Patching Windows 7 and 8.1 has turned a bit more complex than it once was. Basically you need to choose between Group A – the folks who install everyt
[See the full post at: MS-DEFCON 3: Time to get the first post-patchocalypse patches patched]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
MS-DEFCON 3: Time to get the first post-patchocalypse patches patched
Home » Forums » Newsletter and Homepage topics » MS-DEFCON 3: Time to get the first post-patchocalypse patches patched
- This topic has 427 replies, 15 voices, and was last updated 6 years, 10 months ago.
AuthorTopicwoody
ManagerViewing 426 reply threadsAuthorReplies-
JohnSeb
GuestI am still running 1511. I don’t understand “If you’re still on the Fall Update, version 1511, I say stay there until Microsoft gets a better version of the Anniversary Update, version 1607.”
I was told on a MS Website that the 1607 that I might download today is identical to the version that I might have downloaded in August and that all changes are included in subsequent KBxxx updates. Hence I do not understand waiting for a “better version” if they are all the same.
Does, in fact, 1607 itself change over time?
Thanks.
-
woody
Manager -
poohsticks
GuestI notice that you don’t mention the option of not patching at all. (Group C/W)
I can see why it would be complicated to suggest this pathway to the general public as a viable way forward.
But have you decided you would not even recommend the C/W pathway to advanced and/or brave Windows users?
-
Terry Pickleson
Guest -
David F
AskWoody PlusThanks Woody
Win7 x64 Group B here.
File downloaded and installed without problems. Checked system files which validate correctly.
After adding in the .net and Office patches I am still left showing KB3185330 (Oct quality rollup) as an important download and the optional preview.
So it looks as if the monthly quality patch isn’t removed
-
poohsticks
GuestI am considering whether to be in Group B or C/W.
If I wish to go with Group B, I would like to wait for another month (until late November) before I do *anything*, so I can see how going into Group B is working out for other people.
Would waiting for another 4 weeks before joining any group, particularly in my case it would be joining Group B,
be possible, and would it be relatively easy for me to “catch up”?Are the security-only update packages (which Group B will install) definitely going to be non-cumulative?
If they are, would that mean that in late November (when you gave the OK for people to download November’s patches),
for me to join Group B for the first time,
I would just need to install October’s Group B patch and then November’s Group B patch, and then run Windows Update to pick up 2 months’ worth of Office updates, in that order? -
Charlie
Guest -
Karlston
Guest -
JohnSeb
GuestThanks for responding, but I am sorry that I did not make myself clear.
Are the eight cumulative updates contained in the 1607 that I might download today, or are the updates contained in the subsequent KBs that I would install after 1607 is installed?
Thanks.
P.S. I hope your optimism is justified.
-
louis
GuestIf one goes to the MS Update Catalogue it seems the only search that returns a result is “october 2016”. If one puts in an exact KB 3192391 the response is…
“We did not find any results for “KB 3192391″”..
The can’t find an October Security Only Update??
Are they serious?? First, it worked the other day with various search terms. Now, the only search term that seems to work is “october 2016” which returns 995 results.
Maybe they should engage Google search to search their Update Catalogue for users.
Good grief.
-
PKCano
ManagerEarlier this month, when I was experimenting with the patches, I tried two different scenarios.
First case, I installed the security-only patches from the Catalog first, then the unchecked preview (I think Sept patchs KB3185278/KB3185279 were just called rollup) of non-security patches on Win7/8.1.
Next, I reversed the order, with the non-security rollups first and the security-only second.
In both cases, I was still offered the Security Monthly Quality Rollup (the combined security and non-security conglomeration) after the installation of the two separate patches.
Just saying – those of you in Group B need to be alert when you go back to WU for the non-Windows patches.
-
woody
Manager -
woody
Manager -
woody
Manager -
Duffy
GuestWoody, I used to have 3 pc’s on Windows 7 & 10 and now I have only 1 on Win 7; the rest I moved to Linux. It’s easier to learn a new OS than it is to have to deal with the fiasco of Microsoft’s privacy concerns. I will still follow you due to the Windows 7 PC I have and appreciate all that you do!
-
louis
GuestThanks,…it’s so hard to imagine they can’t get searches of their upate catalogue right!!
Id they can’t get a search of their own databases right, what kind of confidence does that give a user to download and install these (large) updates without knowing what’s in them?
I’m slowly sliding into Group W…and I don’t really even want to go there.
-
prk280
Guest -
woody
Manager -
JDeC
Guest -
JDeC
Guest -
Manaka
GuestIf you want to be in what Woody and others have labeled as “Group A,” i.e. willing to roll with Windows 7 telemetry/snooping/whateveryouwannacall it, then install it.
I myself am firmly in the Group B camp, and after I installed the October 11 Security-Only Quality Update (KB 3192391), I checked Windows Update, and sure enough, there was KB 3185330, the “October, 2016 Security Monthly Quality Rollup for Windows 7 x64-based Systems,” coming in at just like you said, 119.4 MB. I unchecked it, and only installed 3 updates: a .NET update, the latest MSRT, and the latest Defender update. I don’t use M$ Office, so no updates there. Under the Optionals, the preview update was there, unchecked. Left it that way, rebooted after the 3 updates, and am happily back in my “Never Check for Updates” foxhole. 🙂
-
Andy
GuestWoody, thanks for the detailed instructions. I just installed the “Security Only Quality Update for Windows 7,” rebooted, and am in the process of doing a Windows Update scan. The scan seems to be going nowhere fast… do we still have to go jump through some other hoop(s) to get that to work (note: my scan was quick in September)? What is the latest procedure?
Thanks -
Anonymous
GuestI was reading Susan Bradley’s patch management letter for W8.1 and her recommendations seem to come down on the side of so-called Group A, i.e., install October patch KB3185331. I have been going back and forth between doing Group A or just installing the October security only patch. There are obviously pros and cons to each approach but the notion that pushes me toward Group A is a hunch that the security only option will be increasingly difficult to sustain through time because MS is notorious for not keeping the distinction between security and non-security updates perfectly clean. Telemetry points per se do not trouble me if their purpose is solely to provide info to understand and maintain OS integrity. Unfortunately MS poisoned the well for many folks with their GWX malware tactics and I feel that has tainted the decision making process on which fork in the road to take for future updating. I would be interested in others’ thoughts at this juncture.
-
The Real Allan
GuestGreat, detailed InfoWorld article, @Woody. Thank you.
However, it’s too complicated for me on Windows 8.1, and I don’t trust Microsoft even for their security updates, so I’ll stay in Group W for now. Still working on getting Linux.
I did download the October Flash update for IE 11. I can’t do without Flash. I’ve tried.
I don’t use IE 11 normally, but just in case, and to try out the Update Catalog.Contrary to what some people have said, one must get the Flash update for IE from Microsoft and not from Adobe, or I would have got it from Adobe, as I do for Firefox and Opera.
-
T
Guest -
PKCano
Manager -
PKCano
Manager -
Doc
GuestGuess I’m taking Group A on my W7 Pro x64 notebook due to convenience purposes…
Well I just installed all updates flagged as important, and after that one more update just popped up: KB3177467…
The documentation doesn’t say much about it, so I’m not completely sure on what does it do… Should it be installed?
-
woody
Manager -
woody
Manager -
PKCano
Manager -
Anonymous
Guest@JohnSeb
For Windows 10 –Do not install 1607 Anniversary Update unless you absolutely have to or are intent on doing it.
Woody has been advising we stick with the fall version 1511. Install the updates that he had us hide in the beginning of October for version 1511.
He will give everyone a go-ahead to install 1607 at some point, but that point is not now.
Those have been his general directions since the anniversary update version 1607 came out. Wait until version 1607 is stable and stick with version 1511.
I don’t mean to be stepping on toes, but I don’t think Woody quite understood what you were asking. I don’t think one should necessarily take what Microsoft people say as the gospel.
So far, for me anyway, Woody’s advice has worked perfectly.
I do have to install the October updste for version 1511, but up until this point everything has gone smoothly that he has advised.
-
poohsticks
Guest@The Real Allan,
re: “Contrary to what some people have said, one must get the Flash update for IE from Microsoft and not from Adobe”
For Windows 8 and 10, people do have to get Flash updates from the Microsoft Update Catalog or Windows Update.
However, for Windows 7, people obtain the Flash update directly from Adobe at:
https://get.adobe.com/flashplayer/I go to that site to update the Flash on my Windows 7 computer every couple of weeks.
(I don’t think that Windows 7 even has the option of receiving Flash updates through Microsoft.)
-
Dino
Guest -
PKCano
Manager -
poohsticks
Guest@T,
The “Group B” rollup that Woody is telling people to install today IS security-only.
There are several different rollups offered, so one must be careful when choosing which kb number to install, but the Group B rollup is said to only contain security patches.
That is the whole point of there being a Group B path, to limit patching to security-only updates.
-
poohsticks
Guest -
prk280
Guest -
poohsticks
GuestI am disappointed to hear that after you installed the Group B security-only update package, your Windows Update scan is still slow!
On another thread in the last week here, there was talk that the Windows Update scan would be fast after installing this month’s update package.
(However, on that thread maybe they were talking about installing the security + non-security update package,
and not just the security-only update package, which is what I was talking about on that thread.) -
ht
GuestWoody, Using Windows Update I typically uncheck everything, then check only the KBs I want to download after checking your websites and Susan Bradley’s articles/advice. With Msoft’s new system, I’m starting off in group B and am wondering:
1)Will downloading/installing the security only KB trigger “creating restore point” before installing as Windows Update did in the past, or should we manually create a restore point prior to downloading the security only KB? (I realized we can still uninstall the updates, but having a restore point is reassuring.)
2)Since we need to run “check for updates” via Windows Update to get Net, Office etc. why isn’t it OK to continue to choose “Notify but don’t download” rather than “Never check for updates” – is the latter the only setting that allows us to manually download the security KB from the Windows Update History page?
3)Does starting in Group A physically preclude later using the Group B procedure when you say (in your 10/10 InfoWorld piece) that “there’s no way to move from Group A to Group B without completely reinstalling Win7 or 8.1” OR are you saying the only way to be totally “clean” of unwanted downloads is to reinstall the OS?
-
dgreen
GuestWindows 7 64 bit windows server 2008 R2 x 64 Currently GROUP B…. Reporting in.
I did the group B update per infoworld instructions. I actually downloaded to my folder then installed it. It went very well. Restarted computer and did a windows update scan which took about 3 minutes. The .net framework rollup was there and the kb3185330 (October 2016 security monthly quality rollup for windows was there both checked.
I unchecked kb3185330 (per your instructions), I also hid it, and ran the net frame. Rebooted the computer.I went and checked the updates again and KB3177467 (service stack update) as important now appeared. If I remember correctly someone here said a few days ago that it was in the catalog it was now rated as critical. True?
another thing….
I had about 12 restore points (I checked before I did the updates) and they are all gone except the 2 created for todays updates.
I know many don’t like system restore but I’ve used it a few times and happy to have had a restore point to go to.The other thing I wanted to ask is on the download pages of the KB articles, there was another download update for windows server 2008 R2 x 64 (which is what I have) with the same kb3192391 as the Windows7 64 bit update which is the one I downloaded. Am I suppose to download both packages?
-
ch100
AskWoody_MVPSeriously? This is very interesting if true.
Because the other way around makes the Security Only required in WSUS.
Not the same happens with the .NET patches which are handled correctly.
I am wondering if they messed up the detection which is even more weird because the Security Only and Security Monthly have been revised twice, so now we are at the third version.
For the first revision there is description that the supersedence was revised, while for the second revision, the same day, there is no description at all. -
John
GuestDidn’t see a comment or recommendation on Update for MSE 4.10.205.0 (KB4294525).
Necessary? I’m leaning toward group W since it is all a bit much for little payback. MSFT has cause more trouble than help over the last year and half with updates and it doesn’t seem worth the effort anymore.
-
ch100
AskWoody_MVPSusan Bradley is right in her advice for minimising potential problems.
Group B is not for end-users and Woody will end up supporting all those users who choose Group B as de facto system administrator of their systems, because there will be no support coming from Microsoft for a configuration meant to be used only by enterprises and even so only if they have special requirements.
Otherwise, the Group B style of patching is correct for securing the systems, less so for making them reliable with minimal effort. -
ch100
AskWoody_MVPIf you’re already running 1607, there’s a servicing stack update, KB 3199209, which seems to be causing problems for some people. You’re probably better off avoiding it for now.
I had problems with the servicing stack update KB3199209 which was looping during the installation.
I ended up downloading and installing manually and it has been fine since then.
You will have to install this update eventually and it is probably better to do the manual install if Windows update fails to install it. give it a go to WU first, nNote: Very important, install KB3199209 separately with reboots between installations.
-
prk280
GuestWithout comparing the long list of files affected by the updates described by Microsoft in October’s KB3192391 and KB3185330, I cannot detect in Microsoft’s descriptions any difference between these two patches other than the inclusion in KB3185330 of fixes in KB3185278, September’s update rollup. In other words, for anyone who has already installed September’s update rollup, there is effectively no difference between installing KB3192391 and KB3185330. Am I thinking about this correctly?
-
Dimk
Guest -
Dimk
Guest -
Anonymous
Guest -
louis
GuestHere’s the scenario…W7…
User does the .NET Security Rollup for October.
No Security Only Update and no Monthly Rollup.Come November patch Tuesday, will a speed up patch 1- be needed for a Windows Update check, 2- if a speed up patch is needed would it have been in October’s Security Only Update or the Monthly Rollup?
My “hope” is that there will be no further need for speed up patches…care to venture a guess how this will go down going forward?
Thanks
-
derma
Guest -
Charlie
Guest -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
Marty
GuestSo, even for Group B folks, why bother to go through the manual update this month? (Next month may be different).
Here’s my argument (rebuttals will be appreciated).
For October, WU offers KB3185330 (“monthly rollup”), whereas the “security only download” is labeled KB3192391 (“security only”). But both of them apparently contain exactly the same collection of patches, to wit:
MS16-101 Security update for Windows authentication methods
MS16-118 Cumulative security update for Internet Explorer
MS16-120 Security update for Microsoft graphics component
MS16-122 Security update for Microsoft video control
MS16-123 Security update for kernel-mode drivers
MS16-124 Security update for Windows registry
MS16-126 Security update for Microsoft Internet Messaging APIGiven that there’s nothing in KB3185330 that isn’t also in KB3192391, why shouldn’t Windows 7 Group B partisans just use WU this month, with “Give me recommended updates” UNCHECKED? That should deliver exactly the same patches that the manual download would deliver, plus additional (“important” .NET and Office patches that Group B folks would be looking for anyway, even if they first installed KB3192391 manually.
-
Just Sayin’
Guest -
ikester
GuestOk,I admit I am a dummy. I am confused. I’m ready to throw in the towel and join group A, strictly for convenience. I am running win7x64 pro.
If i go to control panel/windows update, I have two Important updates (checked). They are
KB 3188740, (Oct. security and quality rollup for .net etc) and
KB8318330 (Oct. security monthly quality rollup etc.Can I just click OK and download from here? Your infoworld instructions are much more complex, and frankly, I feel totally overwhelmed. Ready to simply ignore all updates until my machine explodes.
What to do? Thanks.
-
ch100
AskWoody_MVP -
T
GuestBut the thing is the .net framework update in windows update is a rollup. People should be aware that there is a separate security only .net framework update, as shown here – https://technet.microsoft.com/library/security/ms16-oct (about half-way down the page)
-
poohsticks
Guest -
Inew
GuestIn your InfoWorld article, is there a reason why you instruct Group B, Step 7 to install Security and Quality Rollup for .NET Framework (KB3188740) (via WU) instead of the Security Only for .NET Framework (KB3188730) (manual)?
Choosing Group B, I feel compelled to install the Security Only one, yet I’m also one to follow instructions exactly. So I will hold-off on the .NET one until I’m less confused.
By the way, I only learned of “this game” and of you and your work this October, and I feel as if I discovered a goldmine. THANK YOU Woody, for helping me and likely millions of other people.
-
zero2dash
GuestI have September’s updates installed, and now October’s Security-only patch. It still wants me to install the Quality and Security updates through Windows Update – which shouldn’t happen.
I’m assuming this will be a revolving issue going forward, and leads me to believe there’s some unpublished hidden garbage and/or changes in the WU patches since they’re trying everything to get me to take them. (Win7 x64 Pro systems here)
-
poohsticks
GuestI do not feel that Woody has quite that much responsibility to the readers of his articles who chose to follow his advice (any of his advice about anything),
for him to be seen as the “de facto system administrator” of thousands of strangers’ computers.It’s up to each one of us to understand enough about what Woody is saying to know why he is advising something and why we are choosing to follow that advice.
Except for uncontrollable things that *Microsoft* forces onto our computers, everyone who owns their own computer (not a company-provided or school-provided one) must assume that anything they do with their computers is of their own volition and at their own risk.
Other computer experts, and ordinary users, from around the world, who have no particular ties to Woody and who may not even normally read his articles, will also be trying to follow a Group B approach, because it is merely a logical and prudent approach in many ways. The fact that it was a natural idea that various people had thought of for themselves was clear even in Nathan Mercer’s Q&A from weeks ago.
I wrote last week of Woody,
“We should not need an external Woody figure (who investigates, translates, distills, and instructs) to keep our simple, bedded-in, home-user systems running without major derailments. But we do need one, and we are lucky that we have him,”
but that doesn’t mean that he should shoulder an impossibly enormous responsibility of being thought of as administrating the computers of countless strangers.He recommends various sets of actions by drawing upon the knowledge that he has, after researching and testing exhaustively, but the buck stops with each one of us.
—–
It is already the case that “There is no support coming from Microsoft”, even when the user has been as compliant as possible, so that isn’t an argument against/for choosing any particular updating pathway now.—–
Saying that “Group B is not for end users”… well, that is not true.Any possible path is an option for end users; Microsoft does not dictate what we do with our pre-Windows-10 machines.
End users of pre-Windows-10 machines are not beholden to allow the company’s unexpected, heavy-handed, half-cocked changes in Windows updating and Windows telemetry.
Microsoft in its own forced operations upon individual machines does screw up machines, sometimes permanently, sometimes at a great cost of time, money, stress, and data loss to individuals, so they are not a haven of benevolent safety and security.
Furthermore, the compliant Group A seems destined to have some major bumps in its pathway, due to the unwieldy nature of the massive, cumulative rollups that will steamroller their way onto machines that may or may not be able to cope with it all (such as my machine, which would be screwed up by a Group A approach, and Microsoft would not care.)
There are several compelling reasons why Group C is being said by multiple people, including IT experts, to look like it could be the safest of all to follow, at least for the time being.
-
poohsticks
Guest -
Jean W
GuestThe new all-in-one security-only patch has
saved me heaps of work; previous to this month, going
back to last November when Win Update began its
rubbish behaviour, I’d been having to research every
single security patch via the MS Security Bulletin
tables.As a kind of admin for the family members still stuck
with MS systems that need to face the Net, I’m very happy to be able to hand back the research work to them, with Woody’s how-to for group B. -
ch100
AskWoody_MVP -
ch100
AskWoody_MVP -
ch100
AskWoody_MVP -
Lyn
GuestWin 7 SP1 x64…
Just installed the October Security Only Windows update (KB3192391). Looked then for the Security Only .NET 3.5.1 update as per the Infoworld article method, but could only find Security and Quality Rollup (KB3188740 in Windows Update) – so installed that.Immediately afterwards, I did find the Security Only .NET 3.5.1 Update (KB3188730) in Microsoft Update Catalog (which seems to be working again now).
I would like to uninstall KB3188740, but can’t find out how (so that I can then install KB3188730 in its place). Can anyone help here?
Many thanks.
-
ch100
AskWoody_MVP2. Check for updates triggers the AU client every time it checks and there is a possibility that it would run at high CPU/high RAM usage, depending on the patches you have installed previously. This happens by default once every 22 hours, randomised within -20% of that interval. Also runs TrustedInstaller which is useful as it cleans up the servicing stack and old log files. This also takes resources and can run for a long time, but as I said it is generally useful. Antivirus may contribute to the resource use in addition to the normal use due to the Microsoft services.
Never check for updates does not trigger the agent unless you run it manually and it does not consume CPU and RAM resources while not in use.
You have the facts, now you can choose which is the best setup for you.
I would recommend Never check…, but this require discipline and actually require the end-user to run the agent when the time comes and be patient with it.
Considering the issues mentioned above, as Woody says, they are functionally equivalent. -
ch100
AskWoody_MVPI think Woody is not giving advice for Windows Server, although some of us here shift the debate into that direction now and then.
You have no reason to belong to Group B on Windows 2008 R2 unless you belong to an organisation which has specific compliance requirements.
System Restore on Windows 2008 R2? Are you sure? -
ch100
AskWoody_MVP -
Anonymous
GuestIs there a reason why it is mentioned to download the .Net Security Update via Windows Update rather than just downloading it via https://www.microsoft.com/en-us/download/details.aspx?id=54007 the same way one would download the Security Only Update (KB3192391) from https://www.microsoft.com/en-us/download/details.aspx?id=53990?
-
poohsticks
GuestAs I was doing the dishes tonight, it occurred to me that I was thinking of everything as a “rollup” partly because Nathan Mercer had several times referred to the security-only update package as a “rollup” in his Aug 15 Technet Q&A about the new system. Some examples:
“We are purposely releasing Security-only as a rollup but not cumulative like Monthly rollup is.”
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-11975“Driver updates are not included in Monthly Rollup or the Security-only rollup”
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-10585Looking at the newer comments on there, around the beginning of Oct., Nathan Mercer started saying “monthly rollup and security-only” (just the adjective without a noun), then towards the end of Oct. he finally called it a “Security Only Quality Update”.
—
Even Michael Niehaus’ October Technet overview several times appeared to use the word “rollup” to refer to both types:“The security-only and monthly rollups will contain fixes for the Internet Explorer….”
“The security-only, monthly rollup, and preview rollup will not install or upgrade to these versions….”
“…existing automatic approval rules in WSUS would approve both the security-only and the monthly rollup each month….”
However, they clearly referred to it as an “update” rather than a “rollup” in most of that document.
—-
They could have done a better job of giving these things more distinct names, though they probably tossed the words “security” and “quality” into all the titles so as to confuse customers into just installing the whole lot. -
Bee
Guest -
G.B. Miller
Guest -
dgreen
Guest -
The Surfing Pensioner
Guest -
Jim
Guest -
woody
ManagerIf you’re in Group A, yes, install it.
The worst problem I’ve seen is that it fails to install. If you can’t get it to install, follow the suggestions on this How-To Geek post: https://discuss.howtogeek.com/t/windows-update-kb3177467/52944
-
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
woody
ManagerYou bet.
I didn’t recommend manually installing the .NET Framework update from the Catalog because it seemed to be a huge amount of effort, with little benefit. I may be very wrong – wouldn’t be the first time – but I don’t think the .NET non-security patches pose much of a threat to anybody. And the amount of effort to install the security-only .NET patches just isn’t commensurate with the benefit received.
Of course, I’m very open to hearing otherwise! If anybody has an example of a non-security .NET patch installing a snooping routine, I’d love to hear about it.
-
woody
Manager -
woody
Manager -
woody
Manager -
The Surfing Pensioner
Guest -
woody
Manager -
woody
Manager -
PKCano
ManagerHas anyone tried manually downloading and installing the servicing stack update KB3177467 first? Since it’s a stand-alone install (has to be installed alone then reboot), my experience when I was testing was it didn’t appear in WU until after all the other patches were installed. I would think that might help.
Unfortunately, it’s too late for me to try that, as I have already taken care of the Oct updates.
-
Jbird
Guest -
Just Sayin’
Guest -
PKCano
Manager -
PKCano
Manager -
dgreen
Guestch100
I am curious why you posted that I have no reason to belong to Group B on Windows 2008 R2, are you suggesting I be in Group A? Trust me, it would be much easier in the long run, but I am convinced 3 years ago a MS update fried my XP computer when I had “automatic updates” checked.
When I bought this computer with Windows 7 Home Premium in October 2013, one of the first things I did was uncheck “automatic updates”. I’ve only updated “critical” updates until recently to fix the “slow” scans.
Yes, I have System Restore on my computer. It sounds like are you surprised.I have had problems in the past with restore points disappearing. Apparently this has been an issue with Windows 7 as I found out in my research.
I did manage to find a fix by doing a Vssadmin command to resize the shadowstorage, and then delete and recreate the paging file.
If I remember correctly MS knew of this problem and never fixed it. -
PKCano
ManagerSystem Restore has a set (limited) amount of disk space, expressed in % of total HDD spaace. Older restore points may disappear if the disk space is used up.
In Win7, Control PanelSystemSystem Protection highlight the C: drive and click “Configure” to increase/decrease the space System Restore can use. Remember, this is usable hard drive space you are dedicating to System Restore, so don’t go overboard. -
Just Sayin’
GuestHere are my thoughts, for what they’re worth.
1) I don’t see any problems with waiting another month. The 3-4 weeks that Woody has taken for years before giving the all-clear has never caused any problems that I know of and back in the days before Microsoft became Malware, Inc. I occasionally missed a month and it never caused any ill effects.
2) Yes, according to everything Woody and others have said you would just have to install October’s Group B patch, then November’s Group B patch, then run Windows Update and pick up two months’ worth of Office updates. -
wdburt1
Guest+1.
Much as I respect @ch100’s many contributions here, my reaction to his statement that Group B is not for end users was “More agitprop.”
I understand that those of us who post such statements here cannot (and should not) make the full case each time, but it is important for newcomers to understand that a toss-off, conclusory statement such as this does not mean that it is a settled question.
-
PKCano
ManagerIf you read closer I think you will find the description for KB3185330 says it contains what is in KB3185278 (the non-security Sept rollup) plus the list you provided of the security fixes.
That means KB3185330 contains both security and non-security patches, where KB3192391 contains ONLY security patches.
-
Lyn
GuestPls disregard. Forgot about System Restore (haven’t used it for so long). Ran System Restore taken just before running KB3188740 (.NET 3.5.1 Rollup) and KB3118312 (Word 2010) from Windows Update. Both subsequently reappeared in Windows Update, so I assume that the Restore was successful. Then reinstalled KB3118312 (Word 2010) and installed KB3188730 (.NET 3.5.1 Security Only) downloaded from Microsoft Update Catalog. All OK once again!
-
Doc
GuestI’ve just figured out why people are apparently getting randomly hit by the KB3177467 update…
Since it has a known bug of hanging on reboot when it is installed together with other updates, apparently MS has “isolated” it from other updates making only possible to install it alone, avoiding the buggy scenario…
I’ve come to this conclusion because after installing the round of updates yesterday, KB3177467 popped up, and the two Optional updates I had just disappeared… Today after a scan when the Defender Definitions hit, KB3177467 vanished and the two Optional updates showed up again… After installing Defender Definitions it once again appeared alone…
I’ve just installed the KB3177467 servicing stack, the install went fast and did not require a reboot (but I did it anyway), scan after took about a minute and again, the two Optional updates were back, probably confirming my theory…
-
The Real Allan
Guest -
James Bond 007
Guest -
woody
Manager -
woody
Manager -
woody
Manager -
woody
Manager -
dgreen
GuestDoc,
I think you are absolutely correct with your conclusion.
.
KB3177467 didn’t show up for me until after I updated the patches I wanted and then hid the updates I didn’t want.
Then I did another windows update check and that is when KB3177467 appeared by itself.
I think that is exactly what is happening. -
PKCano
ManagerCheck these out. I’ve been asking/talking about this – even before today.
-
lizzytish
AskWoody LoungerJust wanted to add my 2 bits, and thought this is an appropriate spot. @ikester…. join the club… there’s quite a few of us dummies around!!
Firstly thank you Woody for making all this easy!
Think my head would be swimming if it weren’t for your input. I followed your instructions on how
to access and download the necessary Security Patch on both my Win7 and my husbands Win8.1 machines.
(I used my tablet to read the article on InfoWorld as I was working on Win7 & Win8.1)I downloaded the patch and then installed, rebooted, and went into WU unchecked the ones I didn’t want and
proceeded to install the .Net patch and the Office ones (2007) All went amazingly smoothly and without any delay.
Now I have both machines set to “Never Check”………. all is well that ends well!For those of you who are concerned about getting your head around all this and fearing the worst….
don’t….. with Woody’s expertise I can assure you
it’s a breeze (haha! that rhymes!)…… but seriously….. personally reading all the comments and all the details about this and that patch…. it’s true you get the feeling……. oh! gosh this is too much. But in the end it’s not. Just one Security Patch and a couple of others and your done and dusted.Thanks Woody et al………. You’re the TOPS! LT
-
prk280
Guest -
Dimk
Guest -
woody
Manager -
Marty
Guest@PKcano — You are right, thanks.
Answer: KB3185330 (via Windows Update) also includes KB3185278 from September 20, 2016. That latter patch included the items below (quoted from Microsoft). However, even though I tend to be very wary of MS, I don’t see anything objectionable in this particular list. Do you? Regards, MM.
————————————
This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:— Improved support for the Disk Cleanup tool to free up space by removing older Windows Updates after they are superseded by newer updates.
— Improved compatibility of certain software applications.
— Removed the Copy Protection option when ripping CDs in Windows Media Audio (WMA) format from Windows Media Player.
— Addressed issue that causes mmc.exe to consume 100% of the CPU on one processor when trying to close the Exchange 2010 Exchange Management Console (EMC), after installing KB3125574.
— Addressed issue that causes the Generic Commands (GC) to fail upon attempting to install KB2919469 or KB2970228 on a device that already has KB3125574 installed.
——————————-
-
Chris
GuestWhy is it that Microsoft’s (d)evolving patching / update system – and the related hoops and hurdles that one must now jump through and over to get only what they truly need, rather than what Microsoft truly WANTS – is reminding me so much of the early days of Linux distributions?
…and those Linux distributions are now so straightforward and convenient. You know – like how Microsoft’s system used to be?
The only real difference is that the unfortunate complexities in those early Linux days weren’t due to / caused by bad intentions towards the end user.
:p
-
brandy
Guest -
Anonymous
GuestI might add that neither Group A or B represent optimal patching approaches; rather they are alternatives imposed upon users by MS for reasons solely beneficial to MS. Group A and B are simply bad choices as updating protocols as A allows MS to install whatever it wants, whenever it wants and Group B will have to struggle over time with inconsistent documentation of what constitutes security versus non-security updates. In many instances, I suspect there will not be sufficient documentation that is available to sustain a pure Group A versus Group B strategy and at some point W7/8.1 systems may have to move to Group W status. My comments are a polite way of saying that MS has really pi$$ed me off over this last year with this latest crap and the prior GWX nonsense. Long term many users should just be on the lookout for migration options and abandon MS to the extent their individual circumstances allow. The comments by Ch100 are generally well-grounded technically but sometimes grant MS the benefit of the doubt that they currently no longer appear to deserve. I am technically capable of doing Group B but I doubt that it is an approach that users will be able to sustain because MS can easily sabotage your efforts whenever it suits their purpose. I apologize for sounding like a Debbie downer.
-
ht
Guest -
zero2dash
GuestBut even you say for Group B users to rely on WU for the leftovers other than the Security-only update, and I think this will cause confusion with most people because they’re being given the same updates they’ve already installed.
For instance, October’s Security & Quality rollup (KB3185330) is the October Security-only patch (KB3192391), plus the September quality rollup (KB3185278).
I had already installed KB3185278, and I’m in Group B, so I installed KB3192391 by itself. I’m covered. Both patches are installed. So why then am I being given KB3185330 through WU? Obviously something’s different in there; something unpublished.
Because of that, I think you have to remove your recommendation for Group B to use WU for *anything*. It can’t be trusted. Group B’s job is now exponentially more difficult.
Secondly, I’m not being given the September servicing stack update (KB3177467) on any systems I’ve installed Security-only. However, a few of the workstations on our domain that did install KB3185330 have been given that servicing stack update. Again, I question ‘why’? If I hadn’t seen that update offered to those systems, I wouldn’t know to install it on the ones that haven’t been given that update. (Which I haven’t done yet, because it smells suspicious to me that obviously KB3185330 does something that then kicks off the recommendation of the September stack update.)
I hate to say it, but I think MS is intentionally blurring the lines between A and B, and almost making B impossible. The continued sabotaging of their users is absolutely disgusting; the sad thing is, it probably won’t bring the severe consequences that they deserve, because too many mid/large businesses and enterprise have to use Windows and they’re the only game in town because of that.
-
woody
ManagerYou have a good point, but I’m not 100% convinced that “October’s Security & Quality rollup (KB3185330) is the October Security-only patch (KB3192391), plus the September quality rollup (KB3185278).” Even if the contents of the patches themselves are identical, there’s still something in Windows Update that doesn’t want to live with the discrepancy. Might be a problem with WU.
The fact that you installed 3185278 kind of takes you off the Group B trajectory. There’s a transition period here, and it’s anybody’s guess which is the right way to bob or weave.
The Group B folks still need to update Office – and anything else that may come down the pike. Doing so through the Update Catalog would be a Herculean task.
As for Microsoft’s intent… man, I gave up on trying to figure it out when Get Windows 10 rolled out the update chute. Sigh.
-
woody
Manager -
woody
Manager -
Charlie
GuestThe one you’re describing looks like KB3192391 for Win 7 X64 and is 79.2 MB in the MS Update Catalog. I could do this and hopefully just get the Security Updates. But I haven’t seen anything on how to get Office Updates! Also, I don’t remember seeing the Cumulative Security Update for IE-11 in the above mentioned security update. The Catalog didn’t have any Office updates for Oct. the last time I checked a few days ago.
-
zero2dash
GuestTo further muddy up the works, WSUS Offline just gave me 3177467 (Sept. servicing stack). Once I rebooted and re-ran WSUS Offline, it gave me
– 3188740 (even though I’d already installed the .NET Security-only update 3188730)
– 3192321 (Turkey DST)
– 3185330 (Oct. security & quality)
– 3018238 (? No idea why, this is supposed to only be for Server 2008R2 and 2012)IOW, a tool that I once was able to rely on is now apparently going to muck up systems as well.
Ugh. [facepalm]
-
PKCano
ManagerKB3185278 was an UNCHECKED OPTIONAL. If I’m not mistaken, it never became a CHECKED IMPORTANT update b/c it was supposedly rolled into KB3185330 (the Security Monthly Quality Rollup). The UNCHECKED OPTIONAL are not for general installation. Only the CHECKED IMPORTANT patches should be used. Do not understand why you installed it.
-
T
Guest -
poohsticks
Guest -
poohsticks
Guest -
T
Guest -
poohsticks
Guest -
poohsticks
Guest -
poohsticks
GuestI don’t let anything update automatically, if there is a user choice in the matter.
If one is a careful person, given how corporations often let us down and make mistakes in their products and services, not allowing auto-updates is often the better road to take.
I am good at keeping on top of the Flash updates. In fact, in the immortal words of ‘anon’, “I said it first” here this week about the new Flash update being available.
😉 -
Bambinoo
Guest -
poohsticks
Guest@T,
When I was brushing my teeth this morning, I idly thought back to what I had seen yesterday on Susan Bradley’s Excel sheet of Windows Updates —
She wrote that the .Net update has a security-only patch that is only available in the Update Catalog,
while the .Net update that is offered in Windows Update includes non-security and security patches,
the distinction of which I hadn’t even noticed at the time that I was glancing over her Excel information.
(I don’t even know what .Net is, so I don’t pay it much attention,
besides knowing that it gets updated once in a while,
and always bearing in mind how Brian Krebs the security researcher is always so nervous about .Net updates in particular — which he reiterated a couple of weeks ago on his blog.)When I put 2 and 2 together this morning, I realized that this is probably what you had been talking about, regarding .Net!
I actually logged into AskWoody this lunchtime to tell you that I *finally* understood.
🙂—-
I agree with you, it does make sense to go “security-only” for everything where a “security-only” patch is given as an option, if one is trying so hard to avoid non-security patches.However, it also makes sense not to worry that much about the non-security aspects of .Net, if people think that .Net is so narrow in focus or benign-by-nature that anything non-security that Microsoft would add to it would be harmless.
Every individual patch that people have to get from the Update Catalog introduces another layer of effort and potential confusion, which is another argument in favor of having most people get .Net from the automated Windows Update.
However, there might be a bit more safety and not much extra work in going “security-only” all the way through, so if I do go into Group B in the future, I will probably try to obtain the Update Catalog’s .Net security-only version for my computer.
(However, there are several .Net versions out there, which were offered to me as “optional” for my computer in the past and I chose not to install them, and I would want to be careful that I didn’t apply the wrong Update Catalog patch for my computer’s .Net version.)====
====
For people who have not seen it, here is the
Susan Bradley Excel file on Windows Update:
https://onedrive.live.com/view.aspx?resid=C756C44362CD94AD!2257&ithint=file%2cxlsx&app=Excel&authkey=!AIOQkIu7flF7lPEThat link automatically pops up on the August worksheet, so go to the tabs on the bottom of the page and click on the October worksheet(s) to see Susan Bradley’s information for the current month.
-
poohsticks
GuestHa ha, I am so overboard with the space I’ve given System Restore! But it gives me comfort.
When my computer was new and misbehaving terribly, I decided to use system restore and I discovered that the computer didn’t have ANY points saved (the system restore was messed up in my new Lenovo from the start, along with other big things, and the machine was silently deleting every restore point soon after it was created — a genuine error in the way the machine was configured, and this was one reason that I had to reinstall the whole ball of wax from the “factory disks” soon after I received the machine from its factory in China — and the way it was configured after the “factory disks” were installed looked much different from how it was configured supposedly straight off the assembly line of the factory, which I found contradictory, but that was a good lesson for me),
After I got the computer behaving somewhat normally, I increased system restore’s maximum space by a large amount! But I had the extra space for that.
-
poohsticks
GuestI have a question about Office —
Re: “The Group B folks still need to update Office… Doing so through the Update Catalog would be a Herculean task.”
On Susan Bradley’s Excel sheet for October (the non-Windows-10 sheet),
starting in row 204,
she has the new updates/kb numbers listed for Office 2013 and 2016,
but there is nothing listed on her sheet for my version of Office, which is Office 2007.Am I to assume that Office 2007 didn’t get updated this month,
or
are there Office 2007 updates contained in different October patches which cover other things as well and thus have different titles?—-
—-
For people who aren’t familiar with it, this is Susan Bradley’s spreadsheet of Windows Updates:
https://onedrive.live.com/view.aspx?resid=C756C44362CD94AD!2257&ithint=file%2cxlsx&app=Excel&authkey=!AIOQkIu7flF7lPE(The link takes one to August; select the October tab(s) along the bottom row to get to this month’s information.)
-
poohsticks
GuestThat issue was addressed by Woody a little higher up on this page, in answer to another poster’s question about it:
-
poohsticks
Guest -
poohsticks
Guest -
abbodi86
Guest -
abbodi86
Guest -
abbodi86
Guest -
Walker
GuestJust to verify about the “NEVER CHECK”. It’s my understanding that you can have it set at that, and when you’re ready just run “check for updates” and it will show what’s there.
I’m in no hurry to “try” anything at the present, however when you mentioned the “NEVER CHECK” I wondered if you had it set at that BEFORE you did the “check for updates”.
I just want to be certain of “everything” I can before I make any moves. I’m happy for you that everything went without a problem. I’m sure you are more computer literate than I am!
Thank you for posting your experiences. 🙂
-
abbodi86
Guest -
abbodi86
Guest -
abbodi86
Guest -
Just Sayin’
Guest -
TonyC
GuestSorry, I’m confused. In Woody’s InfoTech article, he writes “Group B, Step 7. Under “important” updates, you’ll likely find “Security and Quality Rollup for .NET Framework” — which you probably want,…”. Surely, if you are in Group B, you will probably NOT want the Security and Quality Rollup for .NET (KB3188740). Instead, you will probably want the Security Update for .NET (KB3188730). Yes/No? (The KB article numbers are for Windows 7.)
-
woody
Manager -
TonyC
Guest -
woody
Manager -
woody
Manager -
geo
GuestWoody, I think I am in group A but with setting – Check my updates, let me choose whether to download and install them. But I did not check the box – Give me recommended updates the same way I receive important updates. With this setting how would that different than your group A? What patches if any will be missing?
-
abbodi86
Guest -
zero2dash
Guest -
Canadian Tech
Guest -
ch100
AskWoody_MVP -
ch100
AskWoody_MVP -
ch100
AskWoody_MVPCorrect. There were issues in the remote past with KB3020369 and Woody raised alerts at that time, but it was largely due to “botched” systems as abbodi86 says. Some users may not consider certain configurations as botched, but if they are not following the specifications, they are botched by definition, even if those configurations are caused by Intel, Symantec, Avast or other software and hardware manufacturers which otherwise have decent products.
Let’s not forget that it is not the end user who designed the OS, they are users supposed to follow the specifications like for any technical product. -
ch100
AskWoody_MVP -
ch100
AskWoody_MVPI think in few months, or maybe sooner, this will be resolved and the missing bits from the Security Only will be rolled into the Security Monthly. I also think, which I stated few times here, that the Security Only is a broken concept and designed only to facilitate the transition by not scaring users, who until now have been doing only Security updating, because this is what comes up in MBSA and related tools and it is also the generic Government recommendation as minimal – there is no recommendation or suggestion to not install everything else.
-
ch100
AskWoody_MVPNothing new and Woody deserves a lot of praise for it, otherwise most of us would not be here.
Those who are pleased with Woody’s work, please support this site.
The issue is that from now on it will be a lot more complicated! If Woody is ready to take on board the impossible challenge, I say go for it! 🙂 -
ch100
AskWoody_MVPDownload and install everything that comes on Windows Update when MS-DEFCON changes to 3 or above rating on top of this page.
Do not select what is unselected and do not unselect what is selected.
It is simple, and totally in accordance with Microsoft’s specifications.
The value added by Woody’s recommendation is that he monitors the various patches for known problems and tells you not to install potentially defective patches, which is big deal. -
Doc
Guest -
Old Dog
Guest -
ch100
AskWoody_MVP -
wdburt1
Guest -
ch100
AskWoody_MVPIt is not. You create your own problems by over-analysing.
Just use Windows Update when MS-DEFCON changes to 3 or above and everything will appear extremely clear to you.
Forget the Microsoft update Catalog or https://technet.microsoft.com exist, they are for system administrators only and just interesting reading for anyone else. -
JDeC
Guest -
ch100
AskWoody_MVP@Anonymous When you purchased Windows 7 you didn’t analyse in detail what came built-in with the system and there are a lot of components built-in about which you didn’t know then and don’t know now.
To claim now that updates are imposed by Microsoft to suit their purpose is redundant.
Stop using the system if it does suit your purpose or stop updating and assume responsibility for what may happen. -
Anonymous
GuestI agree with your observations regarding sustainability of a Group B updating strategy. But, MS has in fact provided the security only manual monthly update as an option. Inasmuch as the purported purpose given by MS for adopting the cumulative update approach was the reduction of patch fragmentation, the availability of the security only update seems somewhat at cross purposes. I am coming to view the Group B approach as more of a temporary tactic where one could mitigate zero day vulnerabilities while avoiding a potential known issue(s) in the monthly cumulative patch. However, the longer you extend your time horizon, the more questionable the Group B strategy seems to become. Each user has to make some decisions relative to the potential tradeoffs.
-
Gail
Guest -
Anonymous
GuestYou seem to like to traffic in arguments of “false choice” and assume that because a user cannot know everything about a piece of proprietary software that they in fact know nothing. I do not see as redundant the observation that MS’s recent actions appear to be more aligned with their business purposes that the functional needs and desires of the users. You display the type of attitude often observed in IT administration where the users are deemed to know little and cannot make intelligent choices. You have your opinion and I respect that as with all people but please spare me the attitude.
-
woody
Manager -
James Bond 007
GuestI also have several Windows 2008 R2 virtual machines that are configured to run like Windows 7. As far as I can see, the 64 bit versions of KB3188730 and KB3192391 will apply to them.
If I need to update them in the future, I would also just download the security-only updates to install on them.
-
Old Dog
GuestIt appears that a large number of persons do not consider themselves to have sufficient Technical Skills to be other than in Group A, AND that it is this aspect of the debate that is influencing their choice of group membership (A, B or W).
I suggest – without reservation – that everyone of us are more than capable of doing whatever is required to update our PC’s irrespective of our choice of group or our technical prowess.
Are we really saying that we cannot already download and install new programmes, use complex Photo Editing Programmes or Excel. How long does it take us to learn a new game ? Take your choice, I guarantee that everyone of us uses at least one programme that someone else claims is too difficult to understand. I, for example, have never got my head around GIMP for photo editing, but I daily use lots of others that are equally challenging.
Why? For some, it’s a question of perseverance and practise. Some can download, install and use a new feature very quickly, others take longer. It’s not a technical skill, it is a learning process. It’s no different with installing Updates.
Consider the options – so clearly defined by Woody.
Group A – Essentially, do as before. Let MS download and install your updates. The only change Woody has suggested is that you TURN OFF automatic updating after Windows has done it’s work, between Def-cons. No-one can suggest that this is difficult.
Group B – All Woody asks is that you take some control over your updates. Surely no-one is saying that they still cannot amend their update selection type – Automatic ? Download but …? Check but …?, Never !
Are we also saying that we cannot visit the Download Centre or MS Catalogue and download an update. Seriously ? We are the same people who visit Amazon, or any other site to order a product, but we cannot download an update from MS Catalogue? It takes less than 2 minutes to do so. Visit the catalogue. Woody and others have provided all links. Type in the number of the patch you require – just the number – Do not include “KB”. Click “Download” for your Operating System. That’s it. Finished. Now just install the patch – just remember that WU must first be set to Never, or it will want to search for all other updates. Why not visit the catalogue and explore ? You don’t have to download anything, just explore and see what it offers. Try navigating to the “Package Details” to find what patches are replaced by the patch you are interrogating. Please remember that “replaced” does not necessarily mean “superceded”.
Woody and others have rightly said that there is additional hassle for those who wish to update Office., but they have all issued simple instructions on how to proceed. The same for Net Framework patches. For those who have never downloaded updates before, it’s just something new. It’s just a little different. Do it once, and you will wonder what all the fuss was about. Do it once, and then say that you don’t have the “Technical Skills”.
Group W – No skills required. Just get on with the other things you enjoy doing – and remember that with no new features being issued (for 7), all updates are fixes for faults still outstanding from previous updates (and there are far too many of them !), or genuine security issues (of which I would suggest a large number are associated with Internet Explorer).
Possibly of interest to some, I’m group W, I still run 2 XP and 1 Vista as well as my Win 7 machine. Haven’t updated any but the Win 7 in years, and even the 7 machine has had no security patches for IE 11 (which I still use) since January 2016. I have no issues.
Please remember, you do require a level of “Technical Skills” for performing many tasks on a PC – registry modifications, for example, but downloading Updates requires no skill, just a little knowledge, and for those who think they don’t know, just LISTEN to Woody. He wont let you down
So my message is: Think carefully before saying “I’m group A because I have no Technical Skills”
-
Glenda Hewitt
GuestAt the moment I am in Group B. Not really worried re snooping (everybody does this) but about getting a faulty patch and not knowing how to fix is my problem. Reading lots of posts on here and the recommendation of many is that one should really be in Group A if a computer novice. Would that be a fair assessment.
-
James Bond 007
GuestIf that happens in the future, I would just abandon that month’s security update. It won’t matter so much as the security-only updates are not cumulative.
In fact, I find that two of the updates that causes problems in September, namely KB3175024 and KB3185319, have been superseded by this month’s security-only update. I did not install these two updates on any of my computers in September, and there has been no problems. I believe I am justified in adopting this “Group B approach with occasional Group W” policy at this time.
I don’t care if I miss some security updates using this approach. In fact I am more than happy to completely stop installing updates if the situation becomes untenable.
-
Daubie
GuestI play an air combat flight simulator that comes right out of Moscow, Russia and it is Windows only friendly. My downloads of purchased products are downloaded over the Internet. Before my initial first time purchase I was not sure of me being in USA what the legality issues were / are. I called my NY State Washington based Senator’s office for advice. They said no problem. But I bet Federal people are looking over my shoulder from time to time. So Windows’ snooping concerning just advertisement does not worry me at all. I usually ignore the hard sell people anyway.
October’s patch roll up? I may just pass this month and wait and see.
-
T
GuestI completely disagree and would have to ask where you have been for the past year. You don’t seem to understand that people’s trust in microsoft has been utterly destroyed because of their malware like tactics. I’m glad you are willing to accept everything microsoft shove down the update pipe but please don’t act like an apologist for their bad practices. It’s not over-analysing anything, it’s simply being a windows user in 2016. November’s rollup is about to get a heavy dose of telemetry and that is NOT going on my system so i’ll stick with the security only updates, thanks.
-
Jussi
Guest -
Randall
GuestWoody
Is there a Win Update speedup trick for Win 8.1?I’m in group B. Did the download Security update as you suggested. Now running Win Update to get the .Net and other stuff, and it is still just “checking” almost 2 hours later.
I did the Win 7 speedup last month on a different PC, but those patches all say “Win 7” so I wasn’t clear if I should try them on Win 8.1
Thanks
-
woody
Manager -
woody
ManagerYes, that’s definitely a fair assessment.
You’ve read the instructions for Group B. If those look like Greek, you definitely belong in Group A.’
Faulty patches are a different kettle of fish. By delaying patching for a couple of weeks, and watching to see what problems arise, you can usually avoid the bad patches. That’s what MS-DEFCON is all about.
-
lizzytish
AskWoody LoungerWalker….I readily admit that I am NOT that computer literate….. but over the years one learns a certain amount…….. and I tell my friends…….. that after your sons and daughters leave the nest…..you buy a computer! (variation of a line from Fawlty Towers) Getting back to your question about “Never Check”……. I did have it on “Check for updates but let me choose whether to download & install” as I wanted to see what was on offer. After I followed Woody’s advice to find and install the required Security Patch I looked at WU and unticked the ones I didn’t want and installed the ones I wanted. Which was the .NET one and 3 2007 Office ones. After that was done I went back to WU and found the ones I hadn’t installed were sitting there all ticked….. that was in the Important update section. It was then I changed my settings to NEVER CHECK….. and they all disappeared! (which of course was to be expected……… but still nice to see that they weren’t nagging me to be installed.) Think I will nearer the time for the next Tuesday Patch switch it back to “Check for updates but let me choose to download and install” as I will be curious as to what is offered me. After the discussion about MSRT I did NOT install it this time as I feel I do not need it and it seems to be causing a bit of snooping. But I didn’t look at the Optional section which I had previously made a note of and
they were to do with Journal and removal of GWX and a couple of other ones……… which reading
the comments here and on other posts seems that when MS considers them to be important (and bug free) they will turn them into Important, which is when I may consider installing them.BTW I checked my System Restore points and I find I have 2 listed for yesterday – when I did those 2 separate installs – one for the Security and the other for the .NET & 3 office updates! (I read think it was Addobi86 said that no system restore point is made when manually installing.) So as Manuel in Fawlty Towers says…….. “I know nothing!”
I realise that this journey of ours in Group B will have lots of detours and roadblocks along the way……….. but for the moment seems to be bump free for me anyway…….. but of course we will see…….. won’t we!!! One thing at a time……. small steps and all that!!!
Good luck to all! LT -
prk280
Guestabbodi86 – Using Windows Update I have installed in the order listed below the following updates:
KB3172605 – July rollup
KB3179573 – August rollup
KB3185330 – October rollupI did not install KB3185278, the September rollup, before it “disappeared” from Windows Update and was rolled into the October rollup. I have not installed any of the security-only updates.
Thanks for again providing a reminder that mixing monthly rollups and security-only updates can cause Windows Update to behave in a confusing manner.
-
To Each His Own
Guest -
Jake
Guest -
KW Guy
GuestMy Win 8.1 box has been hit full bore with the WU scan forever problem. It’s actually worse than what I experienced with Win 7.
I can’t get to WU manually (I’m set to “never” check). The problem is caused by the 8.1 Flash patch.
I’ve tried to install the Flash patch from the MS Catalog, but can’t because the .msu launch results in the “checking for update” scan that doesn’t end.
I followed Woody’s instructions to stop WU Service (realizing that they were intended for W7), but when I get to the final step, I only have the option to START the service, no stop link indicated.
So, I’m stuck. Any suggestions…Please! Would installing the July and/or August optional rollups (3172614 and 3179574) help? (If I can get there!)
Just when ch100 convinced me that Group A was the way to go, I can’t get there!
-
ch100
AskWoody_MVP -
Old Dog
Guest -
abbodi86
Guest -
Lily
GuestHi Woody,
I have a Win7 Home Premium 64 bit computer that I haven’t updated since July. I know – not a good idea, but for various reasons, I haven’t done it.
My question – if I class myself in Group A – is it safe to now just go ahead and enable Windows Update to get whatever is now needed? I have mine set to “Never” and I know that there have been many that I have missed over the last few months.
Is there a Win 7 speed up patch that I need first, or will it all be fine if I just run Windows Update now?
Thanks!!
-
TonyS
AskWoody PlusI am looking after two third party machines (both Win7 x64) which I have consigned to Group A. Everything installed ok and only optional patches remain.
On my own two machines (one W7x32 and one W7x64) I have installed the Security Only patch KB3192391 and a separate .NET patch, but the Quality Rollup patch KB3185330 remains in WUpdate, whilst in Secunia there are also entries for .NET 3 and 4, IE11 and Silverlight 5, all quoting the same QR patch.
Anyone else seen this or otherwise able to comment, please?
Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF. -
woody
Manager -
woody
ManagerShort answer is, yes, if you’re OK with Group A, you should get everything installed. Use the procedure I wrote about
and only install the checked updates.
Yes, there is a speedup trick, and I wrote it up in great detail for InfoWorld. I see that the article is scheduled to publish early Monday morning. So wait until you’ve had a chance to read that article before you slog through an install.
-
TonyS
AskWoody Plus -
woody
ManagerI’m having a horrible time answering each post individually. We’re now getting hundreds a day – some of them pontificating, but mostly from people with real questions, real problems, differing observations and experiences.
Which is why I’m up at 6:30 on a Saturday morning answering posts. 🙂
I’ve toyed with the idea of changing over to a forum format, with moderators and user-started threads, but I don’t want to lose the “feel” of the site.
-
woody
Manager -
wdburt1
GuestPersonally, I can see some advantages in the forum format, if you can find a way to stay in the middle of the discussions as the moderator. Worthwhile as this blog is, a thread as active as this one presents the reader each day with a new page of comments, while previous discussions appear on one of the “older comments” pages–but which one?
I can see how it must be driving you to distraction.Digital Photography Review has a pretty good format, switchable between “threaded” view and “flat format” view, with info re the last post and time of that post, and a quick way to check for replies to one’s own posts. DPR is lightly moderated (a source of complaints by users reacting to abusive posts) but some moderators participate in the threads.
-
Frahaleah
Guest -
woody
Manager -
woody
Manager -
PKCano
Manager -
Lily
GuestThanks Woody!
I’m not so much “OK” with Group A as feeling that I’m pretty far behind in getting updates, and not sure if being in Group B will allow me to get everything I need at this point.
I will look for the speed up article on Monday and go from there.
Thanks again for the advice!!
-
Lily
GuestThanks Woody!
I’m not so much “OK” with Group A as feeling that I’m pretty far behind in getting updates, and not sure if being in Group B will allow me to get everything I need at this point.
I will look for the speed up article on Monday and go from there.
Thanks again for the advice!!
-
RCPete
GuestI updated one Win 7 machine last night, and the other this morning. Both machines loaded the Group B security update with no problems, and both did fine for searching.
However, last night, it took 2 hours to download the 32MB(!) update, while the bigger update this morning (44M, still have Silverlight on that machine) took about 10 minutes. The security-only update (79MB) took several seconds to download…
I don’t know if the WU servers are getting clobbered by Win 10 updates, or if MS found a 486 server from the scrapheap for Win 7 updates. I hope it was the former.
-
Elly
AskWoody MVPIt isn’t over-analysing anything, even though I’m not a system administrator. It isn’t just interesting reading. Privacy is important to protect and worth the extra effort to maintain. I’m not messing up by choosing to be group B, but continuing to protect myself from Microsoft. That I shouldn’t have to, is true. But Microsoft is the one at fault and causing the problem. I understand how not following their protocols can cause problems. But they could solve that easily by providing working privacy settings (and any telemetry should be opt in). I would pay the extra money to have a system that is private and not being harvested for data. That is of value to me, as a customer. Microsoft clearly doesn’t want me as a customer, and has violated my trust in their products. That means I will not support or buy products that are solely for Windows in the future. I am going to protect my current computer for as long as possible, and I treasure Woody’s help. Ch100, you give wonderful, detailed information… but the reason I love Woody is that he informs me so I can make the best possible choices given my values and knowledge. Non-techy people can understand their choices… and do want to have a safe and reliable machine, even if it is their one and only. For me, right now, that means security only patches. If Woody didn’t lead me through the more technical aspects of obtaining them, I would be group W. Shame on Microsoft for making so difficult and shame on you for not respecting those of us who are not technically trained. I’m not trying to have privacy because I’m into illegal stuff. I believe in privacy as a human being. More of us need to be following group B… I’m encouraging my family and friends (with their computers backed up) to follow it too. If enough people did it, Microsoft might pay attention, instead of disregarding us as an unimportant minority. When I explain that the telemetry is in the updates… well, I haven’t found one person who wants it. Other than being in groups B or W, how can it be avoided? Clearly Microsoft Update Catalogue is for us, the non-techie people… unless you have another way to provide the essential privacy and security?
Non-techy Win 10 Pro and Linux Mint experimenter
-
ch100
AskWoody_MVP -
woody
Manager -
Canadian Tech
AskWoody_MVPSorry to have to disagree with you Old Dog, but in the real world out here, the vast majority of Windows owners (I purposely used this word instead of users) think of their PC no differently than a potato peeler. It is just there when they turn it on. They use it to read and send email and occasionaly browse the web for something a friend told them about. Some use it only for Facebook.
Those people don’t even know there is a thing called Windows Update there or what it does or when.
When it (the potato peeler) doesn’t do what they expect it to do, they ask their nephew or cousin to “fix” it. Anybody who knows PCs knows where that leads to.
CT
-
louis
GuestWhat happens if a user is still on IE9 and wants to update with the Security Only Update for October? I saw that you mentioned MS has included IE updates into the Security Only Update whereas originally it was to be a separate update.
Will the October Security Update ignore IE9 or will it attempt to install IE11? Or, don’t we know exactly what will happen? Anyone?
Thanks
-
woody
Manager -
Xi
Guest -
woody
Manager -
Old Dog
GuestCanadian Tech,
Your response is much appreciated. I agree that many, many people do consider their computers as just a tool to take out of its’ box, use it and then put it back. In fact, why shouldn’t they ?
My post was addressed to the contributors and readers of AskWoody – whom I do not believe fit this description. They actively participate in these discussions and obviously do care about the issue of Updates and Telemetry.
If my post convinces just one person to better understand how they can control Windows Update, I will be quite content.
-
Seff
GuestJust to report that on my secondary machine (which I always update first, both being W7 x64 Home Edition desktops), which I have set to “notify but don’t download”, I have now installed the October Important updates.
Although both KB3188740 (.Net Framework) and KB3185330 (security rollup) appeared initially, by the time I installed them the latter had disappeared only to reappear after the former was successfully installed. After KB3185330 had also installed successfully I was offered KB3177467 (service stack) and that also installed ok.
Both optional updates KB 3193713 (Silverlight – no longer present on my machines) and KB3192403 (Preview) remain hidden along with the September MSE update KB3193414 (due to the removal of the right-click scan option).
Assuming this machine boots up and runs ok tomorrow then I’ll unlock the “Never uodate” setting on my primary machine and install the updates as offered.
Thanks as ever, Woody and fellow commenters.
-
abbodi86
Guest -
abbodi86
Guest -
ch100
AskWoody_MVPI think it is like Woody says. There is a possibility that at some time later, the patches will stop working entirely. However this would go against Microsoft’s global intentions to have most systems patched at best as they can, so it may not happen at all, nobody outside of Microsoft knows.
Related to your question, do you have any particular reason to prefer IE9? That version was a poor version, a transition one I would say, while I think the best version ever released was IE10. Unfortunately all versions older than IE11 tend to be working with less and less sites. -
ch100
AskWoody_MVP -
Xi
Guest -
walker
AskWoody LoungerLooking at the instructions on Infoworld of Oct. 27. I have a question about having the updates set at “NEVER” and trying to follow the procedure set forth in InfoWorld.
When I go to the Win7 update history page, the information is there, however when I click on KB3192391 nothing happens. Do I need to turn “NEVER” off and return to “Check for updates but let me choose whetehr to DL & install them”?
I also noted that in the instructions for Group B, Step 5 in Group B references “Group A”. Thinking that is just a typo (?).
I’m so backed up on e-mails from the various discussions I don’t know where to try to find an answer.
I’m confused as there is no reference to the settings I should have on the “updates” before I try to get this Security Update. I would like to get started as soon as possible.
So far I’m only seeing ONE “Security Update” which needs to be installed, however I need to try to get caught up with all of the e-mails to see if there are anymore changes.
I need help desperately to get things started.
Thank you. 🙁 -
walker
AskWoody Lounger -
grayslady
GuestAs part of the Group B contingent, I just wanted to thank you for your step-by-step instructions. Strangely, when I turn off notification of updates, Windows tells me that there are no additional updates, even though I know that there are. Anyway, I’ve set Windows Update to notify me of any updates but not to do anything about them. I’ve also found that, under Services in Administrative (under Control Panel), I need to set Windows update to Manual in order to let any updates load without searching endlessly for updates. I do have all the necessary updates that are supposed to speed up the process, but unless Windows Update is set to Manual they don’t work as intended. Don’t know why that is. Anyway, thanks again for walking us through the procedure. Please continue to include this as a monthly feature for those of us in Group B.
-
woody
Manager -
woody
ManagerYou don’t need to catch up on any of the posts here. Just pick Group A or Group B, and follow the instructions in the article. That’ will catch you up with everything you need.
Do you see the list shown in the article, in the screenshot? Click on the KB 3192391 link, per the instructions. What happens?
Yep, that’s a typo. Should be Group B Step 5.
-
RCPete
GuestThis was from Windows Update. The Update Catalog (Security Only) took about 10 seconds.
The rest was .Net, MSE and the MSRT. Not much data, but bog slow.
Friday Night: 3 updates, 32M 2 hours
Saturday AM: 4 updates, 44M 10 minutesI’ve had slow Windows Update downloads, but Friday’s reminded me of my dialup days. I got a couple of timeout errors on Friday, too.
-
poohsticks
GuestThank you Woody.
I saw on the link you provided that Office 2007 does have some updates in the latest PU “Public Update”, which is KB3194160 for October, and which appears to include updates for all years of Office.
Then it says, “For general guidelines about installing updates for a specific product, see the links in each version row.”
I clicked on the row for Office 2007 and was taken to this page: https://support.microsoft.com/en-us/kb/3194160
On that page, it says for Office 2007 there are 3 KBs:
“Word 2007 MS16-121: Description of the security update for Word 2007: October 11, 2016(KB3118308)
Office 2007 MS16-120: Description of the security update for 2007 Microsoft Office Suite: October 11, 2016(KB3118301)
Office Compatibility Pack Service Pack 3
MS16-121: Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: October 11, 2016(KB3118307)”—
My question:Would updating my Office 2007, for October, manually from the Update Catalog, be as simple as hunting for those 3 KBs in the Update Catalog and installing them directly?
Or would it be likely to cause problems because I didn’t go through Windows Update?
-
walker
AskWoody Lounger@Woody: Thank you so much for the clarification. Yes, I see now the steps more clearly which I need to follow. I hope to get this done before November 1st, as I don’t know what’s going to break loose by then (hopefully “nothing”).
I am having vision problems, and that is part of the trouble. I must slow down and read everything several times to be sure I don’t miss anything.
THANK YOU so much for your help. As we all say “YOU ARE THE BEST”!! 🙂 🙂 🙂
-
walker
AskWoody Lounger@poosticks:
I agree with “Just Sayin’ 100%!! You are absolutely outstanding in every respect. You are not only knowledgeable, but have a wonderfully warm and common sense approach in all of your posts, which I always look forward to reading. Hope you will SOON get some relief on that bad patch which creates such a serious problem for you. I admire your knowledge and tenacity. Please don’t give up.
I wish you the very best of luck with that. You are an inspiration to all of us!! 🙂 🙂 🙂
-
GoTheSaints
Guestwoody, changing over to a forum format in my opinion, would be a good move. Wouldn’t it save you time having user started threads?
Who would be your moderators? My suggestion would be the many shining lights we see here (of course only if they wanted to as it is so time consuming) if that is what you meant. There are so many (experienced) posters on this blog from around the world there would always be someone online to ensure the “rules” (even though I haven’t seen any heavy handedness from you) would be followed.
You wouldn’t lose the “feel” of this site, after all it is because of you many people come visit AskWoody every day because of your honesty.
gts
-
woody
Manager -
woody
Manager -
woody
Manager -
poohsticks
GuestHaving more of a forum setup here would be SO great.
It would make it easier to follow all the wonderful advice and input that are newly posted daily on many different topics, and it would make it much easier to search for and retrieve information from past threads.
If you needed more hands on deck for the backend administration of a forum (even if you still wanted to approve all posts yourself, and remain the sole external “voice” of the operation, in order to keep the quality high), maybe you could get some rotating, part-time “interns” from a local university/college and give them some real-world experience and a nice entry for their resume, while benefitting from some inexpensive labor. Or advanced high school kids. (Not sure if any of that would be feasible or practical.)
-
poohsticks
GuestIn terms of keeping the prior blogposts and comment threads available to site visitors,
maybe you could have a searchable “Archives” section that reproduced every historical blogpost and the discussion thread that it inspired, but not allow any new posts to be made in the archive section.
-
poohsticks
GuestMaybe you could start with a basic one, nothing fancy, and see how it goes.
And keep the present WordPress format in the wings, if going to a forum structure didn’t work out.I’ve been a member of a few forums that were rudimentary, looked off-the-shelf and inexpensive to set up, and were mainly started/run by 1 or 2 people. Perhaps they had 30 to 100 registered members, with a few “guests” lurking around. They were not the most visually-exciting places, but they got the job done.
But I don’t know what the costs are like – would having a forum require spending a lot more per month on site hosting/server space/data conduction (or whatever the appropriate concepts/terms are)?
-
poohsticks
GuestI am in no rush to try this, as I want to wait a month before deciding whether I’m in Group B or Group C/W and before doing any patching, to see how it goes for other people,
but if anyone else decides to update their OFFICE 2007/2013/2006 product in this way, manually through the Update Catalog, I’d be interested in hearing their experiences with that.
-
Randall
GuestI think the exception for IE security updates is when you get out of band Flash updates and use IE11 where it is embedded.
So this time the Security only rollup did not include the latest Flash fix for IE11, which is why Flash showed up as a separate line item after running Windows Update
-
Randall
GuestThanks. Will try that next round. It took 3.25 hours but Win Update finally completed on my PC last night and I was able to get the other Group B items.
I think the slow problem comes when there is a Flash update for IE. In the past I had better luck by first installing the IE11 and Flash updates, then doing a check for Win Updates – but this time there was no Flash update already listed in WU until after I ran that long check.
-
woody
Manager -
abbodi86
Guest -
Jay
GuestAdding my thanks too, for the Group B guidelines.
It looks like we manually grab the Security-Only KB once a month now? (Plus any small .Net type patches that we let WU tell us about.)
By manually, I mean find out here. I suppose we could watch the update catalogue for the phrase “Security-Only”.
-
George L
Guest -
Dianne
GuestWoody
Thank you for your article and help. I am in group B, for now. I followed your instructions in the Info Article on all 3 computers.
2 did just fine, but the 3rd one, not so much.
It is Win 7 Pro- 64 bit. I did the security KB3192391 as you said. Restarted. Now I am checking for the .Net and Office security patches. It is still “checking for updates” is your article on Monday going to address this stuck on “checking for updates” for the Group B folks? Or what should I do? -
bjm
Guest -
walker
AskWoody LoungerMy apology for being so late in responding to your very kind and encouraging message! I enjoy the comments from you and poosticks both so much because I can certainly relate to them. I am definitely “non-techie”, just trying to keep my head above water (not to mention the alligators!).
Good reminder to set the System Restore points before manually installing. Also a good reminder that the MSRT appears to not be “secure” either. Updating is definitely nothing like it was intended to be when I purchased my computer. What wonderful days those were!!
Good luck to us all, and (hopefully) eventually things will improve. We just need to “hang in there” and keep our morale up. thank you for your reply!
🙂 🙂
-
woody
ManagerSee
https://www.askwoody.com/2016/reported-problem-with-kb-3161102-the-windows-journal-zapper/
and
https://www.askwoody.com/2016/mysterious-re-release-of-kb3150513-on-windows-10-no-less/
3181403 is a servicing stack update – go ahead and install it
-
woody
Manager -
woody
Manager -
woody
Manager -
DonInBoise
GuestHi Woody,
I believe you may already be aware, but in case not, the INFOWORLD article about this has Group A steps and Group B steps. I think a typo exists in Group B step 5. It says, “Group A, Step 5” when I suspect you intended “Group B, Step 5.” Readers probably assume this, but just mentioning! Grateful for your dedication to all of this complexity!! About to jump ship and become a Group A person as it is all getting a bit too complex for my weak brain. -
Joe Friday
GuestRE: Vssadmin to expand shadow copy space.
Linked article advocates disabling Vssadmin.exe by renaming it because of ransomeware attacks.
http://www.bleepingcomputer.com/news/security/why-everyone-should-disable-vssadmin-exe-now/
Thought it might be of interest.
-
walker
AskWoody Lounger@Woody &Jussi:
Any recent information on the KB2952664?
Last information I noted was on InfoWorld on October 10th and it was listed as “uninstall” along with KB2976978, KB3150513, and KB 3021917. I don’t have the CEIP insofar as I know. I have at least the KB 2952664 installed, however haven’t checked the others yet. Win 7, x64.Thank you for any current information you may be able to provide on these. 🙂
-
walker
AskWoody Lounger@Woody: Group B, looking at the Oct 27th directions. I do not see the direction to “turn automatic updating off”. Win 7, 66x.
I would like to move forward with getting the KB3192391 installed, however would like to verify if I do need to “turn automatic updating off”.
I know how busy you are, and I sincerely apologize for adding to the workload.
Thank you for all of your help, as always, and I apologize for sending an e-mail about this as well. Thank you for your help, it is always appreciated more than words can say. 🙂
-
walker
AskWoody Lounger -
anony
GuestHi Woody,
Many thanks for all your wonderful advice. I’m in group B with Win 7 Pro 64-bit. I installed the security only patch (KB3192391).After reboot saw and installed KB3188740 (.net roll up), KB890830 (MSRT), and KB3193713 (Silverlight security). However I also saw KB3185330 (security quality monthly rollup) and KB3177467 (service stack?), and neither download nor installed either of them, as KB3185330 is for Group A (as I recall you noted?), but it’s unclear what to do about KB3177467 (which in ‘googling’ seems to indicate it can cause problems?).
Should Group B with Win 7 64-bit be downloading/installing KB 3177467? Thanks in advance for clarifying.
-
geo
Guest -
woody
Manager -
woody
ManagerThat’s the servicing stack update.
Over on the My Digital Life forum, ch100 says:
Strictly speaking yes, KB3177467 is the only one required.
However, there are known issues with the detection for KB2533552 which Windows Update “thinks” that is needed after installing KB3020369. To keep it happy, you just tell it to install, WU probably sets a flag somewhere in the system and becomes quiet, although there is no installation as such.
I heard, without experiencing it myself, that KB3177467 might need more work at MS, so in the mean time KB3020369 might still be needed.According to the KB article:
After you install update 3177467 together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck on “Stage 2 of 2” or “Stage 3 of 3”.
If you encounter this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.
Personally, I wouldn’t install it just yet. Abbodi notes that it must be installed all by itself, with no other pending updates, to avoid the “Stage 2 of 2” problem.
ch100, abbodi86, any better advice?
-
woody
Manager -
AJ North
GuestGreetings Woody,
After following the Group B recommendations on four different Win 7 Pro x64 machines, the Secunia PSI scans on each report the same deficiencies:
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
Microsoft Internet Explorer 11.x
Microsoft Internet Explorer 11.x (64bit)
Microsoft Windows 7
However, scans by the Belarc Advisor (which I take as the Gold Standard) yield a 100% rating for each machine.
I know that Secunia were purchased by Flexera not too long ago, but they are still offering the Secunia PSI (version 3.0.0.11005, released February 2016), so I am assuming that its database is being maintained. Any thoughts on this discrepancy?
Thanks!
-
walker
AskWoody Lounger -
dgreen
Guest@Joe Friday…Thanks for the link re Vssadmin.
Windows 7 64 bit here. Group B
Regarding the 3177467, (service stack)
I did download it with no problem. It was listed as important, also listed as a “critical” update I think in the catalog or somewhere????
The only thing I did not do is the Malicious Removal Tool. Haven’t deceided if it really is beneficial to do so. -
lizzytish
AskWoody Lounger -
prk280
GuestRe: Windows Update setting “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.”
I learned the following yesterday. Someone may find this helpful.
Unchecking the box next to the above referenced setting on the Windows Update “change settings” page causes the box and the setting to disappear. To obtain updates for non-Windows Microsoft products and software after unchecking the box requires clicking a link on the main Windows Update page that, as best as I can recall, says something like “learn how to obtain updates for other Microsoft products.” If a computer’s default browser is Chrome, clicking that link opens a Microsoft page that has some words and pictures about Windows Update but nothing more. Alternatively, if a computer’s default browser is IE11 clicking on the link opens a Microsoft page that asks the user to enroll in Microsoft Update. There are two enrollment options and even the least automatic option causes Windows Update to launch immediately. Quickly shutting down Windows Update allows the user to reopen Windows Update to confirm that the above referenced setting has returned and is checked and to change the update settings to “Never check for updates (not recommended)” or some other option.
-
Gary Karasik
GuestSorry if someone mentioned this–I haven’t read ALL the comments: Woody, there a typo in the InfoWorld explanation of GroupA/B: In the Group B list of steps, it says, “Group A Step 5.” Since by this point we’ve already read the Group A steps and are now reading the explanation for the B group stops, I’m pretty sure it should say, “Group B Step 5.”
GaryK
-
woody
Manager -
woody
Manager -
bjm
Guest -
woody
Manager -
Anonymous
Guest -
bjm
Guestwoody: You’re talking about updating Win10 version 1511, yes?
> Yes.
woody: You should go ahead and install all Win10 patches.
> Meaning all patches for 1511..?
woody: If you’re still on the Fall Update, version 1511, I say stay there until Microsoft gets a better version of the Anniversary Update, version 1607. -
walker
AskWoody LoungerIt’s definitely “my pleasure”! Really enjoyed your message, and it gave me a much needed “chuckle” to end the day.
I’m reaching the point that a lot of us have – – – I’m just “plain weary”, and I’m sure that Woody is hard pressed trying to keep up with it all. He does a marvelous job!
Let’s hope we can all “weather the storm”, and eventually prevail against this *(&^% debacle.
Good Luck to us ALL!
🙂 🙂 🙂
-
ch100
AskWoody_MVPabbodi86 knows this stuff, he is right 🙂
But if you wish to advice delaying it, there is no rush, KB3020369 is still the only one which is required for the current stage of updates.Note: I advice KB2533552 entirely for cosmetic reasons. On 64-bit versions, without KB2533552 Windows Update will believe that SP1 is not installed and will fix the detection regardless by flagging that KB2533552 is installed. abbodi86 proved to me not long ago here on askwoody.com that KB2533552 is entirely overwritten by KB3020369.
Same thing with KB3177467 which entirely replaces KB3020369.
By installing in the sequence which I presented, the risk of failure to install is minimised, otherwise the only one required is KB3177467. -
ch100
AskWoody_MVP -
ch100
AskWoody_MVP -
GoTheSaints
Guest@Walker & @Jussi, read this from Woody’s InfoWorld article from Oct 5:
http://www.infoworld.com/article/3127809/microsoft-windows/detested-get-windows-10-snooping-patch-kb-2952664-reappears.htmlI don’t have 2664 installed as I wasn’t going to move to W10 …and now? it’s one I’m forgetting about – permanently.
Contributor ch100 said a while back that he/she doesn’t see anything bad concerning this patch (but his/her best practice is to install everything anyway :~ ). I’m steering clear of it, however it’s your choice to make.
gts
-
woody
Manager -
Swedra
GuestHow would I go about this if I wanted to make it as simple as possible, while installing only the “essentials”? (I’m in Group “B,1” btw, I don’t care that much about privacy, telemetry slowing down my computer is more of a concern to me if anything), i just want things to work, and without me being a test subject for possibly botched patches and the likes.
1. Check the Windows 8.1 and Windows Server 2012 R2 update history for the relevant file. (I’m using Win 8.1, just for the record.)
1a. Check around the net if there are problems with the relevant Security Only update, and act thereafter.
1b. Install if has been given a green light, wait if unsure.
—2.Check for Updates via Windows Update.
2a. Ignore all the non-program-specific Security Rollups and whatever they are called.
2b. Ignore all Optional Updates unless they are for some reason explicitly relevant to a product i am using (within reason of course).2c. Check around the net for more input on entries in the “Important” list concerning software like .NET, Office, Adobe Flash Player a.s.o., generally installing them unless a web search reveals major problems with one of them.
(BTW, should all “Monthly” Rollups be avoided, or just the non-program-specific ones?)2d. Check around the net for more input on any other entries in the “Important” list, but avoiding them unless they seem relevant and/or critically needed.
—3. If all is OK, install updates, check that things didn’t break a.s.o.
—4. Keep an eye out on this website (and on the net in general), in case the situation changes.
—Have I understood the instructions correctly, or did I miss/misunderstand something?
(I’m sorry if I seem a bit daft, but I’ve both ADHD and Asperger’s, so this isn’t as much about me not understanding as it is about me trying to make sure I’ve understood correctly.)
-
Swedra
Guest -
woody
Manager -
woody
Manager -
Canadian Tech
Guestch100, Interesting statement. I did not realize until just recently that after years and years and hundreds and hundreds of application of MSRT, I can only remember ONE instance that it finding something.
I suspect a reasonably good AV installation is many times more effective. I would advise MSRT to be used only in a case where no AV tool is intended to be used.
-
AJ North
Guest -
anony
GuestThanks for the reply. Woody, if the only two important updates that I haven’t downloaded yet (and hidden for now) are KB3177467 and KB3185330 (the latter being for Group A), and being I’m Group B, aside from not downloading KB3185330, I should hold off downloading KB3177476 svc stack update until Woody gives the ok? Also in layman terms, what is the KB3177467 for? Thanks.
-
bjm
Guest -
bjm
Guest -
KH
Guest -
Canadian Tech
AskWoody_MVP -
Swedra
Guest -
poohsticks
Guest@Canadian Tech,
The email address is still appearing, so perhaps he didn’t realize what you were asking –
You might send him a direct email to:
woody at ask woody dot com====
I agree about the MSRT —
it never found anything bad on my computer,
and it was requiring the hassle of a new legal authorization/permission every time it was allowed to run via Windows Update,
so I stopped using it this past February. -
poohsticks
Guest@prk280,
I recommend not unchecking that line which says,
“Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows,”
but if it is unchecked, and the computer owner wishes to get it back, there are 2 safe and reliable procedures to get it back.Over the years there have been a handful of other procedures published which used to get it back, but they don’t work anymore.
The 2 procedures that still work have been described in the AskWoody.com discussion threads in the past.
One involves editing the Registry, which is only for intermediate and advanced computer owners to attempt,
and one involves an easy but roundabout way to make it show up again which does not involve going into the Registry, and is better for non-techies.About 2 weeks ago, in a recent discussion thread here, someone asked me to repeat the non-techie procedure to get that selection back on the Windows Update settings screen
(this procedure is “safe” in the sense that it will not provoke Windows Update to start running on its own, as you have described seeing happen on your machine),
and that procedure should not be hard to find using the site search here. -
Bill C.
AskWoody PlusI have found it to be OK for Windows up until this October, but ONLY if you use WU or the catalog to do the actual updating. I never use the PSI itself to do any updates, I just use it to let me know, and go the respective websites.
I think as of October the PSI is fixated on the Rollup, so I am no longer using them for Windows, but am still using them for all other stuff.
I also use Belarc. Nice tool for telling you what is missing.
-
poohsticks
GuestAs far as I know, the date of the 1st of the month is not relevant to patching.
The main days where the patching system has important changes are the 2nd Tuesday and 3rd Tuesday of each month.
As long as Woody’s “Def Con” system at the top of the page is showing that patching can be done, and it’s after the last 3rd Tuesday of the month (18th Oct) and before the next 2nd Tuesday of the month (8th Nov), then you should be fine.
-
Seff
Guest -
poohsticks
Guest@Swedra,
For me personally, I think the following two quotations from your post contain great advice that everyone should follow,
in order to see if there are any reports on the wider internet about problems regarding particular patches that show up on our Windows Update list –
maybe they are specific or rare problems which contributors to AskWoody.com may not have personally experienced, so the problems have not yet been reported on the AskWoody.com site, but they could still be problematic for one’s own computer configuration.Your advice:
“generally installing them unless a web search reveals major problems with one of them”
“Check around the net for more input on any other entries in the “Important” list”
At the end of the day, each of us is the captain of our own ship (computer), and the responsibility lies with us to patch with as much care and research that we can muster, every single month.
What works for the vast majority of the population sometimes doesn’t work for oneself (and one’s equipment), and no independent researcher/independent website is going to have immediate knowledge of all the Windows Updating issues that are arising, especially the more rare ones.
—
The fact that complicated Windows Update problems can take several weeks to be understood and widely reported
[and my personal situation of often being in a small % of people who have an unusual experience rather than just having a statistically “normal” life (ha ha) ]
is why I have decided to wait an _extra_ month before I do anything.So I have put October’s patching on hold, and I’ll wait until Woody’s go-ahead in late November for the November Patch Tuesday patches before deciding whether I will try October’s patches on my finicky computer.
-
poohsticks
Guest@bjm,
“Following along here” on this website was the first option Woody gave, and you seem to be able to do that one, since you are here now!
🙂The time of the month when he changes his Def Con rating is typically after the 3rd Tuesday of the month and prior to the 2nd Tuesday of the next month — generally, the Def Con rating to “go ahead and patch is in place during the last week of a month.
If you don’t normally visit Woody’s website (say, on a weekly basis), just coming here once in the middle of the last week of the month to see what the Def Con rating is would generally suffice.
-
poohsticks
Guest -
poohsticks
Guest -
woody
Manager -
woody
Manager -
KH
Guest -
Canadian Tech
AskWoody_MVP -
Canadian Tech
AskWoody_MVP -
Canadian Tech
AskWoody_MVP -
ch100
AskWoody_MVP -
Canadian Tech
AskWoody_MVPch100, Sorry have to disagree. I have had numerous cases of clients who were browsing sites that are normally considered safe and suddenly a pop up warns that their computer is infected and they must call a number to get it fixed. It actually should just be closed using Task Manager, but it traps lots of people. AV software does not necessarily catch this stuff.
Also, the average user (who thinks of their PC as a potato peeler) is just not sophisticated enough to know where not to go or to not click on a link in an email.
AV is there to protect them.
CT
-
ch100
AskWoody_MVPIt is not about speeding-up. It is about few updates which may fail if not installed separately. WU should take care of the sequence, but we are getting back to the subject of users knowing better and installing selectively, which sometimes confuses WU. In such situations, the best way of tackling the issue is to install manually each of the mentioned critical updates, one at a time.
Woody actually enquires about the most recent servicing stack update KB3177467 which seems to create problems for few people and if it can be delayed safely.
The answer is that it can be delayed now, but it will be required soon.
There is a condition though, which is not an issue for most. KB3020369 must be installed in all circumstances for anyone trying to do any update. -
poohsticks
Guest