MS-DEFCON 3: Time to get patched but, man, what a mess this month

Topic

New Reply

It ain’t pretty.

[See the full post at: MS-DEFCON 3: Time to get patched but, man, what a mess this month]

4 users thanked author for this post.

Lori, AJNorth, Elly, Morty

Reply | Quote

Replies

Woody – do you ever wake up, open your inbox and feeds with mouth hanging open aghast at whatever “worst-thing-MS-has-done-yet” inevitably accosting your eyes, and have the uncontrollable urge to surf over to debian.org and download that sweet, shiny little installer, free of all the evil? I know, I know…it’s not there yet. But it’s *soooo* close. I just can’t believe with every new egregious stunt MS pulls that more progress isn’t being made on making Windows a pure personal preference. I for one can scarcely wait for that day.

Reply | Quote

HA!

There’s gotta be a better way. Hope I live to see it…. 🙂

Reply | Quote

woody wrote:

Please wait until the article’s up before you wade through the minefield.

As always, thank you for your efforts to keep heads cooler while the dust settles and a limited number of folks take the initial risks.

The following are data points, which are NOT general endorsements of the patches, just observations from one reasonably serious Windows user in a small business environment, doing what we do here:

• For Win 8.1 x64 Pro/MCE I have a total of 11 days test time on the April “Group A” rollup update. I’m happy to report it has been stable and functional. April updates showing in this system, per WMIC qfe list:
  
  • 4/3/2017 Security Update KB4012204
  • 4/11/2017 Security Update KB4014661
  • 4/14/2017 Update KB4014551
  • 4/14/2017 Update KB4014567
  • 4/14/2017 Security Update KB4018483
  • 4/14/2017 Security Update KB4015550
• For Win 7 x64 Ultimate I tested the April patches for a week on a VM, and have just this morning installed the April Security Only patches for Internet Explorer and the OS on what has been an otherwise “Group W” Win 7 hardware system that has run 6 months without rebooting. The installation went smoothly (via .msu files from the catalog) and for now the system seems to be running okay, with no errors in the event logs, though only time will tell for certain. WMIC qfe list on the hardware system shows, for April:
  • 4/25/2017 Security Update KB4014661
  • 4/25/2017 Security Update KB4015546

-Noel

11 users thanked author for this post.

walker, Charlie, TonyS, Elly, JDeC, NetDef, abbodi86, AElMassry, Seff, MrBrian, woody

Reply | Quote

Please forgive me for asking this but I’ve been wondering if there is any specific or preferred  order as to how the various updates get installed?  Win 7, group B.  I’ve not had any problems so far, just curious.  Thanks.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

How I do it:
Stop the Windows Update Service
Install Security Only Quality Update, close box, install Cumulative IE11 Update.
Reboot
HIDE any telemetry patches as defined in AKB2000003
UNCHECK (not hide) the Security Monthly Quality Rollup, any driver updates, and install the rest.

2 users thanked author for this post.

slowdog, Charlie

Reply | Quote

Thanks Woody.

Under Windows 7 and 8.1, Step A3 refers to you ending up having the March roll-up patch – did you mean April?

I don’t know what others feel about this, but my own practice and recommendation is that the main Windows monthly roll-up and any .Net Framework updates should be installed separately. I think Susan Bradley has recommended this in the past.  Personally, I never run MSE updates through WU but do so within MSE.

I also usually run the MSRT update separately, although this month I think I’ll give it a miss and that may be permanent if the telemetry concerns over it continue. Might you Woody or one of the MVPs consider please running a piece on the MSRT and where we are now on whether or not to install it from here on?

Thanks again for everything.

Reply | Quote

GACK! Yes, you’re right. I’ll get it fixed right away.

Thanks!

Reply | Quote

? says:
This hack works well if you want to run the MSRT Tool w\o “snooping”. you can verify by looking at Debug in windows.

https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/

3 users thanked author for this post.

Lori, AJNorth, AElMassry

Reply | Quote

Good last point, I found a version of CompaTelRunner.exe dated 4/11; I wonder if it came with MSRT?

Reply | Quote

That file comes from KB2952664 (Windows 7 with service pack 1), KB2977759 (Windows 7 without service pack 1), or KB2976978 (Windows 8 and 8.1).

Reply | Quote

I’m using Windows 10 1607 and haven’t applied this month’s patch & also have hidden all the bad things that MS offered to me.

Reply | Quote

Thank for explaining that to me.

Reply | Quote

In April’s Windows 10 large cumulative update KB4015217 I found CompatTelRunner.exe explicitly referenced in several manifest files.

Reply | Quote

Whole Windows 10 OS is already telemetry-based 🙂
there is no point in discussing or trying to avoid it in cumulative updates

1 user thanked author for this post.

ch100

Reply | Quote

Reliable Windows 7 is the same 🙂

Reply | Quote

Yep. It is still worth knowing where those bits come from.  So you’ve had your fun, now can you or ch100 answer a serious question?

After examination of a very old version of CompatTelRunner.exe was changed by being re-compressed and I wonder what process has caused that, do older updates in the WinSxS directory get re-compressed to save space?

Reply | Quote

For the Windows 10/8.1/8 version of the MSRT, nor the April Flash security update any evidence of telemetry related files are not clearly visible.

Reply | Quote

@ anonymous#111265

Please refer to …
https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/

Reply | Quote

Thank you, I’ve read that and have taken away MRT’s phone privilege.

Reply | Quote

Per Step B4 in the InfoWorld article (“If you see any “Security and Quality Rollup for.Net Framework” boxes checked, leave them checked.”)  – Do those of us in Group B need to continue doing that rather than downloading the Security Only update (KB4014985)?

1 user thanked author for this post.

samak

Reply | Quote

The .NET Rollups are thought to be safe and not contain telemetry.

3 users thanked author for this post.

Lori, samak, SusanS

Reply | Quote

When i go to the MS catalog site and click to download the 1st option  for win 7 x64 standard, it opens a box with several links which one is the correct one to download and install

April, 2017 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB4014985)

ndp46-kb4014552-x64_32e1c3af9a27962c93682fc66584803baa729782.exe

ndp46-kb4014558-x64_900b63e9c928af1224ba91e4a0d0a14cceee92f6.exe

windows6.1-kb4014573-x64_12e4991474e5150382f317efd3fcbd8a13090ce5.msu

ndp45-kb4014566-x64_95b57712424a36cac3fc2f27fcc12e4555a80afd.exe

Reply | Quote

Instead of clickong on “download” click on the “Title” link.
Then on the right, click on “More Information”
That will take you to a page that tells which patch is for your version of .NET
(You have to find out which ver. is installed on your PC)

4 users thanked author for this post.

walker, ozbadcat, abbodi86

Reply | Quote

THANK YOU PKCano – for THIS, as I was scratching my head what to do – and also for all your other great, informative contributions you make to Woody’s forum !!!

1 user thanked author for this post.

PKCano

Reply | Quote

First of all, “Thank You” to Woody and his experts for assisting the many somewhat computer literate users like me who rely on this forum to make sense of the plethora of changes Microsoft releases each month. I am in Group “A”, and never do anything until I see Woody has changed the DEFCON Level.

My question is in regards to KB4014981. Is it safe to install? I read it caused some problems regarding Windows Powershell which my computer has (Windows 7 Pro 64 bit), but I am not sure what it does.

Keep up the good work. You have a legion of followers who rely on you!

2 users thanked author for this post.

walker, jburk07

Reply | Quote

KB4014981, the .NET Rollup, is OK to install

2 users thanked author for this post.

jburk07, woody

Reply | Quote

PKCano or Woody, I am in group B and noticed the wording for KB4014981 says Quality and Security rollup for .NET.

Is there a Security only version of the .Net or any privacy concerns with this update or is am I overthinking it just because of the work Quality?

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

Reply | Quote

The cumulative Security and Quality Rollup for .NET is thought to be telemetry-free and is safe to install.
There is a Security=only Update (non-cumulative) that is available through the MS Catalog for manual install if you want to do that.
You can find the information on both on MS Software Update Services website

1 user thanked author for this post.

Erik

Reply | Quote

Thanks for the info! The link you provided was for 2016 and I did not see anything related for 2017 .net updates; however it allowed me know use the same key words to figure out where to search and the link for 2017 .Net is https://support.microsoft.com/en-us/help/894199/description-of-software-update-services-and-windows-server-update-services-changes-in-content-for-2017

Also if anyone is interested the .NET quality and security update for Windows 7 is KB4014981 and the security only update is KB4014985.

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

Reply | Quote

The April 2017 security only .net updates were listed and linked here, and discussed here.

Reply | Quote

You can find this info at https://portal.msrc.microsoft.com/en-us/security-guidance. Check checkbox “Security Only” and use the filter textbox to filter by operating system.

Reply | Quote

Thanks. Appreciate the expeditious response!

Reply | Quote

i should prefer to wait until patching is not so dangerous.
i don’t want to install mess or even any breakage either.
and NO SNOOPING! no, thanks.

i wont’t use office until i could reasonable patch the system.

i wait until it’s perfectly clear which patches fit for group b.
and which ones should be avoided.

WAY TOO COMPLICATED in april, so no patching for me.
to be honest, currently i have absolutely NO perspective…

Reply | Quote

Can anybody explain me in a simple way what exactly is the bug with the .net patches? I’m a idiot when it come to technical names so idk what the powershell is or what it does

Reply | Quote

after installing all the patchs and rebooting finished the updates successfully WU didn belive  it and my task manager disk remain’d on 100% for WmInstaller trying to re install the cumulative update and the MSRT for like an hour with the pc un usable, then it all got fixed and the machine got of its alzheimer statues, seriously MS now is the worse company in the galaxy, this is the 1st time i get an issue with 1511 v

Reply | Quote

 

Very Important Question for the techies: I’m running an

AMD Phenom(tm) 8550 Triple-Core Processor 2.21 GHz

that must be all of four years old. Am I right in thinking that I shall be safe to instal this month’s security-only updates without my Windows Update being knocked out of commission?

With many thanks for your help.

 

Reply | Quote

Go ahead. The machine’s too old to cause problems.

Reply | Quote

Thank you so much. So there are advantages to running older machines, after all!

1 user thanked author for this post.

MrJimPhelps

Reply | Quote

Quick question, of the seriously non-techie person variety…

 

I see what we do this time and what can happen is affected by the age of the computer we are dealing with. I’m not sure how old my computer is. I got it second hand from a friend about a year ago. Is there a quick way to have the machine tell me when it was made? The only thing I could think of to try was to right click on “computer” in the start menu to access the “properties” feature, but that just seems to be giving me the Windows 7 Professional service pack 1 year info (copyright 2009).  If it effects where to look or how to do this, I’m a windows 7 group B person.

Thanks for the help – I’ve been leaning on you since the pre-windows 10 nightmare started and I really appreciate how you break everything down for us non-techies.

Reply | Quote

Sorry should have included more computer info = Intel(R) Core(TM) i3-2120 CPU @3.30 GHz.

Please let me know if you need any other info to make sense of this. Thanks again!

Reply | Quote

anonymous wrote:

Quick question, of the seriously non-techie person variety…computer info = Intel(R) Core(TM) i3-2120 CPU @3.30 GHz

Here is some helpful information:

https://en.wikipedia.org/wiki/List_of_Intel_Core_i3_microprocessors

To summarize, you have a “Sandy Bridge” (2nd Generation) CPU. You won’t have anything to worry about, that is, unless Microsoft mis-identifies your CPU.

https://www.askwoody.com/2017/two-more-casualties-in-the-unsupported-hardware-kaby-lakeryzen-windows-update-lockout/

Jim

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Try Start\Run type in “msinfo32” and hit Enter. The info may be on the first page.
If not, get the model and S/N off the tag and go the the manufacturer’s support site and the original equipment list with the date of purchase should be there.

Reply | Quote

OK, so one of the entries on that page says “BIOS version/date” with a date listed as 8/19/2011. Is it safe to assume that this is when the computer was made? If that’s accurate, then mine should be old enough to be safe, right?

Thanks for the help 🙂

Reply | Quote

That sounds like you are safe

Reply | Quote

Thank you!!!

Reply | Quote

Alternate method: Installing Win updates on Win 7 or 8.1 computers with Kaby Lake or Ryzen CPUs.

1 user thanked author for this post.

woody

Reply | Quote

Thanks woody

Reply | Quote

Win 7-64 Hm Prem … Group A …. All Importants Except Silverlight = (7) Installed without issue.

Security Mo Quality Rollup Win 7 (KB4015549); Outlook 2010 (KB3118388); Office 2010 (KB3141538); Office 2010 (KB 2589382); Excel 2010 (KB3191847); .NET Framework 4.6.2 (KB4014981); MSRT (KB890830) ……………

Reply | Quote

Woody, I hope you don’t discontinue these posts, they’ve been a lot of help to me. I followed your instructions for the Win 7.1 updates just now, but other than the Windows Defender definition update, there was just the “Preview” update. No MS security patches for Word whatsoever! Anywhere else I can find them?

Reply | Quote

The Updates for Office can be forud on this MS website

Reply | Quote

I know I come up as anonymous, but I was K before the forum began, and life just isn’t giving me time to enroll–

and yes, KB3150513 keeps popping it’s ugly head up as it did in November and December

I have two questions for the forum and for Woody and I think they will fit any MS Windows product:

1.  In your InfoWorld Article Woody, I could not tell if you endorsed installing the MSRT or implied we should skip it along with skipping KB3150513

You say Günter Born reports a problem with it.

2.  (a) Does anyone recommend disabling MSRT to get rid of heartbeat telemetry as stated is possible in this post?  I don’t actually see how this stops the telemetry and allows the MSRT to run. (b) Can people with Win 10 version 1607 Home do this is it doesn’t actually disable the MSRT but only the telemetry?

Thank you!

Reply | Quote

Thank you for all the great info, Woody!  For a somewhat computer illiterate like myself, your info is invaluable!  I am running Windows 7 and before installing the April patches, I wanted to make sure I won’t get hit with the no more windows updates allowed.  I ran Speccy like you suggested, and under the CPU (is that the right place to look?) it shows: Intel Core I3 4160 @3.60Ghz and Haswell 22mm Technology.  Would it be safe to run the patches without being blocked from further Window updates?   Thanks!

Reply | Quote

Haswells are two generations too old to worry about being blocked. You’re safe there.

1 user thanked author for this post.

pulsar

Reply | Quote

Thank you for your prompt reply!

Reply | Quote

Applied the April patches this morning following Woody’s guidelines and no problems noted!

Reply | Quote

anonymous wrote:

Woody, I hope you don’t discontinue these posts, they’ve been a lot of help to me. I followed your instructions for the Win 7.1 updates just now, but other than the Windows Defender definition update, there was just the “Preview” update. No MS security patches for Word whatsoever! Anywhere else I can find them?

I’m Win 7-64 / Office 2010 ….  just above your post (anonymous – forgot to logon) and did NOT have any Word’s offered … meaning you’re Not 2010 & a Year that you should clarify for best help.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

In Windows Update, click on “change settings”
If there is a check box that says “Give me updates for other Microsoft Products,” check it and agree to Microsoft Update. In the box at the end (if one pops up) click on “keep current settings” NOT “recommended settings.

If the box is not there, go to this website click on your version of Office, and follow the instructions to do the updates.

1 user thanked author for this post.

CraigS26

Reply | Quote

PKCano wrote:

In Windows Update, click on “change settings” If there is a check box that says “Give me updates for other Microsoft Products,” check it and agree to Microsoft Update. In the box at the end (if one pops up) click on “keep current settings” NOT “recommended settings. If the box is not there, go to this website click on your version of Office, and follow the instructions to do the updates.

Thanks, PKCano — I have chk’d already  [Give updates for MS products & chk for optional new software]; Clk’ing “go to this website” Link instructions gets me back to the same WU that I use to search for Updates (ie)  Word doc / File/ Help/ Chk for Updates/ Clk Start/ All Programs/ Clk Win Update. Several attempts produce Nothing for 2010 WORD.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

woody wrote:

It ain’t pretty. [See the full post at: MS-DEFCON 3: Time to get patched but, man, what a mess this month]

Along with your books, you should sell T-shirts and mugs: “I Survived DEFCON-3”

2 users thanked author for this post.

MrJimPhelps, Karlston

Reply | Quote

Morty wrote:

Along with your books, you should sell T-shirts and mugs: “I Survived DEFCON-3”

Woody, I’ll bet you would raise a LOT of money selling T-shirts and mugs!

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

@anonymous: I have Win7x64 Home Premium and in Group A. The MS April updates I received was for Office 2010 and Excel 2010 and Outlook 2010 which is one of the groups that Woody’s article indicated in InfoWorld regarding April MS Office updates.  I believe there was a mention about a hot fix for MS Word 2016.  I did not receive any updates specifically for Word. Not sure one was released for Word 2010 in April releases.  There was one in the March 2017 updates which MS said protected against the noted exploits. Woody and other MVP here have strongly advised to apply the March Office updates.   I do not believe I will install the MSRT tool this month since it was noted to cause issues unless Woody indicates it’s okay to install.  That was somewhat vague whether it’s okay to install the MSRT tool.  Maybe next month’s MSRT tool will not have issues.

Reply | Quote

Hi,

Should WIN10 version 1607 (OS Build 14393.969) avoid installing (hide) KB3150513 as well? I don’t want to install creator’s update anytime soon.

Reply | Quote

I had previously used Intel’s Processor Identification Utility to determine my computer has a
Haswell processor.

Today, I installed KB4014981 (.NET) and KB4015549 (Windows 7) on my system and after rebooting everything seems to be fine.

Reply | Quote

Haswell is fine. I bought a new Windows 7 computer with a Haswell processor last year, because it was on the “good” list.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Windows 7 Home Prem, Group B. I installed the Security-Only, IE, and .NET patches as usual. Thanks as always for the info and links. When I ran WU after installing the first two above, I was offered six ‘Security Update’ patches. They all look to be from 2014 to 2016. They did appear as checked, but I figured leave them off until I see what they’re about … and as we all know, the MS info is, well, you can’t even use the word info. So, wondering if I should install these (my guess is no; some of them look like they caused install errors back when they were released). KB numbers
2912320
3035126
3035132
3078601
3110329
3156016
3156019

I also was offered ‘AMD driver update for AMD SMBus’, which I unchecked as Woody has recommended not installing driver updates from WU. (My own personal trust level of WU is less than zero.) My laptop is from around 2011 with that era AMD chip. Still works just fine …

Thanks for any information 🙂

Reply | Quote

I can’t seem to be able to find the IE 11 patch for Win 7 April in the MS Update Catalog.  How do you find it?  I can type in the Kb numbers you gave and that might work, but if you hadn’t given the numbers, I’d be lost.  This is a bit baffling to me.

BTW – thanks for doing all the work for us!  I need the 64 bit version.  🙂

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

For your convenience AKB2000003

Reply | Quote

about april patches: install
Apr 2017 KB 4015546
Apr 2017 (IE11) KB 4014661
Apr 2017 KB 4015547
Apr 2017 (IE11) KB4014661

what else to install for april, what is not dangerous, not snooping or breaking something?

Reply | Quote

The patches you list are Group B patches – KB4015546 and Kb4014661 for Win7, KB4015547 and KB4014661 for Win8.1.
Install these manually and after the reboot:
1. DO NOT check anything that is unchecked by default.
2. Uncheck (not hide) the Security Monthly Quality Rollup
3. Uncheck any driver updates
4. HIDE any of the telemetry related patches listed in AKB2000003
5. Install the remaining CHECKED patches under the “important updates” list.

If you have MS Office (any version) installed on your computer, and the patches for it were not offered through Windows Updates above, you need to get the patches up to date. Instructions can be found on this Microsoft website.

Reply | Quote

thx, none of the patches to avoid in akb2000003 showed up this month, neither on win8.1 notebook nor on win7 machine. unfortunately i missed “not hide” regarding security monthly quality rollup so i did both, i unchecked AND hid the patch. i hope there is nothing wrong because i did this. as optional there was this intel patch again and it was checked, so i unchecked it. and i hid the april preview thingamajigs, which was not checked.

so i ended up installing office patches, flash, security/quality rollup for .net, silverlight patches…

Reply | Quote

the office patches were: kb3118388 (outlook 2010), kb3141538, kb2589382 (office 2010), kb3191847 (excel 2010). did it miss something important?

Reply | Quote

anonymous wrote:

as optional there was this intel patch again and it was checked, so i unchecked it. and i hid the april preview thingamajigs, which was not checked.

In the “optional updates” list, the patches are always unchecked. UNCHECKED means it will not be installed. There is no reason to deal with the patches in the “optional updates” list at all.

It is not a good idea to hide updates. If you uncheck them they will not be installed.

1 user thanked author for this post.

woody

Reply | Quote

normally optionals shouldn’t be checked, right, but this intel thingamajigs was checked for some reason. it was optional. and it was checked.

why is hiding updates not a good idea? i hid unwanted patches since 2015, since this gwx debacle…

Reply | Quote

We hid patches during the GWX debacle out of self preservation.
Most of the things we hid back then have disappeared.
However it does cause problems with the supersedence chain in Windows Updates.

There is a discussion of supersecence in this thread and in several others on this site.

Reply | Quote

With respect to the MSRT and the question of telemetry, Martin Brinkmann has a useful article at gHacks, “Disable Microsoft Windows Malicious Software Removal Tool Heartbeat Telemetry” (2016.10.20): https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/ .

Also, as the MSRT does not actually install, but rather is placed in the C:\Windows\System32 folder as MRT.exe (and initially run when downloaded), for those not concerned about having it on-board, another approach would be to simply delete the file (the latest version can always be downloaded and run as a stand-alone on-demand scanner from https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx).

Reply | Quote

so unhide everything? here is a list of updates i have hidden and there are 31 language packs (not in this list). to be honest, i expected more in “hidden” list:

April 2017 – monatliches Sicherheitsqualitätsrollup für Windows 7 für x64-basierte Systeme (KB4015549)
April 2017 – Vorschau des monatlichen Qualitätsrollups für Windows 7 für x64-basierte Systeme (KB4015552)
Dezember 2016 – monatliches Sicherheitsqualitätsrollup für Windows 7 für x64-basierte Systeme (KB3207752)
Internet Explorer 11-Sprachpaket für Windows 7 für x64-basierte Systeme
Januar 2017 – monatliches Sicherheitsqualitätsrollup für Windows 7 für x64-basierte Systeme (KB3212646)
März 2017 – monatliches Sicherheitsqualitätsrollup für Windows 7 für x64-basierte Systeme (KB4012215)
März 2017 – Vorschau des monatlichen Qualitätsrollups für Windows 7 für x64-basierte Systeme (KB4012218)
November 2016 – monatliches Sicherheitsqualitätsrollup für Windows 7 für x64-basierte Systeme (KB3197868)
November 2016 – Vorschau des monatlichen Qualitätsrollups für Windows 7 für x64-basierte Systeme (KB3197869)
NVIDIA – Display – 2/23/2017 12:00:00 AM – 21.21.13.7878
Oktober 2016 – monatliches Sicherheitsqualitätsrollup für Windows 7 für x64-basierte Systeme (KB3185330)
Oktober 2016 – Vorschau des monatlichen Qualitätsrollups für Windows 7 für x64-basierte Systeme (KB3192403)
Update für Windows 7 für x64-basierte Systeme (KB3021917)
Update für Windows 7 für x64-basierte Systeme (KB3068708)
Update für Windows 7 für x64-basierte Systeme (KB3080149)
Update für Windows 7 für x64-basierte Systeme (KB3102429)
Update für Windows 7 für x64-basierte Systeme (KB3177723)
Update für Windows 7 für x64-basierte Systeme (KB3182203)
Update für Windows 7 für x64-Systeme (KB2952664)

Reply | Quote

sorry, wrong reply button! this was meant to be a reply to pkcano:

We hid patches during the GWX debacle out of self preservation.
Most of the things we hid back then have disappeared.
However it does cause problems with the supersedence chain in Windows Updates.

There is a discussion of supersecence in this thread and in several others on this site.

Reply | Quote

Before you start this, open Windows Update\Change settings and change you setting to “Never check for updates.” then click OK. Clicking on the “Check for updates” link will perform a manual search for updates.

The first ten on your list are either Monthly Rollups or Previews.
The Previews are optional, so they are not checked by default. They are also cumulative, so when you restore them, only the latest one (because it contains the earlier ones) should show up in the “optional update” list. Because it is UNCHECKED, it will not get installed so there is no reason to hide it.
The Security Monthly Quality ROLLUPS are also cumulative. So when you restore them, only see the latest one should show up as a CHECKED update in the “important update” list.

Of the ones on the bottom, KB2952664, KB3021917, KB3068708, and KB3080149 are the telemetry related patches. If you do not want the telemetry, DO NOT check them and restore. Leave them hidden.

KB3177725 caused some problems with printing multiple page documents, but I think it was fixed. To be on the safe side you can leave that one hidden as well
The other two should cause you no problem if they end up checked and installed.

From now on, if you don’t want to install an update that is CHECKED in the “important update” list, simply UNCHECK it before you click on “install.” And don’t worry about the unchecked updates in the “optional updates” list since UNCHECKED updates DO NOT get installed.

Reply | Quote

so i’ll restore all rollups and kb3102429, kb3182203 and ie11 language pack. do i really need these three? one is for some russian time zone – i’m not in russia, the second one is related to a currency somewhere in africa or in the eastern region… don’t know what language ie11 language pack would install…

and how do i handle all these 31 hidden language packs? there are arabic chinese and all sorts of stuff, i don’t need all these languages…

Reply | Quote

You do not need any of the language packs. They were UNCHECKED optionals anyway and should return to that position when you restore them.

Reply | Quote

and i forgot to mention nvidia display – leave it hidden or restore?

Reply | Quote

If the NVIDIA driver eds up as an unchecked optional, leave it there. If it’s a checked important update, uncheck it befort installing.

AND before you start this – Be sure your WU is set to “Never check for updates”

Reply | Quote

Would it not be preferable to obtain the latest certified NVIDIA driver (WHQL) directly from them (https://www.nvidia.com/Download/index.aspx?lang=en-us)?

Reply | Quote

okay, i restored all hidden updates except the four snooping patches and the printer related one (kb3177723). now there is one important (quality rollup) checked by default and 34 optionals (preview, ie11 language pack, this foreign currency thing (kb3102429) and all these language packs.

on win81 i restored intel, nvidia, quality rollup and preview and this currency thing (kb3102429) again. there were two more (kb2976978, kb3080149), i left these two hidden as i think they are snooping related. win8.1 now shows quality rollup as important. preview, nvidia, intel and currency patch as optional. this time intel patch is not checked as it was earlier today.

the downside is, now every month when patching i have to watch what to not install.

Reply | Quote

But most of those things are UNCHECKED in the optional list. You don’t have to worry about those. You should only have to worry about the Monthly Rollup, and this month’s will disappear when next month’s comes around.

1 user thanked author for this post.

walker

Reply | Quote

@PKCano:  I have had an “optional” update pending since waaaaaaaaaay back.   It’s named REALTEK Semiconductor Corp. MEDIA-11/8/2016 .  Also says 12:00 AM  6.0.1.7882.  Released Nov. 2016, Published 3/15/17.

At one time I had 3 or 4 of these at the same time, back and forth.   It was such a mess, I’ve never installed it (and don’t know what it is anyway – – – some kind of driver I think).   It’s things like this that create total lack of trust in trying to keep the computer updated.

From your perspective you feel that KB4014981 is safe as it is or should the user attempt to verify that it is the “right one” for his/her computer?

Thank you for all of your outstanding assistance to so many of us!!    You are truly dedicated to working hard to keep us “out of trouble”.    A “TRUE STAR”!!

 

Reply | Quote

If KB4014981 is checked in Windows Update, just install it. It will install whatever is right for your computer.

Reply | Quote

anonymous wrote:

Win 7-64 Hm Prem … Group A …. All Importants Except Silverlight = (7) Installed without issue. Security Mo Quality Rollup Win 7 (KB4015549); Outlook 2010 (KB3118388); Office 2010 (KB3141538); Office 2010 (KB 2589382); Excel 2010 (KB3191847); .NET Framework 4.6.2 (KB4014981); MSRT (KB890830) ……………

I should have said I …… purposely exempted Silverlight.

It reads as though it had an issue. My bad …..

Reply | Quote

and yeah, i’m group b since this seperation into groups a and b started last year, so “never check for updates” already is set. 😀

Reply | Quote

c**p, wrong reply button AGAIN! this belongs to

If the NVIDIA driver eds up as an unchecked optional, leave it there. If it’s a checked important update, uncheck it befort installing.

AND before you start this – Be sure your WU is set to “Never check for updates”

Reply | Quote

Win7 SP1 x64 skylake i installed the .net framework 4.6.1 patch Kb 4014558

And the  security  patches Kb 4014661 & kb 4015546 for win7 and IE11

Reply | Quote

something weird: windows 8.1 update history shows that installation of malware removal tool has failed. but it doesn’t show up again if i search for updates.

Reply | Quote

Don’t worry about that one till next month – or when it comes back on it’s own.

Reply | Quote

Was it scary to unhide all that stuff. First time I did it, I sweated a little.

Reply | Quote

i wouldn’t say scary but it wasn’t a good feeling either…

Reply | Quote

Should WIN10 version 1607 (OS Build 14393.969) avoid installing (hide) KB3150513 as well?

Reply | Quote

Not the expert you seek, but I hid that update when it showed up.

Reply | Quote

Not a trouble-free update this month (I’ve never had problems before).

Installed KB 4015546 by itself – after installing it requested a restart, then hung on shutdown at the usual blue screen showing “Configuring Windows Updates, 30% complete, Do not turn off your computer”. About 2 hours later I gave up and turned off the computer. It then restarted automatically and appeared to finish the configuring to 100%, then shut down and restarted automatically again, said it was configuring at 35% ( having previously claimed 100% !) and then showed the logon screen with usernames.

Then installed KB 4014661 , it hung on shutdown again at the blue screen with “Configuring Windows Updates, 30% complete, Do not turn off your computer”.  Turned off the computer. It then restarted automatically and finished the configuring to 100% normally  and showed the logon screen with usernames.

Then checked for updates and installed the Office, .NET and MSRT updates. Restarted without issues (but it didn’t go through the “Configuring Windows Updates, xx% complete, Do not turn off your computer” malarkey).

A check of installed updates appears to show everything was installed successfully but it is a bit concerning that it is suddenly hanging at shutdown after installation of the security update.

Are there any diagnostic checks I could/should run to ensure my system is OK?

 

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

1 user thanked author for this post.

JDeC

Reply | Quote

Hello samak,

Try running the Belarc Advisor (one of my essential diagnostic tools): https://www.belarc.com/products_belarc_advisor . Review & discussion: https://www.lifewire.com/belarc-advisor-review-2625784 (one thing Tim Fisher seems not to have mentioned in his otherwise comprehensive discussion is that, in addition to listing missing critical updates and Hotfixes, the Belarc Advisor also detects updates that are not properly installed and functioning — even if Windows Updates suggests otherwise).

Hope this proves useful; good luck.

Cheers,

AJN

2 users thanked author for this post.

Elly, samak

Reply | Quote

Yes, the check disk program to clean up any possibly mild file system corruption. Here is the easy way to check your disk, you will have to know the password to your computer’s Administrator account.

1. Open Explorer.

2. Right click on your system partition usually C: and click Properties listed on the menu.

3. Click on the Tools tab, in Error Checking click the Check button.

4. Enter your password when or if you’re asked, and follow the instructions.

5. Click the Cancel button on the Properties dialog box.

1 user thanked author for this post.

samak

Reply | Quote

Hello again,

With respect to running a check disk operation (chkdsk), described above by anonymous, especially if your system drive is a SSD (solid state drive), rather than a HDD (mechanical drive), then you should first look into the drive manufacturer’s specific instructions for diagnostics and maintenance, which usually starts with a read-out of the built-in S.M.A.R.T. (Self-Monitoring, Analysis, and Reporting Technology) parameters; many manufacturers have their own tools or specific recommendations.  Here are two useful articles (many others can be found via a search):

https://www.howtogeek.com/134735/how-to-see-if-your-hard-drive-is-dying/

and,

http://lifehacker.com/this-video-explains-how-to-use-smart-to-monitor-your-ha-1790792586 .

 

Additionally, you might also consider running the System File Checker; here are two articles on its function and use. NOTE: the first step is always to make a full backup of your drive (at the very least, all the files you cannot afford to lose):

https://www.lifewire.com/how-to-use-sfc-scannow-to-repair-windows-system-files-2626161

and,

http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista .  (Be advised that certain custom settings, possibly including some drivers and OS updates, may need to be reintroduced afterward.)

Remember: before doing anything, read-up on the procedures you are contemplating (taking notes and / or creating your own outline of steps if necessary), have all the tools you’ll need (such as an external drive for backing-up, as well as software) then be careful and deliberate. Remember the old Chinese proverb: Measure twice; cut once.

Again, good luck.

Cheers,

AJN

1 user thanked author for this post.

samak

Reply | Quote

Thanks to you and anonymous for taking the time and trouble to reply. I have done the checks and everything seems to be OK. We’ll see what happens with next month’s updates.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

1 user thanked author for this post.

AJNorth

Reply | Quote

You’re welcome, It is good to read that you haven’t had any problems. 🙂

Reply | Quote

@samak:   I fully understand your frustration, because for the first time I too have had problems (nightmare) with the stand-alone IE11 update (Win 7, 64 bit), Group B, after it did its thing, it stated that it “failed”.   I finally gave up, however not without a lot of rancor in my heart!    Even though we’re at Defcon 3, I will probably wait much longer than I have in the past to trust these updates.    Your experience sounds as frustrating as mine was.    Hope the future will not bring anymore “messes” like these.

Good luck to us all with the May updates.  We are very fortunate to have such dedicated, experienced, and knowledgeable experts who help to keep us as safe as possible.     Many thanks and Kudos to them all!!

Reply | Quote

I’ve now installed the monthly roll-up for Windows and .Net Framework on both my Windows 7 machines, but have hidden the MSRT in each case.  No issues.

I’ve also established why I haven’t been receiving Office 2010 updates since last August. Although the version number indicates it has Office 2010 SP2 installed, it was in fact listed among my hidden updates from 2013 – when I was on automatic updating so I’ve no idea how that happened. Once I installed it I got another 45 updates all of which installed ok apart from 5 which were described as not needed so presumably they’d been superseded.

1 user thanked author for this post.

SueW

Reply | Quote

I wasn’t clear on Office updates… It’s been such a mess! Is it safe to install Office 2010 and Office 2013 updates for March and April now? Are there any I still need to avoid? Thanks!

(I was late with March ones, and it was Defcon 1; so I waited.)

Home User: Home Office 2010 on W7 pc; Home Office 2013 on W8.1 pc. (Still hanging in Group B, thanks to everyone’s help!)

Reply | Quote

It is safe to install the Office patches

1 user thanked author for this post.

Lori

Reply | Quote

Sorry, confused here, as far as I can see it’s only the Word 0-day that is encouraging the April updates to be applied right now?

Seems the MS-DEFCON level 3 indicates there are still other bugs in the updates.

I’m not silly enough to touch any Office attachments, so should I still apply the April Windows 8.1 patches now, or wait until MS-DEFCON goes up?

Thanks.

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

Reply | Quote

DEFCON 3 and above is the go-ahead to install updates

1 user thanked author for this post.

Karlston

Reply | Quote

Sorry, but this is the way I see DEFCONs 3 and above…

3 – Fixing security issue(s)’ severity overrides existing patch bug(s)’ severity.

4 – Some bugs remain, but easily fixed or workarounded.

5 – Fully safe.

The 0-day won’t affect me, so (with respect) I’m going to leave the April updates until either DEFCON hits 4 or 5, OR I read that the bugs are fixed/workaroundable, OR we get close to the May updates release date, whichever occurs first.

Ah… the joy of bundled patches…

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

1 user thanked author for this post.

AElMassry

Reply | Quote

same decision i made but regarding upgrading to 1607, am on 1511 which is stable compared to the last 2 versions, unless DEFCON reach 4 – 5 i wont fix whats not broken, and honestly, i consider windows feature updates breaking whats not broken, so regardless to the advice to upgrade i find 1607 the worse version with the worse updates ever specialy with our office \ work machines on 1607 losing internet connection after the last patchs

Reply | Quote

@Woody:   I’ve tried 5 or 6 times to get the IE11 update installed, and nothing is working.   After you go thru the gymnastics and it shows “installed” in the green bar, then a “sign” pops up and says this update has FAILED and shows error code 80070308.  Guess I’ve tried just about everything except starting from “scratch” one more time.    I’m utterly exhausted.  Hope someone can come up with an answer to this dilemma.

Reply | Quote

Hello walker,

One trick that sometimes works is to perform the installation in Safe Mode.  However, since the Windows Installer is not enabled in Safe Mode, use the utility SafeMSI.exe that comes in a tiny zip file (that you’ll want to extract under normal operation); see “SafeMSI.exe – Start Windows Installer Service in Safe Mode”: https://www.technibble.com/safemsi-exe-start-windows-installer-service-in-safe-mode/ .  NOTE: before trying this procedure, run CCleaner then restart Windows; let it settle-in for a couple of minutes, reboot into Safe Mode and run SafeMSI.exe; then try installing KB4014661 again.

If that does not solve the problem, then take a look at this MS Community page, “Windows 7 update fails with code 80070308”:  https://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/windows-7-update-fails-with-code-80070308/f5b42dbc-3776-4051-beb2-f4d211bb0681?page=2 which contains some suggestions — in particular, the procedure outlined in the blue box entitled “Windows Update error 80070308 solution.”

Hope this is helpful; good luck!

Cheers,

AJN

2 users thanked author for this post.

walker, Kirsty

Reply | Quote

@AJNorth:  I forgot to sign in, I’m the “anonymous” who sent the reply to your message.   My apologies for neglecting to sign in .   Thank you once again!

1 user thanked author for this post.

AJNorth

Reply | Quote

@AJNorth:  thank you for taking the tie to post all of the information you did.   Unfortunately I’m not “computer literate”, and it appears that much of it is over my head.    I will check out the link you referenced, and hopefully I’ll see something that may help.

At least if the IE11 updates are cumulative, I should get what was missed with this one that i’ve had the difficulties with (???).   I hope so.    You are much more experienced that I am, and it makes a huge difference in your ability to deal with some of the problems which are encountered with the stand-alone downloads.

Thank you once again for providing this information!    It is most appreciated!  🙂

1 user thanked author for this post.

AJNorth

Reply | Quote

Hello @walker,

You are entirely welcome!

I did not realize that you were not “computer literate” until @ch100 pointed that out to me, and I apologize for overwhelming you. Sites such as this one, with all the collective expertise available from Woody and his cadre of MVP associates (such as @ch100), are excellent sources of information and assistance.

Perhaps over time, depending on your own level of interest, you will gain information, skill and confidence.  Of course, the overwhelming majority of people have a computer to use as a tool, rather than for a hobby, and it’s unfortunate that Windows requires so much care and feeding (courtesy of everyone’s friend, the Not Ready for Prime Time company in Redmond — who, if they want to know your opinion, will tell you what it is).

Take care & good luck with your rig!

Cheers,

AJN

 

2 users thanked author for this post.

HiFlyer, walker

Reply | Quote

@AJNorth:    Hello, and thank you for attempting to help me get out of the “mess”, however I’m so “computer illiterate” that I don’t know nearly enough to attempt anything with which I’m not familiar.    Never had any type of formal “training”, and there are many programs out there which y’all use that I know nothing about.

I do appreciate your advice, and respect your expertise, and knowledge.    Thank you once again, and “Good Luck To Us All”.        🙂

1 user thanked author for this post.

AJNorth

Reply | Quote

If you find no joy with @AJNorth’s suggestions, have you tried right-clicking the file, and clicking Run As Administrator. Again, it may not help but is worth trying.

There is also a very slim chance the file did not download correctly, so if you haven’t tried a second download, give that a try too.

Another suggestion may be to try a clean boot, to do the install without any other software running which may interfere with it. (That link also contains details on how to reset it afterwards, for a normal boot restart.)
🙂

2 users thanked author for this post.

walker, AJNorth

Reply | Quote

Hello Kirsty,

That is an excellent suggestion.  However, my own experience has been that in some cases, the Run As Administrator option is not offered; even if it is, the Take Ownership option is almost always available, and if so, then I execute it first, then install using Run As Administrator (if available).

However, before I do either, the very first operation that I perform on a newly downloaded installer is to right-click on it, select Properties —> Unlock —> Apply —> OK; then I proceed as above (again, sometimes also resorting to the Safe Mode trick mentioned earlier).

Ain’t Windows just loads of phun [sic]?

Cheers,

AJN

2 users thanked author for this post.

walker, Kirsty

Reply | Quote

If the “run as” option is not available, it might be if you use Shift + Right-Click.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

@Kirsty:  Thank you for your  recommendations!  I tried the DL & Install thing about 6 times at last count and finally threw the towel in.  If the May IE11 cumulative update will correct the one I missed I’ll be relieved.  There are strange things that have occurred with my computer which I’ve never encountered previously, and I would like to know what the “Sam Hill” is going on!!   The updates show that those which were “successful” are listed, however the actual Update History stops at 1-4-17.   I most certainly never changed anything.

Dgreen’s experience is a good example of what’s occurred without the user being involved.   There is no explanation, but I can see numerous instances of these incidents occurring and it’s as if the computer is NOT under control of its owner.

Thank you once again for all of the excellent advice, and guidance you provide to all of us, Kirsty!! 🙂

 

Reply | Quote

TVM @walker. Sorry you were not able to install the update yet. The May update should be out very soon – I do hope that installs easily for you!

In the meantime, are you actively using IE11, or are you updating it as an OS precaution? If you are still using it, I suggest you use a different browser until you have updated it successfully.

Also, do you do malware and antivirus scans on your computer regularly? It may be worth trying a good scan, including rootkits, from another source than you regularly use.

1 user thanked author for this post.

walker

Reply | Quote

@Kirsty:  Thank you for your message.     I NEVER use the IE11, just have been  keeping it  updated to ensure that all of the “other” updates to the OS are kept as they are supposed to be.

Yes, I scan the computer, and use ESET (which I note has recent announced an update to its Smart Security).    Last time it announced an update, it was more for Win10 users.    Hoping this time around that it will be “ready to roll” for all of its users.

Thank you, Kirsty for your helpful advice.   It is always very much appreciated.   🙂

1 user thanked author for this post.

Kirsty

Reply | Quote

@Walker
I understand that you follow Group B for updating. There is a good chance that you missed some of the important patches on the way to the current state and you have no way to find out by following Group B.
If you wish to try moving to Group A as I suggested to you in another post, you would more than likely have a better experience and enhance the security of your computer in the process.

1 user thanked author for this post.

walker

Reply | Quote

Hello ch100,

If there were one or more patches missing, even in Group B, would not the Belarc Advisor (mentioned above for samak on April 27, 2017 at 12:30 AM) also reveal those deficiencies?  Even if were to show one or more Group A patches to be missing, then they would still cross reference to the appropriate Group B patches, no?

Cheers,

AJN

Reply | Quote

@AJNorth

Belarc Advisor would be useful if it does what it is claimed. I haven’t used it for a very long time and as such I cannot tell.
Please be aware that @walker claimed many times that even issues like DNS are difficult to understand and what I tried to offer was a simple method, already built-in Windows, without installing third-party software.
Windows Update does exactly that and there is no point in complicating things further.

1 user thanked author for this post.

AJNorth

Reply | Quote

Hello ch100,

Yes, I fully appreciate the need to invoke the “KISS” principle (especially for the less technically inclined).

Nevertheless, and not to be argumentative, I have experienced numerous instances in which Windows Update does not detect a particular patch as missing, while the Belarc Advisor shows that, while it is installed, it fails verification and needs to be reinstalled — and that doing so (utilizing the link Belarc provides to the download for the stand-alone installer) has far more often than not solved the problem.  As always, one’s mileage may vary.

Cheers,

AJN

Reply | Quote

Thank you for the information which I think you provided once more in an earlier post.
It may be the right time to give Belarc Advisor another try.
It is difficult to test though, as I would need a partially failed update which shows as installed in Programs and Features but it is incompletely installed.
It may be forced by installing a second language on a test machine, in which case many updates already installed would need to be updated. But Windows Update will generally show the same thing.
Any idea how to produce this behaviour for a useful test?

1 user thanked author for this post.

AJNorth

Reply | Quote

Hello ch100,

You are more than welcome.

As far as trying to purposefully replicate this scenario, I really haven’t a clue.  These situations have occurred on a seemingly random basis, and it has actually been several months since I last experienced one (Windows 7 Pro x64); about thirty months ago or so, I ran into this on several different machines (also running Win 7 Pro x64), but the numbers of such instances have dramatically tapered off.  (A few times, more than one update did not pass certification, and it turned out that some needed to be reinstalled in a particular order.  And, in more than one instance, I recall having to do the reinstallation in Safe Mode.)  And people wonder why Techs frequently talk to themselves… .

I hope this answer was useful; take care.

Cheers,

AJN

1 user thanked author for this post.

ch100

Reply | Quote

@ch100:  Thank you so much for your reply.   I am seriously considering moving to Group A, because I just cannot keep up with all of the problems that seem to be associated with the Group B.     I appreciate you reiterating your previous advice, and I will once again review the problems I’ve had with the Group B.

Your outstanding expertise, and knowledge are amazing,  and I appreciate you sharing it with the rest of the us.    Thank you once again!  🙂

1 user thanked author for this post.

ch100

Reply | Quote

I have found that Wikipedia generally has very good information about CPUs. Go to wikipedia.org and do a search on your processor model number or name. You will find the release date and other helpful information, and this will guide you in knowing whether or not your processor will have update issues.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

On 4/29 I patched  kb4015546 ,  kb4014661.  Had no issues.
Yesterday 5/1 I deceided to go ahead and apply kb4014981 (April, 2017 Security and Quality Rollup for .NET Framework) from my windows update list.  I had many .net framework kb’s that I never applied and figured the rollup would bring me up to date.
I unchecked all the updates listed and only left the .net framework rollup checked.
It appeared to go smoothly until………………..
When I checked to see if it was on my install list, I found out for the date and time of the download, something else got downloaded and not the above kb4014981.  I didn’t make note of what it was.

I then was taken into the continuos loop of “checking for windows update”.  My computer was acting wonky.  I went to “system restore” and saw that at the time of the above attempted download, there was an entry of “windows modules installer” listed and a “critical update”.

I rebooted my computer but the “checking for windows” loop was still happening.
I then shut down my computer waited a few minutes then restarted.  Went to system restore and restored my computer to the day before (4/30).
Checked my windows update and all was back to “normal” (whatever that is).
Checked my “install” list and that rogue kb was gone.
Needless to say, I will not apply the kb4014981 and will add it to my “avoid” list.

Windows 7 64 bit SP1, 3rd generation Intel processor, Group B, check updates but let me choose etc. setting….

sheeeeeeeeeesh!

 

 

Reply | Quote

Oh dear. I installed kb4014981 on 26/4/17 and everything’s been fine. Windows 7 32-bit SP1, AMD Phenom(tm) 8550 Triple-Core Processor 2.21 GHz, Group B.

Reply | Quote

I just checked to see available updates and I found only these two, recommended but not checked:

Microsoft .NET Framework 4.6.1 for Windows 7 for x64 (KB3102433)
Download size: 48.6 MB
Update type: Recommended
The Microsoft .NET Framework 4.6.1 is a highly compatible, in-place update for the .NET Framework 4.5.2. After you install this update, you may have to restart your computer.
More information:
http://support.microsoft.com/kb/3102433

and

Update for Windows 7 for x64-based Systems (KB3021917)
Download size: 420 KB
Update type: Recommended
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
More information:
http://support.microsoft.com/kb/3021917

So I’m leaving well enough alone and not doing an update now.

I’m running Microsoft Windows 7 Enterprise Version 6.1.7601 Service Pack 1 Build 7601

Thanks, Morty

 

Reply | Quote

MS have issued non-security .net updates in the last 24hrs, as I discovered earlier today on
Description of Software Update Services and Windows Server Update Services changes in content for 2017, but the .net KB you mention (KB3102433) is from 6 months ago.

The second update you were offered (KB3021917) is an upgrade preparation/telemetry/CEIP one!

This update performs diagnostics in Windows 7 Service Pack 1 (SP1) in order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP). This update will help Microsoft and its partners deliver better system performance for customers who are seeking to install the latest Windows operating system.

If you aren’t planning to upgrade, you won’t be needing that.

1 user thanked author for this post.

Morty

Reply | Quote

Thank you for the quick reply.

I don’t plan to upgrade any time soon. So I’ll pass on these.

 

Reply | Quote

Windows 7 SP1 x64 up-to-date until just before Apr 11 2017. Now I am being offered http://support.microsoft.com/kb/3008923

1 user thanked author for this post.

Spiff

Reply | Quote

Same here.
Windows 7 SP1 x64 up-to-date, including April 11 2017 Rollup.
And now KB3008923, “MS14-080: Cumulative security update for Internet Explorer: December 9, 2014” is being offered through Windows Update, even though the KB3008923 knowledge base article states “The update that this article describes has been replaced by a newer update.”
 Let’s see if this is corrected before or with May 9 Patch Tuesday.

Reply | Quote

Perhaps the supersedence chain will be updated with the May updates.
If this is an UNCHECKED optional, it should be ignored by default.

Reply | Quote

I am group A and have returned from hols and just installed April updates…… all except KB3008923 (Cumulative Security update for IE windows 7)  which wont install. Anyone else had a problem with this one?

Reply | Quote

anonymous wrote:

I am group A

Group A installs the “Security Monthly Quality ROLLUP for Windows” each month, which is delivered through Windows Update.
The ROLLUP consists of three parts: non-security updates, security updates, and a cumulative update for IE11.
If you have installed the ROLLUP through WU, you have already installed the cumulative update for IE11 and DO NOT need the stand-alone patch.

As best I can determine, KB3008923 latest release for Win7 and IE11 was 12/9/2014. See Microsoft Support site
It has apparently been replaced by a later update. If it is CHECKED, I would uncheck it. If it is UNCHECKED, ignore it.

Reply | Quote

Well, I just got offered from Windows Update 3 KB’s from Oct. and Dec. of 2014. Also, got offered updates for Silverlight (Don’t have it on this machine at all.) and for Office 2006 (Don’t have it either.). KB’s offered are 2987107 – 10-14-14, 3008923 – 12-9-14, and 3003057 – 12-9-14. These are “Cumulative Security Updates” for IE 11. As old as these are, Should I install them or hide them and forget about them? The updates for Silverlight and Office will be hidden, as I do not have ANYTHING for them on this computer.

Just wondering what anyone else thinks about this? Any advice would be appreciated. Thanks, in advance.
Machine is Win 7 HP SP1 X64.

Dave

Reply | Quote

Are the updates checked important or unchecked optionals? Particularly the IE patch?

Reply | Quote

PKCano wrote:

Perhaps the supersedence chain will be updated with the May updates. If this is an UNCHECKED optional, it should be ignored by default.

Regarding KB3008923, on my system, it was checked and under “Important”.
And yes, as I said, let’s see if this is corrected before or with May 9 Patch Tuesday.

1 user thanked author for this post.

PKCano

Reply | Quote

Just checked one of my machines – same thing.
Thanks

1 user thanked author for this post.

Spiff

Reply | Quote

Thanks for replies and advice. Yes it was checked as important but have now ignored it.

Reply | Quote

Pepsiboy wrote:

Well, I just got offered from Windows Update 3 KB’s from Oct. and Dec. of 2014. […] KB’s offered are 2987107 – 10-14-14, 3008923 – 12-9-14, and 3003057 – 12-9-14. These are “Cumulative Security Updates” for IE 11. As old as these are, Should I install them or hide them and forget about them? […]

Regarding KB2987107, KB3008923 and KB3003057, all three KB-articles state “The update that this article describes has been replaced by a newer update.” Meaning those updates are not current.
To me it looks that Windows Update is making a mess.
I think it’s too early to tell what is going on.
What I do, is wait for a couple of days, and see if Windows Update is corrected before or with May 9 Patch Tuesday. I think that may be wiser than trying to install those out of date patches, or hiding them.

Reply | Quote

See article on main Blog https://www.askwoody.com/forums/topic/december-2014-ie-patch-kb-3008923-is-back/

1 user thanked author for this post.

Spiff

Reply | Quote

Mine are ALL checked important. I don’t understand why I’m getting updates for Silverlight and Office. I have NEITHER on this machine. I’m tempted to uncheck and hide ALL of them.

Dave

Reply | Quote

If you have any of the Office Viewers installed, you will get updates for their components. For example, if you have Word Viewer installed, you get some Word patches b/c the Viewer is actually a cut down version of Word.

1 user thanked author for this post.

satrow

Reply | Quote

You have Silverlight and Office components installed without knowing, possible installed by other software.
Just update what is required (preferred) or do a clean uninstall until no more updates are offered for products which you believe you don’t need.

Reply | Quote

PKCano wrote:

The cumulative Security and Quality Rollup for .NET is thought to be telemetry-free and is safe to install. There is a Security=only Update (non-cumulative) that is available through the MS Catalog for manual install if you want to do that. You can find the information on both on MS Software Update Services website

All versions of .NET higher than the 4.5.X branch have built-in telemetry.

Reply | Quote

Any proof? or just the usual FUD? 🙂

1 user thanked author for this post.

woody

Reply | Quote

https://docs.microsoft.com/en-us/dotnet/articles/core/tools/telemetry

https://www.microsoft.com/net/dotnet_library_license.htm

 

1 user thanked author for this post.

MrBrian

Reply | Quote

Ability to collect diagnostics information to help developers improve the performance of server and cloud applications. For more information, see the WriteEventWithRelatedActivityId and WriteEventWithRelatedActivityIdCore methods in the EventSource class.

https://docs.microsoft.com/en-us/dotnet/articles/framework/whats-new/index#v452

Reply | Quote

The two URLs which GoneToPlaid posted in#114357 as proof of telemetry being collected mention only telemetry being collected about an app that uses .Net, NOT telemetry being collected about someone who has .Net installed.

2 users thanked author for this post.

Alice, woody

Reply | Quote

Can someone give me a link to April’s updates for Group B, Windows 7, 64-bit, Security Only — no snooping.

Thanks!

Reply | Quote

AKB2000003

Reply | Quote

I recommend that you do not install the April Security Only update. After I installed it on one of my Win7 X64 computers, Windows Update would successfully check for updates, yet Windows Update would throw an error when trying to download any update. I encountered other issues as well, including trying to uninstall the April Rollup.

Reply | Quote