Massive batch of old Windows Updates retired

Topic

New Reply

This morning, May 7 2017, I noticed a massive number of old superseded updates being retired by Microsoft. The total number of retired updates for Windows 7, 8.1, 2008 R2, 2012 R2 is 1387. There may be additional updates for other operating systems which I do not monitor like Windows 8 and 2012 (original release).
This is an exceptional event and indicates a shift in Microsoft’s approach to having the old updates still available for those, mostly corporate clients, who might have required them for backwards compatibility with legacy applications.
This event may have some relation to the December 2014 IE patch which Woody says it has come back, due to people not being up to date and having ‘fragmented’ updated systems.
Finally the old operating system updates repository is moved closer to a state which was due for a long time and something which good WSUS administrators were doing anyway as part of maintenance.

6 users thanked author for this post.

HiFlyer, Spiff, abbodi86, PKCano, Kirsty, MrBrian

Reply | Quote

Replies

So can you explain to my what you mean by “retired” does it mean they won’t be available through Windows Update anymore? Does it mean there’ll be less updates that one has to download after a reinstall?

1 user thanked author for this post.

owdrtn

Reply | Quote

The answers to your questions are both YES. If C superseded B and B supersedes A, A and B will no longer be available. Only C.
Where they are going with this is, now C will be rolled up into the Monthly Rollup.
They are looking to roll all the old non-superseded patches into a Super Rollup and get rid of (retire) all the patches that are superseded.

3 users thanked author for this post.

HiFlyer, abbodi86, ch100

Reply | Quote

I see. I’m glad to see that they’re going to do as you put one “Super Rollup” which I sometimes do reinstalls for people. And everytime I have to do a Windows 7 machine or 8.1 machine updates are always the most painful part. So this will make my life easier and the lives of many techinations who still deal with Windows 7 and on rare occasions 8.1. Also last I heard they had put the plan of having one rollup for each OS on hold. Did they finally decide to start working on it now? I have been wanting to reinstall Windows on my own machines lately. Will this “Super Rollup” come out this Patch Tuesday?

Reply | Quote

Also will .NET Framework Rollups be integrated into this “Super Rollup” or will they still be separate? Will .NET Framework 3.5 updates be intergrated into the Super Rollup/.NET Framework Rollup?

Reply | Quote

.NET, MSRT. Visual C++, Office, etc are considered “Other Mictosoft products,” not Windows.
However, I have noticed that there are Rollups for .NET and IE11 now. So maybe each will eventually be handled in this fashion.
I don’t know. I have no inner ear at MS.

1 user thanked author for this post.

HiFlyer

Reply | Quote

We don’t know, but I would expect .NET Framework 3.5 updates to be integrated as this component in part of the system, unlike .NET Framework 4.x. This applies to Windows 7/2008R2 only.
For Windows 8.x/2012/2012R2/10 all versions of .NET Framework are part of the system.
I think decisions are still made internally at Microsoft about the future approach.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Don’t expect this tomorrow. It will be a drawn out process.
The other thing they are working on is a “differential” update. So existing PC’s will only get that part of the Rollup that is not already installed.
Your guess is as good as mine as to when this will all come together.

Reply | Quote

I don’t think the plan to have the super-rollup for each OS is on hold.
There is more work to be done until those rollups are ready.
For Windows 7/2008 R2 an almost perfect such rollup is KB3125574, but being outside of Windows Update, I would not recommend it at this stage for non-managed (“home”) users.

1 user thanked author for this post.

dgreen

Reply | Quote

Let’s say for now that this is the intended behaviour. As it was noticed in relation to KB3008923, there are expected bugs which will surface in the next few days, due primarily to the massive number of updates involved and the scope of such maintenance which extends to few years.
Even so, “installing” old updates do not cause any harm because they only flag to the Windows Update mechanism that the supersedence chain is completed.
TrustedInstaller based mechanism is smarter than the visible Windows Update and will take care to manage the installed components correctly, based on their versions.

2 users thanked author for this post.

