Microsoft security patches are up

Topic

New Reply

I count 128 of them on the Microsoft Update Catalog. Details as they become available.
[See the full post at: Microsoft security patches are up]

5 users thanked author for this post.

Myst, Elly, geekdom, GreatAndPowerfulTech, Microfix

Reply | Quote

Replies

well woody, KB4467696 has just been released for Win10 v1703.
I’m not sure if you can actually install this on your 1703 computer as it might say “this update is not applicable to your computer” and may only install on the education and enterprise editions of Windows 10 v1703.

Reply | Quote

Beta Test
Report on Windows 7 x64 updates:

–  Windows Malicious Software Removal Tool x64 (KB890830)
–  November Security Monthly Quality Rollup Windows7 x64 (KB4467107)
–  Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4467240)

All installed without error and the system rebooted without error.

Please note that GWX Control Panel is used to prohibit Windows 10 upgrade.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

4 users thanked author for this post.

Sandman, Raptor007, lanceboil, Geo

Reply | Quote

AKB2000003 has been updates for Group B Security-only patches and IE11 Cumulative Updates on Nov 13, 2018.

6 users thanked author for this post.

Sandman, Elly, SueW, columbia2011, geekdom, Microfix

Reply | Quote

Note:
If you install KB4467708 Win10 1809 Build 17763.134 using other than Windows Update, you will need Servicing Stack Update KB4465646.The SSU fixes the Bitlocker Device Encryption vulnerability.

If you are using Windows Update, the SSU will be offered automatically.

1 user thanked author for this post.

BobbyB

Reply | Quote

Applied updates to 8.1 x64, Win 10 1803, two XPs.

No problems noticed so far.   My important machine is the 8.1, the 10 is in a VM.

 

1 user thanked author for this post.

BobbyB

Reply | Quote

Long day ahead for us, Microsoft’s monthly ‘forbidden to work’-day is pushed through our throats again.

Reply | Quote

NOTE:
There are new Servicing Stack Updates for Win10 that address the Bitlocker Device Encryption vulnerability CVE-2018-8566.

If you install the November Cumulative Updates using other than Windows Update, you will need to install the Servicing Stack Update first.
If you are using Windows Update, the SSU will be offered automatically.

Win10 v1809 Build 17763.134 KB4465646
Win10 v1803 KB4465663
Win10 v1709 KB4465661
Win10 v1703 KB4465660
Win10 v1607 KB4465659

3 users thanked author for this post.

walker, Elly, woody

Reply | Quote

? says:

please no more teeth kicking! (microsoft) i’m already missing some

i peeked inside KB4467106 x86 the November Security Only win7 patch and it doesn’t appear to have anything untoward within (no snooping) just the usual jumble of monthly windows OS vulnerability patching.

the flash v.148 patch is once again putting an updater in the C:\windows\system32\macromedia folder. i just delete it anyway…

amber #2 tells me to wait so i’ll let the brave ones try the November patches for now

Reply | Quote

I always wait at least three weeks after patch Tuesday, keep an eye for people complaining about patches for Windows 7, including the Sec. Only and the  IE11 Cumulative (downloaded from the Catalogue), and go ahead only after there are not outstanding unresolved problems, so the Master Patch List already gives all the usual updates (Office, MSRT, .Net) the thumbs up, as well as to the Sec. Only and IE11 ones. By then Woody might also have raised the DEFCON above 2, although I mostly follow the Master Patch List for advice with Windows 7 patching, these days.

So far, after several years doing things along these lines, I have never had a single problem with any patch I’ve installed.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

We are seeing multiple independent WSUS servers failing to download content (patches) from Microsoft for this month’s batch.

Content downloads started and were successful for a a fraction of the patches, but then halted.  This started afternoon hours EST.

Eventlog error 364 is seen.  An example is:

“Content file download failed.

Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

Source File: /d/msdownload/update/software/secu/2018/11/windows10.0-kb4467694-x64_f22e0d9c1ff22b542a9bdce12c94a86d862f17f5.cab ”

Advice on event 364 focuses mainly on firewall or IPS issues.  However we have eliminated that as a cause.  WSUS servers have been established for years and no changes on them have been made recently nor have firewalls been touched.

I’m interested in hearing if others have seen the same problem.

