March 2018 Patch Tuesday

[woody]

The patches are starting to appear. I’ll keep this post updated as the situation becomes more clear. The master list — the Security Update Guide — i
[See the full post at: March 2018 Patch Tuesday]

10 users thanked author for this post.

walker, MrBrian, zeuswoz, Tiernan, Fred, WildBill, JDeC, Microfix, AJNorth, Elly

[PKCano]

AKB2000003 has been updated 3/13/2018 for Group B Security-Only and IE11 updates.

14 users thanked author for this post.

SueW, Tiernan, samak, abbodi86, rowrbazzle, JDeC, fk5353, Justin42, OscarCP, Pepsiboy, David F, AJNorth, Elly, Microfix

[Rawr]

KB2952664/KB3150513

KB3080149/KB3022345

Should combine the telemetry for the two listed below as you have done with the two listed above. They both require the first update as prerequisites in order for the second one to even show.

Right now you have it for Win7 as:
KB2952664/KB3150513
KB3021917
KB3022345
KB3068708
KB3080149

[anonymous]

These updates appeared on my WSUS server about an hour before the patch Tuesdays official release time at 10:00 AM PDT (Redmon time).
I don’t recall seeing the term “Server Next” since well before Windows 2016 was released.  And I don’t ever recall seeing Windows 10 version next as a name.
Yet another head scratcher from Microsoft.

Email from WSUS below:
New Update Alert
The following 5 new updates have been synchronized to WSUS2 since Tuesday, March 13, 2018 4:20 PM (GMT).

Critical and Security Updates
2018-03 Cumulative Update for Windows Server Next for x64-based Systems (KB4087658)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-03 Update for Windows Server Next for x64-based Systems (KB4087657)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-03 Update for Windows 10 Version Next for ARM64-based Systems (KB4087657)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-03 Update for Windows 10 Version Next for x86-based Systems (KB4087657)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-03 Update for Windows 10 Version Next for x64-based Systems (KB4087657)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Regards,

Jim

2 users thanked author for this post.

Microfix, woody

[anonymous]

Noticed in the monthly rollup (KB4088876) that states:

“Provides cumulative Spectre and Meltdown protections for 32-Bit (x86) and 64-Bit (x64) versions of Windows except the KB4078130 update that was offered to disable mitigation against Spectre Variant 2.”

Given the recent announcement that MS would release microcode in addition to what OEM is doing, does the March Monthly Rollup include the microcode?

[PKCano]

I don’t believe the microcode will be released in any of the Rollup or security -only patches.

7 users thanked author for this post.

walker, abbodi86, JDeC, OscarCP, woody, AJNorth, Microfix

[anonymous]

Hello, I have a new Windows 10 laptop still in the box, never turned on. I am wondering how  you would recommend setting it up so it doesn’t automatically with the current updates as it starts up and goes through beginning stages. Also, for those updates that were found to have issues and they put “fixes” in new updates, what happens when people attempt to update after. Does it download the original and the fix or neither or does it ignore the bad one and the updated one takes care of them both?  Thanks for the help!  🙂

[PKCano]

The best way is to start up the first time disconnected from the Internet. That way you can choose a local ID and get all your settings right before you face the Microsoft update problem. Read on this site how to block the updates until you are ready.

The updates for Win10 are cumulative, so each one carries all the earlier updates plus the current fixes. So you don’t have to do a whole lot of patches to be up to date

[b]

Installed two updates: 12 bug fixes and 13 security fixes.

No issues. What’s all the fuss about?

(Windows 10, version 1709.)

“daft glutton”

Windows 10 Pro Version 2004: Group ASAP (Pioneer/Chump)

1 user thanked author for this post.

zero2dash

[PKCano]

@b
You signed your post this time?

[b]

Just with Woody’s nickname for those of us in Group “M” on whom the rest of you rely.

Windows 10 Pro Version 2004: Group ASAP (Pioneer/Chump)

1 user thanked author for this post.

woody

[OscarCP]

Acknowledging your spirit of sacrifice, we thank you for your service.

Our thoughts and prayers are with you.

 

Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

14 users thanked author for this post.

johnf, David F, woody, Cybertooth, b, samak, CADesertRat, BobbyB, Karlston, lurks about, JDeC, MrJimPhelps, fk5353, Elly

[Schnarph]

It’s not nice to poke fun at those that trust MS updates only to have their main source of productivity/income replaced with trouble shooting the OS for days on end. If you truly believe they are all lying, that makes you the conspiracy theorist rather than those who stay informed reading sites like this one.

 

1 user thanked author for this post.

Cybertooth

[zero2dash]

Not speaking for b, only on what I’ve seen –
10 has the tendency of negative posts and ridicule on its own; some people take it too far IMHO. Yet when someone (such as b) posts something positive about 10 or its updates, they’re usually ridiculed more or its insinuated that they’re lying, a shill, or full of it.
What you say in your post is a 2 way street – keep that in mind (and it’d be nice if everyone actually did). Just because some people have trouble with an OS or a piece of software doesn’t mean everyone does; similarly, just because you don’t have trouble doesn’t mean others don’t. 10 isn’t for everyone, but at some point, everyone will have to “make a move” whether it’s running unpatched with an old version, upgrading and biting the bullet, or switching to Apple, Google (Chromebook), or a flavor of Linux.
Being that 1703 and 1709 have been flawless for me on all my machines, I (like b) have basically given MS a longer rope and I do install patches as they’re released. If a machine goes up a creek, I have daily backups to restore from. I’m glad to be in a place to not fret over updates like I did with all my 7 machines over the last several years. (And yes, I do have workstations for “work”, as you mention.)

[anonymous]

Keep in mind that b and zero2dash are Win 10 IT Admins running the Win 10 Ent edition and who are well-versed in testing and recovering Win 10 from botchy updates and upgrades – unlike the average Joe and Jane running the Win 10 Home or Pro edition.
Eg most average Joe and Jane do not have another test machine to test Win 10’s forced updates and upgrades before actually installing them on their “production” machine/computer.

