MS-DEFCON 2: In anticipation of the July 2018 patches, make sure you have Automatic Update turned off

Topic

New Reply

Watch out for reports that Win7 users are getting coerced into upgrading to Win10 (again). And also be aware that your Alienware machine is now consid
[See the full post at: MS-DEFCON 2: In anticipation of the July 2018 patches, make sure you have Automatic Update turned off]

5 users thanked author for this post.

fernlady, jburk07, Elly, geekdom, Microfix

Reply | Quote

Replies

Article is live now at https://www.computerworld.com/article/3287912/microsoft-windows/make-sure-windows-update-is-temporarily-disabled-particularly-on-win7.html

6 users thanked author for this post.

AusJohn, BobbyB, jburk07, Elly, woody, PKCano

Reply | Quote

Hold on to your hats.

1 user thanked author for this post.

BobbyB

Reply | Quote

Hats? More like: “Buckle your seat belts… and make sure the barf bag is handy.”

2 users thanked author for this post.

WildBill, BobbyB

Reply | Quote

As Bettye Davis said,Buckle up, its going to be a bumpy ride

1 user thanked author for this post.

WildBill

Reply | Quote

I received today a patch (KB4022136) for Power Point 2010, 32-bit. It is unmarked with a tick in the Windows Update window, so I’m not installing it for now. But I am  wondering about this, because my machine is x64 (running Windows 7 Pro, SP1, Intel I-7 “sandy bridge”).

There could be a good reason to have an update for 32-bit software installed on a 64-bit machine, but I’m pretty sure that the Office 10 that came pre-installed with mine is for a 64 bit one. Is this a fluke and the thing to do is to hide the update? Perhaps this has happened before but, if so, I don’t remember it.

I would like to understand why this might have happened, so thanks in advance to anyone who does explain this little mystery to me.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

64-bit computers can run 32-bit and 64-bit programs. The later Office Suites (2016) are often 64-bit. But the most commpn installations of Office 2010 and before are 32-bit.

3 users thanked author for this post.

columbia2011, OscarCP, jburk07

Reply | Quote

@OscarCP yep got it here as well it appeared last week on Win’s 7 x86/32 x64 Office 2010’s x86/x64 Vers and machines machines both unchecked. I normally just leave it sitting there until it gets “checked”, no Howls of protest about it, or it disappears. If it remains more than a few months you may want to consider “Hiding” or “installing” but times generally a great healer with the odd Win7 update.

Reply | Quote

seems like Microsoft has updated their original post today that the 1803 block on Dell Alienware PCs was lifted.

1 user thanked author for this post.

woody

Reply | Quote

I have Windows 7 and, according to the Computerworld article, the recommendation is to have Windows Update set to “never to check”. I have had it always set to “check but let me download and install”. What is the problem with that and why is “never to check” a better choice? Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

In my experience the problem with keeping WU set to “check but let me download” is that you can be nagged by notifications to say updates are available long before you are ready to give them the time of day and the only way to get rid of the notifications is to download or hide the updates in question – when you may not yet be sure which is the best course of action. Now I keep WU turned off until we move to Defcon 3, at which point I usually know exactly which I want and which I don’t. And, since GWX, I sleep better with WU turned off.

6 users thanked author for this post.

jburk07, WildBill, Elly, woody, Bill C.

Reply | Quote

Thanks, Surfing Pensioner.

I don’t know how this might work in some other machines, but in mine (Windows 7 Pro SP1, x64) the notice appears very discreetly: just a very small box opens at the bottom of the screen at login time, only once per session, and vanishes as soon as I click anywhere on the desktop, so this does not bother me. But the first time the notice shows up after a while, and now and then afterwards as it keeps appearing when I start the daily session, I might have a look to see what updates are those. The rest of the time I click on the desktop, it goes away, and I move on.

So I’m still wondering if there might be other reasons, perhaps to do with security or as protection from some sneaky overreach from MS, perhaps another try at pushing people into the uninviting arms of Windows 10, or maybe something else altogether, for using a different setting than “check but let me decide”. I know that several people have posted here before that they use the setting to “never check.”

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

jburk07, Karlston

Reply | Quote

Hey, you never know: in Windows 10, checking for updates is, according to Microsoft, giving your full consent to have every update they have available to you downloaded and installed on your machine. Apparently it never occurred to Microsoft that “Check for updates” and “Download and install updates” were two different things.

2 users thanked author for this post.

Jan K., jburk07

Reply | Quote

leave it on “never check”. These nice folks here will let you know if you need it. Then you can install any update one at a time to make sure your machine is still functioning properly. Saved my hide when the “forced” update/upgrade to win10 started.

2 users thanked author for this post.

kiwisolutionz

Reply | Quote

I don’t remember the details, but have the general impression that the sneaky upgrade to Win 10 was when people clicked off a pop up window with an annoying message recommending that they update to Win 10. By hitting the usual button on the upper right of the window, and unknown to them, that action sent the message: “Yes! Please! Upgrade me right now!”  Wasn’t that something that happened only when people were checking for updates? I might be wrong here, but if one checks for updates, as eventually one should, I think that whatever problem with updates might be in the offing will present itself there and then, no matter whether one has had “check for updates” completely turned off until that very moment. Personally, I might be a crazy daredevil, which I really doubt, but have rarely bothered to click off items that show up in the list in windows update until just before installing the rest. I do invariably hide Previews and Rollups, as well as invitations to improve the quality of my experience by installing some “important” patch, leaving the rest well alone and “as is”. Until I am ready to do something about those, usually after paying close attention for at least two weeks from Patch Tuesday to the chatter online, for instance here. Which, asides for Office, the malware removal tool, the security only and E11 updates, are the only ones, with rare exceptions, that I ever patch, Group B style. Of course, not for a moment I think this makes my machine invulnerable, but this is my personal philosophy in a nutshell: we live as best we can and then we die. No need to make ourselves miserable along the way, for example by overthinking potential mishaps; misery will come to us in its own good time, never fear. If anyone sees a problem with any of the above (philosophical remarks aside), I’ll be thankful for letting me know. I suspect that might not be the only one here interested in reading your comments on this subject.

And my thanks to those that have already offered their thoughts on this matter: you are guardian angels, even without the corresponding benefits of harps and wings.

Windows 7 Pro x64 SP1, Group B.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

jburk07

Reply | Quote

So I’m still wondering if there might be other reasons, perhaps to do with security or as protection from some sneaky overreach from MS,

The latter is certainly worthwhile taking into account, but my main reason is why my pc should phone anywhere without me requesting it? Do not do anything unless I ask you to.

Switched to “Never check” some years ago when my online race at old Nurburgring was interrupted and ruined by a notification about updates… a search for updates generates a lot of disc activities and stuff is being both up- and downloaded. Never again going to happen without me asking for it.

Can’t think of even one good reason for not chosing “Never search”…

3 users thanked author for this post.

BobbyB, OscarCP, jburk07

Reply | Quote

Jan K,

“a search for updates generates a lot of disc activities and stuff is being both up- and downloaded.”

Thanks, that is a thought indeed. And to Elly too, who also wrote something similar here.

However, there are always several things that, looking into what is running at any given time on my PC, must be “phoning home” now and then also, because even when I’m not using any of my three browsers right then, the PC is always running several different IE11 jobs that are either live or on standby and I have no idea of what they are for, except that they are not mine. One of them ought to be Windows Update doing its “check and notify but let me decide” thing, but the others?

In conclusion, so far and given that: (a) because of what I usually do on my PC, I am not bothered by the announcement of patches being available to be installed (except maybe now and then, but very rarely), and (b) of all things that are more or less always “phoning home” or ready to do so on my own oblivious behalf, I believe Windows 7 “Update” is actually a helpful and harmless one (and I expect to hear the cries of anguish if it ever turned evil soon enough, with any luck, to change my approach quick smart), I think I’ll just let WU do that and not worry about it. Because, to tell the truth, I’m never short of things to worry about.

And, less importantly but still true: I am not very keen on waiting for “searching for updates” run its usually slow course.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The problem is that the recommended updates are automatically checked… Say you are notified and go in to Windows Update to see what is there, and uncheck them while you do some research on them… well, if you don’t hit apply, they will re-check themselves when you close Windows Update. Then, if they are not hidden or unchecked and applied hit correctly, they will install if your computer is shut down. Ever get distracted or have a power failure? At least that is what I think happened to me. Never had that problem with updates set to Never. And can always click search for updates when I’m ready to deal with them.

Non-techy Win 10 Pro and Linux Mint experimenter

2 users thanked author for this post.

OscarCP, jburk07

Reply | Quote

Today I got pushed kb4023057, I am on Win 10 1709. I have seen the same KB a couple of times before, weird.

Reply | Quote

Go into the Control Panel\Programs ans Features. See if it’s listed there (toward the bottom). If so, uninstall it

Reply | Quote

KB4023057 is a recurring update that recommends upgrading to the next version. Some say that it ‘pushes’ and / or, even “Forces” upgrades to the next version. As PKCano says, check your ‘Programs and Features” in Control Panel, and un-install KB4023057, and then install the Windows Update Show / Hide = wushowhide.diagcab utility to Hide kb4023057. Woody has really good instructions for wushowhide on page 2 article at Computerworld:
https://www.computerworld.com/article/3232632/microsoft-windows/how-to-block-windows-10-april-2018-update-from-installing.html?page=2

Be sure to read the “Previous” page 1 also.  Hope this is helpful.

Reply | Quote

Patch Day. Like Christmas, but the opposite.

LABS - a family friendly webcomic about scientists, robots and Wisconsin

5 users thanked author for this post.

seamonkey420, OscarCP, cesmart4125, Elly, WildBill

Reply | Quote

Usually “Check for updates but let me choose whether to download and install them” works fine. The only thing is when I start up or reboot, Windows has a message that says updates are available. Annoying, but harmless. When Woody issues a recommendation to turn Windows Update off (“Never check for updates”), I go into unnecessary Panic Mode. I have Windows 8.1, but it’s Always better to be Safe instead of Sorry. After all if Windows 7 users can be nagged about upgrading to Windows 10, it’s only a matter of time for Windows 8.1 to face the same thing. The fail-safe is there’s a button to click (“Check for updates”) whenever you’re curious. Curious is Good… Impatient to update is Bad! Turning off WU soon…

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

2 users thanked author for this post.

OscarCP, jburk07

Reply | Quote

woody wrote:

First, there are persistent reports (e.g., on Reddit here and here) that some Windows 7 customers are seeing messages bent on convincing them to upgrade to Windows 10.

A grand total of two on the same day doesn’t seem very persistent. Intermittent might be a better adjective, if any is necessary.

Reply | Quote

Those were examples, as opposed to a comprehensive list… and we, the people who don’t want W10, need to know what to be alert for.

Non-techy Win 10 Pro and Linux Mint experimenter

4 users thanked author for this post.

Kirsty, satrow, Microfix, geekdom

Reply | Quote

I continue to read of unwanted Windows 10 installation from earlier versions: first a trickle, then more. It’s a trend.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

This is the second week I’ve had to turn off and disable WU every day  — it’s being switched to ‘Manual’ and ‘Running’ on bootup (curiously, my wife’s machine, on bootup, is switched to ‘Manual’ but not to ‘Running’). Anyone know how to stop this bootup behaviour? (We’re running Windows 10 Home.)

1 user thanked author for this post.

HiFlyer

Reply | Quote

Win10 installs through Windows Update (if you don’t hide the patches with wushowhide) a “service” to return WU to Microsoft’s defaults, which usually means “all go whether you like it or not.” These are not part of the CUs, but separate patches.

See @abbodi86 ‘s description here.

Reply | Quote

Many thanks! But, but, but…the last patches I installed were KB 4093112 and KB4099989, both on 17 April 2018. Nothing since. And the aggressive re-starting of WU really didn’t begin until about two weeks ago — last week of June. So something’s hiding somewhere else…?

1 user thanked author for this post.

HiFlyer

Reply | Quote

Evidence:
Control Panel\Programs & Features – down toward the bottom a Windows Update (KB).
C:\Windows\UpdateAssistant and/or UpdateAssistantV2 folders
Task Scheduler under Microsoft\Windows\UpdateOrchestrator and WindowsUpdate – various tasks.

Reply | Quote

Many thanks again. I’ve done several thorough searches; found nothing that I can identify (quite a few registry entries; I can’t mess with those). Interestingly, my OS definitely doesn’t have an Update Assistant of any kind. My suspicion is that, ironically, this is precisely because a helpful Microsoft Level 2 tech reinstalled my entire OS from an ISO twice(!), last December and in February, and the Assistant just wasn’t included (?).  Of course, mine is Windows 10 Home, which may or may not be relevant.

Reply | Quote

What exact version (1607, 1703, 1709?) do you have as the older builds are now out of support for non Enterprise users.  The KB’s you cite are 1709 but I’d go into system/about just to confirm via eyeballs of what the system has.  Also you can jump over to a June update and manually download and attempt to install it.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I just ran Windows Update on one of my Win7 computers. I am not seeing any of this, perhaps because all of my Win7 computers are on Group B?

 

1 user thanked author for this post.

OscarCP

Reply | Quote

Gone To Plaid: “I am not seeing any of this, perhaps because all of my Win7 computers are on Group B?”

Quite! I have noticed that most complaints about Windows 7 updates here come from three distinct groups of users: (1) those who update the rollups (Group A); (b) those who update “Previews” as well; (3) those who are asking for help because they are technically naïve when it comes to dealing with their update troubles. Some from Group B as well, yes, but considerably less often.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Group A here, Windows 7 Sp1 64-bit. I just ran Windows Update out of curiosity. I did receive 2952664, which I simply hid as always, but haven’t experienced any other problems so far. I wonder if other things might have more to do with those old GWX-related patches. Careful reading of the posts here has kept my system out of the woods so far, even though I install the rollups. That being said, I think re-installing the GWX Control Panel won’t hurt!

Linux Mint Cinnamon 21.1
Group A:
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux, mostly offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux

Reply | Quote

Watch out for reports that Win7 users are getting coerced into upgrading to Win10 (again).

WHAT?

That… but we… I… WHAT?!??

Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

I don’t even feel the slightest need… will instead read some AskWoody forums! 😀

1 user thanked author for this post.

jburk07

Reply | Quote

I installed Never 10 by Steve Gibson when the nonsense first started to upgrade to Win10 without my permission which gives me peace of mind.  Also I took the great advice here and turned on Updates set to Never.  Thanks to all for this place of great sanity!!

1 user thanked author for this post.

jburk07

Reply | Quote

worried windows 7 user here, wondering if Woody’s Computerworld article from March 30, 2016 is still relevant?  https://www.computerworld.com/article/3049165/microsoft-windows/steve-gibsons-never10-vs-josh-mayfields-gwx-control-panel.html  Would the GWX control panel still be a good option to avoid win 7 to win 10 upgrade?

Reply | Quote

I used both just to be safe.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

1 user thanked author for this post.

jburk07

Reply | Quote

Jan K. wrote:

WHAT?

That… but we… I… WHAT?!??

Yeah, strange posts on /r/windows from several people.
Supposedly after removing GWX related patches, the upgrade prompt windows went away.
I saw a 3rd shortly after alerting Woody to the 2 I’d found, but I don’t have the link handy on that one.

It’s a small case sample, but it’s still a sample.
I’m actually eager to test this in my VM’s later to see if I can figure out the formula to the puzzle. Possibly coincidental, possibly not: my work machine installed good ‘ol 2952664 a few days ago; I’m surprised the WSUS team here has not blacklisted that update. Obviously it was re-released for the umpteenth time, and I’m a bit out of SCCM/WSUS visibility at this position, so the update may have sprung up again in there just like it typically does in the WU control panel, despite being previously hidden/unchecked. No wonder they keep modifying the update, which then sneaks it past the previous block attempts. Oh, Microsoft…. [rolleyes]

2 users thanked author for this post.

Microfix, jburk07

Reply | Quote

@zero2dash #201828 and #201982 for forced attempted updates.

Win8.1/R2 Hybrid lives on..

Reply | Quote

I found several posts about issues with installing KB4340558 (“2018-07 Security and Quality Rollup for.NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 under Windows 8.1 and Server 2012 R2 for x64”. It has error code 80092004. Error code 0x80092004 stands for CRYPT_E_NOT_FOUND,’The object or property was not found’. This indicates that something was not found within the package.
Original post – https://borncity.com/win/2018/07/11/net-framework-update-kb4340558-drops-error-0x80092004/
Be careful with installing.

3 users thanked author for this post.

walker, Microfix, PKCano

Reply | Quote