Jim

1 user thanked author for this post.

woody

Reply | Quote

I got the same error. WSUS server is behind Bluecoat proxy. But I cannot tell when exactly it started: last time when I was downloading updates was September 26th, and first time it failed was November 15th. So something changed in the time between those dates.

Reply | Quote

This problem is hitting our WSUS too.  Details:

WSUS error 364:

Content file download failed.

Reason: CRC verification failure.

Source File: /d/msdownload/update/software/secu/2018/10/windows8.1-kb4466536-x64_b72d05f78078967804d84005d61b7706c32daa90.cab

WSUS error 10022:

The last catalog synchronization attempt was unsuccessful.

WSUS error 10032:

The server is failing to download some updates.

Troubleshooting: I restarted related services (WU, WSUS, WID, Update Orchestrator, IISAdmin, BITS), and downloads eventually did get unstuck.

1 user thanked author for this post.

woody

Reply | Quote

Checking WUSH today 14th I have three (yes 3) updates for Adobe Flash Player, all different KB numbers. What gives???  Reality is I don’t use Flash Player as it is an antiquated  piece of software.  Why does MS keep shoving it down our throats?  Is it a necessary part of their best OS ever? – Windows 10!!!!!!  If so what a joke.  Can I safely hide or delete it?

Reply | Quote

MS decided (in their wisdom?) to incorporate Flash into IE11 for Win8.1 and Win10. Win7 still has to get it from Adobe (if you want it), but for the others, you get it from MS whether you want it or not.

Reply | Quote

Yeah that looks like an important patch to get, pun not intended but there it is anyway.

That’s to patch a priv escalation vuln found recently.

https://threatpost.com/microsoft-patches-zero-day-bug-in-win7-server-2008-and-2008-r2/139073/

Reply | Quote

Group A, Win7X64,  Home Premium,  AMD.   No problems, no slow down.

Reply | Quote

I read this in a German forum. Translated with deepl.com.
Can anyone confirm this? Sounds like an huge issue.

Beware of Server 2016 Updates KB 4465659 and KB 4467691

One of the two updates tries to write into the UEFI of the server. This works for virtual machines as well. For physical machines of the brands DELL and HP this does not work, at least if CPUs of the series Xeon E5-26… of the versions v1 and v2 are still installed there. On Fujitsu machines it does not work with the above Xeon CPUs of versions E5-26… v3 and v4.

The UEFI is totally shot up, hardware raids are torn apart etc. pp. Remotely you can’t reach the boxes anymore, because the Intel management machine is also totally torn apart, if it wasn’t switched off by the ADMIN for security reasons. No network adapter is detected anymore.

If you keep your servers in a data center far away from home, you can take care of a specialist on site or start a journey. What Microsoft has delivered there again, lacks ANY quality control.

Reply | Quote

anonymous wrote:

I read this in a German forum. Translated with deepl.com.
Can anyone confirm this? Sounds like an huge issue.

Disclosing the link to the ‘German Forum’ in question might help..

Windows - commercial by definition and now function...

Reply | Quote

https://winfuture.de/news-kommentare,106081.html

It is [o6]

2 users thanked author for this post.

woody, Microfix

Reply | Quote

Full links coming in my column this morning. Thanks, anonymous!

Reply | Quote

Windows 7  64Bit Home Premium. Loaded x3 WU’s, OK. Functioning satisfactorily.

1 user thanked author for this post.

Sandman

Reply | Quote

Haven’t seen KB3150513 (W10 compatibility monitor = Don’t Inst) in forever, but here it is + seven Office ’10s, MSRT, 4.72 Net Frmwk,  KB 4467107 Rollup.

With 2 confirmed W7-64 Inst successes and a Macrium Image I’ll probably try in a week or so if more successes are posted.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

KB3150513 only shows up if KB2952664/KB2976978 are installed. The latter two have been baked into the Rollups for Win7/8.1 since the 2018-09 Preview Rollup and the 2018-10 Monthly Rollup. So, if you updated your computer with the Rollups, you got the functionality and KB3150513 is there to update it.

HIDE IT!

3 users thanked author for this post.

Myst, CraigS26, Microfix

Reply | Quote

Updated one of my Win8.1 VMs this morning – KB4467697 Monthly Rollup, KB4467694 IE11 Flash, MSRT and 9 assorted Office 2010 patches.
No apparent problems so far.
Whopping 484.4 MB!!