[zero2dash]

@ “anonymous” above:
No sure if sarcastic or not…
Yes I am on a team that manages Win10 Enterprise (both 1511 and 1703 builds) via SCCM for a large company with about 2,200 Win10 machines in the field including desktops, laptops, and Surfaces. We do delay updates for approximately 3 weeks from gen pop….they push out to test 1 week after patch Tuesday, then a small subset (mainly IT) the 2nd week, then when it’s all clear, 3rd week they go out to gen pop.

I do run 10 Pro at home and in my VM’s, and all my physical machines back up every night at 5:30am via Veeam Endpoint. Initially I deferred upgrades for 365 days and updates for 30 days but have since extended that MS rope and now the only update control I practice on my machines is changing the active time so when updates install, my machines only boot when they’re not being used.

Am I the typical “John and Jane Doe”, no, I’m not, but that doesn’t mean “John and Jane Doe” are having problems either. People who have problems, complain. People who don’t, don’t. Taking /r/Windows10 as anecdotal evidence, probably <5% of Win10 installs have problems and therefore complain. You (and others) may wish those numbers were more skewed, and more worse, but the fact is, they’re not.

[OscarCP]

Dear zero2dash, et al.,

Speaking for the gen pop, or general population in normal-speak, I don’t see what the hurry is for us, gen-poppers, to update anything, or has ever been, after any Patch Day in living memory, except, perhaps, for the few occasions when some actual plague of malware was really unleashed on the world.

Sysadmins, who’s job is to take care of whole bunches of machines, have different priorities, so they tend to do things quite differently from us, gen-poppers (a.k.a. the hoi polloi.)

Not being anybody’s sysadmin but my own, I have decreed, for now and forever, with the most severe penalties imaginable to any trespassers regardless of who they might be, that I must wait a while, rather patch right away and be, in consequence, summarily condemned to join the 5% of those who are, using Woody’s expression, left “spitting nails.”

So, why is there even a discussion of this non-issue going on here?

My motto: Be Group B, or die!

Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

[mindwarp]

Personally, I suspect that percentage of people who have complaints about Win10 is too low, actually.  Keep in mind that there are many people who own computers who just know how to surf the web and send email, and at a very, very basic level at that – and they do own Win10 computers because they’re used to Windows.  I help people like that with their laptops all the time, as part of my job (I work in the reference department at a public library, so we also do tech help).  I hear a LOT of complaints about Win10 from average users on a regular basis, including update issues, and many of them would never think of even looking for a tech site to look for help, much less voice their complaints.

1 user thanked author for this post.

dononline

[woody]

Naw, @b isn’t lying. He sees the patching process differently from the rest of us. It’s an important point of view.

Keep in mind that major problems only crop up on a minority of machines. How few is open to debate — only Microsoft knows, and they ain’t tellin’. In the majority of cases (with unusual exceptions like January’s crop) the problems only hit 1 in 10 or 1 in 100 machines. If you’re the “1” you’re going to be spitting nails. And for good reason.

4 users thanked author for this post.

Cascadian, OscarCP, Elly, walker

[anonymous]

I’m glad things worked out for you this time.

Problem is, there’s a valid reason why folks react the way they do. And it’s not just here on AskWoody. Sure, this site tends to be more vocal because (I believe) the average technical ability is much higher here than at many other tech help communities.

I’m very familiar with your unique posting style and comment history. But one has to admit that (especially recently) MS patches haven’t had a great track record. People aren’t making this stuff up just because they dislike Microsoft. In many cases, people dislike Microsoft because of what Microsoft has done, whether it’s forced upgrades like GWX, countless buggy patches, and show-stopping compatibility issues. And it’s not a rare thing anymore, it’s become an almost monthly affair.

Windows 10 has changed so many things about Windows, and some of these changes are regressive.

1 user thanked author for this post.

Cybertooth

[zero2dash]

My 1709 machines pulled down the updates and installed with no issues as well.
I’ll reiterate once more that I’ve had 0 issues with 1703 or 1709 or the updates for either, on several machines of varying configurations (some physical, some virtual). IME MS has done better on those versions with updates than all other versions of Windows.

[Microfix]

Known Issues for March 2018 updates

(Windows 7) SMB Servers may leak memory after installing the update — Fix in the works.
(Windows 7) Stop error on machines with the Physical Address Extension (PAE) mode disabled — Update is not delivered to 32-bit systems with PAE disabled.
(Windows 7) Stop error on machines not support Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2) — Fix is in the works.
(Windows 7 and 8.1) No updates for systems without compatible antivirus solution or Registry key set — Set Registry key:

XXX

XXX = unable to insert code due to security of WordPress, see Ghacks March 2018 updates

All the more reasons not to update until MS-DEFCON 3 if any of these specifications are relative to your system.

Thanks again to Martin Brinkmann for a rapid investigation to this months patches!

Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |

3 users thanked author for this post.

David F, JDeC, OscarCP

[Pim]

And again Office 2007, which officially “died” in October 2017 (EOL), received resuscitation: it received March updates. It has received monthly updates up till now without any exception. This does raise a question: are all vulnerabilities in Office 2007 still being patched or just some of them? The last couple of months Office 2007 received less patches than Office 2010, I noticed. This could mean two things: either Office 2007 has less vulnerabilities or not all vulnerabilities are patched. Because there is no statement whatsoever about why MS keeps patching Office 2007 that is a question I do not dare to answer. Fortunately I jumped to Office 2010 in August last year, so I do not have to worry about it. But this patching practice for Office 2007 is weird and certainly unclear.

ASRock Beebox J3160 - Win7 Ultimate x64
Asus VivoPC VC62B - Win7 Ultimate x64
Dell Latitude E6430 - Win7 Ultimate x64
Dell Latitude XT3 - Vista Ultimate x86 (still...)
Gigabyte GA-H110M-HD3 DDR3 - Win10 Pro 1809 x64

[Elly]

KB 2952664 disappeared from Windows Update (even the hidden ones) on Saturday when I checked…
It’s back… and thinks its important, too! So important, that it is tucked away, safely hidden once more…

Non-techy Win 10 Pro and Linux Mint experimenter

4 users thanked author for this post.

walker, Cascadian, samak, JDeC

[Cascadian]

I had wondered if the metadata change would have made the reissued and promoted KB2952664 appear on the KBNew list from headliner links near top of page. Many old patches have had edited articles listed and caught by MrBrian’s listing machine. But not our dear friend. Microsoft likes to keep its mysteries to themselves.

