News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft security patches are up

    Home Forums AskWoody blog Microsoft security patches are up

    This topic contains 72 replies, has 22 voices, and was last updated by  anonymous 1 year, 1 month ago.

    • Author
      Posts
    • #232680 Reply

      woody
      Da Boss

      I count 128 of them on the Microsoft Update Catalog. Details as they become available.
      [See the full post at: Microsoft security patches are up]

      5 users thanked author for this post.
    • #232705 Reply

      EP
      AskWoody_MVP

      well woody, KB4467696 has just been released for Win10 v1703.
      I’m not sure if you can actually install this on your 1703 computer as it might say “this update is not applicable to your computer” and may only install on the education and enterprise editions of Windows 10 v1703.

    • #232718 Reply

      geekdom
      AskWoody Plus

      Beta Test
      Report on Windows 7 x64 updates:

      –  Windows Malicious Software Removal Tool x64 (KB890830)
      –  November Security Monthly Quality Rollup Windows7 x64 (KB4467107)
      –  Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4467240)

      All installed without error and the system rebooted without error.

      Please note that GWX Control Panel is used to prohibit Windows 10 upgrade.

      Group G{ot backup} TestBeta
      --
      Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin / NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup / System Image / Rescue Disk / Firewall
      --
      Win10Pro 1909 18363.592 · x64· i5-9400 · RAM 8GB · Firefox: uBlock Origin / NoScript · HDD · Canon Printer · Windows: Defender / Backup / System Image / Rescue Disk / Firewall
      4 users thanked author for this post.
    • #232726 Reply

      PKCano
      Da Boss

      AKB2000003 has been updates for Group B Security-only patches and IE11 Cumulative Updates on Nov 13, 2018.

      6 users thanked author for this post.
    • #232763 Reply

      PKCano
      Da Boss

      Note:
      If you install KB4467708 Win10 1809 Build 17763.134 using other than Windows Update, you will need Servicing Stack Update KB4465646.The SSU fixes the Bitlocker Device Encryption vulnerability.

      If you are using Windows Update, the SSU will be offered automatically.

      1 user thanked author for this post.
    • #232762 Reply

      anonymous

      Applied updates to 8.1 x64, Win 10 1803, two XPs.

      No problems noticed so far.   My important machine is the 8.1, the 10 is in a VM.

       

      1 user thanked author for this post.
    • #232827 Reply

      anonymous

      Long day ahead for us, Microsoft’s monthly ‘forbidden to work’-day is pushed through our throats again. 🙁

    • #232844 Reply

      PKCano
      Da Boss

      NOTE:
      There are new Servicing Stack Updates for Win10 that address the Bitlocker Device Encryption vulnerability CVE-2018-8566.

      If you install the November Cumulative Updates using other than Windows Update, you will need to install the Servicing Stack Update first.
      If you are using Windows Update, the SSU will be offered automatically.

      Win10 v1809 Build 17763.134 KB4465646
      Win10 v1803 KB4465663
      Win10 v1709 KB4465661
      Win10 v1703 KB4465660
      Win10 v1607 KB4465659

      3 users thanked author for this post.
    • #232842 Reply

      anonymous

      ? says:

      please no more teeth kicking! (microsoft) i’m already missing some

      i peeked inside KB4467106 x86 the November Security Only win7 patch and it doesn’t appear to have anything untoward within (no snooping) just the usual jumble of monthly windows OS vulnerability patching.

      the flash v.148 patch is once again putting an updater in the C:\windows\system32\macromedia folder. i just delete it anyway…

      amber #2 tells me to wait so i’ll let the brave ones try the November patches for now

      • #232876 Reply

        OscarCP
        AskWoody Plus

        I always wait at least three weeks after patch Tuesday, keep an eye for people complaining about patches for Windows 7, including the Sec. Only and the  IE11 Cumulative (downloaded from the Catalogue), and go ahead only after there are not outstanding unresolved problems, so the Master Patch List already gives all the usual updates (Office, MSRT, .Net) the thumbs up, as well as to the Sec. Only and IE11 ones. By then Woody might also have raised the DEFCON above 2, although I mostly follow the Master Patch List for advice with Windows 7 patching, these days.

        So far, after several years doing things along these lines, I have never had a single problem with any patch I’ve installed.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #232863 Reply

      anonymous

      We are seeing multiple independent WSUS servers failing to download content (patches) from Microsoft for this month’s batch.

      Content downloads started and were successful for a a fraction of the patches, but then halted.  This started afternoon hours EST.

      Eventlog error 364 is seen.  An example is:

      “Content file download failed.

      Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

      Source File: /d/msdownload/update/software/secu/2018/11/windows10.0-kb4467694-x64_f22e0d9c1ff22b542a9bdce12c94a86d862f17f5.cab

      Advice on event 364 focuses mainly on firewall or IPS issues.  However we have eliminated that as a cause.  WSUS servers have been established for years and no changes on them have been made recently nor have firewalls been touched.

      I’m interested in hearing if others have seen the same problem.

      Jim

      1 user thanked author for this post.
      • #234359 Reply

        anonymous

        I got the same error. WSUS server is behind Bluecoat proxy. But I cannot tell when exactly it started: last time when I was downloading updates was September 26th, and first time it failed was November 15th. So something changed in the time between those dates.

      • #237413 Reply

        anonymous

        This problem is hitting our WSUS too.  Details:

        WSUS error 364:

        Content file download failed.

        Reason: CRC verification failure.

        Source File: /d/msdownload/update/software/secu/2018/10/windows8.1-kb4466536-x64_b72d05f78078967804d84005d61b7706c32daa90.cab

        WSUS error 10022:

        The last catalog synchronization attempt was unsuccessful.

        WSUS error 10032:

        The server is failing to download some updates.

        Troubleshooting: I restarted related services (WU, WSUS, WID, Update Orchestrator, IISAdmin, BITS), and downloads eventually did get unstuck.

        1 user thanked author for this post.
    • #232867 Reply

      Cee Arr
      AskWoody Plus

      Checking WUSH today 14th I have three (yes 3) updates for Adobe Flash Player, all different KB numbers. What gives???  Reality is I don’t use Flash Player as it is an antiquated  piece of software.  Why does MS keep shoving it down our throats?  Is it a necessary part of their best OS ever? – Windows 10!!!!!!  If so what a joke.  Can I safely hide or delete it?

      • #232872 Reply

        PKCano
        Da Boss

        MS decided (in their wisdom?) to incorporate Flash into IE11 for Win8.1 and Win10. Win7 still has to get it from Adobe (if you want it), but for the others, you get it from MS whether you want it or not.

    • #232908 Reply

      anonymous

      Yeah that looks like an important patch to get, pun not intended but there it is anyway.

      That’s to patch a priv escalation vuln found recently.

      Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

    • #232912 Reply

      Geo
      AskWoody Plus

      Group A, Win7X64,  Home Premium,  AMD.   No problems, no slow down.

    • #232920 Reply

      anonymous

      I read this in a German forum. Translated with deepl.com.
      Can anyone confirm this? Sounds like an huge issue.

      Beware of Server 2016 Updates KB 4465659 and KB 4467691

      One of the two updates tries to write into the UEFI of the server. This works for virtual machines as well. For physical machines of the brands DELL and HP this does not work, at least if CPUs of the series Xeon E5-26… of the versions v1 and v2 are still installed there. On Fujitsu machines it does not work with the above Xeon CPUs of versions E5-26… v3 and v4.

      The UEFI is totally shot up, hardware raids are torn apart etc. pp. Remotely you can’t reach the boxes anymore, because the Intel management machine is also totally torn apart, if it wasn’t switched off by the ADMIN for security reasons. No network adapter is detected anymore.

      If you keep your servers in a data center far away from home, you can take care of a specialist on site or start a journey. What Microsoft has delivered there again, lacks ANY quality control.

    • #232933 Reply

      Microfix
      Da Boss

      I read this in a German forum. Translated with deepl.com.
      Can anyone confirm this? Sounds like an huge issue.

      Disclosing the link to the ‘German Forum’ in question might help..

      Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x64 | W10 x86 1909
    • #232947 Reply

      anonymous

      Windows 7  64Bit Home Premium. Loaded x3 WU’s, OK. Functioning satisfactorily.

      1 user thanked author for this post.
    • #232953 Reply

      CraigS26
      AskWoody Plus

      Haven’t seen KB3150513 (W10 compatibility monitor = Don’t Inst) in forever, but here it is + seven Office ’10s, MSRT, 4.72 Net Frmwk,  KB 4467107 Rollup.

      With 2 confirmed W7-64 Inst successes and a Macrium Image I’ll probably try in a week or so if more successes are posted.

      W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

      • #232955 Reply

        PKCano
        Da Boss

        KB3150513 only shows up if KB2952664/KB2976978 are installed. The latter two have been baked into the Rollups for Win7/8.1 since the 2018-09 Preview Rollup and the 2018-10 Monthly Rollup. So, if you updated your computer with the Rollups, you got the functionality and KB3150513 is there to update it.

        HIDE IT!

        3 users thanked author for this post.
    • #232966 Reply

      PKCano
      Da Boss

      Updated one of my Win8.1 VMs this morning – KB4467697 Monthly Rollup, KB4467694 IE11 Flash, MSRT and 9 assorted Office 2010 patches.
      No apparent problems so far.
      Whopping 484.4 MB!!

      Using @abbodi86 ‘s script to keep the snooping out!

      5 users thanked author for this post.
    • #232974 Reply

      fugitiv3
      AskWoody Lounger

      Hello,

      First post here
      I have several servers with different OS.. so here it is:
      Windows Server 2012 R2 Standard: Installed KB4467697 + KB4467242 – No issues so far
      Windows Server 2016 Standard: Installed KB4467691 + KB4465659 – No issues so far
      Windows Server 2008 R2 Standard + Datacenter: Installed KB4467107 + KB4467240 – No issues so far

      1 user thanked author for this post.
    • #233075 Reply

      pmcjr6142
      AskWoody Plus

      On my Win 7 x64 PC, the Rollup for .NET Framework is Optional and unchecked for the second month in a row.  Are these no longer updates that should be installed?

      • #233078 Reply

        PKCano
        Da Boss

        We don’t recommend installing unchecked updates.
        .NET Rollups contain multiple individual patches for the multiple versions of .NET.
        There may not be a patch in the Rollup for the version of .NET that is installed on your computer, so it is unchecked.

        • #233188 Reply

          pmcjr6142
          AskWoody Plus

          PK Cano…I initially posted my question on the wrong subject.  Thanks for moving it.  Your answer makes sense as to why the .NET patch may not be checked.

        • #233213 Reply

          ashfan212
          AskWoody Lounger

          @pkcano,

          A quick follow-up question regarding your reason for not installing the .Net Rollup if unchecked – are you saying that should this update appear unchecked that it implies that there are no fixes pertaining to the version of .Net that is installed? Or are you stating that WU cannot tell for certain whether the .Net rollup update pertains to the installed version?

          As a corollary, I never installed the 4.7.2 .Net update as it was offered unchecked yet recommended. Would you advise me not to install this update as long as I am not encountering any issues with my current installed .Net version?

          I should also add that the WU setting “give me recommended updates in the same manner as I receive important updates” is left unchecked (rightly or wrongly). Do you know whether the .Net rollup update or the 4.7.2 .Net version update would still appear unchecked even if I had chosen to check the setting to receive recommended updates in the same manner as important updates?

          Windows 7 SP1, x64 Home Premium, Group A

          • #233221 Reply

            PKCano
            Da Boss

            are you saying that should this update appear unchecked that it implies that there are no fixes pertaining to the version of .Net that is installed?

            When the updates are unchecked, it is Microsoft’s way of saying they should not be installed automatically. Either there are no fixes for your version, or MS has other reasons for them not to be installed.

            Or are you stating that WU cannot tell for certain whether the .Net rollup update pertains to the installed version?

            Most definitely NOT saying that. WU is smarter than you are (most of the time).

            If you are running Win7, there is no need to install .NET 4.7.2 at this time UNLESS you are using an application that requires .NET 4.7.2

            I have “Give me recommended” checked. I have been offered .NET 4.7.2 on my Win7 as a checked update. I do not know if those two facts are related. I have hidden the .NET 4.7.2 installer for the time being.

            2 users thanked author for this post.
            • #233226 Reply

              ashfan212
              AskWoody Lounger

              @pkcano,

              Thank you for your quick reply!  It was very informative. I would assume then that you also received the .Net rollup update unchecked notwithstanding that your “Give me recommended…” setting is checked.

              Now if WU is smart enough to determine whether the .Net rollup update is applicable to the installed version of .Net, is there a reason why WU would offer the update at all, even marked as optional?

            • #233233 Reply

              PKCano
              Da Boss

              The metadata determines whether it shows up in the queue (checked or unchecked). WU determines whether or not it is installed.

              1 user thanked author for this post.
    • #233125 Reply

      b
      AskWoody Plus

      November 2018 updates for Microsoft Office are available for Office 2016, Office 2013, Office 2010, the Office Viewers, and the SharePoint servers.

      12 security updates were also issued yesterday for all current versions of Office 365:

      Update history for Office 365 ProPlus (listed by date)

      Microsoft Edge, Win 10 Pro 1909: Group ASAP (pioneer)

    • #233154 Reply

      anonymous

      Updated a Win7 starter (x32).   I was getting a pop-up notice to agree to new intrusiveness by Microsoft.  Couldn’t proceed with the updates without accepting the agreement.   Declined the agreement, and then unchecked the Malicious Software removal tool, and hid it, and the rest of the updates installed with no problems noticed, and no agreeing to a new big-brother arrangement necessary.

      1 user thanked author for this post.
      • #233162 Reply

        Microfix
        Da Boss

        Interesting that MSRT triggered further update options. I’ve never trusted MSRT due to sending a heartbeat to MS, what’s in that heartbeat was my first concern.
        Thanks for your report.

        Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x64 | W10 x86 1909
        1 user thanked author for this post.
      • #233191 Reply

        morat
        AskWoody Lounger

        I’m running Windows 7 Pro 32-bit. MSRT Nov 2018 KB890830 popup notice says, “Prerelease Version of Service Pack 2 for Microsoft Windows XP Professional, Home, Media Center, or Tablet PC Edition END-USER LICENSE AGREEMENT FOR PRERELEASE CODE”. What the heck… prerelease code for Windows XP?

        • #233289 Reply

          anonymous

          Yep, that’s what I saw.  People with 64 bit Win 7 wasn’t seeing it.  So, I think the 32 bit MSRT was out of whack somehow.  Maybe an old one got shipped by mistake?

      • #233200 Reply

        SteveTree
        AskWoody Lounger

        On the basis that Microsoft anti-malware is probably of the same ‘quality’ as Windows, you are probably better off running a high quality demand scanner (e.g. Malwarebytes) instead of  MSRT in any case.

        Group A (but Telemetry disabled Tasks and Registry)
        Win 7 64 Pro desktop
        Win 10 64 Home portable

    • #233297 Reply

      anonymous

      There are a few mentions from other people about this: http://www.pcbanter.net/showthread/?p=3773923

      1 user thanked author for this post.
    • #233304 Reply

      anonymous

      13/11/2018 KB4461518 Security Update Microsoft Office Compatibility SP 3

      This update appears most months; but not automatically. I dig it out of the MS Update Catalog. Installs, OK, and appears in Installed Updates.
      Any thought on this anomaly, would be appreciated. Cheers !
      W7 HP 64, W7 Starter 32, Vista 32.

    • #233326 Reply

      anonymous

      Hi y’awll…

      I take note of what is recommended here & so, do not update until it’s “safe.”
      Anyway, last night, I checked here & saw that PKCano had posted (#232726) the link to what was safe to install.
      Just one for WIN7 & one for IE11.
      > 4466536 & > 4467106.
      No probs. with either installation.
      I rebooted & carried on as usual.
      But…Later on when I shut my desk top down, I noticed that my CPU was consuming a heap of cycles & Firefox was very slow to shut down.
      Upon checking in the Task Manager, I saw that there was a process running called…
      “CompatTelRunner.exe” which was the culprit. Using about 75 to 80% CPU.
      I then shut it down & went looking for it.
      It was located in System32 & named…
      “Microsoft Compatibility Telemetry.”
      Details are…

      Created > 3/11/2018. (That’s 3rd November.)
      Modified > 13/8/2018.
      Size > 120 KB.
      Version > 10.0.17673.1003

      I re-named it but would like to know which update was it included with & will it be
      re-applied?
      I shall keep an eye out for anything suss. & see if it gets re-applied.
      Has anyone else noticed this beastie?
      WIN7, HP, 32 bit.
      &…A few versions of Firefox.

      Ta muchly,
      Mike..

      • #233331 Reply

        PKCano
        Da Boss

        Here is the reason for what you saw:

        There was a patch that MS released new versions of quite frequently, KB2952664, that contained telemetry. We hid it to prevent this.
        As of the 2018-09 Preview Rollup, and continuing with the monthly Rollups from 2018-10 Monthly Rollup onward, Microsoft has included the functionality of KB2952664 in the Rollups. It is no longer a separate patch and cannot be uninstalled separately from the Rollup. “CompatTelRunner.exe” is a part of this functionality.

        So, it seems, there are some options available: uninstall the Oct and/or Nov Rollups and move to Group B Security-only patching, continue to install the Monthly Rollups and use @abbodi86 ‘s method to neutralize telemetry, or uninstall the Oct and/or Nov Rollups and quit patching altogether.

        1 user thanked author for this post.
    • #233353 Reply

      CraigS26
      AskWoody Plus

      Here is the reason for what you saw: There was a patch that MS released new versions of quite frequently, KB2952664, that contained telemetry. We hid it to prevent this. As of the 2018-09 Preview Rollup, and continuing with the monthly Rollups from 2018-10 Monthly Rollup onward, Microsoft has included the functionality of KB2952664 in the Rollups. It is no longer a separate patch and cannot be uninstalled separately from the Rollup. “CompatTelRunner.exe” is a part of this functionality. So, it seems, there are some options available: uninstall the Oct and/or Nov Rollups and move to Group B Security-only patching, continue to install the Monthly Rollups and use @abbodi86 ‘s method to neutralize telemetry, or uninstall the Oct and/or Nov Rollups and quit patching altogether.

      10/25 OCT Rollup Installed …..I find none of the W10 Compatibility culprits mentioned just above by — anonymous 11/15/18  5:38 a.m. — “Hi Y’awll” — MAYBE because long ago we were guided thru the equal of @abbodi86‘s Instructions. His suggested W7 Neutralize Settings are already in my Setup. I still have the GWX Control panel going (net affect here ??) but will monitor for His culprits ( “CompatTelRunner.exe” / System32 & named…“Microsoft Compatibility Telemetry.” ). 2952664 / 3150513, etc., have been taped to my Monitor from long ago Do Not Install list. We’ll see.

      W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

      • #233357 Reply

        PKCano
        Da Boss

        You won’t see KB2952664 new versions any more (only old versions) because it is baked into the Rollups starting with 2018-10 Monthly Rollup.

        You will see 3150513 because it updates the 2952664 functionality that is now a part of the Rollups.
        HIDE IT!!!!

        1 user thanked author for this post.
        • #233362 Reply

          CraigS26
          AskWoody Plus

          You won’t see KB2952664 new versions any more (only old versions) because it is baked into the Rollups starting with 2018-10 Monthly Rollup. You will see 3150513 because it updates the 2952664 functionality that is now a part of the Rollups. HIDE IT!!!!

          IF I / We don’t see — ( “CompatTelRunner.exe” / System32 …“Microsoft Compatibility Telemetry.” ) is THAT fact confirmation the @abbodi86 Neutralize Settings are working ?

          W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

          1 user thanked author for this post.
          • #233374 Reply

            PKCano
            Da Boss

            The information about the included telemetry is applicable, not only to Win7, but to 2976978 (same functionality) on Win8.1.

            I am installing Group A. I am using @abbodi86 ‘s script run as a Scheduled Task on startup. CompatTelRunner is not found on my PC (Win8.1).

            1 user thanked author for this post.
            • #234564 Reply

              jburk07
              AskWoody Plus

              @pkcano:

              I am installing Group A. I am using @abbodi86 ‘s script run as a Scheduled Task on startup. CompatTelRunner is not found on my PC (Win8.1).

              This question might need to be in a separate thread. I am Group A using @abbodi86‘s manual instructions for disabling telemetry. I do have CompatTelRunner.exe on my system with a created date of 11/3/18, which matches the date and time I installed the October rollup, so no surprise there.

              I’m hoping that disabling the scheduled tasks and Performance event trace sessions etc. is all that’s needed, but is there a way to check to to see if CompatTelRunner.exe has ever run on my system and when? I have Windows 7 Home Premium.

              Thanks for any help on this.

              Group A:
              Win7 Home Premium x64 SP1 Ivy Bridge
              Win7 Ultimate x64 SP1 Arrandale
              Win 10 Pro x64 v1903 Ivy Bridge
              Linux Mint Cinnamon 19.2

            • #234566 Reply

              PKCano
              Da Boss

              Read through AKB2952664. @mrbrian did extensive research on the telemetry patches and their doings. The links to his information are there.

              1 user thanked author for this post.
            • #234567 Reply

              jburk07
              AskWoody Plus

              Will do, thanks.

              Group A:
              Win7 Home Premium x64 SP1 Ivy Bridge
              Win7 Ultimate x64 SP1 Arrandale
              Win 10 Pro x64 v1903 Ivy Bridge
              Linux Mint Cinnamon 19.2

        • #233367 Reply

          anonymous

          Thanks for the reply, PKCano.

          To clarify a few points…
          I am in Group B & have been for years.
          I only install the Security updates & never the “Preview Rollups” or the “Monthly Rollups.”
          Whenever I see “KB2952664” it gets hidden immediately.
          It is not in/on my PC.
          As for the suggested fixes by “abbodie86’s”, most have already been done, but I ran through them all again, just to confirm.
          Thank you for the info.
          I shall keep an eye out for any further issues.

          Regs, Mike..

          • #233373 Reply

            PKCano
            Da Boss

            The 2952664 functionality is NOT included in the Group B Security-only patches.

            • #233384 Reply

              anonymous

              Hi once more,

              I know that the dreaded “KB2952664” is not included in the Security updates.
              It appears whenever I/you perform a “normal” manual update check.
              That’s the only time it rears it’s ugly head & it gets hidden immediately.
              I would like to know exactly how that “Compatibility Telemetry” entry was added to my PC
              when I only do the Security updates as per recommended here & never do the “Previews” or “Monthly Rollups.”
              Plus…I do not have KB3150513 on my M/C.

              Thanks.
              Regs, Mike..

              1 user thanked author for this post.
            • #233393 Reply

              PKCano
              Da Boss

              I would like to know exactly how that “Compatibility Telemetry” entry was added to my PC
              when I only do the Security updates as per recommended here & never do the “Previews” or “Monthly Rollups.”

              Can’t answer that one. Look through installed updates and uninstall 2952664 if it’s there. That’s all I can suggest.

              1 user thanked author for this post.
            • #233869 Reply

              Elly
              AskWoody MVP

              CompatTel was added before the Group A and Group B updating was established… so you were probably ‘infected’ some time in the past.

              The best instructions I’ve found for avoiding telemetry updates was given by @CanadianTech for clean installs (but you can also go back and uninstall what he wouldn’t have installed in the first place). You might check out Post #188268 and/or Windows Update in 2018 and you will avoid both CompaTel and diagtrack telemetry. Then when you apply Security Only patches, you will continue to avoid telemetry, not having it installed on your computer, rather than disabling it.

              Its probably easier to apply @abbodi86‘s procedure to disable telemetry…

              Win 7 Home, 64 bit, Group B

            • #235336 Reply

              anonymous

              Hi @Regs, Mike.

              I just thought that I could tell you all something about how things can appear in ours systems without our knowledge. And it´s becuase that you installed forexample: [Or something else].

              I installed windows6.1-kb3177467-v2-x86_abd69a188878d93212486213990c8caab4d6ae57.msu, in october.
              Later I installed also this one:
              windows6.1-kb4462915-x86_bfcfa4c0997862cd2c0f8cd3df6f38bdacf6d07b.msu, which was given to us in october.
              I’m within the group B with Windows 7 Pro 32 bit.

              Before I did this installation I checked if I had one file which had the name: KB 302 03 69, and I couldn’t find it at all in the registry before I installed both files of:
              kb3177467 and kb4462915.

              But know I can find it here when I [you] doing one simple search with: kb3020369
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-servicingstack_31bf3856ad364e35_0.0.0.0_none_2d3956f60f74b69a

              I’m with you on KB3150513, I dont have it either.

              So when it comes to uninstall something Microsoft says it can’t be done… Just search it in the registry and disable it, but please make a copy before you doing anything with your registry, and specially work slow with it, if you don’t have the knowledge when it comes to change stuff within the registry.

              Best regards
              Christer
              ______________________
              Hi once more,

              I know that the dreaded “KB2952664” is not included in the Security updates.
              It appears whenever I/you perform a “normal” manual update check.
              That’s the only time it rears it’s ugly head & it gets hidden immediately.
              I would like to know exactly how that “Compatibility Telemetry” entry was added to my PC
              when I only do the Security updates as per recommended here & never do the “Previews” or “Monthly Rollups.”
              Plus…I do not have KB3150513 on my M/C.

              Thanks.
              Hi @Regs, Mike..
              _______________________

            • #235340 Reply

              PKCano
              Da Boss

              KB3150513 only shows up in Windows Update if you have KB2952664 installed. If you have avoided KB2952664, you should not have KB3150513 on your system.

              @mrbrian did extensive research on Windows telemetry. There is information telemetry in our Knowledge Base article AKB2952664 and links to some of the research that was done, You may be interested in reading it.

              1 user thanked author for this post.
    • #233510 Reply

      anonymous

      Looks like there’s a bug in KB 890830 for 32-bit Win7 — Prerelease code for XP? Pshaw.

      It is bug with code meant for Windows XP paid support in November 2018. Some of the code was paid support that businesses are pay to MS to keep XP running.

      1 user thanked author for this post.
      • #233523 Reply

        woody
        Da Boss

        Now THAT makes some sense.

        It’s a bug. But at least it’s a bug with a porpoise.

    • #234019 Reply

      CraigS26
      AskWoody Plus

      The information about the included telemetry is applicable, not only to Win7, but to 2976978 (same functionality) on Win8.1. I am installing Group A. I am using @abbodi86 ‘s script run as a Scheduled Task on startup. CompatTelRunner is not found on my PC (Win8.1).

      PKC: Ref Imgur Adm Cmd Prompt Below … If I clk Enter, then Exit … is THAT How you run this Script?
      I DID find – CompatTelRunner.exe – in system32 & the logs Show Transmissions at last 2 monthly WU’s but NOT in between.
      DO YOU still run MSRT after Script entry?
      Many Thanks!!

      View post on imgur.com

      W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

      • #234023 Reply

        PKCano
        Da Boss

        The command in your pic creates a scheduled task “W10Telemetry”  (Task Scheduler) to run the W10Tel cmd script file on startup. You put the W10Tel cmd file in the %windir% (usually C:\Windows) folder and it runs at startup automatically. There is a link to download the W10Tel cmd file from pastebin here.

        I usually choose to install MSRT when I install updates, but do not run MRT otherwise b/c I use TrendMicro or Bitdefender for Internet security.

        1 user thanked author for this post.
    • #234155 Reply

      OscarCP
      AskWoody Plus

      According to the Master Patch List, the Service Stack Update kb3177467 is given with date 11/13/2018 next to a link to the MS “Advisory page”. Going there, the date of the update is of last month; if so, this would be the one I have already installed along with the other October patches.

      Am I  correct? Thanks.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      • #234182 Reply

        DrBonzo
        AskWoody Plus

        11/13/2018 is the date of the Advisory Page (which as of 10:05 pm PST was last updated on 11/14/2018). If you scroll down you’ll see the WIN 7 entries. The 3rd and 4th columns in the Advisory Page have links that will take you to the KB support article for 3177467 and the MS Catalog page for 3177467, respectively. The catalog page has links to both the v1 and v2 editions of the 3177467 Servicing Stack Update. The support article and the catalog page both have October 2018 dates. Only you know what you downloaded and installed as the October Updates, but this catalog page is where I went to download v2 of KB 3177467. So, if you did what I did, you should be fine. (v1 has 2016 dates and v2 has 2018 dates on the catalog page.) I’m WIN 7 Pro, sp1, x64 as I believe you also are.

        1 user thanked author for this post.
    • #234334 Reply

      abbodi86
      AskWoody_MVP

      Interesting upcoming change:

      2019 SHA-2 Code Signing Support requirement for Windows and WSUS

      Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by April 2019. Any devices without SHA-2 support will not be offered Windows updates after April 2019.

      6 users thanked author for this post.
    • #234362 Reply

      cesmart4125
      AskWoody Plus

      I notice 2018-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4467240) is not listed in the Master Patch List.

      Would someone please explain why KB4467240 does not appear in the Master Patch List.    Thanks for your help.

       

       

       

      Attachments:
    • #234377 Reply

      CraigS26
      AskWoody Plus

      Interesting upcoming change: 2019 SHA-2 Code Signing Support requirement for Windows and WSUS

      Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by April 2019. Any devices without SHA-2 support will not be offered Windows updates after April 2019.

      My first Search attempt appears to show a 2015 KB3033929 WU member solves this, and Update History / Installed Updates shows it there for me via 3/11/15 Updates.
      PKC, Woody, etc., can confirm this is all we need.

      https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3033929

      W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

      1 user thanked author for this post.
      • #234379 Reply

        PKCano
        Da Boss

        I can only speculate, but my guess is that the newer patches released in the Jan-Mar 2019 time frame will supercede the 2015 patch and will then be required by Windows Update.

        2 users thanked author for this post.
    • #234729 Reply

      Lars220
      AskWoody Lounger

      Another Security Update for Adobe Flash Player

      https://support.microsoft.com/en-us/help/4477029/security-update-for-adobe-flash-player

      with the known history of insecure Flash Player and its continous updates, why, beside $$$ does Micro$oft continue to embed it in Edge, sigh, lament.  I know, yes it can be disabled.

      3 users thanked author for this post.
      • #234785 Reply

        anonymous

        Most people are not tech-savvy and tend to blame what is immediately in front of their eyes. So, the likely reason is that MS believes  people would blame MS Edge for non-functioning content on a website and  instead of the blaming the site author for using unsafe Flash content.  ‘Warn and ask’ would be a better option. – a big red scary warning that would worry people enough to reduce the number of clicks.

        2 users thanked author for this post.
    • #234812 Reply

      anonymous

      Win 10 1709 64bit:   Did a standalone install of SSU update and November delta update KB4467686, install was smooth, machine has been stable 3 days.

    • #236712 Reply

      CraigS26
      AskWoody Plus

      Inst’d Without issue (Macrium Image @ Ready) :  Nov Mo Sec Rollup  KB4467107/ 4.72 NetFrmwk KB4467240/ Ofc ’10-(32) KB4032218/ Ofc ’10-(32) KB3114565/ ’10-(32) Excel KB4461530/ ’10-(32) Word KB4461526/ Outlook APP Not Active in Hm-Stud Ofc ’10 but Updates Show KB4461529….  Skipped MSRT — so far.

      The ONLY evidence of Heartbeat Calling Home is (per log) last 2 WU runs of MSRT. First time I’ve passed on MSRT AND in my entire life Nothing has ever popped-up from running it. ESET Security Suite/ Mbam Prem/ SAS Pro ….

      W10-64 1909 Home / Hm-Stdnt Ofce '16 C2R / HP Envy i5-8400/ 12 GB / 256G SSD + 1 TB HDD / InSpectre #8 = GREEN

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft security patches are up

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.