HiFlyer, abbodi86

Reply | Quote

I have one more question for you ch100. Do you have a source for this info? I can’t find any news relating to the retirement of old updates.

Reply | Quote

anonymous wrote:

I have one more question for you ch100. Do you have a source for this info? I can’t find any news relating to the retirement of old updates.

It’s a trade secret.
Trust me 🙂

Reply | Quote

🙂 🙂

Reply | Quote

Using a script I wrote, on a Windows 7 virtual computer with many security updates missing, the number of applicable updates including superseded updates is reported as 313, while the number of applicable updates not including superseded updates is reported as 183. I’m pretty sure that just a few days ago on this same virtual computer the number of applicable updates including superseded updates was either 400-499 or 500-599 (I forget which). If my memory on that is correct, then indeed many Windows 7 updates were expired very recently.

1 user thanked author for this post.

ch100

Reply | Quote

@MrBrian
Like you, I don’t have the exact numbers, but I can confirm that previous to the current maintenance, the number of updates including superseded available to Windows 7 with SP1 clean install was in the range of 500.
The same can be seen with Windows Update MiniTool with the option “Include superseded”.
WUMT uses published Windows Update APIs for this purpose and I assume your script does it too.
For reference, my post is based on a recent WSUS synchronisation which closely mirrors Windows Update.
Expired updates in WSUS are the same updates which are retired from the public servers with very few exceptions.
The expired updates also are made invisible in the Catalog, although I believe that they are still stored at Microsoft and available to those who know the direct download URLs.
It is worth mentioning that for those fully patched using Windows Update, which means Group A users, this event should not be significant, except for the glitch in relation to KB3008923 which was explained before by other posters, @abbodi86 and @PKCano
KB3008923 can be ignored or “installed”, it does not matter for the Windows functionality achieved.

2 users thanked author for this post.

HiFlyer, MrBrian

Reply | Quote

I suppose 1387 is the sum for both x86 & x64 versions of each update, so the actual expired updates would be around 690 😀

which still a masive number

thanks @ch100

1 user thanked author for this post.

ch100

Reply | Quote

There is Itanium 2008 R2 involved too.

1 user thanked author for this post.

abbodi86

Reply | Quote

Understanding Windows Update Supersedence, Expirations, and Revisions

1 user thanked author for this post.

SueW

Reply | Quote

I just noticed that KB3173424 the latest servicing stack update for Windows 8.1 is expired

mistake or they consider KB3021910 good enough?

Reply | Quote

SSU KB3173424 for Windows 8.1 32-bit and 64-bit and for windows 2012 R2 is not expired.

Reply | Quote

It is 🙂

https://www.catalog.update.microsoft.com/Search.aspx?q=KB3173424

at least in catalog and WU, did not check WSUS yet

1 user thanked author for this post.

ch100

Reply | Quote

Weird 🙂
I have just looked in WSUS.

EDIT: You are right about the Catalog ?

Reply | Quote

Maybe it’s just “too” early temporary takedown, preparing for patch tuesday
they might revise it or replace it

however, Windows 7 equivalent KB3177467 still available

1 user thanked author for this post.

ch100

Reply | Quote

You know, KB3173424 was having an in-accurate metadata anyway, it’s listed as superseder for KB3021910

but, KB3021910 is the latest (or newest) prerequisite for the gold master KB2919355
and KB2919355 is prerequisite for KB3173424
as result,  KB3021910 is a  prerequisite for KB3173424, which can’t replace it

1 user thanked author for this post.

ch100

Reply | Quote

Based on my research, the only true pre-requisite for KB2919355 is KB2919442 by itself, and not in one of the superseding flavours.
KB2919442 is now expired in WSUS which is of the nature to fuel even more conspiracy theories when it is in fact more likely that one of the junior people at Microsoft decided to expire this most critical update of all other than KB2919355.
They might be panicking right now and decided to expire KB3173424 trying to fix their mistake and because they do not read this thread and my reply, they have no clue 🙂
KB2919442 should never be flagged as superseded, but because of Microsoft flagging this one incorrectly, this is one of the tricks of the trade very little known in the wild 🙂

Reply | Quote

Wow. Bizarre. I wonder why they did it that way? (Or maybe somebody on the team just did it and figured nobody would notice?)

