Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 3: Lots of caveats, but it’s time to get patched

    Home Forums AskWoody blog MS-DEFCON 3: Lots of caveats, but it’s time to get patched

    This topic contains 250 replies, has 50 voices, and was last updated by  Noel Carboni 8 months, 1 week ago.

    • Author
      Posts
    • #164878 Reply

      woody
      Da Boss

      The January 2018 patches are now history. Thank heavens. I hesitate to say it, but it’s time to take proper precautions, and get the January patches i
      [See the full post at: MS-DEFCON 3: Lots of caveats, but it’s time to get patched]

      11 users thanked author for this post.
    • #164883 Reply

      WildBill
      AskWoody Lounger

      I can hold out until the details arrive in Computerworld. It was almost looking like another skipped month, IMO. Let’s hope the short month of February is uneventful.

      Windows 8.1, 64-bit, Group A... switching to Group B in November!
      Wild Bill Rides Again...

      • #164886 Reply

        Seff
        AskWoody Lounger

        Agreed.

        Let’s hope the full article deals with the different aspects as they may apply e.g. to AMD or Intel users.

        Thanks to Woody in anticipation, and thanks also to those in the team who I’m sure he will have looked to for their thoughts in what I think we can all agree has been a nigh on impossible month to make sense of.

        1 user thanked author for this post.
    • #164881 Reply

      anonymous

      No thanks i’m not going to install these  january patches that patch something that will unlikely ever  i bought a 6700k cpufor performance, i will not allow that to be compromised  for  imo a non-existent threat

      1 user thanked author for this post.
      • #164894 Reply

        woody
        Da Boss

        That’s a perfectly reasonable response, if you’re willing to accept the possibility that some major malware may appear before you get patched. At this point, nobody knows, but there are signs of a lot of effort being devoted to using Meltdown/Spectre vulnerabilities. And the bugs in the January patches are reasonably well know. For February… your guess is a good as mine.

        1 user thanked author for this post.
        • #164899 Reply

          AJNorth
          AskWoody Lounger

          THIRD BASE.

           

          (BTW Boss, is it now time to give up on getting Email notifications via an Outlook.com address?  Tnx.)

          • #164918 Reply

            woody
            Da Boss

            That’s a bug in the AskWoody software. We’re working on it.

            1 user thanked author for this post.
            • #164999 Reply

              AJNorth
              AskWoody Lounger

              Mucho Garcia!

               

              (When in trouble, when in doubt – run in circles, scream and shout.)

        • #164896 Reply

          anonymous

          Wait a minute…..Woody – Are you saying that we don’t have to install January’s Updates if were unsure if it’ll effect our systems somehow? Even for those with Windows 10? We can pull off from January patches and just wait to install the February patches?

          You mean we as users who have Win 7 and 10 can decide what is best for our computers? We don’t have to install January’s patches if we don’t want to due to all the chaos and gooey confusion we’ve faced with this and that?

          • #164919 Reply

            woody
            Da Boss

            As far as I know, the only major problem solved by the January patches is the Equation Editor vulnerability — and I talked about manually disabling that a month ago.

            All of the other patches are speculative, at this point. If you think you’re lucky enough, go ahead and wait for February….

            3 users thanked author for this post.
    • #164890 Reply

      Cousinjack
      AskWoody Lounger

      Skipping, as I’m not sure what the actual performance hit will be on old hardware running 7. Going to get a test rig for linux distros in the next couple of weeks

      • This reply was modified 8 months, 2 weeks ago by  Cousinjack.
    • #164885 Reply

      Rick59
      AskWoody Lounger

      Sometimes I’m not sure what is keeping me safe. I haven’t had any unwanted malware on my computer since Win98 which was my first computer ever (Had lots of fun reinstalling the OS several times as I moved along the learning curve)

      Was it the diligent patching of my machine? Was it my antivirus ? Seems all I get is the odd false positive there. Is it because I use an adblocker? Is it because I use NoScript? Is it because I run everything exposed to the internet in Sandboixe? I also use HitmanProAlert but lately it just seems to complain about Sandboxie from time to time.

      When it comes to patches how much are they contributing to your security ? They won’t talk to you the way an antivirus does.

      Not dissing patches here, just wondering.

      January was a fun month, neither of our machines Win7-32 and Win10-64 would get the security update through WU even though I tweaked AVs, made sure the right registry key was set, ran WU troubleshooter etc. I feel now like I’m resigned to manually downloading the security patches every month. But nor for long because Windows is getting kicked out of our house this year for good………. I’m tired of babysitting Redmond’s junk.

       

       

      3 users thanked author for this post.
    • #164900 Reply

      Microfix
      AskWoody MVP

      Unlike Microsoft’s patch descriptions, your Computerworld article is definative, descriptive and helpful.

      Thanks again Woody!

      Let’s hope that February’s 2018 patches are like February 2017, namely W8.1 🙂

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
        No problem can be solved from the same level of consciousness that created IT - AE
      2 users thanked author for this post.
    • #164902 Reply

      Kirsty
      AskWoody MVP

      One word of caution on Kevin Beaumont’s list of antivirus products’ readiness for the Spectre patches, linked in Woody’s ComputerWorld article – it was last updated January 11th, and isn’t complete (others have since updated).

      3 users thanked author for this post.
    • #164895 Reply

      anonymous

      Say Woody which 1703 updates are safe when it comes to update for windows 10 1703 x64 system? there’s KB4023057 and KB4073543. Then there is update for windows 10 x64 system KB4056254. So I need to know which ones of those I need to install with the others. So which ones are safe to install even among the two 1703 windows 10 update I just told ya? I need to know those are the ones I’m concerned about.

       

      • #164910 Reply

        PKCano
        AskWoody MVP

        See @abbodi86 information on those patches here.

        1 user thanked author for this post.
        • #164917 Reply

          anonymous

          Ahhh~I see these sneaky devils try to install 1709. But yeah I am leaning toward NOT installing January’s Updates just to be safe.

          Besides I don’t need anymore stress right now. I think my Lenovo can do without icky-gooey January patches for the month and get a fresh, clean updates from Feb updates once were at Defcon3.

        • #164921 Reply

          woody
          Da Boss

          I should’ve included that info in the Computerworld article….

          • #164968 Reply

            anonymous

            So is it safe to install the win 10 flash player, cumulative AND monthly malware protector updates and ignore the win 10 1703 and system updates that hide the 1709 force update in some odd way?

            I mean I am fine installing flash, cumulative and monthly malware and that way in a somewhat way my computer is safe and come february-it’ll have new system updates WITH NO HIDDEN 1709 FORCE updates to try to ruin my baby.

            • #164972 Reply

              PKCano
              AskWoody MVP

              Yes.

            • #164976 Reply

              anonymous

              Thank you PK. 🙂 Then I’ll install the flash player, cumulative and monthly malware protector. 🙂 I’ll do it tomorrow morning or tonight before bed. Pheww~THAT LIFTS A WHOLE LOT OFF MY shoulders PK I can’t thank you enough. 😀

               

    • #164897 Reply

      anonymous

      Unsure about performing the patches as I’m not sure on the situation with AMD machines, considering earlier in January the Meltdown/Spectre patches were making it so they could not boot at all.

      Honestly too afraid of the patch bricking my PC by making it unable to boot, I wouldn’t know how to fix that if it happened as I’m not as tech-savvy as other users on here if I had to run a Startup Repair sourced command line.

      • #164926 Reply

        woody
        Da Boss

        I haven’t heard of any AMD-specific problems with the latest patches, except Phenom II machines mentioned in the article.

        • #164942 Reply

          EricEWV
          AskWoody Lounger

          Accidentally clicked the wrong button to reply to you so decided to just go ahead and register.

           

          So my FX-Series should be fine?  If so which patch should I nab since it seems they revised them so many times, or is the AKB2000003 links the most up to date?

          • This reply was modified 8 months, 2 weeks ago by  PKCano.
          • This reply was modified 8 months, 2 weeks ago by  EricEWV.
          • #165033 Reply

            woody
            Da Boss

            If you’re talking about manually installing security-only patches, yep, AKB 2000003 has the latest.

            For most folks, Monthly Rollup should be fine.

            1 user thanked author for this post.
            • #165045 Reply

              EricEWV
              AskWoody Lounger

              Alright, thanks.  And yeah ever since the GWX debacle, when I first discovered the site, I’ve been doing security only.  Running Windows 7 as well, was in a rush so I left out some details earlier lol.  I saw MrBrian’s post about using KB4073578 as the latest security patch, but I’m still uncertain so I may hold off until more info pops up on here for us AMD users.

    • #164905 Reply

      anonymous

      I think I’ll skip January’s patches to be safe for me and my Windows 10 Lenovo Ideapad 320. I mean it’s been weeks, there has been chaos, confusion, re-releases, this and that-So it’s been a huge scare around the net.

      Plus I don’t want to do anything I might regret and have to spend hours fixing the problem and get stressed out. So to save myself and my computer the trouble-I’m gonna skip January’s patches, relax at the Anime convention next week, keep the updates hidden including those of the February and install the February patches when there is the next defcon3.

      I am skipping the January patch after reading the article Woody posted-I don’t want to deal with any gooeyness hidden in any of the updates.

    • #164931 Reply

      PKCano
      AskWoody MVP

      IMPORTANT

      For those of you who have Win10 1703:

      If you find KB4023057, KB4073543, and/or KB4056254 in your January updates, please read @abbodi86 ‘s information on the patches before you install them.

      1 user thanked author for this post.
      • #164957 Reply

        anonymous

        Okay PK-SO we shouldn’t install those updates then if it’ll cause the computer to force upgrade in some way to 1709. Then I SHALL Keep those hidden along with update to 1709 and install the Flash for Win 10, malware update, and cumulative.

      • #164973 Reply

        OscarCP
        AskWoody Lounger

        PKCano:

        Same question, but about Windows 7 (just in case, mine is Pro, SP1, x64; CPU is old Intel I-7 sandy bridge).

        In particular, the safe (maybe, right now) KB numbers for: IE11 cumulative security only; Win 7 security only, and .Net.

        Thanks.

        • This reply was modified 8 months, 2 weeks ago by  OscarCP.
        • #164980 Reply

          PKCano
          AskWoody MVP

          The above patches do not apply to WIn7 – only Win10 1703.

          Please read @MrBrians comments in this thread about the Win7 security-only patches.

    • #164935 Reply

      MrBrian
      AskWoody MVP
      • #165021 Reply

        AJNorth
        AskWoody Lounger

        Interestingly, the Belarc Advisor is showing all the Intel-based machines as being deficient in KB4056897. However, since none of the Windows boxes under my wing utilize AMD, I do not know whether Belarc would recommend KB4073578 for those that do (perhaps someone with an AMD processor can do that experiment and report back to us…).

        1 user thanked author for this post.
      • #165152 Reply

        anonymous

        Mr Brian said:
        KB4073578 can be considered the latest version of the Windows 7 Windows security-only update.

        1) Just to clarify wrt Win 7 … Did you mean the following patching route — ie. for those planning to install Jan 2018’s Security-Only Update ?

        • Win 7 AMD users:  Should install KB 4073578 (instead of KB 4056897)
        • Win 7 Intel users:  Should install KB 4056897 (original patch for both AMD & Intel CPUs)

        Because you also previously said

        Mr Brian  (January 25, 2018 at 8:09 pm):
        I didn’t install KB 4073578 because I don’t have an AMD processor.

        Meanwhile, Microsoft’s KB article (below) indicates that AMD users who got boot-killed by KB 4056897 should install KB 4073578. I suppose Microsoft is assuming that affected AMD users are able to get into command prompt (eg. via OS install/repair disc) & uninstall KB 4056897 first, before installing KB 4073578 in order to get Jan 2018’s security fixes.

        KB 4056897:  https://support.microsoft.com/en-us/help/4056897
        Issue: Microsoft has reports of some customers on a small subset of older AMD processors getting into an unbootable state after installing this KB [4056897]. This issue is resolved in KB 4073578.

        2) There are some (older ?) Intel CPU users who similarly got boot-killed by KB 4056897. So should such users also install the newer KB 4073578, even though the latter patch apparently applies only to AMD CPUs & only contains the fix based on updated AMD microcodes ?

        3) As for KB 4056897 (original patch, meant for Intel CPUs), wasn’t this Security-Only Update created based on flawed microcodes supplied & subsequently withdrawn by Intel ? So by implication, should Intel users avoid installing Jan 2018’s security update KB 4056897 — & thus forgo the rest of security fixes contained within the same (non-cumulative) patch ?

    • #164934 Reply

      anonymous

      All this talk about skipping January updates has me curious.

      If I’m Group B I can’t skip because the “security only” packages are not cumulative, correct?

      Choices & independent thinking aside, the dilemma persists.  Having one more month until the next batch doesn’t seem like it will get me much except some slim hope that something gets revised in the interim.

      Is there a serious warning from woody & crew to avoid skipping the January security only updates?  And what are the known advantages, if any?

       

    • #164937 Reply

      anonymous

      so for win7 b-group user on an old intel processor this months patches are

      Jan 2018 KB 4056897
      Jan 2018 (IE11) KB 4056568

      and a recommended system image backup?

      1 user thanked author for this post.
    • #164943 Reply

      anonymous

      as i don’t have any amd hardware i don’t need amd fixes i assume?

      and on windows 8.1 notebook: how do i find out if i need this 4077561 (release 1/24 for PIC/APIC stop errors)?

      • #164982 Reply

        anonymous

        update to my question: on 8.1 notebook i skipped 4073576 but i installed 4056898 and 4077561. as 4077561 being the latest version, does it include 4073576?

        for office 2010 there are two updates: 4011610, 4011611
        for excel 2010 there is one update: 4011660
        for word 2010 there is one update: 4011659
        for outlook 2010 there is one update: 4011273

        as i read about bugs in january office patches, which ones shoud i NOT install?

        • #164993 Reply

          PKCano
          AskWoody MVP

          Please read @mrbrian ‘s comments about the security-only patches for Win8.1 in this tread.

          Also, Woody;s ComputerWorld article, linked in the main blog, about the Office patches.

          1 user thanked author for this post.
          • #165008 Reply

            anonymous

            as i’m not that good in english i installed all securtiy only patches for win 7: 4056897, 4073578 and ie11 4056568.

            on 8.1 i leave out 4073576, as 4077561 being installed already and if i have right, 4077561 is a replacement update replacing 4056898 and 4073576. so 4073576 seems to be needless after 4077561 being installed already. if i have not read right… well, as i said, my english is not that good…

            i also installed all office patches, malware removal tool and on 8.1 flash update.
            i don’t have xp and i haven’t read anthing else regarding office 2010 patches…

            of course NO optionals have been installed, also nothing .net related (optional).

            • #165016 Reply

              anonymous

              after installing office updates, now there is .net security quality rollup availabe.
              but as author of this article is not sure about .net, i will NOT install it unless anyone of you tells me to do so…

            • #165017 Reply

              anonymous

              i forgot to mention: “important”, this new .net rollup is “important”.

            • #165020 Reply

              PKCano
              AskWoody MVP

              Please read Woody’s advice on .NET patches in the ComputerWorld article linked in the main bolg.

            • #165022 Reply

              anonymous

              okay, installing .net security quality rollup marked as “important”. i still do NOT install optional .net framework…

    • #164953 Reply

      amraybt
      AskWoody Lounger

      I’m still fairly confused on where things stand for 7 and 8.1 (Group B).

      On 7 we have:

      • KB4056897 (main security-only update)
      • KB4073578 (fix for AMD systems)

      Apparently KB4073578 can be considered a “replacement” or newer version of KB4056897. Does one need to only install that regardless of whether the system is Intel/AMD, or should we stick to KB4056897 for Intel and KB4073578 for AMD?

      On 8.1 we have:

      • KB4056898 (main security-only update)
      • KB4073576 (fix for AMD systems that may be considered replacement update)
      • KB4077561 (fix for PIC/APIC stop errors)

      Same question applies to these updates regarding which ones to install. I don’t really know about the “PIC/APIC stop errors” – is it safer to install that update since it’s the latest one, or should we only install that if we know we need it (I don’t know if I am using PIC/APIC controllers or if I can determine if that applies to me)?

      For example, here abbodi86 and MrBrian seem to agree that on 8.1 KB4077561 is what people should install, though it’s not clear if that’s just for Intel systems for all. The catalog also lists KB4077561 as a replacement for KB4073576, but there is no mention of a replacement for KB4056898.

      We may need to amend the AKB listing for Group B updates to clarify which ones users should prioritize, depending on their situation/hardware. Microsoft hasn’t done a very good job clarifying the situation. :/

      -- Group B through Dec 2017, currently Group W --
      Win 7 Pro x64 desktop (Haswell CPU, AMD GPU)
      Win 8.1 Home/Basic x64 laptop (Haswell CPU, Nvidia GPU)

      • This reply was modified 8 months, 2 weeks ago by  amraybt.
      • This reply was modified 8 months, 2 weeks ago by  amraybt.
      • #164960 Reply

        PKCano
        AskWoody MVP

        Read #164935

        It says very clearly the answer to your question.

        1 user thanked author for this post.
        • #164979 Reply

          amraybt
          AskWoody Lounger

          I have read that post and linked it above but wanted to be sure if ALL users (regardless of Intel or AMD) should install those latest updates specified by MrBrian (EDIT – he confirmed  this below). If someone directly follows the links to AKB2000003 (Group B updates) from Woody’s article they may be confused at which update to install, which is why I thought it may helpful to add some comments or notes to clarify.

          But I’m still confused as to why Microsoft didn’t re-release the original security-only patches as new versions, if the newer updates containing fixes for AMD unbootable issues (7 and 8.1) and PIC/APIC stop errors (8.1 only) are essentially replacement updates. Was that so they wouldn’t have to release hotfix patches for users who already installed the first security-only updates (KB4056897, KB4056989) as well as newer versions of those updates?

          It seems that unless someone already installed KB4056897 (Win 7) and  KB4056898 & KB4073576 (Win 8.1) before the newer patches, they should ignore those completely.

          So unless I’m mistaken EVERYBODY in Group B regardless of hardware should do as follows:

          For 7,

          • KB4073578 (released 1/12 for unbootable state AMD)
          • KB4056568 (Jan 2018 IE cumulative update)

          For 8,

          • KB4077561 (release 1/24 for PIC/APIC stop errors)
          • KB4056568 (Jan 2018 IE cumulative update)

          Of course before installing updates everyone needs to verify they have the registry key set by their antivirus.

          —–

          I do see one more point of confusion – in the support article for KB4056898 (original 8.1 security-only update), there is mention of a completely different issue:

          When calling CoInitializeSecurity, the call fails if passing RPC_C_IMP_LEVEL_NONE under certain conditions.

          When calling CoInitializeSecurity, the call may fail if passing RPC_C_AUTHN_LEVEL_NONE as the authentication level. The error message that’s returned on the failure is: STATUS_BAD_IMPERSONATION_LEVEL.

          This issue is resolved in KB4057401.

          KB4057401 is the monthly rollup preview. The support articles for KB4073576 and KB4077561 do not mention the above quoted issue, however. I can’t tell if those newer security-only updates resolve the “CoInitializeSecurity” issue or MS just forgot to list it.

          -- Group B through Dec 2017, currently Group W --
          Win 7 Pro x64 desktop (Haswell CPU, AMD GPU)
          Win 8.1 Home/Basic x64 laptop (Haswell CPU, Nvidia GPU)

          • This reply was modified 8 months, 2 weeks ago by  amraybt.
      • #164967 Reply

        MrBrian
        AskWoody MVP

        It’s probably ok for everybody in Group B to use KB4073578 as your January 2018 Windows security-only update for Windows 7, and KB4077561 as your January 2018 Windows security-only update for Windows 8.1. Caveat #1: These updates have the Spectre/Meltdown fixes, so even these updates have the potential for serious compatibility issues with your antivirus software. Caveat #2, as is always the case with any update, it’s an open question if there are problems with these newer updates that the older updates don’t have.

        6 users thanked author for this post.
        • #164984 Reply

          amraybt
          AskWoody Lounger

          Thanks for confirming.

          Understood on caveat #1. I use Defender + Malwarebytes (free) on both 7 and 8.1 but have been considering using something besides Defender for real-time protection on 8.1 (as we know Defender on 7 does not provide real-time protection so I could use Microsoft Security Essentials or something else). Hopefully there are no major issues between the January 2018 Meltdown patches and antivirus programs going forward…

          Regarding caveat #2, also understood. I may still wait a couple more weeks before I move ahead with the patches. I suppose we’ll have to see what happens with the February updates…

          —–

          On another note my will to remain on Group B is starting to break. I haven’t been hiding any updates in WU (other than the unwanted telemetry/snooping patches), and in the unlikely case I did make the jump to Group A I can’t imagine how messy that would be (or maybe it’d be relatively painless). This past month has felt like a torture test for Group B. The .NET patches are another mess altogether, and I have to confess I’ve been neglecting those.

          -- Group B through Dec 2017, currently Group W --
          Win 7 Pro x64 desktop (Haswell CPU, AMD GPU)
          Win 8.1 Home/Basic x64 laptop (Haswell CPU, Nvidia GPU)

          • This reply was modified 8 months, 2 weeks ago by  amraybt.
          • This reply was modified 8 months, 2 weeks ago by  amraybt.
          1 user thanked author for this post.
          • #165243 Reply

            The Surfing Pensioner
            AskWoody Lounger

            Torture test? I can’t say I’ve been inconvenienced at all, largely thanks to the excellent advice I’ve picked up on this site. Just slightly mazed at the angst expressed by so many. But I do hide everything I don’t want to install – I understand from MrBrian that’s the only way forward if you’re in Group B – so my WU is very tidy. Rather a lot got hidden, this month.

            3 users thanked author for this post.
    • #164958 Reply

      MrBrian
      AskWoody MVP

      For Windows 7 and 8.1 users: If you’re in Group A, Windows Update might not offer you otherwise-applicable January 2018 updates for three reasons that have been mentioned already in other topics: antivirus compatibility, AMD processor issue, and PIC/APIC interrupt controller issue (Windows 8.1 only).

      If you’re in Group B, you don’t have the Windows Update-provided update blacklisting for those three issues that Group A users have. Even if you install the latest January 2018 Windows security-only update replacements (KB4077561 for Windows 8.1, KB4073578 for Windows 7), you still may experience the antivirus compatibility issue, and this is also true for any future Windows security-only updates that include the Meltdown/Spectre fixes.

      • This reply was modified 8 months, 2 weeks ago by  MrBrian.
      6 users thanked author for this post.
    • #164955 Reply

      anonymous

      ANY CHANCE OF MACS IN YOUR FLEET, CAPTAIN WOODY?!

      Ahoy Captain Woody!
      Many thanks for keeping my beloved “Toshy” Win7 laptop safe for so long.
      Happily harboured now offline for good and still going strong on Office 2007.

      His replacement?
      A classic MacBook Pro 2012 running El Capitan.
      Office For Mac 2016 must have a “Special Team”!
      Updates so far so good.
      Mac OS Security Updates the same except…
      Meltdown and Spectre!
      Similar issues with Intel-based “fixes” on Macs too despite the usual Apple denial.

      I still regularly check your excellent posts here and on Computer World and re-interpret them for Mac as best I can.
      Your Pro Tips are great!
      Especially on holding off on firmware and software security updates for Meltdown and Spectre that are useless or unnecessary.

      So how about “Ask Woody On Macs”?
      Bring light To The Dark Side Too, Captain!

      Cheers!
      Sainty
      ??⛵️??

      • #165035 Reply

        woody
        Da Boss

        My brain is totally wiped out just dealing with Windows!

        If somebody would like to start issuing Mac/iOS patching recommendations, I’d be happy to host them. But for me, there ain’t enough hours in the day….

        • #165039 Reply

          PKCano
          AskWoody MVP

          Believe me, Mac patching is not stressful.
          I’ve never had a BSOD or failure to operate correctly afterward.

          I can only watch the chaos that is Windows!!!

          2 users thanked author for this post.
          • #165250 Reply

            Ascaris
            AskWoody MVP

            Apple still believes in silly, outmoded concepts like testing patches before shipping them to the customers, presumably.

            Group L (Linux): KDE Neon User Edition 5.14.1 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

            1 user thanked author for this post.
    • #164964 Reply

      Seff
      AskWoody Lounger

      I’m a tad confused on the AMD issue.

      Woody, you mention above that you’re only aware of AMD issues now with Phenom II machines as mentioned in the article, but that article only mentions them in the context of a specific Windows 10 update. I wasn’t under the impression that the AMD issue was only specific to Windows 10, so is that in fact the case or else what do those of us with Phenom II machines running Windows 7 do?

      I’ve thus far only installed (an hour ago) the MSRT and KB4056894 (monthly rollup) on my Intel Windows 7 machine (which has an AMD Radeon graphics card) – so far so good. The plan is to leave it for a day or two before installing the .Net Framework update if all is well, and then the Office 2010 updates if all is well thereafter. Only after that will I consider what to do with my other Windows 7 machine which has an AMD Phenom II processor (and Nvidia graphics card).

      • #165036 Reply

        woody
        Da Boss

        I believe the outstanding AMD problems have been solved. The only current problem I see is the one mentioned in the article.

        1 user thanked author for this post.
    • #164965 Reply

      anonymous

      I think I’m going to skip as well for win10 1607, both mine and my parents’, until tis time for installing February patches or if an imminent threat appears, whichever one comes first…thanks Woody and the gang here, as always!

    • #164985 Reply

      WildBill
      AskWoody Lounger

      Being in Windows 8.1 Group A (more or less), I’m downloading KB4077561 1st to fix the PIC/APIC bug. Then applying the Rollups for Win 8.1, .NET Framework, Flash Security Update (even though I’ve turned off Flash), & the MSRT (Malicious Software Removal Tool). Along with those, the .NET Framework for 4.7.1 (KB4033369). Though I don’t use Skype, thinking of applying the Skype for Desktop 7.3 update (KB2876229) to get caught up. Also applying Office updates for January.

      Don’t need to download the .NET Framework WPF fixit tool (KB4074906), since that’s for Win 7 SP1 & Windows Server 2008 R2 SP1. Not downloading KB4078130, since haven’t applied Intel microcode that the KB bypasses for Spectre 2; my processor is Ivy Bridge [Pentium 2020M], which Intel says isn’t affected by Spectre 2. I never apply KB2976978 (“compatibility update” unless I finally upgrade to Win 10), KB3080149 (Telemetry), & KB4023307 (Silverlight). Before all that…

      I will update Windows Defender, remove Win32/Spectre.A with it, run a full scan to make sure I’m clean, then get Macrum Reflect Free & do a full image backup.

      Windows 8.1, 64-bit, Group A... switching to Group B in November!
      Wild Bill Rides Again...

      1 user thanked author for this post.
    • #164986 Reply

      twbartender
      AskWoody Lounger

      I’m also a little confused about installing (security only) KB4056897 or KB4073578. According to the Microsoft Support Page for KB4073578, this update is not a replacement for a previous released update. As stated in the article under, “Update Replacement information”. The article was last updated on Jan 19, 2018

      1 user thanked author for this post.
    • #164992 Reply

      NoLoki
      AskWoody Lounger

      I have an AMD64, Athlon X2. I just now installed KB4073578, W7/64.

      I am Group B. I use MSE and MBAM 3, both were current before I started the MSI installer.
      – I stayed offline for the update.

      It took a lot longer doing the system configuration than most updates, however that might be because it is a kernel update. Once the first round of configuration updates completed, I got the screen indicating that Windows was starting, then it started a second round of configuration. It took a while, but it completed successfully and I got the login screen. Trusted installer ran for about 40 minutes after that, then it completed.

      I was concerned as the disk was thrashing and the system was at 100% most of the time – MSE and MBAM kept diving in while trusted installer tried to finish, after the system restart.

      The system up and running just fine. No slowdown. As a test, I shut down completely and rebooted.
      – All is well and the system is now supposedly protected from meltdown.

      7 users thanked author for this post.
    • #164997 Reply

      FakeNinja
      AskWoody Lounger

      What about the slowdowns? I really want to know if there’s a difference, especially now that Microsoft claims that “Windows 7/8.1 users will probably get the biggest slowdown” and given that the patch is hard to uninstall. Are there any good third party tests on this yet?

      4 users thanked author for this post.
      • #165013 Reply

        Cascadian
        AskWoody Lounger

        I have wondered if we are experiencing a First-party test right here on AskWoody. There are many variables involved in the repairs to a live environment, coinciding with updates applied, coinciding with massive public interaction on MSDefcon change day.

        But while others had noted slowdown previously, I did not until today. And it is significant. All good things are truly worth waiting for.

      • #165037 Reply

        woody
        Da Boss

        Good question.

        I’m not aware of any noticeable slowdowns with any of the latest patches. Of course, that’s based on personal machines. If you’re running an overloaded server, your mileage may well differ.

        1 user thanked author for this post.
    • #165004 Reply

      Microfix
      AskWoody MVP

      So, those not inclined not to trust January Patchmess in Group A could theoretically skip and wait for February patches meanwhile Group B have to patch regardless.

      Are cracks in the patching framework are starting to appear?

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
        No problem can be solved from the same level of consciousness that created IT - AE
      • #165010 Reply

        PKCano
        AskWoody MVP

        The problems surrounding Group B have only been getting more complicated for a while.

        2 users thanked author for this post.
      • #165089 Reply

        The Surfing Pensioner
        AskWoody Lounger

        That depends on how you look at it. Those in Group A will inevitably be blessed with January Patchmess in February anyway (monthly rollups are cumulative). Those in Group B can choose whether to patch now, or take their chances risking a Spectre/Meltdown infection just a little longer. It’s horses for courses, I guess.

    • #165009 Reply

      Cascadian
      AskWoody Lounger

      Offering additional thanks on your writing style Woody. The complex can be made simple after all. I too was considering just letting JAN2018 go by without installing, then allowing FEB GroupA to do all the work. Decided to trust the Yellow3 you give, because of the doubt involved with predicting the future.

      And thanks for the heads up you give NoLoki. My AV and chosen method does not match yours. But I think the differences will not prevent a similar delay. Your post allows me to relax when the same happens here.

      Thanks to all involved, for the extra work this winter. Truly appreciated.

    • #165025 Reply

      dgreen
      AskWoody Lounger

      I am group A.
      Is it safe to do the Group A January rollup patch via my windows update, or do I just sit tight?
      I have never done a system image or a backup.  I have no idea of how to even go about it.

      I have Microsoft Security Essentials
      I use Chrome browser that was just updated to Version 64.

      Dell Inspiron 660 (purchased in 2013) just replaced hard drive in November 2017 and had Windows 7 reloaded.
      Windows 7 Home Premium 64 bit SP 1
      Server 2008 R2 x64
      Processor:  Intel i3-3240 (ivy bridge 3rd generation)
      chipset Intel (R) 7 series/C216
      chipset family SATA AHCI Controller -1 E02
      After new hard drive installed went to Group A

       

      I’m a bit nervous about applying January’s patch.

       

      • This reply was modified 8 months, 2 weeks ago by  dgreen.
      • #165029 Reply

        PKCano
        AskWoody MVP

        I installed the Rollup and the MSRT without any problem

        2 users thanked author for this post.
    • #165028 Reply

      anonymous

      For Group B advocates with Windows 7 concerned about which of the January security-only updates to apply, take a look at this site:

      https://www.sevenforums.com/news/412466-kb4073578-update-fix-unbootable-state-amd-devices-windows-7-a.html

      Basically, it is recommended there that you install KB 4056897 and KB 4073538 BUT ONLY restart your computer AFTER both updates have been installed. Do not restart after the first update, but only after both are installed. Apparently, this way the potential boot problem with 4056897 gets corrected before it happens.

      3 users thanked author for this post.
      • #165052 Reply

        OscarCP
        AskWoody Lounger

        I would like to point out that the recommendation there is three weeks old.

        MrBrian, today (see #16497)  recommends everyone with Windows 7  (Intel or AMD CPU)  installs KB4073578.

        2 users thanked author for this post.
        • #165057 Reply

          Seff
          AskWoody Lounger

          That appears to be an incorrect comment number, could you please clarify the thread it relates to? Is it the one in which MrBrian recommends that Windows 7 Group B users install KB4073578 as a replacement to the original January update? Microsoft say it isn’t a replacement for any other update. I’ve also seen it recommended that both updates are installed, and yet KB4073578 isn’t offered through WU to Group A users anyway. I think some clarification is needed here, not least for Group A Windows 7 AMD users whose current position is both precarious and unclear in my view – especially given that Woody’s article only lists an AMD Phenom II issue in relation to a specific version/update of Windows 10.

           

          • This reply was modified 8 months, 2 weeks ago by  Seff.
          1 user thanked author for this post.
          • #165285 Reply

            abbodi86
            AskWoody MVP

            Group B should install KB4073578 only
            Group A should install KB4057400 (preview rollup)

            Microsoft general rule on metadata level is that non-security update do not replace security update, per se
            but KB4073578 do contain and replace security-only components

            3 users thanked author for this post.
    • #165054 Reply

      OscarCP
      AskWoody Lounger

      OK: So far I seem to get the idea that two (maybe) safe patch versions, for my Windows 7, x64, CPU Intel sandy bridge, are Windows Security Only and E11 Cumulative Security  number KB4073578 and KB4056568, respectively.

      But what is(are) the KB(s) of the NET update(s) that is(are) OK to install now (assuming there are any (maybe) safe ones already)?

      To anyone who knows the answer and lets me know what it is: Thanks!

      • This reply was modified 8 months, 2 weeks ago by  OscarCP.
      1 user thanked author for this post.
      • #165063 Reply

        PKCano
        AskWoody MVP

        Woody’s ComputerWorld article has information on .NET

        • #165070 Reply

          OscarCP
          AskWoody Lounger

          Not quite: a link there to another site that seems to have a link to the actual MS update, but then, on going there, I find myself in a site in what could be Arabic, so I get out of there. Then further searches get me to a MS English page for the update but with no “download” link on it. Instead, there is a recommendation to turn on Automatic Updates. Which means that then everything else out there will rush in and get installed as well.

          So, given this entirely unfortunate situation, I am holding off installing anything with .net in it. And probably everyone else should follow suit, to be safe.

           

          • This reply was modified 8 months, 2 weeks ago by  OscarCP.
      • #165064 Reply

        Seff
        AskWoody Lounger

        I’ve no idea whether it’s safe to install, I haven’t tried yet on my Windows 7 machines, but the .Net Framework update I’m being offered as an Important update is KB405532. I’ve hidden KB4033342 which is an Optional update relating to .Net Framework 4.71 which I neither have nor want. I’ve also hidden the Optional  .Net Framework Preview KB4057270. These updates do tend to vary, however, according to which versions of .Net Framework you have installed, so “your mileage may vary” as they say!

    • #165062 Reply

      FakeNinja
      AskWoody Lounger

      I made performance tests before and after the update if anyone is interested.

      https://www.askwoody.com/forums/topic/decrease-in-performance-after-meltdown-patch/

      1 user thanked author for this post.
      • #165086 Reply

        bobcat5536
        AskWoody Lounger

        Performance test down here too and if you get the new beta 5.23.5 release of Sandboxie, it works.

        https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114

        1 user thanked author for this post.
      • #165083 Reply

        anonymous

        Same here, peformance decrease and Sandboxie borked. Was this Meltdown patch part of the monthly rollup update ? If so, I think I just joined group W.

        • #165100 Reply

          bobcat5536
          AskWoody Lounger

          My performance was slightly down and I install new beta version of Sandboxie and it fixed that.

    • #165073 Reply

      bobcat5536
      AskWoody Lounger

      Two Questions. One, after reading various post about KB4033342 on Win 7 x64, should we install the .NET offline installer or just hide it and forget about it?

      Two, Win 10 Pro 1703. I’m using wushowhide and feature updates delayed set to 365 and pause updates set to 35 days. As soon as I uncheck pause updates, it downloads and installs. Where do I get to pick and chose what to install and not install ? It installed both KB4023057 and KB4056254 as soon as I uncheck pause updates and I had no choice. None of the updates showed up in wushowhide when I ran it before updating.

    • #165079 Reply

      Purg2
      AskWoody Lounger

      “Unholy mess.”  This makes me want to forego 4055266.  There’s no real pressing issue for me.  Others might have the need, to each their own.

      Win 8.1 Group B, Linux Dabbler

    • #165081 Reply

      anonymous

      @OscarCP you should install KB4056897 it’s a security only update; KB4073578 it is not and it’s for AMD devices

      for me  KB 4056897 and  KB 4056568 both installed Group B

    • #165085 Reply

      David F
      AskWoody Lounger

      Group B Win 7 64 bit

      Seems okay so far (touch wood) and SFC /Scannow is clean, so hopefully Nadella’s Noobs haven’t broken anything critical.

      Why is patching starting to feel like the Apollo 13 mission, flying round the dark side of the moon?

      1 user thanked author for this post.
    • #165076 Reply

      anonymous

      Win7 Pro x64 on Zbook 17 Workstation. FWIW, Looked up and installed the January Security Only .Net patches for versions onboard. Do not have nor plan to install 4.7. (Wish those .Net Security Only KB’s could be listed for Group B!) Did a full image and file backup as recommended prior. KB4054176, etc.

      Then installed Security Only, IE11 KB4056568; then installed KB4056897 separately; no AMD on this machine. Touch wood, everything still working. No clue about speed after patching. Seems unchanged but likely won’t know until I use DxO Pro 9 for photo/RAW image development which is processor-intensive. Will watch this site for more expert feedback! 😉

      Have Office 2010 Home & Student on here. Will turn on WU tomorrow and hide the rollups. Will be offered Office updates I expect. Install those or ignore any???

      Thanks!

      3 users thanked author for this post.
    • #165084 Reply

      anonymous

      My computer is Windows 7 Home Premium 64-bit SP1
      AMD FX-6300 Six Core Processor, 4.0GB Ram, ATI Radeon 3000 Graphics.

      I installed KB4056894 January 5 and have had no problems but I have hidden KB405532 which is listed as important and KB4033342 is listed as Recommended. I don’t need any problems, I know just enough techie stuff to get into a lot of trouble. Should I install or chicken out?

    • #165087 Reply

      anonymous

      What about the Intel Management Engine flaw?  I believe this is different than Meltdown et al, but has been overshadowed since the news in late November.  Should the home user patch this or let it be?

      https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

      • #165104 Reply

        anonymous

        Is your machine VPro? There will be a sticker probably. If so, use the patch from your OEM. Did it on mine but IMO if yours isn’t VPro, you have less to worry about.

        • #165122 Reply

          anonymous

          Sorry, didn’t read your link first. There IS a serious IME VPro vulnerability. Your link though references the WPA2 patch. If your OEM has one as mine did, yes, probably worthwhile. Not a techie myself but assume your router needs a patch too. For that, ask your ISP and/or your router OEM.

    • #165112 Reply

      geekdom
      AskWoody Lounger

      Plugged the holes.

      Making backups.

      Always keep a rescue disk and a system image.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
    • #165116 Reply

      geekdom
      AskWoody Lounger

      (When in trouble, when in doubt – run in circles, scream and shout.)

      “Stand-in-place panic.”

      –Patrick McManus

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      2 users thanked author for this post.
    • #165117 Reply

      bobcat5536
      AskWoody Lounger

      I have a couple of duplicate replies as it is taking a while for them to post. Don’t know if this is related to the latest updates or not.

      • #165119 Reply

        Kirsty
        AskWoody MVP

        You were caught in the sp*m filter – reposting just causes us more work, in this case (not always…) 😉

        1 user thanked author for this post.
    • #165120 Reply

      b
      AskWoody Lounger

      As you go through the steps, keep in mind that Microsoft, uh, forgot to honor the “Current Branch for Business” setting —

      That was for a few weeks three months ago. Version 1709 has been “Current Branch for Business” (Semi-Annual Channel) for three weeks now.

    • #165125 Reply

      samak
      AskWoody Lounger

      “ProTip #3. Make a full system image backup before you install the January patches.
      This month more than ever, there’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can re-install even if your machine refuses to boot.”

      How do you restore a system image (e.g. Macrium) if your machine won’t boot?

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      • #165127 Reply

        PKCano
        AskWoody MVP

        You use the Macrium (or whatever image software you use) Rescue CD/USB. You did make it when you installed the software, didn’t you?

        1 user thanked author for this post.
        • #165131 Reply

          samak
          AskWoody Lounger

          Thanks. Yes, I did make a rescue USB. I just interpreted the “refuses to boot” phrase to mean that there was a possibility that you wouldn’t be able to boot to the USB either.

          W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

          • #165316 Reply

            geekdom
            AskWoody Lounger

            This is a parenthetical comment to the backup advice:

            • Make sure you make backups on a consistent basis — the whole banana including system images.
            • Make sure you have a rescue disk — that is, a separate disk that will boot your computer if your computer hurls.
            • Keep your rescue disk and backups accessible. Know where they are.
            • Make sure you know how to use your backups. Someday you will have a computer emergency: your computer will hurl. Really. Guaranteed. Your backups will do you no good at all if you can’t find them and don’t know how to use them.

            With the current software updates, it’s much more likely that you will need backups. Act now and avoid panic.

             

            Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
            4 users thanked author for this post.
    • #165128 Reply

      anonymous

      ? says:

      KB4056897 works for an old Pentium 3.06 HT, no problem…

      KB4056897 does not work for a first gen K8 AMD AthlonX2. locked up solid on re-boot. got out Windows 7 Repair Disk and did: DISM /image:D:\ /cleanup-image /revertpendingactions, reboot back into Windows desktop and run KB4073578. reboot to desktop

      so much for January “updates!”

      • #165130 Reply

        PKCano
        AskWoody MVP

        @mrbrian recommended to use KB4073578 as the Security-only update for Win7

        • #165132 Reply

          anonymous

          ? says:

          Thank you, PKCano! i guess i get bleary-eyed at this late stage of windows 7 monthly updates.

           

    • #165133 Reply

      PKCano
      AskWoody MVP

      I see a lot of confusion. I am going to share what I have done personally with my machines. All mine are Intel based.

      As a prelim:
      1. Update your Anti-virus to the latest version of the PROGRAM. Check to be sure the ALLOW Regkey is set.
      2. Verify whether your CPU is Intel or AMD.
      3. Backup your computer!!!!!
      4. Rule: DO NOT CHECK ANYTHING THAT IS NOT CHECKED BY DEFAULT

      The following are only my choices. Make the choices as applies to your case.

      Win7.
      I installed KB4056894 Monthly Rollup. If you have AMD and you feel unsure, download KB4073578 and install it manually first then the Rollup. See AKB2000003. EDIT: See @abbodi86 ‘s comment at #165285. Normally it is not recommended to install unchecked Preview patches, but in this case KB4057400 Preview probably contains the AMD fixes found in KB4073578.
      I installed MSRT
      I installed all the Office 2010 updates
      I have .NET 4.7 on all machines. I did not install .NET 4.7.1 (unchecked).
      My choice for .NET has always been the Rollups offered by WU.
      For Group B – follow @mrbrian ‘s instructions.

      Win8.1
      I installed KB4056895 Monthly Rollup. If you have AMD and you feel unsure, download KB4073576 and install it manually first then the Rollup. I suspect the PIC/APIC problem will be fixed in the Feb Rollup. See AKB2000003. EDIT: See @abbodi86 ‘s comment at #165285. Normally it is not recommended to install unchecked Preview patches, but in this case KB4057401 Preview probably contains the fixes found in KB4073576 and KB4077561.
      I installed the IE Flash update
      I installed MSRT
      I installed all the Office 2010 updates
      I have .NET 4.7 on all machines. I did not install .NET 4.7.1 (unchecked).
      My choice for .NET has always been the Rollups offered by WU.
      For Group B – follow @mrbrian ‘s instructions.

      Win10 1703
      Using wushowhide I hid KB4023057, KB4073543, and KB4056254
      I installed CU KB4057144 Build 15063.877
      I installed all the other non-driver patches.

      Win10 1709
      I have KB4056892 Build 16299.192 installed.
      I was not offered KB4058258 Build 16299.214 through WU and I did not try to manually install it. It seems to have an installation problem as noted here.

      EDIT 1/6/18 to add @abbodi86 ‘s comments

      9 users thanked author for this post.
      • #165141 Reply

        bobcat5536
        AskWoody Lounger

        Quick question.  Windows 10 1703  I run wushowhide on a regular basis and have never had it bring up a KB update. I get plenty of driver, printer and other stuff. I’m wondering if I’m not running something right. I always check the advanced box first and uncheck the fix option, but have never seen any KB’s.

        • #165268 Reply

          PKCano
          AskWoody MVP

          They showed up on mine.

          Sometimes it is best before updating to run Disk Cleanup\Cleanup System Files and cleanup Windows Update points before you start, reboot, then run wushowhide immediately after startup.

          2 users thanked author for this post.
    • #165139 Reply

      pulsar
      AskWoody Lounger

      Non-technie user here so I really appreciate all the guidance and advice from Woody, PK and everyone on here!  I recall reading about a rebooting problem for Win  7, 64-bit machines with Haswell processors (which I have) after application of the January patches.  Has this issue been resolved?

      • #165142 Reply

        PKCano
        AskWoody MVP

        I think most of the problems with the Intel processors were associated with the microcode firmware updates from Intel that were then dispensed by the OEM’s.

        The boot problems with the Jan patches were mostly concerning machines with AMD processors and some AMD Radeon graphics cards

        1 user thanked author for this post.
    • #165143 Reply

      Noel Carboni
      AskWoody MVP

      Woody, I’d probably have mentioned the performance hits these patches cause as something to consider. Most folks probably won’t see the slowdowns in their daily work, and you may be advising for the masses, but make no mistake, the performance hits are there.

      And there are STILL very few people who have good, solid before/after measurements.

      -Noel

      1 user thanked author for this post.
      • #165159 Reply

        anonymous

        No third-party benchmark software installed but did run Performance Information Windows Experience Index test from Win7 Control Panel. FWIW, scores didn’t change after installing KB4056897. No clue how indicative that might be…

      • #165247 Reply

        woody
        Da Boss

        I haven’t seen any validated slowdowns for “regular” users. Have you?

        • #165307 Reply

          Noel Carboni
          AskWoody MVP

          I have personally sensed a slowdown so far on the small Win 7 hardware system I run.

          It’s a Haswell Pentium G3220, 2 core with 8 GB of RAM. A minimal, inexpensive system to say the least. But it never really felt slow to do things on the desktop until just the other day. I happened to log in when it was running a MSE malware scan – something that’s uncommon to be running when I’m logged in, but I’m sure I’ve done so before while a scan is running. I’ve logged in during scans a number of times just to learn why the disk light was active.

          This time – post January Windows patches, but no microcode changes – the desktop was almost unusably slow – QUITE noticeable. I found myself waiting several seconds for any application to start.

          That’s the first time this system has felt slow to respond – ever – since I installed it in 2015. With a RAID array of SSDs and plenty of free resources, such a system should NEVER be noticeably sluggish.

          Using an application that stresses the I/O subsystem I measured a repeatable 30%+ drop in the disk I/O throughput on this system, from an ability to move 1400 megabytes per second to/from the disks to 900 megabytes per second after the patches. I believe this is directly responsible for the sluggishness when doing a malware scan – which is of limited by I/O throughput.

          So yes, I’ve now seen the performance degradation in real world usage myself, under just the conditions in which I’d expect to sense a problem with a reduction in operating system I/O performance – trying to do something while something else was using the system volume heavily. Pretty much since time began the thing that holds any computer system back from doing more work and being responsive is I/O latency and throughput limitations.

          -Noel

          2 users thanked author for this post.
    • #165140 Reply

      anonymous

      Not receiving email conformation of registering for this site?

      • #165147 Reply

        PKCano
        AskWoody MVP

        It is an ongoing problem with the website software.

        1 user thanked author for this post.
      • #165240 Reply

        Elly
        AskWoody MVP

        If you checked your spam filter and it wasn’t there, either… then Woody usually tells people to e-mail him directly at woody@askwoody.com

         

        Win 7 Home, 64 bit, Group B

        1 user thanked author for this post.
    • #165145 Reply

      anonymous

      My question, is it safe now to go ahead and download /install NetFramework4.7.1 (KB4033342) for win7 ?

      • #165153 Reply

        PKCano
        AskWoody MVP

        KB4033342 is UNCHECKED in Windows Update.

        Rule: DO NOT CHECK ANYTHING THAT IS NOT CHECKED BY DEFAULT

    • #165156 Reply

      MrBrian
      AskWoody MVP

      I propose doing the following regarding Windows updates this month:

      For any manually-installed Windows update from January 2018 and later: If you use antivirus, you must ensure that the antivirus-related registry item was set by your antivirus before proceeding with manual installation

      If you don’t use antivirus, set the antivirus-related registry item, so that Windows Update won’t blacklist relevant updates.

      Group A Windows 7:

      If Windows Update offers KB4056894 then install it. If Windows Update doesn’t offer KB4056894, then if Windows Update offers KB4057400 then install it. If neither update is offered, then wait for the February 2018 Windows updates.

      Group A Windows 8.1:

      If Windows Update offers KB4056895 then install it. If Windows Update doesn’t offer KB4056895, then if Windows Update offers KB4057401 then install it. If neither update is offered, then wait for the February 2018 Windows updates.

      Group B Windows 7:

      Manually install KB4073578. Manually install KB4056568.

      Group B Windows 8.1:

      Manually install KB4077561. Manually install KB4056568.

      12 users thanked author for this post.
      • #165157 Reply

        bonbon
        AskWoody Lounger

        How do you check your antivirus registry key to make sure it is correct?  A list on Microsoft shows that Norton has fixed the registry key.  I also uninstalled and reinstalled Norton to make sure I have the most recent updated software. 

        But I don’t know how to check the registry key on my computer to make sure it is correct, although Norton representative tells me it is correct and that shouldn’t be the issue.

        • #165177 Reply

          GoTheSaints
          AskWoody Lounger

          In Woodys’ ComputerWorld article he linked to THIS  post by OscarCP which shows you how you can check if Norton has set this key.

      • #165162 Reply

        anonymous

        Would you mind explaining your reasoning for pushing to non-AMD machines KB4073578? Installed the original KB4056897, which by now might have been revised anyway, on my Intel/Nvidia machine today, so far without issue. https://support.microsoft.com/en-us/help/4073578/unbootable-state-for-amd-devices-in-windows-7-sp1-windows-server-2008

        • #165183 Reply

          MrBrian
          AskWoody MVP

          “Would you mind explaining your reasoning for pushing to non-AMD machines KB4073578?”

          It makes the instructions simpler :). If you have already installed KB4056897 and restarted your computer and had no issues, then I believe there’s no compelling reason to install KB4073578.

          3 users thanked author for this post.
      • #165185 Reply

        Steve
        AskWoody Lounger

        MrBrian,

        Here are quotes from Microsoft on the support pages for each of the Windows security updates you recommend be installed rather than the ones originally issued:

        “This update does not replace a previously released update.”

        “To apply this update, you don’t have to make any changes to the registry.”

        Both of these quotes seem inconsistent with the concept that the originals were superceded rather than supplemented. You are far more knowledgeable than I (and possibly Microsoft too!) but I wonder if it’s risky to ignore Microsoft’s descriptions of the updates. I wonder if there would be a downside to installing the original(s) and then the later one(s) you recommend, in sequence??

        • #165192 Reply

          MrBrian
          AskWoody MVP

          It’s true that the newer updates don’t metadata-supersede the security-only updates, but that’s probably because there are good reasons that a non-security update shouldn’t metadata-supersede a security update. Another question: So why didn’t Microsoft classify the newer updates as security updates? I would guess it’s because Microsoft doesn’t want users that installed the older updates and didn’t have issues to think that they had to install the newer updates.

          2 users thanked author for this post.
          • #165211 Reply

            EricEWV
            AskWoody Lounger

            In a sane world, I would think Microsoft would push out an Intel-specific patch and an AMD-specific patch at this stage seeing the major issues that can arise from the AMD machines, or just release an AMD-specific patch with all the relative fixes.  Something like “Security Update for Windows 7 on AMD” maybe.  But I think that’s asking for much with MS’s recent track record.

        • #165286 Reply

          abbodi86
          AskWoody MVP

          Support articles are generally generic

          besides, if you take Microsoft word, you would not follow Woody’s defcon system 😀

          1 user thanked author for this post.
    • #165160 Reply

      anonymous

      In @mrbrian‘s post #164967 in this blog, where does he get his information from that KB4073578 can be installed instead of KB4056897 as the January 2018 security only update for Windows 7?  I am extremely nervous about this.  I can’t find any confirmation that the former is a replacement for the latter.

      And, as has already been pointed out by others in this blog, the KB4073578 article states “This update does not replace a previously released update”.  And, furthermore, as has already been pointed out, it raises the question as to why didn’t Microsoft release a second version of KB4056897 to replace the first version instead of releasing KB4073578?  It is all very confusing.

      As my PC has an Intel processor, unless I can find some convincing evidence to do otherwise, I am inclined to install only KB4056897.  Thinking ahead, would that then put my PC in a state in which I could not install the February 2018 security only update?

      • #165187 Reply

        MrBrian
        AskWoody MVP

        “In @mrbrian‘s post #164967 in this blog, where does he get his information from that KB4073578 can be installed instead of KB4056897 as the January 2018 security only update for Windows 7?”

        It’s based on analysis of the contents of KB4056897 vs. KB4073578. If you’re sure that you don’t have an affected AMD CPU, then it’s fine to use KB4056897 instead.

        5 users thanked author for this post.
        • #165259 Reply

          TonyC
          AskWoody Lounger

          Yes, I suspected that was the way you did it.  I couldn’t find any explanation anywhere.  Microsoft’s documentation of these two updates and their relationship with one another is ambiguous and misleading.

      • #165188 Reply

        MrBrian
        AskWoody MVP

        I forgot to mention: In another topic I posted that as a test I installed KB4073578 on my Intel CPU, rebooted, and had no issues. (After a few minutes, I restored the backup that I had just made because I am in Group A.)

        • This reply was modified 8 months, 2 weeks ago by  MrBrian.
        • #165267 Reply

          TonyC
          AskWoody Lounger

          Yes, after this month’s problems, I’m now seriously considering switching to Group A. It is not so much Microsoft’s snooping that I object to but, in 2016, I was appalled by Microsoft’s attempt to upgrade my system to Windows 10 and to prepare my system for the upgrade. I don’t want that to happen again. I know that I am going to have to start using Windows 10 within the next year or two, but I will do it by performing a clean install of Windows 10 on a new PC.

    • #165172 Reply

      anonymous

      I can’t believe its gotten to the point where one is now required to have a system image and a repair disc standing by to download WU.  Well, actually I can after last month. I’m on WIN 7 with an older AMD machine, group A, and will still be sitting this one out until a I see a green for the Feb updates.  I’ve also tried to register on this site twice with no luck.

      • #165198 Reply

        Kirsty
        AskWoody MVP

        An occasional problem in getting registration emails has been noticed in some cases. Your quickest solution is to email Woody your username (used in your attempt to register) and a password. If he can’t find the user name in the database, he has the tools to create it.

        1 user thanked author for this post.
    • #165181 Reply

      OscarCP
      AskWoody Lounger

      OK, this is the situation with January’s Security Update, and it can be fun playing “Update Roulette” with your Win 7, x64, Intel 7 CPU PC (if possible, and old one of Sandy Bridge vintage, like mine).

      First: the initial game lineup:

      (1) MrBrian recommends the Security Update KB4073578 for Intel, AMD, etc.

      (2) Anonymous and a few others are all for KB4056897  for Intel. Some of them are even saying things like: “I installed KB4056897 and everything was OK afterwards!” Or: “Do not install KB4073578, that one is for AMD!”

      (3) Everyone seems to agree that KB4056568 is fine for E11, whatever the CPU may be.

      (4) Nobody, at least the way I see it (and am nothing more than an imperfect, error-prone mortal), has the slightest idea of what to do about .net.

      Now place your bets, ladies and gentlemen: Choose either (1) or (2). Don’t worry about (3), avoid having anything to do with (4).

      Win: Nothing bad happens. Dull, but all right…

      Loose: You’ll get a fancy doorstop and (if you are truly diligent), also an ISO disk image. Then you could place the disk on the doorstop, for an specially eye-catching effect. But you’ll be unable to visit Woody’s anymore, as you’ll no longer have what you’ll need to do that with. But it won’t matter, as you’ll never have to worry about updating Windows 7 again.

      (Just kidding.)

      • This reply was modified 8 months, 2 weeks ago by  OscarCP.
      • This reply was modified 8 months, 2 weeks ago by  OscarCP.
      • This reply was modified 8 months, 2 weeks ago by  OscarCP.
      2 users thanked author for this post.
      • #165189 Reply

        MrBrian
        AskWoody MVP

        “(4) Nobody, at least the way I see it (and am nothing more than an imperfect, error-prone mortal), has the slightest idea of what to do about .net.”

        I recommend: Install the .NET Framework updates that Windows Update ticks by default.

        1 user thanked author for this post.
        • #165369 Reply

          anonymous

          Had been installing the .Net rollups as well until a bug in image-rendering appeared in the rollup  a couple of months ago but not in the Security Only patches. Last thing I needed was to bork my RAW image developing and editing software. Been doing Security Only since, but it’s a pain.

    • #165201 Reply

      anonymous

      Win7 intel pentium machine here. Thanks for the heads up. For us Win7 users, are there any major bugs that we should prepare for, like those in Win10?

    • #165206 Reply

      anonymous

      First post on this site so please excuse me if I missed to read anything. I’m still reading up on the differences between Group A and Group B. Looks like I’m in Group A but I’m not a 100 percent certain yet. The DefCon system is very clear cut. I like it a lot.

      On my Dell Notebook running Win8.1 and AMD Radeon, I installed:KB4077561 (Manually)and KB4073576(Manually) and The Security Only Update KB4056898 (Manually)

      Via Windows update I installed: KB4057401 (Preview of Monthly Rollup) and KB4056895 (Monthly Rollup)

      On my Dell Desktop running Win 8.1 and an Intel core I5 I Installed those same updates I listed except the KB4073576 update which is a listed fix for older AMD processors.

      On Patch Tuesday last month on my Desktop and Notebook I installed the MSRT (KB890830) & The Adobe Flash Player update (KB4056887) and the Security and Quality Rollup for Microsoft.Net (KB4055266) Framework which in Hindsight I shouldn’t have installed at that time but fortunately I didn’t run into any problems. But I hid the other .Net Framwork updates and I don’t plan on installing them.

      Besides the updates I listed, did I miss anything major to install from the January patches?

      1 user thanked author for this post.
      • #165251 Reply

        Elly
        AskWoody MVP

        Hello Anonymous,

        There are a number of anonymous posting… so if you want to be anonymous, and not register on the site (which is okay), I’d suggest that you pick a name of some kind to stick on your post, so that it is easier to follow any further questions and answers (like when another anonymous is answering your post, or asking a related, but different question… it happens).

        I will say up front that I’m not a techy person, but I’ve been here for a while… and so would like to point out a few things… and maybe answer your questions…

        First, unless you want to experiment, and you know how to fix your computer, don’t install anything with preview in its name… those are for the early adapters to try out! You said you already installed it… so here’s hoping there aren’t any problems in it for your machine…

        Second, is if you are going the Group A route, and install the Monthly Quality and Security Update, you don’t need to install any Security only patches… they are included in the Monthly Quality and Security Update.

        Installing the Monthly Quality and Security Update puts you in Group A, even if you were following security only updating (Group B) before that.

        Did you follow each step (if Group A) at https://www.askwoody.com/forums/topic/2000004-how-to-apply-the-win7-and-8-1-monthly-rollups/? It is important to hide updates you are not installing, and then check for more, because some updates do not show up until all updates are installed or hidden.

        Group A is the recommended and easiest way to update… but I find that Group B works just fine for me.

        Also, although Woody says to turn off Windows Update, that is so you can control when to update. You can still click on it to run Windows Update, sort through the offered updates as recommended in the link above, and then install them. You don’t have to manually install them. I may have confused what you actually did, but this is an issue that a friend had problems understanding when I referred her here. She went to Microsoft and manually downloaded the Monthly Security and Quality Update, when it was already offered through Windows Update…

        The most important part, in the end, is to have a safe and working computer… so, if you have that, you were successful!

         

        Win 7 Home, 64 bit, Group B

    • #165214 Reply

      AJNorth
      AskWoody Lounger

      Not to add to the already formidable workload, but is the update to the procedure for a clean installation of WIN 7 (delineated into Groups A & B) still in the queue?  If memory serves, the most recent discussion was How would you install Win7 from scratch?  (2017.01.18), which should still provide the means to get the job done.

    • #165220 Reply

      LH
      AskWoody Lounger

      Basically, it is recommended there that you install KB 4056897 and KB 4073538 BUT ONLY restart your computer AFTER both updates have been installed. Do not restart after the first update, but only after both are installed. Apparently, this way the potential boot problem with 4056897 gets corrected before it happens.

      OK, silly question – how do you install both patches without a reboot in between?

      I am Group B, Win 7 Pro, and have been trying to do this for months (that is, install the Win 7 security-only patch and the corresponding IE11 patch with just one reboot after both installed).  However, whenever I try to install the second patch after successfully completing the first (with a “restart required” message), I get another message saying something to the effect that “only one wusa process is allowed at a time” (forgotten the exact message).  This happens even if I Close the wusa screen rather than Restart.

      I have just installed both of the January patches, same problem – had to reboot after the first one before it would let me run the second (both eventually installed successfully).  If there is a way to delay rebooting until after both patches are installed, it would save me a lot of time every month – it takes my old PC at least 10 minutes to complete a reboot cycle.

      • This reply was modified 8 months, 2 weeks ago by  LH.
      • This reply was modified 8 months, 2 weeks ago by  LH.
      • This reply was modified 8 months, 2 weeks ago by  Kirsty.
      • #165236 Reply

        byteme
        AskWoody Lounger

        KB 4056897 and KB 4073578 are the two alternative Win7 security-only updates. Neither is an IE update. I don’t think anyone was suggesting that you try to skip a mandated reboot in between a Win7 update and an IE update.

        More importantly, though, I think it’s fair to say that the guru-consensus in this thread is that you should only install one of those two Win7 updates. 4056897 is apparently fine if you’re sure your CPU is Intel and not AMD. And MrBrian says 4073578 is fine for both Intel and AMD CPUs.

        1 user thanked author for this post.
    • #165241 Reply

      Cascadian
      AskWoody Lounger

      A positive report on an uneventful update now complete.

      CPU: Dual AMD C-50 (wikipedia cross-references this as Brazos Ontario, 40nm)
      GPU: AMD Radeon HD 6250 (which should not matter, but including for completeness)
      Win7sp1x64, Microsoft Security Essentials, QualityCompat registry key set

      Following GroupA, allowing WU to make the appropriate choices.
      Preselected (checked) two important updates:
      2018-01 S&QR .NET Framework (all) Win7 & 2008 R2 x64 (KB4055532)
      2018-01 SMQR Win7x64-based Systems (KB4056894)
      and hid all others.

      Download delivered in about 99MB total for both items, download and installation required between 50m and 1h, restart took less than 10m, displaying only one start cycle including the expected percentage progress display and appropriate warning against removing power. No second cycle was observed. Windows Update History showed the appropriate information, listing KB4055532 .NETrollup first, around 45m from start, then KB4056894 SMQR second, 9m later.

      From curiosity, restored several usual suspects and allowed the new check for updates to review these items. All remained on offer, with same published dates and sizes previously seen, including KB2952664 still dated 14NOV2017.

      Gibson Research’s InSpectre release #6b reports:
      System is Meltdown protected: YES
      System is Spectre protected: NO!
      Performance: GOOD
      And much more information as well; all as expected.

      GroupA may allow some things that concern some people. But this system had the things that were likely to cause problems, and Windows Update provided the correct items without damage.

      3 users thanked author for this post.
    • #165256 Reply

      AJNorth
      AskWoody Lounger

      Adobe Flash Player has been updated to version 28.0.0.161.

      “A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

      Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

      For those who do not have Adobe Flash Player set to auto-update in WIN 7, or third-party browsers in WIN 8.1 and WIN 10, it may be updated manually from the Control Panel – or downloaded using these direct links (Right-click; select Save Link As):

       

      Microsoft will make the update for IE 11 (WIN 8.1 & 10) and Edge available from Windows Update.

      4 users thanked author for this post.
      • #165423 Reply

        anonymous

        Thank You Elly.  That was very helpful.

        From now on I definitely won’t install Preview Updates anymore.

        I thought I needed both KB4056895 and KB4056898 to patch the Meltdown vulnerabilities which is why I installed both. So I take I don’t need to install anything from the January Patches?

        Also I wasn’t offered any internet explorer update via WU last month. But I see some people are manually installing it.

        1 user thanked author for this post.
        • #165428 Reply

          PKCano
          AskWoody MVP

          Anon at #165423

          The IE separate patches are not offered through WU, they are part of the Monthly Rollup.
          If you do the security-only patches manually you need to also do the separate IE11 update manually.

          3 users thanked author for this post.
    • #165248 Reply

      anonymous

      just double asking for saftey:

      on 8.1, if 4077561 being installed already, installation of 4073576 not necessary anymore?

      • #165263 Reply

        PKCano
        AskWoody MVP

        See #165156

        • #165301 Reply

          anonymous

          this post only says:

          Group B Windows 8.1:

          Manually install KB4077561. Manually install KB4056568.

          so 4073576 not needed anymore?

          • #165304 Reply

            PKCano
            AskWoody MVP

            You read the post correctly.

    • #165273 Reply

      EricEWV
      AskWoody Lounger

      Bit the bullet and performed the update with KB4073578 as suggested by @mrbrian in #165156 ; it went quickly and with no noticable slowdown upon reboot and login.  Entire process took around or less than 5 minutes taking actual WUSA install time and the reboot installation with Windows Update itself registering a successful installation.  You have my gratitude for all the work you have done with this everyone.

      Specs:

      Windows 7 x64 Ultimate SP1

      AMD FX-8320 3.50 GHz

      Nvidia GeForce GTX 1060 (for complete specs sake)

      • This reply was modified 8 months, 2 weeks ago by  EricEWV. Reason: Attempting post link, first timer attempt
      1 user thanked author for this post.
    • #165270 Reply

      anonymous

      Thanks @woody et al.

      I am the Win7 SP1 x64 guy who had the Sandboxie problems after installing KB 4056897, so I will avoid it till that’s solved by Invincea.

      Already updated KB 4056568 (IE) without problems, and will now go for KB 4055532 (.NET).

      Be safe everyone.

    • #165276 Reply

      mazzinia
      AskWoody Lounger

      Ok,

      eventually decided to take the risk, based mainly on the assumption that either with inspectre or manually I can disable the meltdown and “supposedly” revert to the “previous” cpu performance.

      My 2 cents…

      Win7 x64, group B
      Intel , dual xeon 52×0

      1) would be nice to have a simple reliable way to quantify the speed loss
      This said
      2) TrustedInstaller, after these patches, is back to spiking at 20/25% … it was years since it messed up
      3) DaemonTools got affected by the very first security patch. Saw some mention about updating a virtual driver, followed by a timeout on the very first restart. Subsequently ( next restart ) it tried to do something but effectively the 2nd virtual drive vanished
      3rd restart, and the 2nd virtual drive shows in explorer, but NOT in daemontools.
      4) The indexer is working a lot ( read it Lot with the uppercase ) more, on C drive.
      I’m seeing 5 to 10 minutes of extra disk activity, compared to before.
      SearchProtocolHost.exe runs more, definitely (2 instances).
      lot of writes to
      c:\programdata\microsoft\search\data\applications\windows\windows.edb
      constantly
      5) Sqlservr.exe (runtime only) shows quite a lot of activity while before it didn’t happen.
      Sql server services are disabled (by me, long ago), except sql server VSS writer (not sure if it was started before the patches, or if it got started due to them)

      • This reply was modified 8 months, 2 weeks ago by  mazzinia.
      • #165280 Reply

        PKCano
        AskWoody MVP

        For third-party software, in several cases, installing the latest version has corrected the problems experienced after the latest round of patching. That has included the latest version of the anti-virus as well as other applications.

        • #165299 Reply

          mazzinia
          AskWoody Lounger

          Taking note, but seems the thing is a bit weird on this side.
          The 2nd virtual unit is present, but it got associated to a microsoft driver and identified as a real scsi unit on bus 0 id 0 lun 0.
          Now, I do have a few controllers, raid included… but no optical units on them. Quite weird outcome of the update, I would say

          TEXGV___JWXER8DYB_______1 scsi cdrom device

    • #165295 Reply

      dph853
      AskWoody Lounger

      Typical discussion, lots of differing options not much in the way of specific guidance. Those clinging to Win7, 8.1, Win 1607 are on their own to make up their own minds as not too many can keep all the KB numbers straight for every version of Windows.

      For Win10 1703 the summary as I understand it.

      1) The only major bug squashed in January is the “Equation Editor” issue

      2) The changes that bring about a CPU slow-down addressing Specter/Meltdown have been removed for the Cumulative update currently available for January as well as in any updates to the bios/uefi.

      So, if what I stated above is the case, I may well install the Jan. Cumulative Update, and the three pending (3 on my system) WaasMedic & accompaning Windows New Version preparation files. I do not expect to be installing Win10 18XX until 17XX is no longer supported or I upgrade my cpu & motherboard to one that isn’t from the stone age.

      Unfortunately, I do not live in the industrialized world and for now, a new computer is completely out of the question due to cost and the fact that I would never be able to get it shipped to the 3rd world without it growing legs and walking off into the sunset.

      At present, I’m reading what I can find and from that am preparing to hit the update button on the assumption that there will be no cpu impact due to Specter/Meltdown patching. If that is not the case, then I definitely do not wish to install Jan. updates or probably anymore going forward until either the class actions against intel get me a new cpu (Ha!) or I get my hands on a CPU with the specter/meltdown vulnerabilities corrected on the cpu itself.

       

      • This reply was modified 8 months, 2 weeks ago by  dph853.
    • #165305 Reply

      Scoop
      AskWoody Lounger

      Woody,

      I have 2 Win 7×64 PC’s (circa 2010) with Intel I5-650 CPU’s; 1 built Desktop & 1 Toshiba Laptop (Win7 OEM install).

      I’m a regular Cloner & Imager so I have Cloned my Laptop (my ‘guinea pig’ test PC) prior to installing the Jan Rollup (WU not yet installed).

      My question is about the Win 7 Jan Monthly Rollup as it relates to any built-in Firmware updates which I don’t want installed on my PC’s.

      Can I install the default Jan Monthly Rollup without any Firmware Updates?  Does the Rollup now include any Firmware updates?

      The concern I have is if the Jan Rollup includes the “Spectre” Firmaware updates, my Clone (or full Image) HDD backups won’t help me rollback my Laptop PC if BIOS/Firmware updates were included in the Jan Rollup Update.  Is that correct?

      • #165308 Reply

        PKCano
        AskWoody MVP

        The Jan patches do not contain firmware updates. Those come from the Computer OEM or the chip OEM.

        1 user thanked author for this post.
        • #165314 Reply

          Scoop
          AskWoody Lounger

          PKCano

          Thanks for the info 🙂

    • #165320 Reply

      gaiter
      AskWoody Lounger

      Updating windows 7 (group b) for security only and net security only is causing more problems that result in users spending hours trying to figure out or fixing the patches! I dislike spending more time on windows operating system than I use the computer for!

      My android tablet proves to be more enjoyable and much easier to manage.

      I have always enjoyed keeping my computer efficient, safe and enjoyable.

      my question: looks like installing 4056897 and 4055269 results in more problems than fixing any security issues, am I correct?

    • #165332 Reply

      The Surfing Pensioner
      AskWoody Lounger

      Reply to # 165320;

      Well, it took me 20 mins. this morning, while I burnt the toast. But then I was prepared (patches downloaded and waiting) and took a no-frills approach (if you don’t really need it, don’t install it). Not exactly hours!

      2 users thanked author for this post.
    • #165333 Reply

      mazzinia
      AskWoody Lounger

      Possible bug report post patches installation :
      Outlook 2010 went unresponsive once when trying to open an email with inside lets say ads ( official from my phone provider ), killed the process after letting it stay at 25% for 10 minutes.

      It tried to lock up a 2nd time (on a different, simple email), subsequently, but it resumed after 30/40 seconds

    • #165362 Reply

      anonymous

      @elly Regarding the anonymous issue: I am a registered Patron, but prefer to comment anonymously most of the time when I reveal the set up etc. of my particular Win 7 SP1 x64 / Intel i4 system in order to get the right advice of the gurus here. I rather keep info like that low profile. (Welcome to my world of paranoia.)

      @mrbrian I read all your and most of other’s comments about the updates, so also about KB 4073578. (I had to uninstall and do a system restore after KB 4056897 messed up third party software.)
      If I understand correctly, KB 4073578 was meant for AMD systems and not for Intel. However, there seems to be no harm in installing KB 4073578 on a Intel system.

      But what I don’t understand: What is/would be the benefit of installing this update on a Intel system?? Thanks in advance.

      1 user thanked author for this post.
    • #165392 Reply

      abbodi86
      AskWoody MVP

      @mrbrian I read all your and most of other’s comments about the updates, so also about KB 4073578. (I had to uninstall and do a system restore after KB 4056897 messed up third party software.) If I understand correctly, KB 4073578 was meant for AMD systems and not for Intel. However, there seems to be no harm in installing KB 4073578 on a Intel system. But what I don’t understand: What is/would be the benefit of installing this update on a Intel system?? Thanks in advance.

      updates are for all systems, regardless if they fix something for one of them

      the benefit is to align patching recommendation 🙂

      4 users thanked author for this post.
    • #165420 Reply

      jrmoffett
      AskWoody Lounger

      I am absolutely not going to install the Meltdown Spectre patch. At this point I just don’t believe that there is a real threat. A potential 30% slowdown is not acceptable, and there is no indication that these holes are actually going to be useful ways of hacking into a personal computer. Someone might try to hack an un-patched server, but there isn’t enough of a reason to try and do this to someone’s PC.

      If I hear that these exploits are actually working to attack regular people’s PCs then I will reconsider. But as of now, that patch stays unchecked.

      4 users thanked author for this post.
    • #165448 Reply

      jelson
      AskWoody Lounger

      OK, silly question – how do you install both patches without a reboot in between? …. However, whenever I try to install the second patch after successfully completing the first (with a “restart required” message), I get another message saying something to the effect that “only one wusa process is allowed at a time”

      Try installing the patches manually. When I do that, first I disable the network (unplug the ethernet cable) and then stop the Windows Update service (via services.msc) After the 1st patch is installed, I opt out of a reboot and then again stop the Windows Update service (otherwise it can take awhile before I’m asked if I want to install patch blah-blah-blah)

      Works for me; Win 7 x 64 “Group B”

       

       

      • This reply was modified 8 months, 2 weeks ago by  jelson.
      • #165491 Reply

        anonymous

        “If you do the security-only patches manually you need to also do the separate IE11 update manually.”

        Pkcano So this explains what the people in Group B are doing?

         

    • #165488 Reply

      amraybt
      AskWoody Lounger

      Torture test? I can’t say I’ve been inconvenienced at all, largely thanks to the excellent advice I’ve picked up on this site. Just slightly mazed at the angst expressed by so many. But I do hide everything I don’t want to install – I understand from MrBrian that’s the only way forward if you’re in Group B – so my WU is very tidy. Rather a lot got hidden, this month.

      As Woody says, “The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers.”

      There is great advice and knowledge here but trying to keep up with everything can be intimidating (info on any given issue can be spread across multiple topics and sub-forums – I don’t meant that as a complaint, just that news and changes come quickly). As we see here January was confusing due to the multiple security-only updates on 7 and 8.1. Thanks to MrBrian and others for clearing that up.

      IIRC the update hiding issue is mostly an issue for clean installs that follow Group B or users who aren’t caught up with the pre-Oct 2016 individual updates. I have neglected to hide any rollups thus far, though. I’m also not sure if Group A faces similar issues or needs to hide unwanted updates.

      https://www.askwoody.com/forums/topic/group-b-win78-1-missing-updates-hiding-rollups-security-only-patches/

      https://www.askwoody.com/forums/topic/new-directions-for-win-7-and-8-1-patching/#post-138998

      https://www.askwoody.com/forums/topic/windows-updates-after-reboot-which-do-i-need/#post-145231

      https://www.askwoody.com/forums/topic/for-a-rusty-beginnerintermediate-how-to-intelligently-install-a-new-win7/#post-143059

      And I’m totally lost on what’s going on with .NET (4.7 had issues on Win 7; people who have 4.6.x and are installing the .NET rollups are getting some kind of “Frankenstein” as 4.6.x is “converted” to 4.7.). Apparently there are security-only .NET updates released in some but not all months, but AFAIK the Group B approach takes the whole .NET rollups through WU anyway. It seems that the general advice is to either stick with 4.5.2 or move to 4.7.x . I’m not sure what other Group B folks are doing with .NET (taking the monthly rollups or just installing security-only updates).

      -- Group B through Dec 2017, currently Group W --
      Win 7 Pro x64 desktop (Haswell CPU, AMD GPU)
      Win 8.1 Home/Basic x64 laptop (Haswell CPU, Nvidia GPU)

      • This reply was modified 8 months, 2 weeks ago by  amraybt.
      • This reply was modified 8 months, 2 weeks ago by  amraybt.
      1 user thanked author for this post.
    • #165508 Reply

      Hopper15
      AskWoody Lounger

      Looks like I made it through that January patch minefield unscathed for now.  No noticeable slowdowns so far.

    • #165523 Reply

      Purg2
      AskWoody Lounger

      Wow, 112 MB (or 114 depending on how you look at it).  Must be some kinda record.

      Win 8.1 Group B, Linux Dabbler

      • #167766 Reply

        Noel Carboni
        AskWoody MVP

        Don’t look now but Win 10 .msu files can be an order of magnitude larger than that.

        -Noel

    • #165623 Reply

      dgreen
      AskWoody Lounger

      January patch KB4056894 applied and MSRT KB890830 applied 2/6/18 without any issues.

      Dell Inspiron 660 (purchased in 2013) just replaced hard drive in November 2017 and had Windows 7 reloaded.
      Windows 7 Home Premium 64 bit SP 1
      Server 2008 R2 x64
      Processor: Intel i3-3240 (ivy bridge 3rd generation)
      chipset Intel (R) 7 series/C216
      chipset family SATA AHCI Controller -1 E02

      After new hard drive installed went to
      Group A

      2 users thanked author for this post.
    • #165701 Reply

      MrBrian
      AskWoody MVP

      If anyone has unanswered questions regarding my advice, please post at https://www.askwoody.com/forums/topic/a-quick-overview-of-january-patching-recommendations-for-windows/.

      • This reply was modified 8 months, 2 weeks ago by  MrBrian.
      1 user thanked author for this post.
    • #165703 Reply

      bjm
      AskWoody Lounger

      RE: Win10 1703
      Using wushowhide I hid KB4023057, KB4073543, and KB4056254
      I installed CU KB4057144 Build 15063.877
      I installed all the other non-driver patches.
      ————————————————————

      What about KB4078130?

    • #165711 Reply

      Seff
      AskWoody Lounger

      By way of personal update, my Intel Windows 7 x64 machine with AMD Radeon graphics card now has KB4056894 (monthly rollup), KB4055532 (.Net Framework update), 5 updates for Office 2010 and the MSRT all installed over the past couple of days and seemingly all running ok at the moment. I have also now been offered KB4011187 for Office 2010 but it’s unchecked and therefore left well alone for now.

      That leaves me with the outstanding task of installing both KB4056894 and KB4055532 on my other machine which is an AMD Phenom II Windows 7 x64 machine with a Nvidia graphics card. That machine doesn’t have Office installed so the only other update for it which I have now installed ok is the MSRT.

      Has any other Windows 7 user installed these updates on an AMD Phenom II machine, and if so with what results? I know Woody’s view is that the only outstanding problem with that processor is for certain Windows 10 users but that doesn’t make me any less apprehensive!

    • #165718 Reply

      abbodi86
      AskWoody MVP

      RE: Win10 1703
      Using wushowhide I hid KB4023057, KB4073543, and KB4056254
      I installed CU KB4057144 Build 15063.877
      I installed all the other non-driver patches.
      ————————————————————

      What about KB4078130?

      That’s not an update, merely a tool to disable Specture mitigation
      and it’s not available through Windows Update

      2 users thanked author for this post.
    • #165719 Reply

      PKCano
      AskWoody MVP

      What about KB4078130?

      KB4078130 is downloadable from the Catalog only and disables branch targeting vuln (CVE-2017-5715 Spectre variant 2). It is a workaround for those who have installed the defective Intel microcode. Microsoft says this about it.

      While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing, this update has been found to prevent the described behavior in devices that have affected microcode.

      I have not installed the defective microcode and do not need this patch. It is not necessary for those who have not installed the microcode.

      2 users thanked author for this post.
    • #165722 Reply

      bjm
      AskWoody Lounger

      What about KB4078130?

      KB4078130 is downloadable from the Catalog only and disables branch targeting vuln (CVE-2017-5715 Spectre variant 2). It is a workaround for those who have installed the defective Intel microcode. Microsoft says this about it.

      While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing, this update has been found to prevent the described behavior in devices that have affected microcode.

      I have not installed the defective microcode and do not need this patch. It is not necessary for those who have not installed the microcode.

      Hmm, I thought KB4057144 Build 15063.877 brings defective microcode.   How does defective microcode get installed?

    • #165723 Reply

      hjf
      AskWoody Lounger

      Windows 7 intel Centrino vPro group B. Novice and grateful AskWoody reader. I have Avast antivirus. How can I make sure that the reg key is allowed? I have looked over my Avast options and don’t see any mention of this function.  Thanks!

    • #165724 Reply

      bjm
      AskWoody Lounger

      RE: Win10 1703 Using wushowhide I hid KB4023057, KB4073543, and KB4056254 I installed CU KB4057144 Build 15063.877 I installed all the other non-driver patches. ———————————————————— What about KB4078130?

      That’s not an update, merely a tool to disable Specture mitigation and it’s not available through Windows Update

      I pulled KB4078130 from Windows Update Catalog.

    • #165726 Reply

      PKCano
      AskWoody MVP

      Hmm, I thought KB4057144 Build 15063.877 brings defective microcode. How does defective microcode get installed?

      Microcode does not come from MS. It comes from the computer OEM or the chip OEM. It is a patch (code) applied to the CPU, not software to the Windows OS.

      1 user thanked author for this post.
      bjm
    • #165727 Reply

      PKCano
      AskWoody MVP

      Windows 7 intel Centrino vPro group B. Novice and grateful AskWoody reader. I have Avast antivirus. How can I make sure that the reg key is allowed? I have looked over my Avast options and don’t see any mention of this function. Thanks!

      Here are the instructions for finding the key

      1 user thanked author for this post.
      hjf
    • #165729 Reply

      abbodi86
      AskWoody MVP

      I pulled KB4078130 from Windows Update Catalog.

      Windows Update = the OS internal update infrastructure

      Microsoft Update Catalog = external web site to download updates manually

    • #165730 Reply

      bjm
      AskWoody Lounger

      Hmm, I thought KB4057144 Build 15063.877 brings defective microcode. How does defective microcode get installed?

      Microcode does not come from MS. It comes from the computer OEM or the chip OEM. It is a patch (code) applied to the CPU, not software to the Windows OS.

      Hmm, afaik I have not recently installed HP/Intel updates.   Guess, I’ll look to HP for info.  Thanks

      Hmm, so KB4078130 is downloadable from the Microsoft Update Catalog…but, defective microcode does not come from MS.
      head scratch  Thanks

      • This reply was modified 8 months, 2 weeks ago by  bjm.
    • #165734 Reply

      PKCano
      AskWoody MVP

      Hmm, afaik I have not recently installed HP/Intel updates. Guess, I’ll look to HP for relevant info. Thanks

      Advice – do not install any BIOS/microcode at this time. Things are messed up with the microcode at the moment.

      3 users thanked author for this post.
    • #165735 Reply

      MrBrian
      AskWoody MVP

      Windows 7 intel Centrino vPro group B. Novice and grateful AskWoody reader. I have Avast antivirus. How can I make sure that the reg key is allowed? I have looked over my Avast options and don’t see any mention of this function. Thanks!

      An alternative method for Windows 7 users is to see if Windows Update offers KB4057400.

    • #165736 Reply

      bjm
      AskWoody Lounger

      I pulled KB4078130 from Windows Update Catalog.

      Windows Update = the OS internal update infrastructure Microsoft Update Catalog = external web site to download updates manually

      I pull my Windows updates from Microsoft (Windows) Update Catalog.   Thanks

      • This reply was modified 8 months, 2 weeks ago by  bjm.
      • This reply was modified 8 months, 2 weeks ago by  bjm.
    • #165739 Reply

      bjm
      AskWoody Lounger

      Hmm, afaik I have not recently installed HP/Intel updates. Guess, I’ll look to HP for relevant info. Thanks

      Advice – do not install any BIOS/microcode at this time. Things are messed up with the microcode at the moment.

      Okay.  I hear ya’.    I thought AVs pushed a reg update to allow update from Microsoft/Windows related to Spectre-Meltdown.     Guess, I’m confused as to whats what.

      Thanks

    • #165742 Reply

      PKCano
      AskWoody MVP

      Okay. I hear ya’. I thought AVs pushed a reg update to allow update from Microsoft/Windows related to Spectre-Meltdown. Guess, I’m confused as to whats what.

      Microsoft pushes updates to Windows OS for vulns related to Spectre-Meltdown.
      The Hardware manufacturer pushes updates for the hardware (CPU) for vulns related to Spectre-Meltdown.
      The AV‘s push a Registry change to allow MS updates

      They are NOT the same thing.

      1 user thanked author for this post.
      bjm
    • #165751 Reply

      bjm
      AskWoody Lounger

      Okay. I hear ya’. I thought AVs pushed a reg update to allow update from Microsoft/Windows related to Spectre-Meltdown. Guess, I’m confused as to whats what.

      Microsoft pushes updates to Windows OS for vulns related to Spectre-Meltdown. The Hardware manufacturer pushes updates for the hardware (CPU) for vulns related to Spectre-Meltdown. The AV‘s push a Registry change to allow MS updates They are NOT the same thing.

      Granted, they’re not the same.   Okay, KB4078130 is related to hardware (HP/Intel) side even though KB4078130 came from software (Microsoft/OS) side.   And AVs reg push was related to software side.   Thanks again.

      • This reply was modified 8 months, 2 weeks ago by  bjm.
    • #165755 Reply

      hjf
      AskWoody Lounger

      Many thanks to PKCano for the quick and useful response and the link to OscarCP’s utterly clear instructions–thanks also to OscarCP. I checked and all is well with reg edit. Onward to the next step, backing up.

    • #165760 Reply

      SueW
      AskWoody Lounger

      Many thanks to PKCano for the quick and useful response and the link to OscarCP’s utterly clear instructions–thanks also to OscarCP.

      Thanks, @hjf!  Those were actually my original “utterly clear” instructions that I posted back on January 6, 2018: https://www.askwoody.com/forums/topic/multiple-reports-of-blue-screens-bsods-0x000000c4-when-installing-the-january-win7-monthly-rollup-kb-4056894/page/7/#post-157000.  Unfortunately, they were neither quoted nor attributed in the more recent post . . .

      Glad to hear that your reg edit is well!

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

      • This reply was modified 8 months, 2 weeks ago by  SueW.
      1 user thanked author for this post.
    • #165810 Reply

      bjm
      AskWoody Lounger

      RE: Win10 1703
      Okay, I installed CU KB4057144 Build 15063.877
      I’m curious what to do about KB4049011, KB4023057, KB4056254 that are WUshowhide hidden.

      And also hidden is KB2538243 Security Update Visual C++ 2008 Redistributables (Microsoft Update Catalog reports Last Updated 4/5/2012).
      My Apps lists several Visual C++ 2005, 2008, 2010 & 2012 with dates 2014, 2016 & 2018.
      Any thoughts what I should do regarding KB2538243.

      Thanks

      • This reply was modified 8 months, 2 weeks ago by  bjm.
      • #165823 Reply

        PKCano
        AskWoody MVP

        ’m curious what to do about KB4049011, KB4023057, KB4056254 that are WUshowhide hidden.

        KB4049011 is the servicing stack you need it – the others stay hidden.
        Update Visual C++

    • #165821 Reply

      anonymous

      Pensioner Lady here…

      I am using Avast free edition (which is up to date) and I note that on the ‘list’ it should be compatible for the Windows 7 January Rollup but I have only received the Net.framework KB4033342 and no monthly rollup.  Should I uninstall Avast in order to receive it?  I am non techie and set my updates to ‘never’ until DEFON 3 and am in group A

      • #165826 Reply

        PKCano
        AskWoody MVP

        I am using Avast free edition (which is up to date) and I note that on the ‘list’ it should be compatible for the Windows 7 January Rollup but I have only received the Net.framework KB4033342 and no monthly rollup. Should I uninstall Avast in order to receive it? I am non techie and set my updates to ‘never’ until DEFON 3 and am in group A

        Right click on the icon in the right taskbar, chose update engine and definitions. In the box that pops up, click on update in the lower portion.
        If you have an AMD processor you may still not get the update.

    • #165830 Reply

      bjm
      AskWoody Lounger

      ’m curious what to do about KB4049011, KB4023057, KB4056254 that are WUshowhide hidden.

      KB4049011 is the servicing stack you need it – the others stay hidden. Update Visual C++

      Um, which vc file?  What’s ia64?  W10 x64 Home.
      2473

      • This reply was modified 8 months, 2 weeks ago by  bjm.
      • This reply was modified 8 months, 2 weeks ago by  bjm.
      • This reply was modified 8 months, 2 weeks ago by  bjm.
      Attachments:
      You must be logged in to view attached files.
      • #165833 Reply

        PKCano
        AskWoody MVP

        @bjm

        Whichever one is available in Windows Update.

        • This reply was modified 8 months, 2 weeks ago by  PKCano.
        1 user thanked author for this post.
        bjm
    • #165837 Reply

      bjm
      AskWoody Lounger

      @bjm Whichever one is available in Windows Update.

      Yeah, I don’t run Windows Update if I don’t have to.   Okay.  Thanks

       

    • #165838 Reply

      anonymous

      Pensioner Lady again….

      Thank you PKCano.  I have followed your instructions and am informed that engine and definitions + program are all up to date.  My machine has a Celeron processor.

      • #165840 Reply

        PKCano
        AskWoody MVP

        Pensioner Lady again…. Thank you PKCano. I have followed your instructions and am informed that engine and definitions + program are all up to date. My machine has a Celeron processor.

        Install Kb4057894

        If Kb4057894 still won’t install.
        Go to the optional updates. Check KB4057400, check OK at the bottom.
        Go to the important updates. UNCHECK the Monthly Rollup KB4056894, click OK

        Install KB4057400

    • #165846 Reply

      Seff
      AskWoody Lounger

      Pensioner Lady again…. Thank you PKCano. I have followed your instructions and am informed that engine and definitions + program are all up to date. My machine has a Celeron processor.

      Install Kb4057894 If Kb4057894 still won’t install. Go to the optional updates. Check KB4057400, check OK at the bottom. Go to the important updates. UNCHECK the Monthly Rollup KB4056894, click OK Install KB4057400

      Isn’t Pensioner Lady’s point that as a Group A user she isn’t being offered any of the updates you’re referring to? That’s my interpretation of post #165821.

      If that is the case then as a first step I would do a new search for Windows Updates (open WU from the program list and then look for updates) and see if any rollup is now offered.  If not, then I would wait until the February monthly rollup is released and keep an eye on the advice here including the DefCon ratings.

      If not already done, it would also be worth following @suew‘s link in post #165760 to establish whether the registry key has been set to enable the monthly rollup to be installed. It may be that the rollup isn’t being offered through system incompatibility. Either way there’s no real harm in waiting a few days to see what is offered in the February update and for which purposes rather than setting WU to “Never” it could be set to “Notify but do not download or install” – that way it’s possible to see what is being made available and whether it’s checked or not.

    • #165874 Reply

      walker
      AskWoody Lounger

      @woody:

      MS Defcon 3:

      This happened so fast that I’m hoping I’m not going to miss any “warnings”, etc.  It’s been so hectic that I know it’s going to be a nightmare trying to avoid the possible “bad patches”.   Is there a site that has “everything” on it for our MS Defcon3 information yet?  Thank you for getting the site more organized.    IMHO there are too many comments which do not add any information to share, rather that they are more about what is occurring with their own methods with their computers and everything takes up a lot of space and time for everyone to read.   Good Luck, and  hope the new method will help!   Thank you for all of your hard work!   🙂

      2 users thanked author for this post.
    • #165891 Reply

      Cascadian
      AskWoody Lounger

      @woody: MS Defcon 3: … Thank you for getting the site more organized. IMHO there are too many comments which do not add any information to share, rather that they are more about what is occurring with their own methods with their computers and everything takes up a lot of space and time for everyone to read.

      Walker, I know you addressed Da Boss; but as someone who did post a detailed description of hardware, process, and result, I felt I could respond with my motivation. The Outstanding Advice by all MVP’s here is clear, and uses specific language to make it apply to the widest range of cases possible. I hope you are able to find your correct course from their directions.

      The most useful benefit here is for people who have questions. And the more specific they can describe their computer, the more accurate the answers will be. Another benefit comes from comparing successful reports that support the original advice. If the accurate description of my system helps another reader to recognize their own details, and so decide the advice is good; then I feel I have helped, even if they never write a comment.

      If I have misunderstood the purpose of sharing results, both success and failure, then I apologize to you Walker, and others who have spent time on my non-question.

      4 users thanked author for this post.
      • #166060 Reply

        walker
        AskWoody Lounger

        @paul:   I addressed the comments to Woody, although it’s really for all of us.  I welcome questions, and situations asking for help, and/or clarification.    We all learn from what we are having problems with.  No “dings” intended.  Your comments were well-taken, and understand exactly what you are referring to.    The exchange of information to help each other is beneficial to everyone, and in most instances the more data provided expedites the process.

        I, like many others, am “computer illiterate”, so in some instances these exchanges go “right over my head”.  Thank you for your excellent comments, they are very much appreciated.    🙂

        1 user thanked author for this post.
    • #165947 Reply

      dgreen
      AskWoody Lounger

      Windows 7 intel Centrino vPro group B. Novice and grateful AskWoody reader. I have Avast antivirus. How can I make sure that the reg key is allowed? I have looked over my Avast options and don’t see any mention of this function. Thanks!

      Here are the instructions for finding the key

      Ok, I just rechecked my computer regarding the above instructions.
      When I checked my computer when the instructions were first given, the results was I did have the “quality …” key there.
      This morning, it is not there.
      Other then on going updates of Microsoft Security Essentials definitions, and yesterday applying the January roll up patch and MSRT, oh and I did upgrade my Chrome browser to Vs 64 (2/2/18) that is all.
      Is something wrong here?

      Dell Inspiron 660 (purchased in 2013) just replaced hard drive in November 2017 and had Windows 7 reloaded.

      Windows 7 Home Premium 64 bit SP 1

      Server 2008 R2 x64

      Processor:  Intel i3-3240 (ivy bridge 3rd generation)

      chipset Intel (R) 7 series/C216

      chipset family SATA AHCI Controller -1 E02

       

      After new hard drive installed went to

      Group A

       

      • This reply was modified 8 months, 2 weeks ago by  dgreen.
    • #165953 Reply

      PKCano
      AskWoody MVP

      When I checked my computer when the instructions were first given, the results was I did have the “quality …” key there. This morning, it is not there. Other then on going updates of Microsoft Security Essentials definitions, and yesterday applying the January roll up patch and MSRT, oh and I did upgrade my Chrome browser to Vs 64 (2/2/18) that is all. Is something wrong here?

      MSE is supposed to set the key. The only thing I can suggest is to update MSE then reboot and check again. You can manually set the key (at your own risk, of course) but MSE should be compatible.

      1 user thanked author for this post.
    • #165964 Reply

      mazzinia
      AskWoody Lounger

      Well, I’ve something weird to report.
      I installed january group B security patches on win 7 x64, 2 days ago. The cpu is a xeon E5205 ( 2 of them ), and there’s NO microcode offered ( and doubt it’ll ever happen ).
      I have the pc under the SAME load daily, and weirdly I GAINED 10% cpu… I’m still very puzzled.

      Major gain was on skype.. before was sitting at 25% , now at most goes to 21 but averages at 19%

    • #165974 Reply

      dgreen
      AskWoody Lounger

      When I checked my computer when the instructions were first given, the results was I did have the “quality …” key there. This morning, it is not there. Other then on going updates of Microsoft Security Essentials definitions, and yesterday applying the January roll up patch and MSRT, oh and I did upgrade my Chrome browser to Vs 64 (2/2/18) that is all. Is something wrong here?

      MSE is supposed to set the key. The only thing I can suggest is to update MSE then reboot and check again. You can manually set the key (at your own risk, of course) but MSE should be compatible.

      Ok, I finally found it.
      Apparently the instructions was for Windows 10???
      I found it searching
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
      and there it was!

    • #165977 Reply

      Seff
      AskWoody Lounger

      Before anyone thinks they don’t have the registry key set, they should make sure they’re searching for “QualityCompat” (minus the quotation marks) as a single word. It’s too easy to think of it as two words but if you search for it as two words it won’t then be found.

      2 users thanked author for this post.
      • #166000 Reply

        anonymous

        I have AVG free and an old version of MB pro (1.62.0.1300) working on my i5-750 machine with win 7 32 ultimate. Did the search for the key and found:

        REG_SZ (valor no establecido)
        cadca5fe-87d3-4b96-b7fb-a231484277cc
        REG_DWORD 0x00000000 (0)

        So I plan to install KB4055532, KB 4056568 and KB 4056898, all for 32 bit.
        Question is if this procedure is right.

        Thanks in advance, Mónica

        Edit to remove HTML.
        Please convert to plain text (.txt) before cut/paste

    • #166008 Reply

      PKCano
      AskWoody MVP

      I have AVG free and an old version of MB pro (1.62.0.1300) working on my i5-750 machine with win 7 32 ultimate. Did the search for the key and found: REG_SZ (valor no establecido) cadca5fe-87d3-4b96-b7fb-a231484277cc REG_DWORD 0x00000000 (0) So I plan to install KB4055532, KB 4056568 and KB 4056898, all for 32 bit. Question is if this procedure is right. Thanks in advance, Mónica

      The information on the Registry key is here.
      If it is present, for Win7 you should install KB4073578 (security-only), KB4056568 (IE11) and KB4055532 (.NET Rollup)

      KB4056898 is for Win8.1

      You can download from AKB2000003 on this site

      2 users thanked author for this post.
      • #166022 Reply

        anonymous

        Thanks so much, PKCano, Mónica

      • #166371 Reply

        walker
        AskWoody Lounger

        @pkcano:   Out of those listed I have only one in my pending updates, and that is  KB 4055532.   I do not have any of the others.   I am Win7 x64, Group A.  I think that is the only one that I would need (Security and Quality Rollup for .NET Framework (goes to 4.7.1) on Win7 and server2008 R2 for x64).  I think this would be the way to proceed with this KB (I hope).  Thank you for your guidance on this.

    • #166016 Reply

      anonymous

      Pensioner Lady her again….

      Thank you Seff. Your interpretation of my problem is correct.  I have 2 PCs and the one I was referring to is my laptop (running Windows 7 Home Edition and Avast AV free edition) which I use as a ‘test’ machine each time we get to DEFCON 3.  I have checked using regedit.exe and the registry key has not been set which is presumably why I am not getting the Monthly Rollup. I will follow your advice for which I thank you.

      My second machine is a Lenovo desktop running Windows 7 Pro and Avira AV.  The registry key appears to be set for that so I am going to bite the bullet and try to install updates on this machine………..fingers crossed……

       

       

       

    • #166064 Reply

      CraigS26
      AskWoody Lounger

      FWIW, I’m OK now but had to Image back to an hour earlier after Re-Start Stuck (gave-up after 30 min) on “About to install updates – Don’t Turn-off computer”. I had Inst’d All Chk’d Importants – EXCEPT –  .NET Rollup for 4.7.1.

      Today I Inst’d in separate segments: (1) KB 4056894 W-7 Qual Rollup, then (2) [5] Office 2010 + MSRT, then (after Image Incr) (3) KB 4055532 Quality Rollup NET Frmwk 4.7.1.

      (Jun ’12 Gateway – Best Buy) With Sandy Bridge = No Intel Help …  I presume I’m operating at a self-imposed risk, anyway, until I get a new computer. Good luck to All!

      WU Grp A - Win 7-64 Hm Prem / Hm-Stdnt Office '10 / i5 Sandy Bridge Gen 2 / NO Java or Flash

      2 users thanked author for this post.
    • #166080 Reply

      Cascadian
      AskWoody Lounger

      @paul: I addressed the comments to Woody, although it’s really for all of us. … No “dings” intended. … much appreciated.

      I also assume public comments are for public reply, like an open letter. Glad you intended that way as well. No ding received. Only I felt the urge to explain a bit for you, in response. Cheers! Enjoy the day.

      Fast edit to remove smiley from Quote box. It displayed in five inches (13cm) and I feared it would be taken as sarcasm not intended.

      • This reply was modified 8 months, 2 weeks ago by  Cascadian. Reason: noted in text
      1 user thanked author for this post.
    • #166093 Reply

      Seff
      AskWoody Lounger

      Pensioner Lady her again…. Thank you Seff. Your interpretation of my problem is correct. I have 2 PCs and the one I was referring to is my laptop (running Windows 7 Home Edition and Avast AV free edition) which I use as a ‘test’ machine each time we get to DEFCON 3. I have checked using regedit.exe and the registry key has not been set which is presumably why I am not getting the Monthly Rollup. I will follow your advice for which I thank you. My second machine is a Lenovo desktop running Windows 7 Pro and Avira AV. The registry key appears to be set for that so I am going to bite the bullet and try to install updates on this machine………..fingers crossed……

      You’re welcome, and good luck!

      I know the feeling, one of my desktops is an AMD Phenom II and they had problems with the January rollup so that it was first offered, then unchecked, then checked again. Today I too decided to bite the bullet and installed it – fortunately all is well thus far. Just the .Net Framework update to install in the next day or two (when there are problematic updates I prefer to keep them apart so that if anything happens I know which one caused it) and my January updating will be complete, my Intel machine having taken both those updates and the Office 2010 updates ok the other day (again, both machines are updated a couple of days apart in case of issues). The extra Office update that was offered yesterday is unchecked and will be reviewed as part of the February patches.

      I owe so much to Microsoft, as a Pensioner Gent if I didn’t have their updates to worry about I don’t know how I’d fill my time! Oh wait, I already have less free time now before thinking about the updates than I had when I was working full-time!

      • This reply was modified 8 months, 2 weeks ago by  Seff.
      1 user thanked author for this post.
    • #166107 Reply

      anonymous

      Hi. My OS is Windows 10 PRO 64-bit version 1703. Since we are at MS-DEFCON 3, I disabled the quality updates deferral group policy which was set to 30 days. WU installed all the January updates including cumulative update KB4056891 but I have not received KB4057144 yet. Thus my build remains at 15063.850 when 15063.877 has been available for weeks. I have tried rebooting, checking for updates many times. My antivirus is Windows Defender and the “QualityCompat” registry key exists. WU thinks that my device is up to date. My CPU is Intel. Is KB4057144 just for AMD systems by any chance? Is anyone else having this problem please?

    • #166115 Reply

      PKCano
      AskWoody MVP

      Hi. My OS is Windows 10 PRO 64-bit version 1703. Since we are at MS-DEFCON 3, I disabled the quality updates deferral group policy which was set to 30 days. WU installed all the January updates including cumulative update KB4056891 but I have not received KB4057144 yet. Thus my build remains at 15063.850 when 15063.877 has been available for weeks. I have tried rebooting, checking for updates many times. My antivirus is Windows Defender and the “QualityCompat” registry key exists. WU thinks that my device is up to date. My CPU is Intel. Is KB4057144 just for AMD systems by any chance? Is anyone else having this problem please?

      I got KB4057144 on an Intel machine through WU for my Win10 1703.
      Settings: Feature updates = 365, quality updates = 0, no pause
      Group Policy: Windows Update = Notify download/install (2), Delivery Optimization Enable = 99 (HTTP, no peering, no DO)

    • #166187 Reply

      anonymous

      Update from Pensioner Lady

      Have installed KB4055532, KB4056894, and KB4033342 individually on my Lenovo Desktop (Windows 7 Pro and Avira AV) without any problems.

      Will tackle my troublesome laptop updates over the weekend.

      Thank you so much for the folks who take the trouble to answer questions on this site. As an ordinary (non techie) user but one who likes some control over what is being downloaded onto her machines, your help and advice is invaluable.

      • #166373 Reply

        walker
        AskWoody Lounger

        @Pensioner Lady:  Noted that you installed KB 4056894 with no problems on your desktop computer.  I had seen a few issues with some users,  however yours appeared to be successful.   I think the last comment about this KB was for your laptop only?

    • #166222 Reply

      anonymous

      Pensioner Lady further update…

      Tried again on my laptop but still no Rollup being offered. Uninstalled Avast AV and turned on Windows Defender … still no update offered and on checking regedit.exe still no ‘key’. Closed Defender and installed Avira AV and voila…. I now have updates…..

      2 users thanked author for this post.
    • #166234 Reply

      PKCano
      AskWoody MVP

      Pensioner Lady further update… Tried again on my laptop but still no Rollup being offered. Uninstalled Avast AV and turned on Windows Defender … still no update offered and on checking regedit.exe still no ‘key’. Closed Defender and installed Avira AV and voila…. I now have updates…..

      The later version of Avira set the Registry key for you.

    • #166446 Reply

      anonymous

      Walker – Pensioner Lady here

      Yes – Lenovo Desktop was no problem.  I wasnt getting offered any monthly rollup for my laptop but was offered KB4056894  after changing AV from Avast to Avira (the new 2018 edition). The download and installation on both machines was fine.

       

       

    • #166818 Reply

      anonymous

      BSOD’d  after KB4058258. An elder friend’s HP Notebook i3-7100U running Win 10 home x64 1709 (16299.192).

      “inaccessible boot device”

      Restore to pre-KB4058258 restore point (and then one older one) claims sucess, but still un-bootable.
      Same update same day on his wife’s HP and my Dell, with no apparent problems.

    • #167108 Reply

      Northwest Rick
      AskWoody Lounger

      G’day!  I seem to have survived yesterday’s Jan 2018 updates for Win7 (AMD desktop) & Win10 (Intel laptop) without incident.  What prompts me to write today is Woody’s observation for Win7 patches in his Feb 5 “snake oil” column (not the first appearance):

      “…the privacy path’s getting more difficult. The old “Group B” – security patches only – isn’t dead, but it’s no longer within the grasp of typical Windows customers.”

      Let me be clear:  I am not nitpicking.  I am, however, genuinely puzzled.  Follow…

      Back in the day (1990’s) I was considered to be the “tech genius” in our small low-tech office, people frequently coming to me for help untying their computer knots more creatively than pitching a shoe at their screens.  I was the senior engineer, so no surprise there.  Not a computer or electrical engineer, mind you, but when there is a “P.E.” after your name, people expect you to know how to do everything from designing a bridge to fixing a malfunctioning vacuum cleaner or can opener.

      I had acquired basic DOS literacy, so I was able to solve 90% of my colleagues’ problems, but I was embarrassed by the adulation which followed, repeatedly pointing out that “I just know 10% more than YOU do, which just makes me SEEM like a genius!”

      That gets me back to Woody’s observation.  Especially in the Windows era, I consider myself a “typical” user – a Group B refusenik, yes, but otherwise typical.  It seems to me, Woody and his compadres ( @pkcano, @mrbrian and others) have made the Group B option ridiculously easy, reducing it to a strictly paint-by-numbers operation.  Another memory that comes to mind is the hall floors of the famous Oakland Induction Center (the gateway to the infamous Vietnam War when I walked them), which were densely painted with multi-color arrows leading hither and yon, so even the most mentally challenged among us could find their way to the next station in the induction process.

      So, all I do is list my installed updates (Control Panel>Programs>Programs and Features>Installed Updates) to confirm I am up-to-date before I start, find the new updates in @pkcano‘s AKB 2000003, follow the crystal-clear steps, and voilà – I’m done!

      What’s so difficult about that??  I am getting that uneasy feeling one gets just before discovering that he is doing it all wrong, and missing some essential step!

      If I am, I hope someone sets me straight pronto!

      If not, then Woody’s estimation of the “typical Windows customer” is either excessively low – or mine is too high!  🙂

      – Northwest Rick

      • #167202 Reply

        Elly
        AskWoody MVP

        Hello Northwest Rick,

        I, too, am Group B… and I find it quite simple to follow… but I’ve been doing it since its inception, here at the Lounge.

        Group B works well for people who want to avoid telemetry being added to their systems, or that need to avoid a particular patch that causes havoc on their Win 7 or Win 8.1 system.

        There was some concern that a fix for a security update might be included in the non-security updates. I don’t remember now how that worked out, but I continued doing only the security updates and have had no problems.

        Then there is an issue of having to either hide or install all available updates before certain (servicing stack?) updates are even offered through Windows Update… and every month you need to make sure everything is installed or hidden, and run Windows Update one more time, to see what shows up. MrBrian spent a lot of time testing and figuring it out. He made it relatively easy for us, but it was a lot of work for him.

        Group B has to update IE separately, but Group A has it updated automatically. Yes, they provide the links, but it is one more thing that makes it more complicated, or that someone could forget to do.

        It can be difficult for some people to understand that there was a particular time that the rollups started, and that they can’t just skip back and forth between the Monthly Quality and Security Rollups and the Security only updates and get the results that they are expecting. Once a Group B computer is updated with the Monthly Quality and Security Rollup, it is Group A. The reverse is not true. Microsoft made it confusing by having ‘Security’ in the name of both updates. Rollups are Group A… unless we are talking about .Net… See… it gets confusing to explain.

        Then there are the people who come here recently, and like the idea of Group B updating, having stopped updating entirely for some time, or having regularly updated with the Rollups… It can be done/undone… but it is time consuming and every monthly security update has to be installed… and it is relatively easy to accidentally skip this or that and have less than a fully updated machine, and not even know it. There are 100’s of updates if you decide to do a clean install, and start back from scratch, and you don’t install certain updates to avoid the telemetry, so you have to pay attention… and all those KB numbers can make your head spin. So, it takes some commitment.

        It is a lot easier to tell people to join Group A and  just install the latest cumulative rollup and be done with it.

        That said, the MPVs do an outstanding job helping people find their way… even us, the more difficult to explain and support, Group B types.

        Win 7 Home, 64 bit, Group B

        4 users thanked author for this post.
        • #167264 Reply

          Northwest Rick
          AskWoody Lounger

          G’day Elly,

          Thanks for addressing my perplexity. You managed to be both thorough and brief, a balance I strive for myself, alas with mixed results. Though I realize that we live in an age of severely truncated attention spans, most things worth discussing simply cannot be reduced to a bumper sticker.

          The important thing is, no one has so far told me: “RED ALERT! You skipped Step X!” I suspected much of what you have suggested, but I wanted to hear it from an independent source. Thank you for volunteering! 🙂

          The problem with saying an option isn’t dead but becoming progressively more difficult is, it strongly implies an eventual demise. As is usually true, it isn’t that simple, no?

          For those of us who are charter members since inception, and have faithfully kept our devices current according to that option, Group B seems to be internally sound and healthy. The only threat to its viability that I am aware of is external: if M$ stops offering complete security-only versions of monthly updates. So I would suggest, we should not be referring to it as “not dead”. It’s misleading. Those of us currently walking the planet aren’t dead either, and even though that may be our ultimate destination, most of us are focused on enjoying the vital and vibrant present, not morosely obsessed with the end game.

          But as you rightly point out, Group B is a considerably more complicated option for Johnny- and Mary-come-latelies, including followers of Group W. If they stopped updating long before the inception of Group B, they would have to follow the installation sequence laid out and maintained in @pkcano‘s AKB 2000003 step-by-step, in chronological sequence, cognizant of the fact that these are incremental, not cumulative, and cannot be skipped or omitted. Yes, that makes it more difficult, but neither impossible nor hopeless. If I were in that position, I would view it as an effort worth undertaking and roll up my sleeves, rather than moaning “woe is me!”

          Similarly, if some members of Group A (formally or not) suddenly determine themselves to be on the “wrong” track (a subjective, not objective judgment), and decide to switch to Group B, that door is not closed either. As you also point out, they would have to uninstall rollups back to Group B inception, then do what is described in the previous paragraph.

          I don’t know about you, but I have never been defeated by the mere difficulty of an undertaking I determined to be either worthwhile or essential (sometimes both). It’s a question of personal choice, not one of being thwarted by a daunting obstacle, no?

          So, perhaps monthly Group B instructions should begin with something like this:

          “The Group B option works well for those who have followed it since inception, but because manually processed security-only updates are not cumulative, and must be installed in chronological order, it is not possible to jump in at any time. Those considering switching to Group B must either have stopped updating before inception, or must first uninstall any rollups processed since inception.”

          You are quite right that Woody’s team continues to provide yeoman service in the background. I have consistently acknowledged this in my periodic comments, even backed up my appreciation through periodic monetary contributions to askwoody.com. But I am pretty sure that references to degree-of-difficulty are warnings to end users, not attempts to generate sympathy for the team itself, who after all are professionals, no?

          Thanks again for sharing your thoughts with me Elly. May fortune continue to smile on us in Group B. Cheers! 🙂

          – Northwest Rick

    • #167122 Reply

      MrBrian
      AskWoody MVP

      So, all I do is list my installed updates (Control Panel>Programs>Programs and Features>Installed Updates) to confirm I am up-to-date before I start, find the new updates in @pkcano‘s AKB 2000003, follow the crystal-clear steps, and voilà – I’m done!

      What’s so difficult about that?? I am getting that uneasy feeling one gets just before discovering that he is doing it all wrong, and missing some essential step!

      There is specialized advice for the January 2018 updates.

      1 user thanked author for this post.
      • #167153 Reply

        Northwest Rick
        AskWoody Lounger

        All caveats have been observed.  Do you mean antivirus-compliant registry entry and chip maker awareness?  Confirmed those a month ago, when the Spectre/Meltdown issue first emerged.

        Maintaining a current system image as a fall-back, not placing a check next to unchecked items, avoiding anything marked “Preview” and avoiding telemetry or driver-related updates?  Those have been standing guidelines for some time already.

        Avoiding firmware patches was part of an alert from Woody (“Belay that order!”) weeks ago, (not that I needed it – my default position is “don’t do it before consensus develops!”)

        Anything else?  Thanks!

        BTW, Woody’s assessment regarding the “difficulty” of the Group B approach predates all of these complications, so remains a head-scratcher for me…

        1 user thanked author for this post.
    • #167157 Reply

      MrBrian
      AskWoody MVP

      All caveats have been observed. Do you mean antivirus-compliant registry entry and chip maker awareness?

      Yes, and for Windows 8.1 there is an additional “PIC and APIC interrupt controllers” issue.

      2 users thanked author for this post.
    • #167247 Reply

      MrBrian
      AskWoody MVP

      It can be difficult for some people to understand that there was a particular time that the rollups started, and that they can’t just skip back and forth between the Monthly Quality and Security Rollups and the Security only updates and get the results that they are expecting. Once a Group B computer is updated with the Monthly Quality and Security Rollup, it is Group A. The reverse is not true.

      There is no problem that I am aware of with switching from Group A to Group B. Windows monthly rollups can be uninstalled if they are no longer wanted.

      2 users thanked author for this post.
      • #167734 Reply

        Elly
        AskWoody MVP

        I wasn’t saying that you can’t switch back to Group B, only that as long as there are rollups installed, and you start installing the Security Only updates, you aren’t accomplishing what Group B is for… unless you are only trying to avoid a particular update going forward. The rollups install telemetry…

        Win 7 Home, 64 bit, Group B

        • #167743 Reply

          MrBrian
          AskWoody MVP

          The rollups install telemetry…

          The Windows monthly rollups, as well as some other updates, install Diagnostics Tracking Service, but it’s KB2952664 (Win 7) and KB2976978 (Win 8.1) that are responsible for the telemetry that most here who are concerned about telemetry seem to care about. KB2952664 (at least in the older version(s) that I tested) does not need Diagnostics Tracking Service installed to send telemetry to Microsoft.

          • #167749 Reply

            Elly
            AskWoody MVP

            Does that mean the Diagnostics Tracking Service as installed by the rollups doesn’t send info back to Microsoft unless KB2952664 (Win 7) and KB2976978 (Win 8.1) are installed?

            Win 7 Home, 64 bit, Group B

            • #167751 Reply

              MrBrian
              AskWoody MVP

              Does that mean the Diagnostics Tracking Service as installed by the rollups doesn’t send info back to Microsoft unless KB2952664 (Win 7) and KB2976978 (Win 8.1) are installed?

              Some third-party programs can use Diagnostics Tracking Service to send telemetry. If not participating in Windows Customer Experience Improvement Program, then I didn’t find evidence that anything else within Windows 7 sends telemetry via Diagnostics Tracking Service, except for a little bit by KB2952664; reference: https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/#post-21467.

              Here’s what I did regarding telemetry (Win 7):

              1. Be in Group A.

              2. Turn off Windows Customer Experience Improvement Program.

              3. Don’t install KB2952664.

              4. Don’t install KB3021917.

              A topic that may be of interest: Care to join a Win7 snooping test?

               

              3 users thanked author for this post.
    • #167249 Reply

      Cascadian
      AskWoody Lounger

      G’day! I seem to have survived yesterday’s Jan 2018 updates for Win7 (AMD desktop) & Win10 (Intel laptop) without incident. …
      Let me be clear: I am not nitpicking. I am, however, genuinely puzzled. Follow…
      What’s so difficult about that?? I am getting that uneasy feeling …
      If not, then Woody’s estimation of the “typical Windows customer” is either excessively low – or mine is too high!

      Glad it all went well for you, Rick. And I do believe you are doing it correctly. Many of the ‘difficult’ things flow right by you from familiarity.

      But Woody writes his tips for both you and FamilyMan here, and many others besides. Needing to meet everyone’s needs might lead to generalizations. You have the experience and skill to perform the monthly task with no problem. FamilyMan may have just as much knowledge and skill, but lacks experience in the AskWoody jargon and presentation style. Others may not approach the same skill or comfort level.

      The phrase that troubles you could be the phrase that gives these folks hope in the middle of a hopeless mess. They may be looking for the simple way to get this tedious process done and move on to life away from the silicon pile. It is good that you do not find it tedious. But I have seen fear in their eyes, and anguish in their voice disappear after reading Woody. He communicates in a way that I cannot. And I am glad that he has helped people recover sanity. Some are people that I only got from one month to the next, never succeeding to make them feel they could do it themselves. Now they do.

      1 user thanked author for this post.
      • #167288 Reply

        Northwest Rick
        AskWoody Lounger

        Hey Cascadian,

        I do realize that a range of abilities is being addressed, but IMHO discussion about Group B has been unnecessarily pessimistic.  You may recall, Woody opened up a topic about the very viability of Group B a while back.  That did not leave me feeling warm and fuzzy!  When people start questioning whether something is viable, one starts looking to see if the undertaker is rolling up the driveway!

        I have never had much affection for the Windows interface (I actually preferred DOS);  I have grown comfortable with Win 7, but I positively loathe Win 10.  So I haven’t given much thought to the inner workings of either one.  In that sense, though I may have a problem-solving nature and peripheral abilities, I too rely on advice I find here.

        Group B seems to me to be a good response to relentless snooping by M$, one that appears to be working well, so I have trouble understanding why its drawbacks rather than its benefits continue to be emphasized.  I don’t see that to be a necessary element of addressing a broad audience.

        For me, the fallback option is not Group A, but Group W.  If Group B is allowed to wither on the vine, I will be forced to shift to post Win 7 support mode sooner than expected.  I know that day is coming, I just don’t see why we have to rush it.

        But hey, mine is just one opinion among many!  I don’t expect to win every battle, but I am not one to remain passive or silent when I sense the tide turning against my preferred outcome.  Cheers!

        -NR

        2 users thanked author for this post.
        • #167298 Reply

          Cascadian
          AskWoody Lounger

          Hi Northwest Rick,

          I hope I did not read as dismissive, I meant to add inclusion of others rather than diminish your opinion. I do remember Woody’s actively seeking opinions of his trusted readers on the utility of GroupB. And I think many voices were heard. That is specifically why Woody continues to acknowledge the option and link to the appropriate directions. If there was a battle for continuation of GroupB, consider it won not lost.

          Similar to your personal story, I wanted to offer the story of three specific people that I rolled into one short line, because they are unlikely to share their own experience. I don’t throw the word guru around much, and I hope Woody’s not too humble to hear it. To the kind of person who’s eyes glaze over when I step them through while they move the cursor around, there is a relief that is visible when they read a guru say this is difficult stuff. It doesn’t matter if a mere mortal like me reassures them. Reading it on Computerworld and linking to AskWoody gives them the feeling that this is a website they can trust. Woody has a flair for expression that reaches these people.

          I do use GroupA currently. And I do mean currently. When Microsoft sets something I do not want, I can wait until they convince me (MSDefcon), or opt for the pieces I do want (GroupB), while waiting for them to figure it out. At this current point, with my Win7, I am not convinced that GroupB excludes anything I have not already addressed through other means. Therefore I take advantage of the internal checklist available through Windows Update, and GroupA, when I choose to allow updates. I can switch to GroupB to protect my system from a future flaw when one becomes apparent. It will not suddenly revert me to OCT2016, but I do not expect or demand that.

          I am happy that the GroupB method continues to be curated. If I need it it is there. Returning to your ocean waters, you are a strong swimmer, and should be able to hear the lifeguard advise the nervous paddlers about the strength of the surf because they need the reassurance. They like knowing someone is looking out for them. It gives them the courage to learn to become a stronger swimmer themselves.

          1 user thanked author for this post.
        • #167310 Reply

          Cascadian
          AskWoody Lounger

          Hi again Northwest Rick,

          Staircase thoughts. They happen to me all the time. It is a separate point from my prior item, so commenting separately.

          I realized I failed to address your very first line “I do realize that a range of abilities is being addressed…” There is an error there that can be dismissive to others, and they may not let you know. I am sure you do not intend it that way. And I hope I did not perpetuate it myself.

          The choice to follow GroupA or GroupB might hinge on ability. But I believe there are people far more capable of making silicon sit up and bark while serving me a nice cup of coffee, and getting Jimmy out of the well. And they are choosing to use the GroupA method. I do not think it is lack of ability that drives their choice. Rather, a choice of comfort, expediency, or a knowledge based decision to receive the complete package on offer, because it meets their requirements.

          Every system and user may have unique requirements. There may also be a significant amount of overlap. Cheers to you as well.

          • This reply was modified 8 months, 1 week ago by  Cascadian. Reason: sloppy copypaste fixed
          1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 3: Lots of caveats, but it’s time to get patched

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.