again.

      Once again Error 80070057 trumps my March’s IE security update. Never thought such error could be that resilient. *sigh*

      But no, I shall not let such cold-blooded error spoil my month as I will remain vigilant and optimistic. If what Gone to Plaid said about IE security updates not being cumulative was true, then I’m not going to waste my anxiety over this matter.

      – “Failed to Install KB” Anonymous

    • #175525

      Why are there almost no critical updates anymore? There have only been like one or two critical updates in the last few months. And what are “Important Updates” anyway? They’re obviously not important, so what are they?

    • #175527

      This issue was added to some Windows 10 KB articles (example): “Users with Windows 10 Version 1709 Enterprise that have installed the January 2018 Delta package may encounter failure issues when installing the February and March 2018 updates from the Microsoft Update Catalog. Specifically, the Windows 10, version 1709 February Delta Update may silently fail.”

    • #175537

      I’ve been interested in this too.  Earlier months the “Windows Next” updates were labled as TEST, but these look official.  My assumption would be they apply to 1803 which has probably been locked down at this point.

      Looking at the update details, some have links that go to dummy pages (KB4087657), one is a Server Next update (KB4087658), but the page is about a compatibility update for Win 10 1803 upgrade.  I’m going to guess the veil will be removed when 1803 drops.

    • #175547

      Daft person here. On all three virtualized (ESXi) Windows 2008 R2 servers that we installed the updates on, the network adapters (vmxnet3) got removed and recreated. Had to go in and reassign the static IPs. Our physical 2008 R2 server that updated, virtual 2008 R2 server that didn’t update, and virtual 2016 server that updated were all fine.

      2 users thanked author for this post.
    • #175721

      Not sure if this is a Patch Tuesday issue since it’s now Wednesday, but my fully patched Win 10 machine (FCU build 1699.309 – Asus Haswell era) just received a list of 27 (yikes!) driver updates from Windows update.  Maybe half of the descriptions have dates, – all in 2016 or 2017.  I hate driver updates!  Anybody else seeing this?

    • #175760

      Before, I had Spectre protection on my Ivy Bridge computer.  How I got it, I don’t know – perhaps from Firefox.  Then I installed KB 4088879, and now my computer runs slower.

      InSpectre reports that I now have Meltdown protection on my computer, but no Spectre protection.  InSpectre will not disable the Meltdown protection (although it tries to) so unless I uninstall KB 4088879, I am stuck with a slow computer.

      Windows 8.1 Group B

      Thanks PKCano.

      1 user thanked author for this post.
      • #176744

        @anonymous:

        The reference to FIREFOX caught my eye!  I haven’t installed anything since March 10th, and that was:  KB4076492.   I just left the MSRT there, and probably the WD update as well.   I normally don’t install those.    Win 7, Home Prem., x64, Group A.

        The FIREFOX caught my eye because I had a huge problem trying to install the new version (think it’s 59.0.1) today.  I went to the website, and it wouldn’t accept my password, so I was forced to get a new password.  I have had this browser for “years”, and have never had such an exasperating experience!!!   Got it straightened out, however it does make me wonder “what is the reason” that this occurred.  I only installed the one update patch as listed above.

        I had about 2 or 3 prompts between yesterday and today to update the browser, and then decided to just update it from the “Help” menu, at which time I encountered these problems.

        Anyone else have any problems similar to the one I had?   Makes one wonder exactly what the issue was that caused this.    In other words how could something such as this be “changed” in such an invasive manner??

        • #176752

          Hi walker!

          Sorry to say, but I’ve never been asked for a password on Mozilla’s site at all. Also, I’ve never had to use a password to update Firefox, dating all the way back to Firefox 3 or 4.

          I’ve always used the built-in updater in the Help menu, as you did this time, to check for and apply updates, except once when Mozilla changed Firefox enough so that we all had to download a completely new copy, and restore our profiles from a backup.

          When you said “I went to the website, and it wouldn’t accept my password, so I was forced to get a new password”, were you speaking of the Mozilla website for obtaining a new copy of Firefox (firefox.com) or was it their support website login at https://support.mozilla.org/en-US/users/auth possibly?

          If so, you don’t need to login to that support website to get the latest version of Firefox, just use the feature that’s built-in to the browser like you did earlier today, although I still don’t see why even that feature asked you for a password. That issue (updater in the help menu asking for a password and user account login) makes it sound as if you might be infected with some password stealing malware. 🙁

          1 user thanked author for this post.
          • #176905

            @Bob99:   Hi, again!  No, I have never had to log into anything to update Firefox either.  Only when I am accessing the Mozilla Support site (to ask a question), and that link is:

            Support.mozilla.org/en-US/questions/new/desktop/other/form?search=Partially+encrypted+connection+in+secure+site+(Yahoo%2C+after+signing+in)&step=aaq-question

            This site is down today for updating work, according to the message there.  On this website one must have a “name” and password both.  Have never had a problem logging in there, however it just would not accept my password, so it was necessary to obtain a new one.  I too have used Firefox “forever”, however never had the problem you described in your post.