[anonymous]

It seems the date and month of Spring creators Update (1803 have been decided)

I naturally going to skip 1709 and will install 1803 until Woody approves its installation.

[T]

Don’t tell me how Edge is so much more secure than IE.

Likewise, don’t tell me how Win10 is so much more secure than 7 or 8.1 despite attempts of microsoft pr to convince us otherwise. The number of vulnerabilities every single month is proof enough.

1 user thanked author for this post.

Cybertooth

[SkipH]

Am I the only one that has noticed that a link to a Microsoft web page given in the main “March 2018 Patch Tuesday” article on the Home page gives a 404 error, Sorry, Page not found:

https://support.microsoft.com/en-us/help/4091666

There’s at least one other invalid link to another MS page:

https://support.microsoft.com/en-us/help/4091664

Note that these are errors on a major MS page discussing ‘fixes’ to various problems. Apparently, MS does not check its web page ‘programming’ any better than it checks it patches.

PS: another one,

https://support.microsoft.com/en-us/help/4091663

[abbodi86]

Yes, the microcode updates for Win10 1703 and below are not live yet

2 users thanked author for this post.

woody, PKCano

[abbodi86]

And this article will gather the released microcode updates, when available
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

1 user thanked author for this post.

walker

[abbodi86]

1703 and 1607 ones are up
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4091663
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4091664

1 user thanked author for this post.

MrBrian

[RetiredGeek]

Woody,

you’d have to be a real glutton for punishment — and a daft one at that

Well, that certainly sounds like me! ???

So away we go… Of course this was done on my backup computer which has just been imaged 2 days ago!

Haven’t found a problem yet…

FYI: Dell XPS 8700 Win 10 16299rs3_release 170928-1534.

 

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Attachments:

You must be logged in to access attached files.

[woody]

Ain’t it fun on the bleeding edge? 🙂

[WildBill]

This is related to Intel Microcode Updates for the Meltdown/Spectre problems which haven’t occurred in the wild yet. When they are applied during MS-DEFCON 3 or higher, will they be obtained through Intel or Microsoft? Still not sure which will be the source. BTW, here’s the Intel Microcode Revision Guidance PDF as of March 6. More have gone to Production, including Ivy Bridge, which is my product.

Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V2004. As long as it's a Lot Less Buggy!
Wild Bill Rides Again...

2 users thanked author for this post.

MrBrian, woody

[CADesertRat]

My Ivy Bridge isn’t on the list as far as I can tell ( i7-3770, stepping E1, Ivy Bridge-DT )

Don't take yourself so seriously, no one else does 🙂
4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

[MrBrian]

You might be able to get the microcode update via an update from Microsoft and/or a firmware update from the device manufacturer.

[walker]

@Mr.Brian:  I found the name of my Core-3, a long time ago, and at that time it was considered to be safe.    I did not write it down at the time, and can’t recall which one it was.  Is there the procedure I used the first time to locate it still available?  Thank you for any information you  may be able to provide, and all of the other invaluable advice which all members are very grateful for.    🙂

[MrBrian]

https://www.howtogeek.com/196893/how-to-open-the-system-information-panel-on-windows-8/

1 user thanked author for this post.

walker

[walker]

@Mr.Brian:  Thank you for providing the information.   I will attempt to utilize the information as soon as I have time.  Seems it had something about “Sandy” in it.  (Too bad my memory isn’t better).    Your help is most sincerely appreciated, as always.    🙂

[anonymous]

Finally, Microsoft felt that Windows 10 Pro 1709 boxes should receive cumulative updates again and removed the block preventing updates showing up via Windows Updates. It’s remarkable that Microsoft refused to provide Windows 10 Pro 1709 users Windows updates for more than 2 months.. Nonetheless, most of Microsoft’s sites (i.e. msdn.microsoft.com) no longer play well for Internet Explorer 11. Looks like the deliberately mess with their sites to force users switch to a different Web browser.

[anonymous]

Am i the only one that finds fishy that they lift the antivirus ban from updates?

Sounds to me that they want to force the Spring creators update…..

1 user thanked author for this post.

Fred

[PKCano]

I think Microsoft is lifting the anti-virus restrictions because they feel the anti-virus programs are, for the most part, compliant/compatible.

1 user thanked author for this post.

Elly

[anonymous]

well I won’t deny that that is one of the reasons of the lift, however I still believe that is the cause.

[Justin42]

Another glutton for punishment with no obvious issues with the 1709 update on either my work computer (i7-7700, Win 10 64-bit Enterprise) or Surface Pro 4.

Maybe this will give me the nerve to install it on my home machines. 😉

[Fred]

anonymous wrote:

Am i the only one that finds fishy that they lift the antivirus ban from updates? Sounds to me that they want to force the Spring creators update…..

Thinking the same here

After all.. Just because we're paranoid doesn't mean they aren't out to get us.

[dononline]

Well, this just ain’t my day. I almost had this comment finished and hit a wrong key or something and lost it. I’ll try to do another one.

So, I have all the known — at least to me — settings in place on all three of my WIN 10 1607 Pro computers to keep MS from force feeding any of them the WIN 10 1709 Upgrade. I’m not going to take the time to list all the settings I’ve made and programs I use to accomplish this again (I’m a “hunter and pecker” typist and I’m too upset to go through that again), but trust me, I have my computers locked down like the gold at Ft. Knox, doing all the things we’ve talked about here in the Lounge.

Today, on my Desktop Computer, I fired up Windows Update Blocker to turn Services back on so I could check for updates with Windows Update Mini-Tool, and hide them until Woody goes to MS-DEFCON 3 this month. (I check often for updates and apply any Windows Defender virus definitions immediately, which is usually every day.)

