• MS-DEFCON 3: Get Windows patched, gingerly

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 3: Get Windows patched, gingerly


    It’s time to get caught up on your patching. We have a few outstanding major problems with the latest round of Windows patches. The worst is an ongoin
    [See the full post at: MS-DEFCON 3: Get Windows patched, gingerly]

    Viewing 379 reply threads
    • #35537

      Your definition of sets (group A & B) for dividing update preferences based upon the level of MS snooping the user is willing to tolerate, is a useful first start given the fluid informational situation. A real interesting question with respect to MS telemetry objectives would be namely, how dynamic will the intersection of the group A and B sets be over time? As you have already noted, MS is playing loose with what is a security versus non-security update. I would suspect that if too many people opt for only doing the security updates, the payload for the group B users will contain most of the telemetry they wanted to avoid. I don’t see this as avoidable given the behavior that MS has displayed over the past year. This is in no way a criticism; the framework you set forth is as good as any to frame the decision making process. Thanks for the effort!

    • #35538

      As an informational footnote, I installed KB3177225 on W8.1 X64 machine. Thereafter I manually downloaded and installed the hotfix patch, KB3187022, from the MS Update Catalog. [Please let me know if I edited this properly -WL]

    • #35539

      That’s a helluva good question – does Microsoft consider a “security” patch a viable target for more telemetry?

      I’m not sure we’ll ever know.

    • #35540

      Is there an up-to-date list of updates to avoid for Windows 7? It would probably be good for those of us who are in group B to get to a safe baseline on non-security updates before Microsoft goes to update roll-ups.

      Also, do you know what’s going on with patching Windows Enterprise? I can’t imagine that large companies will allow installation of patch roll-ups that are not fully documented. Is moving to Enterprise a way to stop the patch insanity?

    • #35541

      The correct KB is KB3177725 which caused the double print problem. The hotfix KB3187022 supposedly fixes the issue and does not replace the former patch within the installed updates.

    • #35542

      All I can say is that I have mixed feelings about the new update system… I’m more Group A, since I share your opinion about the MS snoop, I use both Chrome and an Android smartphone and that is already plenty snooping from Google there, so it’s really not bugging me… And needing to install less updates seems at some point really sweet, but on the other hand it means to sacrifice any ability to choose what is being installed… And there is where my Group B tendencies start…

      Well… Aparently it’s not a flexible matter of choice… So I’ll try to not worry about it now, one day at a time… And it’s time for August Updates…

      Right now, on my W7 Pro x64 system, I have 5 updates showing, 4 flagged as important and 1 as optional, they are KB3175443, KB3167679, KB3178034, KB3177723 and KB3179573. As far as the documentation for these updates tell they all seem quite straightfoward, except for the shadier “August Rollup”, which I’m not sure of it’s exact content. On your opinion Woody, are they all “safe” to patch?

    • #35543

      Your Group A recommendation for Win7 looks like a manual version of letting MS automatically update. Are you recommending this approach in case any updates turn out to be problematic? If this were to be the case, would we once again wait until the following month’s update to patch & do you anticipate this being patching one month’s worth at a time?

    • #35544

      Just now, I successfully installed the August updates on two Win7 computers. The first attempt at using Windows Update took more than an hour to check for updates and still had not produced any results when I ended the process, so I followed Canadian Tech’s instructions and downloaded and installed KB3172605 first, after which WU concluded the check for updates in about five minutes.

    • #35545

      It looks like you won’t have any choice about installing one month’s patches at a time.

      Yep, the Group A approach is to live with the cumulative updates – I don’t see that there’s any other option – but wait until they’ve had time to stew for a few weeks.

      Group B is very similar to what I’ve been recommending for months, although we no longer have to protect ourselves from the Get Windows 10 stuff.

      In both cases, I don’t recommend using Automatic Update. Far better to wait – unless Microsoft turns off that ability, too.

    • #35546

      If you’re OK with Group A, yes, go ahead and install all of them, including the August Rollup.

      If you want to hold out for Group B, only install the clearly-identified security patches.

    • #35547

      Surprisingly, it looks like Enterprise admins will be stuck with the same choices we have. They’ll use WSUS or SCCM or whatever – but they will be getting cumulative security updates, or cumulative security + everything else updates, all at a time. It’s going to make fixing Microsoft’s mistakes all that much harder.

      As for updates to avoid… man, that’s a hard question to answer. There are many, many blocklists on the web. I guess the one I’d look to first is this one:


    • #35548


      When you say : “There’s no way to move from Group A to Group B without completely re-installing Win7 or 8.1.”, do you mean :

      – moving from Group A to Group B would break your install or be impossible, or :

      – once you’ve gone Group A only once, there’s no way to kwnow what non-security, possibly telemetric “enhancements” you have accepted, and no way to get rid of them except by re-installing ?

    • #35549

      The latter.

      Group A and Group B are just my shorthand for the different paths that will be available. Any time you install a non-security cumulative patch, there’s no way to know what’s been stuck on your machine.

      (Cynics would argue, rightfully, that you really don’t know with the security patches, either.)

    • #35550

      So, is it not possible to block the snooping telemetry through a firewall?

    • #35551

      For Win 7 opting for Group A; under updates other then automatic there are two choices one says to Check for up dates but let me choose to download and install. the other says download updates but let me choose to install. Which do you recommend? The other question now that the free 10 offer is over can I now check the box “Give me recommended up dates the same way I receive important updates.”

    • #35552

      Yeah thats an awsome point i have wondered about that because the average security update never normally breaks the 1mb barrier just lately there have been a few hitting 3-4mb and a real dearth of smaller ones the other weekend on 10-8.1-7×64 more so on 10 strangely not too many on 7×86 its either a “rash” of viruses out there or M$ update “phobia” setting in, good article as ever.

    • #35553

      sound advice about the windows drivers 1607 update (running on test vhd here) has developed a taste for downloding the intel thermal framework driver here, which according to M$ is now a 3 part driver (hmmmm just a one shot deal from HP) which, you guessed it, flagged the devices in device manger bright yellow. So off to the driver back up stick, reinstalled life was good. Not to be out done so easily another alert “ohh what now?” a security update update with the accompanying yep 3 part driver again! well this morning win7 x64 seemed to want to get in on the act trying to update a perfactly fine wireless driver and another intel driver (just the one) all suitbly ignored, did they get a brand new shipment of Dvrs at M$ or somthing? well they can be a good source of Dvrs for older machines but cheerfully ignore them after your running to your satsfaction.

    • #35554

      This is all making my chest hurt. How about a “Group C” — checks emails first thing in the morning, then drinks ’till the sun goes down.

    • #35555

      So Woody…..you are now recommending that IF we are in Group A that we should install the “optional” updates now too. Right? If so then I have 14 outstanding “optional” updates:
      Are any of the above “optional” updates known to be avoided?
      Thanks again and thank you to your loyal posters who keep all us ordinary Joes/Josies who would be lost without you all and your knowledge and all your advice!

    • #35556

      Woody, hi —
      Do you really mean (I’m in group A of Win7) to install all the optional choices too, starting now?

      The instructions say:
      important updates are available.” Make sure all of those patches are checked (they should be). Then on the left, click Optional, and make sure all of those patches are checked. Click OK, then Install updates.

    • #35557

      In Nathan Mercer’s Aug. 15 Technet blog, he carefully avoided using the word “rollup” in connection with monthly Security-only updates. Unlike Rollups, Security-only updates will /not/ be cumulative, and you’ll be able to skip one or more months and then resume. Mercer specifically mentioned the ability to uninstall a Rollup, but when asked if Security-only updates can be uninstalled, he didn’t really quite answer the question. I hope that was an oversight, and that you will be able to uninstall Security-only updates.

      So, there will be “cumulative security + everything else” updates (monthly Rollups) but there won’t be monthly “cumulative security” updates. It all seems clear to me and I’m a bit puzzled by the confusion, but then again I *am* getting on in years 🙂

      It’s obvious that this new scheme can’t possibly accomplish the goal of eliminating patch fragmentation. There must be some other agenda.

    • #35558

      Dear Woody,

      I’m on windows 10 1511 fall version.

      You stated KB3176493 may be glitchy, and how to fix it if it is.

      What about the problems that came with KB3172729? Should we still install it?

      Are all the August Microsoft Office patches safe to install?

      These days there are so many large problems with the updates they can be devastating. And,the combination of devastation, and the timing is always an issue for me with major projects. I am sure I am not alone with this frustration, or sense of terrorism and fear I may not make deadlines and again end up in big trouble.

      The threat of zombies may not be real in our actual world, but Microsoft has become the creator of, or is the infinite source of zombies for the MS user’s computer world.

      Thank you for the update advice!

    • #35559

      RE: “There’s no way to move from Group A to Group B without completely re-installing Win7 or 8.1.”, I’m not clear on this either. Prior to October, one could presumably opt for Group A, but then revert to Group B by uninstalling the optional updates. Maybe that won’t be possible starting in October, but only if “non-security” updates can’t be uninstalled once they’ve been installed.

      Perhaps I’m missing something here; if so, please fill me in.

    • #35560

      Is there any security patch from August that is critical? I mean, can I wait on them?

      Does the IE security patch have any of questionable content added in?

      Anyway, to be honest I am seriously considering of having Linux on dual-boot and disconnect the Windows from internet. I am nervous about that as I never had a dual-booting before.

      Thank you, Woody 🙂

    • #35561

      Hi Doc,

      kb3175443 IE 11 – suggest you wait until September Patch is released – if no adverse comments – install. Have taken this approach for over a year with IE 11 security releases and never had a problem.

      KB3167679 Password Change Failures – MS state that there are still known issues with this patch. I installed 18th August and have had no issues. The choice is yours.

      KB3178034 Graphics – I always hide this type of patch and wait and see – not sure how important this is and so still watching.

      KB3177723 Daylight Saving Time – Install, there’s no risk. I installed 18th August.

      KB3179573 August Rollup – Optional. I didn’t install the May convenience Rollup KB3125574, nor June 3161608 (since withdrawn/submerged within July Rollup 3172605. These are all optional with little or no details of what they contain. As Woody has always suggested – don’t install optional patches.

      WU takes just 10 minutes when I bother to run it. I prefer using the Monthly Security Bulletins to evaluate my Patch List and then download from MS Catalogue. It works for me.

    • #35562

      I was more in group B. I have removed or not installed, and then hidden all the GWX related ‘updates’ and the known telemetry ‘updates’. Since GWX (the start of all this garbage) I have installed many of the optional or recommended ones that appeared innocuous. I did that on both my desktop and Lenovo laptop.

      I was burned on my Lenovo laptop by the KB3172605 (and its predecessor KBxxxx608, since withdrawn), as they broke some Intel Bluetooth drivers. Both were rollups, so the exact cause is not determined, but uninstalling the rollup fixed the issue. I tried the new updated BT drivers from Intel, but they created severe blue screens at boot, necessitating a rollback, so those MS ‘updates’ must be avoided at all costs. The updates are installed on my non-bluetooth equipped desktop with no problems.

      This moves me solidly to Group B. Since the cumulative MS ‘updates’ would refoist these assorted missing ‘updates’ on my machines, I have made my decisions. The desktop and laptop are both current with all the patches that are non-GWX, telemetry, or feature breakers. Both have Windows update now set from “Check and let me decide to download and install” to “Never Update”, but I have not disabled WU in Services.

      I will check out the September releases and install accordingly, and then go back to “Never Update.” As I posted the other day, I remain concerned that MS will ‘update and improve’ the WU client to eliminate any choices. I suspect they may even try to justify it as a “Security Fix” to eliminate fragmented patching and open vulnerabilities. I figure if I can think of that justification, MS surely is planning it.

      Update: Only 2 Win7-64 Pro machines left – gaming desktop and photo editing/GPS mapping laptop. All others are now running Ubuntu Linux LTS versions.

    • #35563

      This was all foretold as long back as 1984. Skynet. Judgment Day. And if you say no to the big scary guy offering updates, you will hear “I’ll be back”. And you can count on that. I had already decided to install everything – Important, Recommended, Optional – from Windows Update. But I always, always, always take a system image backup before to give me a restore back option. And I will always wait at least a couple weeks after any new updates appear to see if problems with them are reported. So, in summary, Group A, wait at least a couple weeks after updates appear, and always make a system image backup before installing new updates.

      Windows Update – can’t be bargained with, can’t be reasoned with. Doesn’t show pity, remorse, or fear. And it will not stop…EVER.

    • #35564

      What about KB3139398 and KB3177725 – both of which I still have hidden? I’m leaning towards Group B for now.

    • #35565

      Follow the instructions. If you have anything hidden, unhide it. You won’t be getting any “Get Windows 10” nagware, and the rest is debatable.

    • #35566

      That’s certainly a reasonable approach.

    • #35567

      A bunch of the “hide” patches have disappeared after GWX was over. The only ones I’m seeing now (and not consistently on all machines) are:
      KB2952664 compatibility
      KB3021917 telemetry
      KB3068708 CEIP
      KB3080149 telemetry


      KB2976978 compatibility
      KB3044374 enable upgrade
      KB3068708 CEIP
      KB3080149 telemetry
      KB3140185 anytime upgrade

    • #35568

      I haven’t seen anything critical, if you don’t use IE. But you should get patched because you never know.

    • #35569

      I’m sure you’ll be able to uninstall the latest non-security rollup. I’d be surprised if you can go more than one level back.

      ‘Course, we don’t know.

    • #35570

      You should install KB3172729. If there’s a potential conflict, it should refuse to install. See https://support.microsoft.com/en-us/kb/3172729 – and yell if you learn differently!

      The August Office updates look good to go.

    • #35571

      Yes, if you’re in Group A, go ahead and install everything. The Get Windows 10 threat is over. The only other crap floating around is additional telemetry. (The make-it-easier-to-upgrade-wo-Win10 patches should be going away, by and large, although they may have other benefits – thus I suggest you install them.)

    • #35572

      Yes, that’s right. If you’re in Group A, install all of the optional updates. See my note above to Gideon.

    • #35573


    • #35574

      See the tab at the top of this page marked Automatic Updates, but the short answer is to set Check for Updates to “Never” or “Warn but let me decide.” It doesn’t matter what you have for the “Recommended” checkbox, because you’ll be manually approving every update.

    • #35575

      I’ve seen a lot of people try – and don’t know of any real successes….

    • #35576

      I know this may sound dumb but, how in the world do even find anything in that Microsoft Update Catalog mess. I mean sure, I found the malicious software removal tool, but that’s it, no cumulative ie update, and no security patches, & I was looking under Windows 7.

    • #35577


      Not completely ok, but already had the last rollup update and it was working aparently ok here I gave it a shot, let’s hope for the best.

      @Old Dog

      Thanks for the reply mate, a couple hours ago I just thrown all 5 updates inside my machine… I was insecure about both the rollup and the graphic component updates, but tomorrow I’ll be going on a trip, so I decided it was better to keep it up to date, since I don’t want to deal with it while I’m out. Also, the feeling that it all may be bundled up to me at a later point kinda pushed me to this decision… Again, hoping for the best…

    • #35578

      Sorry nope. Both my 7 and 10 systems are not updating at all and there is a place of my body satella can kiss.

    • #35579

      The people I helped get through the GWX push are the “average User” who just USES the computer. They will be put in Group A. What I have been doing to get their computers to some state of normalcy is:
      Setting “Never check for updates.”
      Unhiding the updates that were hidden during GWX.
      Checking the “Give me recommended” box.
      Fixing WU with a manual install.
      Searching for updates.
      I install everything that is CHECKED. (I figure if MS thinks the things that are unchecked or not “recommended” are important, they will roll them up or check them anyway).
      Then I put WU on Automatic.

      The way I figure it, the security patches are particularly necessary for that group of people, and that is the only way their computers will stay updated.

      As for me, I’m not sure which group I’ll choose yet. I do know, if I choose Group A, I will continue to use “Let me choose” (for as long as it lasts) so I can see if the patch (singular) causes havoc before I install. Otherwise, it will be “Never check” or kill the WU service until the dust settles and a fix is available.

    • #35580

      For the past year I have hidden patches; The Win 10 nagware and ALL optional updates. Does this mean that I should unhide and install all those fragmented updates? (sorry I am not tech savvy. I hope I make sense).

    • #35581

      No, not cynics, realists.

    • #35582

      Do you consider yourself “Group A” or “Group B”?

      If you’re more inclined to “Group A,” yep, go ahead and unhide everything. You’re going to be getting it all in October anyway.

    • #35583

      It’s a mess. Why do you bother? The Catalog’s only good if you know a specific KB number, IMHO.

    • #35584

      Most of the updates that came with the GWX era have disappeared. The only ones I have seen lately (and not consistently on all machines) are:

      KB2952664 compatibility
      KB3021917 telemetry
      KB3068708 CEIP
      KB3080149 telemetry

      and Win8.1
      KB2976978 compatibility
      KB3044374 enable upgrade
      KB3068708 CEIP
      KB3080149 telemetry
      KB3140185 anytime upgrade

    • #35585

      Luckily ‘Canadian Tech’s’ fix worked & I managed to get the august updates in through Windows Update.

      As for Microsoft’s Update Catalog… I can so see that going the way of Windows Journal, unless Microsoft does a full revamp of the thing.

      And if Microsoft decides to sneak more Win10 ‘crudware’ into updates, they are in for a nasty surprise… My GWX control panel is still fully armed.

    • #35586

      What else that is in the optionals is drivers that break your machine, Skype, Silverlight. Do you REALLY mean to install ALL the optionals???

    • #35587

      And all the language packs

    • #35588

      After manually checking and installing my August Win 8.1 updates, I noticed that the list of installed updates did not include KB3172729, which I had specifically checked for install. Interestingly, KB3173424 (the non-security SSU) which I had NOT checked was installed. Apparently WU sensed that the prerequisite for the former was missing and automatically installed the latter. On my second attempt KB3172729 installed without issue.

      All this windows update stuff is making my head hurt!

    • #35589

      OK, I would believe with the right IP tables, and a good appliance firewall, one should be able to, but if you think it is not feasible…

    • #35590

      from what I recall reading, at least on Win10 machines, some of the telemetry is sent via encrypted connections that bypass normal measures

    • #35591

      @Woody: Would it be okay to install the updates I have pending now for August using the method I always use, and get everything set up to start with the September updates?

      I’m not certain about going into the (Win 7) Updates to make the changes you have set forth. This will give me time to search for some of the hidden updates before I try to start anything as well.

      Afraid I will make an error, and I need more time as the September updates will be out on the 13th. There are a few updates which have been hidden that had problems in the past too, so need to be careful, and it’s confusing. I would opt for Group A. Thank you for your help. 🙂

    • #35592

      Thanks for the quick response Woody. I guess I lean “Group A”. I just finished unhiding/restoring all hidden updates. It took a little while, buy my computer did not explode. So that is good!

    • #35593

      I am Group B2, uncheck everything and wait until security patches have been shown not to break s***. THEN install security fixes.
      But not because of snooping, just because of Microsoft’s total lack of quality control. If we are getting omnibus updates, a legitimate security fix for a Windows vulnerability could break a totally unrelated component simply because the fixes will all be lugged in together, and you can get Microsoft only tests their fully-patched baseline for problems.

    • #35594

      My advice is based on Woody’s statement that MS has not improved Win7 in any meaningful way in years. I see that as the end of 2014.

      When I rebuild a system to SP1, when I get the list of proposed updates for Windows, I simply click each of the proposed updates that are NOT labeled Security to see the date on the right of the update. If the update has a date before 2015, I accept it. All non-security updates that are dated after the end of 2014 are hidden (not used).

      I have been doing it this way for many months now. Not a single one has seen the dreaded Win10 mess and runs just fine.

      For monthly updating, the following is what I suggest:

      Set WU to NEVER and leave it that way.
      One week after Patch Tuesday, start WU.
      When you get the list of proposed updates, hide every single update that is not labeled security in the Windows section
      Proceed to update

      This technique has been in use by my 150 client computers for about a year now.

      My plan would be in group b.
      I am considering the possibility of never again using WU and disabling it forever.

      I suspect the risk of spoiling a well running reliable Win7 system with MS fumbling, bumbling, and destructive updates may be greater than sacrificing all of their updates.

      I am going to wait and see. For sure we will do nothing in October. All systems are already updated according to this process and the one described on my thread
      http://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-solution/f39a65fa-9d10-42e7-9bc0-7f5096b36d0c And what I just described. We will be doing September the same way, guessing that the same KB is required to make it work.


    • #35595


      Nathan Mercer DID actually refer several times to the non-security patch-group, the one that is not cumulative, with the term “rollup” in that Q&A you are referring to:

      “We are purposely releasing Security-only as a rollup but not cumulative like Monthly rollup is.”

      He also referred to the non-security group-patch (that will be distributed on the third Tuesday of the month), which he said will also not be cumulative, as a “rollup”:

      “…we will also release a new rollup on the third Tuesday of the month, containing only new non-security fixes.”

      Therefore, I don’t think there is any special meaning to draw from his use of the term “rollup”, since Mercer used it for all three of the monthly patch-groups during that Q&A: for the two non-cumulative patchgroups, and for the one cumulative patchgroup.

    • #35596


      Regarding being able to uninstall a rollup, he said,

      “Organizations can always uninstall offending updates”

      “Q: If an installed Monthly Rollup causes problems due to the inclusion of a faulty patch, am I correct that I will be able to remove the entire Monthly Rollup by uninstalling it? A: this will function exactly the same as it does today.”

      “Individual fixes contained inside a rollup patch cannot be separately uninstalled, but the rollup patch can be uninstalled.”

      “you can still uninstall a rollup patch, its the entire rollup patch, not individual fixes included in the patch.”

      So it seems, to me, that he is saying that the rollups will be able to be uninstalled. He did not say “only one type of rollup will be able to be uninstalled”.

      What might have caught your eye was how he answered this question:

      Q: “When the Monthly rollup is installed. Will there be the ability uninstall the Security-Only update for that given month?”

      A: “Monthly rollup and Security-only update are 2 separate releases. If you install Monthly rollup you can uninstall Monthly rollup, but not the individual security patches contained inside the Monthly rollup.”

      I don’t think that he was trying to intimate in that answer that if you install the security-only update, you will not be able to uninstall it later.

      Rather, I think he was saying that if you install the Joint security and non-security rollup that you cannot later decide to uninstall only one half of it (either just the security half or the non-security half), but you have to install all of it.

    • #35597

      Hi Woody – I’ve decided I’m in Group A.

      One question….. one of the Important updates I have is “Office XP Service Pack 3” (52.3MB) under the heading “Office 2002/XP”.

      This update has been in my list for over 12 months (2 years?), but just won’t install. I’m running Office 2007 on Win8.1 x64.

      Do you have any suggestions on how I can either install this, or “make it go away”? Or do I just continue to ignore it?

    • #35598

      One of the problems with their approach in introducing this new system (which doesn’t seem to be very thought-through on a number of levels)
      is the inherent lack of clarity in the terminology they are using to describe this new malarkey.

      Mercer’s term for what I am calling the Joint security and non-security patch rollup is:
      “Monthly rollup”.

      Well, that’s as clear as mud because they are going to have 3 *monthly* rollups: Joint security and non-security, Security-only, and Non-security only.

      Monthly in the sense of “introduced once a month”.

      Maybe in Mercer’s thinking, because the Windows Update way of installing updates is only going to be offered the one Joint rollup each month, that is called the Monthly rollup because it’s the main star of the show (and it is the only rollup that most average Microsoft customers will ever see or know about).

      The other two rollups will be directed towards organizations, IT professionals, and people in-the-know like us Woodyites 🙂 ,
      and will not be available through Windows Update,
      but it will be available through some other Microsoft downloading voodoo that I haven’t become aquainted with yet.
      [Yes, Woody has described it before, so just have a look around and you’ll be able to find more info about that manner of downloading Windows updates!
      Woody will be describing it again, hopefully, in October, unless at that point he decides to sail off into the sunset with his merry Group A acolytes and says “Sayonara” to us Group B’s. 😉 ]

    • #35599

      Woody thanks a million for all your invaluable advice over recent MS troubled waters. I have decided to again follow your lead and meekly accept Group A. All this MS tomfoolery has got to the point where I am about to dump MS and just rely on Google based tablets and smart phones that I already own and use.
      I have used MS since DOS times and “the too big to fail” comment keeps ringing in my mind. Recall Kodak and Nokia!!!!
      October may well be the camel that breaks the straws back.

    • #35600

      Haven’t there been a small number of patches that are on a lot of the to-be-avoided patch lists that people have compiled since May 2015 that are defined as “security” patches?

      If there have been warnings about a patch (that have been relatively-widely discussed and agreed upon on the various internet sources I have consulted about this issue of telemetry-and-Get-Win-10-patches-to-avoid),
      I haven’t paid too much attention to whether that patch was called “security” or not when I decided not to accept it,
      because I haven’t trusted MS to keep a purist attitude towards these arbitrary naming conventions/definitions when everything else they are doing has been loaded with spin and obfuscation.

      This is one of the reasons I’m seriously thinking of not downloading any patches/rollups after September.

      I suppose that would mean I’d be in
      Group C, or perhaps it will be called Group B2:
      people who have stopped accepting updates entirely,
      due to well-founded fears about
      1. telemetry/data-snooping/data-collection
      2. operating system assault; being forced to move to Windows 10
      3. mistakes and errors within the update rollups that could screw up the hardware or the software, and which might be so complex that fixing the machine is difficult or impossible for the ordinary customer.

    • #35601

      Old Dog, in order to get your Windows 7 Windows Update to only take 10 minutes when you run it, have you had to install any “magic” patches since mid-July, such as Canadian Tech’s solution for speeding up checking on patches which Woody has recently endorsed?

    • #35602

      @Woody, I am not sure, but I don’t think that you mentioned in your blogpost’s main instructions above that folks should unhide all patches now — but is that something that everyone should do now?
      (Since according to Nathan Mercer, the Rollups system that starts in October will not offer people any new patches that require as a prerequisite any kb updates that those people had put into the “hidden” section of Windows Update prior to October.)

    • #35603


    • #35604

      By my interpretation of what Nathan Mercer said ( https://www.askwoody.com/2016/the-fallacy-of-fragmented-patching-in-win7-and-8-1/comment-page-2/#comment-97339 ),

      Woody’s Group A could choose to accept everything Microsoft wants them to accept (become “compliant”/drink the Kool-Aid) via 2 different paths:

      Path 1: Install the monthly Joint security and non-security rollup, which Nathan Mercer confusingly calls the “monthly rollup”. This rollup has all updates, both security and non-security, and it’s also CUMULATIVE. So you can uninstall the last one that you installed, but you won’t be able to install several months in a row, such as October, November, December, and January, and then decide in February that you want to uninstall November’s rollup from that string: you are stuck with everything up to January.
      However, maybe you can uninstall November, December, and January if you really need to get November’s patches off your machine — I expect they will have to allow people to do that?

      Path 2: Do not install the Joint rollup, but instead install the other 2 monthly rollups, the Security rollup (available on the 2nd Tuesday) and the Non-security rollup (available on the 3rd Tuesday).
      Apparently, neither one of those is cumulative.
      So you have to do both of them every month continuously in order to replicate what the other people in Group A are getting when they do the Joint monthly rollup.
      But the good thing about doing the 2 non-joint, standalone rollups is, you can skip a month of one or the other (for example, if there is a patch within a particular rollup that concerns you) and be allowed to keep going forward with installing new non-joint rollups in future months — at least, this is what Nathan Mercer implied in his Q&A.

      If I were ever to be in Group A —
      and I don’t think I would ever choose to be, but I am considering putting one of my relatives in Group A because there’s no way that they are going to be able to handle the complexity of going off-grid —
      and if there were a choice in the matter between doing the cumulative joint security + non-security rollup versus doing the two non-cumulative security + non-security rollups each month in order to get the very same constellation of patches either way,
      I would feel much more secure in taking the 2 “half” rollups every month and not letting Microsoft do anything that is “cumulative” to my machine. (Especially because eventually they are going to plug into your computer the past patches it was missing from the “kb” updating days.)

    • #35605

      It’s not clear how they’ll handle prerequisites. That said, yeah, you might as well unhide all of your hidden patches.

    • #35606

      You can try to install it, but if it doesn’t install, don’t worry about it.

      I assume you aren’t using Office XP….

    • #35607

      Sure, if you normally install security patches and pass over non-security.

    • #35608

      Ooops. I need to backtrack a bit.

    • #35609


      I don’t know if my interpretation of the 2 different paths that Group A might be able to follow is correct, but it is here:

      (at least I think that’s going to be it; the comment is still in the approval queue, but this is the comment number that has been temporarily assigned to it):


      I have a relative I’m going to have to put in Group A, as there is no way I can hold their hand enough to be in Group B, but I’m going to try to keep that computer a bit less-enslaved by each month by pushing it down the non-cumulative fork of Group A rather than the cumulative fork.

      …I do not know if my interpretations of Nathan Mercer’s utterings are correct or not, but I’m just trying to grope my way through this like all of us are. 🙂

    • #35610

      @Woody and @Canadian Tech,

      Canadian Tech wrote, “I am considering the possibility of never again using WU and disabling it forever.”

      I am thinking of doing the same — would people doing this be in a Group C?

      Or Group B+? B-?

      Group T (for tinfoil)?


    • #35611

      @Woody – no I’m using Office 2007 Ultimate

    • #35612

      Yes, I have read that as well.

    • #35613

      KB3187022 completely replace KB3177725

    • #35614

      Hi poohsticks,

      No. I just so rarely install non-security patches, that I assume it was one (or several combining) that caused the problem in the first place, but thankfully they’re not installed on my m/c.

    • #35615

      Hi Frahalean,

      Woody is correct – you need the patch number. Try starting with the Monthly Security Bulletins. There really aren’t that many. Isolate those impacting on your m/c, then use the Catalogue to follow up the patch number.

    • #35616

      @Woody, I have to disagree that we did not get new features in years. We got lots of Windows Update clients starting with June 2015 coming with new Group Policies, used by GWX Control Panel. Anyone remember that software? It’s been so long since then…
      And we had the mother of all new ‘features’, transforming your PC into a phone, Windows 10 🙂

      Seriously now, I think .NET Framework 4.6.1 was the last major new feature for Windows 7, and even that one can easily be ignored on the condition that .NET Framework 4.5.2 is already installed, this earlier version may even prove to be more reliable after all.

      We are in extended support anyway and it is expected not to receive new features for Windows 7.

    • #35617

      There are probably a few people like me who are in Group C – they don’t use Google and are very strict on privacy. The new updating system for Win7 is not for me, I fear. I’ll try using the security-only updates (with a delay) for a while and see how it goes.
      In the meantime, Linux is being installed on one machine as a trial. For those like me who have been exclusively MS for a long time (since DOS 3.0!), the learning curve with Linux is steeper than you might expect. Give yourself plenty of time to set it up and get used to it.
      As always, many thanks for your work that is so helpful.

    • #35618


      I agree. At least the “half rollups” method gives me some sort of control. Time will tell.

      However, when you currently uninstall a patch, it reappears on WU, and so you will need to then “hide” said offending patch.

      Have a feeling that MS will remove the cumulative patches from MS Catalogue once they are consumed within the following months’ patch. May be prudent to keep a copy of (at least) the 1st two-three months’ cumulative patches to give yourself some options downstream.

    • #35619

      Hi Karen,

      The 1st patch in your list KB3087709 is not in the catalogue. If you meant KB3080079 – then it’s safe to install (RDS support).

      The others are all harmless enough and may do you some good, although I would still not install but keep hidden:

      KB3118401 – lets Win 10 Universal Time apps run on Win 7
      KB3138378 – replaces Win 7 Journal app with Win 10 version
      KB3161102 – ditto
      KB3172605 – July Rollup
      KB3179573 – August Rollup

    • #35620

      🙂 Yep.

    • #35621

      Then you probably have some utility that’s marked as Office XP based. Try to install it, and if it gives you any problems, fuhgeddaboutit.

    • #35622
    • #35623

      @poohsticks, @PKCano:

      Your relative is very fortunate to have your help.

      I think I am going to lose (what little I have remaining) my mind. The more I read the more confused I become, and now I can’t even sleep at night. It is definitely adversely affecting my health. 🙁

    • #35624

      I have that in mind which is why I searched for “Group C” on this page before innovating myself.

      I’m not cynical but frankly between a Group A (all) and a Group C (nothing) not sure where the Russian roulette would be less favorable : that’s where Group B pops in, pertinent. But pertinent to what point? Still a roulette with better odds or zero risk?

      One thing is sure, it’ll be between B and C.

    • #35625

      I don’t know. I just don’t know any more. All this nonsense is killing me, and I’m only 33 …

      If only MS would deliver an OS I’d actually want to use, everything would be all right. I’ll take Win10, without the telemetry and privacy violations, just give me choice about the updates, dammit.

      Guess it’ll continue to be OS X–er, sorry, “macOS”–for the future, with an XP VM for the few Win32 applications that I need. It works, but for various reasons (Apple’s declining quality control, being primary amongst them, but also privacy issues of their own) I would like to cross back to Windows where, once upon a time, both quality control and privacy were at acceptable levels. I can’t while this malarkey continues. No, Linux isn’t really a choice with the current state of their accessibility tools.

      Maybe I should just surrender. It would be so much easier that way. But I’d rather not …

    • #35626

      I see a bit of a problem since a regular consumer would have only option, and that is Group A.

      Microsoft’s annoucement was that security only hotfix is available for people who are behind a WSUS Server. Since us as simple consumers don’t have this option 99% of the time, there is no option for us to select Security Hotfix only since the KB in WU Client will contain both security and non-security fixes.

    • #35627

      I’m all confused. I have Windows 7 on my laptop. I ran the updates today from August”s black Tuesday and all seems well.
      I usually do what you recommend so I will probably go with Group A reluctantly.
      Should I go back and unhide all the recommended and optional updates I have? There are 24 of them and run the updates or leave them hidden and unchecked?
      What should I do with the setting”check for updates but let me choose whether to download and install them”? Should leave it like that or change it?
      Final question I hope. When will this go into effect? With this months “Black Tues” on 9/13 or the following month in OCT?
      Thanks a whole bunch

    • #35628

      I would tend to view the distinction between Group A and B as a grey zone in the case of updating W7/W8.1 OS systems. Those folks that decide to do only the security related updates going forward are not very likely to be missing any OS feature or reliability improvements that would noticeably improve the user experience. They are most likely missing the expanded telemetry (phone home) channels that would make their OS a little more W10 like so that the Redmond data mining machine gets fed. The malarkey about patching fragmentation does not strike me as a major concern in that most MS patches that cause problems do so because of what I perceive as poor quality assurance testing. Some of the problems we have seen in the past year just leaves me wondering how the update ever got out the door. Be assured that the highway MS is designing only leads to W10 adoption or the abandonment of Windows as your primary PC OS.

    • #35629

      I decided to talk this over with all our users. We only have one user on W10 and the remainder are W7 PCs of various vintage and application mix. We have a variety of connected peripherals.

      The decision was unanimous for us –
      disable Windows Update on all W7 systems at the end of September and install the monthly security-only updates from the MS Update Catalog. We will then monitor the situation over the next few months. We can always turn WU back on if the decision proves to be the wrong one. The other options (as we see it) does not afford us that.

      The separate bundles and out of band non-security updates that come down via WU can be checked out on our test system. Hopefully the documentation will be useful (don’t laugh).

      I wonder if MS will eventually merge some of those separate bundles that get delivered via WU. I can see the NET and IE bundles not remaining separate. Most of those updates are security only related.

    • #35630

      Well it looks like Win7 is now defunct since I cannot control what I allow on my machine.
      I have been dual boot with different linux distros for the past year, so far I can do everything save a few win only programs…ms access, vcds (for car), and some assorted outdated software. Internet access not necessary for those. I may consider the group B….however most likely group F (finished with ms updates)
      I do appreciate all the hard work and info that you and everyone has contributed…I will stop by and see what is happening, possibly reconsider my position.time will tell.

    • #35631

      Welcome to Group B!

    • #35632

      Other than the obvious with regards to patching Win7/8.1, the footnote is also a very good tip for driver security.

      Use the OEM/ manufacturers drivers, have previously ran into problems with Microsoft drivers and can be a potential pain to rectify.

    • #35633

      The changes take effect in October, although we’re seeing preliminary signs of it right now (patch rollups).

      If you’re going with Group A, yes, go ahead and unhide anything you’ve hidden.

      Stick with “Check for updates but let me choose” or move to “Never check.” Looks like there won’t be any difference.

    • #35634

      I’m essentially a *Group A* person. I have installed all critical and recommended (have a check mark) update over the last couple years that I have had Win7 installed.

      I have not installed any optional (non-checked) updates, and no drivers of any kind.

      I have 92 *optional* (unchecked) updates that have been showing up every month for a long time now. I have just ignored them.

      If I’m reading your advice correctly, as a *Group A* person, I should now go and check all those *optional* (unchecked) boxes, and let Windows Update install all those updates.

      You made this comment here: http://www.askwoody.com/2016/ms-defcon-3-get-windows-patched-gingerly/comment-page-1/#comment-97548

      “Ooops. I need to backtrack a bit.”

      But, I never have seen a *list* of optional updates that you have backtracked on! It’s so hard to know which updates are okay or not–the various lists are all slightly different–depending on the point of view of the list maker.

      Does it even matter? Are all these current *optional* updates going to be in the future cumulative updates anyway?

      As always–thanks Woody for your ongoing input and insight into all these issues.

    • #35635

      I rolled it into the original post. I backtracked on installing Silverlight (you don’t need it) and Skype (which I haven’t seen in the update list recently). You also don’t want any driver updates, or any more language packs (which are only on Ultimate, I think).

      I hope and pray Silverlight and the driver updates aren’t included in future cumulative updates.

    • #35636

      No, the security-only update is available to anyone. It’s going to be harder to install, but MS has made assurances that’ll be an option.

    • #35637

      Yes it is, but not via WU Client.

      “Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update.”

      As such, Group B users need to either be behind WSUS or download the security only patch from the WU Catalog. Which is an extra step compared to the rules proposed above for Group A and Group B.

      Without this extra step both categories are equal since the selection in WU Client will only have the full roll-up of both security and non-security hotfixes, and this is why I consider that as a consumer, I don’t end up having much of a choice by being Group A or Group B, since relying only on the settings for WU Client will lead to identical results from my point of view.

    • #35638

      Indeed. Ms has not been able to force w10 on everybody so they decided to do force it via cumulative updates u cannot block.

    • #35639

      May be slightly off topic, but it is a security concern. I just recently received kb915597, and because of all of the update issues, I figured I should look it up. Turns out it’s been freezing PCs for the past year, so I decided against taking it. Will it be necessary for Group A? I’m ending up on the Group B side, but I’m just concerned if I take a security update, that will get thrown in and cause me a headache. Either that or I’ll have to take it first beforehand.

      Not really sure what to do anymore now that things are different. Shame MS is moving over to this format.

    • #35640

      Well, this sucks. Just tried to install the August security updates on my Win 7 SP1 x64
      workhorse PC, and something went horribly wrong. The computer is stuck in a bootloop. Can’t even get it to boot in safe mode. Tried using install media to use system restore, but that keeps crashing too. Tried to use wusa from the command prompt to uninstall latest updates but that crashes with catastrophic errors. Looks like I’m going to have to restore latest full image backup with my Macrium rescue disk, after I copy all files newer than the backup to someplace safe. Going to be a long Labour Day this year…

    • #35641
    • #35642

      “I hope and pray Silverlight and the driver updates aren’t included in future cumulative updates.”

      What’s the problem? I thought you Group A types have already decided that MS knows best and that resistance is futile. Snicker, snicker.

    • #35643

      @woody: Windows Vista will still be updated the old fashioned way and not follow the new cumulative update model for Win7 & Win8.1 in October 2016. Someone at MS had confirmed this here:

      Quote from Nathan:
      “we don’t currently have plans to extend the Rollup servicing model to Windows Vista or Windows Server 2008. We continue to consider changes to Vista/2008 but technically there are complications that will make any changes on those platforms more challenging.”

      So the silver lining for Vista users is that they’ll continue to be offered individual patches until extended support ends in April 2017, at least that’s how I see it.

    • #35644

      @Woody: Can you define in what manner the “security-only” update will be harder to install?

      There is so much to consider in making the “final” decision about this issue – – – it is very important that a user selects the proper Group (A or B).

      Thank you for all of the information you, and others in the group are providing. Tremendous amount of additional work.

    • #35645

      I have MS Office 2010 and have gotten updates for it since it was installed on my Win 7 computer. Earlier this year I stopped the “recommended” updates and now get only the “Important” ones – which contain the Office updates too. I’m assuming the Office updates are okay to install.

      Do you have any idea where the Office updates will go after September? I’m hoping they stay with the Important or Security updates where they’ve always been. Wishful thinking on my part.

      Being 20 something in the 70's was much more fun than being 70 something in the 20's.
    • #35646

      Included in my important updates is KB2673774 – Bing Bar 7.1 published 8/29/2012. I have left it unchecked for years and plan to continue to do so. I seldom use Internet Explorer.

    • #35647

      Microsoft’s approach to updates reminds me of the Borg in Star Trek, “Resistance is futile.” Nonetheless, I’ll probably stay in the B to C camp until the cumulative updates shake out a bit. I’m almost inclined to simply shut down WU for good.

    • #35648

      What does concern me with this stupid idea of cumulative updates is that if there’s a troublesome update then you have to halt all updates permanently

      To give an example, KB3121461 causes a sfc /scannow failure on my system. I’ve seen others report it as well but it only seems to affect a small number of systems (I suspect maybe some Asus motherboards but I’m guessing here). Most pc’s it seems to run okay on but not mine.

      So in effect come October I’m faced with the prospect of either not patching ever again or patching and knowingly accepting that it may permanently break the O/S.

      I don’t expect MS to give me any special consideration but neither do I expect them to ram a faulty security update down my throat.

      I’m really not sure if it’s outright stupidly by MS, though it seems that maybe they just enjoy punishing their users.

      Definitely group B for me and maybe not even that.

    • #35649

      That’s a great candidate for passing over.

    • #35650

      I haven’t a clue about Office updates.

    • #35651

      We don’t know the details yet, but apparently “Group A” can continue to get updates through Windows Update, while “Group B” will have to manually download and install the month’s updates.

      Of course, that’s a wildly optimistic view of things, considering how many different updates will be available. How it’ll actually work in practice is anybody’s guess.

    • #35652

      I think you’re right, but that’s going to look mighty awkward – KBs for Vista, not for Win7.

      On the other hand, Office will probably go that way for a while, at least.

    • #35653

      GACK! Stabbed to the heart.

    • #35654
    • #35655


    • #35656

      I have no idea what’s going to happen if a Windows Defender patch goes south…

    • #35657

      I’m on Win7 Home Edition with two separate desktop machines at home, and am likely to be allowing free rein to the monthly combined updates and separate e.g. IE and .Net Framework updates that are offered as important and checked, but waiting as now for a couple of weeks for advice here and elsewhere on how they’re going. I’ll continue to ignore Silverlight and driver updates etc.

      I haven’t yet decided whether to go for the non-WU security-only version or the WU security/non-security version. I guess I’d like to see what’s in the non-security part first, given that those are the updates I’ve mostly chosen (on advice) not to install previously.

      What I don’t understand is why I would want or need to “unhide” and install the many updates I have previously hidden as unwanted, and yet that seems to be what you’re recommending, Woody.

      Thanks as always for the advice.

    • #35658


      If you regularly use to hide updates and the number of hidden updates that you count for now is 24 (not including the Language Packs if running Ultimate), chances are that your Windows Update is already messed up.
      I suggest you to reset the Windows Update and start clean. You will lose the Windows Update history, but that one is just a cache not essential for functionality and can be reset by a number of other causes outside of your control, like Windows Update clients updates.

      It works like this:
      1. Stop (do not disable or change their default state) Windows Update, Trusted Installer, BITS services
      2. Delete (or rename if you prefer to keep a backup copy) the folder C:WindowsSoftwareDistribution
      3. Restart the computer.

      After doing all those actions, there will be no hidden updates or corruption in your Windows update and you can go online and perform the updates.
      Never hide updates again, except for very short term – only few minutes or hours for testing only. If you prefer to skip certain updates, just ignore them, but do not hide, as they often get revised, replaced or expired and by having hidden versions at the time when they get modified, you actually impact the Windows Update management of the updates and corrupt your system.

    • #35659

      You cannot have 92 Optional Updates, unless you count the Drivers, Skype, Silverlight, Office 2007 Help files and/or Language Packs.
      There are only 6 true Optional Updates, maybe few more including superseded, but under 10 anyway. 3 of them relate to Remote Desktop 8/8.1 which in turn have their own security updates (yes, security updates to optional updates which is quite normal). There are few others which have rather obscure functionality for most people, but are not harmful and I would recommend installing them exactly for the same reasons which Microsoft says in their blog.
      You don’t select what comes in the original version of Windows or in a Service Pack don’t you? And a lot is unneeded functionality or components.

    • #35660

      Skype, Silverlight, Bing Bar are not Windows Updates, but Microsoft Updates.
      An interesting one is .NET Framework 4.x.
      In Windows 7 it is not a component, does not follow the regular Windows Servicing Stack procedures, the updates are more like the Office Updates behind the scenes, while in Windows 8 and after it is part of the OS.

    • #35661

      It will be replaced with another one in the next 6 hours. It happened with MSE few times and was largely unnoticed.

    • #35662

      Office 2013 and 2016 at least have all the non-security updates as cumulative updates and this was the case for many months. However, behind the scenes, Office updates do not use the Servicing Stack model as they are not technically Windows components. I think they use the Windows XP style of updating which was different.
      The older versions of Office are like Vista, on the way out and I think Microsoft patches them only when they feel that it is absolutely required.

    • #35663

      Got about 98% back… Am definitely hiding the updates that caused the problem… Considering turning off updates entirely!

    • #35664

      ” Group W is where they put you if you may not be moral enough to join the Army”
      Alices Restaurant, Arlo guthrie, 1968?

    • #35665

      The IE and NET patches seem to be going OK.

      If you’re in “Group A” might as well unhide evertyhing and get ready for teh cumulative updates in October. If you’re in “Group B,” there’s no need to unhide anything.

    • #35666

      I’ve hidden it and fuhgoddenaboutit 🙂

    • #35667


      “Just tried to install the August security updates on my Win 7 SP1 x64
      workhorse PC, and something went horribly wrong.”

      Can you list the security updates that you tried to install that caused this catastrophe?


    • #35668

      So, Woody, are you throwing in the towel then? You’re not recommending Win10 now, are you? I’m surprised you’re in Group A.

      I’m in Group B, leaning towards Group U (Ubuntu). Windows Updates are turned off on my machines. I do use Google, but it’s not taking over my computers to the extent that Microsoft’s whims can and would.

      I’m most disappointed that we will have to revisit this on our domain at work very soon I’m afraid. I think it’s time to start up a WSUS server.

      I keep thinking of going back to 10 and accepting fate but I can’t do it. I can’t risk having freezing machines (which the 10 AU did to one of our Visual Studio dev laptops at work).

    • #35669

      OK, I admittedly am not as tech knowledgeable as many here, but if I were to opt for Woody’s Group A, how do I know to exclude driver updates? If they are rolled into some big lump with the rest of the updates how does one recognize them, let alone exclude them?

      The driver updates worry me because my main desktop box – while still a powerhouse – is now just under five years old and even driver updates from some of my device manufacturers have caused crashes on my Asus mobo. I have to be really careful with all driver updates. If MS rolls some into their “rollups” I’m afraid my box might not survive but would require a reinstall of the OS.

      Any advice?


      Jim McGowan

    • #35670

      Against my choice, I am now in Group A, all updates installed except the optional ones.

      I had to do the routine to speed updating and, per their instructions, had turned off all updates. I then installed only the security ones.

      After all that was done, I changed my settings back to “download updates, but let me say what gets installed.” Next thing I know, all the updates, except the optional ones, were installed. I’m now in Group A without my permission given.

    • #35671

      I did

    • #35672

      Download the update, which in this case if I understand well is Office XP SP3 and install it. I believe it fails because Windows Update tries to use the Express package and you may be missing few other components which come only with the full package. This was relatively common for Office few years ago.

    • #35673

      No need to invoke malice when incompetence suffices.

      Ms made a stupid bet on cutting costs by having users debug development. It failed big time and they cant put the cat back in the sack.

      I don’t think they know how to fix this.

    • #35674

      I patched 3 laptops today, all x64, one Vista, two Win 7. Thanks to Woody’s recommendation of Canadian Tech’s method (thank you Canadian Tech!) the two Win 7 machines took less than 1/2 hour each from start to finish. Using Dalai’s magic, the Vista took less than an hour.

      Count me strongly in Group B. Due to old programs, the Vista box will become an air-gapped workstation next April. Maybe the Win 7’s will too at some point…

      Thanks again Woody for all your efforts!

    • #35675

      Skype is unfortunately in the list. But that branch is not maintained, so if anyone is tempted to install everything from Microsoft Update, there are 2 areas which are certainly to avoid:
      – Language Packs (1-2 extra are acceptable, but in any case not all!!!)
      – Skype

    • #35676

      Sorry for missing Bing Bar, I think it has not been offered since Windows XP. This makes the previous list with 3 areas.

    • #35677

      Is KB3172729, the security update for Secure Boot safe to install?

    • #35678

      I have seen very few reports of problems after installing it. I say go ahead.

    • #35679

      When you tell Windows to “Download updates but let me choose whether to install them” – that means the updates will be installed the next time you boot the machine (although there are some weird workarounds). The setting doesn’t mean what you think it means.

      You’re far, far better off choosing “Check for updates but let me choose whether to download and install them” or “Never check for updates (not recommended).”

    • #35680

      That’s probably the #1 concern among Group A folks. The short answer is: We don’t know.

      I’m counting on benign neglect: Microsoft will stop pushing driver updates – or, if MS continues driver updates, they’re identified and distributed differently.

    • #35681

      I’m not throwing in the towel. 🙂

      Well, OK, I’m throwing in the towel, but I want to keep helping those in Group B. There are very good reasons for staying with Win7 and avoiding as much of the snooping onslaught as possible.

      Personally, I moved to Win10 long ago for my production machines. It’s hard keeping on top of the Win10 shenanigans. I need to be buried in it every day.

    • #35682

      Spybot Anti-beacon appears to block at least some of the telemetry.

    • #35683

      Your advice for everyone with Win7/win8.1 includes installing all the security updates. I am running 64-bit Win7 Pro, and one the security updates was KB3177725 (the update with the printing bug) which I assume will show up for everyone on Win7/win8.1.

      So let me suggest adding that people should also install the appropriate version of KB3187022 (the fix) from the Microsoft Update Catalog and that they can use the RSS feed trick and go to http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3187022.

    • #35684


      As far as I can recall, I installed these 3 together: 3177393, 3178446, and 3178465.

      When the reboot to finish the updates started, the Starting Windows screen appeared and then froze for a second, and then rebooted, etc.

      Don’t know which patch(es) actually caused the problem, but next time I go near them, I will be making a full image backup before installing them one at a time!

    • #35685

      As Woody often recommended, as far as drivers are concerned: get them exclusively from the manufacturer website. Never, never allow windows update to do driver updates!!

      I have a few horror stories of my own as regards driver updtates from M$; like that year where an update borked 3 times in a row about 250 classroom and lecture hall machines. We are only two support techs for 500 classrooms, imagine those mornings where you suddenly get 200 support calls in about 10 minutes…

    • #35686

      They’ve made it clear in the various responses that have been linked here that the combined update only relates to Windows issues and that external updates like drivers and Office etc will be kept separate. Check out Nathan Mercer’s Q and A responses below the article here:-


    • #35687

      I know this is a fluid and uncertain situation but the one thing that would absolutely drive me into Group B or lower is MS including third party drivers in the monthly cumulative non-security rollup. To me, that practice would be a bridge too far and would make the Group A path just a bit too dicey.

    • #35688

      From your ET hillbilly, computer challenged friend: If I go “A”, I am in effect turning over my computer completely to MS? If I go “B”, I will lose my computer long before 2020?

    • #35689

      Will we ever be able to get security only updates through WU after September or will we HAVE to use the windows update catalog to get them? Sorry if I’m asking a repeated question but I feel like I’m swimming in dark water here. (Especially since I had never even heard of the update catalog before talk of the update changes began.)

    • #35690

      According to what we’ve seen, if you want to stay in Group B, you’ll have to:

      > Turn off automatic updates, thus foresaking the WU service
      > Manually download and install blobs of security patches, from the Update Catalog

    • #35691

      “Group A” doesn’t completely turn your computer over to MS. But it does mean you’ll only have one choice when you decide to apply a month’s updates — Microsoft’s way.

      If you can accept Microsoft’s snooping, that isn’t a bad way to go, providing you wait until it’s clear that the cumulative updates don’t harbor anything life-threatening.

      If you go with Group B, you’ll be in very good company – I anticipate many enterprises will stick to Group B. I don’t see it going away before support of Win7 ends. And by that time, we’ll be in a completely different post-Windows era.

    • #35692


    • #35693

      Thanks Woody, my biggest problem with all this (other than the update catalog not opening with Chrome) is that it almost seems like M$ doesnt really care if peoples systems are secure or not if we’re not okay with just giving up and doing things their way.

    • #35694

      Microsoft has much less incentive to get people to update, now that the Get Windows 10 campaign is over.

      Other than that, MS does care about mass attacks. We’ll keep getting security patches.

    • #35695

      *sighs* I know your right, I’m just really frustrated. One last question then I’ll be out of your hair. If we’re willing to trust M$ and take everything they offer we can still get security patches through WU, am I understanding that correctly?

    • #35696

      I have heard that MS has told Intel and AMD that they will not support the 7th generation Kaby Lake and AMD Zen processors for anything other than W10. As a result, Intel will not be providing updated chip drivers for W7/W8.1 OSs to appease MS. Inevitably, MS intends to kill of anything other than W10 if they can get away with it. My understanding is that Linux will support the new processors from Intel and AMD. If anyone knows more about this development, it would be interesting to get more details.

    • #35697

      Just remember that it’s the same hollow threat MS made with Skylake processors. Took them just a few months to back down.

    • #35698

      You have two choices for Win7 and 8.1 after October:

      Group A = get all of the patches (security and non-security) delivered in one cumulative update blob, through Windows Update

      Group B = get security-only patches in one blob, but you have to download and install them manually.

      There are millions of details to be ironed out, but that’s the general framework.

    • #35699

      Thanks Woody, I know your a very busy man. As sad as it makes me, it looks like I’ll be sticking to group A. Looks like I have some patches to install. Thank you very much for simplifying things for someone who is very quickly becoming afraid of technology.

    • #35700

      Having very belatedly set my computer to “Never check for updates (not recommended)”, I can report that its performance has improved markedly. No more wasted CPU cycles, and MSE now updates its virus definitions regularly (as it failed to do when WU was constantly checking for updates).

      This setting has been recommended by various parties on AskWoody, and I should have chosen it much sooner. Better late than never, though, and doing it now may preclude a big October Surprise.

    • #35701

      @MikeFromMarkham, @Woody

      “As far as I can recall, I installed these 3 together: 3177393, 3178446, and 3178465”

      I also have a W7 SP1 x64 machine and I have NONE of those security patches you mentioned offered to my machine.

    • #35702

      I certainly hope it will go the same way. I can see their perspective when it comes to W7 but in the case of W8.1, we are talking about essentially the same OS kernel as W10. I don’t know about others but I am having a hard time keeping up with all this stuff. It’s not my day job!

    • #35703

      No need to fear it. But you need to understand it.

    • #35704

      Why far better when Ms proves to be more dangerous than malware?

    • #35705

      Other than security what exactly have updates added that’s worthwhile? And now security is a way to spy and force upgrades.

      The more u accept as inevitable the more Ms will screw u.

    • #35706

      Good one. I’m there too.

    • #35707

      Do what I do stop Wu and focus on ur job.

    • #35708

      One must not understand it one must ignore it.

    • #35709

      There are some minor improvements to Win7 with non-security updates – the Azerbaijani manat, for example. 🙂

    • #35710



      Do you mean turn off WU or change the setting to “Check for Updates, but let me choose etc”.

      You will need to know the Patch no before you can download from MS Catalogue. – or have I missed something?

    • #35711

      At this point, “Check for updates, but let me choose” and “Never check for updates” are functionally the same thing. Turning off the Windows Update service is an option, but I don’t think most people need to do that.

      Yep, you’ll need to know the patch number before you can download from the Windows Catalog. But “Group B” folks will only have to deal with one (or a small handful) of updates – they’ll be bundled together.

      At least, that’s what we’ve been told. No telling how it’ll work in real life.

    • #35712

      Hear! Hear! That is exactly correct. MS is more of a threat than malware. Invest in malware/AV and do not allow anything but Security updates, if that?


    • #35713

      @Woody: It is very confusing for me with reference to “Group B”. I do not know what RSS is, however I think I saw a reference to that that related to going to, and using the MS Catalog to install the updates. I could be mistaken since it’s been a while and there is so much information to read it makes it more difficult for the “non-techie” members.

      It appears there could be serious problems with Group A, if there is a bad update installed and no way to ascertain what it is, nor help removing it?

      Then with Group B, getting only the security updates, however this Group must go to the MS Catalog to obtain the updates and try to check them out for safety as well (?).

      This is a nightmare I never could have imagined when I invested in various OS’s over the years. A “headache” that won’t disappear until we can decide which of the two options will be the safest. I’m not concerned with the “snooping” issue, it is only the safely of the computer (Win7 Home Premium). Like many, it’s the only one I have.

      Thank you for all of the advice you consistently provide to us all. 🙂

    • #35714

      @Louis, @Woody

      Sorry, 3178446 should be 3178466

    • #35715

      If safety is your only concern, and you’re going to stick with Windows 7 or 8.1, just follow the instructions for Group A. You don’t need to worry about anything else at this point.

      Once we figure out how this works, the instructions will be easy. You’re thinking too much!

    • #35716

      @Woody: No doubt you are correct about the “thinking too much”. I appreciate your common sense approach and good advice! 🙂

    • #35717

      No, definitely home users should not install an update which is not on Windows Update. That one is only for sysadmins and only if they are affected by the print bug which is extremely unlikely.
      For almost everyone else, wait for the update to be published as it is a good reason why it is not on Windows Update.

    • #35718

      Good point, though I wouldn’t ascribe it to deliberate malice, rather total indifference to their customers.

      Can’t blame them really, they know the vast majority of users will carry on blindly using Windows no matter how bad things get, so they can do what they like and know they can get away with it.

      Sadly any sense of corporate decency died a long time ago.

      I doubt much will change unless Linux starts to get decent developer support and goes mainstream, but that seems pretty unlikely.

    • #35719

      This is the beginning of a long slide downwards to IBM/HP/Dell kind of status.

      The C suite will get paid handsomely by the board for rising stock prices in the near term. C suite focus at MS is on the next 3 months or so. They are blind to what will/may happen more than a year down the road.

      MS lost touch with “customer” years ago. They have no idea or interest in what customers think or want.

      I can’t even count the number of computers that “Microsoft Senior Technicians” have ruined. Stories abound about people who called for support, paid for it, and ended up with a bricked PC.

      I do not expect MS to ever behave differently, probably worse. It would take an unusual cataclysm for them to reverse course. Windows 7 IS the last good Windows. It is the gold standard.

      Corporate IT should focus on Win7 and building an infrastructure that they can support using it. They will never get the kind of support they got in the past and are now on their own.

      The only thing that could even get MS attention would be a wide-spread corporate IT rejection of Win10.

      There are golden opportunities out there for someone to take advantage of the situation. Either with a Linux-based system that is man-on-the-street focused and/or people who will offer services to keep Windows 7 running cleanly and safely.

      I can only imagine what Steve Jobs must be thinking now.


    • #35720

      @Woody: If I read everything correctly, it states that those opting for Group A, CANNOT switch to Group B.

      I am being forced to continue to read as much as possible, and “re-think” which option to finally decide upon. Being unable to switch from A to B is very restrictive, and poses the question as to the “REASON”?

      I will continue to read each and every comment relevant to this dilemma MS is forcing upon its users.

    • #35721


      I guess I’m in Group B (or maybe eventually, Group C — stop patching all together!).

      First, are there still September Updates that will be offered coming before the big change in October? Or are the security updates we would have just installed with the current all clear by you be the last updates before the big change?

      I *think* you’re saying that there’s no difference between selecting “Never check for updates” and “Check for updates but let me choose what to download/install” (or however those are worded) at this point. But wouldn’t choosing “Never check for updates” alleviate the high CPU, constant checking issue?

      Up until now, to avoid that issue, I have been successfully manually installing the monthly kernel update, which someone usually posts the link to here. Should one more of those be posted this month too?


    • #35722

      Yep, there will be updates in September. Remains to be seen how many will be rolled together. The big change isn’t supposed to happen until October.

      You’re right, “Never check for updates” will alleviate the high overhead for folks who haven’t used the trick(s) to install the latest speedup patch(es).

      Presumably there will be a new speedup patch coming next week. We’ll see.

    • #35723

      You’re working too hard!

      When you go down the Group A path, you’re installing everything Microsoft puts out there – including, presumably, additional snooping capabilities.

      You can switch from Group A to Group B anytime you like – but the old stuff will still be there. It’s highly unlikely you’ll be able to remove earlier Group A updates, for more than a month or maybe two at a time. Nothing definitive, but I’d bet against it.

    • #35724

      Was the bug only for Win10, or also for Win7 and 8.1?

      I installed KB3177725 on two Win7 computers a couple of days ago. Out of curiosity I immediately checked whether they printed normally, and they do.

    • #35725
    • #35726

      Ok, I’m getting really confused as to what to unhide and install. I’m in Group A. Are we to Install All of the past Hidden “Recommended Updates” and “Optional” updates,some which don’t apply to my system and some which broke things? Do they need to be installed separately by date released? Such as rollups which started in June. There are posts that say to unhide them but I didn’t see where there was recommendation to Install them all. I’m assuming unhide them means to install them. I have heartburn knowing some of these updates broke things yet it is suggested we now install them, except for Skype, Silverlight, Language Paks, Drivers, etc. When I restored the hidden updates, KB2952664 came back! Isn’t that related to Win10? Can you please help me understand? I’m sorry if this was addressed earlier but there are now 187+ posts.

    • #35727

      If you feel comfortable in Group A, yes, unhide everything, then let Windows Update take over. It’ll figure out the correct order.

      I’m not aware of any outstanding patches with bad bugs. If you know of one, give a holler! Most of the patches that people hid have to do with telemetry, and if you’re going with Group A, you’re going to get plenty of that starting in October.

    • #35728

      Thanks Woody. What about old KB2952664? Some of the non-security updates hidden for past year as recommended also had to do with time zone changes, journal removal, fix for Oracle sys drivers, etc. Is it okay to keep hidden the “Optional” updates from MS and just install the Recommended non-security updates?

    • #35729

      OK, thanks.

    • #35730

      @Canadian Tech We come from a different perspective and while sometimes our opinions diverge slightly, now due to overwhelming evidence, I don’t have any objections when you say that Windows 7 is the Gold Standard for a Microsoft OS. Unfortunately I don’t think that Linux on the Desktop is the answer for corporations.
      It would take a miracle for Windows 10 to recover, but in that case would not be Windows 10 any longer, except for the name perhaps. As it stands currently, Windows 10 is another try in the line of Windows 8/8.1, probably slightly evolved when compared to Windows 8.1, but not so much. It is a flawed concept from the start to combine a Desktop OS with a Phone OS and although there are workarounds (Server 2016 as a Workstation, Windows 10 LTSB, uninstalling everything Windows Store related on Windows 10), it just does not look or feel right or is too expensive.
      I believe that the future belongs to terminals connecting still to Windows Server as it has already become too complex for end-users to administer their own devices.
      See a possible evolution here:

    • #35731

      That despite the monumental efforts by woody to make sense of Wu people are still confused is the best evidence that the mess is beyond comprehension. What is clear is that there is no justification for the effort to figure out what to do. It is a time consuming frustrating effort without visible benefits.

      Rational users with average tech knowledge would be much better off discontinuing updates for good. That is the only thing that would force Ms to put an end to this although I am not sure that it can at this point.

    • #35732

      You have a better way to reset your Windows Update than unhide old entries, as some may have already been retired by Microsoft and are left as orphan records.
      Reset your SoftwareDistribution folder as I posted here previously few times or research the internet for details.

    • #35733

      It is entirely clear that Drivers and additional products (MSE, Office, Silverlight, Skype, server product updates) have nothing to do with Windows Update rollup packs. Even .NET Framework 4.5.2/4.6.1 and which are additional products (only for Windows 7) will be updated separately.
      If you don’t have the extension to Windows Update named Microsoft Update, you wouldn’t even know about all the other product updates, except for .NET Framework.

    • #35734

      The main criteria for those updates that “broke” things is if they broke things on YOUR system. They break things on about 100 computers worldwide out of millions or tens of millions if not hundreds of millions, like the printing bug. If you are one of the unlucky 100, then by all means, stop updating until you fix the underlying issues.

    • #35735

      Woody, could you please explain why you feel we should now unhide and allow the installation of many, many previously hidden updates purely because the system is changing in a month’s time? Why can’t we simply install the September updates as usual when advised it is safe to do so and then see what we’re offered under the new system in October?

      If a post-October rollup update includes previously hidden stuff, so be it, but why do we need to be proactive in putting previously hidden updates back in the mix? I think that’s what’s puzzling some of us.

      I think you’re wrong to assume that most of the patches that people hid have to do with telemetry. It has been pretty standard advice here and elsewhere that if patches were optional and unchecked they shouldn’t be installed without good reason. I have 43 hidden updates myself, 9 of them security ones hidden for good reason over the last couple of years.

    • #35736

      If you hid a patch for good reason, there’s no harm in keeping it hidden.

      But folks who intend to go with Group A in October might as well start taking advantage of any improvements in the patches. They’ll get the telemetry sooner or later anyway.

      Of course, if you feel more comfortable waiting until October, by all means do so.

    • #35737


    • #35738

      Good point – but there’s no chance that MS will change the new cumulative update method.

    • #35739

      If you’re in Group A, you’re going to get hit with all of those old updates sooner or later – you can hide them, but they’ll be overridden by the cumulative updates in October, going forward.

      So, yes, if you’re in Group A, go ahead and unhide everything, including KB2952664. Let Windows Update sort through what’s been superseded, and update as usual.

      If you’re skittish about doing that, there’s no harming in continuing the security-only patching. But you’re going to get hit with the old ones sooner or later.

    • #35740

      @ch100 I don’t know of any Linux that comes close to a Win7 replacement. However, I believe if someone wanted to bad enough, they could come up with a Linux-based equivalent that could be a reasonable replacement. It just needs enough money, time, talent and good marketing. That leader would replace Gates.

      I agree completely that Win10 is really Win 8.2.

      I say again, Win10 will fail miserably just like its parent Win8 did.

      The real question is can MS recover and what will they do to accomplish that.

      Terminals may be in the future, but that is certainly not what I would favour. The reason the PC was born was because hardware became powerful and cheap. That is even more the case today.


    • #35741

      @fp I agree completely. In the real world the vast majority of people who stopped WU, will simply leave it that way. The ones that had let it run, will leave it that way.

      WU is way to confusing and too much mental work for the average one to comprehend or even try to.

      My advice to those people will be to set WU to Never and leave it that way.

      Never means Never let Microsoft change your computer. It means you are in control. You can choose what to do and when to do it.

      There are a few, like me who will interpret and make a path simple for their clients.


    • #35742

      Woody: I’ve seen references to unhiding updates, however, will they just be added to the “update lists”? The only time I’ve uninstalled a hidden update was to install it, and I wouldn’t want to be “forced” to install all of these at once without trying to check them out. Of course I could check them out in the hidden list however that would take “forever”.

      (Yes, too much reading again, however I want to perform this task correctly). Apology for the bother.

    • #35743

      @Canadian Tech: “I am considering the possibility of never again using WU and disabling it forever.”

      Of all the alternatives and groups mentioned within the nearly 200 posts (and counting) here, @Canadian Tech’s is the only one that doesn’t roil my stomach. I think the group that best describes the one I’m joining is @poohsticks’ “Group T (for tinfoil)” .

      I won’t be installing the August updates, nor September’s and for damn sure not October’s. And here’s where the tinfoil hat comes in — I seem to recall that there was at least one instance of MicroSnot coming into PCs — even though they were set to Never Check — and modifying (updating, upgrading, or whatever term they used) the Windows Update Service. I’m concerned that some stealthy stormy night, they will modify WU to take away the Never Check option, thus forcing all Windows PCs to swallow their ad-fueled force-feed strategy. This afternoon, with tinfoil hat firmly in place, I set the Windows Update Service in my main PC to Manual. By the next Black Tuesday, I will probably set the Windows Update Service in all the PCs I maintain to Disable. Perhaps that will stop or slow the process down.

    • #35744

      1. Actually, there have been a few apparently non-snooping, non-upgrade updates since November 2015.

      On my Win7 Pro x64 desktop, here are the non-snooping, non-upgrade (I think!) updates I’ve hidden since November 2015. I didn’t need them, but I don’t remember if there also were problems with any of them. All are Recommended. (I installed others I thought were safe and applied to my computer, like daylight saving updates.)

      KB3107998 Remove Lenovo USB Blocker version to avoid a system crash
      KB3118401 Update for Universal C Runtime in Windows
      KB3121255 “0x00000024” Stop error in FsRtlNotifyFilterReportChange; copy file may fail
      KB3133977 BitLocker can’t encrypt the drive and the service crashes
      KB3137061 Azure virtual machines don’t recover from network outage (data corruption)
      KB3138378 Improves the reliability of Journal.dll by removing unused code
      KB3138901 Users can’t access Internet when multiple users log on to Remote Desktop Services
      KB3140245 Support for Transport Layer Security (TLS 1.1 and TLS 1.2)
      KB3147071 Connection to Oracle database fails when you use Microsoft ODBC or OLE DB Driver

      2. Woody, I can’t begin to express the gratitude I have felt to you over and over during this past year. I’ve faithfully followed your advice for many years, first on my 2002 WinXP Dell, and then on my beloved 3-year-old custom Win7 Pro i7 desktop, carefully configured to last till 2020. I thought the emotional roller coaster would be over after July 29, but no, you are still my computing lifeline! So here I am, a Group B senior citizen, hoping I can keep my Win7 computer safe on the net till 2020, anxiously studying Linux and Google alternatives just in case, and continuing to be deeply grateful to you for your sound advice and for providing a forum for truly informed discussion.

    • #35745

      Sure but only bcoz there is no revolution, which is what it requires. Why should Ms stop the mess if everybody accepts it one way or another?

      I am still waiting to hear what benefits justify the updates and the hassle associated w. It.

    • #35746

      You’ll be fine with security-only updates: Group B will live and prosper.

      It’ll take a while to get used to the new routine, but it shouldn’t be too tough.

    • #35747

      If you unhide updates, then run “check for updates,” Windows Update will take a look at the updates you’ve unhidden and show those that are still germaine.

    • #35748

      At the same time, though, if you don’t install security patches, you’re definitely at more of a risk. How much more is certainly open to debate, and depends on all sorts of things.

    • #35749

      “When you tell Windows to “Download updates but let me choose whether to install them” – that means the updates will be installed the next time you boot the machine (although there are some weird workarounds). The setting doesn’t mean what you think it means.”

      WOW! I had no idea that setting worked that way. You’re right the setting doesn’t mean what I thought it meant. I just thought I simply allowed them to download and it was up to me whether or not to choose ultimately to install them. That setting is misleading.

    • #35750

      Thanks for the encouragement, Woody! I can deal with the catalog via Rss with Firefox. That should be much easier than this last year’s mess. I’ll just relax, forget Linux, and wait for your DefCon OK on the security updates. 🙂

    • #35751

      Simple is not always optimal. 🙂

    • #35752

      What most people here don’t understand, because it is not clearly explained by Microsoft and they have limited technical understanding of the underlying design, is that each update comes with certain versions of the Windows components, the .dll files, but .exe sometimes too. Regardless of the purpose of an update, it comes with its own versions, which are generally higher (later) than the previous ones. When Microsoft releases new updates, they test them against the so called baseline, which is their baseline, ideally the same with what is installed on end-user’s PC when fully updated. By not being fully updated and with versions consistent with Microsoft, this invites all sort of uncontrolled behaviour.
      When there is a suggestion that Security Updates only will be released only on Microsoft Catalog, there is an implicit understanding that those releases are addressed to Systems Administrators and Software Developers (programmers) only, who are able to either fix unexpected issues or call Microsoft Support as part of Enterprise Agreements.
      The same level of support and technical ability is not available to end-users except for those very few who are highly skilled. This means that most end users, especially those who are following recommendations without being interested in the technicalities behind those recommendations, would be better off by following the Group A guidelines.

    • #35753

      God, I really am po’d at Microsoft for this. Will have to break down and try to learn Linux.
      Hey readers… any recommendations for a good version of Linux for beginners?

      Woody question: If we go to Group A, I guess that means we’ll be vulnerable for all the advertisements Microsoft will probably showering upon us as time goes by?

    • #35754

      Woody more at risk is an illusion based on pre-w10 notions. That world is gone. Ms now causes more damage than any security risk.

    • #35755

      @ Woody,

      Well said – and this is what I suspect so many Group A subscribers have been waiting to hear from you.

      Now all you have to do is explain to them how to identify and install the Monthly (non-cumulative) Security Update (1 month in arrears – high DEF Con rating) and I suspect most will convert to B Group membership.

      (me – I’m “wait & see, then possibly B, c or “no updates”).

      Like so many here have already said, thanks for all you have done to date.

    • #35756

      I understand ur job. But I have to ask myself how productive is it for so many like u to put up an effort to defend from incompetence of Ms.

    • #35757

      Yep, and as soon as I have details and the dust has cleared – late October, maybe November – I’ll publish full details.

    • #35758

      I’ve always found the middle way – to wait for the patches to stabilize – the best method. There have always been risks from MS (hence “MS-DEFCON”) and always been risks from the outside. The question is how best to mitigate both.

      Ain’t easy.

    • #35759

      It’s possible (likely in my opinion) that Group A folks will get targeted ads. Remains to be seen if they’ll show up inside Windows.

    • #35760

      Likely true. But they should also understand that they’re opening their machines up to more advanced “telemetry” than what they’ve seen before.

      I hope to help Group A folks by telling them when to install the cumulative updates. That’s similar to what I’ve done for many years – since the XP times – before Get Windows 10 raised its ugly head.

    • #35761

      Ab-so-lutely. Thus, the reason why I don’t recommend people use that setting.

    • #35762

      @Old Dog: I think there are many who are leaning more towards “Group B” at the present time. It is a very complex issue, and much to consider over-all. Good luck to us all.

    • #35763

      The Linux Mint distro is very popular and may be my next OS. I have also used Debian and CentOS and found them to be reasonably user friendly. On an old netbook I installed Lubuntu when support ended for XP and haven’t had any problems with it.

    • #35764

      Stroll over to bleepingcomputer DOT com, head into the Linux/Unix forum, lots of good info over there.

      Think about the applications you use on a daily basis, that can help drive some choices.

    • #35765


      “…if they broke things on YOUR system. They break things on about 100 computers worldwide out of millions or tens of millions if not hundreds of millions,…”

      With all due respect, you’re delirious.

      “Hundreds” that you know about, hundreds of thousands, even millions, that have NO interest in finding blogs or websites to make their troubles known.

      Hundreds of thousands or millions around the world who take their machines to repair shops or friends and we NEVER hear about all of their problems. Multiple MILLIONS of people around the word who have been jumping through hoops NOT to get taken down by an inept MS patch Tuesday barrage.

      ch100, as you have stated, you’re not just “in the minority here”, you need to stop being a Microsoft apologist. You need to acknowlede that using a home computer or a small business computer should be, after all these years, PAINLESS for users. And Microsoft has made it anything but painless for hundreds of millions of people worldwide…

      Your assumption that only “the unlucky hundreds” of people around the world were affected by the printing patch is just a head scratcher when a poster here, with hundreds of clients, had to take defensive actions to PREVENT a potential printing disaster. I guess being forced to take defensive measures to protect one’s business or personal data is the user’s issue and not the company that is actually causing the issues? Please, that’s an apologist’s approach.

      Taking you advice to heart, many millions more people, who installed everything MS sent down the update chute (YOUR advice), would have had W10 FORCED onto their machines. The “install everything to keep updates running smooth” doesn’t fit with your “avoid the GWX Updates”…especially when no one knew for sure which updates contained GWX. You can’t have it both ways.

      Your “install everything except these handful of updates” is a blatant contradiction. Promoting “install everything” and then listing “exceptions”, even one “exception”, puts your advice in the very questionable category.

      How you can defend a company who changed a 50+ year old standard of an “X means close the window and take no further action” to “yes, install a new operating system on my machine”, is beyond my comprehension.

      I’ve often said your technical knowledge is excellent but your continued defense of Microsoft’s indefensible policies is not excellent at all.

    • #35766

      I would disagree.

      I don’t agree with everything ch100 says, but he has a very good, consistent way of dealing with patching problems.

      The truth is that none of us has any particular insight into the number of people with patching problems. Everything I’ve done, for more than a decade, has involved listening to people and their complaints. I don’t have any way of knowing if a particular bad patch affects thousands or tens of millions.

      As for Microsoft… it really isn’t a question of Microsoft having indefensible policies. I think all of us would take that as a given. (Assuming you can even FIND their policies.) It’s a question of what you want to do with the products that are offered – and how much effort you’re willing to expend, in order to maintain your privacy. That’s true with Microsoft, as well as Google and Apple – and now, it appears, with LG refrigerators.

    • #35767

      bleepingcomputer.com is a great resource for all sorts of things.

    • #35768

      @ch100 If we followed your path, we’d all have Win10 AU now.

      I, for one, will NEVER have Win10 on ANY of my production machines. I used to live and breath MS software from the early DOS days. With Win10 things changed.
      I am of an age that values their privacy, MS does not. I might consider Win10 a descent operating system if it wasn’t for the breach of privacy, advertisements in my private space, monopolistic use of BING/Cortana, pushiness of their inferior Universal CrApps, use of my bandwidth for their benefit, forced update rollups, and never knowing what offensive additions they will come up with next. I no longer trust MS. I do not like their lying, unethical, conceited behavior.

      Although I have put my “clients” (don’t know if the term is fitting for free support for friends, neighbors and family) back on Automatic updates because they would not get security updates otherwise, I feel guilty for making them victims.

      Not everyone can afford a Mac. Not everyone is technically capable of the change to Linux. And most need more than a ChromeBook.

    • #35769

      I wonder why, if we omit non-technical new MS way of doing business reasons, Microsoft doesn’t simply allow at least 3 months without issue with a patch before shoveling it in the mandatory package, a bit like it does with the things like Anniversary Update that you can defer for a while if you have the Pro Version. You could remove or uninstall patches for a little while until no more issues happen, but you run a common core of a lot of old patches. Then everybody has the same baseline plus a few differences until things are clearly ironed out. That would prevent issues like you send a patch that breaks something and you can’t remove it while you wait for MS to fix it. That solution doesn’t fix the issue that there might be some patches you never want, like those that add some customer experience improvements and the like, but that is another topic. However, you don’t have to choose between being behind on security or accepting everything and being unable to uninstall what doesn’t work.

      I loved Windows but I am really annoyed by what is currently going on. I don’t need more trouble maintaining computers because MS resets our settings every 4 months with a new Service Pack / Windows 10 version that also disable more Pro features that prevents games, ads and other distractions. Ironically, Nadella recently said that he was working to make Small Business have the same tools as big enterprises to be more productive. I didn’t know Candy Crush was part of the productivity package of big enterprises. Right now, my experience with Windows 10 has only been more troubles and a computer that suddenly refused to start at all after a small forced update. I used to love computers, now I feel like I don’t have control anymore and I can’t just focus on my work if I don’t want to bother with them, because I never know what is going to happen to my machine.

      I want to share a weird story. We updated a lot of Windows 8 computers to Windows 10, for fear of being too few running 8.1 at some point and have the same fate as Vista users when Adobe decided to not update Reader anymore on Vista even before dropping support for XP. All my Win 10 computers that are not connected to the Internet freeze randomly, about once a week. The ones that are connected to the Internet are fine. We have setups with dual hard disks for OS and Data, but we didn’t install the anniversary update. What is really odd is we have 2 PCs that freeze and then get their date and time reset in the BIOS to the install date of Windows 10. One was a PC that was perfectly fine running Windows 8.1 for a long time. Each Friday between 10 and 12, it freezes, and you can see the clock change on the fly just before. You reboot and then the BIOS clock is set to the install date of Windows 10. I tried manually updating the clock using the internal ntp server and it works without any issue. How weird.

    • #35770

      This one has me stumped. Anybody seen this problem before?

    • #35771

      Is that the time WU searches for updates?
      Or maybe the time the clock syncs with the Internet server and it can’t find it?
      Just some suggestions.

    • #35772

      My clients think it is very productive. They have well running Windows 7 computers and have not experienced nor hopefully, ever will experience the turmoil created by MS incompetence. They hear their friends talk about the mess and tell me they are grateful for being vaccinated from it.

      I fully realize that nothing I do or say will influence the 500 pound marshmallow (M$). But, their near $1000 investments will stay useful, mostly private and keep running for years ahead.


    • #35773

      @fp I could not agree more. The risk to stable running systems is far greater installing MS updates than from hackers.


    • #35774

      Thank you ch100. You actually just gave me a very convincing argument that Group B is risky and Group W is much less risky.


    • #35775

      Yes it is.

    • #35776

      @Greycoat. You are absolutely correct. That is why I have staunchly insisted my clients set WU at NEVER. Never is the only way to gain complete control. A lot of people have a psychological problem with Never. Never does NOT mean never update. It means MS you are never going to make my decisions for me. I will choose when and what to update.


    • #35777


      “The truth is that none of us has any particular insight into the number of people with patching problems.”

      I can’t change your opinion but if you believe, just as only one example, that the recent printing patch issue only affected 100’s of people “worldwide”…well, then there really is no room for discussion.

      “Applying those percentages to Microsoft’s frequently stated claim of 1.5 billion Windows users worldwide gives a ballpark estimate of how many Windows XP users are still out there. ”

      So, MSFT states that that they believe they have 1.5 billion Windows users worldwide.


      So, is the printing patch affected .001% of the 1.5 billion users that would mean 1.5 MILLION users were dinged by the patch. If the printing patch affected .0001% of the Billion Windows users were dinged, that would mean 150,000 users. One would have to get to a .0000001% rate to get to “hundreds of users” being affected that ch100 is alleging. Not a reasonable assumption at all and not very likely at all. If MS had an .0000001% failure rate they would be considered the greatest and most efficient company in the history of the world.

      And again, we are talking ONE patch here, the printing patch, and not all of the BAD patches MSFT has released over the years to ALL of their users. And those patches, for many years, were encouraged to be “auto downloaded and installed”.

      I’m sorry, no reasonable person, with any kind of tech or statistical background, should be giving the advice that any user should install ALL patches from MSFT given the obvious evidence we have seen over the years. That’s why I say that ch100, even with all his technical expertise, is a MS apologist. He has indicated in the past that he does make a part of his living related to MS and their products. And it infuriates me, on a personal level, that he has been giving his “all patches” advice when the evidence points in exactly the opposite direction. Again, “install all patches” would have sent my machine, and many, many other machines, to W10 without passing go.

      And let’s not make this into something it is not…I am not attacking ch100 on a personal level, I am taking major issue with his advice…I am simply indicating that the evidence is out there (this post alone has over 200+ comments)if MS is given free reign on computers around the world with their patches and updating, there is and will be far more than “100’s” of machines affected. I can’t imagine that that point is even in dispute.

    • #35778

      Anyone who is curious about trying a Linux distro for a test drive might consider running Linux in a virtual machine to get the feel of the UI. You can use VMWare Workstation Pro unlicensed as a free download and then set up several Linux distros to try them and see which one you prefer. You have no risks of screwing up your base metal Windows installation as Windows is just serving as the host system to run the virtual machine. If you decide it is not for you, just delete the Linux machine and uninstall the virtualization software and it is like nothing ever happened. It is a very low risk way to try out a Linux OS if MS is slowly wearing you down.

    • #35779

      No question the printing bug affected many thousands – perhaps hundreds of thousands.

      I’m very, very well aware of all of the bad patches Microsoft has released over the years. 🙂

      I would never say “install all patches,” but I would say, “if you aren’t too worried about snooping, wait until the coast is clear then install the cumulative update.” If you are worried about snooping, don’t install any of the optional patches – but make sure you get the security patches, once they’ve had a chance to age.

    • #35780

      Good questions…

    • #35781

      Or create a linux live CD or flash drive and try it out.

    • #35782

      If the machines are more then say 7 years old, try changing that 3 volt button battery on your mother board.

    • #35783

      That was my original suggestion… weird, but it may cause those symptoms.

    • #35784

      Along this line, I had some (non-security) updates from 2014 and 2015, even one optional update from way back in 2013, magically reappear a couple months ago. It was after I uninstalled one more recent update; I don’t remember which one.

      Do you guys think I should hide them, install them, or will the cumulative updates in October go back to even 2-3 years and give them to me anyway? (Although I plan to at least start out in Group B.)

      Thank you! -SBS

    • #35785

      Unfortunately, the machines are less than 3 years old and one is brand new. I now have all of them (4 total) doing the same thing on all PCs not connected to the Internet. None of those connected exhibit that behavior. And usually when the CMOS battery is dead, you reset to like 2002, not August 2016 at the date and time of installation of Windows 10. I updated the BIOS and fully patched the system. Same thing. Weird.

      I tried manually syncing with the time server (which is an internal ntp, not external) and it works well. Maybe it is the time WU searches for updates. I don’t know how to know when it does though.

    • #35786

      If you’re going to start in Group B, only install security patches.

      If you shift to Group A, sooner or later, Windows will get you caught up all the way.

    • #35787

      Sounds to me like a power issue. If not the batteries(check them with a meter anyway) then you could have some wild power line variations. Being a former repairman, I have seen weird symptoms caused by power line variations.

    • #35788

      Thanks Woody! I know that security patches only is the general rule of thumb, but just wanted to double check since these very old updates popped up. Thanks for the reassurance/reiteration. You’re greatly appreciated, always.

    • #35789

      Are these running Win Enterprise? Pro? Business? I would figure Enterprise, except all would connect.

    • #35790

      I’m not surprised at weird stuff happening when the CMOS battery dies. My 2008 eMachines computer died when the CMOS battery went dead. I changed the battery and it came back up again.

    • #35791

      There is a known bug (or it is “by design” for those who are ready to accept that the design is actually the bug, not the implementation) with time setting and the scheduled task which runs weekly on Windows 7. The procedure to fix it is too elaborate for the regular user and I am not presenting it here for that reason. I am just pointing you at the KB describing the issue https://support.microsoft.com/en-au/kb/2385818
      Just a warning, this is not easy to figure out and if there is interest I will provide a fully reliable procedure which should be a separate blog post in itself.

    • #35792


      Chuckle… I’ve already lost most of my mind too! I am confused, too.

      My relatives aren’t interested in this topic at all, though they do think I’m making it more complicated than surely it could ever be — so I think I’m going to put them on the safest Path A that I can, and torture myself with whatever Path B I can deal with (or go off-piste with Path “T”, for “tinfoil hat”!) 🙂

      Many of us are in the same boat. It’s really great that we have found like-minded folks here at AskWoody.

      Please don’t let it negatively affect your health — just make a couple of offline copies of all your important files as they now stand, continue to keep up with the news and advice here on AskWoody, do your best but don’t stress too much over it, and I think it will work out okay for us all, one way or the other.

    • #35793

      They are running Pro.
      I highly doubt it is a power issue. This is 4 different computers spaced very far apart in different rooms with separate circuits in a big office building. None of them had issues running Windows 8.1. Only when I upgraded to Win 10 they started to exhibit theses symptoms. All other PCs running Windows 7 in the office have no issue at all. And all of the PCs with issues have their date reset in the BIOS to the exact date and time Windows 10 was installed. Their date suddenly change, they freeze, then you press the reset button and the date is changed in the BIOS. I know it looks like Malware, bu tI highly doubt it. Those PCs have been installed with all reasonable security measures taken, alone behind a firewall, fully patched then installed with no Internet access, just like all the other PCs I have running Windows 7 with no issue. And those PCs didn’t have issues too when running Windows 8.1 prior to upgrading.

    • #35794


      I agree with you that most consumers will basically be confined to Group A because they will only know to use, or only want to use, Windows Update through their computer’s normal updating channels.

      To go for Group B, it has been said by MS (in the Nathan Mercer Q&A and probably other places) that the non-cumulative security-only and non-security-only rollups will be accessible by the ordinary customer, as well as by big organizations and IT professionals, by getting them from the Windows Update Catalog.

      My assumption, from how people here are talking about using the Windows Update Catalog, is that it’s not straightforward to use, but it’s do-able for the interested amateur.

      Woody is warning here that the average customer may not *always* have access to that special way of installing the non-cumulative half-rollups, because everything is so murky and MS has been changing their policies regularly. So we have to keep in mind that being in Group B might not be open to us for the entire lifespan of our Windows 7/8, even if it will be at the beginning of their new updating system.

      But I do expect that, at least at the beginning of all this hullaballoo, Woody will explain to the Group B people how to use the Windows Update Catalog to find the non-cumulative rollups. Come October, there will be instructions here (and at Woody’s InfoWorld platform, probably), and comments by others on what they are trying and experiencing.

      And later on, if doing it the Group B way turns out to be too complicated for a non-professional, or if it ends up being closed off to ordinary customers, or if you simply decide to move over to Group A in order to save some of your own sanity/valuable time, then I think it is supposed to be very easy to move over to Group A at a later date.

      In other words, if you have any interest in trying out Group B to start out with, I don’t think there would be much of a lasting downside, except for spending some extra time on it to get up to speed with the Windows Update Catalog process, in giving it a go.

      [(And I even think that spending some time now to learn how to do path B as an ordinary non-pro customer, to be careful and try to limit Microsoft’s permissions on your computer, to install the safest group of patches in the smallest possible chunk, might pay off and *save time* down the road,
      as Group A people are going to be at the mercy of not only the extra, excessive data-collection, but also of the greater chance that the all-consuming, cumulative, monster Group A rollup pathway might screw something big up with their computer (which the all-consuming, cumulative Windows 10 updates apparently have already done to some people’s computers).]

    • #35795

      Sorry if I double post, I wasn’t sure my first post went through. Those are Pro versions in workgroup mode. I highly doubt it is a power issue. There are 4 computers exhibiting the behavior and they are in different parts of a big office building with different circuits. None of them exhibited the behavior when running Windows 8.1 and they started doing that as soon as I updated them to Windows 10. All other PCs in my office (many) are running Windows 7 and have no issue at all. The time is reset to the Windows 10 installation date and time. One of those 4 PCs never ran Windows 8.1 before and got installed with Windows 10 from the start.

      ch100, thanks, but this seems to be more related to the trigger start aspect of the time service, which would maybe break the Win7 stations as well.

      I know it might look like I was infected by malware, but all those computers were installed with security in mind, alone behind a corporate firewall, fully patched before being deployed internally with no Internet access, just like we installed all of our computers for the last 15 years.

    • #35796

      I think your first post went through, but I’m approving both just in case.

    • #35797


      I enjoyed the humor and excellent advice, including the encouragement. What a great “upper”.

      I will be working on attempting to keep copies of important files, and continuing to review the options. It is really a serious dilemma for us “non-techies”. Thank you so much for the encouragement, and sharing your experiences and decisions. 🙂 🙂

    • #35798

      Here’s how:

      There is a small shiny coin cell battery in your computer. It is almost always the 2032 standard. This battery is recharged by your computer but has a life of about 5 to 8 years. This battery keeps constant power to the memory that contains today’s date & time as well as a lot of the features in your system. When it starts to fail, it commonly will start asking you to re-enter the date each time you startup.

      For Notebook PCs it is likely going to be difficult to find the battery and will require a special part, requiring the services of a technician.

      For Desktop computers, this is an easy change:
      1.Unplug the power to your computer
      2.Hold the ON button in for 7 seconds
      3.Lay the computer on its side with the side where the wires are, down
      4.Remove the side panel
      5.Peer in there and you will see a shiny silver battery about 1/2″ in diameter. That’s the battery
      6.Go to just about any store and buy a 2032 coin cell battery. They cost less than $5
      7.Find a very tiny flat bladed screw driver (like one used for your glasses)
      8.Very carefully pry the battery loose. It will pop up so be prepared to catch it.
      9.Press the new battery in with the embossed markings on the up-side facing you.
      10.Close the side panel
      11.Turn it up vertical again
      12.Start up the computer

      Your computer will now need to have the date and time set but only once more — at least for this 5 years. You need to press F2 to get to the place where the date and time is stored. Put in current time and date. Close this the way it tells you to save what you did. You may hear more whirring and chugging while some of the stuff is again set up.

      Once Windows is up and running again
      1.Click once on the time/date in the bottom right corner
      2.Click on Change date and time settings
      3.Click Internet time
      4.Click change settings
      5.Select time.b.nist.gov and click the Update button — this will synchronize the computer clock with the US govt time labs system


    • #35799

      Hi Woody:

      Your original 04-Sep-2016 post states that “If you encounter very slow Windows Update scan speeds on Windows 7 or Vista, I suggest that you use Canadian Tech’s speedup method, posted on the Microsoft Answers forum.”

      The KB3172605 update (July 2016 monthly update rollup for Win 7 SP1 and Windows Server 2008) recommended in Canadian Tech’s thread includes a hotfix for the Win 7 Windows Update Agent, but there is no analogous patch for Vista SP2.

      Vista SP2 users must still use Dalai’s workaround at http://wu.krelay.de/en/, which continues to speed up Windows Update on my 32-bit Vista machine on Patch Tuesdays.

    • #35800

      @Alex My reply was strictly in relation to @PKCano time sync suggestion as potential problem and not addressing your original issue.

    • #35801

      @Alex This raises interesting questions. As you have already commented about my reply in relation to the w32time triggers, it would be interesting to understand if the behaviour of Windows 10 has changed since the Windows 7 implementation. The triggers configuration is in the registry, but it is not easy to be read directly. From a command, run As Administrator
      sc qtriggerinfo w32time

      Next, if the computers are in a Workgroup, maybe you should remove the triggers with

      sc triggerinfo w32time delete

      Check for associated scheduled tasks and disable them.

      Set the time sync with ntp.pool.org and set SpecialPollInterval under NtpClient to 900 decimal (i.e 15 minutes)

      Check if the issue still exists.

      If you are not happy with the configuration which are presented and wish to rollback, run

      w32tm /unregister
      w32tm /register
      w32tm /resync

    • #35802

      @poohsticks “My assumption, from how people here are talking about using the Windows Update Catalog, is that it’s not straightforward to use, but it’s do-able for the interested amateur.”

      Microsoft Catalog is in fact very usable. Some people like to overcomplicate things for emotional reasons like not using Internet Explorer for imaginary perceived security risks. If Active X controls are a real risk when browsing malicious web sites, how is it insecure to browse a Microsoft site with an Active X control created by Microsoft and running only on the Microsoft Catalog site in the default behaviour?
      The other thing to know is that the http access is sometimes broken and the https browsing is far more reliable.

      The real issue is that there is the extra step of selecting, downloading and installing manually. In particular the selection process may be challenging for some users who would be better off by using the mechanism provided by Windows Update.

    • #35803

      Honestly Woody, I’m not sure how you can justify installing Windows 10 at all… It’s as if you’re saying…

      Here’s what I recommend… You take the bust in the chops but forgo the punch to the gut, unless you’re feeling particularly chipper then you might opt for a swift kick in the shorts… but remember only select 2 of the 3 choices and never… blah… blah… blah…

      I just don’t get it…

    • #35804

      @David F,

      Your situation of:

      “…if there’s a troublesome update then you have to halt all updates permanently….
      KB3121461 causes a sfc /scannow failure on my system. …it only seems to affect a small number of systems…. in effect come October I’m faced with the prospect of either not patching ever again, or patching and knowingly accepting that it may permanently break the O/S.”

      Is similar to my situation — there was a Win 7 update about 2 years ago that was important and required, but it broke my system, so I had to uninstall it. I tried again, got the same result. I discovered that there were internet mentions of it as a patch that was seriously problematic for a small % of people. I even wrote a detailed question on the Microsoft support/help site, referencing the other online mentions of the problem, asking what I could do about it, and no one answered my question. I am still offered that patch today as very important, but I don’t feel that I can allow it to be installed because it’s just going to mess my computer up.

      Notwithstanding my tinfoil leanings towards Group C / Pathway T, even if I wanted to be their most compliant customer this side of the Mississip’, due to that messy patch from long ago, I fear that it would not be workable for me to try to be in Group A.

      Nor would I be able to remain in Group B, if, in the future, the non-cumulative, security-only half-rollup that they are planning for the second Tuesday of each month were changed to be cumulative — because it would try to install that problematic patch on my computer.

    • #35805


      The reason I have brought up the idea of unhiding everything on the AskWoody discussions in the last week
      is because of the following comment I made a few days ago about what Nathan Mercer wrote in his Q&A
      (specifically, see the section of his comments that I put between ***stars***):

      “reader question [to Nathan Mercer]:
      “If an update that is included in a Monthly Rollup depends on the prior installation of an earlier single update which I chose to hide (i.e. not install) long before October 2016,
      will I be prompted to install that parrticular earlier update (for example, by Microsoft’s identifying the earlier update by its KB number)?
      Or will Microsoft install the necessary earlier update automatically through Windows Update?
      Or will the attempted installation of the Monthly Rollup just fail without an explanation as to why?”

      Nathan Mercer’s answer:
      “If there are any pre-requisites that are needed to install a monthly rollup we will ensure they are documented in our release notes.
      In general we try to avoid pre-reqs because it causes complexity for you and for us.
      Any update with a pre-req is not applicable in Windows Update until the pre-req is installed.
      ***So if we did pre-req on an update that you had hidden, it would never show as being applicable to you.***”

      I interpret what he wrote to mean that:

      1. The computer owner will have to carefully read the release notes for each month’s Rollups, and cannot rely on any sort of automatic messaging popping up (while he/she is installing a Rollup patch) to warn the computer owner that there are parts of the current rollup patch that are secretly not being installed on this particular machine, simply because this computer is missing a prerequisite update.

      2. If there are any old-style updates that you put in the “hidden” zone prior to October 2016, you can forget about ever being told about the existence of, or being offered, new patches relating to them (i.e., requiring them as a prerequisite) which exist in the monthly Rollup patch collection. Other people will get them, but you will not, and you won’t be warned that you are not getting them.”


    • #35806


      That’s so great that you “want to keep helping those in Group B.”

      You don’t have to do that, it’s not the path that you have chosen for your own computer systems, and it doesn’t (except tangentially) help you hone your expertise regarding your Windows 10 work/writing.

      I am one of many, MANY THOUSANDS of people who are deeply grateful for your help and guidance with Win 7/8 in recent years, and your outstandingly open, prompt, respectful, helpful communication with your readers/followers.

      To everyone — Woody has stated in the past that some ways that folks can contribute towards his work are:
      1. Turn your adblockers off when you visit his articles at InfoWorld.com
      2. Buy his published books about Windows — I think his 2nd edition of _Windows 10 for Dummies_ is out now.
      3. Download and play his son’s game app 2Bee2: https://www.askwoody.com/2016/introducing-2bee2/

    • #35807

      Regarding what Nathan Mercer seemed to say about how they are going to handle previously-hidden updates after they bring in the Rollup Regime in October,
      please see the following comment I made earlier today:

    • #35808


      “…they broke things on YOUR system.

      They break things on about 100 computers worldwide out of millions or tens of millions if not hundreds of millions….

      If you are one of the unlucky 100, then by all means, stop updating until you fix the underlying issues.”

      Ha ha. Yes, it’s my problem that I have not yet *fixed* the underlying issues on my computer regarding how a certain Win 7 important update two years ago gave me (and some other people who commented about it on the internet — I couldn’t say if it affected ten or ten thousand people) the blue screen of death twice, and how Microsoft didn’t answer the reasonable and well-described question I put to them about this problem on their help/support website, therefore making it impossible for me to install that particular update on my computer.

      Beyond my personal leanings towards not trusting Microsoft’s new updates when it comes to my security/privacy & not trusting that they won’t keep making big mistakes with their updates, just as they have continuously done in recent years,
      even if I wanted to accept their new cumulative, make-me-compliant “Monthly Rollup” via Windows Update, I would not be able to, because of that important update from about 2 or 3 years ago which wrecked my machine when I tried to install it and which there is no solution for.

      I paid full price for the hardware, I paid full price for the software, I stood up for this company for years against but-Apple-is-so-much-cooler nitwits, and I should not be expected to “fix” an issue as complicated as this.

    • #35809

      @Louis – I see your points, feel your frustration.

    • #35810

      I think I’m probably going to be in every group from C to Z (since I’m not, at least for now, firmly in either group A or B!) if they represent shutting down updates and going off the beaten path, but what does the “W” stand for in Group W? I don’t think I’ve seen that one described.

    • #35811


      Yu wrote: “Not everyone can afford a Mac. Not everyone is technically capable of the change to Linux. And most need more than a ChromeBook.”

      This is my situation. I spent an entire day last week looking at my alternatives, and I am back to square one.

      That’s what makes this all such a headache and a difficult situation that MS has dumped a lot of good, decent people into.

      Like the banks during the 2008 economic crisis, Microsoft is “too big to …fail…”
      (though I’d put some stronger words in place of the word “fail”!)

      I am dependent on this set of knowledge and this system (not only hardware and software, but historical files, etc.) that I’ve built up over 29 years. Twenty-nine years.

      There is nothing I can realistically move to.

      For the others out there in the same boat, I share your pain. I am really glad that Woody allows us here to discuss our problems and share strategies.

      I appreciate all the varied commenters and their comments here — one might not agree with every thought/attitude, but there is some tremendous learning and help going on here, and I think it’s great. My hat’s off to everyone.

    • #35812


      You asked, “Hey readers… any recommendations for a good version of Linux for beginners?”

      About 2 months ago, there were some really detailed reader comments on that topic within an earlier AskWoody.com discussion thread (Woody’s blogpost that day had not been about Linux, but some of the discussion turned towards the topic of Linus). Sort of an overview of what to look out for, and tips for doing it the easiest way possible.

      You might do a search of this site for some of the search terms like “recommendations”, “linux”, “beginners”.

    • #35813

      Join the Group W branch… er, bench…


    • #35814

      … and let that be the last word….

      I think you’re both very frustrated. For good reason.

    • #35815

      Thank you, thank you.

      2nd edition of “Windows 10 All-In-One For Dummies” isn’t out yet, but it will be shortly.

      2Bee2 players/evangelists MOST welcome!

      I’ll continue to help Group A and Group B (and even Group W) for as long as I can. Nostalgia, eh?

    • #35816

      If Win7 is good enough for you, by all means stick with it – and I’ll help you minimize the tough points.

      I’ve decided that the snooping doesn’t bother me (I use an Android phone, several iPads, a Chromebook and the Chrome browser) so I’ve already thrown in my lot with the snoopers. If you aren’t willing to do that, I certainly understand – and sympathize.

      It isn’t a question of taking one on the chops. It’s a question of understanding what you’re getting into, and making an informed decision.

    • #35817

      And I’m about 90% sure we’re going to see a major re-design of the Catalog, in conjunction with the October update changes.

    • #35818

      Good point – and thanks.

    • #35819

      so many people not remembering Alice.
      There was a NYC FM station that played it every Thanksgiving.

    • #35820

      CentOS (RedHat clone) is good and professional too. A very good trade-off for all requirements.
      However, if finances allow and there is a compelling need to move away from Windows, MacOS remains the gold standard.

    • #35821

      Oh, okay, that’s where “group W” was introduced in the discussions here!
      I am sorry to be dense.
      I do remember now that I had seen a prior link in this thread to Youtube, but being a privacy curmudgeon, I have Youtube ips blocked on my Peerblock, so I don’t click on Youtube links (I just see a blank page if I do).

    • #35822

      Think about our well-known KB2952664 as pre-requisite and KB3035583 (now retired and not regretted) or KB3150513.
      If KB2952664 was never installed, then the other two were never offered.
      What you say and in particular at item 2 is accurate. However, this is not related to any cut-off date like October 2016, as it has always been the case, see my example.

    • #35823


      “I am one of many, MANY THOUSANDS of people who are deeply grateful for your help and guidance with Win 7/8 in recent years, and your outstandingly open, prompt, respectful, helpful communication with your readers/followers.”

      I subscribe to your statement and I would add Windows 10.
      Thank you Woody 🙂

    • #35824

      Mint went operational for me today on a usb
      drive.There is one thing we Windows types
      need which is Mint Essentials…you can get
      a free download of it if you search.It
      explains Mint in “Idiot’s Guide” style
      and every chapter begins with “in Windows
      they call this soandso,in Linux we call it
      this…” .
      Full directions are given on how to get Mint,
      put it on a bootable dvd,or on a
      bootable ‘writeable’ usb drive…you can
      literally be running it in ten minutes
      flat with no harm done to your Windows.
      As always,only thing is getting the printer
      to work but that is coming along.
      At least you will have a lifeboat of sorts and
      given what MS may or could do,it’s well
      worth the time IMO.

    • #35825

      It is rather opt-out than opt-in with that setting. You have to be careful when you click Shut Down.

    • #35826

      You betcha – and thanks to all who participate! The info here on AskWoody is amazing….

    • #35827

      You can block YouTube, but don’t block Arlo.

      Wonder whatever happened to him…

    • #35828

      @CH100: “this is not related to any cut-off date like October 2016”

      But if you (by which I mean, any individual computer user, not you in particular) have individual kb patches hidden prior to October, and then you decide you want to be in Woody’s Group A and that you want Microsoft to bring you into “compliance” and to put your Windows updating on auto-pilot, you are going to expect that Microsoft will be able to see into every nook and cranny of your Windows Update history, the fragmentation, the needs of your machine, etc., and you are not going to realize that your manually having placed some kb patches into the hidden area prior to October will keep Microsoft from offering your computer any patches that become available in the future that would require one of those hidden patches to have been installed as pre-requisites.

      In other words, I interpreted what he said to mean that Microsoft is going to honor your past requests to have certain old-timey kb patches hidden, and they won’t offer you anything relying on/building on those hidden patches in the future, even if your machine really should have them, even under their cumulative, monster “Monthly Rollup” that will level everything in its wake and seek to fill the fragmented gaps.

      Is my interpretation of that incorrect? I have no idea, I’m just trying to interpret what Mercer said.

    • #35829

      Okay, two points make a line, two points make a search! (Type in “Arlo” and “Alice” and you get the answer.)

      ” “Alice’s Restaurant Massacree” is a record by singer-songwriter Arlo Guthrie, released as the title track to his 1967 debut album Alice’s Restaurant. It is notable as a satirical, first-person account of 1960s counterculture, in addition to being a hit song in its own right and an inspiration for the 1969 film, also named Alice’s Restaurant. The song is one of Guthrie’s most prominent works, based on a true incident from his life that began on Thanksgiving Day 1965 with a citation for littering, and ended with the refusal of the U.S. Army to draft him because of his conviction for that crime. The ironic punch line of the story is that, in the words of Guthrie, “I’m sittin’ here on the ***Group W*** bench ’cause you want to know if I’m moral enough to join the Army—burn women, kids, houses and villages—after bein’ a litterbug.” The final part of the song is an encouragement for the listeners to sing along, to resist the draft, and to end war.”

      (Actually you gave me three points, with “Group W”. Well, four, with “bench”.)

      Group W Bench from: https://en.wikipedia.org/wiki/Moral_waiver

      “The Group W bench, a key element of Arlo Guthrie’s 1967 folk song and extended monologue “Alice’s Restaurant”, is a reference to the moral waiver provision — the W stands for “waiver”; he described that key element of the work as a waiting area where he mingled with other potential inductees awaiting consideration under moral waiver. The Guthrie work made the expression “Group W bench” (or occasionally simply “Group W”) a catchphrase for non-conformity. Various websites, an analysis, modeling and research company, and a well established[5] “eclectic boutique”[6] in New Haven, Connecticut, take their names from it.”

      Woody, you wondered whatever happened to him – this appears to be Arlo’s own site. http://www.arlo.net/

      Here is one tidbit from it:
      “In 1991 Arlo purchased the old Trinity Church. It was Thanksgiving 1965 that events took place at the church which inspired Arlo to write the song “Alice’s Restaurant”.
      Named for his parents, The Guthrie Center is a not-for-profit interfaith church foundation dedicated to providing a wide range of local and international services.”

      I was able to find a snippet of of the actual song (accompanying a radio interview of Arlo) that wasn’t batted away by my IP blocking — I do remember the song from hearing it on the radio when I was little in the 70s.
      Seems like a nice interview at:

    • #35830

      @ Woody,

      Would appreciate your take on the following extract from Nathan Mercers’ article:


      Please note that Nathans’ original Sep 1 reply has been edited, and no longer contains the bit about a 3rd Tuesday Release


      September 1, 2016 at 6:52 am

      Nathan, what release schedule will the monthly rollup and security-only patches follow starting in October 2016? Will these updates continue to be released along the existing Patch Tuesday schedule or will they be published on a different schedule?


      Nathan Mercer

      September 1, 2016 at 12:07 pm

      Security-only update will be released on Update Tuesday, the second Tuesday of the month

      Monthly rollups will also be released on Update Tuesday, the second Tuesday of the month.


      Old Dog

      September 3, 2016 at 4:02 am

      Hi Nathan,

      I quote “Monthly rollups will be released on Update Tuesday, the second Tuesday of the month. Additionally, we will also release a new rollup on the third Tuesday of the month, containing only new non-security fixes”

      I don’t recall seeing any prior announcement of a “secondary” rollup.

      Will this additional rollup released on the 3rd Tuesday of each month be subsequently superceded by the following monthly Rollup?

      Thank you for your attention.


      Nathan Mercer

      September 6, 2016 at 8:57 pm

      Monthly Rollup Preview is a new Optional Update available on Windows Update, WSUS and Catalog on the 3rd Tuesday

      3 weeks later on patch Tuesday it releases as Monthly Rollup including the security patches from patch Tuesday. You can preview the new non-security patches before they release in Monthly Rollup.


      Chad West

      September 3, 2016 at 5:02 am

      This 3rd Thursday roll-up. Can you elaborate on it more? Will this contain the same cumulative updates from the 2nd Tuesday minus the security-only updates?


      Nathan Mercer

      September 6, 2016 at 8:52 pm

      Monthly Rollup Preview is a new Optional Update, that will be available on the 3rd Tuesday, that then releases 3 weeks later including the security patches from patch Tuesday, as Monthly rollup.

      Monthly Rollup Preview will be available as an Optional Update on Windows Update, WSUS and Catalog”

      Is there a glimmer of light here? If I can preview just non-security fixes 3 weeks prior to the Monthly Rollup (Security + non-Security), then I will have a list of the patch nos.

      Currently (but sometimes only with workarounds) you can delete patches bundled inside other patches. Does this represent an opportunity to install the months’ non-security patches and then delete/hide some if they cause issues.

      or am I just clutching at straws? Do I cancel my order for a Tinfoil hat?

    • #35831

      A beginner’s question : suppose one makes the switch from Windows to Linux. My assumption is you could read and use your old files. Correct ?

    • #35832

      I think one thing’s glaringly obvious: Microsoft is making this up as they go along. If there’s a cohesive strategy, it certainly hasn’t been articulated.

      Frankly, I don’t have any idea what the $#@! is going on. And I expect that once we see the end result it’ll take Microsoft a month (or two or three) to settle on a new patching regimen.

    • #35833

      So that’s what Arlo’s been up to….

    • #35834

      It wouldn’t surprise me if, eventually, the cumulative updates (which will gradually tack on old patches) will, one day, install even those KBs that have been manually hidden.

      Do I know that for a fact? No.

    • #35835


      Be sure you search for Linux Mint Essentials to get the proper guide… There is another guide titled Mint Essentials that is for Mint financial software only.

    • #35836

      Some files will be accessible. If you have an equivalent program in Linux you will be able to use the files.
      Pictures, music, and videos are a piece of cake.

      For example: You use Adobe Reader to view .PDF files in Windows. There are equivalent programs for Linux to open .PDF files.

      If you have Office and use .DOC, .DOCX, .XLS, .XLSX, .PPT, etc in Windows, You can find an office suite like Libre Office or Open Office for Linux.

      However, if you use Outlook you may have a problem as there may not be an email program in Linux that can deal with Outlook’s .PST files. If you are using Thunderbird, you should have no problem b/c Thunderbird works for both.

      So the problem boils down to finding equivalents.

    • #35837

      As noted by PKCano, many files such as music, pictures, etc. can be opened and used by various software suites which are available with Linux. There is also an application compatibility layer which can be installed with Linux which will allows Windows applications to be run on Linux. This application is called WINE and it essentially stands between programs using Winapi and a POSIX compliant OS such as Linux. In many instances, a windows program will run directly on Linux using the WINE program. It will not work universally but it is worth knowing about when you do your research. MS has spent a lot of time and effort trying to keep developers from porting their programs directly to Linux but that may start to change as the Windows ecosystem frays.

    • #35838

      If your email is set up as IMAP in Windows and in Linux, then whatever is in the IMAP folders will show up in both Windows and Linux. If it’s in a local (non-IMAP) folder in your Windows email program, then the simplest solution is to move it to an IMAP folder. Then, in your Linux email program, you can move it from the IMAP folder to a local folder. By moving it to a local folder in your Linux email program, you will reduce the amount of storage space you are using in your IMAP folders — if you don’t do this, you might max out on space in your IMAP folders.

    • #35839

      So, forgive the repeat of a question that’s probably been asked a million times already: Should I install the security patch 3177725 on 8.1 or not? It’s the only security patch I’ve held back on. Thanks, Woody!

    • #35840

      Thank you, PKCano, Jim and Anonymous. My mail is retrieved locally into Outlook, and my email accounts are set to POP3. How does one move existing mails into an IMAP folder ?

    • #35841

      I would like to give my opinion about the whole nonsense and huge uncertainty about where Microsoft is going.

      First, Nadella has been appointed as CEO. Nothing against the person, but I think he is the guy associated with Bing, the cloud and the likes. Wasn’t Bing supposed to crush Google so bad MS was almost telling people to join Bing as fast as possible before Google wouldn’t exist no more (I caricature a bit, but still)? So this was such a success that he was the logical choice for CEO? Ummmm…

      Ok, a fact now. The capitalization of MS grew 49% since Nadella arrived. This means: he does something that works or there is huge expectations that what he is doing is going to pay off later. Apparently, online services are picking up great.

      So, if you are not happy with what MS is doing, I would say you need to not use any of their services when you can. App store and apps are still in a sorry state so it is not hard to never use them. Gaming might come to Linux using the new Vulkan thing so that should help some people jump ship later. If you really want the latest DirectX for now, you need Windows 10. If not, you could stay with 7 or 8.1 with no updates or security updates only if you don’t believe MS if going to shove down your throat customer experience features disguised as security updates. The real deal is MS Office for professionals. There is no valid substitute for some people. But this might transition more and more to a valid multi-platform online service too. Then Linux gets much more attractive for those users.

      In theory, if you stick with Windows, it is possible to not patch it at all, disable updating and tracking services, then only run alternative softwares. No need to tweak your system again to remove the crap after each MS big update. If you value privacy, you use Firefox for a browser, Thunderbird for emails if you really need an email program and nothing from Microsoft except Office if you have to. Behind a good firewall router, not downloading random new softwares, running the free Microsoft EMET security tool, what is your real risk at home? Security problems are mostly coming from vulnerabilities that needs to be triggered. If you download illegal files or random unknown softwares, then you are definitely at risk, but even on a fully patched system with complete antivirus, you are almost doomed if you do that, as there are a lot of 0 days attacks anyway or new viruses that aren’t caught by security software. The biggest risk is the way you use your computer. Running a patched Firefox 64 (64 so EMET or Windows ASLR works properly) with Flash on ask-to-run and no other plugins on a non patched Windows might not be that big of a security risk for drive-by downloads. If you are scared, run it in a VM or sandbox for an added layer of peace of mind. Security is always brought up by MS when they get out a new system, but in reality, a lot of it is just for marketing purposes. They invent ASLR and put it in Windows, say it is more secure, but they disable it by default so it doesn’t break old softwares. They brag about new great security features, but they are not even available in the Pro version, only in Enterprise. In the XP days, they bragged about the new two-way firewall when a lot of people were running ZoneAlarm, but that was a big joke as nobody would ever take the time to manually configure the two-way firewall that wasn’t even able to tell you clearly on the spot when it blocked something and offer you the option to unblock it. Although in retrospect, ZA approach wasn’t sustainable reasonably anyway due to the proliferation of connected softwares and asking users to authorize new processes all the time makes no sense.

      Even though I respect Woody’s position as a group A person, I am not a member of that camp, nor a member of the non patching camp, so I am a lost sheep. You see Woody, I don’t trust that nobody will ever get their hands on everything that Microsoft records somewhere about me and I don’t like that idea, even though my life isn’t that interesting. The NSA’s set of vulnerabilities they use to spy has just been disclosed by a group of hackers. Is MS that much better than the NSA to protect their assets? I would love to work in the MS environment but I am very uncomfortable with the privacy issues and not knowing what updates they are going to bring, plus the frequency of changes. Changes are generally not great for productivity. They make me loose time analyzing what I need to disable so it doesn’t do things I don’t want or get in the way. I need Office because I do complex work in Excel that LibreOffice is not even close to do in a satisfactory manner.
      I am a dedicated patcher. I couldn’t care less for new Microsoft features, as I try to avoid using them as much as possible, but I don’t like security vulnerabilities, however small the risk might sometimes be. New features makes patching riskier as it introduces complexity and novelty all the time. Also, now that I don’t want to have Cortana, but I am forced to use it if I use Windows 10, I will have to download a third-party search? That is not nice. I don’t use Chrome even though it is a great browser, as Firefox values my privacy above everything. I don’t want to run a non patched system and since I have computer networks and normal users, I can’t rely on them for not screwing up their computer and then unknowingly send virus through vulnerabilities in sharing protocols or tcp stacks.

      But all of you at home, I think it is possible to run a non patched system, tuned a bit to not receive anything new and then try to use the least amount possible of Microsoft things in order for them to get the message that there are people that care for what they did best before: a pretty good OS for doing personal or serious stuff, that doesn’t get in the way of whatever you want to do and help you get things done instead of recording what you type and say that is none of their business. Prediction: this will come out as a subscription-based option for 7$ a month. This might not sound that expensive, but in a world where OS are given for free, out of principle, I would try to put as much people as I can on Linux before starting to pay 7$ a month for the privilege of running my own computer. Ok, maybe for now you folks can get by using only the security patch for Windows 7-8.1 path, but when 2020 arrive and support ends, you might want to consider running unpatched instead of jumping to Windows 10.

      If you don’t do gaming or don’t absolutely need Office, you should maybe really give Linux a try. Web surfing with Firefox, image manipulation with Gimp, listening to audio, this all works fine on Linux. Or just run unpatched Windows 7 if you know you are the kind of person who is already low-risk.

      I think Linus Torvald said recently that using open-source is the only way to reduce the risk of having the undesired effects in proprietary software that will become more and more of an issue. China is doing their own version of Ubuntu. They rightly don’t want Microsoft and their forced updates and you don’t know what is inside the software running in their things because they can’t know what it is doing. The U.S. should also not use Kingsoft Office replacement as the Chinese government finance it and have some parts of code that might go contrary to U.S. interests. Without wearing a tinfoil hat, those are legitimate concerns for every country and their people (as Chinese themselves might wonder if it is such a great idea to only use government-sponsored software).

      A final thought. I know two persons a long time ago that bought a computer with an early Windows XP. 3 years later I see them with completely unpatched systems (they disabled automatic updates). I think it might be a dangerous idea, but since it is gaming machines essentially, the harm might not be that bad if they get infected. Well, their computer were quite old by the days standards after three years, but they looked much faster than a lot of newer computers I saw that were fully patched. The tendency was to bring bloat along security updates at that time. At the end, Windows XP SP3 was certainly not the same light system than the first XP was. Food for thought.

      So, for me, right now will be group B hoping I won’t get a nasty surprise, but I need to prepare for an alternative.

    • #35842

      I’m a recent immigrant to Linux from M$-Windows and couldn’t be happier.

      I read several positive reviews of a Linux distribution called Manjaro. Like many Linux distributions, Manjaro is available with several different desktop environments, with Xfce and KDE Plasma as the primary choices. I played around with both from their “Live USB” mode, to see what each was like.

      For my taste, KDE Plasma was the easy winner. As a long time Windows user, it not only felt comfortable, it was fun! If you can spare 8 minutes, check out this YouTube clip that highlights some nice things about KDE Plasma:


      Note: In the video you’ll see something called KDE Neon. KDE is an international free software community that produces lots of neat stuff. KDE Neon is an in-house project to showcase the KDE Plasma desktop and other KDE applications.

      You can download Manjaro and their nice Beginners Guide from here:



    • #35843

      @Wooody: Yes, it’s very obvious that this is is a potential disaster in the making in many aspects. What a total mess!

      I have a question relevant to the hidden updates. I have no problem in researching and installing those listed (the majority of which were NOT security updates), however I have ONE which MS apparently has had numerous problems with in the past. It appears to be a “driver” for Intel.

      I’ve only had this Win 7, Home Premium (new) since about Feb. 2014, and don’t know when this appeared in the updates. From what I have researched it appears that MS had serious problems with this, and from what little I’ve read about drivers, the instructions are to DL directly from the manufacturer NOT MS updates. This is is listed as follows:

      Intel Corporation – Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 – Intel(R) HD Graphics (92.1 MB). It’s been hidden, “optional”. I do not want to DL & install this one from MS, however do not know how to delete it from the hidden file.

      Looking for “serious help” here, since MS will no doubt attempt to DL & install it if it’s in the hidden file. Thank you for any advice you can provide out of this quandary.
      🙁 🙁

    • #35844


    • #35845

      @Old Dog,

      Thank you for flagging those changes that have been made to what Mercer had already written in his Q&A, and for highlighting the new questions and answers that have been posted recently (including a good question that was asked by you, it appears!)

      After reading the extracts you included in your post, although I am not sure what Mercer was going on about, it does seem to me that basically what he said last week is still what he is saying this week. This is my interpretation:

      There will be 3 different rollups published each month.

      1. My temporary, plain-speaking name for it: the joint & cumulative rollup
      Mercer’s name for it: “Monthly Rollup”
      containing: security patches and non-security patches
      time period covered: is cumulative (having all prior and current security and non-security patches for the operating system in question)
      date issued: 2nd Tuesday of month, which Mercer calls “Update Tuesday”
      availability: in Windows Update, in Update Catalog, in WSUS

      2. My temporary, plain-speaking name for it: the security-only, non-cumulative rollup
      Mercer’s name for it: “Security-only update”
      containing: security patches
      time period covered: includes only the *new* security patches that have been released in the past month
      date issued: 2nd Tuesday of month, which Mercer calls “Update Tuesday”
      availability: in Update Catalog, in WSUS

      3. My temporary, plain-speaking name for it: the non-security-only, non-cumulative rollup
      Mercer’s name for it: “Monthly Rollup Preview”
      containing: non-security patches
      time period covered: includes only the *new* non-security patches that have been released in the past month
      date issued: 3rd Tuesday of month (a date which Mercer doesn’t give a special name to)
      availability: in ***Windows Update***, in Update Catalog, in WSUS
      other information: it is an optional update; after this is released on the 3rd Tuesday of the month, 3 weeks later on the next patch Tuesday (2nd Tuesday of the month), this 3-week-old collection of non-security patches will be combined with the brand-new collection of security patches, and they will be blended in with all of the historical patches into the Monthly Rollup for that patch Tuesday. Mercer’s current reason for their going with this weird arrangement is that “You can preview the new non-security patches before they release in Monthly Rollup.”

      It seems to me that most of his new information fits with, and fleshes out, what he said about the 3 rollups last week,
      except for the part where he said that the one-month’s-worth-only, non-cumulative, non-security, “preview” update that will come out on the 3rd Tuesday will be available IN WINDOWS UPDATE as well as in the more esoteric venues of WSUS and Update Catalog.
      I wonder if he mis-spoke about that.
      To have this “preview” rollup presented in Windows Update seems like it will complicate the average user’s experience of Windows Update, if this little “preview” rollup will be sitting there alongside the official, giant, cumulative, joint Monthly Rollup. Why give the average user (who is reliant on Windows Update) two partially-simultaneous opportunities to download the same patches via two different rollups?

    • #35846

      Items that are hidden are just hidden on your machine – and Microsoft can bring them back any time. I think it’s unlikely that old bad drivers will still be offered in Windows Update, but you can always try unhiding it, running Windows Update, and see if it gets picked up again.

    • #35847

      If you consider yourself to be in “Group A,” go ahead and install it.

    • #35848

      Thanks, Woody. No, I’m definitely a Group B kind of gal, so I’ll avoid 3177725.

    • #35849

      @ poohsticks,

      Thank you for your comments.

      I agree with your points 1 and 2.

      I view point 3 differently.

      For me, the PREVIEW Rollup will contain NEW non-security patches that will be published in the FOLLOWING months’ Monthly Rollup. Hence its’ name – PREVIEW

      MS seem to be giving us a heads-up of what’s coming. If you install early – no problem (that’s the MS take, not mine)- these new patches will anyway be in the following Monthly Rollup (Security & non-Security).

      I would appreciate your take on whether this gives us an opportunity to manage non-security patches. If we have patch numbers in the preview, can we delete them ?

    • #35850

      Good point about the risk that Microsoft itself may get hacked at some point, putting users’ personal information on the black market.

      It my case this has happened with three vendors in the last couple of years, two of which are currently providing free identity theft services. Ask them whether this is tinfoil hat speculation.

    • #35851

      Thanks for posting your take on a number of considerations MS has put on the table regarding patch management and the future od Windows. It is too early for anyone to draw firm conclusions as to what they can or may do in response to all of the forced changes. However, it would seem it is not too early to open one’s mind to the issues that need to be addressed and the viable alternatives that may be on the table. The real tragedy involved with all of this is that most users want a stable and secure open platform OS that they can utilize for whatever their general computing purposes require. MS is attempting to build a walled garden with UWP and the App Store and seems willing to break many things in order to get their way. I am personally not enjoying the ride.

    • #35852

      I agree. It is the same reason a lot of people buy a Camry or an Accord. They don’t care that much about new features, fancy looks, coolness. They want stability, efficiency, reliability above all else and above all not waste time at the garage and changing cars every 2 years. There is a huge market there. Microsoft was the king of it and now they are destroying it to play catch-up with Apple.

      Does it really work? I don’t understand not only there is still faith in this model at Microsoft, but there doesn’t even seem to be a doubt about it or a hint of a compromise to try to serve both markets. If you look at what MS did by copying Apple : the Nokia/Windows Phone, their lame App Store and their apps, nobody can say this works at all. After years the App Store debuted with Windows 8, its content is is still a poor replacement for any desktop app. MS is irrelevant in the phone business. You will do continuum with what? And what about this emphasis on the agumented reality as a productivity tool? Are they kidding us? I don’t see anybody at the office wearing a huge mask while interacting with others, nor putting on and removing their mask all the time to have the privilege of playing Minority Report. This is not business. Where are they going? The only thing that works is the productivity software online, but they didn’t have to break everything to have that going, just entice small businesses to exchange their internal Exchange server for cloud services. No need to force ads for games on them.