MS-DEFCON 3: Patch Windows, but beware the snoops

Topic

New Reply

It’s time to get caught up with your Microsoft patches. The September Black Tuesday patches have festered, gone through a few re-releases, and general
[See the full post at: MS-DEFCON 3: Patch Windows, but beware the snoops]

Reply | Quote

Replies

Woody,

I apologize in advance for second-guessing but KB3096053 is not documented as supporting installation on Vista or Win 7. Can you shed any more light on this potential mismatch?

Reply | Quote

Woody,

I hit the submit button too fast with my previous comment. Is there anything new regarding the latest WU Client updates?

Reply | Quote

@Eric –

Nothing new. I’m telling people to go ahead and install them, simply because I don’t know what they do (nor does anyone else!) and WU Clients are nasty things to neglect.

Reply | Quote

@Eric –

GACK! My mistake. Correction made. Thanks!

Reply | Quote

Woody,

It seems like WU Clients are nasty whether they are installed or neglected. After installing the August update I passed on installing the September update whie waiting to get some information about it. And before October’s Patch Tuesday arrived MS has alrady issued an October WU client update. I will also wait to install that one with the hope that more information becomes available through Susan Bradley’s communictations with MS. But I’m not holding my breath.

Reply | Quote

@Eric –

Susan’s definitely the point person on this one….

Reply | Quote

Woody,

My W10 machine is on an Ethernet cable, so I can’t use the metered connection trick. Is there a way to target a router firewall setting to achieve the same result?

Reply | Quote

@Layne –

I haven’t found one. My main machine runs Win10 and it’s attached with a cable. Haven’t figured out any reasonable way to Wi-Fi enable it…

Reply | Quote

Woody,

After patching, rebooting and rerunning check for updates WU has checked the box on the uninstalled 3083324 September WU Client update and marked it as important. The uninstalled 3083710 October WU Client update is sitting benignly among the “Optional” updates with an unchecked box.

All I can do is scratch my head in wonderment.

Reply | Quote

@Eric –

Windows Update works in mysterious ways…

Reply | Quote

Woody, should we install KB 3083324 on Windows 7? You had told us not to install it awhile ago, but it wasn’t listed on the ones to avoid this month.

Reply | Quote

Forgot to mention on my previous post that KB 3083324 is showing up as “Important” now on Windows 7.

Reply | Quote

What about 3083324? Is there any more information. My Win7 laptop has this update rated “important.” Check or uncheck?

Reply | Quote

@Woody,

As an FYI…the Sept .NET updates (I had 4 of them)which I had not yet installed, created an update problem with McAfee Security Center.

Until I installed the 4 .NET updates this afternoon, McAfee did not notify me of new updates are available (which they do every week), and McAfee would end up in an infinite “Checking for Updates” loop.

Once I installed all 4 .NET updates, McAfee checked, downloaded and installed all of this weeks updates.

Reply | Quote

Thanks for this, i had no idea about that excel patch list.

KB3083710 was also optional for me so i hid it and KB3083324 is still on my hidden list but showing as important. I’m not installing it if it’s optional but important? I just don’t know, wasn’t 3083324 a stealthy update to be avoided?. As i said before they are making people deeply mistrust updates, these WU clients have screwed with things before and turned on CEIP. Also svchost just hammers my cpu every time i boot up now but i know i’m not the only one.

Reply | Quote

OK, I can get on here now.
Shut the “metered conncection” off and waited about two hours. The update started, but aborted. It gave me the “retry” option, which I tried twice, and still no joy. I got a message that KB3093266 didn’t update with ERROR 0x80004005. What now boss?
btw, I did put this on Facebook if you’re still trying that.;)

Reply | Quote

Any thoughts or experience on 3083992 please? It’s offered on my Windows 7 machines and says it’s to do with improved Applocker certificate handling which means diddly squat to me. It hasn’t been picked up by Susan Bradley. My machines are used for gaming, browsing (Chrome) and mail with Office installed on one of them but rarely used these days.

Thanks Woody or anyone else for any thoughts on this one.

Reply | Quote

@Self –

If you don’t use Applocker, don’t bother with it.

Reply | Quote

@Jim –

That’s one of the known errors with that Cumulative Update

http://answers.microsoft.com/en-us/windows/forum/windows_10-update/window-10-update-failure/156adfb8-e7e1-46fa-b5c6-cbd5dcfebbb9

I say don’t sweat it. Microsoft will figure it out one of these days.

Reply | Quote

@T –

Didn’t realize it was still out there.

Yep, keep KB 3083324 hidden.

http://www.infoworld.com/article/2980285/microsoft-windows/dont-check-that-box-windows-7-patch-kb-3083324-sneaks-in.html

I swear I’ll put together an InfoWorld post pretty soon that shows you how to turn off most (but not all) kinds of telemetry.

Reply | Quote

@Louis –

Thanks!

Reply | Quote

@Deborah –

See my response to @Louis. Keep it hidden

Reply | Quote

@Layne @woody In Windows 10 Pro and Enterprise versions automatic updates can be blocked by using a local group policy. Search gpedit.msc, Computer Configuration/Administrative Templates/Windows Components/Windows Update/Configure Automatic Updates set to Disabled. Please be aware that this will block Windows Defender Updates as far as I am concerned, however more testing is required to confirm. Also updates can still be done manually, but I can’t find a way to selectively enable one or another of the updates when manual update is done.
For blocking driver updates, this may work.
In the same gpedit.msc console, Computer Configuration/Administrative Templates/System/Device Installation/Specify search order for device driver source locations set to Enabled, select Do not search Windows Update.
For the Home edition there should be unsupported equivalent registry keys which are configured by the mentioned gpedit.msc console in the Pro and above editions. Gpedit.msc is not available in the Home edition.
It is possible that the configurations presented above will change in the future, however I would say it is unlikely as it is typical for configuring a larger number of computers in business environments, although managed centrally.
For an unknown reason, the equivalent GUI configuration for driver updates which works in Windows 7 does not work in Windows 10 (bug which will be fixed in the future releases?) but works when set in a policy, at least this is my experience.

Reply | Quote

Does anybody know what happened to KB3084905? I’m running windows 8.1 Core and KB3084905 was listed among available optional updates on September 15 when it was released but later it has disappeared from the list.

Reply | Quote

Last night I checked the 9 important updates waiting to install against your list of Win 7 ‘snoop’ & nagware patches.

All clear. Made drive image overnight, this morning sat down to patch, and there were 10 important patches, the ‘new’ one being the twice hidden KB 3035583, listed again, with a tick in the box. That’s three times now.

Welcome to the Zombie Patch Apocalypse.

Reply | Quote

@Bruce –

Yeah, Microsoft really, really wants to put the GWX program on your machine.

I can remember way back when the only thing we had to defend against was broken patches. Now it’s zombies…..

Reply | Quote

@misuser8 –

I think it was pulled, but can’t find any definitive info on it.

http://answers.microsoft.com/en-us/windows/forum/windows8_1-update/need-help-with-optional-update-kb3084905/f8f1beaa-b1a8-4a6f-858f-3a0f2bd687f7

Yell if you learn anything.

Reply | Quote

@ch100 –

That’s exactly correct.

I’ve refrained from recommending this approach for two reasons. One is that Home users don’t have gpedit, as you noted. The other is that disabling Automatic Updates entirely does disable Windows Defender updates. Something about throwing out babies and bathwater in there.

Nobody I know has found any way to selectively enable or disable individual updates, aside from the after-the-fact method offered by wushowhide, which has its own problems. See

http://www.infoworld.com/article/2952996/microsoft-windows/on-the-road-to-windows-10-botched-nvidia-driver-tests-kb-3073930-patch-blocker.html

Microsoft HAS to do something to improve the situation. They’re going to drown in complaints until they see the error of their ways – and I’ll pick up a pitchfork, tar and feathers, and encourage others to do it as well, until they make things better.

Reply | Quote

Woody, FYI – Win7 Pro:
3035583 keeps returning (checked) even after I’ve hidden it!

Reply | Quote

@CyGuy –

Yep, the zombie patch.

It looks like every time Microsoft re-releases 3035583, Windows Update pops it out of hidden state. Nice guys.

Reply | Quote

Just wondering whether anyone who lost their WU notifications (and the corresponding notification icon) has found a way of restoring them short of uninstalling one more more Windows Update Client patches.

(KB3075851 killed WU notifications on my Win7 machines. Uninstalling that patch on a test computer restored them, but also eliminated the Windows Update history. Some other way of restoring the notifications would be preferable.)

Thanks.

MM

Reply | Quote

I just sorted through your update recommendations for Windows 7 and noticed I have KB2952664 both as 6.1MB Recommended (checked) and 4.6MB Optional (unchecked). I hid them both, but was curious as to why one update would show up twice.

Thx!

Reply | Quote

@Gail –

Weird. Haven’t seen that. No doubt one of them is the older version, the other is newer. But it’s hard to say.

Reply | Quote

Ahhh there’s our old friend… i see 3035583 as an optional recommended update today. I was hoping that the gwx control panel (disable OS upgrades) and the registry hack found here https://support.microsoft.com/en-gb/kb/3080351 meant i wouldn’t be pestered by it again but obviously not. It’s not ticked and is showing as optional and obviously i have auto updates turned off and i’ve unticked ‘Give me recommended updates the same way I receive important updates’. I guess that latter option is the reason it’s showing as important for people?

Reply | Quote

@Marty

Something to try regarding your missing Update Notification Icon–I think I saw this *fix* back in WinXP when the Notification Icon went missing:

In the Automatic Update settings–turn off Automatic Updates completely and select Apply if needed–no Nofify Me when Updates are available, no download but let me decide when to install, no Automatic Update, etc.–just totally disable.

Maybe reboot for good measure–then go back and select to Notify Me when Updates are available and Apply if needed.

As I understood it at the time, this shuts down the Automatic Update services, and then restarts them–and somehow Windows sorts out the problem with the missing Update Icon.

Don’t know if this works with Win7–but easy enough to try, and no harm done.

It would be interesting to hear your results.

Reply | Quote

@woody Maybe a middle of the road approach as you mentioned in few places in the sense of blocking updates until they are generally considered safe is the best that those concerned can do with Windows 10, until such a time when Microsoft will admit their half-mistake and bring back more options.
My problem with the other approach that even potentially faulty patches will eventually be corrected by the next CU is what happens if/when a problematic update will break the update mechanism and the next good one will not be able to be installed without radical measures like reinstalling the OS in repair mode.
Either way it should not be so complicated for regular users, as power users would normally use at least Windows Pro and find workarounds until a ‘normal’ implementation is included with the product.
Thanks for doing the very good work for everyone interested in this area of patching and for educating Windows users in general.

Reply | Quote

@woody: there’s this Win10 Automatic Updates Enable/Disable script I found in this forum site that Win10 users may want to take a look at.

Yup, I’m offered the KB3035583 updates on my Win7 & Win8.1 machines again woody; WU “checks” them by default. I’ve unchecked and hid them again.

@Gail: The “Recommended” version of KB2952664 is the one released in mid-August 2015 and the “Optional” version of KB2952664 is the one recently released on October 6, 2015; SO the Optional one is NEWER than the Recommended one. Hide and uncheck BOTH versions. Microsoft has to fix & update the Windows Update “Metadata” on KB2952664 and just offer the most recent one and not the “older” one, which may happen on October patch Tuesday 10/13.

Reply | Quote

@ch100 –

Very good point. Ouch.

Reply | Quote

@T –

No, actually I think MS changed the patch sufficiently that Windows Update identifies it as a “new” patch, even if it’s hidden…

Reply | Quote

@NightOwl,

Thanks for the suggestion. It didn’t work; once WU was turned back on, it did a search for new updates, but the icon did not come back.

I want to emphasize that the issue is *not* just the icon. After KB3075851 is installed, there’s no longer any notification of available Windows Updates (this may apply to other WU Client patches too, but I haven’t subjected myself to them). What’s the point of asking Windows to check regularly for updates, when the notification area no longer reports any new ones that are available?

On the five Win7 machines in my household, KB3075851 was the WU notification killer on every one of them. Uninstalling that patch restores both the WU icon and the notifications.

Most important, the problem is *not* just icons and notifications. I no longer trust any Windows Update Client patches. If they don’t phone home, they can have other side-effects, and I haven’t seen anything on their plus side. They appear to have no security significance, and Microsoft supplies no substantive description of them. As long as that’s the case, I’m planning to avoid all of them.

Regards,

MM

Reply | Quote

woody-

That does make sense, thanks. There are now 2 of them on my hidden list, they’ll be joined by many more i’m sure *sigh*.

Reply | Quote

On 09/26 or 09/27, I caught up with lots of updates, some as old as April on my Windows 8.1 machine. Anything dated on or after 09/07/15 I unchecked. You mentioned KB2976978 & KB3035583, which were from July & August. WHOOPS, I installed them! Should I uninstall those 2? If one or both are snoopers, I’ll get rid of them. If they are naggers & place the ‘Get Windows 10’ icon in the System Tray, I’ll leave them be. I like to see the reminder & plan to upgrade someday, but NOT until the forced updates issue in Windows 10 is answered to my satisfaction. I use public WiFi since I can’t afford an ISP yet. Slightly off topic, what about NetZero or Karma for home WiFi? All I would like would be advice links on that subject.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

@Bill –

I would say don’t uninstall them. They’re both nag patches. Open question whether they snoop.

I haven’t a clue about NetZero or Karma. Maybe someone else here has used either?

Reply | Quote

I can’t stop Win10 trying to download when I try to download this month’s patches. I’ve tried:
http://www.infoworld.com/article/2974479/microsoft-windows/how-to-get-rid-of-the-your-upgrade-to-windows-10-is-ready-lock-on-windows-update-in-win7-and-8-1.html

I’ve uninstalled the installed patches; hidden the GWX patches; hidden the Win10 download but as soon as I try to downlad the Win10 donload starts.

Any ideas please Woody?

Reply | Quote

@Minnie –

It’s becoming a more common problem. I don’t have a solution.

I know that Josh, the guy behind GWX Control Panel, is looking into it. Let me nudge him and see.

Reply | Quote

You know sometime the monthly patch is a pain in the … (like last month) sometime it cause no trouble (like this month)

Reply | Quote

After reading I went to double check to see if I had accidently installed any of these updates. Turned out that 3083324 was on my machine. I decided to uninstall. As it happens, I had noticed some performance drop off on my machine in the last few weeks and had done a lot of maintenance activity which had not worked. As soon as 3083324 was uninstalled, performance seemed to improve. Wonder if these telemetry apps suck a lot of resources out of the machine, in addition to their other issues?

Reply | Quote

@Miles –

Possible, but it’d be almost impossible to pin down…

Reply | Quote

3083324 appeared as an Important update and prechecked on all of the Win7 machines I maintain. After UNchecking and Hiding it and also Hiding the Optional (unchecked) 2952664, 3035583, 3075249, 3080149, and 3083710 updates, I allowed Windows Update to install the remaining updates. Following the required restart, a rerunning of Windows Update showed 3083324 reappearing AGAIN marked as an Important update and AGAIN checked. UNchecking and Hiding it once more appeared to hold up after a reboot. This happened on all of the Win7 PCs I updated. Beware!

Reply | Quote

@Marty,

Sorry for rehashing this thread but I just came across your post re: the ‘WU notification killer’ KB3075851. I experienced exactly the same scenario as you and was wondering if you are still holding off from moving on to newer versions of WUC.

I am at KB3065987 (July ’15) and don’t know how much pain it would cause me to install any of the newer versions. Are you at this one as well?

If I remember correctly, many people experienced high CPU Usage (up to 100%) when downloading and installing updates with the newer WUCs installed. Interested in your thoughts on this.

Reply | Quote

@GoTheSaints

I did not install either WUC KB3083324 or KB3083710, as both appeared to be related only to Win10 and/or telemtry. There’s a November patch (KB3102810) that is supposed to address the high CPU usage issue (at least this patch has an informative description), but since I don’t have that issue I may skip that one as well.

So far, Woody has us a DEFCON 2 for all the November patches.

Regards,

Marty

Reply | Quote