But today? Surprise, surprise, surprise! After I had hidden all the monthly updates and had updated the Windows Defender virus definitions, before I could go back to Windows Update Blocker to turn Services back off, guess what popped up? Why, it was the good old Windows 10 Update Assistant and the upgrade to WIN 10 1709 was speeding right along!

I cursed a few times, shut down the computer with the ON/OFF Button on the CPU, unplugged the router power cord to shut down the Internet connection, and cursed a few more times.

So, right now I have a pretty little shortcut to the Windows 10 Update Assistant on my desktop, and two new folders on the root of my C:/ drive: $GetCurrent and Windows 10 Upgrade. The $GetCurrent folder is created during the upgrade process. It contains a log file about the last Windows upgrade. The Windows 10 Upgrade folder has a slew of files and folders and, since it contains Windows10UpgraderApp.exe, I’m guessing it’s the files for the upgrade to 1709.

Now mind you, all this is AFTER uninstalling the Update for Windows 10 for x64-based Systems (KB4023057) through Revo Uninstaller, and running CCleaner, System Mechanic and the Windows Disk Cleanup program, set to Clean up System Files. I  see that the Windows 10 Update Assistant has magically reappeared in Revo Uninstaller also.

But that ain’t all, folks! I checked my other two computers, where both have had Services turned off with Windows Update Blocker and Protect Service Settings checked, and have NOT run the Windows Update Blocker to turn Services back on. In other words, all settings have been in place to keep MS from forcing the WIN 10 1709 Upgrade. All I did was turn them on today and boot them up.

OK, right now I know what you’re thinking … I bet you’re thinking that the Update for Windows 10 for x64-based Systems (KB4023057) and the Windows 10 Update Assistant has automagically appeared on the other two computers, right? Well, you’d be wrong … only the Update for Windows 10 for x64-based Systems (KB4023057) has automagically appeared on the other two computers! Somehow, it’s made it’s way through all the settings and Applications to keep MS from force feeding them the WIN 10 1709 Upgrade! Only after KB4023057 installs does  Windows 10 Update Assistant appear.

Well, that’s my story and I’m sticking to it. But I can’t tell you how angry I am right now. I’ve taken my anxiety meds, [edited – please keep on topic, and remember the Lounge Rules]

Really, I’m so sick of dealing with all this insane WaaS stuff I’m getting real dad-gummed close to getting this piece of crud off all of my computers and replacing it with, oh, I don’t know, Linux? Vista? XP? Anything but the “greatest Windows operating system ever!” I call bullsh*t on that.

So, I just don’t know where to go from here. I’ve got that danged Update for Windows 10 for x64-based Systems (KB4023057) just sitting there on all three of my computers just waiting to get it’s fat, sweaty palms on the Windows Update Service so it can do it’s dirty deed. And as far as I know, you can’t get rid of it. And if you do … it’ll be back. I’m sure Satya and his merry band of mischief makers will eventually figure out a way around Windows Update Blocker, too. Don’t doubt me on that, folks. We’re all going to eventually succumb to WaaS and it’s dastardly ways, or else!

Well, I’m just going to sit tight right where I am until I’m in a better mood and can think straight again. Right now, I’m so angry I can’t. If anyone has any suggestions, I’d appreciate them. Really. I’m utterly at a loss.

Thanks for taking the time to read all this. I know it’s really long, and probably confusing. You folks are the greatest!

P.S. Double clicking the Windows Update Assistant on my desktop presented me with the following propaganda. Yea, right … but at least cancel update on the second window does in fact cancel the update.

Attachments:

You must be logged in to access attached files.

4 users thanked author for this post.

johnf, MrBrian, woody, Cybertooth

[anonymous]

Just thinking… Isn’t / aren’t there any folder(s) you can take ownership and remove enough permissions so Windows cannot write to the disk, borking and therefore avoiding that unwanted update?

1 user thanked author for this post.

dononline

[dononline]

I do seem to remember something about that. I’ll look it up and see what I can find out. Thank you.

If anyone else can point me in the right direction, I’d really appreciate it.

[MrBrian]

See https://www.askwoody.com/forums/topic/methods-for-stopping-windows-10-updates-that-work-on-all-editions-and-builds/#post-131498.

2 users thanked author for this post.

dononline, woody

[dononline]

Have you had a chance to test this method on WIN 10 yet, and is it good to go? It sounds like it might could solve a big problem … my old and slow reflexes!! LOL

[MrBrian]

I can’t remember if I tested that method, but in my opinion the best strategy is to stop automatic updates. I hope to post more details in a new topic within the next few weeks.

1 user thanked author for this post.

dononline

[Susan Bradley]

If you manually kick a check for updates, you trigger a potential check in to the Windows 10 feature update.  What deferrals did you have in place and do you have CBB/semi annual set to be deferred 365 days?  As if you just have it deferred until it’s declared current branch for business, 1709 has been declared as “baked”.  You need to push off that deferral for the 365 day value.

Susan Bradley Patch Lady

2 users thanked author for this post.

dononline, woody

[dononline]

Hi, Susan. Welcome to AskWoody. Your knowledge and articles are a great big plus to a great Website!

In Group Policy, I have both Select when Feature Updates and Quality Updates are received set to Disabled. I think this was part of the setup instructions when I started using the Windows Update MiniTool to manually control updates and upgrades, I don’t remember for sure.

However, I’ve been using WUMT for quite a while now, and it’s worked flawlessly, except for one Cumulative update that wouldn’t finish installing until I turned off my antivirus program, which had nothing to do with WUMT, naturally. It’s been great for postponing the monthly updates until Woody lights up MS-DEFCON 3, or skipping updates completely, and for skipping the 1703 Upgrade completely, and the 1709 Upgrade … until yesterday.

It seems MS has made some changes that has blown up my current update/upgrade plan. As soon as it detects Windows Update Service running, it immediately begins upgrading to the latest version of Windows 10. Looks like we all may eventually be forced to update/upgrade according to MS’s plans, not ours.