Using @abbodi86 ‘s script to keep the snooping out!

5 users thanked author for this post.

walker, BobbyB, Microfix, geekdom, columbia2011

Reply | Quote

Hello,

First post here
I have several servers with different OS.. so here it is:
Windows Server 2012 R2 Standard: Installed KB4467697 + KB4467242 – No issues so far
Windows Server 2016 Standard: Installed KB4467691 + KB4465659 – No issues so far
Windows Server 2008 R2 Standard + Datacenter: Installed KB4467107 + KB4467240 – No issues so far

1 user thanked author for this post.

Microfix

Reply | Quote

On my Win 7 x64 PC, the Rollup for .NET Framework is Optional and unchecked for the second month in a row.  Are these no longer updates that should be installed?

iPhone 13, 2019 iMac(SSD)

Reply | Quote

We don’t recommend installing unchecked updates.
.NET Rollups contain multiple individual patches for the multiple versions of .NET.
There may not be a patch in the Rollup for the version of .NET that is installed on your computer, so it is unchecked.

Reply | Quote

PK Cano…I initially posted my question on the wrong subject.  Thanks for moving it.  Your answer makes sense as to why the .NET patch may not be checked.

iPhone 13, 2019 iMac(SSD)

Reply | Quote

@PKCano,

A quick follow-up question regarding your reason for not installing the .Net Rollup if unchecked – are you saying that should this update appear unchecked that it implies that there are no fixes pertaining to the version of .Net that is installed? Or are you stating that WU cannot tell for certain whether the .Net rollup update pertains to the installed version?

As a corollary, I never installed the 4.7.2 .Net update as it was offered unchecked yet recommended. Would you advise me not to install this update as long as I am not encountering any issues with my current installed .Net version?

I should also add that the WU setting “give me recommended updates in the same manner as I receive important updates” is left unchecked (rightly or wrongly). Do you know whether the .Net rollup update or the 4.7.2 .Net version update would still appear unchecked even if I had chosen to check the setting to receive recommended updates in the same manner as important updates?

Windows 7 SP1, x64 Home Premium, Group A

Reply | Quote

ashfan212 wrote:

are you saying that should this update appear unchecked that it implies that there are no fixes pertaining to the version of .Net that is installed?

When the updates are unchecked, it is Microsoft’s way of saying they should not be installed automatically. Either there are no fixes for your version, or MS has other reasons for them not to be installed.

ashfan212 wrote:

Or are you stating that WU cannot tell for certain whether the .Net rollup update pertains to the installed version?

Most definitely NOT saying that. WU is smarter than you are (most of the time).

If you are running Win7, there is no need to install .NET 4.7.2 at this time UNLESS you are using an application that requires .NET 4.7.2

I have “Give me recommended” checked. I have been offered .NET 4.7.2 on my Win7 as a checked update. I do not know if those two facts are related. I have hidden the .NET 4.7.2 installer for the time being.

2 users thanked author for this post.

walker, ashfan212

Reply | Quote

@pkcano,

Thank you for your quick reply!  It was very informative. I would assume then that you also received the .Net rollup update unchecked notwithstanding that your “Give me recommended…” setting is checked.

Now if WU is smart enough to determine whether the .Net rollup update is applicable to the installed version of .Net, is there a reason why WU would offer the update at all, even marked as optional?

Reply | Quote

The metadata determines whether it shows up in the queue (checked or unchecked). WU determines whether or not it is installed.

1 user thanked author for this post.

ashfan212

Reply | Quote

woody wrote:

November 2018 updates for Microsoft Office are available for Office 2016, Office 2013, Office 2010, the Office Viewers, and the SharePoint servers.

12 security updates were also issued yesterday for all current versions of Office 365:

Update history for Office 365 ProPlus (listed by date)

Reply | Quote

Updated a Win7 starter (x32).   I was getting a pop-up notice to agree to new intrusiveness by Microsoft.  Couldn’t proceed with the updates without accepting the agreement.   Declined the agreement, and then unchecked the Malicious Software removal tool, and hid it, and the rest of the updates installed with no problems noticed, and no agreeing to a new big-brother arrangement necessary.

