News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

    Home Forums AskWoody blog MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

    This topic contains 67 replies, has 31 voices, and was last updated by

     PKCano 1 month ago.

    • Author
      Posts
    • #351339 Reply

      woody
      Da Boss

      We have confirmed reports of six bad patches this month – Monthly Rollups and Security-only patches for Win7, 8.1, Server 2008 R2, 2012, 2012 R2 – and
      [See the full post at: MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE]

    • #351368 Reply

      doriel
      AskWoody Lounger

      Are they really that bad in programming? I know OS is a complex thing, but issues seems to grow in numbers. Maybe they should do fewer updates. There is nothing worse than CTRL+C and CTRL+V your buggy source code… Office 365 is a new holy grail for hackers, security patches are freezing servers 🙂 How convinient, good job, Micro$oft. I bet M$ will earn more money this year, than ever before. This is so unfair.

      2 users thanked author for this post.
    • #351396 Reply

      MikeMc
      AskWoody Lounger

      First, this is what happens when you add what should b application software (features) as part of the OS, and then try to do it every 6 months. Second, no Windows 7/2008R2 updates after January, sounds like a positive feature to me. The only time my computer system (6 servers and 10 workstations) has ever been brought down it has been at the hands of Microsoft; never by a virus or other bad actor.

      12 users thanked author for this post.
    • #351413 Reply

      Mr. Natural
      AskWoody Plus

      Well now, this is interesting. Speaking of Defcon levels…..

      Credit The Enquirer for an article they posted in which Microsoft is introducing a “security configuration framework” featuring SECCON levels which will “mimic the DEFCON levels used by the US Army”.

      US Army?……yeah right. I think perhaps the idea came from elsewhere……

      https://www.theinquirer.net/inquirer/news/3074092/windows-10-seccon-securituy-framework

      https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/

      Red Ruffnsore reporting from the front lines.

      5 users thanked author for this post.
      • #352749 Reply

        woody
        Da Boss

        I came up with the original terminology – including the WOPR Word add-on – after seeing War Games. Great movie.

        2 users thanked author for this post.
    • #351421 Reply

      anonymous

      If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon.  If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

      • #352747 Reply

        jabeattyauditor
        AskWoody Lounger

        If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon. If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

        “Pure speculation” like this should remain unwritten. I could just easily and irresponsibly suggest that you’re a Russian-controlled Apple-powered bot posting from a Chinese-hosted IP address.

        I would be just as wrong to do so.

        Boeing writes its own control software; many of their software engineers work in DC, CA, AL, OK, and MO. This is easily verified.

        2 users thanked author for this post.
        • #353259 Reply

          Seff
          AskWoody Plus

          While I fully understand why some commenters here prefer – or even need – to remain anonymous, it is undoubtedly the case that comments made anonymously lose a lot of their credibility. I would strongly urge those who are not required to comment anonymously to sign up and acquire greater credibility for their views through establishing a known track record over time.

          10 users thanked author for this post.
          • #353596 Reply

            woody
            Da Boss

            Couldn’t have said it better m’self.

            We have registered users in countries where open interaction like this is frowned upon – they use VPNs. We have employees of companies with skin in the game – they use throwaway email addresses (which is just fine by me). There are lots of reasons to want to post anonymously, but if you’re going to post more than once or twice, figure out a way to get an account. It makes life easier for everybody.

            4 users thanked author for this post.
    • #351986 Reply

      Lars220
      AskWoody Lounger

      Tip of the hat to Mr. Natural, #351413,  Congratulations Woody, it appears that Microsoft might be reviewing your informative website here, and has decided after much due diligence and quarrelsome discussion, to actually imitate your excellent DEFCON system with their Security SECCON framework for securing Windows 10. Thank you Woody for doing a Mighty Fine job. And before anyone gets upset, realize that this is tongue in cheek happy humour 🙂

      https://www.zdnet.com/article/microsoft-publishes-seccon-framework-for-securing-windows-10/

      P.S. Do Not use Internet Explorer, new Zero Day attack:

      https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

      Please-Wait

      Attachments:
      • #353857 Reply

        OscarCP
        AskWoody Plus

        From the zdnet “zero-day exploit” article Lars220 gave a link to:

        We determined that a fix for this issue will be considered in a future version of this product or service,” Microsoft said, according to Page. “At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

        Following Microsoft’s firm response, the researcher released details about the zero-day.