They began by ignoring the deferral settings in 1703. Looks like their next step is to get everyone forced onto the latest version whenever they like, no matter the user settings. When called on it, they just say, “Oops”, and keep on rollin’.

Thanks for your input. I’m stuck with all three of my computers locked down where, hopefully, MS can’t get through to install the 1709 Upgrade. I’m hoping to be able to wait until 1804 is ready before doing another upgrade. I hate it that I may not be able to do any updating, either, though, in order to keep 1709 at bay. I definitely have some thinking and deciding to do.

[anonymous]

23057 is not the culprit for that but usually 23814. I have both of them hidden and sometimes they pop their head out of the hidden list and I hit them with the hammer again ^^.

2 users thanked author for this post.

MrBrian, dononline

[dononline]

anonymous, I’m sorry, but I’m in the dark as to what 23057 and 23814 are?

[PKCano]

Short for KB 4023057 and KB 4023814

1 user thanked author for this post.

dononline

[dononline]

Duh … I still need some sleep! LOL

However, I used to keep both of these updates hidden and didn’t install them. I don’t think they’re even offered to me anymore (I’m not sure), but I’m sure neither has been installed on any of my computers.

[MrBrian]

A problem with some Windows 10 update blocking methods is that when updates are turned on, automatic updates may start downloading and installing. Perhaps that’s what happened to you. In my opinion, what is needed is a method that stops automatic Windows 10 updates; I will be testing this method for hopefully doing so soon.

KB4023814 is an update that installs the Windows 10 Update Assistant. See this post for how to get rid of the Windows 10 Update Assistant.

1 user thanked author for this post.

dononline

[dononline]

@MrBrian … I followed the instructions you provided for how to get rid of the Windows 10 Update Assistant to the letter. Since the Assistant had been installed on the desktop computer, every step was pertinent to it. BTW, when I booted the desktop this morning, up popped the Update Assistant again and installation of 1709 began. There was, indeed, a Scheduled Task set to run the Assistant at startup. Unbelievable!!

On the other two computers only the KB4023057 Update was installed, so it was mostly just uninstalling that and checking that the other items were already as they should be.

One other strange thing, though, is that I’ve been keeping KB4023814 hidden, along with KB4049411, KB4033631, and KB4056254, and none were ever installed on any of my three computers. I did a search just to make sure, and they couldn’t be found. Anyhow, hopefully I now have everything cleaned up and blocked again, For now. But as soon as any of my computers connect to Windows Update Service again …

Thank you very much for your help.

[Terry Muench]

Supposedly (KB4023814 => Windows 10 Update Assistant) cannot be uninstalled, at least not easily.

I have seen many posts on how to disable the totally obnoxious Update Assistant; yes you use the Task Scheduler, but no need to get into triggers or anything else; simply disable the three tasks listed below

> Microsoft > Windows > UpdateOrchestrator

UpdateAssistant

UpdateAssistantCalendarRun

UpdateAssistantWakeupRun

So far on my three home PCs, Microsoft has not yet re-enabled these tasks. Don’t be surprised if they do, so check regularly.

 

1 user thanked author for this post.

dononline

[dononline]

Thanks, Terry. Doing what you suggests was part of the routine suggested by MrBrian, and I’ve done that on all three of my computers. So far, so good.

How do you suggest we proceed with hiding the monthly updates until Woody gives us the MS-DEFCON 3 light, and postponing and/or skipping any upgrades we don’t want? I’m at a loss right now. I’m stuck with all three of my computers locked down where, hopefully, MS can’t get through to install the 1709 Upgrade. But as soon as MS sees that Windows Update Service is on, updating they go!

[dononline]

Replying to one’s own post isn’t kosher, I know, but I could think of no other way to thank everyone for your help and suggestions. As soon as I get a little more sleep and rest, I’ll begin acting on each of your suggestions and input individually. I’ll probably have more questions also, but right now, I just need a some napping and resting time.

Thanks again, and, please, anyone with more help to offer, keep it coming! 🙂

I’m a stubborn old cuss and just hate to “surrender” to MS’s complete takeover of my computers! A great day to everyone and thanks again!

1 user thanked author for this post.

Elly

[MrBrian]

More info: If I recall correctly from testing in 2017, the Windows Update service must be enabled in order for wushowhide to function properly. When the Windows Update service is enabled, then, depending on your settings, automatic updates might start to download and install before you’re able to hide updates with wushowhide. One of the updates that might be downloaded and installed by automatic updates is KB4023814, which installs the Windows 10 Update Assistant, and then the fun begins.

1 user thanked author for this post.

dononline

[dononline]

Yes, Windows Update Service has to be running to use wushowhide, as well as WUMT, which is my favorite. I don’t think my reflexes are still fast enough to win the race to hide anything before MS starts the upgrade! LOL

[anonymous]

Windows 8.1 Group B Guinea Piggy here.

All systems seem to go after this month’s security + flash updates.

Now back to Linux Mint Debian. See you next month.

1 user thanked author for this post.

HiFlyer

[Noel Carboni]

Out of curiosity, what build revision is this update supposed to bring Win 10 v1709 up to?

From my test system that’s on 16299.251, I ran Windows Update and it just showed MSRT, an Adobe Flash update, and a Windows Defender definitions update.

I don’t know how I’ve gotten it into this state, but as far as I can see I have one of the few Win 10 setups that’s hesitant to install new updates. I like it! Wish I knew which of the many things I’ve done that’s led to this enviable state. 🙂

I do currently see Cumulative Update KB4088776, dated March 10, in the catalog… I think I’ll pull that onto this test system manually and see how it goes…

-Noel

[zero2dash]

After KB4088776 installed without a hitch, mine are at 16299.309.

Attachments:

You must be logged in to access attached files.

[Rick59]

Did the updates on a five year old Sony laptop, Win 10-64 bit.

Download/install/cleanup/defrag 2.5 hours. No issues.

Now will put the laptop back in it’s protective sleeve until next month.