1 user thanked author for this post.

Elly

Reply | Quote

Interesting that MSRT triggered further update options. I’ve never trusted MSRT due to sending a heartbeat to MS, what’s in that heartbeat was my first concern.
Thanks for your report.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Elly

Reply | Quote

? says:

Microfix, i’m sure you have seen this on the MSRT heartbeat function:

https://www.askwoody.com/2016/telemetry-from-the-malicious-software-removal-tool/

and this:

https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/

 

Reply | Quote

I’m running Windows 7 Pro 32-bit. MSRT Nov 2018 KB890830 popup notice says, “Prerelease Version of Service Pack 2 for Microsoft Windows XP Professional, Home, Media Center, or Tablet PC Edition END-USER LICENSE AGREEMENT FOR PRERELEASE CODE”. What the heck… prerelease code for Windows XP?

Reply | Quote

Yep, that’s what I saw.  People with 64 bit Win 7 wasn’t seeing it.  So, I think the 32 bit MSRT was out of whack somehow.  Maybe an old one got shipped by mistake?

Reply | Quote

On the basis that Microsoft anti-malware is probably of the same ‘quality’ as Windows, you are probably better off running a high quality demand scanner (e.g. Malwarebytes) instead of  MSRT in any case.

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

Reply | Quote

There are a few mentions from other people about this: http://www.pcbanter.net/showthread/?p=3773923

1 user thanked author for this post.

columbia2011

Reply | Quote

13/11/2018 KB4461518 Security Update Microsoft Office Compatibility SP 3

This update appears most months; but not automatically. I dig it out of the MS Update Catalog. Installs, OK, and appears in Installed Updates.
Any thought on this anomaly, would be appreciated. Cheers !
W7 HP 64, W7 Starter 32, Vista 32.

Reply | Quote

Hi y’awll…

I take note of what is recommended here & so, do not update until it’s “safe.”
Anyway, last night, I checked here & saw that PKCano had posted (#232726) the link to what was safe to install.
Just one for WIN7 & one for IE11.
> 4466536 & > 4467106.
No probs. with either installation.
I rebooted & carried on as usual.
But…Later on when I shut my desk top down, I noticed that my CPU was consuming a heap of cycles & Firefox was very slow to shut down.
Upon checking in the Task Manager, I saw that there was a process running called…
“CompatTelRunner.exe” which was the culprit. Using about 75 to 80% CPU.
I then shut it down & went looking for it.
It was located in System32 & named…
“Microsoft Compatibility Telemetry.”
Details are…

Created > 3/11/2018. (That’s 3rd November.)
Modified > 13/8/2018.
Size > 120 KB.
Version > 10.0.17673.1003

I re-named it but would like to know which update was it included with & will it be
re-applied?
I shall keep an eye out for anything suss. & see if it gets re-applied.
Has anyone else noticed this beastie?
WIN7, HP, 32 bit.
&…A few versions of Firefox.

Ta muchly,
Mike..

Reply | Quote

Here is the reason for what you saw:

There was a patch that MS released new versions of quite frequently, KB2952664, that contained telemetry. We hid it to prevent this.
As of the 2018-09 Preview Rollup, and continuing with the monthly Rollups from 2018-10 Monthly Rollup onward, Microsoft has included the functionality of KB2952664 in the Rollups. It is no longer a separate patch and cannot be uninstalled separately from the Rollup. “CompatTelRunner.exe” is a part of this functionality.

So, it seems, there are some options available: uninstall the Oct and/or Nov Rollups and move to Group B Security-only patching, continue to install the Monthly Rollups and use @abbodi86 ‘s method to neutralize telemetry, or uninstall the Oct and/or Nov Rollups and quit patching altogether.

1 user thanked author for this post.

walker

Reply | Quote

PKCano wrote:

Here is the reason for what you saw: There was a patch that MS released new versions of quite frequently, KB2952664, that contained telemetry. We hid it to prevent this. As of the 2018-09 Preview Rollup, and continuing with the monthly Rollups from 2018-10 Monthly Rollup onward, Microsoft has included the functionality of KB2952664 in the Rollups. It is no longer a separate patch and cannot be uninstalled separately from the Rollup. “CompatTelRunner.exe” is a part of this functionality. So, it seems, there are some options available: uninstall the Oct and/or Nov Rollups and move to Group B Security-only patching, continue to install the Monthly Rollups and use @abbodi86 ‘s method to neutralize telemetry, or uninstall the Oct and/or Nov Rollups and quit patching altogether.