        This is a problem when  IE11 processes MHT files. What are these files and where one is likely to encounter one of them?

        • #353911 Reply

          PKCano
          Da Boss

          You can save a webpage two ways in IE.
          As HTML – saves in two parts: a file and a folder that contains the graphics.
          A MHT – saves the webpage as a single file.
          If you choose “Save” there is a pulldown below the name of the file that gives you the choice of format in which to save the webpage.

          • #354893 Reply

            OscarCP
            AskWoody Plus

            Thanks, PKCano. So, is there a hazard in saving a Web page in this single-file format? Or in opening an MHT file one got from someone else?

            I have tried to save Web pages as MHT many times, although in a good percentage of those trials, IE11 could not read the very MHT file it was used to create, so the file was useless to me and had to delete it.

    • #352695 Reply

      Alex5723
      AskWoody Plus

      If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care..

      Yet no one dare to sue Microsoft for $BB in damages and test Microsoft’s EULA in court.

      • This reply was modified 1 month, 1 week ago by
         Alex5723.
      1 user thanked author for this post.
    • #352742 Reply

      anonymous

      The recent 1803 cumulative update was causing similar problems to the 1809 update on one of my machines. Had to roll it back.

    • #352803 Reply

      rc primak
      AskWoody_MVP

      Is all of this DEFCON-1 nonsense only about the slowdown in Windows 10 Version 1809 because third party antivirus vendors are using undocumented APIs? Is this still a continuation of the bogus complaint that Microsoft is somehow to blame for this?

      Yeah, for older versions of Windows and Server editions, there are other, unrelated bugs in the current updates crop. But DEFCON-1?

      For Windows 10 1809 users, the solution is obvious — remove and do not use third party security software and browser security apps and security add-ons. Then watch your system performance magically return to normal or better than before.

      -- rc primak

      1 user thanked author for this post.
      • #353071 Reply

        GoneToPlaid
        AskWoody Plus

        MS is to blame for this. Since the days of Vista, MS made undisclosed agreements with several AV vendors to keep the undocumented hooks available to them. It was either that, or all of the major AV vendors were going to sue MS. It is only recently that MS has had issues with updates causing problems with AV products. Meltdown and Spectre forced MS to rework all kernel code. This required most AV vendors to rework how their products interact with the kernel. Yet this latest issue, pure and simple, is Microsoft’s fault.

        How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product? In the past and prior to the OS patches for Meltdown and Spectre, we never had updates cause serious issues for multiple AV products. This latest snafu is another good example of why Nadella should have never fired the windows update quality control team. Updates have pretty much been in the gutter ever since.

        10 users thanked author for this post.
        • #353109 Reply

          rc primak
          AskWoody_MVP

          How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

          Apparently, it’s harder than we may be thinking. Though to be fair, I don’t know all the details.

          -- rc primak

          1 user thanked author for this post.
          • #353623 Reply

            woody
            Da Boss

            I don’t either.

            Haven’t yet seen a common denominator for the 1809 cumulative update slowdowns. And I doubt that they’re related to the Win7/8.1 antivirus inanities. Most likely just a coincidence that they shipped on the same day.

            I’m also surprised that we haven’t seen slowdowns on some 1803 machines.

        • #353957 Reply

          OscarCP
          AskWoody Plus

          GoneToPlaid, a few variations on this theme of yours:

          How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

          Or maybe have several AV installed in the same computer, and turn them on one at the time for testing?

          Or several computers, each with several AV?

          Or…

        • #354421 Reply

          joep517
          AskWoody MVP

          If Microsoft has formal agreements with vendors for these APIs to perform in a certain way and that is broken it is indeed Microsoft’s blame. If there were formal agreements they were most likely time limited. Perhaps the time ran out and Microsoft made changes that were known to the AV vendors to be coming. Since we do not know for sure what, if any, agreements exist it is pure speculation to say that Mirosoft is completely at fault.

          It is probably not as simplistic as keeping several bare bones machiens with various AV products to test. It may be a combination of installed software and/or running software and/or motherboard and/or anything that can change how a PC is working. The combinations quickly multiply to something that is unable to be tested.

          --Joe

          1 user thanked author for this post.
          • #354455 Reply

            woody
            Da Boss

            Yep. Ultimately it boils down to a question of whether the APIs are being used as documented.

            Having, uh, smooshed a few APIs in my day, I can sympathize.

        • #355104 Reply

          lurks about
          AskWoody Lounger

          To keep a competent QA group in-house costs money on product that MS does feel is important to its future. I would say this penny-wise and pound-foolish as keeping your current customers moderately happy will keep them using your products and services. A salesman once told me it is much cheaper to keep a regular, if small account, happy than to pound the pavement to get a new customer. All companies rely on repeat business so keeping your existing customers happy is money well spent. So Windows users who have been burned by any of the various update foul-ups are not exactly happy customers. Irritate them enough and they will leave. The worst customer to win is the ex-customer as they have a bad history with you.

          Moral of the story, spend real money on a competent QA staff, listen to users who do not see the point of very frequent updates that degrade stability, and realize your best potential customers for a new product are you current customers.

          3 users thanked author for this post.
    • #352889 Reply

      GoneToPlaid
      AskWoody Plus

      If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon. If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

      The software for the Boeing 737 MAX was not written by Microsoft.

      2 users thanked author for this post.
      • #353512 Reply

        anonymous

        Thanks for the clarification, a simple statement on who it does come from on the national news would have helped. Sorry if I ruffled feathers. I apologize, I’m sure I’m not the only one that thought has crossed the mind of.

    • #353270 Reply

      Charlie
      AskWoody Plus

      Hey, we had a fairly good batch of Win 7 & Win 8.1 updates in March.  There were some problems a few months previous to that.  Now we’re having problems again which may take MS a month or more to fix.

      It seems to me that it would be better if MS waited until they got the updates done right, and then released them.  If that meant every 2 or 3 months, then so be it.  Urgent, emergency updates & patches could be released quickly if a dire situation arose.

      Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

      2 users thanked author for this post.
    • #353312 Reply

      Microfix
      Da Boss

      Looks like MS have updated the catalog yesterday:
      String of patches 04/11/2019
      https://www.catalog.update.microsoft.com/Search.aspx?q=2019-4

      ********** Peng/Wins x86/x64 **********

      3 users thanked author for this post.
      • #353390 Reply

        PKCano
        Da Boss

        Looks like those changes represent the block for Sophos and Avira AV products.

        Opinion: with any kind of testing at all, this could have been done ahead of time and saved a lot of customers a lot of headaches.

        • This reply was modified 1 month, 1 week ago by
           PKCano.
        8 users thanked author for this post.
        • #353788 Reply

          GoneToPlaid
          AskWoody Plus

          Heck, they could have caught these AV product issues by testing in virtual machines!

          1 user thanked author for this post.
          • #353960 Reply

            Microfix
            Da Boss

            Imagine not being able to update an AV on Win7 after EOL..have we just witnessed it?
            Welcome to the Matrix 😛

            ********** Peng/Wins x86/x64 **********

            1 user thanked author for this post.
    • #353639 Reply

      GoneToPlaid
      AskWoody Plus

      Hi everyone,

      My computers are Win7 Group B. Earlier this week, I installed the April 9, 2019 KB4493448 Security-only update on one of my computers. I had no issues since all of my computers run Panda antivirus.

      Here is the thing. When I installed KB4493448 earlier this week, I was pretty sure that I saw my computer reboot twice — first after installing KB4493448 in Windows (ye old required reboot after installing updates), and then a second time while starting up and configuring my computer. I wasn’t entirely sure about this since I was grabbing another cup of morning coffee.

      I figure that KB4493448 is going to either get pulled or get re-released. So a little while ago I decided to uninstall it. Sure enough, after uninstalling and rebooting, I watched Windows start, do some stuff, and then reboot again. I don’t recall ever seeing this kind of behavior when installing updates. On the other hand, I have seen similar behavior when installing device drivers when Windows detects new hardware on startup. At least I was able to cleanly uninstall KB4493448. I didn’t have to temporarily disable Panda AV or go into Safe Mode to do so.

      I figure that the double-reboot thing indicates that Microsoft changed something really deep within the kernel — perhaps enough to cause issues with at least a few AV products. Did any of you all Win7 or Win8 users notice the same double-reboot thing when installing the April rollup or the April security-only update?

      1 user thanked author for this post.
      • #356221 Reply

        alpha128
        AskWoody Lounger

        Hi everyone, My computers are Win7 Group B. Earlier this week, I installed the April 9, 2019 KB4493448 Security-only update on one of my computers. I had no issues since all of my computers run Panda antivirus. Here is the thing. When I installed KB4493448 earlier this week, I was pretty sure that I saw my computer reboot twice — first after installing KB4493448 in Windows (ye old required reboot after installing updates), and then a second time while starting up and configuring my computer. I wasn’t entirely sure about this since I was grabbing another cup of morning coffee. I figure that KB4493448 is going to either get pulled or get re-released. So a little while ago I decided to uninstall it. Sure enough, after uninstalling and rebooting, I watched Windows start, do some stuff, and then reboot again. I don’t recall ever seeing this kind of behavior when installing updates. On the other hand, I have seen similar behavior when installing device drivers when Windows detects new hardware on startup. At least I was able to cleanly uninstall KB4493448. I didn’t have to temporarily disable Panda AV or go into Safe Mode to do so. I figure that the double-reboot thing indicates that Microsoft changed something really deep within the kernel — perhaps enough to cause issues with at least a few AV products. Did any of you all Win7 or Win8 users notice the same double-reboot thing when installing the April rollup or the April security-only update?

        My employer pushed the Windows 7 Roll-up to my system today and I most definitely saw the double reboot. It booted up, starting configuring updates, and then shut down and restarted again.

        1 user thanked author for this post.
    • #353695 Reply

      GoneToPlaid
      AskWoody Plus

      Thanks for the clarification, a simple statement on who it does come from on the national news would have helped. Sorry if I ruffled feathers. I apologize, I’m sure I’m not the only one that thought has crossed the mind of.

      No worries, and no feathers were ruffled. And I am sure that you are far from the only one who has wondered about who creates the flight computer software. The short answer is in-house, and in the case of MCAS, a Boeing subcontractor which is not Microsoft.

      Hey, be a gem and register here at AskWoody! It would be nice to have you here.

      3 users thanked author for this post.
    • #354260 Reply

      seeteeyou
      AskWoody Lounger

      How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

      Apparently, it’s harder than we may be thinking. Though to be fair, I don’t know all the details.

      Here are the details, of course it’s VERY hard when they don’t even have THAT many testers anymore:

      Microsoft Bug Testers Unionized. Then They Were Dismissed

      BTW, aren’t we missing the whole point here? They’ve gotta be laughing all the way to the bank since they’re essentially “outsourcing” their own bug testing to paying (NOT paid) consumers:

      Microsoft to business: Don’t worry about Windows 10, consumers will test it

    • #354642 Reply

      Alex5723
      AskWoody Plus

      For Windows 10 1809 users, the solution is obvious — remove and do not use third party security software and browser security apps and security add-ons. Then watch your system performance magically return to normal or better than before.

      And run an unprotected Windows PC as Defender is, always has been and always will be, just c**p.

      1 user thanked author for this post.
      • #355292 Reply

        joep517
        AskWoody MVP

        Defender in Windows 10 is much better than prior versions. Plus, it is where Microsoft keeps extending security with new protections.

        --Joe

        1 user thanked author for this post.
        • #363392 Reply

          phaolo
          AskWoody Lounger

          I think I have some weird bug with Defender in Win7, though.
          Every once in a while, after an update, my starting programs in the registry kinda “break”.
          I manage to fix this only by restoring to a previous date.  ¯\_(O_o)_/¯

          1 user thanked author for this post.
      • #441251 Reply

        rc primak
        AskWoody_MVP

        According to recent independent testing, Windows Defender is far better than [garbage]. And very far better than a truly unprotected Windows installation, as if such a thing were even possible these days. (Windows Defender will switch on automatically if nothing else is present.)

        I’m not saying WD is the greatest AV product out there. Far from it. But WD is “good enough” for most users, myself included. And it won’t interfere with updating or upgrading my PC.

        -- rc primak

    • #355617 Reply

      MyAussie
      AskWoody Plus

      Hello to all

      Seen Woody’s earlier Ok to install KB4493435 and KB4493448 which I did the other day (4/10/2019) after his post, and before this “DON’T UPDATE” warning.  So far I have not  experienced any problems, so should I continue on and leave well enough alone, or should I uninstall both of them, and wait on another release / re-release ??

       

      Win 7, Home, Group “B” , Norton Security

      • #355774 Reply

        PKCano
        Da Boss

        You have already installed April updates. If you are not having any problems, leave well enough alone this time.

        But the idea of the DEFCON system is NOT to patch on Patch Tuesday or immediately thereafter, but to wait until the DEFCON number is at 3 or above. This will usually be three or four weeks later. That gives the Guinea pigs out there time to test the patches before you apply them so you don’t experience the issues that may arise.

        5 users thanked author for this post.
        • #362239 Reply

          The Surfing Pensioner
          AskWoody Plus

          Oh, those adrenalin junkies who like to update at the earliest possible moment! My WU is only turned on for an hour a month, so every patch Tuesday I can sit back in curious wonderment and watch the melee .

          4 users thanked author for this post.
          • #363386 Reply

            Demeter
            AskWoody Plus

            Ditto. Win 7 Pro, x64 SP1, i7-core Haswell, Grp. A, HP ZBook

          • #374205 Reply

            anonymous

            I keep wanting to update at the earliest possible moment as I seem to be trapped in a update vicious circle. I currently have some issues in 1809 which have been fixed in a recent release. I can’t install the recent release because that has even worse issues that I don’t want to take onboard. Then there is a newer release which fixes both issues but then creates yet another issue that I don’t want to take onboard. So I always end up looking at the horizon in hope that that magic fix will be here soon!

            • #396320 Reply

              The Surfing Pensioner
              AskWoody Plus

              I sympathise. That’s why I’m still running Windows 7.

            • #402095 Reply

              anonymous

              Get out of the rut.

              My rule of thumb is wait three weeks after patch release before installing then on your own update day, search online for the KB. Websites like this one of Reddit generally carry discussion about problems associated with individual patches.  Here you can access Patch Lady’s Master list.

              In summary, don’t even think about installing released updates for three weeks then do your research. Install any clean at-least-three-week-old updates then. You may be able to make a decision about other updates. For example, current AV issues do not affect my installation (but I am still in a wait period so won’t install yet).

              1 user thanked author for this post.
    • #356118 Reply

      alpha128
      AskWoody Lounger

      My employer pushed the Windows 7 roll-up to my workstation today.  I discovered that, if you disabled libraries on your computer (https://www.askvg.com/how-to-disable-libraries-feature-in-windows-7/), this is another patch where you will want to re-enable libraries before installing.

      Otherwise, you get a variation of the can’t rename folders in Windows Explorer bug.  You can rename the folder, but you will then get an “Item Not Found” error.

      I haven’t installed the roll-up on my home computer. And since I’m running Avast!, I don’t plan to anytime soon.

      2 users thanked author for this post.
      • #362320 Reply

        woody
        Da Boss

        Interesting. I haven’t heard of that one. By any chance do you know of any other people who are having the same problem?

    • #356492 Reply

      DriftyDonN
      AskWoody Plus

      Noticed my PC checked for updates on 10 apr- didnt do anything…yay!!!

      Here we are chewing our nails and checking what microsoft has screwed up on our systems now and some think it’s a good idea to let M$oft in charge of antivitus/malware / security? Not me!!!

    • #356826 Reply

      R
      Subscriber

      It was a weird update for sure. Besides the cumulative update I got a vague kb 4023057 update that seems to re-appear every month now. On one system it crashed some sedsvc.exe process. On another system this specific update failed first and after an automatic retry it also crashed everything sedsvc-related. And on yet another system it crashed some other sedsvc processes. All in all it took much longer than usual to update. As a bonus, after restarting another update was found regarding microcode. Which required yet another restart. Sigh, using Windowd 10 requires a day off to update … 🙁

    • #357870 Reply

      On April 1st (April Fool’s?), Woody wrote:

      “In general, March’s patches seem quite tame. Let’s hope that’s the new normal.”

      Never, ever, ever say, “Gosh , things are possibly looking good.”

      As the old Spanish saying goes, “The Devil seldom lies dead in a ditch.”

      Or, more to the point, to quote Ambrose Bierce, “Speak of the Devil and he’ll hear about it.”

      Sinister forces are at work, and the smell of Brimstone reeks from Redmond.

      O Tempora! O Mores! Back into the fallout shelter! (“Honey, where’s that tin of beets? I sure am getting sick of dried Venison…”)

      [Just thought some humor, even black, would bring some relief…it’s either that or it’s pitchforks and torches time…]

      Exploding-PC-small

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      Attachments:
      1 user thanked author for this post.
    • #362546 Reply

      anonymous

      Just had KB4493509 forced on my 1809 Home install ignoring metred connection.

      😐

      1 user thanked author for this post.
    • #363397 Reply

      phaolo
      AskWoody Lounger

      Ok, enough.
      I’ve updated Win7 till February plus the Servicing Stack and SHA2 patches.
      Seeing the quality of the next ones, I’ll postpone this PITA for a good while.
      At this point, I just hope that MS won’t leave Win7 in a broken status at the end of its support..

      • #373606 Reply

        anonymous

        I have done the same but I haven’t installed the “Servicing Stack and SHA2 patches” either.

        There might be worse coming in a “Sleeper” update. Time to be a spectator until after EOL.

         

      • #390264 Reply

        PKCano
        Da Boss

        As of July, the Servicing Stack and SHA-2 patches will become mandatory if you want to continue receiving updates through Windows Update. Microsoft is changing the way they deliver updates from using SHA-1 to SHA-2, which is more secure.

        • #433195 Reply

          phaolo
          AskWoody Lounger

          Ah PKCano, is there a non-buggy IE cumulative update after december 2018? (the last one I installed was KB4470199)

          • #433357 Reply

            PKCano
            Da Boss

            Check the Master Patch Lost (button in top menubar) for the past months.

            • #470905 Reply

              phaolo
              AskWoody Lounger

              Thanks but that just seems to lists the patches, buggy or not.
              Oh well, I’ll check the various patch articles.

              EDIT: I’ll probably install kb4486474

              • This reply was modified 1 month ago by
                 phaolo.
    • #380615 Reply

      Geo
      AskWoody Plus

      I did the MSRT update.  Never had a problem with them.

    • #399922 Reply

      anonymous

      Great and here I was planning on doing the update for April

    • #402063 Reply

      gngerlou
      Subscriber

      Where can I find a list of 2019 updates to Windows 7 Pro which are safe to apply?

      • #402086 Reply

        PKCano
        Da Boss

        The April updates are still up in the air. We are still collecting the casualties. So hold off patching any of April’s mess.

        For past months, there is Susan Bradley’s (Patch Lady) Master Patch List accessed by the button at the top of the blog in the gray bar. It’s sorted by months.

        You might read about out DEFCON System (currently DEFCON-1 designated by the big numbers at the top of the blog). You can read about it by clicking on the button in the top bar also. Basically, it says, don’t patch early after Patch Tuesday. Let others be the cannon fodder. When the DEFCON level is 3 or above, Woody publishes a guide in ComputerWorld with instructions for safe patching.

        1 user thanked author for this post.
    • #412706 Reply

      derma
      AskWoody Lounger

      I’m helping someone update a Group A laptop (Win 7, 64-bit) that hasn’t been updated since October 2017.

      This individual can’t handle any of the hiding/unhiding necessary in Windows Update to get the March 2019 monthly rollup to re-appear (because PciClearStaleCache.exe isn’t available in the April 2019 rollup).

      They can’t handle the Microsoft Update Catalog either.

      I’m going to send them the following files (downloaded from the Catalog) and get them to install as follows:

      • KB4490628 – Mar 2019 – servicing stack update – wait 15 minutes after install – REBOOT
      • KB4489878 – Mar 2019 – monthly rollup – REBOOT
      • KB4474419 – Mar 2019 – SHA-2 code signing support update – REBOOT

      I’ve read that it’s better to install the monthly rollups via windows update because the updates will be installed in the correct order, but if the rollups are cumulative, won’t they be installed in the correct order from the Microsoft Update Catalog also?

      • #412979 Reply

        PKCano
        Da Boss

        That is a start. They should set Windows Update to “Check for Updates but let me decide whether to download ans install” before they start.

        After installing the Rollup, wait 20 minutes after the reboot before installing the SHA-2 patch, or install both the Rollup and the SHA-2 without rebooting in between.

        Don’t install any of the April updates yet – there are too many problems with them.

        • #416586 Reply

          derma
          AskWoody Lounger

          I will get them to install the Mar 2019 monthly rollup then SHA-2 update then reboot, as you suggest.

          Thanks

    • #546937 Reply

      dmt_3904
      AskWoody Lounger

      Three update questions:

      I have set my connection to metered and have hidden updates, don’t see April updates yet.  Hidden: MSRT , Flash and 4023057.  I am concerned that MSRT will conflict with my security software – but I want to run it, I think it’s a good tool  – can’t find anything about MSRT potentially causing a conflict, any comments on if anyone knows if it will? I am running ESET NOD32.

      I don’t have Flash installed, don’t use it, ergo it’s hidden.  In general, is there any harm/issue with installing an update for something you don’t have installed?  I know Flash is a security risk, haven’t had/used it for a while.

      4023057 – I am waiting until I am ready to install 1903, am currently on 1803.  I read that Microsoft will allow 1803 users to choose what updates to install with an update to 1803 in May. So I plan to get that update (and will do April stuff too, once it’s ok), then will get 1903 in July, prior to expiration of 1803 support.  Putting it out here to the community to see if that sounds like a reasonable plan going forward for updates in the near future. thanks.

      • #547263 Reply

        PKCano
        Da Boss

        By default, Flash is included in IE11 in Win8.1 and Win10. It is on your machine and you do need to update it.

        MSRT should not cause a conflict, but it is you choice whether you run it or not. It runs once a month during the install in Windows Update.

        You don’t need KB4023057 to be able to upgrade Win10. For sure you do not want to install it if you do not intend to upgrade in the near future.

        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Cancel