Back to the chrome book and iPad………

[b]

woody wrote:

Internet Explorer 11: 7 vulnerabilities, 2 critical, 5 important
Microsoft Edge: 16 vulnerabilities, 12 critical, 4 important

Don’t tell me how Edge is so much more secure than IE.

By that criteria, Edge is more secure than Firefox (which got 18 security fixes today) and Chrome (which got 45 security fixes last week).

Would you expect a 22-year-old browser to have more bugs than one being actively developed?

Windows 10 Pro Version 2004: Group ASAP (Pioneer/Chump)

[samak]

Yes, I would. Why would anybody want to take a step backwards and have more vulnerabilities in the newer one?

W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

[anonymous]

Edge and IE are updated monthly. Google Chrome and Mozilla Firefox aren’t on a set monthly cycle. For example, Mozilla last released security updates for Firefox around the end of January 2018.

Edge had 12 critical and 4 important.

Firefox had 2 critical, 4 high, 7 moderate, and 5 low.

 

Regarding Edge, it’s not Woody who’s saying Edge is more secure than IE. Microsoft has touted Edge’s security features in ads inside Windows 10 (among other areas). Thing is, most of those claims come from an older NSS labs report where SmartScreen was doing the heavy lifting. But the web evolves.

Yes, Microsoft really wants us to use Edge, and security issues aside, the compatibility is still evolving. Hopefully Edge will fully supplant IE for all the right reasons.

1 user thanked author for this post.

woody

[radosuaf]

b wrote:

Would you expect a 22-year-old browser to have more bugs than one being actively developed?

I would expect Microsoft to tell the truth. Too much, I know.

MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 2004 64-bit

1 user thanked author for this post.

Cybertooth

[anonymous]

Hello again.

Once again Error 80070057 trumps my March’s IE security update. Never thought such error could be that resilient. *sigh*

But no, I shall not let such cold-blooded error spoil my month as I will remain vigilant and optimistic. If what Gone to Plaid said about IE security updates not being cumulative was true, then I’m not going to waste my anxiety over this matter.

– “Failed to Install KB” Anonymous

[FakeNinja]

Why are there almost no critical updates anymore? There have only been like one or two critical updates in the last few months. And what are “Important Updates” anyway? They’re obviously not important, so what are they?

[MrBrian]

This issue was added to some Windows 10 KB articles (example): “Users with Windows 10 Version 1709 Enterprise that have installed the January 2018 Delta package may encounter failure issues when installing the February and March 2018 updates from the Microsoft Update Catalog. Specifically, the Windows 10, version 1709 February Delta Update may silently fail.”

[Quazi11]

I’ve been interested in this too.  Earlier months the “Windows Next” updates were labled as TEST, but these look official.  My assumption would be they apply to 1803 which has probably been locked down at this point.

Looking at the update details, some have links that go to dummy pages (KB4087657), one is a Server Next update (KB4087658), but the page is about a compatibility update for Win 10 1803 upgrade.  I’m going to guess the veil will be removed when 1803 drops.

[anonymous]

Daft person here. On all three virtualized (ESXi) Windows 2008 R2 servers that we installed the updates on, the network adapters (vmxnet3) got removed and recreated. Had to go in and reassign the static IPs. Our physical 2008 R2 server that updated, virtual 2008 R2 server that didn’t update, and virtual 2016 server that updated were all fine.

2 users thanked author for this post.

MrBrian, woody

[woody]

Howdy, Daft!

Looks like you’re hitting a problem that several others have reported. See https://www.askwoody.com/2018/massive-march-patch-tuesday-relaxes-antivirus-restrictions-but-there-are-problems/

[BillBecker]

Not sure if this is a Patch Tuesday issue since it’s now Wednesday, but my fully patched Win 10 machine (FCU build 1699.309 – Asus Haswell era) just received a list of 27 (yikes!) driver updates from Windows update.  Maybe half of the descriptions have dates, – all in 2016 or 2017.  I hate driver updates!  Anybody else seeing this?

[anonymous]

Before, I had Spectre protection on my Ivy Bridge computer.  How I got it, I don’t know – perhaps from Firefox.  Then I installed KB 4088879, and now my computer runs slower.

InSpectre reports that I now have Meltdown protection on my computer, but no Spectre protection.  InSpectre will not disable the Meltdown protection (although it tries to) so unless I uninstall KB 4088879, I am stuck with a slow computer.

Windows 8.1 Group B

Thanks PKCano.

1 user thanked author for this post.

walker

[walker]

@anonymous:

The reference to FIREFOX caught my eye!  I haven’t installed anything since March 10th, and that was:  KB4076492.   I just left the MSRT there, and probably the WD update as well.   I normally don’t install those.    Win 7, Home Prem., x64, Group A.

The FIREFOX caught my eye because I had a huge problem trying to install the new version (think it’s 59.0.1) today.  I went to the website, and it wouldn’t accept my password, so I was forced to get a new password.  I have had this browser for “years”, and have never had such an exasperating experience!!!   Got it straightened out, however it does make me wonder “what is the reason” that this occurred.  I only installed the one update patch as listed above.

I had about 2 or 3 prompts between yesterday and today to update the browser, and then decided to just update it from the “Help” menu, at which time I encountered these problems.

Anyone else have any problems similar to the one I had?   Makes one wonder exactly what the issue was that caused this.    In other words how could something such as this be “changed” in such an invasive manner??

[Bob99]

Hi walker!

Sorry to say, but I’ve never been asked for a password on Mozilla’s site at all. Also, I’ve never had to use a password to update Firefox, dating all the way back to Firefox 3 or 4.

I’ve always used the built-in updater in the Help menu, as you did this time, to check for and apply updates, except once when Mozilla changed Firefox enough so that we all had to download a completely new copy, and restore our profiles from a backup.

When you said “I went to the website, and it wouldn’t accept my password, so I was forced to get a new password”, were you speaking of the Mozilla website for obtaining a new copy of Firefox (firefox.com) or was it their support website login at https://support.mozilla.org/en-US/users/auth possibly?