10/25 OCT Rollup Installed …..I find none of the W10 Compatibility culprits mentioned just above by — anonymous 11/15/18  5:38 a.m. — “Hi Y’awll” — MAYBE because long ago we were guided thru the equal of @abbodi86’s Instructions. His suggested W7 Neutralize Settings are already in my Setup. I still have the GWX Control panel going (net affect here ??) but will monitor for His culprits ( “CompatTelRunner.exe” / System32 & named…“Microsoft Compatibility Telemetry.” ). 2952664 / 3150513, etc., have been taped to my Monitor from long ago Do Not Install list. We’ll see.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

You won’t see KB2952664 new versions any more (only old versions) because it is baked into the Rollups starting with 2018-10 Monthly Rollup.

You will see 3150513 because it updates the 2952664 functionality that is now a part of the Rollups.
HIDE IT!!!!

1 user thanked author for this post.

walker

Reply | Quote

PKCano wrote:

You won’t see KB2952664 new versions any more (only old versions) because it is baked into the Rollups starting with 2018-10 Monthly Rollup. You will see 3150513 because it updates the 2952664 functionality that is now a part of the Rollups. HIDE IT!!!!

IF I / We don’t see — ( “CompatTelRunner.exe” / System32 …“Microsoft Compatibility Telemetry.” ) is THAT fact confirmation the @abbodi86 Neutralize Settings are working ?

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

1 user thanked author for this post.

walker

Reply | Quote

The information about the included telemetry is applicable, not only to Win7, but to 2976978 (same functionality) on Win8.1.

I am installing Group A. I am using @abbodi86 ‘s script run as a Scheduled Task on startup. CompatTelRunner is not found on my PC (Win8.1).

1 user thanked author for this post.

walker

Reply | Quote

@PKCano:

PKCano wrote:

I am installing Group A. I am using @abbodi86 ‘s script run as a Scheduled Task on startup. CompatTelRunner is not found on my PC (Win8.1).

This question might need to be in a separate thread. I am Group A using @abbodi86’s manual instructions for disabling telemetry. I do have CompatTelRunner.exe on my system with a created date of 11/3/18, which matches the date and time I installed the October rollup, so no surprise there.

I’m hoping that disabling the scheduled tasks and Performance event trace sessions etc. is all that’s needed, but is there a way to check to to see if CompatTelRunner.exe has ever run on my system and when? I have Windows 7 Home Premium.

Thanks for any help on this.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

Reply | Quote

Read through AKB2952664. @MrBrian did extensive research on the telemetry patches and their doings. The links to his information are there.

1 user thanked author for this post.

jburk07

Reply | Quote

Will do, thanks.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

Reply | Quote

Thanks for the reply, PKCano.

To clarify a few points…
I am in Group B & have been for years.
I only install the Security updates & never the “Preview Rollups” or the “Monthly Rollups.”
Whenever I see “KB2952664” it gets hidden immediately.
It is not in/on my PC.
As for the suggested fixes by “abbodie86’s”, most have already been done, but I ran through them all again, just to confirm.
Thank you for the info.
I shall keep an eye out for any further issues.

Regs, Mike..

Reply | Quote

The 2952664 functionality is NOT included in the Group B Security-only patches.

Reply | Quote

Hi once more,

I know that the dreaded “KB2952664” is not included in the Security updates.
It appears whenever I/you perform a “normal” manual update check.
That’s the only time it rears it’s ugly head & it gets hidden immediately.
I would like to know exactly how that “Compatibility Telemetry” entry was added to my PC
when I only do the Security updates as per recommended here & never do the “Previews” or “Monthly Rollups.”
Plus…I do not have KB3150513 on my M/C.

Thanks.
Regs, Mike..

1 user thanked author for this post.

walker

Reply | Quote

anonymous wrote:

I would like to know exactly how that “Compatibility Telemetry” entry was added to my PC
when I only do the Security updates as per recommended here & never do the “Previews” or “Monthly Rollups.”

Can’t answer that one. Look through installed updates and uninstall 2952664 if it’s there. That’s all I can suggest.

1 user thanked author for this post.

walker

Reply | Quote

CompatTel was added before the Group A and Group B updating was established… so you were probably ‘infected’ some time in the past.

The best instructions I’ve found for avoiding telemetry updates was given by @CanadianTech for clean installs (but you can also go back and uninstall what he wouldn’t have installed in the first place). You might check out Post #188268 and/or Windows Update in 2018 and you will avoid both CompaTel and diagtrack telemetry. Then when you apply Security Only patches, you will continue to avoid telemetry, not having it installed on your computer, rather than disabling it.

Its probably easier to apply @abbodi86’s procedure to disable telemetry…

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Hi @Regs, Mike.

I just thought that I could tell you all something about how things can appear in ours systems without our knowledge. And it´s becuase that you installed forexample: [Or something else].

I installed windows6.1-kb3177467-v2-x86_abd69a188878d93212486213990c8caab4d6ae57.msu, in october.
Later I installed also this one:
windows6.1-kb4462915-x86_bfcfa4c0997862cd2c0f8cd3df6f38bdacf6d07b.msu, which was given to us in october.
I’m within the group B with Windows 7 Pro 32 bit.

Before I did this installation I checked if I had one file which had the name: KB 302 03 69, and I couldn’t find it at all in the registry before I installed both files of:
kb3177467 and kb4462915.

But know I can find it here when I [you] doing one simple search with: kb3020369
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-servicingstack_31bf3856ad364e35_0.0.0.0_none_2d3956f60f74b69a

I’m with you on KB3150513, I dont have it either.

So when it comes to uninstall something Microsoft says it can’t be done… Just search it in the registry and disable it, but please make a copy before you doing anything with your registry, and specially work slow with it, if you don’t have the knowledge when it comes to change stuff within the registry.

Best regards
Christer
______________________
Hi once more,

I know that the dreaded “KB2952664” is not included in the Security updates.
It appears whenever I/you perform a “normal” manual update check.
That’s the only time it rears it’s ugly head & it gets hidden immediately.
I would like to know exactly how that “Compatibility Telemetry” entry was added to my PC
when I only do the Security updates as per recommended here & never do the “Previews” or “Monthly Rollups.”
Plus…I do not have KB3150513 on my M/C.

Thanks.
Hi @Regs, Mike..
_______________________

Reply | Quote

KB3150513 only shows up in Windows Update if you have KB2952664 installed. If you have avoided KB2952664, you should not have KB3150513 on your system.

@MrBrian did extensive research on Windows telemetry. There is information telemetry in our Knowledge Base article AKB2952664 and links to some of the research that was done, You may be interested in reading it.

1 user thanked author for this post.

Elly

Reply | Quote

Looks like there’s a bug in KB 890830 for 32-bit Win7 — Prerelease code for XP? Pshaw.

It is bug with code meant for Windows XP paid support in November 2018. Some of the code was paid support that businesses are pay to MS to keep XP running.

1 user thanked author for this post.

woody

Reply | Quote

Now THAT makes some sense.

It’s a bug. But at least it’s a bug with a porpoise.

Reply | Quote

PKCano wrote:

The information about the included telemetry is applicable, not only to Win7, but to 2976978 (same functionality) on Win8.1. I am installing Group A. I am using @abbodi86 ‘s script run as a Scheduled Task on startup. CompatTelRunner is not found on my PC (Win8.1).

PKC: Ref Imgur Adm Cmd Prompt Below … If I clk Enter, then Exit … is THAT How you run this Script?
I DID find – CompatTelRunner.exe – in system32 & the logs Show Transmissions at last 2 monthly WU’s but NOT in between.
DO YOU still run MSRT after Script entry?
Many Thanks!!

https://i.imgur.com/ZnXITb6.jpg

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

The command in your pic creates a scheduled task “W10Telemetry”  (Task Scheduler) to run the W10Tel cmd script file on startup. You put the W10Tel cmd file in the %windir% (usually C:\Windows) folder and it runs at startup automatically. There is a link to download the W10Tel cmd file from pastebin here.

I usually choose to install MSRT when I install updates, but do not run MRT otherwise b/c I use TrendMicro or Bitdefender for Internet security.