If the problem continues after tomorrow’s patches, drop me a line and I’ll write it up for InfoWorld…..

Reply | Quote

Woody, I would still consider @abbodi86’s results and wait for clarification.
Here are the facts.

There are 3 different known images from Microsoft for Windows 2012 R2 and I believe 2 for Windows 8.1.
I will list them for Windows 2012 R2 which I know, @abbodi86 would know better than me about 8.1:

1. Gold image – release without “Service Pack” KB2919355
2. First update with KB2919355 (known as version 3)
3. Second image update (known as version 4), containing KB2919355 plus the major rollup also known as Update 3, KB3000850.

The debate between me and @abbodi86 refers to the Gold image when trying to install KB2919355 on top of it.

What happened until recently, before the major WU maintenance?
While running Windows Update, KB2919442 (servicing stack update) was hidden from view by the superseding updates KB3021910 and KB3173424. By hiding the last 2 of them, KB2919442 would become visible.

KB2919355 has a detection fault in the sense that it has a hard-coded requirement to have KB2919442 installed as pre-requisite. The logic of WU require that its superseding updates are good enough as pre-requisites, but this does not happen.
The alternative to hiding temporarily the later SSUs is to install KB2919442 manually.

Note: My understanding is that @abbodi86 thinks that KB3021910 functions as replacement pre-requisite while KB3173424 cannot. I don’t know and if he tests and says it is so, we should agree with it. I don’t have currently the time to prove either way.

To the best of my knowledge and this was tested not so long ago, only KB2919442 when installed would allow the installation of KB2919355.

Another problem is that after installing one of the later SSU patches, KB2919355 can no longer be installed, because the SSUs cannot be uninstalled and KB2919442 cannot be installed either!!! This is a huge bug. There is no way to recover other than reinstalling clean or reinstalling in upgrade mode. This is not for everyone to understand easily.

The current problem: KB2919442 has been expired on May 6, 2017, probably based on the assumption that it is superseded. But the images with KB2919355 already slipstreamed are normally volume licenses released only on VLSC and not available to everyone. In fact I think even the Gold Windows 8.1 was not released officially to retail customers.
How is anybody without all this knowledge supposed to install clean in 2017?
The Microsoft answer: it is too late, only professionals should do this in 2017, everyone else should move to Windows 10 now or use instead what they have installed now until it physically dies.

See how complicated it gets and why I recommend non-technical users to either follow Microsoft or not to use Windows?

If you can make sense of what I said and add @abbodi86’s input and use your mastery to edit this whole thing and put in a format to be published, I think you could make an interesting article.
🙂

2 users thanked author for this post.

woody, PKCano

Reply | Quote

The previous mystery about KB3173424 is no longer an issue. This update has been revised which means that it was temporarily retired while being replaced.

Reply | Quote

I guess it’s a good thing I downloaded and saved the WSUS Offline Updates through to the point in time that I decided to go sit on the Group W bench. Otherwise, if I ever need to reinstall Win7, it sounds like some/many of the desired Windows Updates could wind up being retired or unavailable and then I would be forced to update through to the current set of Windows Update Malware.

Reply | Quote

Remember, M$ introduced non-hidden Telemetry updates to Win 7/8.1 at around Oct 2015, ie the same Telemetry (NSA spyware ?) that is baked into Win 10 since its launch on 29 July 2015. And in Oct 2016, M$ imposed monthly mandatory Patch Rollups to Win 7/8.1.
. . Many Win 7/8.1 users avoided the Win 10-style Telemetry updates, whether hidden or non-hidden, by not installing them, eg KB2952664, and the monthly Patch Rollups (= Group B or C/W).

What the OP has highlighted about massive old updates being retired by M$ and then a coming Super Rollup or “SP2”, is probably M$’s attempt to force such “stubborn” or non-compliant Win 7/8.1 users to install their Win 10-style Telemetry updates, eg through a clean reinstall. IOW, the Super Rollup will likely contain the Win 10-style Telemetry updates.
. . This is what is called “by hook or by crook”.