If so, you don’t need to login to that support website to get the latest version of Firefox, just use the feature that’s built-in to the browser like you did earlier today, although I still don’t see why even that feature asked you for a password. That issue (updater in the help menu asking for a password and user account login) makes it sound as if you might be infected with some password stealing malware. 🙁

1 user thanked author for this post.

MrBrian

[walker]

@Bob99:   Hi, again!  No, I have never had to log into anything to update Firefox either.  Only when I am accessing the Mozilla Support site (to ask a question), and that link is:

Support.mozilla.org/en-US/questions/new/desktop/other/form?search=Partially+encrypted+connection+in+secure+site+(Yahoo%2C+after+signing+in)&step=aaq-question

This site is down today for updating work, according to the message there.  On this website one must have a “name” and password both.  Have never had a problem logging in there, however it just would not accept my password, so it was necessary to obtain a new one.  I too have used Firefox “forever”, however never had the problem you described in your post.

Like you, I have usually just used the method available on the browser for updating, and never had any problems.   This time was different, and I was unable to update.  Therefore I was able to contact them and request a new password.   I hope I never have that problem again, as it was very upsetting after using this browser for so many years and never having a problem with it.

Thank you for citing your history reflecting that you have never had any problems.   I hope I never do again.   🙂

 

[CraigS26]

https://www.pcworld.com/article/3262165/security/intel-issues-meltdownspectre-fixes-for-ivy-bridge-sandy-bridge-as-patch-effort-winds-down.html

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf

Above is about — “Revised”2nd-G Sandy Bridge CPUID 306A7 (InSpectre shows this for me) – And – 3rd-G Ivy Bridge CPUID 306A9 — Patches for Meltdown-Spectre and they show “PRODUCTION” as status.

My Gateway DX4860 is NOT on the Acer page  but I thought I’d post this in case someone benefits from it as Patch releases occur. Can’t make much of it with my readings so far — But FYI. Remove Hyperlink/Paste doesn’t work for posting the URL’s so always Save As .TXT & Then Paste to be safe.

W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

[cesmart4125]

Macrium is reporting issues in Win 7/10 computers following the recent Windows updates.  Their release notes contain the following:

A Windows Update on the 13th March has caused some Windows 7 and 10 32 bit systems to fail to load Windows after updating. The error occurs when kernel mode driver ‘pssnap.sys’ loads at boot time. This update removes ‘pssnap.sys’ from boot time configuration. Note: Simply deleting the file is insufficient to resolve the problem.

We recommend that 32 bit installations of Macrium Reflect on XP, Vista, Windows 7, and Windows 10 upgraded from Windows 7, 32 bit operating systems update to this release.

If you have already updated Windows and experience this error then please see this KB article for a solution:
https://knowledgebase.macrium.com/display/KNOW7/Windows+7+32+bit+BSOD+after+MS+Windows+Update

If you have not yet updated Windows then please update to this version of Macrium Reflect to enable Windows to update without problems.

After updating, XP, Vista and Windows 7 32 bit systems, will no longer have ‘pssnap.sys’ available. If MS VSS shadow copies fail, then your backups will no-longer fall back to using ‘pssnap’. Please ensure that any VSS errors are resolved to successfully complete your backups.

 

Edited for HTML. Please use text tab when using copy and paste in your replies.

2 users thanked author for this post.

jburk07, MrBrian

[MrBrian]

Note added to March 13, 2018—KB4088875 (Monthly Rollup) (Win 7) and March 13, 2018—KB4088878 (Security-only update) (Win 7): “If the version of PCI.SYS file is less than 6.1.7601.21744, please follow the step-by-step instructions outlined below before applying this update to physical or virtual machine:”

3 users thanked author for this post.

walker, DrBonzo, jburk07

[MrBrian]

This script needs to be run with admin privileges.

1 user thanked author for this post.

walker

[walker]

@Mr.Brian:   I haven’t used the Admin Privileges since you provided the information to restore my “very serious problem” months ago, so I would have to try to do some “homework” on this one.   Thank you again for everything you post which is so helpful to us all.     🙂

[MrBrian]

I believe that Microsoft should add the same note to March 23, 2018—KB4088881 (Preview of Monthly Rollup) (Win 7).

3 users thanked author for this post.

walker, DrBonzo, jburk07

[MrBrian]

Microsoft has added the note to KB4088881.

[DrBonzo]

Seriously??!! There’s no way I’m going to attempt that and I’ll bet there’s no way a typical home user would attempt it either. Then again, I’m not being offered the Rollup in Windows Update, so I’ll just wait until I am, at which point I’ll also assume I won’t need to run scripts.

Um… I would be right in assuming that at some point these patches should not require the user running a script, and that they would just install on their own after I click an OK to install button??

1 user thanked author for this post.

jburk07

[MrBrian]

Hopefully future updates won’t have this prerequisite anymore.

3 users thanked author for this post.

walker, Elly, DrBonzo

[Bob99]

What @MrBrian mentions in post 178189 just above,

MrBrian wrote:

This script needs to be run with admin privileges.

and what @DrBonzo mentions in post 178197 also above,

DrBonzo wrote:

Seriously??!! There’s no way I’m going to attempt that and I’ll bet there’s no way a typical home user would attempt it either. Then again, I’m not being offered the Rollup in Windows Update, so I’ll just wait until I am, at which point I’ll also assume I won’t need to run scripts. Um… I would be right in assuming that at some point these patches should not require the user running a script, and that they would just install on their own after I click an OK to install button??

are, I believe, the biggest reason(s) that MS pulled KB4088875 from being offered through the WU channel to users. They probably figured that most folks using that method to install rollups wouldn’t be able to or wouldn’t desire to install that patch with anything other than the proverbial click of a mouse.
Notice that the word “most” is in italics above, as I know there are still folks who are being offered the patch via WU, but that it’s unchecked by default for them.

I was initially offered the update for both of my machines, but it has since been pulled, and has been replaced by the preview offering for next month, which shall remain uninstalled as I don’t install any previews of MS patches, only “production” releases. Production is in quotes because, with MS patches lately, most seem to be a preview anyway with their assorted problems each month. 🙁

1 user thanked author for this post.