            Like you, I have usually just used the method available on the browser for updating, and never had any problems.   This time was different, and I was unable to update.  Therefore I was able to contact them and request a new password.   I hope I never have that problem again, as it was very upsetting after using this browser for so many years and never having a problem with it.

            Thank you for citing your history reflecting that you have never had any problems.   I hope I never do again.   🙂

             

    • #176506

      https://www.pcworld.com/article/3262165/security/intel-issues-meltdownspectre-fixes-for-ivy-bridge-sandy-bridge-as-patch-effort-winds-down.html

      https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf

      Above is about — “Revised”2nd-G Sandy Bridge CPUID 306A7 (InSpectre shows this for me) – And – 3rd-G Ivy Bridge CPUID 306A9 — Patches for Meltdown-Spectre and they show “PRODUCTION” as status.

      My Gateway DX4860 is NOT on the Acer page  but I thought I’d post this in case someone benefits from it as Patch releases occur. Can’t make much of it with my readings so far — But FYI. Remove Hyperlink/Paste doesn’t work for posting the URL’s so always Save As .TXT & Then Paste to be safe.

      W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

    • #176823

      Macrium is reporting issues in Win 7/10 computers following the recent Windows updates.  Their release notes contain the following:

      A Windows Update on the 13th March has caused some Windows 7 and 10 32 bit systems to fail to load Windows after updating. The error occurs when kernel mode driver ‘pssnap.sys’ loads at boot time. This update removes ‘pssnap.sys’ from boot time configuration. Note: Simply deleting the file is insufficient to resolve the problem.

      We recommend that 32 bit installations of Macrium Reflect on XP, Vista, Windows 7, and Windows 10 upgraded from Windows 7, 32 bit operating systems update to this release.

      If you have already updated Windows and experience this error then please see this KB article for a solution:
      https://knowledgebase.macrium.com/display/KNOW7/Windows+7+32+bit+BSOD+after+MS+Windows+Update

      If you have not yet updated Windows then please update to this version of Macrium Reflect to enable Windows to update without problems.

      After updating, XP, Vista and Windows 7 32 bit systems, will no longer have ‘pssnap.sys’ available. If MS VSS shadow copies fail, then your backups will no-longer fall back to using ‘pssnap’. Please ensure that any VSS errors are resolved to successfully complete your backups.

       

      Edited for HTML. Please use text tab when using copy and paste in your replies.

      2 users thanked author for this post.
    • #178170

      Note added to March 13, 2018—KB4088875 (Monthly Rollup) (Win 7) and March 13, 2018—KB4088878 (Security-only update) (Win 7): “If the version of PCI.SYS file is less than 6.1.7601.21744, please follow the step-by-step instructions outlined below before applying this update to physical or virtual machine:”

      3 users thanked author for this post.
      • #178189

        This script needs to be run with admin privileges.

        1 user thanked author for this post.
        • #178223

          @Mr.Brian:   I haven’t used the Admin Privileges since you provided the information to restore my “very serious problem” months ago, so I would have to try to do some “homework” on this one.   Thank you again for everything you post which is so helpful to us all.     🙂

      • #178195

        I believe that Microsoft should add the same note to March 23, 2018—KB4088881 (Preview of Monthly Rollup) (Win 7).

        3 users thanked author for this post.
      • #178197

        Seriously??!! There’s no way I’m going to attempt that and I’ll bet there’s no way a typical home user would attempt it either. Then again, I’m not being offered the Rollup in Windows Update, so I’ll just wait until I am, at which point I’ll also assume I won’t need to run scripts.

        Um… I would be right in assuming that at some point these patches should not require the user running a script, and that they would just install on their own after I click an OK to install button??

        1 user thanked author for this post.
      • #178210

        What @MrBrian mentions in post 178189 just above,

        This script needs to be run with admin privileges.

        and what @DrBonzo mentions in post 178197 also above,

        Seriously??!! There’s no way I’m going to attempt that and I’ll bet there’s no way a typical home user would attempt it either. Then again, I’m not being offered the Rollup in Windows Update, so I’ll just wait until I am, at which point I’ll also assume I won’t need to run scripts. Um… I would be right in assuming that at some point these patches should not require the user running a script, and that they would just install on their own after I click an OK to install button??

        are, I believe, the biggest reason(s) that MS pulled KB4088875 from being offered through the WU channel to users. They probably figured that most folks using that method to install rollups wouldn’t be able to or wouldn’t desire to install that patch with anything other than the proverbial click of a mouse.
        Notice that the word “most” is in italics above, as I know there are still folks who are being offered the patch via WU, but that it’s unchecked by default for them.

        I was initially offered the update for both of my machines, but it has since been pulled, and has been replaced by the preview offering for next month, which shall remain uninstalled as I don’t install any previews of MS patches, only “production” releases. Production is in quotes because, with MS patches lately, most seem to be a preview anyway with their assorted problems each month. 🙁

        1 user thanked author for this post.
      • #178211

        Note added to March 13, 2018—KB4088875 (Monthly Rollup) (Win 7) and March 13, 2018—KB4088878 (Security-only update) (Win 7): “If the version of PCI.SYS file is less than 6.1.7601.21744, please follow the step-by-step instructions outlined below before applying this update to physical or virtual machine:”


        @MrBrian
        , I also happened to notice that KB4088875 was last updated today, the 25th of March, so maybe the note you mention is what was changed in it.

        For everyone else reading this thread, if you don’t recall where the file pci.sys is and want to find it, it’s probably in your System32/drivers folder.

        2 users thanked author for this post.
        • #178215

          Yes, my PCI.SYS file is in Windows > system32 > drivers.

          I’m assuming that since the last five digits on my file are 17514 that’s it’s older than a file that has 21744 as its last 5 digits and that therefore I would need to run the script. Still think I’ll wait before doing anything. MS needs to fix this.

          1 user thanked author for this post.
          • #178219

            Same here!! Waiting till it’s ok to install next month’s official rollup which will hopefully have a fix or two for some of the [problems] from this month’s “patch”. 😉

            1 user thanked author for this post.
          • #178265

            My pci.sys is also at 6.1.7601.17514 dated 22 Nov 2010. I am hanging off as the only update to Windows 7 is shown as KB4088881 which is the preview for March 2018.

            • #178449

              @Pierre77: to clarify things for me: in Windows Update you now get offered KB4088881 (the preview), but not KB4088875 (the rogue March update)? Or do you get offered both?
              ~Annemarie

      • #178540

        The script has been altered by Microsoft.

        1 user thanked author for this post.
    • #178599
      2 users thanked author for this post.
    • #179122
      1 user thanked author for this post.
      • #179143

        More updates released today…

        In keeping with minimalism, are any of these patches absolutely necessary?

        Carpe Diem {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
        offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
        online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
        • #179192

          No, unless you’re having this particular problem and want it fixed sooner rather than later. These fixes will very likely be included in the April 2018 Windows monthly rollups.

          4 users thanked author for this post.
    • #179462

      Microsoft has released update KB4099950:

      “This update addresses issues introduced in KB4088875 and KB4088878 for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 where a new Ethernet Network Interface Card (NIC) with default settings may replace the previously existing NIC, causing network issues. Also addressed, is an issue where static IP address setting are lost after applying the update. These symptoms may be seen on physical computers and virtual computers running VMWare.”

      1 user thanked author for this post.
      • #179468

        This update doesn’t appear to replace any existing files. Rather, it runs a file it contains called PCIClearStaleCache.exe.

        • #179545

          So it’s the easy automated version of the vbs script

          it checks if KB2550978 hotfix is installed (or any superseder)
          the hotfix actually describe the mess with NIC and March updates in very informative way

          i wonder why Microsoft didn’t roll out that important fix years ago through WU

          1 user thanked author for this post.
      • #179471

        From the link: “Important:  This update must be installed prior to installing KB408875 or KB408878″

        3 users thanked author for this post.
        • #179497

          “Important: This update must be installed prior to installing KB408875 or KB408878″

          Congratulations to MS who can’t even get the KB numbers correct – only 6 digits ? Great quality control…

          Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

          2 users thanked author for this post.
        • #179500

          That should be KB 4088878 March 2018 Security Only

          1 user thanked author for this post.
        • #179501

          KB4088875 was released March Patch Tuesday. Time flies backward.

          Carpe Diem {with backup and coffee}
          offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
          offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
          online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender
          1 user thanked author for this post.
      • #179694

        After installing KB4099950, it creates log file \windows\logs\PCIClearStaleCache.txt.

        The contents of my PCIClearStaleCache.txt on a virtual machine:

        Path = C:\Windows\system32\drivers\pci.sys
        pci.sys file version is 6.1.7601.17514
        Pci.sys indicates KB2550978 or later KBs *NOT* installed
        Deleting the PCI SlotPersistentInfo registry keys…
        Deleted PCI SlotPersistentInfo registry keys successfully

        1 user thanked author for this post.
      • #179729

        Update KB4099950 repeatedly refused to install in my virtual machine via Windows Update, with error 80243004. I looked up the error message at https://support.microsoft.com/en-us/help/938205/windows-update-error-code-list: “0x80243004 WU_E_TRAYICON_FAILURE A failure occurred when trying to create an icon in the taskbar notification area.” A web searched led to this link, whose solution fixed the issue. If you don’t want to use this solution, I also found that manually installing KB4099950 via the Catalog works fine.

    • #179659

      Today I installed KB4099950, but i already have installed KB408875. Can i broke something with this? I didnt notice it must be installed before mothly patch.

      • #180611

        I figure that if you are here and posting, then your networking did not get hosed. If you can see other computers on your network and those computers can see your computer, then you should be good to go.

    Viewing 35 reply threads
    Reply To: March 2018 Patch Tuesday

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: