MS-DEFCON 3: Most February 2018 patches are good to go

Topic

New Reply

Unless you’re running Windows 10 Fall Creators Update (version 1709), now’s a good time to get all outstanding Microsoft patches installed. Details co
[See the full post at: MS-DEFCON 3: Most February 2018 patches are good to go]

8 users thanked author for this post.

walker, JDeC, AJNorth, Elly, HiFlyer, Pepsiboy, WildBill, Tiernan

Reply | Quote

Replies

I am running Win 10 Pro 1709.  I delayed updates but that delay only extends to 9 March.  My understanding is you don’t recommend installing updates fro 1709 but how can I extend my delay?  My understanding is I can not beyond the 30 days that I originally paused updates

BTW I did not want to be on 1709 but was having a problem Windows Update.  was on 1703.  MS reinstalled Windows the day 1709 was released and that was where I ended up.  Thanks Microsoft for not allowing me to choose.

2 users thanked author for this post.

HiFlyer, WildBill

Reply | Quote

You can download wushowhide.diagcab from MS and hide the updates.
Also, read Woody’s ComputerWorld articles on how to Temporarily Turn Off Windows Update and Block Windows Forced Updates.

1 user thanked author for this post.

walker

Reply | Quote

You can disable updates by enabling the Manage preview builds group policy via gpedit.msc under the Windows Update for Business hive until Microsoft unlocks this block or switch updates to notify mode via Configure Windows Updates under the Windows Update hive. Beside that, none of the machines here running Win 10 Pro 1709 was offered a cumulative/security update since December anyway. Looks like Microsoft no longer offers updates to Win 10 Pro 1709 via Windows Update (there are a number of such reports on Microsoft’s answer forum as well).

Reply | Quote

Microsoft is still updating Win10 1709 via Windows Update. However, in order to receive the updates there has to be an ALLOW RegKey set by your anti-virus software to indicate it is compatible prior to being offered the updates.

You should check that the Registry key is set.

Reply | Quote

Thanks! Since it’s March by now, just assume Windows Defender updates did set the key in the meantime. Nonetheless, even if set, the Pro version won’t get any cumulative or security updates via Windows Update. Obviously, some Microsoft [employee] messed up.. and, as usual, Microsoft doesn’t care.. So, without installing manually (Windows Update gives a d*** about registry/group policy settings in this case), no more Windows Updates for Win 10 Pro 1709. Period!

Reply | Quote

Muchas Gracias, Boss! Waiting for CW details; might have Click-to-Run update Office 2013 before then. Might not…

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Excuse me-can anyone tell me if these updates are safe to install for those with 1703? There’s update for x64 systems KB4056254, Update for 1703 x64 system kb4023814 and cumulative kb4077528. Those are the ones I am concerned about while antivirus, malware protection feb, even adobe player update are safe.

Edit to remove HTML

Reply | Quote

As soon as the link to the ComputerWorld article is posted on the blog page, there will be information on patches for 1703. Check it out when posted.

1 user thanked author for this post.

WildBill

Reply | Quote

Okay-Thanks PK. I won’t be installing until tomorrow or wednesday night. TONIGHT I am redownoading/reinstalling on my PS4 Final Fantasy 15 SINCE TOMORROW is the ROYAL EDITION release. Since I got the disk I am gonna buy the royal edition dlc for my game for 20 bucks or so and once I get home from work……THE FUN begins. 😀 New dungeons, new stuff and whatnot.

Also it takes like a few hours for the game to redownload and install on a PS4 so I gotta let it install while I sleep.

Reply | Quote

Hmmm… In Group B, Win7 Pro x64 and have a smart card reader. Where is the Security Only February patch which corrects this??? 🙁

Reply | Quote

Although it doesn’t specifically say so, the patch that corrects the Smart card problem KB4091290 is a Rollup. As a Group B patcher, you probably don’t want to install it. Read Woody’s ComputerWorld article for further information.

If you do want to install KB4091290, @MrBrian has determined that you will need to hide the Preview patch KB4075211 before it will show up on Windows Update

1 user thanked author for this post.

MrBrian

Reply | Quote

Yes, thanks. That was my point. No February Security Only patch to fix the smart card reader error created by BOTH the rollup and Security Only patches for February. Group W time? Windows Update as malware?

Was reading on an earlier thread from a beta guinea pig who got the same error I got after he installed the January S.O. patch, and on boot when trying to do a System restore, namely 0xc0000022….

Still have an image and data from 11/30/2017 which I needed to use to get my networking back after a freeze sometime after the Meltdown patch and hard boot broke it and sfc scannow couldn’t fix it and was/is still broken. Group W looks better all the time… 🙁 🙁 🙁

What does kb4074736 break BTW, and does the fix for that break something else?!  UGH…

 

1 user thanked author for this post.

JDeC

Reply | Quote

My 1709 machines have these updates and none of the problems.

I know there are problems, and yes, MS acknowledges it, but I’d argue there’s probably more people fully patched with no issues than there are people fully patched with problems. JMHO

1703 and 1709 so far have worked great for me, no issues with either; so much so that I’m hands-off with both. It’s nice to not have to fret over updates. (With daily Veeam backups for peace of mind “just in case”.)

3 users thanked author for this post.

BobbyB, b, Bobc

Reply | Quote

Step 2. Make a full system image backup before you install the January patches.

LOL! Obviously, Woody copied & pasted this from January’s CW article. Still, great advice to follow. Boss, maybe for April, say “… before you install any patches.” No need to change it this month… we all need a laugh!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

It occurs to me that maybe “the mad dash to two new versions of the last version of Windows per year” is Microsoft’s effort to quietly move us further and further away from their traditional way of doing things, and further and further along the new path they have envisioned for everyone. Everyone is so distracted with all of the bad patches that it is not easy to see the overall picture.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

3 users thanked author for this post.

HiFlyer, BobbyB, WildBill

Reply | Quote

Are you saying this is all distraction?

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

Possibly. Rumour has it that there is a reality out there beyond the virtual.

2 users thanked author for this post.

JDeC, Elly

Reply | Quote

“If you’re using Flash on Internet Explorer (or Edge) and haven’t yet installed the fix for CVE-2018-4878, described in Microsoft’s Security Advisory ADV180004, you’re vulnerable to a Malspam campaign attack described by Morphisec Labs. Of course, if you avoid Flash and/or use a different browser, you have little to fear.”

And nothing to fear if you’re using Windows 7 which doesn’t appear on the list of affected products.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

3 users thanked author for this post.

Lori, anita.yk, JDeC

Reply | Quote

Windows 7 doesn’t update Adobe Flash. If you use Windows 7 and Adobe Flash, make sure you’re using the latest version of Adobe Flash.

4 users thanked author for this post.

woody, SueW, samak, JDeC

Reply | Quote

@Woody

Hi. Fyi: your CW article states

Windows 7 users who install the latest patches (Monthly Rollup KB 4074598, or Security-Only KB 4077525)…

Any chance you meant KB4074598 for security-only patch? (Think KB4077525 might be for Win10.)

Hope this helps.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Egads, I did it too…

I wrote:
Any chance you meant KB4074598 for security-only patch?

I should have written:
Any chance you meant KB4074587 for security-only patch?

(Sorry for any confusion, should have reread before hitting submit.)

1 user thanked author for this post.

HiFlyer

Reply | Quote

I figured it out. KB4077525 is for Server 2016. I sent a message to Woody.

Thanks for the heads up.

2 users thanked author for this post.

HiFlyer, WildBill

Reply | Quote

Same here.

I was about to post precisely the same point when I saw yours.

Reply | Quote

Following advice from @PKCano, I installed KB4057400 When we moved to Def-con 3 for January. Since this is a preview rollup, do I need to do anything extra before installing the normal February rollup?

Reply | Quote

Other than reading Woody’s article for the pitfalls, you don’t need anything extra.

2 users thanked author for this post.

HiFlyer, Moonbear

Reply | Quote

Thanks @PKCano, before last month I had never installed a preview rollup so to be honest I fully expected more hoops to jump through.

Reply | Quote

Just did the updates via Windows Update on two W7 SP1 Home Premium 64-bit computers. With the Defcon 3 green light. Fingers crossed offcourse.

I had not applied updates for a few months given all the depressions raging over patch land. I am happy to say that both computers are still up and running and so far I see no problems.

One of them my main machine used daily has a Windows 7 install from 2009. Over the years I have made regular use of this site to prevent Microsoft from converting it into a Windows 10 PC. I hope that with this site support I can add a few more years of Windows 7 use on both computers.

Thank you very much!

2 users thanked author for this post.

HiFlyer, AlphaCharlie

Reply | Quote

…You know what, forget it.
I’m not even going to bother installing anymore Windows Updates (other than the ones for Windows Defender) after January’s fiasco.

Reply | Quote

Unfortunately, you can’t just forget about them.

Case in point: Last year’s patches to fend off EternalBlue. You had to patch sooner or later.

Most people make the mistake of assuming they have to patch as soon as MS pushes the patch out the chute. They don’t. But you do have do the dirty deed eventually.

1 user thanked author for this post.

SueW

Reply | Quote

Just do a full backup of your computer before running updates. And make sure you have a good emergency boot disk from your backup software.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

2 users thanked author for this post.

wavy, SueW

Reply | Quote

following article
https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ i installed security only (groub b) patches on both windows 7 (three this month) and on windows 8.1 (two as usual).

after reboot i installed all important patches (office, msrt, defender, flash,…). of course NO nvidia and no quality-thingy…

as usual i also installed no optionals, so also no .net patches installed this month at all…

1 user thanked author for this post.

SueW

Reply | Quote

I hid kb4091290 when it came in and just did a restore and it was optional and unchecked.

Also the kb2952664 was hidden and when I restored it was also unchecked. Should I install them? Both are hidden again.

Preview patch KB4075211  was hidden and now its gone.

Edit to remove HTML

Reply | Quote

kb4091290 showed up because you hid KB4075211. It is a Rollup, but unless you have a Smart Card reader, you do not need it.

KB2952664 is one of MS’s snooping telemetry patches. Unless you want the telemetry, HIDE it again.

Reply | Quote

I don’t know if I have a smart card or not. What is a smart card?

1 user thanked author for this post.

Charlie

Reply | Quote

I looked it up, nope we don’t have a smart card. Thank you PK

Reply | Quote

Does anyone know if the ‘WIN7 reboot to black screen’ issue was ever resolved? It apparently caused some machines to go into a strange hibernation state when rebooted using a ‘restart’ button with the only way out being a forced restart via a power switch. Last I read here at AskWoody was to either uninstall the patch – either the February Rollup or security only patch – or to turn off hibernation, or to never restart the machine with a ‘restart’ button (in other words shut the machine down completely and then start it up again).

Thanks.

1 user thanked author for this post.

JDeC

Reply | Quote

@DrBonzo,

I have Win 7 Home, on a Sandy Bridge processor… and I delayed installing January updates past the all clear by Woody, because of the same concerns. @Lizzytish had reassured me that her updating on a similar system had gone well. I have now updated January and February Group B style. I deliberately did a restart after updating today, and found no problems. There was a slightly scary moment when the screen was black, with only a cursor… but it didn’t stay that way for more than a few (long) seconds.

Non-techy Win 10 Pro and Linux Mint experimenter

4 users thanked author for this post.

anita.yk, JDeC, SueW, DrBonzo

Reply | Quote

On my Windows 7 Pro Ivy Bridge machine, installing the February KB4074598 with MS-Defcon 3 brought back the reboot problem, so I removed KB4074598 and the problem was gone. Interestingly, the first reboot after installing the February patch was fine, but the problem came back on the reboots after that.

4 users thanked author for this post.

jburk07, anita.yk, DrBonzo, woody

Reply | Quote

@w5pny – Thanks. When you say ‘reboot’, do you mean 1)rebooting from either a ‘restart’ button or from the restart option on the start menu, or 2) a boot after the machine has been completely shut-down?

I’m wondering because I could live with never using a restart button as long as my machine will boot from what I would call a cold start. Also, if I do get a black screen it would be nice if a forced shutdown with the power button followed by a boot will get my machine up and running. From what I’ve read, this latter option has worked for folks who’ve had the black screen issue.

Reply | Quote

The problem happens with either the “restart” from the Start menu or the “restart” from the restart/shutdown button on the login screen.  If one chooses “shutdown” in either of those cases, the machine shuts down and powers off normally, and the boot up from turning the power back on happens normally.  Since I dual-boot on my machines with Windows 7 or Ubuntu Xenial, I’m using the “restart” much more than I use “shutdown”.  It turns out all my machines are either Sandy Bridge or Ivy Bridge so this problem is a pain.

3 users thanked author for this post.

anita.yk, DrBonzo, Elly

Reply | Quote

@w5pny-

I never installed the monthly rollup, just the February security only… I did restart multiple times, and no problems were triggered.

Wish I had a test machine to play with… but no monthy rollups going on this one just to test things out!

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

JDeC

Reply | Quote

Regarding KB4077525 and Server 2016, the list of known issues sounds really encouraging: Because of an AD FS server issue that causes the WID AD FS database to become unusable after a restart, the AD FS service may fail to start. There is no way to undo the database corruption. To return your AD FS server to a functional state, you must restore it from a backup.

Yay! QA FTW!

1 user thanked author for this post.

woody

Reply | Quote

anonymous wrote:

Because of an AD FS server issue that causes the WID AD FS database to become unusable after a restart, the AD FS service may fail to start. There is no way to undo the database corruption. To return your AD FS server to a functional state, you must restore it from a backup.

OMG. I missed that one! In the Computerworld article I talked about the ADFS problem with the Win10 1709 patch KB 4074588. But I had no idea the same problem hits KB4077525 and Server 2016.

Reply | Quote

I think W10/2016 patching is a lost battle… Returning to this very same KB4077525. There’s been a well known issue with NTFS deduplication on W2016, causing data corruption with big (2TB+) files – see https://blogs.technet.microsoft.com/filecab/2017/01/30/windows-server-2016-data-deduplication-users-please-install-kb3216755/. Note it’s dated Jan 2017. The advise back then was to install Windows 10 {!!!) hotfix KB4013429. As everyone is well aware, Windows 10 does not support deduplication at all. So, the way to release patches for serious problem that noone but enterprise server OS users will hit, according to the Redmond genie, is to hide them inside client-only insider preview patches.

Slow forward to Mar 2018 – lookie, our KB4077525 mentions:

– Addresses issue where a file that is optimized and is less than 2.2 TB may be corrupted by the Dedup process when the file is updated to exceed 2.2 TB.

– Addresses issue where a file is always marked as corrupted—even though it isn’t—when running a full Dedup scrub on a file larger than 2.2 TB.

The very same gentlemen who claim to “take your data integrity extremely seriously” took 14 months to (re)release the fix in a way every sane person out there would have expected from the very beginning.

You gotta be kidding me!!! :-X

3 users thanked author for this post.

anita.yk, woody, MrBrian

Reply | Quote

Woody,

I appreciate all your hard work, but in future would it be possible to change the DEFCON level before the weekend, e.g., on Friday?

For two months in a row you’ve changed it on a Monday, but I, and I suspect a lot of home users, don’t have time to install patches until the weekend.

A Monday DEFCON change is like having a dashboard light come on that says “You need to change your oil RIGHT NOW“, but unfortunately you’re on the freeway and the nearest exit is five miles away.

Thanks.

1 user thanked author for this post.

MrBrian

Reply | Quote

Patch Tuesday isn’t until the 13th of March. You should have time next weekend to update before Microsoft does its next dirty deed. 🙂

3 users thanked author for this post.

HiFlyer, alpha128, JDeC

Reply | Quote

PKCano wrote:

Patch Tuesday isn’t until the 13th of March. You should have time next weekend to update before Microsoft does its next dirty deed. ??

And I will patch next weekend.

But the thing is, if I don’t patch and we’re at MS-DEFCON 2, I’m prudent. If Woody changes to MS-DEFCON 3 on a Monday, but I don’t patch until Saturday, then I’m negligent for several days. No one likes to be negligent.

Last month I stayed up late on Thursday night to install the patches, and regretted it all day at work the following Friday. I don’t want to do that again.

Reply | Quote

There’s nothing as good as being retired! Or is that re-tread?

2 users thanked author for this post.

JDeC, SueW

Reply | Quote

PKCano wrote:

There’s nothing as good as being retired! Or is that re-tread?

All I know is if I patch on a weeknight the next day I’m half-dead! 🙂

Reply | Quote

alpha128, I’m retired and can patch any day after Woody goes MS-DEFCON 3, including the day of if I want. I have three computers: a desktop, a laptop, and a 3-in-1. I’ve found I’m more comfortable waiting until the weekend before the next Patch Tuesday to get updated. I follow this site carefully while I’m waiting to see how the updating is going for everyone, just in case. If there’s problems, I would have no compunction whatsoever in skipping updating for a month or two until MS gets their act together. I’ve never had to do it yet, though, and doubt very much I ever will. But that’s just me. You should do what’s comfortable for you. But as PKCano said, “Patch Tuesday isn’t until the 13th of March. You should have time next weekend to update before Microsoft does its next dirty deed.” That’s exactly how I’ve been doing it for two years.

3 users thanked author for this post.

HiFlyer, JDeC, SueW

Reply | Quote

dononline wrote:

alpha128, I’m retired and can patch any day after Woody goes MS-DEFCON 3, including the day of if I want… I’ve found I’m more comfortable waiting until the weekend before the next Patch Tuesday to get updated… You should have time next weekend to update before Microsoft does its next dirty deed.” That’s exactly how I’ve been doing it for two years.

I prefer to be more timely with the application of updates after Woody changes the MS-DEFCON level.  But changing the level on a Monday makes it difficult, if not impossible, to do that.

It’s the same thing as when the maintenance minder goes off in my car.  It’s set to go off at 15% oil life, but I schedule my next service appointment immediately afterwards because I can’t stand looking at that indicator light. 🙂

Reply | Quote

I’ll consider changing on Fridays, if therer are no major outstanding issues.

This month I changed on Monday morning and by Monday afternoon, Microsoft had released a fix for the one really onerous bad patch.

Can’t hardly win for losin’, eh?

12 users thanked author for this post.

AJNorth, SueW, anita.yk, Cascadian, alpha128, JDeC, dononline, Elly, HiFlyer, walker, WildBill, MrBrian

Reply | Quote

woody wrote:

I’ll consider changing on Fridays, if there are no major outstanding issues.

Thanks!

Reply | Quote

Just want to put my two cents in, as there are many people who run on non-traditional schedules (law enforcement,medical and other 24 hour facilities). Also there are cultural issues about what a good time to do things on the weekend is (dusk on Friday, Saturday observances for some, and Sunday for others). Then there is the time differences being discussed, so that what arrives at midnight for one is 7AM for another.

Maybe I just have an eclectic group of friends, but none of them run Monday-Friday with weekends off type of schedules, religious observances aside. Some of them, preferentially, work double shifts (16 hours) on weekends because of shift differentials and overtime. Banks, schools and government offices do follow a Monday-Friday cycle. It is relatively easy to learn to time shift (make my own adjustments) rather than try and make the world adjust to me (it won’t, stubbed my toe on that one a long time ago). If you go anywhere on a weekend you will see people working… who do you think is running that store, Starbucks, gas station, or other spot you are relaxing at?  They don’t have a chance to sit back and update on a weekend, at all.

I would prefer Woody to assess the time to post a change in Defcon based on the risk of infection vs risk of bad updates. Then we can all figure out when it works best for us to update. I know that might shock people who are used to daytime work hours on a Monday-Friday schedule… but it is what millions of people are doing week in and week out… and they don’t get holiday’s off, either…

Non-techy Win 10 Pro and Linux Mint experimenter

4 users thanked author for this post.

Kathy70, SueW, jburk07, dononline

Reply | Quote

alpha128 wrote:

I prefer to be more timely with the application of updates after Woody changes the MS-DEFCON level. But changing the level on a Monday makes it difficult, if not impossible, to do that.

Understood. I was just sharing what’s comfortable for me, but, as I said, you should do what’s comfortable for you. However, it might not always be prudent for Woody to push the MS-DEFCON 3 button on a Friday, what with MS’s history of pushing out botched patches to fix botched patches at any time since going WaaS crazy. Sometimes, waiting a couple or three days could save us all a whole lot of grief, and Woody from having a bunch of unhappy — and loud — campers on his hands!

2 users thanked author for this post.

SueW, HiFlyer

Reply | Quote

I think very late Friday night (in USA) would be the best time because it’s probably less likely that Microsoft will release updates on Saturdays or Sundays.

4 users thanked author for this post.

HiFlyer, walker, woody, alpha128

Reply | Quote

I noticed that the series of updates this year were specifically geared at locking out those if us less PC savy. I have repeatedly contacted microjunk to stop forcing updates on my PC as it is around 4 years old yet they kept sending update after update each conflicting with my settings eventually leading me on a path that says i need the disk to regain systems, of which i never had as the equipment was preloaded, while the win10 update was done in good faith digitally. I use my PC to just play warcraft and browse or pay bills so no big deal yet each update took me further and further away from recovery.. now my PC is in the closet until i can buy a new one as i plan to prove microjunk has an agenda of destroying machines over 5 years old and i can see the pattern they used with my closert case.. i hated when they killed XP.. XP was like a Tank and i ran it with zero security all day long, and yea.. some a**hat or 5 infested it and sent out so much spam it took road runner two weeks to find out who was doing it but hey… if we all did it should be golden! Microjunk

1 user thanked author for this post.

HiFlyer

Reply | Quote

Any word or article yet on the win 10 1703 updates-which ones are safe to install and which are not?

Reply | Quote

I have installed KB4074592 (Build 15063.909) without any problem. I have not installed KB4077528 (the latest Build 15063.936). The rest are OK – MSRT, Flash, Office

Reply | Quote

PK What about KB4056254, and  kb4023814-ARE Those two alright to install as well or do one or the other or both need to be avoided?

Reply | Quote

@abbodi86 gives a good description of those patches here.

2 users thanked author for this post.

JDeC, woody

Reply | Quote

I see! Those sneaky devils! Trying to force WIN 10 1709 on us again huh? I don’t think so~Thanks for the 411 PK. I appreciate it.

….Say were these given before? I forgot but it almost deja vu?

Reply | Quote

Almost like KB2952664 in Win7 – They keep coming back like a bad Penny!

1 user thanked author for this post.

woody

Reply | Quote

A crusty, sticky, icky penny that nobody wants. Also is the cumulative update safe though? Ya know the cumulative update for Feb? Is it safe to install? Just wanna know-I know you said you didn’t install it yet, but did you get the chance PK?

1 user thanked author for this post.

JDeC

Reply | Quote

Two updates for Windows 10 v1709 were released today: March 5, 2018—KB4090913 (OS Build 16299.251) and Servicing stack update for Windows 10 Version 1709: March 5, 2018.

Reply | Quote

According to Microsoft, KB4090913 has three known issues (in addition to the ALLOW Regkey having to be set):

Windows Update History reports that KB4054517 failed to install because of error 0x80070643.

Microsoft is working on a resolution and will provide an update in an upcoming release.

After installing this update, some devices may fail to start, and return INACCESSIBLE_BOOT_DEVICE.

This issue occurs when the windows update servicing stack incorrectly skips installing the newer version of some critical drivers in the cumulative update and uninstalls the currently active drivers during maintenance.

Microsoft is working on a resolution and will provide an update in an upcoming release.
Workaround steps are available in KB4075150.

And

Because of an AD FS server issue that causes the WID AD FS database to become unusable after a restart, the AD FS service may fail to start.

There is no way to undo the database corruption. To return your AD FS server to a functional state, you must restore it from a backup.

Reply | Quote

PKCano wrote:

I have installed KB4074592 (Build 15063.909) without any problem. I have not installed KB4077528 (the latest Build 15063.936). The rest are OK – MSRT, Flash, Office

4074592 and not 4077528

I have both saved from Update Catalog.  Figured I’d install 4077528 upon Defcon 3+.

Then I read your post.

Why install 4074592 and not install 4077528?

Thanks

Reply | Quote

Susan’s Patch Lady Master Patch list says it’s OK and the MS pages don’t show any known issues.
It has a lot of fixes.

I just didn’t install it (I updated earlier before it was issued – I’m one of the Guinea Pigs. Don’t tell anyone)

1 user thanked author for this post.

bjm

Reply | Quote

So PK it’s safe to install 4077528? I plan to install updates tonight so I just wanted to clarify it. :3

Edit to remove HTML. Please convert to plain text before cut/paste.

Reply | Quote

Yes

Reply | Quote

Alright, I’ll install the safe updates tonight before bed and after they’re installed, defragment and such and test things out before hitting the sack. 🙂 Thanks again PK-your a life safer. Still I hope in March’s patch we don’t get any “forced update to 1709” hidden in any update to system updates. I SWEAR WINDOWS/MICROSOFT IS TRYING TO force feed us 1709 by hiding it in updates.

Reply | Quote

Personally, I installed 4077528 on 2/22/18 and have had no ill effects on my HP laptop with 1703. YMMV

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

bjm

Reply | Quote

@PKCano, I never thought of this when I asked my original question, how do I check if my system has a smart card reader or has a smart card installed? The Services window has the 2 smart card services set to manual and I know I didn’t set them that way, would that most likely mean that I don’t have one installed?

Reply | Quote

I believe the smart card is used in two-factor identification. If you are not using it, you need not be concerned.

3 users thanked author for this post.

jburk07, woody, Moonbear

Reply | Quote

I skipped the January patches for my Win7 machines due to some reported problems.  Given that the February patches will presumably supersede the (skipped) January patches, is there anything to beware of?

Thanks.

Marty

Reply | Quote

You’ll be getting the Windows Spectre/Meltdown fixes for the first time. The Windows Spectre/Meltdown fixes are not compatible with some security programs, as Woody’s article mentioned.

If you’re in Group B, I recommend that you install the February 2018 Windows security-only update first, and then the January 2018 Windows security-only update, in order to avoid the other issues (such as the AMD processor issue) that the January 2018 Windows security-only update has. You don’t need to reboot in between the installation of these two updates.

6 users thanked author for this post.

Steve, JDeC, Elly, woody, HiFlyer, Marty

Reply | Quote

I am also Win7 64-bit Group B. My Jan update KB4073578 repeatedly failed to install (Windows Update Failed Reverting Changes upon reboot).  I initially tried KB 4056897 (which also failed) because I do not have an AMD processor. Will installing Feb Update prior to Jan Update now correct this? Should I re-download Jan Update for a “most current” version?

Thx!

Reply | Quote

“Will installing Feb Update prior to Jan Update now correct this?”

I doubt it. Your problem probably isn’t with the updates themselves, but with your Windows servicing subsystem. I recommend asking about it at https://www.sysnative.com/forums/windows-update/.

2 users thanked author for this post.

woody, HiFlyer

Reply | Quote

Group B win7 user.

A  question about these Feb patches, before I install them.

Feb 2018 (IE11) KB 4074736

Feb 2018 (IE11) KB 4088835 (released 2/22 fix MS Outlook Web App)

Do I need to install them both , in order , or just the 2/22 fix ?

Reply | Quote

The IE11 patches are cumulative, so the latest one contains all. But if you are not using Outlook Web App, you don’t HAVE TO install KB 4088835. KB 4074736will be sufficient.

3 users thanked author for this post.

JDeC, Elly, SueW

Reply | Quote

Well, no office365 , no exchange server or exchange online . So I guess no, I’m not using it.

Thanks

Reply | Quote

Windows 7 Group A users may wish to consider installing KB4091290 instead of KB4074598 because of the smart card fix that KB4091290 has. To do so in Windows Update, you may have to hide KB4075211 first and then check for updates.

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

Is KB4091290 its own patch? Or part of a different rollup? All I’ve done by reading the linked support articles is confuse myself.

Reply | Quote

KB4091290 is an update that can be considered a rollup per abbodi86.

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

KB4075211 is the Feb Preview patch. KB4091290 is basically the Preview patch + the fix for the smart card. If you are using a smart card, you should install the combined patch. If you are not using a smart card, you do not need the combined patch. If the Preview patch is UNCHECKED in the “optional updates” list, you do not need to install it b/c it will be included in the March Rollup.

4 users thanked author for this post.

HiFlyer, Elly, Moonbear, woody

Reply | Quote

Thanks again @PKCano, Turns out I was getting smart cards confused with Windows Cardspace. I was thinking that a smart card reader would be something IN the computer not external hardware. Also, would a smart card reader show up in the device manager window? If that would be the case, then I know that I don’t have one.

1 user thanked author for this post.

HiFlyer

Reply | Quote

PKCano wrote:

Susan’s Patch Lady Master Patch list says it’s OK and the MS pages don’t show any known issues. It has a lot of fixes. I just didn’t install it (I updated earlier before it was issued – I’m one of the Guinea Pigs. Don’t tell anyone)

Well, I installed stand-alone 4077528 and found Start Menu won’t display and found calendar won’t display.   Maybe, you were wise guinea pig to install 4074592 and not 4077528.
1703 (15063.936)
Comment?

Edit: I have updates for 1703 4023057, 4023814 hidden & update for W10 4056254 hidden.

Reply | Quote

CADesertRat wrote:

Personally, I installed 4077528 on 2/22/18 and have had no ill effects on my HP laptop with 1703. YMMV

Do you still find no ill effects with 4077528 (15063.936).

Reply | Quote

None so far.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Is 4074587 and 4074598 safe to install on server 2008 R2? I seen the article Woody wrote on computer world. He said it might have a memory leak? Thanks-

Reply | Quote

DrBonzo wrote:

Does anyone know if the ‘WIN7 reboot to black screen’ issue was ever resolved?

I don’t know if it was solved, but I’ve heard very few screams about it lately.

UPDATE: And now we have a report that the “reboot to black” problem is still there.

3 users thanked author for this post.

HiFlyer, JDeC, DrBonzo

Reply | Quote

I got three out of my four Windows machines backed up and patched. Working on the fourth one now.

Patch time is a great time to do a backup. Not only does it allow you to recover from a rogue update, but it keeps you on a regular backup schedule.

So if there’s a silver lining in the sometimes-bad patches that Microsoft sends our way, it keeps me on a regular backup schedule!

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

4 users thanked author for this post.

SueW, Cascadian, Elly, Capella

Reply | Quote

bjm wrote:

PKCano wrote:

Susan’s Patch Lady Master Patch list says it’s OK and the MS pages don’t show any known issues. It has a lot of fixes. I just didn’t install it (I updated earlier before it was issued – I’m one of the Guinea Pigs. Don’t tell anyone)

Well, I installed stand-alone 4077528 and found Start Menu won’t display and found calendar won’t display. Maybe, you were wise guinea pig to install 4074592 and not 4077528. 1703 (15063.936) Comment? Edit: I have updates for 1703 4023057, 4023814 hidden & update for W10 4056254 hidden.

Well, for those that pass this way.  I restored machine thru recent image.
Start Menu and calendar display okay, now.   I’m back at (15063.877).

So, unsure how to proceed.  Maybe, I’ll sit on my hands although @PKCano wrote 4074592 (15063.909) “has a lot of fixes”.

1 user thanked author for this post.

Elly

Reply | Quote

Those fixes will be in the March CU next week since Win10 1703 updates are cumulative. Wait and see what Patch Tues brings.

2 users thanked author for this post.

bjm, Elly

Reply | Quote

Win 7-64 SP1  Grp A — KB 4074598 Secur-Qual Rollup on 3/2 – and – MSRT + 2010 Office KB 4011707 – 3114874 – 4011711 (Outlook I actually don’t have) on 3/6. Macrium Images ready at each & no issues.

Awaiting directive on Net Framework 4.7.1. All is well.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

1 user thanked author for this post.

Cascadian

Reply | Quote

I’ve installed the Windows 7 monthly rollup and MSRT together with 4 Office 2010 updates on my “work” (I’m actually retired although busier now than I was before) machine ok, as well as the MSRT on my gaming machine – will add the rollup to that machine in a day or two assuming nothing adverse arises on the work machine in the meantime.

Thanks as always to Woody and the team for the advice on this, including of course our very own Patch Lady :)!

As for the timing of the changing DefCon ratings, my view is that they should be done when they’re ready and not before. These things shouldn’t be rushed, nor should anyone be hassled into working harder for us than they already do.

6 users thanked author for this post.

jburk07, dononline, SueW, Elly, HiFlyer, Cascadian

Reply | Quote

Re:   Seff  #172951

“As for the timing of the changing DefCon ratings, my view is that they should be done when they’re ready and not before. These things shouldn’t be rushed, nor should anyone be hassled into working harder for us than they already do.”

Hear, Hear!

4 users thanked author for this post.

jburk07, dononline, SueW, Elly

Reply | Quote

By way of update, I have now installed the monthly rollup ok on my second machine.

I’m only left now with KB4018314 re Outlook 2010 which was offered on my work machine after installing the other Office 2010 updates, but it is both optional and unchecked as well as being recommended for holding currently here so no action has been taken.

Reply | Quote

Windows 10 32bit 1703

Now Windows keeps thanking me for upgrading to Widows 10. After sleep. After restart. While I am working. Windows doesn’t care. It just seems to be overwhelmed with gratitude and cannot thank me enough.

 

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

Reply | Quote

SteveTree wrote:

Windows 10 32bit 1703 Now Windows keeps thanking me for upgrading to Widows 10. After sleep. After restart. While I am working. Windows doesn’t care. It just seems to be overwhelmed with gratitude and cannot thank me enough.

Now solved (touch wood). A check of updates revealed KB4073543  must have snuck around me. I used Used add or remove programs via Control Panel to uninstall the offensive update, restarted then opened wushowhide. KB4073543 was not listed to hide. Windows update run. It didn’t appear. Back to add or remove programs just to be sure. KB4073543 could not be seen. The wonders and mysteries of Win10 never seem to end.

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

Reply | Quote

And the “fun” starts all over again.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

Reply | Quote

Updated my Windows 10 v. 1703 system yesterday with February patches.  Still had “Feature update to Windows 10, version 1709” hidden.  Upon restart, got a screen stating something like additional security updates were needed and need to update to the latest Windows 10 version.  Downloaded started but I canned it and set metered connection back on before reconnecting to internet.  I want to told off updating to 1709.   Also I now see there is a Windows 10 Update Assistant icon on my desktop.   Is this the culprit?   Is it as simple as uninstalling this Update Assistant?  By the way, wushowhide still shows “Feature update to Windows 10, version 1709” hidden, but it doesn’t seem to make a difference.  Thanks.

Reply | Quote

KB4023057, KB4056254, KB4023814
If you see any of these installed or in the waiting queue, they are just eager to help you upgrade to 1709. You don’t need them until you are ready to upgrade.

You might want to read about those patches here.

Reply | Quote

Just to confirm, if any of these were installed, and I uninstalled the upgrade assistant from Programs and Features, should I still uninstall the culprit patch ( I believe mine is KB4023814)?

Reply | Quote

KB4023814 provides a notification that you should upgrade to the latest version. Do you want it?

Reply | Quote

No I don’t want it. I was able to find KB4023057 in the installed update list and uninstall it. But I can’t find KB4023814 in the list, so I don’t know where I should go to uninstall it.

Once I uninstalled KB4023057 from the “installed updates” screen, I was able to hide it (and strangely KB4023814, even though I didn’t uninstall it) using wushowhide tool, but the notification keeps on coming back…so it means KB4023814 is still installed on my system…

Reply | Quote

I checked my update history again, and it seems that I also installed KB4056254…this one is not on the installed updates list either, don’t know which one is prompting the motification

Reply | Quote

anonymous wrote:

Updated my Windows 10 v. 1703 system yesterday with February patches. Still had “Feature update to Windows 10, version 1709” hidden. Upon restart, got a screen stating something like additional security updates were needed and need to update to the latest Windows 10 version. Downloaded started but I canned it and set metered connection back on before reconnecting to internet. I want to told off updating to 1709. Also I now see there is a Windows 10 Update Assistant icon on my desktop. Is this the culprit? Is it as simple as uninstalling this Update Assistant? By the way, wushowhide still shows “Feature update to Windows 10, version 1709” hidden, but it doesn’t seem to make a difference. Thanks.

See my post above KB4073543 seems to be the problem.

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

Reply | Quote

If anyone is having severe problems with the February updates, see 2000009: Getting out of a no-boot situation after installing Windows updates.

1 user thanked author for this post.

woody

Reply | Quote

dononline wrote:

However, it might not always be prudent for Woody to push the MS-DEFCON 3 button on a Friday, what with MS’s history of pushing out botched patches to fix botched patches at any time since going WaaS crazy. Sometimes, waiting a couple or three days could save us all a whole lot of grief, and Woody from having a bunch of unhappy — and loud — campers on his hands!

As Woody said, if there are “no major outstanding issues” on a Friday 2-3 weeks after Patch Tuesday then it’s better to push the MS-DEFCON 3 button then.  Rather than wait until the following Monday, and have us miss out on a weekend patch opportunity.

2 users thanked author for this post.

MrBrian, HiFlyer

Reply | Quote

Running Win7 HP SP1 x64 here. I did Feb Security updates early yesterday and had no problems restarting after EACH update install. EXCEPT for the .NET updates. After installing the .NET updates, on restart I saw that my desktop had been COMPLETELY rearranged, it was set to “align to grid” and “sort by name”. Desktop was also locked. I could not move any icon or even use the icons to open programs. I tried to remove the .NET updates without success. Had to do a “Hard shutdown” with the power button. On starting up again, PART of the desktop was corrected, but not everything. I did another “Hard shutdown”. On restart everything looked OK. I did the .NET updates again, and on restart I saw the desktop flash. I did another ‘hard shutdown’, on restart everything seemed to be OK.

As of this morning, everything appears to be OK, with no more locked desktop. I don’t know if it had something to do with the .NET updates or if it was just my machine being stubborn.

IF there are any more problems, I’ll post here. If no more problems, I’ll be quiet.

Many thanks to Woody and the crew for all the help and advice given ! ! !

Dave

3 users thanked author for this post.

jburk07, SueW, Elly

Reply | Quote

Running Win10 1607. Didn’t patch in January 2018, did February 2018 patching last night. I got a “upgrade to the latest version of Win10” prompt screen after installing all the patches and restarting  the machine. Obviously, I didn’t click on “upgrade”. I went on programs and features, and saw a Windows 10 Upgrade Assistant installed. I uninstalled it. Hopefully, it won’t come back.

But here is my questions, does anyone know which patch installed this “useful tool”? If it’s on a standalone update, should I uninstall it?

Reply | Quote

bjm wrote:

bjm wrote:

PKCano wrote:

Susan’s Patch Lady Master Patch list says it’s OK and the MS pages don’t show any known issues. It has a lot of fixes. I just didn’t install it (I updated earlier before it was issued – I’m one of the Guinea Pigs. Don’t tell anyone)

Well, I installed stand-alone 4077528 and found Start Menu won’t display and found calendar won’t display. Maybe, you were wise guinea pig to install 4074592 and not 4077528. 1703 (15063.936) Comment? Edit: I have updates for 1703 4023057, 4023814 hidden & update for W10 4056254 hidden.

Well, for those that pass this way. I restored machine thru recent image. Start Menu and calendar display okay, now. I’m back at (15063.877). So, unsure how to proceed. Maybe, I’ll sit on my hands although @pkcano wrote 4074592 (15063.909) “has a lot of fixes”.

Well, again for those that pass this way.  I was curious to see if my problem with 4077528 was a one time fluke.   So, I ran 4074592 installer.
Coming out the other side…..4074592 stand-alone installer appears to have reproduced the same problem I observed with 4077528 stand-alone installer.     Namely, click Windows Icon > Start Menu does not display.  Click clock Icon > calendar does not display.  As before I restored machine.   Start Menu and calendar display okay, now with 15063.877.
Time to sit on my hands.   Regards to all.   Thanks

Reply | Quote

So… it sounds like the two .NET updates under optional updates are better left uninstalled?

Reply | Quote

Win 10 Home 1607 straggler here!  Just patched for the first time since December, and after taking an image first, held my breath while taking the plunge.  😉

With only the ‘Feature Update to 1709’ hidden by wushowhide, I opened up the chute, and let it rip!

The updates went according to plan, but I did get a surprise pop-up during the install, which I bypassed with ‘Remind me later’.  It left a nice shortcut on my desktop to a ‘Windows 10 Upgrade Assistant’, but otherwise made no upgrades.  The image is shown below.  🙂

https://i.imgur.com/gneb3B7.png

Windows 10 Pro 22H2

Reply | Quote

My Windows 10 Pro 1703 machine was current with the January patches, so i just updated to February without any issues.  Only hid the ‘Feature Update to 1709’ with wushowhide.  Will wait on that one, no hurry there…

Windows 10 Pro 22H2

Reply | Quote

SteveTree wrote:

SteveTree wrote:

Windows 10 32bit 1703 Now Windows keeps thanking me for upgrading to Widows 10. After sleep. After restart. While I am working. Windows doesn’t care. It just seems to be overwhelmed with gratitude and cannot thank me enough.

Now solved (touch wood). A check of updates revealed KB4073543 must have snuck around me. I used Used add or remove programs via Control Panel to uninstall the offensive update, restarted then opened wushowhide. KB4073543 was not listed to hide. Windows update run. It didn’t appear. Back to add or remove programs just to be sure. KB4073543 could not be seen. The wonders and mysteries of Win10 never seem to end.

Now unsolved. Despite uninstall and hide, it’s back (queue Twilight Zone music).

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

Reply | Quote

Check out @abbodi86 ‘s list of patches that propel you toward Win10 1709. Do you find any of these installed?

Reply | Quote

I installed KB 4073543 a month ago on Win 10 Pro 1703 64-bit, when it appeared with the January batch.  It has given me no trouble.

Windows 10 Pro 22H2

Reply | Quote

Thanks Steve.  I uninstalled KB4073543 and for a day it seemed to be the solution.  But this morning screen reappeared.   Just saw PKCano’s response about KB4023057, KB4056254, KB4023814.   Will check those out.

Edit to remove HTML from cut/paste

Reply | Quote

I only found that KB4023814 update on my Windows 10 Home 1607 machine.  But my Windows 10 Pro 1703 seems to have avoided that one.

I did receive the nag screen on Home to upgrade to the latest version of Windows, and this page seems to explain why.  But it did not force the upgrade to 1709.

https://support.microsoft.com/en-us/help/4023814/some-versions-of-windows-10-display-a-notification-to-install-the-late

Windows 10 Pro 22H2

Reply | Quote

anonymous wrote:

Thanks Steve. I uninstalled KB4073543 and for a day it seemed to be the solution. But this morning screen reappeared. Just saw PKCano’s response about KB4023057, KB4056254, KB4023814. Will check those out. Edit to remove HTML from cut/paste

Check your installed updates. You may find KB4073543 came back. My most recent post tells my story.

This morning I tested System Restore, trying to take the device back pre- update. It told me it failed. I set metered connection then re-started. Then I ran WUshowhide. Despite the shortcut on the desktop, KB4073543 was there to hide. I hid it and the message received indicated success. After leaving the device asleep a couple of hours, I just woke it to the offensive message again. If I could update the machine I would but the processor in that device is incompatible. This seems to be another significant M$ programming blunder.

 

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

Reply | Quote

I downloaded and installed the important updates for Feb 2018 (Win 7 x64) including the Monthly Quality Roll-up (KB4074598), but not the .NET patches as they were recommended only.

I have the Windows update feature disabled as per AskWoody and do my own update checks.

This afternoon I did another update check and was offered KB3177467, which is a service stack update from months ago. No other updates were offered.

What’s going on? Do I need to download and install this update or is MS update being more difficult than usual.

Appreciate any advice help on this.
GeoffB

Reply | Quote

KB3177467 is an exclusive update that Microsoft doesn’t allow to be installed at the same time as other updates. In Windows Update, this update (assuming you haven’t installed it yet) is listed only when no other Important updates that are ticked by default are listed. I recommend to install it.

1 user thanked author for this post.

GeoffB

Reply | Quote

Thanks for the speedy response. I’ll see how it works out.
I really appreciate all the work and help that you & the other team members provide to ‘non-tech’types like me..

GeoffB

Reply | Quote

WU says my device is up to date but I’m still on build 15063.909. Feature Deferral = 365, Quality Deferral = Not Configured.  I don’t use wushowhide. Is there a reason that I’m not getting 15063.936?

Reply | Quote

Installed KB4074598 (Feb rollup) and MSRT yesterday morning.
Have restarted computer several times during the day without any issues.

Hid the unticked update offered KB4091290.
For the past few months have not installed any .net updates.
I hid them all.

 

Dell Inspiron 660 (purchased in 2013) just replaced hard drive in November 2017 and had Windows 7 reloaded.

Windows 7 Home Premium 64 bit SP 1

Server 2008 R2 x64

Processor:  Intel i3-3240 (ivy bridge 3rd generation)

chipset Intel (R) 7 series/C216

chipset family SATA AHCI Controller -1 E02

 

After new hard drive installed went to

Group A

 

Reply | Quote

I have Windows 10 64 bit 1709 on my HP laptop. Certain keys on my keyboard stopped working gradually after applying the Feb patch (backspace and main enter keys not working or working intermittently, num lock not working when trying to log in to Windows but then working fine when I’m logged in.). After I read this article yesterday I updated with KB4090913. At first everything started working great again, but as the day went on, the same problems reoccurred. This morning, I’m back where I started yesterday morning and the keys don’t work again. I’ve run the Troubleshooter, to no avail. I’m not a computer geek, just a regular person trying to go about my day without having to worry about Microsoft scr**ing up something that will make my new (bought in November!) laptop a pain to use. It’s beyond irritating. One shouldn’t have to be a computer engineer to be able to use the backspace and enter keys! Sorry, just venting and wanting to report that applying that last patch might not solve anything. What a surprise.

Edit to remove HTML

Reply | Quote

FYI: In IE, KB4077528 removed the tabs bar together with the Home, star (Favourites & History) and Tools buttons; leaving only the address bar right across the screen. Enabling Show tabs on a separate row was the only way to restore everything. Interestingly, turning that off again, temporarily brought back the tabs and buttons next to the address bar, but after restarting IE everything had gone again! Uninstalling has returned everything to normal. What a waste of time that was!

Running Win10 Home – 1703 – metered. The full installer was downloaded from the MS catalogue. KB4074592 – not installed.

I don’t use IE anyway, but like to make sure everything is working as it should!

Reply | Quote

Woody says on ComputerWorld:

Windows 7 users who install the latest patches (Monthly Rollup KB 4074598, or Security-Only KB 4077525) may have problems if they have a Smart Card two-factor authorization  enabled on their machine. Microsoft also warns: “After installing this update, SMB servers may experience a memory leak.” No solution at this point.

Please bear with me – under Services, I have Smart Card shown as Manual, Disabled, and Stopped.  There is nothing there that says anything about any “two-factor authorization”.  Am I okay and good to go with just this much info.?

Next – and again please excuse my lack of knowledge, but what are SMB servers?  Can I assume that I’m not one and/or don’t have one?

I would really appreciate knowing the answers to these questions before taking the Feb. Update Plunge.  Thanks very much.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

Reply | Quote

You do not need the Feb Preview patch KB 4075211 or the patch that has the smart card fix KB4091290 if you are not using a smart card.

1 user thanked author for this post.

jburk07

Reply | Quote

Hello Charlie, your instinct on SMB is correct. Super Mario Bros., Spartan Marching Band, surface mass balance, sub-mini type B connector, Server Message Block, and probably many, many more. But in this context Small and Medium Business servers is the intended meaning. As in the central computer serving the various field units among the staff.

There is also a related subset acronym seen sometimes. Small Office or Home Office, can be abbreviated SOHO, and should not be confused with the Manhattan neighborhood. Like many things if you do not recognize it, it likely does not include you. Or you need better friends. I hope it is not the friend thing. Friendly smile when I write that.

1 user thanked author for this post.

Charlie

Reply | Quote

Thanks a lot for the answer on SMB.  I’m going to assume that I’m okay with the Smart Card thing.

I try to extrapolate yes or no answers from the replies I get.  I realize this is that hectic time when Windows must be updated and this site is inundated with questions.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

Reply | Quote

Hello Charlie,

The smart cards are usually set up in a business environment for two-factor authentication. Some computers have a reader, but an external reader can be plugged in. I also show smart card under services on my laptop… but I am not using a smart card or reader. If not using it, you don’t need this particular update, like PKCano says. Also, KB4091290, the smart card fix, is a rollup, and you don’t want that as Group B.

You are not a server, so don’t have to worry about that, either.

You are on Home or Pro?

I can’t tell you how much help I’ve gotten here… and I’ve had lots of questions that tech-types would never think would be a question. There is always something new to learn, and you have to start from where you are. Don’t be shy about asking a question to clarify an answer.

 

Non-techy Win 10 Pro and Linux Mint experimenter

3 users thanked author for this post.

jburk07, JDeC, Charlie

Reply | Quote

Thank you so much Elly.  The “HP” in between Win 7 and x64 in the info. under my posts is for Home Premium.  That might be confusing as it may be mistaken for Hewlett Packard.

Looking at the Feb. Group B updates, I see the newer KB 4088835 (IE with Outlook Fix) along with the regular KB 4074736 IE update.  Can you help me with that?  Which one should I get, I don’t use IE or Outlook, but keep them updated every month.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

Reply | Quote

@Charlie – My 2 cents worth is to keep IE 11 and Outlook updated. BUT don’t install KB4088835 yet because it’s actually part of the February Preview. (You can verify it’s part of the Preview by going to the MS support page for 4088835; part way down the page it says the fixes are among the same fixes as the Feb Preview) This preview will come back as part of the March Rollup or perhaps the IE 11 update for March. When that happens wait for the DEFCON level to get to 3 or higher before installing. I personally NEVER install a Preview.

2 users thanked author for this post.

JDeC, Charlie

Reply | Quote

@Charlie-

I did think it was Hewlett Packard, and not Home Premium!

The IE 11 updates are cumulative, so if you already installed February’s IE 11 KB 4074736 and don’t need the Outlook fix, you can probably wait until next month to worry about it.

Non-techy Win 10 Pro and Linux Mint experimenter

2 users thanked author for this post.

JDeC, Charlie

Reply | Quote

alpha128 wrote:

As Woody said, if there are “no major outstanding issues” on a Friday 2-3 weeks after Patch Tuesday then it’s better to push the MS-DEFCON 3 button then. Rather than wait until the following Monday, and have us miss out on a weekend patch opportunity.

Actually, Woody said only that he would consider changing on Fridays if there are “no major outstanding issues,” and that’s completely in line with my Block Quote which you included with your reply, unless I’m missing something, which if I am please accept my apology. I suspect that we pretty much all here agree it’s better to do our updating and upgrading on weekends, but my main point during the course of this conversation has been that we shouldn’t expect Woody to change to MS-DEFCON 3 or higher until he’s comfortable enough he’s giving us the very best update/upgrade guidance he can possibly give, whether it’s Friday, Monday or whenever. Woody and his staff of outstanding MVPs are working their tails off for our good, not necessarily our convenience. It appears that, from you last post, we’re both now in agreement with that. If not, again, please accept my apology.

1 user thanked author for this post.

jburk07

Reply | Quote

dononline wrote:

I suspect that we pretty much all here agree it’s better to do our updating and upgrading on weekends, but my main point during the course of this conversation has been that we shouldn’t expect Woody to change to MS-DEFCON 3 or higher until he’s comfortable enough he’s giving us the very best update/upgrade guidance he can possibly give, whether it’s Friday, Monday or whenever. Woody and his staff of outstanding MVPs are working their tails off for our good, not necessarily our convenience. It appears that, from you last post, we’re both now in agreement with that.

We are in complete agreement. My main point is that two months in a row Woody has changed the MS-DEFCON level on a Monday – which is the absolute worst day to do it. My point is that all else being equal Friday is the best day to change it.

Reply | Quote

Well, here’s hoping the patches won’t be such a mess for a few months and Woody can light that sucker up for us on Fridays. 🙂

Reply | Quote

Yes, I am looking forward to Patch Tuesdays and MS-DEFCON Fridays! 🙂

Reply | Quote

alpha128 wrote:

I am looking forward to Patch Tuesdays and MS-DEFCON Fridays!

+1

In addition to home users/patchers, please remember that, for many small businesses, non-trivial IT operations often occur off-(business-)hours–and often enough on weekends.

So nominal MS-DEFCON changes late on Friday nights–_unless contraindicated_ (by, let’s say, persistent patching perturbations emanating from recent Redmond repairs and re-releases…)–sounds like a great idea. And I trust Woody to make that final call.

Thanks Boss, major props for all u do 🙂

1 user thanked author for this post.

jburk07

Reply | Quote

Are the below patches safe to install?

KB4076492 checked   recommended 2-13-18 Security and Quality Rollup for .NET
KB4074598 checked   important   2-13-18 Security Monthly Quality Rollup for Windows 7
KB890830  checked   important   2-13-18 Windows Malicious Software Removal Tool x64

Also is there a new update/version for-  MS Office Starter 2010 click to run?

Any help appreciated,

Sparky

 

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

Sparky wrote:

Also is there a new update/version for- MS Office Starter 2010 click to run?

The click to run versions update themselves….

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

@Sparky

I’ve installed KB4076492 (a checked, important update for me) on 3 Win7 machines in the last 2 days, all with no problems at all. 2 were 64 bit Pro SP1 (1 Ivy Bridge 3rd generation and 1 Broadwell 5th generation) and 1 was 32 bit Starter (an Atom).

I’m basically group B so I don’t install Rollups, but on the same machines the security only and IE11 patches (KB4074587 and KB4-74736, respectively) installed with no problems.

I have ‘normal’ Office 2010 (i.e., not click to run) on one win& 64 bit machine and installed 2 Office, 1 outlook, and 1 Powerpoint patches on it with no problems (KB numbers are 4011707, 3114874, 4011711, and 4011187, repectively)

Hope this helps.

2 users thanked author for this post.

JDeC, jburk07

Reply | Quote

Sparky wrote:

Are the below patches safe to install?

Sparky, the KB4074598-FEB SMQR and KB890830-FEB MSRT are both covered by GroupA directions linked by Woody in his recent article. For myself, they gave no troubles.

But your first item gave me pause, KB4076492-FEB rollup for .NET (all and sundry) was not preselected as checked on my system. Now there may be some difference between our systems that could explain that. But also I seem to remember that there was no significant change over the January rollup, and advice was to leave that one off and wait for March on .NET .

I will leave Office advice to others, but refer you to Master Patch List button on grey headliner bar at top of page. Susan Bradley has folded in Office notations by PKCano.

Reply | Quote

I was offered KB4011187 thru Windows Update (fix for when PowerPoint 2010 isn’t as fast as before you installed Windows 10 Fall Creators Update). As I have Win 7 (x64), Home, SP1; I wasn’t sure why I was offered this update and if I should install it.

Reply | Quote

Updates to Windows 10 Version 1703 update components March 9, 2018

Reply | Quote

Hi,

I didn’t install any of the January updates because of all the problems I read. I have to update my PC as well as trying to talk my relatives through updating their laptops, which is getting more and more difficult.

With regards to Group B:

– Can I install the February security update KB4074587 and forget about the January security update altogether?
– With regards to the anti virus problems with the January updates, were these only occurring if a) you don’t have the QualityCompat reg key or b) you installed the latest Intel firmware?

With regards to Group A:

– If I install the February monthly rollup KB4074598 on an AMD laptop that doesn’t have the January monthly rollup KB4056894 installed, have I not just delayed the inevitable boot problem (aren’t the monthly rollups cumulative).

Thanks

Reply | Quote

anonymous wrote:

With regards to Group B:

The Security-only patches are NOT cumulative. If you skip one, you skip the fixes. For Win7 Group B you should install KB 4073578 (Jan SO plus fix for AMD), KB 4074587 (Feb SO) and the Feb cumulative IE11 Update (if you use Outlook Web App, use KB4088835. otherwise use KB 4074736). They can be downloaded from AKB2000003 on this site.

The QualityCompat Registry key set by the anti-virus is a requirement for patching through WU from Jan onward.

anonymous wrote:

With regards to Group A:

For Win7 Group A KB 4074598 (Feb Monthly ROLLUP) is cumulative and supposedly contains the fix for AMD processors.

1 user thanked author for this post.

JDeC

Reply | Quote

Stopping by to add my two cents here:

I’ve skipped January updated on my Windows 7 Pro x64, i5 Sandy Bridge powered notebook, ans I just managed to install Feb updates (and January along) via Group A approach and it all seems fine so far…

Installation went fast and smooth and the reboot process went fine… I ran a second deliberate reboot which also went ok…

Only update left behind is .NET 4.7.1 Framework…

Reply | Quote

alpha128’s update adventures

Here you go – this is why I prefer to update on Saturdays.

1. Launched Macrium Reflect and was told that I had to update to a new version. The auto-update failed so I downloaded the full installer, ReflectDLHF.exe

2. I then scanned ReflectDLHF.exe with Avast! and Avast! told me that it had to install a new version. So I did that.

3. After updating Avast! and rebooting. I did an Avast Smartscan ,which told me that my VLC media player was out of date. So I installed that.

4. I then finally installed the Macrium Reflect update and rebooted again after that. Then I did a complete backup of my C: drive.

5. I then installed 2018-02 Monthly Rollup for Windows 7 (KB4074598)

6. After a reboot I installed 2018-02 .NET Rollup (KB4076492)

7. Because the purpose of the Macrium Reflect update was to fix a problem with rescue media, I then created a new rescue disc.

Total elapsed time: about five hours

Reply | Quote

I agree that in some cases monthly maintenance can be quite time consuming. If I read your intention correctly, you are demonstrating that Saturday is the best weekday available to you to accommodate this task. May I suggest that on any future elevation of the MSDefcon rating that may happen to fall on a Sunday thru Thursday, any day that Woody has reached his conclusions, rechecked and re-verified all interconnecting facts, written up his directions, proofread and edited mistakes, then published the information across multiple platforms, that you could delay your personal patching routine to the nest available Saturday.

This plan is in accordance with the spirit of wait until all is ready before commencing. Woody’s columns do not state a deadline to comply. And there are many who delay even longer. The directions are still available to review at your leisure. And on that rare occasion that there is still a flaw, you will have several days experience by a new set of guinea pigs to help guide you. There is no prize given for first to patch. There is sometimes a consolation given to first to break.

There is also the possibility of patching before Woody has elevated the MSDefcon rating. It is not recommended here. But many of the best contributors here do it on purpose and call it ‘testing’. If this fits your schedule better, you could add your test results to the conversation. And possibly show Woody by demonstration that it is OK to proceed.

Also keep in mind that there are others whose busiest day of the week is your day off. May all your future patches hold up well.

Reply | Quote

Cascadian wrote:

you could delay your personal patching routine to the nest available Saturday.

I assume you mean the next available Saturday. And yes, that’s what I ended up doing.

But as I’ve said before, and others have agreed with me, all else being equal Friday is the best day to change MS-DEFCON level.

Reply | Quote

Thank you for decrypting my cypher. You have helped every reader since your post.

I’ll be slightly more specific, without overstepping, by pointing out that I doubt Woody waited until Monday because he wanted to make things difficult on the people who like to read his advice. I think he may have been concerned about giving solid advice.

I’ll also observe again, as another commenter noticed farther up this page and I mentioned above. Like you, I enjoy my weekends. Often they occur on days that start with an ‘S’. But there are many good people who accomplish great things in this world that are working their hardest on a Saturday. They have to postpone Woody’s advice to Monday or Tuesday, when they can pay closer attention again.

I’ve seen you stress the phrase ‘all else being equal’ several times. I find myself wondering what that means. Whether I’ve ever actually seen a set of conditions where all things were equal across two days of constantly developing events. And if it were, I would not need updates at all. Because everything remains equal. Equal Friday, equal Monday, would probably lead to an equal Wednesday and Thursday too. I conclude it is the unequal nature of developing information that determines the timeline of MSDefcon rating changes.

Reply | Quote

Cascadian wrote:

I’ve seen you stress the phrase ‘all else being equal’ several times. I find myself wondering what that means.

This may be speculation on my part, but Woody’s earlier post implied that he was basically ready to raise the MS-DEFCON earlier, but waited until Monday morning just in case Microsoft “released a fix for the one really onerous bad patch.”  In that case, Woody’s knowledge on that Monday morning and the previous Friday night might well have been equal.  And by waiting until Monday morning, he put those of us who don’t have five hours to spare on a weeknight at a disadvantage.

2 users thanked author for this post.

MrBrian, Cascadian

Reply | Quote

why KB4076492 is a optional update not important hmm it’s a security update? is it safe to install?

2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492)

anyone can explain it to me?

thank you

Reply | Quote

As MrBrian help remind us in another topic earlier today, recommended updates can be listed differently from one machine to another without regard to their descriptive title.

When you choose GroupA, those directions ask you to take recommended updates the same as important updates. However GroupB does not do this, and recommended updates appear on the second page of Windows Updates offered items.

In both Groups, instructions are to not check anything not already preselected by Windows Update.

Anonymous, you have not said which Group you prefer, nor how your Windows Update settings are set. So I cannot give guidance beyond describing what you are viewing.

1 user thanked author for this post.

MrBrian

Reply | Quote

anonymous wrote:

why KB4076492 is a optional update not important hmm it’s a security update? is it safe to install? 2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492) anyone can explain it to me? thank you

Microsoft’s nomenclature can be confusing. In this case 2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492) is all Quality and no Security. It contains bug fixes that are not security related. But my employer pushed this out to my work computer weeks ago, so yes, after a month it should be safe to install. If you want to skip this one, you can. A future Security and Quality Rollup that does have Security will include the fixes from this rollup.

2 users thanked author for this post.

anita.yk, MrBrian

Reply | Quote

Thank you PKCano for your post earlier today (#174382). It clears up just what I (an old non-techie trying to keep Win7 sp1 Pro 64bit safe and working) need for updates for Jan & Feb Group B.
What is not clear (to me anyway) is the issue also mentioned in that reply about registry key setting by the av app (mine is Avast Free 18.1.2326 (trying to avoid all the issues mentioned elsewhere with the newer 18.2.2328): “QualityCompat Registry key set by the anti-virus is a requirement for patching through WU from Jan onward.” How can I tell if my av will do that?
Thanks

Reply | Quote

Kirsty has a post about version 7 of Steve Gibson’s New Inspectre Utility. That tool addresses different parts of the Specter Meltdown patching, not just the qualitycompat registry key.

If you don’t want a third party tool, you can check for the presence of the registry key by following OscarCP’s instructions SueW’s instructions.

A third (indirect) way to check is to see what is being offered to you in Windows Update, because Microsoft won’t offer the monthly rollup, from January on, to machines that don’t have the registry key set.

EDIT original author achknowledged, link amended

Non-techy Win 10 Pro and Linux Mint experimenter

3 users thanked author for this post.

Microfix, SueW, amraybt

Reply | Quote

@Elly, just a clarification for checking the “QualityCompat registry key”:  the original documented instructions are here: #157000.  Unfortunately these instructions were misappropriated a month later . . .

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

geekdom, Microfix

Reply | Quote

Thank you, SueW.  You deserve to be credited with that!

Non-techy Win 10 Pro and Linux Mint experimenter

2 users thanked author for this post.

SueW, Microfix

Reply | Quote

Thank you Elly. I will try that another day since we’re losing an hour of sleep tonight and I have to get to bed very soon.

In doing the security only updates from from PKCano’s post this morning, I encountered an unexpected problem. January’s KB4073578 went just fine having rebooted when prompted. Then I installed February’s KB4074587 and rebooted when prompted. Then I discover I had no internet connection. I uninstalled it and have the internet back. Is there a recommended resolution?

I have not installed the IE11 since that’s usually done after the security updates. A question regarding which IE11 update to use. My wife’s work email is Outlook. She occasionally accesses it from home. Does that mean I should use KB4088835?

Thanks for your help.

1 user thanked author for this post.

JDeC

Reply | Quote

It is not Outlook as installed in the Office Suite. It is the Outlook Web App that is affected and need the fix. It she is not using the Web App, the original SO patch for IE11 is all you need.

Reply | Quote

PKCano wrote:

It is the Outlook Web App that is affected and need the fix.

Is that the live.com email Outlook  you mean?

 

Reply | Quote

I believe it is the Outlook downloaded Web App, but I have not researched it.

2 users thanked author for this post.

JDeC, HiFlyer

Reply | Quote

PKCano wrote:

I believe it is the Outlook downloaded Web App, but I have not researched it.

O.K.  I guess that update doesn’t apply to my outlook mail (live.com)

Here’s what I found:

https://en.wikipedia.org/wiki/Outlook_on_the_web

 

1 user thanked author for this post.

JDeC

Reply | Quote

Outlook Web App is not a web mail service, but rather a web interface for companies who offer Exchange email to their users, allowing their users to access their Exchange email via the web.

Outlook.com and Live.com are websites where free web email services are provided.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

2 users thanked author for this post.

jburk07, HiFlyer

Reply | Quote

MrJimPhelps wrote:

Outlook Web App is not a web mail service, but rather a web interface for companies who offer Exchange email to their users, allowing their users to access their Exchange email via the web. Outlook.com and Live.com are websites where free web email services are provided.

M$ is constantly changing names, seemingly willy-nilly.  I find it irritating and counterproductive  Wikipedia (#174684 linked above) says,

“Outlook on the web (previously called Exchange Web Connect, Outlook Web Access, and Outlook Web App).”

So I suppose the correct “Quality” up to date term is “Outlook on the Web”.

Go figure.

1 user thanked author for this post.

Cybertooth

Reply | Quote

32bit win10 1703.

After uninstalling KB4073543, KB4023057 and KB4074592, my nag screen issues went away. I just turned on update again and hid those. Additionally listed was KB4033631. Support information for that says:

This update includes diagnostic improvements for determining the applicability of updates in Windows 10 Version 1703, Version 1607, Version 1511, and Version 1507. The files and resources in this update make sure that feature updates are installed seamlessly to improve the reliability and security of Windows 10.

Hopefully that’s Microsoft speak for fixing non-recognition of incompatible hardware resulting in Windows wasting no more time on 1709 ungrade attempts.

That update took a long time to install. So far there are no issues.  At this stage, there is no intention to unhide KB4073543, KB4023057,  KB4074592 and test the 1709 fiasco again.

Edit to remove HTML from copy/paste. Please use the “text” tab in the post entry box when you copy/paste.

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

Reply | Quote

For details about KB4033631, see https://www.askwoody.com/forums/topic/another-complaint-about-kb-4023057/#post-163295.

Reply | Quote

Hello @anonymous #174576

anonymous wrote:

In doing the security only updates from from PKCano’s post this morning, I encountered an unexpected problem. January’s KB4073578 went just fine having rebooted when prompted. Then I installed February’s KB4074587 and rebooted when prompted. Then I discover I had no internet connection. I uninstalled it and have the internet back. Is there a recommended resolution?

I am basically non-techy, but share the solutions that I’ve found to things (especially those shared by the knowledgeable people here). I don’t see that any one with that kind of expertise has responded to your problem with the internet… but I’m hoping that with the quote of that specific question, it will be seen… or maybe you have resolved it by now?

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Thank you for your help Elly. Rest assured it is not resolved by now. I have no clue where to begin or what to do or how to do it. I’m dependent on the kind folks willing to share their expertise and experience that also come here.

I’m hoping someone will respond to your quoting my problem description and that it may be effective and something I can actually do.

PKCano’s comment regarding Outlook easily answered my question for that concern.

When I have a chunk of time available I hope to work up the courage to adventure into the registry per your suggestion regarding the registry key reset by antivirus per SueW’s process.

anonymous #174576

Reply | Quote

Hi anon #174576, as I was reading this, I remembered another question asked up-thread about which order to install the January (KB4073578) and February (KB4074587) updates for Group B.  From MrBrian’s response and recommendation (above, on March 6, #172812):

“You’ll be getting the Windows Spectre/Meltdown fixes for the first time. The Windows Spectre/Meltdown fixes are not compatible with some security programs, as Woody’s article mentioned.

If you’re in Group B, I recommend that you install the February 2018 Windows security-only update first, and then the January 2018 Windows security-only update, in order to avoid the other issues (such as the AMD processor issue) that the January 2018
Windows security-only update has. You don’t need to reboot in between the installation of these two updates.”

 

So, the one thing you do need to do first/next is to make sure the “QualityCompat” key exists in your Registry.  If you’ve ever used the ‘Find’ function to search for a word in a text document — this is the same process that is also used to search the Registry.  No changes are made by doing this.  And since you use a well-known AV, I bet the key is already there.

If your Registry has the key, I’d like to suggest that you uninstall the January Update (KB4073578) and reboot.  Then, following MrBrian’s recommendation, install the February Update (KB4074587) first, and then January’s.

Please keep us posted.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

Elly, MrBrian

Reply | Quote

Thank you SueW (& MrBrian too).

I have checked the registry using your process previous described (#15700) and find that the key is there. There is also a line entry appearing above the key line in which I see the following: under “Name” (Default) which is surrounded by a rectangle of dots; under “Type” REG_SZ; and under “Data” (value not set). Am I correct that this line is of no significance for the issue at hand?

It’s now too late in the day for me to undertake uninstalling Jan’s KB4073578, rebooting, installing (in order) Feb’s KB4074587 & Jan’s KB4073578, rebooting, installing Feb’s IE11 KB407436, rebooting. Hope to get a chunk of time in next few days to try this.

I do have an older AMD processor (Nov 2009): AMD Phenom II X4 965 Processor 3.40 GHz. Maybe that was part of my issue too? Also using Win 7 Pro SP1 64-bit.

For all of last year it seemed the rules were: updates must be done in chronological order and reboot when Windows update says to. Looks like Jan/Feb 2018 proves the old adage “Rules are meant to be broken.”

Thanks again,
anon #174576

3 users thanked author for this post.

Elly, Kathy70, SueW

Reply | Quote

Regarding your registry question: That is normal and expected.

If you already installed the January 2018 security-only update (or KB4073578) without issue, there is no need to uninstall it. My out-of-order installation advice was meant for those that hadn’t installed the January 2018 security-only update (or KB4073578) yet.

Perhaps of interest: When is it safe to install multiple standalone Windows updates without a reboot?

1 user thanked author for this post.

SueW

Reply | Quote

MrBrian. Do you recommend the same out-of-order installation advice in general for the security only updates? For example, this month would now go March then February then January?

Reply | Quote

In general it is recommended to install the Security updates in order. January updates were a mess, and some of that mess was fixed by the February update, and that is why it might be better to install the February update first. It is of particular importance for those who have AMD processors, as I remember. The brave, with plenty of expertise, and maybe a VM or spare computer, will be testing the March updates… and that hasn’t had time to happen yet, so any recommendations for March updates have yet to be formulated.

But… I do have a similar question… and that is, if I am doing a clean install, and updating Group B style, do I have to install KB 4073578, the ‘fix’ for AMD processors before I install the January Security Update, KB 4056897 if it is an AMD machine?

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

PKCano

Reply | Quote

Elly wrote:

But… I do have a similar question… and that is, if I am doing a clean install, and updating Group B style, do I have to install KB 4073578, the ‘fix’ for AMD processors before I install the January Security Update, KB 4056897 if it is an AMD machine?

I would install the Feb patch first then install KB 4073578 (the SO with the fix for AMD) instead of KB 4056897 (the SO without the fix for AMD).
No need to reboot in between.

1 user thanked author for this post.

Elly

Reply | Quote

I don’t know if there is any good reason to install the March 2018 Windows security-only update before the Feb. 2018 Windows security-only update. For those who didn’t install either the Jan. 2018 Windows security-only update or the Feb. 2018 Windows security-only update, I recommend installing the Feb. 2018 Windows security-only update first, and then the Jan. 2018 Windows security-only update; there should be no need to reboot in between the two. It should also be fine to install the Jan. 2018 Windows security-only update first, and then the Feb. 2018 Windows security-only update, provided that there is no reboot in between the two. The problem is that if you install the Jan. 2018 Windows security-only update first, and then reboot, your computer might not boot properly because of the AMD processor issue.

For those of you who in the past successfully installed the Jan. 2018 Windows security-only update (or one of its functional replacements) or the Feb. 2018 Windows security-only update, there is no need to uninstall them.

4 users thanked author for this post.

walker, Elly, Cascadian, SueW

Reply | Quote

Simpler advice: You don’t need to worry about installation order if you follow my prior advice to use KB4073578 as the replacement for the Windows 7 January 2018 Windows security-only update or KB4077561 as the replacement for the Windows 8.1 January 2018 Windows security-only update.

2 users thanked author for this post.

SueW, Elly

Reply | Quote

I haven’t done the January, February or March security only updates yet.  Is there any harm in continuing to wait or is it time to go ahead and do so now?

Okay to install KB4073578 for January then the February and March ones all at once (when the go ahead is given for March) without rebooting in between?

Can I do the IE security only for March by itself or save that for when doing the 3 Windows ones all together?

Reply | Quote

Woody’s hasn’t given the go-ahead for the March updates yet. You can install the Jan. and Feb. updates though. See https://www.askwoody.com/forums/topic/ms-defcon-3-most-february-2018-patches-are-good-to-go/#post-175821 for my Jan. advice. You need to install only one IE cumulative update. You don’t have to reboot in between.

2 users thanked author for this post.

walker, Elly

Reply | Quote

Issue added to February 13, 2018—KB4074588 (OS Build 16299.248) and February 13, 2018—KB4074590 (OS Build 14393.2068): “After installing this update, applications may not be able to reserve or bind to ports that previously worked.”

Reply | Quote

Hello. Anon #174576 here.
I was delayed in trying the suggestions after my original post (174576 on Mar 10) of problem encountered (ie, no internet after installing KB4074587; internet returned upon uninstalling).
Thank you all (Elly, PKCano, SueW and MrBrian) for your suggestions.
In summary: tonight I uninstalled KB4073578 & rebooted; installed KB4074587, then KB4073578, then rebooted.
The result: internet very sluggish loading pages if at all, Avast Free AV long time loading, email (Outlook 2007) not receiving or sending.
The solution: uninstalling KB4074587 & reboot had no impact; then uninstalling KB4073578 & reboot and email’s working, AV and webpages load as before undertaking tonight’s updating.
March updates comments elsewhere appear even worse than Jan/Feb.
Looks like I’m forced out of Group B and into Group W (if I’m recalling correctly, that’s the do nothing group).

3 users thanked author for this post.

SueW, MrBrian, Elly

Reply | Quote