DrBonzo

[Bob99]

MrBrian wrote:

Note added to March 13, 2018—KB4088875 (Monthly Rollup) (Win 7) and March 13, 2018—KB4088878 (Security-only update) (Win 7): “If the version of PCI.SYS file is less than 6.1.7601.21744, please follow the step-by-step instructions outlined below before applying this update to physical or virtual machine:”

@MrBrian, I also happened to notice that KB4088875 was last updated today, the 25th of March, so maybe the note you mention is what was changed in it.

For everyone else reading this thread, if you don’t recall where the file pci.sys is and want to find it, it’s probably in your System32/drivers folder.

2 users thanked author for this post.

walker, DrBonzo

[DrBonzo]

Yes, my PCI.SYS file is in Windows > system32 > drivers.

I’m assuming that since the last five digits on my file are 17514 that’s it’s older than a file that has 21744 as its last 5 digits and that therefore I would need to run the script. Still think I’ll wait before doing anything. MS needs to fix this.

1 user thanked author for this post.

Pierre77

[Bob99]

Same here!! Waiting till it’s ok to install next month’s official rollup which will hopefully have a fix or two for some of the [problems] from this month’s “patch”. 😉

1 user thanked author for this post.

Pierre77

[Pierre77]

My pci.sys is also at 6.1.7601.17514 dated 22 Nov 2010. I am hanging off as the only update to Windows 7 is shown as KB4088881 which is the preview for March 2018.

[anonymous]

@Pierre77: to clarify things for me: in Windows Update you now get offered KB4088881 (the preview), but not KB4088875 (the rogue March update)? Or do you get offered both?
~Annemarie

[MrBrian]

The script has been altered by Microsoft.

1 user thanked author for this post.

walker

[MrBrian]

Additional problems with KB4088878 (Win 7) and KB4088875 (Win 7) reported at https://social.technet.microsoft.com/Forums/windowsserver/en-US/e38d59ab-f8af-4f8c-bc4a-e39c3af88d62/kb4088878-kb4088875-causes-network-connectivity-issues-on-windows-server-2008-r2-or-windows-7?forum=winservergen.

2 users thanked author for this post.

Chessie, walker

[MrBrian]

More updates released today:

Stop error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session

Stop error 0xAB when you log off a Windows Server 2008 session

Stop error 0xAB when you log off a Windows Server 2012 session

1 user thanked author for this post.

walker

[geekdom]

MrBrian wrote:

More updates released today…

In keeping with minimalism, are any of these patches absolutely necessary?

G{ot backup} TestBeta
offline▸ Win7Pro SP1 x64 Storage
online▸ Win10Pro 1909.18363.836 x64 i5-9400 RAM8GB HDD Firefox77.0 Windows{Image/Defender/Firewall}

[MrBrian]

No, unless you’re having this particular problem and want it fixed sooner rather than later. These fixes will very likely be included in the April 2018 Windows monthly rollups.

4 users thanked author for this post.

Chessie, woody, geekdom, walker

[MrBrian]

Microsoft has released update KB4099950:

“This update addresses issues introduced in KB4088875 and KB4088878 for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 where a new Ethernet Network Interface Card (NIC) with default settings may replace the previously existing NIC, causing network issues. Also addressed, is an issue where static IP address setting are lost after applying the update. These symptoms may be seen on physical computers and virtual computers running VMWare.”

1 user thanked author for this post.

woody

[MrBrian]

This update doesn’t appear to replace any existing files. Rather, it runs a file it contains called PCIClearStaleCache.exe.

[abbodi86]

So it’s the easy automated version of the vbs script

it checks if KB2550978 hotfix is installed (or any superseder)
the hotfix actually describe the mess with NIC and March updates in very informative way

i wonder why Microsoft didn’t roll out that important fix years ago through WU

1 user thanked author for this post.

MrBrian

[MrBrian]

From the link: “Important:  This update must be installed prior to installing KB408875 or KB408878″

3 users thanked author for this post.

walker, geekdom, samak

[samak]

“Important: This update must be installed prior to installing KB408875 or KB408878″

Congratulations to MS who can’t even get the KB numbers correct – only 6 digits ? Great quality control…

W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

2 users thanked author for this post.

Morty, MrBrian

[PKCano]

That should be KB 4088878 March 2018 Security Only

1 user thanked author for this post.

MrBrian

[geekdom]

KB4088875 was released March Patch Tuesday. Time flies backward.

G{ot backup} TestBeta
offline▸ Win7Pro SP1 x64 Storage
online▸ Win10Pro 1909.18363.836 x64 i5-9400 RAM8GB HDD Firefox77.0 Windows{Image/Defender/Firewall}

1 user thanked author for this post.

MrBrian

[MrBrian]

After installing KB4099950, it creates log file \windows\logs\PCIClearStaleCache.txt.

The contents of my PCIClearStaleCache.txt on a virtual machine:

Path = C:\Windows\system32\drivers\pci.sys
pci.sys file version is 6.1.7601.17514
Pci.sys indicates KB2550978 or later KBs *NOT* installed
Deleting the PCI SlotPersistentInfo registry keys…
Deleted PCI SlotPersistentInfo registry keys successfully

1 user thanked author for this post.

abbodi86

[MrBrian]

Update KB4099950 repeatedly refused to install in my virtual machine via Windows Update, with error 80243004. I looked up the error message at https://support.microsoft.com/en-us/help/938205/windows-update-error-code-list: “0x80243004 WU_E_TRAYICON_FAILURE A failure occurred when trying to create an icon in the taskbar notification area.” A web searched led to this link, whose solution fixed the issue. If you don’t want to use this solution, I also found that manually installing KB4099950 via the Catalog works fine.

[TheOwner]

Today I installed KB4099950, but i already have installed KB408875. Can i broke something with this? I didnt notice it must be installed before mothly patch.

[GoneToPlaid]

I figure that if you are here and posting, then your networking did not get hosed. If you can see other computers on your network and those computers can see your computer, then you should be good to go.

[Author]

Posts