Before this, a clean install of Win 7 SP1 will be followed by the optional installation of 200+ important updates and 200+ optional updates through Windows Update. The Super Rollup or “SP2” will remove this option.

When “stubborn” Win 7/8.1 users check for updates, M$ may even sneakily issue targeted updates to purposely brick their Win 7/8.1 systems = require a reinstall = may have to install the Win 10-style Telemetry updates.

Reply | Quote

Too much false assumptions, too much conspiracy theories

bottom line, no, just no
it getting real frustration to controvert these naive FUD

BTW, Telemetry updates began at April 2014

4 users thanked author for this post.

woody, PKCano, SueW, ch100

Reply | Quote

Or about 2005 if you take MSRT in consideration.
Way too much FUD 🙂

3 users thanked author for this post.

woody, PKCano, SueW

Reply | Quote

MS has only themselves to blame for people assuming the worst about them.  If MS could get away with doing what Anon said, I don’t doubt for a second they’d do it.

They’ve already introduced bugs with security-only updates that are only fixed in the telemetry-containing rollups.  They’ve already demonstrated that they have no concern for bricking people’s PCs through inappropriate in-place upgrades (without the user’s informed consent, by design) if it supports their agenda of pushing Windows 10 to every PC possible.  They’ve already shown that they are willing to use the Windows update system to deliver malware to sabotage fully functioning Windows 7 installations that violate their marketing plan.  They’ve already shown they’re not against using dark patterns and malware-style trickery that violates their own UI guidelines to subvert people’s intent to block the upgrade to Windows 10.

With all of that in mind, what about what Anon suggested is so unbelievable?  So many of the things they have already done would have been unimaginable prior to the start of the GWX  campaign, but they’ve all come to pass (and I haven’t even listed all of it).  With the way MS has been behaving, it’s not unreasonable to try to imagine the ways that MS will next try to further its agenda at the expense of its users.  It would be foolhardy NOT to do so.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, OpenSUSE Tumbleweed

1 user thanked author for this post.

samak

Reply | Quote

The anon to which you make reference in your post is a well-known troll around here and is duping a lot of unsuspecting users. Because sometimes that anon makes posts in accordance to the rules of this forum, those posts get published.
There is a number of users on this forum who unfortunately have been mislead for a long time into believing non-sense and as a consequence have downgraded their computers to an insecure state and in many situations to machines with less than optimal functionality.
I don’t find a good use of my time to reply any longer to such users who instead of trying to educate themselves, prefer to have a negative attitude while at the same time keep using Windows.

1 user thanked author for this post.

woody

Reply | Quote

CH100, perhaps you and abbodi86 are responding more in that context than I; I am only responding to the actual text of the post itself, and since the person has posted anonymously, I can’t say if it is the same as any other anonymous poster.  That is, after all, the point of being anonymous.  People do, of course, have a distinctive writing style (like my overuse of parenthesis, dashes, and ellipses when writing informally), but I haven’t seen enough messages to establish a pattern as such.

From the message I responded to, I am not sure why Anon would have to be a troll.  Trolling is posting inflammatory messages specifically for the purpose of angering people and creating a flamewar.  If it’s something the person actually believes, even if it’s irrational and unreasonable, it’s not trolling.

I’ve already laid out my reasons for thinking that what Anon wrote (in the message I replied to) is not unthinkable.  Two years ago, I would have thought that any of the things MS has done recently were so far over the line of what is ethical and just that they would never dare go so far, but here we are, wondering what they will do next.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, OpenSUSE Tumbleweed

1 user thanked author for this post.

HiFlyer

Reply | Quote

@Ascaris
There is no point in repeating the same “Microsoft is bad” party line ever and ever.
Please post constructively for those who actually are interested in moving ahead in life and not for those wondering all the time why “the rich get richer, while the poor get poorer”. It is all about mentality and less about luck in life and winning the lottery, at least in a country where there are so many options to pick.

Reply | Quote

Everyone is free to assume and give opinion, and yes i agree, MSFT themselve takes the blame for this

but what i mean for conspiracists is that if they don’t understand the technicalities and updates details/mechanism, do not make wild assumptions that can be easily proven wrong

5 users thanked author for this post.

HiFlyer, ch100, woody, satrow, PKCano

Reply | Quote

ch100 wrote:

I don’t think the plan to have the super-rollup for each OS is on hold. There is more work to be done until those rollups are ready. For Windows 7/2008 R2 an almost perfect such rollup is KB3125574, but being outside of Windows Update, I would not recommend it at this stage for non-managed (“home”) users.

ch100 If I remember correctly, wasn’t this update being referred to by some as SP2?
IIRC, this would update all updates up to and including April 2016 correct?
I had considered doing this last year, and recently looked into it again,
but I thought it was problematic.
I do have SP1 and have the correct criteria kb3020369 installed.
I see you would not recommend it now, curious to know why is that?
I guess I will take that option off the table.

Windows7 64 bit Home Premium SP1 Windows Server 2008 R2x64
Group B

 

 

1 user thanked author for this post.

ch100

Reply | Quote

dgreen wrote:

ch100 If I remember correctly, wasn’t this update being referred to by some as SP2?
IIRC, this would update all updates up to and including April 2016 correct?

I said in my previous post why I don’t recommend KB3125574 “SP2”.
KB3125574 is not on Windows Update and there is no correct supersedence handling and relationship with any of the other updates.

2 users thanked author for this post.

owdrtn, dgreen

Reply | Quote

@dgreen
Perhaps I should clarify what I said in my reply to your enquiry, after noticing that you are a follower of the so-called Group B.
Many of the updates which belong to the Group B style of updating are not on Windows Update and as such, there is no objective reference to know if those followers of Group B are patched correctly in the sense of security and functionality. The only reliable reference in that case is provided only by Enterprise tools and even then it is difficult to control this style of updating correctly, which is at most a niche implementation, which exist only due to specific compliance requirements in some enterprises.
I am not in favour of Group B style of updating for the reasons above and what I will say now would go even more against most of what was said on this forum since the times of GWX.
KB2952664 (and equivalent KB2976978 on Windows 8.1) and its companion KB3150513 should (not must) be installed on all systems as they have been made part of all the current Windows Operating Systems. Without those (telemetry) patches, there is no guarantee that any Windows Operating System will keep functioning optimally for the years ahead until they get out of support.
I am not going to debate further this issue.

1 user thanked author for this post.

dgreen

Reply | Quote

I briefly tested Belarc Advisor. It checks for the presence of security-only updates.

Reply | Quote

@mrbrian
If this is the case, there is a good chance that it goes online and looks up the latest version of wsusscn2.cab
https://support.microsoft.com/en-us/help/926464/a-new-version-of-the-windows-update-offline-scan-file,-wsusscn2.cab,-is-available-for-advanced-users
There are scripting options and there is other software which is already performing the same thing.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa387290(v=vs.85)

Sorry, but for me this ongoing discussion about security only looks counter-productive, especially that as you mentioned in other posts, there is sometimes an inter-relation between security and non-security.
Those who have their own reasons for pursuing this less supported path should do their research and take care of themselves, like all systems administrators do when they recommend or are forced by the nature of their business to recommend this implementation to their end-users. Otherwise, with only limited understanding, there are good chances that those following this approach actually use less secure and less functional systems and I am not interested in being involved in this.

Reply | Quote

ch100 wrote:

Based on my research, the only true pre-requisite for KB2919355 is KB2919442 by itself, and not in one of the superseding flavours. KB2919442 is now expired in WSUS which is of the nature to fuel even more conspiracy theories when it is in fact more likely that one of the junior people at Microsoft decided to expire this most critical update of all other than KB2919355. They might be panicking right now and decided to expire KB3173424 trying to fix their mistake and because they do not read this thread and my reply, they have no clue  KB2919442 should never be flagged as superseded, but because of Microsoft flagging this one incorrectly, this is one of the tricks of the trade very little known in the wild  

No, KB2919442 is not the only or harcoded pre-requisite for KB2919355

KB2919355  require servicing stack 6.3.9600.17021 ( KB2919442) at least, and any other higher or later version will work too

the latest official ISO/ESD media that was released in December 2014 have a similar status for current situation with KB3021910/KB3173424
it contain two servicing stack updates:
KB2975061 – the pre-requisite SSU that used to install KB2919355
KB2989647 – the active SSU, but it require KB2919355 to be installed first

so, KB2919442 > KB2975061 > KB3021910 are all applicable prerequisities for KB2919355

while KB2989647 > KB3173424 are just regular SSU that require KB2919355

ch100 wrote:

Woody, I would still consider @abbodi86‘s results and wait for clarification. Here are the facts. There are 3 different known images from Microsoft for Windows 2012 R2 and I believe 2 for Windows 8.1. I will list them for Windows 2012 R2 which I know, @abbodi86 would know better than me about 8.1: 1. Gold image – release without “Service Pack” KB2919355 2. First update with KB2919355 (known as version 3) 3. Second image update (known as version 4), containing KB2919355 plus the major rollup also known as Update 3, KB3000850. The debate between me and @abbodi86 refers to the Gold image when trying to install KB2919355 on top of it. What happened until recently, before the major WU maintenance? While running Windows Update, KB2919442 (servicing stack update) was hidden from view by the superseding updates KB3021910 and KB3173424. By hiding the last 2 of them, KB2919442 would become visible. KB2919355 has a detection fault in the sense that it has a hard-coded requirement to have KB2919442 installed as pre-requisite. The logic of WU require that its superseding updates are good enough as pre-requisites, but this does not happen. The alternative to hiding temporarily the later SSUs is to install KB2919442 manually. Note: My understanding is that @abbodi86 thinks that KB3021910 functions as replacement pre-requisite while KB3173424 cannot. I don’t know and if he tests and says it is so, we should agree with it. I don’t have currently the time to prove either way. To the best of my knowledge and this was tested not so long ago, only KB2919442 when installed would allow the installation of KB2919355. Another problem is that after installing one of the later SSU patches, KB2919355 can no longer be installed, because the SSUs cannot be uninstalled and KB2919442 cannot be installed either!!! This is a huge bug. There is no way to recover other than reinstalling clean or reinstalling in upgrade mode. This is not for everyone to understand easily. The current problem: KB2919442 has been expired on May 6, 2017, probably based on the assumption that it is superseded. But the images with KB2919355 already slipstreamed are normally volume licenses released only on VLSC and not available to everyone. In fact I think even the Gold Windows 8.1 was not released officially to retail customers. How is anybody without all this knowledge supposed to install clean in 2017? The Microsoft answer: it is too late, only professionals should do this in 2017, everyone else should move to Windows 10 now or use instead what they have installed now until it physically dies. See how complicated it gets and why I recommend non-technical users to either follow Microsoft or not to use Windows? If you can make sense of what I said and add @abbodi86‘s input and use your mastery to edit this whole thing and put in a format to be published, I think you could make an interesting article.  

1. First release without KB2919355 is RTM image

2. Second release with KB2919355 is the Golden Master image (this GM term is internally taged in all updates that require KB2919355)

KB3173424 won’t show up on bare RTM image if KB2919355 is not installed, KB3021910 will

like as explained above, latest installation media is built without KB2919442
and you can build image with KB2919355 just fine by installing KB3021910 🙂

Media Creation Tool is available for all and for free, it will download and create ISO which matches the last MSDN release (KB2919355 + KB3000850)
https://www.microsoft.com/en-us/software-download/windows8

1 user thanked author for this post.

ch100

Reply | Quote

Woody, this is why I was asking you to wait for clarification from @abbodi86
It appears that I know only half of the story about various Servicing Stack Update patches released since 2014 and their inter-relation with KB2919355.
What remains as bug though is the way the supersedence of the SSU patches is implemented.
Some of them are pre-requisite to KB2919355, while the later ones, claiming to supersede the previous ones have themselves as pre-requisite KB2919355. In such a situation, I would think that there should be 2 different and independent groups of SSUs, each important by themselves.
For those less aware, KB2919355 for Windows 8.1 and 2012 R2 is the true Service Pack 1 (officially named Update 1, or April 2014 Update) and most developments after April 2014 require it to be installed.

Notes:

1. All these issues are mitigated by the reality that Windows 8.1 is used only by a niche group of generally knowledgeable users and Windows 2012 R2 which is the current server of choice in Enterprise is installed in most situations from the ISO version 4, released in December 2014 which include KB2919355 and KB3000850. As @abbodi86 mentioned, the same image is available to Windows 8.1 users and it is highly recommended to be the only one used for new installation, in order to avoid Windows Update issues.
Those are the main reasons why we don’t hear more about the SSU supersedence bugs in Windows 8.1 and 2012 R2.
2. I find very uncommon to have end-users install clean operating systems released many years ago and I believe that various posters here who keep re-installing Windows 7 or 8.1 released many years ago are exceptions among the Windows users. Legitimate exceptions though, but as we all know fraught with many problems. Those who keep their installations up to date (Group A), month by month, do not experience those problems largely created by the users themselves and not intentionally by Microsoft as it seems to be a common belief. Microsoft has their share of buggy releases though which fuels most of the confusion.

1 user thanked author for this post.

woody

Reply | Quote

ch100 wrote:

@dgreen Perhaps I should clarify what I said in my reply to your enquiry, after noticing that you are a follower of the so-called Group B. Many of the updates which belong to the Group B style of updating are not on Windows Update and as such, there is no objective reference to know if those followers of Group B are patched correctly in the sense of security and functionality. The only reliable reference in that case is provided only by Enterprise tools and even then it is difficult to control this style of updating correctly, which is at most a niche implementation, which exist only due to specific compliance requirements in some enterprises. I am not in favour of Group B style of updating for the reasons above and what I will say now would go even more against most of what was said on this forum since the times of GWX. KB2952664 (and equivalent KB2976978 on Windows 8.1) and its companion KB3150513 should be installed on all systems as they have been made part of all the current Windows Operating Systems. Without those (telemetry) patches, there is no guarantee that any Windows Operating System will keep functioning optimally for the years ahead until they get out of support. I am not going to debate further this issue.

ch100
So if I deceide to be in Group A, would I then be patched up correctly?

1 user thanked author for this post.

ch100

Reply | Quote

ch100
So if I deceide to be in Group A, would I then be patched up correctly?

@dgreen
This is my point of view.
With the clarification that in theory Group B style of updating is not fundamentally wrong with few conditions (which to me are not acceptable, especially for non-technical, non-enterprise users/systems administrators):
1. Group B updating style is meant to patch the OS only for Security but not enhance or fix functionality issues (and there are many, in hundreds since SP1 for Windows 7 as example).
2. It has to have an authoritative reference point which Group A has in Windows Update, while Group B has only in WSUS, SCCM or wsusscn2.cab. Most people who follow Group B do not have any idea what those 3 things mean or how to use them, while most of those who do, have already decided for Group A, fully understanding the implications.

There is another good option for functionality, less so for security, which is to stop after fully patching for any chosen point in time.
I am not recommending this option, but as Canadian Tech explained in many posts on this forum, this option is preferable against Group B.

1 user thanked author for this post.

dgreen

Reply | Quote

KB3173424 is back as-is
i wonder what changed in its metadata

1 user thanked author for this post.

ch100

Reply | Quote

From WSUS

1 user thanked author for this post.

abbodi86

Reply | Quote

Is a “Super Rollup” what used to be called a “Service Pack?”

GaryK

Reply | Quote

Shhhh! If you call it a Sercive Pack, there’s something about having to extend service and EOL.
So it’s a Rollup.

1 user thanked author for this post.

gkarasik

Reply | Quote

PKCano wrote:

Shhhh! If you call it a Sercive Pack, there’s something about having to extend service and EOL. So it’s a Rollup.

I can’t believe I’m nostalgic for the old Microsoft.

GaryK

Reply | Quote