1 user thanked author for this post.

CraigS26

Reply | Quote

According to the Master Patch List, the Service Stack Update kb3177467 is given with date 11/13/2018 next to a link to the MS “Advisory page”. Going there, the date of the update is of last month; if so, this would be the one I have already installed along with the other October patches.

Am I  correct? Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

11/13/2018 is the date of the Advisory Page (which as of 10:05 pm PST was last updated on 11/14/2018). If you scroll down you’ll see the WIN 7 entries. The 3rd and 4th columns in the Advisory Page have links that will take you to the KB support article for 3177467 and the MS Catalog page for 3177467, respectively. The catalog page has links to both the v1 and v2 editions of the 3177467 Servicing Stack Update. The support article and the catalog page both have October 2018 dates. Only you know what you downloaded and installed as the October Updates, but this catalog page is where I went to download v2 of KB 3177467. So, if you did what I did, you should be fine. (v1 has 2016 dates and v2 has 2018 dates on the catalog page.) I’m WIN 7 Pro, sp1, x64 as I believe you also are.

1 user thanked author for this post.

OscarCP

Reply | Quote

Interesting upcoming change:

2019 SHA-2 Code Signing Support requirement for Windows and WSUS

Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by April 2019. Any devices without SHA-2 support will not be offered Windows updates after April 2019.

6 users thanked author for this post.

Elly, woody, CraigS26, cesmart4125, columbia2011, ch100

Reply | Quote

I notice 2018-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4467240) is not listed in the Master Patch List.

Would someone please explain why KB4467240 does not appear in the Master Patch List.    Thanks for your help.

 

 

 

Reply | Quote

abbodi86 wrote:

Interesting upcoming change: 2019 SHA-2 Code Signing Support requirement for Windows and WSUS

Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by April 2019. Any devices without SHA-2 support will not be offered Windows updates after April 2019.

My first Search attempt appears to show a 2015 KB3033929 WU member solves this, and Update History / Installed Updates shows it there for me via 3/11/15 Updates.
PKC, Woody, etc., can confirm this is all we need.

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3033929

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

1 user thanked author for this post.

jburk07

Reply | Quote

I can only speculate, but my guess is that the newer patches released in the Jan-Mar 2019 time frame will supercede the 2015 patch and will then be required by Windows Update.

2 users thanked author for this post.

jburk07, CraigS26

Reply | Quote

Another Security Update for Adobe Flash Player

https://support.microsoft.com/en-us/help/4477029/security-update-for-adobe-flash-player

with the known history of insecure Flash Player and its continous updates, why, beside $$$ does Micro$oft continue to embed it in Edge, sigh, lament.  I know, yes it can be disabled.

3 users thanked author for this post.

Chessie, jburk07, PKCano

Reply | Quote

Most people are not tech-savvy and tend to blame what is immediately in front of their eyes. So, the likely reason is that MS believes  people would blame MS Edge for non-functioning content on a website and  instead of the blaming the site author for using unsafe Flash content.  ‘Warn and ask’ would be a better option. – a big red scary warning that would worry people enough to reduce the number of clicks.

2 users thanked author for this post.

Chessie, b

Reply | Quote

‘Warn and ask’ is more-or-less how Flash in Edge has worked by default for nearly two years:

Extending User Control of Flash with Click-to-Run

1 user thanked author for this post.

Lars220

Reply | Quote

Win 10 1709 64bit:   Did a standalone install of SSU update and November delta update KB4467686, install was smooth, machine has been stable 3 days.

Reply | Quote

Inst’d Without issue (Macrium Image @ Ready) :  Nov Mo Sec Rollup  KB4467107/ 4.72 NetFrmwk KB4467240/ Ofc ’10-(32) KB4032218/ Ofc ’10-(32) KB3114565/ ’10-(32) Excel KB4461530/ ’10-(32) Word KB4461526/ Outlook APP Not Active in Hm-Stud Ofc ’10 but Updates Show KB4461529….  Skipped MSRT — so far.

The ONLY evidence of Heartbeat Calling Home is (per log) last 2 WU runs of MSRT. First time I’ve passed on MSRT AND in my entire life Nothing has ever popped-up from running it. ESET Security Suite/ Mbam Prem/ SAS Pro ….

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote