News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

    Home Forums AskWoody blog MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

    Viewing 27 reply threads
    • Author
      Posts
      • #351339 Reply
        woody
        Da Boss

        We have confirmed reports of six bad patches this month – Monthly Rollups and Security-only patches for Win7, 8.1, Server 2008 R2, 2012, 2012 R2 – and
        [See the full post at: MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE]

      • #351368 Reply
        doriel
        AskWoody Lounger

        Are they really that bad in programming? I know OS is a complex thing, but issues seems to grow in numbers. Maybe they should do fewer updates. There is nothing worse than CTRL+C and CTRL+V your buggy source code… Office 365 is a new holy grail for hackers, security patches are freezing servers 🙂 How convinient, good job, Micro$oft. I bet M$ will earn more money this year, than ever before. This is so unfair.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        2 users thanked author for this post.
      • #351396 Reply
        MikeMc
        AskWoody Lounger

        First, this is what happens when you add what should b application software (features) as part of the OS, and then try to do it every 6 months. Second, no Windows 7/2008R2 updates after January, sounds like a positive feature to me. The only time my computer system (6 servers and 10 workstations) has ever been brought down it has been at the hands of Microsoft; never by a virus or other bad actor.

        12 users thanked author for this post.
      • #351413 Reply
        Mr. Natural
        AskWoody Plus

        Well now, this is interesting. Speaking of Defcon levels…..

        Credit The Enquirer for an article they posted in which Microsoft is introducing a “security configuration framework” featuring SECCON levels which will “mimic the DEFCON levels used by the US Army”.

        US Army?……yeah right. I think perhaps the idea came from elsewhere……

        https://www.theinquirer.net/inquirer/news/3074092/windows-10-seccon-securituy-framework

        https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/

        Red Ruffnsore reporting from the front lines.

        5 users thanked author for this post.
        • #352749 Reply
          woody
          Da Boss

          I came up with the original terminology – including the WOPR Word add-on – after seeing War Games. Great movie.

          2 users thanked author for this post.
      • #351421 Reply
        anonymous
        Guest

        If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon.  If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

        • #352747 Reply
          jabeattyauditor
          AskWoody Lounger

          If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon. If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

          “Pure speculation” like this should remain unwritten. I could just easily and irresponsibly suggest that you’re a Russian-controlled Apple-powered bot posting from a Chinese-hosted IP address.

          I would be just as wrong to do so.

          Boeing writes its own control software; many of their software engineers work in DC, CA, AL, OK, and MO. This is easily verified.

          2 users thanked author for this post.
          • #353259 Reply
            Seff
            AskWoody Plus

            While I fully understand why some commenters here prefer – or even need – to remain anonymous, it is undoubtedly the case that comments made anonymously lose a lot of their credibility. I would strongly urge those who are not required to comment anonymously to sign up and acquire greater credibility for their views through establishing a known track record over time.

            10 users thanked author for this post.
            • #353596 Reply
              woody
              Da Boss

              Couldn’t have said it better m’self.

              We have registered users in countries where open interaction like this is frowned upon – they use VPNs. We have employees of companies with skin in the game – they use throwaway email addresses (which is just fine by me). There are lots of reasons to want to post anonymously, but if you’re going to post more than once or twice, figure out a way to get an account. It makes life easier for everybody.

              4 users thanked author for this post.
      • #351986 Reply
        Lars220
        AskWoody Lounger

        Tip of the hat to Mr. Natural, #351413,  Congratulations Woody, it appears that Microsoft might be reviewing your informative website here, and has decided after much due diligence and quarrelsome discussion, to actually imitate your excellent DEFCON system with their Security SECCON framework for securing Windows 10. Thank you Woody for doing a Mighty Fine job. And before anyone gets upset, realize that this is tongue in cheek happy humour 🙂

        https://www.zdnet.com/article/microsoft-publishes-seccon-framework-for-securing-windows-10/

        P.S. Do Not use Internet Explorer, new Zero Day attack:

        https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

        Please-Wait

        Attachments:
        • #353857 Reply
          OscarCP
          AskWoody Plus

          From the zdnet “zero-day exploit” article Lars220 gave a link to:

          We determined that a fix for this issue will be considered in a future version of this product or service,” Microsoft said, according to Page. “At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

          Following Microsoft’s firm response, the researcher released details about the zero-day.

          This is a problem when  IE11 processes MHT files. What are these files and where one is likely to encounter one of them?

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

          • #353911 Reply
            PKCano
            Da Boss

            You can save a webpage two ways in IE.
            As HTML – saves in two parts: a file and a folder that contains the graphics.
            A MHT – saves the webpage as a single file.
            If you choose “Save” there is a pulldown below the name of the file that gives you the choice of format in which to save the webpage.

            • #354893 Reply
              OscarCP
              AskWoody Plus

              Thanks, PKCano. So, is there a hazard in saving a Web page in this single-file format? Or in opening an MHT file one got from someone else?

              I have tried to save Web pages as MHT many times, although in a good percentage of those trials, IE11 could not read the very MHT file it was used to create, so the file was useless to me and had to delete it.

              Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #352695 Reply
        Alex5723
        AskWoody Plus

        If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care..

        Yet no one dare to sue Microsoft for $BB in damages and test Microsoft’s EULA in court.

        1 user thanked author for this post.
      • #352742 Reply
        anonymous
        Guest

        The recent 1803 cumulative update was causing similar problems to the 1809 update on one of my machines. Had to roll it back.

      • #352803 Reply
        rc primak
        AskWoody_MVP

        Is all of this DEFCON-1 nonsense only about the slowdown in Windows 10 Version 1809 because third party antivirus vendors are using undocumented APIs? Is this still a continuation of the bogus complaint that Microsoft is somehow to blame for this?

        Yeah, for older versions of Windows and Server editions, there are other, unrelated bugs in the current updates crop. But DEFCON-1?

        For Windows 10 1809 users, the solution is obvious — remove and do not use third party security software and browser security apps and security add-ons. Then watch your system performance magically return to normal or better than before.

        -- rc primak

        1 user thanked author for this post.
        • #353071 Reply
          GoneToPlaid
          AskWoody Plus

          MS is to blame for this. Since the days of Vista, MS made undisclosed agreements with several AV vendors to keep the undocumented hooks available to them. It was either that, or all of the major AV vendors were going to sue MS. It is only recently that MS has had issues with updates causing problems with AV products. Meltdown and Spectre forced MS to rework all kernel code. This required most AV vendors to rework how their products interact with the kernel. Yet this latest issue, pure and simple, is Microsoft’s fault.

          How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product? In the past and prior to the OS patches for Meltdown and Spectre, we never had updates cause serious issues for multiple AV products. This latest snafu is another good example of why Nadella should have never fired the windows update quality control team. Updates have pretty much been in the gutter ever since.

          10 users thanked author for this post.
          • #353109 Reply
            rc primak
            AskWoody_MVP

            How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

            Apparently, it’s harder than we may be thinking. Though to be fair, I don’t know all the details.

            -- rc primak

            1 user thanked author for this post.
            • #353623 Reply
              woody
              Da Boss

              I don’t either.

              Haven’t yet seen a common denominator for the 1809 cumulative update slowdowns. And I doubt that they’re related to the Win7/8.1 antivirus inanities. Most likely just a coincidence that they shipped on the same day.

              I’m also surprised that we haven’t seen slowdowns on some 1803 machines.

          • #353957 Reply
            OscarCP
            AskWoody Plus

            GoneToPlaid, a few variations on this theme of yours:

            How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

            Or maybe have several AV installed in the same computer, and turn them on one at the time for testing?

            Or several computers, each with several AV?

            Or…

            Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

          • #354421 Reply
            joep517
            AskWoody MVP

            If Microsoft has formal agreements with vendors for these APIs to perform in a certain way and that is broken it is indeed Microsoft’s blame. If there were formal agreements they were most likely time limited. Perhaps the time ran out and Microsoft made changes that were known to the AV vendors to be coming. Since we do not know for sure what, if any, agreements exist it is pure speculation to say that Mirosoft is completely at fault.

            It is probably not as simplistic as keeping several bare bones machiens with various AV products to test. It may be a combination of installed software and/or running software and/or motherboard and/or anything that can change how a PC is working. The combinations quickly multiply to something that is unable to be tested.

            --Joe

            1 user thanked author for this post.
            • #354455 Reply
              woody
              Da Boss

              Yep. Ultimately it boils down to a question of whether the APIs are being used as documented.

              Having, uh, smooshed a few APIs in my day, I can sympathize.

          • #355104 Reply
            lurks about
            AskWoody Lounger

            To keep a competent QA group in-house costs money on product that MS does feel is important to its future. I would say this penny-wise and pound-foolish as keeping your current customers moderately happy will keep them using your products and services. A salesman once told me it is much cheaper to keep a regular, if small account, happy than to pound the pavement to get a new customer. All companies rely on repeat business so keeping your existing customers happy is money well spent. So Windows users who have been burned by any of the various update foul-ups are not exactly happy customers. Irritate them enough and they will leave. The worst customer to win is the ex-customer as they have a bad history with you.

            Moral of the story, spend real money on a competent QA staff, listen to users who do not see the point of very frequent updates that degrade stability, and realize your best potential customers for a new product are you current customers.

            3 users thanked author for this post.
      • #352889 Reply
        GoneToPlaid
        AskWoody Plus

        If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon. If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

        The software for the Boeing 737 MAX was not written by Microsoft.

        2 users thanked author for this post.
        • #353512 Reply
          anonymous
          Guest

          Thanks for the clarification, a simple statement on who it does come from on the national news would have helped. Sorry if I ruffled feathers. I apologize, I’m sure I’m not the only one that thought has crossed the mind of.

      • #353270 Reply
        Charlie
        AskWoody Plus

        Hey, we had a fairly good batch of Win 7 & Win 8.1 updates in March.  There were some problems a few months previous to that.  Now we’re having problems again which may take MS a month or more to fix.

        It seems to me that it would be better if MS waited until they got the updates done right, and then released them.  If that meant every 2 or 3 months, then so be it.  Urgent, emergency updates & patches could be released quickly if a dire situation arose.

        Win 7 Still Alive, x64, Intel i3-2120 3.3GHz, Linux Mint 19.1

        2 users thanked author for this post.
      • #353312 Reply
        Microfix
        AskWoody MVP

        Looks like MS have updated the catalog yesterday:
        String of patches 04/11/2019
        https://www.catalog.update.microsoft.com/Search.aspx?q=2019-4

        Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |
        3 users thanked author for this post.
        • #353390 Reply
          PKCano
          Da Boss

          Looks like those changes represent the block for Sophos and Avira AV products.

          Opinion: with any kind of testing at all, this could have been done ahead of time and saved a lot of customers a lot of headaches.

          8 users thanked author for this post.
          • #353788 Reply
            GoneToPlaid
            AskWoody Plus

            Heck, they could have caught these AV product issues by testing in virtual machines!

            1 user thanked author for this post.
            • #353960 Reply
              Microfix
              AskWoody MVP

              Imagine not being able to update an AV on Win7 after EOL..have we just witnessed it?
              Welcome to the Matrix 😛

              Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |
              1 user thanked author for this post.
      • #353639 Reply
        GoneToPlaid
        AskWoody Plus

        Hi everyone,

        My computers are Win7 Group B. Earlier this week, I installed the April 9, 2019 KB4493448 Security-only update on one of my computers. I had no issues since all of my computers run Panda antivirus.

        Here is the thing. When I installed KB4493448 earlier this week, I was pretty sure that I saw my computer reboot twice — first after installing KB4493448 in Windows (ye old required reboot after installing updates), and then a second time while starting up and configuring my computer. I wasn’t entirely sure about this since I was grabbing another cup of morning coffee.

        I figure that KB4493448 is going to either get pulled or get re-released. So a little while ago I decided to uninstall it. Sure enough, after uninstalling and rebooting, I watched Windows start, do some stuff, and then reboot again. I don’t recall ever seeing this kind of behavior when installing updates. On the other hand, I have seen similar behavior when installing device drivers when Windows detects new hardware on startup. At least I was able to cleanly uninstall KB4493448. I didn’t have to temporarily disable Panda AV or go into Safe Mode to do so.

        I figure that the double-reboot thing indicates that Microsoft changed something really deep within the kernel — perhaps enough to cause issues with at least a few AV products. Did any of you all Win7 or Win8 users notice the same double-reboot thing when installing the April rollup or the April security-only update?

        1 user thanked author for this post.
        • #356221 Reply
          alpha128
          AskWoody Plus

          Hi everyone, My computers are Win7 Group B. Earlier this week, I installed the April 9, 2019 KB4493448 Security-only update on one of my computers. I had no issues since all of my computers run Panda antivirus. Here is the thing. When I installed KB4493448 earlier this week, I was pretty sure that I saw my computer reboot twice — first after installing KB4493448 in Windows (ye old required reboot after installing updates), and then a second time while starting up and configuring my computer. I wasn’t entirely sure about this since I was grabbing another cup of morning coffee. I figure that KB4493448 is going to either get pulled or get re-released. So a little while ago I decided to uninstall it. Sure enough, after uninstalling and rebooting, I watched Windows start, do some stuff, and then reboot again. I don’t recall ever seeing this kind of behavior when installing updates. On the other hand, I have seen similar behavior when installing device drivers when Windows detects new hardware on startup. At least I was able to cleanly uninstall KB4493448. I didn’t have to temporarily disable Panda AV or go into Safe Mode to do so. I figure that the double-reboot thing indicates that Microsoft changed something really deep within the kernel — perhaps enough to cause issues with at least a few AV products. Did any of you all Win7 or Win8 users notice the same double-reboot thing when installing the April rollup or the April security-only update?

          My employer pushed the Windows 7 Roll-up to my system today and I most definitely saw the double reboot. It booted up, starting configuring updates, and then shut down and restarted again.

          1 user thanked author for this post.
      • #353695 Reply
        GoneToPlaid
        AskWoody Plus

        Thanks for the clarification, a simple statement on who it does come from on the national news would have helped. Sorry if I ruffled feathers. I apologize, I’m sure I’m not the only one that thought has crossed the mind of.

        No worries, and no feathers were ruffled. And I am sure that you are far from the only one who has wondered about who creates the flight computer software. The short answer is in-house, and in the case of MCAS, a Boeing subcontractor which is not Microsoft.

        Hey, be a gem and register here at AskWoody! It would be nice to have you here.

        3 users thanked author for this post.
      • #354260 Reply
        seeteeyou
        AskWoody Lounger

        How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

        Apparently, it’s harder than we may be thinking. Though to be fair, I don’t know all the details.

        Here are the details, of course it’s VERY hard when they don’t even have THAT many testers anymore:

        Microsoft Bug Testers Unionized. Then They Were Dismissed

        BTW, aren’t we missing the whole point here? They’ve gotta be laughing all the way to the bank since they’re essentially “outsourcing” their own bug testing to paying (NOT paid) consumers:

        Microsoft to business: Don’t worry about Windows 10, consumers will test it

      • #354642 Reply
        Alex5723
        AskWoody Plus

        For Windows 10 1809 users, the solution is obvious — remove and do not use third party security software and browser security apps and security add-ons. Then watch your system performance magically return to normal or better than before.

        And run an unprotected Windows PC as Defender is, always has been and always will be, just c**p.

        1 user thanked author for this post.
        • #355292 Reply
          joep517
          AskWoody MVP

          Defender in Windows 10 is much better than prior versions. Plus, it is where Microsoft keeps extending security with new protections.

          --Joe

          1 user thanked author for this post.
          • #363392 Reply
            phaolo
            AskWoody Lounger

            I think I have some weird bug with Defender in Win7, though.
            Every once in a while, after an update, my starting programs in the registry kinda “break”.
            I manage to fix this only by restoring to a previous date.  ¯\_(O_o)_/¯

            1 user thanked author for this post.
        • #441251 Reply
          rc primak
          AskWoody_MVP

          According to recent independent testing, Windows Defender is far better than [garbage]. And very far better than a truly unprotected Windows installation, as if such a thing were even possible these days. (Windows Defender will switch on automatically if nothing else is present.)

          I’m not saying WD is the greatest AV product out there. Far from it. But WD is “good enough” for most users, myself included. And it won’t interfere with updating or upgrading my PC.

          -- rc primak

      • #355617 Reply
        MyAussie
        AskWoody Plus

        Hello to all

        Seen Woody’s earlier Ok to install KB4493435 and KB4493448 which I did the other day (4/10/2019) after his post, and before this “DON’T UPDATE” warning.  So far I have not  experienced any problems, so should I continue on and leave well enough alone, or should I uninstall both of them, and wait on another release / re-release ??

         

        Win 7, Home, Group “B” , Norton Security

        • #355774 Reply
          PKCano
          Da Boss

          You have already installed April updates. If you are not having any problems, leave well enough alone this time.

          But the idea of the DEFCON system is NOT to patch on Patch Tuesday or immediately thereafter, but to wait until the DEFCON number is at 3 or above. This will usually be three or four weeks later. That gives the Guinea pigs out there time to test the patches before you apply them so you don’t experience the issues that may arise.

          5 users thanked author for this post.
          • #362239 Reply
            The Surfing Pensioner
            AskWoody Plus

            Oh, those adrenalin junkies who like to update at the earliest possible moment! My WU is only turned on for an hour a month, so every patch Tuesday I can sit back in curious wonderment and watch the melee .

            4 users thanked author for this post.
            • #363386 Reply
              Demeter
              AskWoody Plus

              Ditto. Win 7 Pro, x64 SP1, i7-core Haswell, Grp. A, HP ZBook

            • #374205 Reply
              anonymous
              Guest

              I keep wanting to update at the earliest possible moment as I seem to be trapped in a update vicious circle. I currently have some issues in 1809 which have been fixed in a recent release. I can’t install the recent release because that has even worse issues that I don’t want to take onboard. Then there is a newer release which fixes both issues but then creates yet another issue that I don’t want to take onboard. So I always end up looking at the horizon in hope that that magic fix will be here soon!

              • #396320 Reply
                The Surfing Pensioner
                AskWoody Plus

                I sympathise. That’s why I’m still running Windows 7.

              • #402095 Reply
                anonymous
                Guest

                Get out of the rut.

                My rule of thumb is wait three weeks after patch release before installing then on your own update day, search online for the KB. Websites like this one of Reddit generally carry discussion about problems associated with individual patches.  Here you can access Patch Lady’s Master list.

                In summary, don’t even think about installing released updates for three weeks then do your research. Install any clean at-least-three-week-old updates then. You may be able to make a decision about other updates. For example, current AV issues do not affect my installation (but I am still in a wait period so won’t install yet).

                1 user thanked author for this post.
      • #356118 Reply
        alpha128
        AskWoody Plus

        My employer pushed the Windows 7 roll-up to my workstation today.  I discovered that, if you disabled libraries on your computer (https://www.askvg.com/how-to-disable-libraries-feature-in-windows-7/), this is another patch where you will want to re-enable libraries before installing.

        Otherwise, you get a variation of the can’t rename folders in Windows Explorer bug.  You can rename the folder, but you will then get an “Item Not Found” error.

        I haven’t installed the roll-up on my home computer. And since I’m running Avast!, I don’t plan to anytime soon.

        2 users thanked author for this post.
        • #362320 Reply
          woody
          Da Boss

          Interesting. I haven’t heard of that one. By any chance do you know of any other people who are having the same problem?

      • #356492 Reply
        DriftyDonN
        AskWoody Plus

        Noticed my PC checked for updates on 10 apr- didnt do anything…yay!!!

        Here we are chewing our nails and checking what microsoft has screwed up on our systems now and some think it’s a good idea to let M$oft in charge of antivitus/malware / security? Not me!!!

        "Vision without action is a daydream. Action without vision is a nightmare."

      • #356826 Reply
        R
        AskWoody Lounger

        It was a weird update for sure. Besides the cumulative update I got a vague kb 4023057 update that seems to re-appear every month now. On one system it crashed some sedsvc.exe process. On another system this specific update failed first and after an automatic retry it also crashed everything sedsvc-related. And on yet another system it crashed some other sedsvc processes. All in all it took much longer than usual to update. As a bonus, after restarting another update was found regarding microcode. Which required yet another restart. Sigh, using Windowd 10 requires a day off to update … 🙁

      • #357870 Reply

        On April 1st (April Fool’s?), Woody wrote:

        “In general, March’s patches seem quite tame. Let’s hope that’s the new normal.”

        Never, ever, ever say, “Gosh , things are possibly looking good.”

        As the old Spanish saying goes, “The Devil seldom lies dead in a ditch.”

        Or, more to the point, to quote Ambrose Bierce, “Speak of the Devil and he’ll hear about it.”

        Sinister forces are at work, and the smell of Brimstone reeks from Redmond.

        O Tempora! O Mores! Back into the fallout shelter! (“Honey, where’s that tin of beets? I sure am getting sick of dried Venison…”)

        [Just thought some humor, even black, would bring some relief…it’s either that or it’s pitchforks and torches time…]

        Exploding-PC-small

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode."
        --
        "A committee is the only known form of life that has at least six legs and no brain."

        -Robert Heinlein

        Attachments:
        1 user thanked author for this post.
      • #362546 Reply
        anonymous
        Guest

        Just had KB4493509 forced on my 1809 Home install ignoring metred connection.

        😐

        1 user thanked author for this post.
      • #363397 Reply
        phaolo
        AskWoody Lounger

        Ok, enough.
        I’ve updated Win7 till February plus the Servicing Stack and SHA2 patches.
        Seeing the quality of the next ones, I’ll postpone this pain for a good while.
        At this point, I just hope that MS won’t leave Win7 in a broken status at the end of its support..

        • #373606 Reply
          anonymous
          Guest

          I have done the same but I haven’t installed the “Servicing Stack and SHA2 patches” either.

          There might be worse coming in a “Sleeper” update. Time to be a spectator until after EOL.

           

        • #390264 Reply
          PKCano
          Da Boss

          As of July, the Servicing Stack and SHA-2 patches will become mandatory if you want to continue receiving updates through Windows Update. Microsoft is changing the way they deliver updates from using SHA-1 to SHA-2, which is more secure.

          • #433195 Reply
            phaolo
            AskWoody Lounger

            Ah PKCano, is there a non-buggy IE cumulative update after december 2018? (the last one I installed was KB4470199)

            • #433357 Reply
              PKCano
              Da Boss

              Check the Master Patch Lost (button in top menubar) for the past months.

              • #470905 Reply
                phaolo
                AskWoody Lounger

                Thanks but that just seems to lists the patches, buggy or not.
                Oh well, I’ll check the various patch articles.

                EDIT: I’ll probably install kb4486474

      • #380615 Reply
        Geo
        AskWoody Lounger

        I did the MSRT update.  Never had a problem with them.

      • #399922 Reply
        anonymous
        Guest

        Great and here I was planning on doing the update for April

      • #402063 Reply
        gngerlou
        AskWoody Lounger

        Where can I find a list of 2019 updates to Windows 7 Pro which are safe to apply?

        • #402086 Reply
          PKCano
          Da Boss

          The April updates are still up in the air. We are still collecting the casualties. So hold off patching any of April’s mess.

          For past months, there is Susan Bradley’s (Patch Lady) Master Patch List accessed by the button at the top of the blog in the gray bar. It’s sorted by months.

          You might read about out DEFCON System (currently DEFCON-1 designated by the big numbers at the top of the blog). You can read about it by clicking on the button in the top bar also. Basically, it says, don’t patch early after Patch Tuesday. Let others be the cannon fodder. When the DEFCON level is 3 or above, Woody publishes a guide in ComputerWorld with instructions for safe patching.

          1 user thanked author for this post.
      • #412706 Reply
        derma
        AskWoody Lounger

        I’m helping someone update a Group A laptop (Win 7, 64-bit) that hasn’t been updated since October 2017.

        This individual can’t handle any of the hiding/unhiding necessary in Windows Update to get the March 2019 monthly rollup to re-appear (because PciClearStaleCache.exe isn’t available in the April 2019 rollup).

        They can’t handle the Microsoft Update Catalog either.

        I’m going to send them the following files (downloaded from the Catalog) and get them to install as follows:

        • KB4490628 – Mar 2019 – servicing stack update – wait 15 minutes after install – REBOOT
        • KB4489878 – Mar 2019 – monthly rollup – REBOOT
        • KB4474419 – Mar 2019 – SHA-2 code signing support update – REBOOT

        I’ve read that it’s better to install the monthly rollups via windows update because the updates will be installed in the correct order, but if the rollups are cumulative, won’t they be installed in the correct order from the Microsoft Update Catalog also?

        • #412979 Reply
          PKCano
          Da Boss

          That is a start. They should set Windows Update to “Check for Updates but let me decide whether to download ans install” before they start.

          After installing the Rollup, wait 20 minutes after the reboot before installing the SHA-2 patch, or install both the Rollup and the SHA-2 without rebooting in between.

          Don’t install any of the April updates yet – there are too many problems with them.

          • #416586 Reply
            derma
            AskWoody Lounger

            I will get them to install the Mar 2019 monthly rollup then SHA-2 update then reboot, as you suggest.

            Thanks

      • #546937 Reply
        dmt_3904
        AskWoody Plus

        Three update questions:

        I have set my connection to metered and have hidden updates, don’t see April updates yet.  Hidden: MSRT , Flash and 4023057.  I am concerned that MSRT will conflict with my security software – but I want to run it, I think it’s a good tool  – can’t find anything about MSRT potentially causing a conflict, any comments on if anyone knows if it will? I am running ESET NOD32.

        I don’t have Flash installed, don’t use it, ergo it’s hidden.  In general, is there any harm/issue with installing an update for something you don’t have installed?  I know Flash is a security risk, haven’t had/used it for a while.

        4023057 – I am waiting until I am ready to install 1903, am currently on 1803.  I read that Microsoft will allow 1803 users to choose what updates to install with an update to 1803 in May. So I plan to get that update (and will do April stuff too, once it’s ok), then will get 1903 in July, prior to expiration of 1803 support.  Putting it out here to the community to see if that sounds like a reasonable plan going forward for updates in the near future. thanks.

        • #547263 Reply
          PKCano
          Da Boss

          By default, Flash is included in IE11 in Win8.1 and Win10. It is on your machine and you do need to update it.

          MSRT should not cause a conflict, but it is you choice whether you run it or not. It runs once a month during the install in Windows Update.

          You don’t need KB4023057 to be able to upgrade Win10. For sure you do not want to install it if you do not intend to upgrade in the near future.

          1 user thanked author for this post.
    Viewing 27 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.