News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching

    Home Forums AskWoody blog MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching

    This topic contains 455 replies, has 81 voices, and was last updated by  Ed 1 year, 3 months ago.

    • Author
      Posts
    • #181929 Reply

      woody
      Da Boss

      Full details — and there are many — coming in Computerworld.
      [See the full post at: MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching]

    • #181938 Reply

      Demeter
      AskWoody Plus

      Oh-oh. “Victims” sounds especially ominous. I have a sinking feeling and don’t want to screw-up my machine as it’s performing fine now. Awaiting further details on Computerworld. Win 7 Pro x 64 i7-Haswell Core

      1 user thanked author for this post.
      • #182588 Reply

        Microfix
        Da Boss

        That ‘sinking feeling’ as you put it, was my instinct with the news and introduction of Meltdown/ Spectre patches in January. Since then, neither of our W7 systems have been online or patched. My W8.1 system however has since been re-imaged to December 2017 and ALL the systems work well.

        ‘Bliss’ was the name of the default WinXP wallpaper, defaults nowadays are FAR from bliss!

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #181939 Reply

      AJNorth
      AskWoody Plus

      “Fasten your seatbelts. It’s going to be a bumpy night!”

      Or,

      “Don’t open that closet door, McGee!”

      3 users thanked author for this post.
      • #181950 Reply

        Demeter
        AskWoody Plus

        I am now officially as “old as dirt” as I “get” both of your references. Which explains why I stubbornly declined the multiple offers by Microsoft to “upgrade” me to Win 10 when it was a freebie.

        7 users thanked author for this post.
        • #182095 Reply

          GoneToPlaid
          AskWoody Plus

          Same here. And the never-ending months of increasingly botched updates, plus the need to avoid installing telemetry updates, has given me a lot more white hair. The only upside to all of this is that everyone at the office thinks that I look more distinguished.

          • #182596 Reply

            heybengbeng
            AskWoody Lounger

            which one is telemetry update? i usually only install monthly rollup, i should be fine right? kinda new at this updating windows 🙁

            • #182597 Reply

              PKCano
              Da Boss

              Telemetry: Win7 KB 2952664, Win8.1 KB 2976978

              1 user thanked author for this post.
            • #182604 Reply

              heybengbeng
              AskWoody Lounger

              i read this https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

              and woody said that the total meltdown fix bring bug from march updates. is it better to uninstall it? or should i be okay? and about IE patches, do i need to install it too if i never use IE myself?

              btw my update sequence installed so far is January rollup update and KB4100480. (is this okay?)

              i didnt install february/march rollup so far

            • #182685 Reply

              Elly
              AskWoody MVP

              Hello heybengbeng,

              Welcome to the Lounge. It sounds like you are doing Group A updating, on Windows 7, last having updated with January patches. The January patch had the Total Meltdown bug included.

              The usual pattern of updating here is to wait for the Defcon level to change… and Woody writes a post like this one, and it always includes a link to a ComputerWorld article. You only need to follow Woody’s instructions for Windows 7, Group A. This month is a little different because he points out there are potential problems for Windows 7, and that users need to make a choice about what option they want to follow, in addition to being Group A or B. Woody has done an awesome job figuring out what the problems are, and what the different options are. You need to make a decision about what path to take… and then follow the instructions for that path.

              In #182158 I isolated out what Woody was saying for Windows 7, Group A people, in his ComputerWorld article. It also has links to information on telemetry in Windows 7, and the Knowledge Base article on Group A updating.

              The March Rollup will include February’s updates, so you don’t have to go back and patch that separately, if you decide to install March’s Rollup.

              Win 7 Home, 64 bit, Group B

              1 user thanked author for this post.
            • #182910 Reply

              heybengbeng
              AskWoody Lounger

              Hello heybengbeng, Welcome to the Lounge. It sounds like you are doing Group A updating, on Windows 7, last having updated with January patches. .

              Hello Elly, i dont know if im doing Group A or not since im just recently join and starting updating my windows. before i never update it XD. when i update so far i only update security rollup update ( every a few months or so), ignoring other important update or optional one. dont know if thats okay or not tho since thats what i always do and never had problem before 🙂

            • #182924 Reply

              Elly
              AskWoody MVP

              @heybengbeng,

              Group A is the updating recommended by Woody for most people. It uses the Monthly Quality and Security Rollups that are offered through Windows Update. These are cumulative, and if you apply the most recent one, you are up to date.

              Group B uses Security Only patches that must be individually applied. They are not offered through Windows Update. There is a Security Only patch issued for every month, since the Rollups started, and each month’s patch must be applied for your OS to be fully patched.

              I assumed, since you said rollup, that you are doing Group A updating.

              Win 7 Home, 64 bit, Group B

            • #183168 Reply

              Bill C.
              AskWoody Plus

              Have the telemetry patches made it into any of the Monthly roll-ups to date?  It seems like that is a separate course on the WU menu so far.

              1 user thanked author for this post.
            • #183271 Reply

              Microfix
              Da Boss

              Datapoint:

              On our W8.1 yesterday, I had noticed checking SDAntibeacon that it is now blocking 1 of 5 where the day previous 4 of 5 CEIP Scheduled tasks were being blocked. I’m now thinking that MS are not honouring switches in W8.1

              Having checked settings for appropriate areas within the OS, everything was as it should be for our system.!?

              NOTE: NO patches were installed for Jan/Feb/March (not even MSRT, licence declined) other than Flash Critical updates.

              ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

            • #183286 Reply

              MrBrian
              AskWoody_MVP

              “Have the telemetry patches made it into any of the Monthly roll-ups to date?  It seems like that is a separate course on the WU menu so far.”

              See my post “What evidence exists that Group B gets less telemetry than Group A?”

              1 user thanked author for this post.
    • #181951 Reply

      anonymous

      ok – this is probably a stupid question – but how do you know if you have  Windows 7/server 2008 R2?

      When I click on computer and properties mine says – windows 7 home premium,  service pack 1 but nothing else.  It is a 64 bit machine with an intel core i7 processor if that matters.

      2 users thanked author for this post.
      • #181958 Reply

        PKCano
        Da Boss

        You have Win7. The “/” means “or.” Server 2008 R2 is a different kind of computer.

        1 user thanked author for this post.
      • #181994 Reply

        walker
        AskWoody Lounger

        @anonymous:  When I click on Computer, there is no line item which refers to “properties”  – – – – I wonder why.  I’m not computer literate, however normally I would have expected to see something referring to properties.    ????

        • #182014 Reply

          Elly
          AskWoody MVP

          Right click…

          Win 7 Home, 64 bit, Group B

          1 user thanked author for this post.
          • #182197 Reply

            walker
            AskWoody Lounger

            @elly:  Thank you SO much for the help!   Mine says the same as “anonymous”, so guess I’m just the WIN7, Home Premium, Service Pack 1.     Your help is very much appreciated!    🙂

            1 user thanked author for this post.
    • #181956 Reply

      anonymous

      on windows 8.1 notebook i’m installing march security only (group b) patches right now, then i go for office 2010, defender, flash patches as every month.

      on windows 7 machine i do nothing. i won’t install buggy march patches and i also won’t rollback to december. i’m gonna rely on askwoody and on noscript for some time.
      what about office 2010 patches on windows 7? can i install these without having windows security only patches installed?

      • #181959 Reply

        PKCano
        Da Boss

        The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.

        1 user thanked author for this post.
        • #181978 Reply

          anonymous

          after reading that article i’m still not sure if i can install office 2010 patches without having installed any march windows security only windows patches.

          if i decide to install security only patches on windows 7 64bit some day (not today) following article 2000003:

          Mar 2018 KB 4088878
          Mar 2018 (IE11) KB 4089187
          Mar 2018 (IE11) KB 4096040 (released 3/23/2018, replaces KB 4089187, fixes “IE11 doesn’t start after installing KB4089187)

          if kb4096040 replaces kb4089187: can i skip kb4089187 and only install 4096040?

          and on windows 8.1 there is one curiosity:
          after applying security only march patches for windows 8.1 (kb4088879 and kb4089187) snooping patch kb2976978 appears BOTH as checked important AND as unchecked optional… that’s weird…

          • #181983 Reply

            PKCano
            Da Boss

            You only need KB 4096040 for IE – it’s cumulative.
            Read the requirements for KB 4088878 – You need to install KB 4099950 FIRST.
            You will also need the fix for Total Meltdown KB 4100480

            3 users thanked author for this post.
            • #181995 Reply

              anonymous

              now i’m totally confused. if i have to install kb4099950 and kb4100480 first, why aren’t these listed in article 2000003? if i just would have followed that, i would have done everything wrong… what a mess!

              is this order/sequence correct?
              1. kb4099950
              2. kb4100480
              3. kb4088878
              4. kb4096040

              for now i stay group w. i’m not going to install any of march updates, i also won’t install kb4099950 and kb4100480. i also won’t rollback to december, so i’m staying on february patch level for a while, relying on panda endpoint protection and noscript (firefox), ublock (chrome)…

              1 user thanked author for this post.
            • #182005 Reply

              PKCano
              Da Boss

              Follow this order
              1. kb4099950
              2. kb4088878
              3. kb4100480
              4. kb4096040

              now i’m totally confused. if i have to install kb4099950 and kb4100480 first, why aren’t these listed in article 2000003? if i just would have followed that, i would have done everything wrong… what a mess!

              The instructions in AKB2000003 are for Group B. Group B does not include the things like hotfixes Microsoft has issued this month.
              Group B is getting almost impossible to follow unless you are extremely computer literate. That is why we have been recommending people choose otherwise.

              4 users thanked author for this post.
            • #182013 Reply

              anonymous

              i will decide monday at the earliest if i patch windows 7. i also wait with office 2010 patches.

              anyway, patching on windows 8.1 notebook is finished. groub b security only windows patches and office, flash, defender and msrt patches installed. 10 in total. after another reboot this curiosity i mentioned earlier remains: snooping patch kb2976978 appears BOTH as checked important AND as unchecked optional… that’s weird…

            • #182017 Reply

              PKCano
              Da Boss

              Hide both of the snooping patches

              3 users thanked author for this post.
            • #182026 Reply

              EricEWV
              AskWoody Lounger

              Would it be a good idea to install KB4099467 as well to mitigate the possible BSOD on logging out issue?  I assume it’d be best to install it last if so?

            • #182037 Reply

              MrBrian
              AskWoody_MVP

              “Would it be a good idea to install KB4099467 as well to mitigate the possible BSOD on logging out issue?  I assume it’d be best to install it last if so?”

              I consider whether to install KB4099467 a close call. I chose not to; I haven’t experienced the issue that KB4099467 fixes yet. For those that install KB4099467, I think it’s best to do so in this order:

              1. Install KB 4088875 or KB 4088878. Do not reboot.

              2. Install KB 4099467. Reboot.

              6 users thanked author for this post.
            • #182160 Reply

              anonymous

              so if installing kb4099467 would make this sequence:

              Follow this order
              1. kb4099950
              2. kb4088878
              2.a. kb4099467
              reboot
              3. kb4100480
              4. kb4096040
              reboot
              office 2010, msrt, …
              reboot

              right?

            • #182182 Reply

              MrBrian
              AskWoody_MVP

              “so if installing kb4099467 would make this sequence:”

              Looks good to me.

              1 user thanked author for this post.
            • #182601 Reply

              heybengbeng
              AskWoody Lounger

              i just recently installed KB4100480 to my pc win 7 64bit. my last security rollup is January rollup. i didnt install february or march rollup yet. is it okay?

              my update sequence

              1. January rollup

              2. KB4100480 (checked, important)

              after install that KB4100480, only february rollup that showup in my windows update

              i read this https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

              and woody said that the total meltdown fix bring bug from march updates. is it better to uninstall it? or should i be okay? and about IE patches, do i need to install it too if i never use IE myself?

            • #182662 Reply

              MrBrian
              AskWoody_MVP

              @heybengbeng:

              That update sequence is ok.

              “woody said that the total meltdown fix bring bug from march updates”

              Here is my analysis of KB4100480.

              “about IE patches, do i need to install it too if i never use IE myself?”

              Yes you should.

              “after install that KB4100480, only february rollup that showup in my windows update”

              Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

            • #182918 Reply

              heybengbeng
              AskWoody Lounger

              @mrbrian

              “Here is my analysis of KB4100480.”

              so from what i read from your analysis :
              IE, NIC and SESSION_HAS_VALID_POOL_ON_EXIT (ab)” stop error is not included in KB4100480. well so far i didnt use IE(my IE still IE8 i think), and no bsod so far so i think its good.
              and since my pc is win 7 64bit i5 3470 i think i should be okay from PAE and SSE2 known issue right? well at least with your analysis i now know my pc should be okay 🙂

              “about IE patches, do i need to install it too if i never use IE myself?”

              “Yes you should.”

              any reason why i should update IE if i never use it? i think my IE still IE8 tho. this is my first time updating windows. so far i only update security rollup(May 2017,January 2018) ignoring other important and optional update

              so i guess its better for me now to wait till good patch rollup come out right? since based on your analysis January rollup + KB4100480 should be okay(at least Total Meltdown got patched) and shouldnt give me known issue from March update. so i guess i will wait and see if April or May rollup is good or not.

            • #182937 Reply

              Elly
              AskWoody MVP

              Internet Explorer (IE) was integrated into the Windows Operating System, by Microsoft. Even if you don’t use it, since it is part of your OS, you need to keep it updated.

              There are problems that we are dealing with, the last three months, that are related to bugs in the patches that Microsoft has issued. Those are the ones related to NIC, causing network connection problems you refer to. They are potential side-effects of patching.

              There are other problems that you might not be aware of, but are vulnerabilites to malware or viruses, that are patched by the Security Only, or security part of the Rollup patches. You wouldn’t be aware of them, until after your system is compromised, but the patches help avoid getting them in the first place. Actually, some are so sneaky, you could be compromised, and not be aware of it, and be spreading bad stuff to others. You could go years and not get any (depending on your browsing and downloading habits) even if these openings to malware exist on your system… but it is probably better not to be vulnerable.

              It would be wise to review how you are patching, and make sure your system is up to date.

              Win 7 Home, 64 bit, Group B

              1 user thanked author for this post.
            • #183343 Reply

              heybengbeng
              AskWoody Lounger

              Hi Elly,

              if its for security then isnt installing security monthly rollup is enough ( thats what i did so far since it said it will include every security update on monthly rollup), thats what makes me confused

              if i read this article : https://support.microsoft.com/en-us/help/4096040/cumulative-security-update-for-internet-explorer-march-23-2018

              it said those IE cumulative fixes already included in monthly security rollup, so i assume that cumulative IE update should include security and non security update. while security update for IE etc will be included in monthly security rollup, the non security update wont be included right?

              correct me if im wrong since im new at this updating windows thing :(, this is just me assuming from what i read

              so installing monthly security update should be enough or not if the user never use IE anyway to get any benefit like new feature or improvement from IE non security update(which included in cumulative security for IE), since the security update for IE included in monthly rollup

               

            • #183348 Reply

              PKCano
              Da Boss

              The Monthly Rollup contains three parts: non-security updates, security updates, and the IE11 Cumulative.

              Those who do not install the Rollup need to install the Security-only update and the IE11 Cumulative. So they get two of the three parts on the Rollup.

              1 user thanked author for this post.
            • #182370 Reply

              OldBiddy
              AskWoody Lounger

              Thanks PkCano, this is very helpful. I’m afraid though, that I installed kb4088878 before installing kb4099950, which was optional for me so I didn’t notice it. I did install kb4100480 after installing kb4088878, but was never offered kb4096040. Have to say this must be the busiest forum thread I’ve seen in a long time!

            • #182076 Reply

              The Surfing Pensioner
              AskWoody Plus

              Susan Bradley says of kb 4096040. “Only install if you have installed the March Windows 7 updates”. As I have no intention of installing the March Windows 7 updates, I assume that means I don’t need kb 4096040 either. Is that right? Many thanks.

            • #182103 Reply

              MrBrian
              AskWoody_MVP

              @The Surfing Pensioner: Do you want to install a March 2018 cumulative update for Internet Explorer or not?

            • #182180 Reply

              The Surfing Pensioner
              AskWoody Plus

              Strange question. As I said in my previous post, Susan Bradley advises not to instal kb 4096040 unless you are installing the March 2018 Windows 7 updates – presumably the March roll-up or security patch. I intend to install neither, at least not at the present time. If her advice holds, therefore, I should not install the March 2018 IE cumulative update either. I am simply asking whether we have consensus on that point. Please let me know if I’m not being clear.

            • #182183 Reply

              MrBrian
              AskWoody_MVP

              @The Surfing Pensioner: There is more than one March 2018 cumulative update for Internet Explorer; there is also KB4089187. I’m not sure if you’re trying to avoid just the Windows 7 March 2018 update, or all of Microsoft’s March 2018 updates.

            • #182193 Reply

              The Surfing Pensioner
              AskWoody Plus

              As I have said, I do not intend to install the Win 7 March 2018 update at the moment. Neither have I installed kb 4089187, due to reported bugs. However, I would normally update my IE provided the latest cumulative update appears bug-free. In my circumstances, Susan Bradley would seem to advise against this. Do you agree?

            • #182259 Reply

              MrBrian
              AskWoody_MVP

              @The Surfing Pensioner: KB4096040 has the fix for an issue in KB4089187. You probably wouldn’t experience this issue. It’s your call as to which to install.

            • #182297 Reply

              The Surfing Pensioner
              AskWoody Plus

              What the information on kb4096040 actually says is that: ” This security update resolves several reported vulnerabilities in IE 11 running on Win. 7 SP 1. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in IE. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures. This security update also includes improvements and fixes for IE 11 that resolve the following issues: IE 11 does not start after you install the March 13th 2018  IE cumulative  update for IE.” – Which sounds to me as if kb4096040 potentially includes security fixes that might well be an asset. Kb 4089187 on the other hand, as stated here, is a buggy update which kb 4096040 was issued (amongst other things) to fix. I’m (thankfully) not stupid enough to install it and I’m very surprised to read you encouraging any Win. 7 user to do so, since it cripples the browser. I was unsure whether Susan Bradley’s advice against installing kb 4096040 unless one is also installing the Win. 7 March 2018 update (roll-up or security) was to be taken unequivocally but, since you appear not to know the answer, I shall err on the side of caution and follow it. Come the April 2018 IE cumulative update I shall be up-to-date, anyway.

            • #182314 Reply

              MrBrian
              AskWoody_MVP
    • #181967 Reply

      EricEWV
      AskWoody Lounger

      What order should Windows 7 Group B install these updates?  That is if it’s safe to, seeing as the Master Patch List still advises holding off installing the security-only update.  I’m pretty certain the NIC script goes first, but I see fixes for BSODs and such.  Considering I already have the Total Meltdown fix installed, I don’t think I’ll have to reinstall it since Windows Update, from what I read on here, should be smart enough to not overwrite it.

       

      I also apologize if this is a double post, had a connection error trying to send this.

      • #181970 Reply

        PKCano
        Da Boss

        The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.

        1 user thanked author for this post.
        • #181982 Reply

          Demeter
          AskWoody Plus

          I see many of you asking for the order of updates to install and right now my recommendation is:

          If you have any January through March update installed, make sure KB4100480 is installed.

          Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.

          I did install KB4100480 as per Patch Lady’s March 31 post. (Above) I didn’t roll back to Dec.2017. Should I have rolled back? I have just read the Computerworld Article. Now I’m confused. Win 7 Pro x 64 i7 Haswell

          • #181999 Reply

            Elly
            AskWoody MVP

            From Woody’s Computer World Article:

            “As of this moment, EVERY Windows 7 / Server 2008 R2 64-bit patch released this year opens a gaping security hole commonly called “Total Meltdown.” In addition, recent patches have a healthy collection of bugs that range from blue screens (STOP messages), to blocking Internet Explorer 11, to a particularly debilitating bug for folks running servers that leads to lockups due to SMB leaks.”

            That is EVERY Windows 7 64 bit patch… which means using any of those patches will open up an easily exploitable hole in your system… although they will ‘patch’ regular Meltdown and Spector vulnerabilities, that do not, as yet, exist in the wild…

            Hmmm… big, easily exploited hole that even novices can code for, or patches for relatively difficult exploits not in circulation…

            or, phrased differently…

            Huge risk (install patches)… vs. almost no risk (don’t install patches)…

            I’m not confused… I’ll go the almost no risk route…

            And I didn’t even address the other risks (BSOD) the patches have…

            The evidence for not patching gets stronger…

            But, as always, back up your data!

            Win 7 Home, 64 bit, Group B

            7 users thanked author for this post.
            • #182206 Reply

              Jan K.
              AskWoody Lounger

              But, as always, back up your data!

              And not least your system drive/partition.

              Have never been more important in all the time of using computers.

              The irony is that it’s not in fear of virus, highjacks, malware etc. but… Microsoft.

              Sigh.

              4 users thanked author for this post.
    • #181961 Reply

      anonymous

      Should those of us in Group B (Win 7 Pro x64) with both Jan & Feb security only patches installed, just install KB4100480, then IE Security update for March, and then any Office 2010 patches from March and hold off installing March Security Win7 only update?

      • #181971 Reply

        PKCano
        Da Boss

        The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.

        • #182284 Reply

          Marty
          AskWoody Plus

          Woody’s Computerworld article doesn’t mention KB4100480.  As I understand the situation, there are two basic choices:  (1) Forget about KB4100480 and roll your machine back to the December patches; (2) Keep January/February patches and install KB4100480.

          2 users thanked author for this post.
          • #182285 Reply

            MrBrian
            AskWoody_MVP

            I did this one:

            (3) Install March 2018 updates and KB4100480.

            3 users thanked author for this post.
            • #182387 Reply

              walker
              AskWoody Lounger

              Mr. Brian:   It was the KB4100480 that I was trying to find the number on.   I installed this one as soon as we were told to, which is one reason my “list”  is not matching yours exactly.  I will try to begin learning to do the “setting restore point”, or “back-up” before I attempt to install anything.   It may not be possible for me to do this.   If I can just get the knowledge to have deal with these kind of security issues.   Once false move and I’m “shot down”.     Thank you once again.    🙁

            • #182524 Reply

              Marty
              AskWoody Plus

              Windows 7 normally sets a restore point automatically before installing updates from Windows Update.

            • #182905 Reply

              johnf
              AskWoody Lounger

              Windows system restore is very useful. However, don’t always presume it’s turned on! Check to make sure…

              https://www.online-tech-tips.com/windows-vista/enable-disable-system-restore-vista/

               

               

    • #181972 Reply

      AJNorth
      AskWoody Plus

      Woody’s article in Computerworld went online a little while ago:

      Get the March patches for your Windows machines installed, but watch out for Win7

      https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

      4 users thanked author for this post.
    • #181980 Reply

      Elly
      AskWoody MVP

      I am not feeling lucky, and am choosing to hold tight, Group B updating current to December 2017.

      Microsoft hasn’t been able to manage patching, and I can’t help hope that they realize that, and return to individual updates… three months of unsafe patching havoc, and soon we will be face to face with month four… and for me, the safest thing is to sit (temporarily, I hope) on the Group W bench.

      Win 7 Home, 64 bit, Group B

      10 users thanked author for this post.
      • #181987 Reply

        Microfix
        Da Boss

        Elly, I am feeling lucky and still holding on Dec 2017 updates, to see what April brings.

        Probably more showers!

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        5 users thanked author for this post.
      • #182283 Reply

        Northwest Rick
        AskWoody Lounger

        I’m with Elly.  My Win7 64b now restored to Dec 2017.  I suspect IE updates are a separate track not needing roll-back (guidance did not address), but I zapped those as well.  Don’t use IE anyway.  At this point, I am not willing to ass-you-me ANYTHING.  Like a 3rd or 4th  remarriage, waiting for M$ to miraculously set everything right in April seems to me the triumph of hope over experience.

        So I too now sit on the Group W bench.  And I’m not leaving until there is compelling reason to do so.

        Whoever came up with “When the going gets tough, the tough get going!” did not anticipate being Group B in 2018!  If she had, she would have written “When the going gets tough, the tough remain determined but follow a rational plan, and the reckless plunge into the unknown!”  I have to admit, though, the original phrasing is more catchy!

        May The Force be with us!

         

        2 users thanked author for this post.
    • #181985 Reply

      FakeNinja
      AskWoody Lounger

      I’m on Win 7 x64 and I installed the March patch that should fix the whole exploit that Microsoft caused and wow… THAT was a mistake! That update made my machine glitch out and run extremely slowly, it took about 2 seconds just to open explorer, folders, files etc which made me crazy. I uninstalled the update and now things are running normally.

      7 users thanked author for this post.
    • #181986 Reply

      The Surfing Pensioner
      AskWoody Plus

      Hmmmm………………………….Who said ‘Group W’ was dead? I’d love to hear Canadian Tech on this little scenario!

      5 users thanked author for this post.
    • #181989 Reply

      anonymous

      Which updates are safe for people on 1709 to install?

      • #181992 Reply

        PKCano
        Da Boss

        Read Woody’w article in ComputerWorld (linked on the main blog page)

        • #182047 Reply

          anonymous

          According to Woody’s Article he released today it says:
          Windows 10
          Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.

          Yet I am wondering about this found in the march 28th article regarding 1709 re-releases:

          https://www.computerworld.com/article/3216425/microsoft-windows/microsoft-patch-alert-windows-7-takes-the-brunt-of-march-patching-problems.html

          Version 1709 – the Fall Creators Update — saw an emergency fix, KB 4090913, on March 5, which fixed a bug introduced in the February round of patches (and rendered some machines unbootable); a “regular” Patch Tuesday patch, KB 4088776 on March 13; and a big out-of-out-of-band patch KB 4089848 on Thursday, March 22. The biggest complaints involve the usual chorus of patches that refuse to install, and driver problems. Reports of INACCESSIBLE_BOOT_DEVICE bluescreens are tapering off.

          So can you please tell me what updates are safe-Here is the ones I’ve hidden and deciding which ones to install tomorrow or sunday night.

          cumualtive update: KB4088776

          Update for win 10 1709 x64 based systems: KB401994 and KB4058043

          Update windows antivirus platform: KB4052623

          The other is adobe player and malicious software tool which I know are safe-i just need to know if the ones I’ve listed are safe to install.

          • #182064 Reply

            PKCano
            Da Boss

            All I can do is requote Woody

            Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.

          • #182102 Reply

            woody
            Da Boss

            Follow the steps in the article and you’ll be OK.

            There are lots of patches floating around. For 1709, run Windows Update and let it sift out which ones need installing.

            • #182133 Reply

              dononline
              AskWoody Plus

              Woody, you may recall that I’m the guy on 1607 that, whenever Windows Update Service sniffs out that any of my three computers have the service turned on, up pops the Windows Upgrade Assistant and the upgrade to 1709 begins immediately, no questions asked. At least that’s what happened when I turned it on to check for and hide the March Updates with WUMT. I quickly unplugged my router and went through the process of removing all vestiges of what the Upgrade Assistant had done, and then used all the suggested ways I could find to block it from running again. Still, every time I turned on the Update Service, it immediately installed KB 4023057. I didn’t wait to see if the upgrade to 1709 still begins with no warning. I just went through the process of cleaning up after it again and haven’t turned on the Update Service since.

              As a result, I installed all the March updates manually by downloading them from the Update Catalog. Since this was my first time doing that, it took quite a while and much frustration getting everything figured out. Anyhow, I’m just wondering if MS is still force feeding us KB4023057 if the Update Service is turned on, and if it’s still forcing the upgrade to 1709? Have you, or anyone, heard anything about whether this is still happening?

            • #182630 Reply

              mindwarp
              AskWoody Lounger

              I can’t remember offhand what version of Win10 locked down staff PCs (that automatically reimage when rebooted) at work are, since I’m off today, but we’re still getting the forced upgrade attempted, necessitating shutdowns on those (the upgrade will fail anyway because of the blocks, and a reboot will reset the PC). They’ll get bumped up next month, and I did pass on the image file execution options debugger registry method to IT to block upgrades, as it is working for me (although I am biting the bullet and upgrading now).

              2 users thanked author for this post.
            • #182681 Reply

              MrBrian
              AskWoody_MVP

              “I did pass on the image file execution options debugger registry method to IT to block upgrades, as it is working for me (although I am biting the bullet and upgrading now).”

              I’m glad to hear that the image file execution options debugger registry method is working for you :). Which exe’s are you blocking with it?

            • #182846 Reply

              mindwarp
              AskWoody Lounger

              See my comments in the thread about blocking updates: I ran the script from pastebin by AveYo that was linked, without any modifications, although it was a recent version of the script as I download it over a week ago, when I started on the slow process of updating two computers that hadn’t been run in about a year, one with a bunch of programs on it and heavily modified that therefore took a while to prep (mine 😀 ). However, since my PC took a while to get ready and has been rebooted multiple times and has been online with the exception of the actual installation of the 1709 .iso, it was a good test of the script since MS did start sneaking on the prep patches before I yanked out my wifi adapter, uninstalled the one that snuck on, and ran the script. Interestingly, MS doesn’t wipe the registry settings when actually upgrading Win10, so you do have to remember to rerun the script to toggle updates back on to get fully updated after upgrading.

              1 user thanked author for this post.
      • #181993 Reply

        Microfix
        Da Boss

        As per woody’s article, all windows 10 patches are ok see here

        For further specific versions of Windows 10 see Woody’s linked article see there

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #182003 Reply

      pmcjr6142
      AskWoody Lounger

      Just read the Computer World article.  I’m taking the advice I liked the most…if you don’t feel lucky, don’t do anything and hope MS fixes this mess in April with better patches.  It’s not worth the risk to take a chance and update.  The only checked patch I have is KB4100480.  I think I can live without it.  My backup plan is this…I have an appt at the Apple store this Sunday for a new iPhone battery.  While there, I’m going to start shopping for and considering an iMac.

      • #182106 Reply

        woody
        Da Boss

        If you don’t have an overwhelming need for Windows – that is, if you don’t need to run a program that only runs on Windows – seriously look at Chromebooks, too.

        Google mines all your data. Apple doesn’t. That’s a dealbreaker for some. But if you’re using Chrome and Google Search anyway, the Chromebook is fine.

        3 users thanked author for this post.
        • #182394 Reply

          Charlie
          AskWoody Plus

          Women and children only!  Men go down with the ship.  The Carpathian is on its way.

          Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

          2 users thanked author for this post.
          • #182450 Reply

            OldBiddy
            AskWoody Lounger

            It does seem like we’re on the Titanic sometimes ?. But it doesn’t bode well for the future of Windows…

          • #182714 Reply

            Geo
            AskWoody Plus

            Here`s a suggestion.  You might want to move the deck chairs around the Titanic.  Will help for awhile.

      • #182430 Reply

        MrJimPhelps
        AskWoody_MVP

        …or consider running Linux Mint on your current computer.

        Get a good backup of the whole thing, create a Linux Live DVD, and run it for a while, to see what you think. If you like it, click the Install icon.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        2 users thanked author for this post.
        • #182431 Reply

          JohnW
          AskWoody Plus

          That’s the best Windows patch, EVER!!!  😉

        • #182437 Reply

          PKCano
          Da Boss

          Isn’t Linux OFF-TOPIC here?

          • #182451 Reply

            JohnW
            AskWoody Plus

            What about ChromeOS?

            • #182453 Reply

              PKCano
              Da Boss

              Woody has a blank check – the rest, well…..
              Stay on topic. Not every thread is about Linux!

              1 user thanked author for this post.
            • #182460 Reply

              JohnW
              AskWoody Plus

              🙂

    • #182000 Reply

      anonymous

      If I’m in Group B (Win 7 Pro x64) with both Jan & Feb security only patches installed, should I in this order…> (1) install KB4100480, –>(2) then install IE Security update for March, and —>(3) then install any Office 2010 patches from March and—> (4) for now hold off installing March Security Win7 only update? Thanks in adv.

    • #182006 Reply

      bobcat5536
      AskWoody Plus

      Windows 7 Pro ( 1703 )…March updates went well and my Window 7 is staying right where it is. It’s running really well after rolling back to Dec.

    • #182007 Reply

      anonymous

      For those with 1709, is it safe to install the march monthly updates?

      • #182015 Reply

        PKCano
        Da Boss

        Woody’s main blog article says that is the case.

      • #182027 Reply

        anonymous

        Woody has an opinion and that’s fine. However, since Windows 10 updates include all previous updates, it’s safe to wait until Patch Tuesday next week and let Windows Update take care of, especially for Windows 10 1709. If you hit the ‘Check for updates’ button now, you’ll only get the latest preview release of the patches (KB4089848 (OS Build 16299.334))! ‘Stable’ updates are shipped on Patch Tuesday only! All other updates are previews and you shouldn’t touch. So, don’t touch the switch, don’t touch the button, don’t touch nuttin.

        • #182029 Reply

          PKCano
          Da Boss

          I doubt seriously that waiting four more days will hurt anything as far as the computer is concerned. But you might want to wait even a little longer to be sure there is no gotcha in the upcoming CU either.

          • #182110 Reply

            woody
            Da Boss

            … and that’s precisely the gotcha. What if Tuesday’s patches are worse than the current ones?

            5 users thanked author for this post.
            • #182489 Reply

              anonymous

              You’re right! That’s why the best time to install Patch Tuesday updates is the day before previews get shipped (3rd Tuesday of the month). As soon as previews are out, it’s too late again..

    • #182021 Reply

      James Bond 007
      AskWoody Lounger

      No, as of this time I still won’t patch my Windows 7 x64 systems as I consider this mess still not resolved to my satisfaction. They will stay at the December 2017 patch level for as long as necessary.

      I will, however, patch my Windows 8.1 x64 systems with the March Security-only updates soon.

      Hope for the best. Prepare for the worst.

      4 users thanked author for this post.
      • #182046 Reply

        MikeFromMarkham
        AskWoody Lounger

        This is exactly the way I plan to handle this mess now that I’ve uninstalled the January and February patches from my Windows 7 x64 desktop PC. Staying in Group B is getting more difficult by the month, but not impossible thanks to Woody and all the other knowledgeable contributors on this site. A big thank you to everyone.

        6 users thanked author for this post.
        • #182235 Reply

          anonymous

          We still have to patch the Win7 boxes at work for obvious reasons, but I’ve thrown in the towel on my home Win7 systems.

          Whether by sheer incompetence or malicious intent, Microsoft is dismantling (brick by brick) the previously-reliable, stable, and hassle-free experience that Windows 7 provided for so long. And I don’t believe it’s just Spectre/Meltdown related.

          I’ve upgraded all but two Win7 boxes at home to 8.1. The last couple are Group W effective immediately. Rolling back to December 2017, with no more ‘net access for those guys.

          My other tinfoil hat wonders how long it’ll be until Microsoft does the same to Win8.1.

          3 users thanked author for this post.
          • #182241 Reply

            Microfix
            Da Boss

            My sentiments and thoughts exactly. How coincidental and opportunistic for an ailing PC market over the last few years.

             

            ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

            3 users thanked author for this post.
          • #182317 Reply

            WildBill
            AskWoody Plus

            My other tinfoil hat wonders how long it’ll be until Microsoft does the same to Win8.1.

            I’m wondering, too. Win 7 has less than 2 years of extended support left. Win 8.1 dropped out of mainstream support in January & has less than 5 years of extended left. Sadly, when Microsoft can convince (or force) most of the remaining Win 7 users to upgrade to Win 10 Whatever, then Win 8.1 is the next target.

            Windows 8.1, 64-bit, now in Group B!
            Wild Bill Rides Again...

            3 users thanked author for this post.
            • #182550 Reply

              Ascaris
              AskWoody_MVP

              I don’t think that MS will ever get around to attacking Windows 8.1 like they have Windows 7.  Windows 8.x is in use by such a small cadre of users (on par with the number of users that are still using XP four years after it stopped getting regular security updates) that it seems to be below the radar.  Windows 7 is the big target.   Windows 8, as far as most are concerned, is already dead.

              The tech press has repeatedly told us (during the days when the “should I take the free upgrade to Windows 10” articles were all the rage) that while Windows 7 users may well want to avoid the upgrade, it’s a no brainer for Win 8 users to move to 10.  The message appears to have gotten through, as I’ve seen so many comments on various sites where people have written that as bad as 10 is, 8.x is worse.

              Naturally, I will always take that opportunity to point out why I think 8.1 is far better than 10, but it is shoveling sand against the tide.  It is obvious that the idea that 8.x is even worse than 10 is pretty widespread, almost considered common knowledge.  It’s just a small group of tech-savvy people who use 8.1 now; it’s kind of an open secret of sorts among people who know how to de-silly it and get the extra three years of support out of it as well as avoiding at least this one latest Microsoft “Oops!”

               

              Group "L" (KDE Neon User Edition 5.16.4).

              3 users thanked author for this post.
            • #182683 Reply

              anonymous

              I hope you’re right about Microsoft not being too concerned with 8.1. It does make sense considering 8.1 never had significant market share.

              When Windows 8 first arrived, it did have serious issues. The 8.1 update made things better. I use Classic Shell to revive the full Start Menu, and I also disable all the Charms. Desktop Mode is the only mode in use.

              I’ve found Windows 8.1 to be faster and more responsive than Windows 7, especially on SSDs. Yes, there are still a few things I’d prefer were more like Windows 7, but Classic Shell helps a lot. It seems to be just as stable as Windows 7 now that it’s been out for a while. Compatibility seems to be similar to 7, with a few exceptions. As much as I love Windows 7, I am keeping it as a legacy system (and not connected to the Internet). It will be a sad day when 8.1 is end of life.

              I have five physical computers and four virtual machines. Only one physical system runs Windows 10, and that is used for gaming and for watching movies. This system matters the least to me when it comes to forced updates and telemetry grabs. There’s no real importance to any of the data stored on the gaming system. I’ve already moved to a Mac for my daily system, so I feel prepared for whatever Nadella throws my way.

              I believe that Windows 10’s personality will shift over the next 10 years into a pure SaaS. Think Office 365, but for a Windows OS. Enterprises will be the only folks who will have a higher level of control of their systems (as much as MS will allow). The rest of us will be on Windows Cloud or whatever.

      • #182126 Reply

        mulletback
        AskWoody Plus

        So far all the Win7x64 OS patches with a 2018 date have been poison. I’m standing pat at December 2017, maybe going to group W.

        3 users thanked author for this post.
    • #182022 Reply

      Zaphyrus
      AskWoody Lounger

      I am happy that march patch for those using 1709 is finally stable, but in my opinion for those like me, that are in 1703, we should skip 1709.

      there’s no guarantee that 1709 will be more stable after Windows shift its focus to 1803.

      Just someone who don't want Windows to mess with its computer.
      • #182052 Reply

        anonymous

        Sooo Zaphyrus all the patches are safe to install for 1709 for march even the double Update for win 10 x64 system and cumulative update?

        • #182068 Reply

          Zaphyrus
          AskWoody Lounger

          According to Miss.Susan and Mr.Woody, indeed they are finally safe to install. I have 1703, so I can’t really confirm that to you since I hate 1709.

          For those that want to convice me how good is 1709, I already gave up in 1709. so even if Mr.Woody and Ms.Susan says that it contain the secret of the holy grail I wont update to it, I will wait for 1803.

          Just someone who don't want Windows to mess with its computer.
          • #182134 Reply

            anonymous

            Well @zaphyrus I still ponder about installing 1803, I’m gonna hide the feature update 1 min after 12pm on the 10th along with the other updates and debate when to install it. I have WUHide to hide updates and at least that gives me control over what I install on my computer. And also once any bugs or glitches that are in 1803 are fixed, I’ll wait until Woody gives the OK GO to install it. HOPEFULLY WINDOWS/MICROSOFT will not force people ot upgrade like they did a few weeks ago-Believe me I WAS A VICTIM OF forced upgrading. At least my computer installed 1709 perfectly (It’s only almost a year old come this june :3 and it’s a Lenovo Ideapad 320-WHICH I believe is a more sensitive, friendlier and durable computer brand than the others out there-It even has it’s own unique typing-like button on the keyboard than the usual stand alone press one. AND IT HAS A built in battery-almost like how 3DS and tablets have built in batteries.)

            But anyway if everything goes as smoothly on tuesday for me then I don’t have to worry and even in 4-5 months should windows force to upgrade me at least I know that it’ll be safe since they worked the kinks out. Hopefully during the 4-5 month while hiding the update, I’ll be accomplishing a lot in my real life time-including finishing my long-awaited poetry book and planning an open mic poetry night program (which got approved by my boss at the library :3 )

            As a woman with autism-for me I have a daily routine on how I care for my computer: Wake up, use a dust cloth to clean exterior (full detail on sundays), dust off mouse, lint clean the mousepad, plug in power charger, sign in, use ccleaner, advanced system care, disk cleanup, check for any updates using WUHide, sign into my sites and go about my day with either watching anime, writing and other stuff. For Patch tuesdays, I make sure to HIDE updates 1-2 mins after 12pm (My WU is disabled at the time since it only activates at 7pm at night which is convenient for me) and double check to make sure it’s all hidden even before work. Then I come home to check if WU is still disabled otherwise I disable and stop it if it switched itself back on.

            So you see I kinda take my computer routine quite seriously and special care for me, though I shouldn’t worry very much but again as an aspiring writer soon to publish her poetry book and doing other stuff on it, I can’t allow windows/microsoft to keep pestering or bugging me each time when they release new versions of their product. As long as I have this site, Patch Lady, Woody, PK and all of you users with all the 411 on the 911, then I have nothing to worry about.

            • #182156 Reply

              Zaphyrus
              AskWoody Lounger

              Since you have 1709, and  if its stable and everything works fine for you,   I advice to remain in 1709 as long as possible and wait until 1803 is stable. (I have 1703, therefore I only have the rest of this month, May, June, July,August and September to wait for it to be stable enough to upgrade)

              I thought I was the only one that checked updates with Wushowhide. instead of Windows Update.lol.

              As long as you do that and set your connection to metered, Windows Update won’t surprise you, at least in my computer it doesn’t run unless I ask for it.

              Just someone who don't want Windows to mess with its computer.
    • #182043 Reply

      OscarCP
      AskWoody Plus

      This is something not mentioned in Woody’s Computerworld article, so I am asking here in case anyone knows:

      In order to close the “Total Meltdown” hole while keeping the Security Only updates of January and February I’ve already installed, is it advisable to do the following?

      Now (to fix another bug and to close the hole):

      Install (1) KB4099950 ; (2) KB400480.

      When it looks like the Security Only update for March finally is OK:

      (1) De-install KB400480 ; (2) install KB088878 (or whatever the Sec.Only KB number is then); (3) install again KB400480.

      Thanks in advance.

      • #182048 Reply

        MrBrian
        AskWoody_MVP

        In your case, assuming that you are using a x64 operating system, if you want to fix the Total Meltdown vulnerability, I would install KB4100480 now. There should be no need to uninstall KB4100480 later when you’re ready to install KB4088878. Before you install KB4088878, you should install KB4099950. You may wish to consider whether to install KB4099467. If you do decide to install KB4099467, it’s probably best to install KB4099467 after KB4088878 but without a reboot in between.

        5 users thanked author for this post.
        • #182073 Reply

          OscarCP
          AskWoody Plus

          MrBrian & PKCano,

          Thanks, and yes, my PC’s OS is Windows 7 x64.

           

      • #182049 Reply

        planet
        AskWoody Lounger

        I’m under the impression that you can leave KB4100480 installed and it’s newer files will not be overwritten but remain in place due to Smart features. I installed KB4088878 tonight after installing KB4100480 last wkend. I think MrBrian tested this and the files weren’t overwritten. So I’m hoping that’s the case and I’m protected from Total Meltdown.

        Group L (Linux Mint 19)
        Dual Boot with Win 7
        Former
        Group B Win 7 64 bit

        1 user thanked author for this post.
    • #182042 Reply

      anonymous

      Win7 x64 on Zbook 17 workstation. Strictly Group B. Had on-board all security only updates since the last Defcon 3 but had done nothing whatever since. (All roll-ups had been hidden as usual.)

      Decided to give it a whirl and crossed my fingers and toes. Did the revised March IE 11 update first. Then turned on Windows Update. Updated Defender first and installed that update individually.

      As Important and checked, had KB4099950 and KB4100480 offered along with the MSRT and various Office 2010 updates, some of which were checked. Each of the above were installed individually. A couple of unchecked Office patches were ignored but not hidden.

      Was NOT offered KB4088875, so assume that March roll-up has been pulled. Just hoping KB4100480 was a fix and not a Group A roll-up! Nothing in the documentation indicated to me that it was. Hmmm…

      As of yet have noticed no difference in function, fingers crossed… Such fun…, NOT. Turned Windows Update off until the next Defcon 3 or better, (fat chance). 🙁

      • #182077 Reply

        MrBrian
        AskWoody_MVP

        “Was NOT offered KB4088875, so assume that March roll-up has been pulled”

        KB4088875 has not been pulled. See https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182023.

        1 user thanked author for this post.
        • #182109 Reply

          anonymous

          Thanks. Hid the previews, however as Group B have no desire to install a roll-up. Just hiding previews, KB4088875 still doesn’t show. While installing only Security Only updates prior, I’ve still been offered the monthly roll-up every time…, except in this case. If KB4088875 isn’t being offered now, did KB4100480 supplant it??? Or do I still need KB4088878 at all?

          • #182272 Reply

            MrBrian
            AskWoody_MVP

            Group B still needs to install KB4088878 sooner or later.

            • #182804 Reply

              anonymous

              Perhaps hoping foolishly that MS will revise this update to correct the BSOD/Stop Error bug, et al. before taking this plunge or installing WITH the mysterious BSOD patch. Not a fan of BSOD’s especially on weekends or uninstalling updates. 🙁

              Related question, can you confirm whether the patch witch fixes the smart card error does ONLY that, or is a “roll-up” which triggers Group A, and whether or not this patch is even needed for my on-board smart card reader as I’ve strictly followed Group B, i.e. did only the roll-ups introduce that issue? I’ve read conflicting info and am confused. Thanks!

            • #182805 Reply

              PKCano
              Da Boss

              The only fix for the Smart Card I’ve seen was issued as the 2018-1 Preview KB 4091290 – that is essentially a Rollup with the Feb non-security patches added on. @mrbrian might be able to say if the Feb or March Security-only updates fixed the bug.

            • #182885 Reply

              MrBrian
              AskWoody_MVP

              KB4074587 no longer is listed as having the smart card issue.

    • #182045 Reply

      planet
      AskWoody Lounger

      Took the plunge on Win 7.
      Had already installed KB4100480 last wkend. Tonight, installed KB4088878, infer that KB4099950 was bundled with it, KB4096040, all from the catalog. Installed 3 Office security patches via WU. WU was offering KB2952664 as a checked important update. That is now hidden.
      So far so good. PC is functional, posting from it.
      Thanks to everyone here guiding this very difficult path.

      Group L (Linux Mint 19)
      Dual Boot with Win 7
      Former
      Group B Win 7 64 bit

      1 user thanked author for this post.
      • #182050 Reply

        PKCano
        Da Boss

        KB4099950 was NOT bundled with the Security-only update and it should have bee installed BEFORE KB4088878.

        4 users thanked author for this post.
        • #182074 Reply

          planet
          AskWoody Lounger

          Thanks for that. I just finished using a powershell command search and as you say, it’s not there. Oh well, doubt I’ll uninstall 4088878 to then install 4099950. I don’t use static IPs nor have a NIC issue so I’m hoping I’m good. I’m wondering, will this effect static IPs hereafter in the event I decided I wanted to use them at some point???

          Group L (Linux Mint 19)
          Dual Boot with Win 7
          Former
          Group B Win 7 64 bit

          • #182081 Reply

            MrBrian
            AskWoody_MVP

            “I’m wondering, will this effect static IPs hereafter in the event I decided I wanted to use them at some point???”

            I doubt it.

      • #182051 Reply

        MrBrian
        AskWoody_MVP

        KB4099950 apparently isn’t being bundled with KB4088878. Group B users should install KB4099950 before installing KB4088878.

        2 users thanked author for this post.
        • #182070 Reply

          byteme
          AskWoody Plus

          Probably a dumb question:

          I was thinking 4099950 was irrelevant to me because I’m not on a network. But on second thought, does the fact that I have a Spectrum internet connection mean I’m “on a network” to the extent of making 4099950 advisable (before I install 4088878, which I’m holding off on for the moment)?

          • #182078 Reply

            MrBrian
            AskWoody_MVP

            I’m not sure but I think it’s better to be safe than sorry, and install KB4099950 before.

            1 user thanked author for this post.
          • #182079 Reply

            PKCano
            Da Boss

            If  you have an Internet connection, you have a Network card in your PC. 4099950 corrects problems with network cards (NIC). So yes, it needs to be installed first.

            3 users thanked author for this post.
    • #182056 Reply

      TheSuffering
      AskWoody Lounger

      So just to be sure the monthly roll up for win7 32bit is clean right? No memory leaks or bsod? As for my 64 bit machine I will hold off patching as I use it mostly for storage, I will install if indeed an exploit arises

      • #182065 Reply

        MrBrian
        AskWoody_MVP

        “So just to be sure the monthly roll up for win7 32bit is clean right?”

        I disagree. Of the issues listed at https://support.microsoft.com/en-us/help/4088875, there is nothing there that is noted to be specific to 32 bit or 64 bit except for issue “A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled.”

        2 users thanked author for this post.
        • #182087 Reply

          TheSuffering
          AskWoody Lounger

          It says there that the update is only made available if the machine has PAE enable, is this true or false? And does this mean the bugs apply to both versions of 7 ? Because from woody’s post on computerworld it makes it appear as if the 32bit version is less problematic than the 64 one

          • #182101 Reply

            MrBrian
            AskWoody_MVP

            “It says there that the update is only made available if the machine has PAE enable, is this true or false?”

            Good catch :). I didn’t notice that before. I don’t have any independent info if that’s true or not. That issue should only apply to those who use a 32-bit processor with the 32-bit version of Windows. 64-bit Windows users have the Total Meltdown vulnerability issue though.

            2 users thanked author for this post.
            • #182242 Reply

              TheSuffering
              AskWoody Lounger

              I still wanna know tough, can I expect the same bugs on my 32bit machine as the ones popping up in  the 64bit update?

            • #182255 Reply

              MrBrian
              AskWoody_MVP

              Unless otherwise noted, in my opinion it’s best to assume that any given issue may affect either Windows x86 or Windows x64.

              1 user thanked author for this post.
            • #182313 Reply

              TheSuffering
              AskWoody Lounger

              Ok thanks, I will wait till Monday to see if anything pops up then I will update

              1 user thanked author for this post.
            • #182523 Reply

              anonymous

              ? says:

              i must be the only operator of windows 7 32 bit with PAE disabled. after enabling PAE, KB4088875 appeared in microsoft updates on 32 bit win7 rescan. i previously had two blue screens on two intel powered machines trying to apply KB4088878. see post #176939 on 03/19/2018. i made the false assumption that since DEP was on i had PAE enabled. to enable it if needed:

              https://msdn.microsoft.com/en-us/library/aa366796(VS.85).aspx

              for PKCano, long live Linux!!!

               

              2 users thanked author for this post.
            • #183100 Reply

              TheSuffering
              AskWoody Lounger

              Thanks for the info, a friend of mine also got a bluescreen on his 32 bit machine. I’ll hold off patching both my 32 and 64 bit machines unless of course some exploit gets released

    • #182057 Reply

      anonymous

      Big decision for some Windows 7 users either roll back to December or patch up for March.

      If you decide not to patch then go to Group W permanently IMO.

      I have patched up on 2 Windows 7 64 bit machines and my dual core laptop actually seems lighter as if it is not running as many background tasks and I am fighting the decision now to move this machine from group B to W.

      Can we trust MS on Windows 7 ever again? Is Windows 7 important to MS now?

      1 user thanked author for this post.
      • #182086 Reply

        OscarCP
        AskWoody Plus

        Anonymous:

        The way forward, as I see it, is not trusting MS, but going along while taking precautions such as: back up, back up, back up. And make a restore point before every install.

        And, at least for people still with Windows 7 and 8.1, wait a few more months while doing that, to see what happens.

        It the situation does not improve enough by July or August, then I think it would be advisable to get as back up a non-Windows COMPUTER (or make a dual-boot install of a second OS in the now Win 7 machine). The second computer/OS could be either Mac or  Linux. Then start practicing with it, if not familiar enough already.

        And if one has Win 7, once we get to January and its end of life for support (o earlier, if things get much worse before that), I would say: it’s time to take the jump.

         

         

         

        2 users thanked author for this post.
    • #182062 Reply

      anonymous

      Windows 1607, question about KB4091461. Haven’t patched since December 2017. This update failed to install on the first try tonight, so I searched it up before trying again. KB4091461 seems to be an end of servicing notification. Does this mean that I don’t need it install it?

      • #182112 Reply

        dononline
        AskWoody Plus

        Ah, it’s good to see another 1607 holdout in the Lounge! It seems like there are few of us left.

        I skipped KB4091461. All it is, as you say, is an end of servicing notification page that pops up every time you boot up your computer. Imagine how irritating THAT would get! There are no ill effects in just hiding it and forgetting about it.

        Just wondering … what are your plans for after April’s updates, the last for 1607? I haven’t decided yet, except to ride it out for a while and see how the unpaid beta testers fare who upgrade to 1803 when it’s released, which looks like will be around mid-April. I’m doing my best to work out a plan for upgrading every 18 months or so. Even that’s too often for me, but it’s much better than every six months, which is crazy.

        • #183323 Reply

          anonymous

          I haven’t decided either…I downloaded a copy of 1709 on a USB just in case, but I’m going to, as you said, ride it out for a while and see how 1803 will be. I would also like to maintain the once every 18 months upgrade frequency, whenever possible, don’t want Windows to take over my life at an upgrade every 6 months.

          1 user thanked author for this post.
    • #182082 Reply

      DrBonzo
      AskWoody Plus

      The information about KB4099467 (Stop Error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 Session) seems to be pretty minimal both on the MS support page and elsewhere. This error apparently can be caused by either the March Rollup (KB4088875) or Security Only (KB4088878) patches.

      Does any one out there have any insight as to whether or not it should be installed? If I don’t install it but get the blue screen will I be able to boot up and install this update (KB 4099467) to fix the problem?

      Thanks.

      • #182085 Reply

        MrBrian
        AskWoody_MVP

        “If I don’t install it but get the blue screen will I be able to boot up and install this update (KB 4099467) to fix the problem?”

        I’m not sure. There are some other posts about KB 4099467 in this topic.

        2 users thanked author for this post.
        • #182111 Reply

          DrBonzo
          AskWoody Plus

          Well, based on your link below and the post immediately below the post you linked to, I’d be inclined to install KB4099950 as it seems to either do nothing or perhaps in some cases actually fix the BSOD. Might wait a day or two, though, to see if anything comes up.

          • #182114 Reply

            MrBrian
            AskWoody_MVP

            I think you meant KB 4099467, not KB 4099950?

            • #182130 Reply

              DrBonzo
              AskWoody Plus

              Yes, I did mean KB4099467. Thanks for catching that.

    • #182083 Reply

      MrBrian
      AskWoody_MVP
    • #182094 Reply

      GoneToPlaid
      AskWoody Plus

      I decided to roll back all of my Windows 7 Group B computers to December 2017. Why? Because even though the March updates fix the Total Meltdown vulnerability which allows any program to read any other program’s memory and the kernel memory, the 2018 patches for Meltdown and the March 2018 patch (which introduces Intel’s new CPU microcode to fix Spectre), do NOT fix the BranchScope vulnerability which is similar to Spectre. In other words, it is back to the drawing board for Intel in terms of having to create yet another round of new CPU microcode which will prevent BranchScope. Do you all think that Intel will decide to do something about BranchScope? I don’t think so. I think that they will leave that up to the antivirus manufacturers since Intel can now claim that their solutions for both Meltdown and Spectre are done.

      It is worth noting that it probably is best to rely on Microsoft to bake Intel’s CPU microcode into Windows. Why? Because if you install a BIOS update from your computer’s motherboard manufacturer which prevents Meltdown and Spectre, most likely you will NOT be able to undo the installed BIOS update. It all depends on the motherboard manufacturer in terms of whether or not they will let you reinstall an older BIOS update. Some do, yet many don’t.

      If you all Windows 7 users decide to roll back to December 2017 for the time being, then here are some things to consider:

      1. Make sure that you only use the latest versions of the Crome and Firefox web browsers. The latest versions incorporate fixes which prevent Meltdown.

      2. Make sure that you get IE updated with the March 2018 Cumulative Update for IE. This is especially important for laptop owners who have activated LoJack for Laptops in the laptop’s BIOS. LoJack is a product of Absolute Software. LoJack is tracking software which is used by law enforcement to recover stolen laptop computers. The reason for making absolutely sure that laptop owners, and any desktop owners who have purchased LoJack, is that LoJack launches hidden instances of IE in order to use IE to communicate with Absolute Software servers. Several security specialists consider LoJack to be malware. I agree with them.

      3. Be really careful about whatever new software you decide to install on your computer. Why? It is not clear if antivirus manufacturers can detect software which tries to exploit Spectre or BranchScope before the software is actually installed. Detection of software which exploits these vulnerabilities might have to be done in real time, after the software is already installed and running.

      9 users thanked author for this post.
    • #182097 Reply

      GoneToPlaid
      AskWoody Plus

      Nice Computerworld article. You laid out all of the bones neatly on the ground for all to see.

      3 users thanked author for this post.
    • #182089 Reply

      anonymous

      Woody staff, pls stop all this chatter, and once and for all tell us what KB’s we should have as provided by MS and then what to do!!!

      Woody says “dont install anything not checked, and dont go looking for updates not downloaded by the Windows updater”.  Many seem to be seeking KB’s on their own.

      I’m in Group A and I previously installed January and February downloaded and checked updates. I have done nothing since. All that Windows is currently providing is one checked file KB4100480.  KB4099950 is unchecked and optional at this point.

      Earlier in the month I received KB4088875 (March) and then KB4088881(Preview) they were both withdrawn over one week ago and no longer appear on the updater. So as of this minute, I have only one checked update pending KB4100480.

      Anybody else?

      1 user thanked author for this post.
      • #182158 Reply

        Elly
        AskWoody MVP

        You have already installed the January and February monthly rollups, and as such, are vulnerable to the Total Meltdown hole that they include. There is no one good, safe choice at this point… you are going to have to weigh the risks and decide what path to follow.

        Woody gives the following choices for Windows 7:

           – If you’re willing to wade through the hassles — blue screens, leaky memory, and a cornucopia of additional bugs — go ahead and install all of the CHECKED Windows updates. Realize that your machine may slow down, even if it’s still going strong after the January and February patches.

              -If you don’t need the headache, and you’re reasonably sure nobody’s going to attack you with a Total Meltdown push*, don’t do anything. Don’t install any of the March patches.

              -Otherwise, take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. You’ll lose some worthwhile fixes, but at least you won’t be wide open to Total Meltdown.

        I’m not being offered KB 4088875, the March monthly rollup, through Windows Update, either. It was there on patch Tuesday, but disappeared shortly afterward.

        Woody warns:
        “Realize that some or all of the expected patches for March may not show up or, if they do show up, may not be checked. DON’T CHECK any unchecked patches. Unless you’re very sure of yourself, DON’T GO LOOKING for additional patches. That way thar be tygers. If you’re going to install the March patches, accept your lot in life, and don’t mess with Mother Microsoft.”

        If you are not going to uninstall the January and February updates, you should probably install KB4100480, which mitigates the Total Meltdown vulnerability that is present in all Windows 7 patches so far in 2018… which puts you on track to follow  How to Apply the Win 7 and 8.1 Monthly Rollups. If you are going to follow the usual Group A updating, remember to install, reboot, recheck… and repeat until there are no new checked updates offered.

        Which ever choice you make… step forward, freeze in place, or go back to December… back up… make a restore point… be prepared to deal with any bugs… You should be prepared, anyways… we just aren’t used to patches being the problem we have to worry about.

        We all want to be in that lucky group that has no problems… Without a clearly safe alternative, every option has its risks… Come back and join the ‘chatter’ and help some other frustrated and confused person, by reporting what your choice was and what the results are, good or bad… You are not alone.

         

        Win 7 Home, 64 bit, Group B

        8 users thanked author for this post.
        • #182262 Reply

          rhp52
          AskWoody Lounger

          I only have KB4099950 in WU checked and a NET 4.7.1 installer checked. No other updates are being offered at this time. I don’t use static IP addresses so I’m not sure why that update is there. What would you suggest I do?

        • #182323 Reply

          Demeter
          AskWoody Plus

          For the time being I am freezing myself at: Installed KB405689 & KB407458, Jan. & Feb. Security Monthly Roll-ups respectively. KB4100480 installed 1 week ago. No issues, machine performing fine. I am not willing to wade through the morass as I am definitely on the “low to fair” end of the techie scale.  Win 7 Pro  x 64 i7 Haswell

          PS What a long, strange trip this is compared to the days when I had MS Update settings at “Automatically download & install (recommended)” & never gave them a second thought.

          1 user thanked author for this post.
      • #182260 Reply

        Seff
        AskWoody Plus

        @Anonymous, that is precisely the situation I am in with my Windows 7 x64 home desktop machines – only KB4100480 showing as important and checked (apart from the usual MSRT), with KB4099950 showing as unchecked and optional.

        Both KB4088875 (monthly rollup) and KB4088881 (preview monthly rollup) have vanished.

        The machine with Office 2010 installed also has 5 Office 2010 updates listed as important, including KB2965324 which is unchecked and a new offering since Patch Tuesday’s initial offerings, and KB4018314 which used to be unchecked but is now checked. I also received KB2952664 on both machines as an optional update and have hidden it for the umpteenth time.

        I’ve only resurfaced today after Miss Seff’s wedding so will keep an eye on things and mull them over, but my immediate inclination is to leave both working machines well alone until the April updates arrive in a few days time and then see how things pan out. There are other options clearly, including just installing KB4100480 to provide current fixes to the Jan/Feb rollups which I have installed, or uninstalling those rollups. PKCano’s advice here to install KB4099950 before anything else is countered by the fact that it is unchecked (and optional) on both my machines.

    • #182098 Reply

      anonymous

      I am Group B. W7/64. AMD chips

      EDITED (please keep on topic)

      I have JAN and FEB security-only updates plus KB4074587 (AMD specific FEB fix) installed. KB4088878 is an IED, not a patch. I have decided not to install it, possibly ever.

      In what patch was Total Meltdown introduced (in error) by Microsoft? I have read reports that it went undiscovered by Microsoft for several months and that they did not get around to addressing it until after the March patch was released. KB4100480 addresses total meltdown. So, JAN and FEB and MAR patches had the vulnerability? If that is so, KB4100480 should be installed after the JAN patch (or FEB or MAR).

    • #182108 Reply

      anonymous

      Maybe these questions are totally off-topic but since I read about them I’ve been wondering whether they might be important clues to the root causes of the ongoing Windows 7 / Server 2008 R2 mess that started January this year? Just saying…

      1. Spectre mitigations

      Windows kernel modules are being recompiled with a new Visual C++ directive (the /Qspectre flag) which inserts special assembly instructions acting as a “speculation barrier” by serializing execution on critical pieces of the OS core (identified as being “at-risk code”). Could these extra assembly instructions (LFENCE on AMD/Intel, CSEL/MOVS and CSDB on ARM) be in direct relationship with many of the freezes, hang-ups and BSODs that have been reported on buggy patches?

      Source:
      https://blogs.technet.microsoft.com/srd/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/

      2. Meltdown mitigations

      Kernel Virtual Address Shadow (KVA Shadow) represents a major change in the way the kernel isolates its memory contents from user mode. Could the “Total Meltdown” bug be a direct consequence of failing to properly implement the “shadowing” (mapping) into user address space of the selected minimal subset of privileged kernel code and data? Quoting Microsoft:

      “Mitigating hardware vulnerabilities in software is an extremely challenging proposition (…) In the case of rogue data cache load and KVA shadow, the Windows kernel is able to provide a transparent and strong mitigation for drivers and applications, albeit at the cost of additional operating system complexity, and especially on older hardware, at some potential performance cost depending on the characteristics of a given workload. The breadth of changes required to implement KVA shadowing was substantial, and KVA shadow support easily represents one of the most intricate, complex, and wide-ranging security updates that Microsoft has ever shipped.

      Source:
      https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/

      1 user thanked author for this post.
      • #182234 Reply

        Noel Carboni
        AskWoody_MVP

        Without any technical detail at all, it’s clear that big changes to the Windows Kernel, which has been stable for a long, long time, could destabilize something somewhere for someone.

        It’s just the nature of risk w/regard to complex systems. And make no mistake, Windows is the kind of insanely complex system that could only get as solid as it has gotten by having the entire world use it and Microsoft fix the bugs found in it for decades.

        To give a bit of perspective… By most measures, computers are at least 1,000 times faster than they were back in the early days. If your computer would typically crash once a day back then, a computer system of today running an OS at the same quality level would crash after only one minute. But they don’t, even considering that today’s systems are also much more complex than those back then. Frankly, it’s kind of amazing they got it working as well as it does for as long as it does (before January at least).

        -Noel

        4 users thanked author for this post.
        • #182306 Reply

          AJNorth
          AskWoody Plus

          It’s just the nature of risk w/regard to complex systems. … By most measures, computers are at least 1,000 times faster than they were back in the early days.

          The story “Fail-Safe” originally appeared in three installments in The Saturday Evening Post on 13, 20 & 27 October 1962 (during the Cuban Missile Crisis), quickly followed by its publication as a novel; it was released as a film in 1964 (and the original screenplay performed live on CBS in 2000). This exchange comes early in the story:

          KNAPP: “The more complex an electronic system gets, the more accident-prone it is. Sooner or later, it breaks down… A transistor blows, a condenser burns out. Sometimes they just get tired, like people…”

          GROETESCHELE: “But Mr. Knapp overlooks one thing. The machines? are supervised by humans. Even if the machine fails, the human being can always correct the mistake.”

          KNAPP: “I wish you were right. The fact is the machines work so fast; they are so intricate; the mistakes they make are so subtle that very often a human being can’t know if a machine is lying or telling the truth.”

          And that was in 1962… .

          6 users thanked author for this post.
          • #182368 Reply

            Jan K.
            AskWoody Lounger

            “The more complex an electronic system gets, the more accident-prone it is…”

            A spade surely must be said to be a non-complex, non-electronic simple system and yet it’s definitely an accident-prone system!

            My big toe still has a scar from when I once tried to chop it off….

            The scars from using PCs and Microsoft are of a different nature and though I’ve been brought to tears from time to time, it’s never made me bleed. Thank you, Microsoft.

            Of course I’ll discount the little blood once lost due to trying to stop a fan with a finger… not my brightest idea.

            1 user thanked author for this post.
    • #182123 Reply

      KarenS
      AskWoody Lounger

      A Windows 7  x64, group A non-techie user who has TRIED to stay up on all the mess with March patches but is still totally confused….YES…..even after reading Woody’s CW article.

      I have both Jan & Feb monthly quality/security rollups installed. March’s rollup came with the usual updates but I did NOT install it as I wait for the Defcon rating to go to 3 or higher. Before the all clear came the rollup DISAPPEARED never to return. Then a few days ago KB4100480 showed up and by the advice of the “Patch Lady” I installed it. She said that if we  DID NOT want to uninstall the Jan & Feb rollups that we “SHOULD” install the KB. Then shortly after I read that we had to install KB4099950 BEFORE KB4100480. Well KB4099950 didn’t show up in my updates until this morning long after I installed KB4100480, so how was I supposed to install that one first?

      My questions are did I do the right thing by installing KB4100480? Do I  install KB4099950 now? Or do I uninstall 0480, install 9950 and then reinstall 0480 or do I leave 0480 installed and just ignore 9950 for now?

      What about the March’s MSRT is that safe to install?

      Thanks in advance for any help with this confusing matter?

      2 users thanked author for this post.
      • #182159 Reply

        DrBonzo
        AskWoody Plus

        I think you’re OK. You do NOT need to uninstall 0480. When you’re ready to install KB4088878(the March Rollup), install it AFTER you install the 9950 update. At that point, you’re done, unless…

        …you also decide to install KB4099467. If you do decide to install it, do it right after you install the Rollup with no restart in between.

        What I’ve just described is exactly what I’m going to do. I haven’t yet decided whether to install 9467 because there is so little information about it. I’m waiting a day or 2 to see if any problems with it surface. At the moment, I’m inclined to install it since it seems to either do nothing or else perhaps prevent a BSOD. On the other hand, MrBrian decided to not install it (see his post above) and has experienced no issues because he didn’t.

        5 users thanked author for this post.
    • #182125 Reply

      StruldBrug
      AskWoody Lounger

      Right after Woody started this thread today, I started my March catchup for a Group B W7 x64 Home system standalone. First off, I ran KB4099950, did restart, no problem. Next ran most recent IE 11, KB4096040, did restart, no problem. Then I ran the OS KB4088878, did a shutdown, no problem and restarted. Finally I finished with KB4100480, did a restart, no problem. Thanks again to Da Boss and the ensemble cast of gals and guys that maintain Group B viability. Break a leg!

      5 users thanked author for this post.
      • #182204 Reply

        planet
        AskWoody Lounger

        Well done ??

        Group L (Linux Mint 19)
        Dual Boot with Win 7
        Former
        Group B Win 7 64 bit

      • #182355 Reply

        Charlie
        AskWoody Plus

        Where was your starting point – Dec. 2017 or Feb. 2018?

        Had you already installed 4100480?

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

        • #184258 Reply

          StruldBrug
          AskWoody Lounger

          I was current thru Feb; never rolled back.

    • #182132 Reply

      Cybertooth
      AskWoody Lounger

      Something else to throw into this sorry mess:  https://betanews.com/2018/04/05/no-meltdown-spectre-patches-for-some-intel-cpus/

      In a document entitled Microcode Revision Guidelines, the chip-maker says that a wide range of processor families — equating to over 200 CPUs — will not receive any more updates. While the majority of the affected chips were on sale between 2007 and 2011, it’s safe to assume that a large proportion of them are still in use, meaning that a lot of systems will remain unprotected.

      So I am wondering (OK, asking) if or how this news affects what a Group B member running one of those Intel CPUs should do…

       

    • #182184 Reply

      MrBrian
      AskWoody_MVP

      Note to Windows 7 users: KB4088875 (Windows 7 2018-03 Monthly Rollup) is available on Windows Update, but there are unusual steps needed to see it. See https://www.askwoody.com/forums/topic/windows-update-not-offering-kb4074598/#post-182019 for more details.

      3 users thanked author for this post.
    • #182192 Reply

      anonymous

      Does the March Windows 7 64 bit Security update install a Microcode update?

      If that is a yes do we then need BIOS updates?

      After this mess I am losing the appetite for Bios updates.

      • #182247 Reply

        GoneToPlaid
        AskWoody Plus

        I was mistaken when I thought that the March update bundled CPU microcode since I thought that this would be how Microsoft eventually fixed Spectre. I was wrong. Instead, Microsoft rewrote the kernel and associated stuff by compiling new code using techniques which are supposed to mitigate against Meltdown and Spectre. Now I understand why the March update doesn’t prevent BranchScope which is a newly discovered vulnerability that is similar to Spectre.

    • #182219 Reply

      Noel Carboni
      AskWoody_MVP

      Otherwise, take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. You’ll lose some worthwhile fixes, but at least you won’t be wide open to Total Meltdown.

      Susan isn’t the only one thinking this way.

      I’ve had ZERO problems with my little Win 7 server that runs 24/7 since 9 days ago dropping back to pre-January patch level.

      ScreenGrab_SVN_2018_04_07_085320

      When I did so I saw my I/O speed go back up from a bit over 900 MB/second to where it was before the debacle, now over 1800 MB/second.

      There comes a time when, even ignoring risk entirely, demonstrated problems outweigh the potential reward of patching.

      How do you get out from under all the work it takes to keep providing “extended support”? You change the definition of “support”… I imagine that once a large majority of Windows 7 people start avoiding patches, they’ll just decide to shut down the servers, claiming that people don’t want their “support” any more.

      -Noel

      Attachments:
      6 users thanked author for this post.
    • #182240 Reply

      David F
      AskWoody Plus

      Group B Win7 x64 Haswell-E (5th gen) chip

      I was very much in two minds whether to rollback to December or not but as I keep weekly disk images I thought I’d chance my arm and apply the March patches.

      So far, all seems well but I’ll be watching closely. One thing as well, there wasn’t a microcode update but looking at the KB it looks like they’ve abandoned anything before Skylake (though iirc Intel have produced Haswell code)

      One question, how reliable is the uninstall option?

      The reason I ask is that if this goes bang I can easily restore today’s disk image but that would still have Jan/Feb patches. I can of course use a disk image from December but that would mean having to update various software which has changed over the last three months so just uninstalling KB4074587 and KB4056897 would be much more convenient.

      • #182246 Reply

        Noel Carboni
        AskWoody_MVP

        It’s probably impossible to be sure everything you want and nothing you don’t want has been reverted, but I had no problem uninstalling the updates from my system. It’s not something I ever did before on any system, so I’m not sure whether a sample size of 1 even begins to answer your question, but it’s pertinent anecdotal evidence.

        -Noel

        4 users thanked author for this post.
      • #182249 Reply

        GoneToPlaid
        AskWoody Plus

        I uninstalled the Jan and Feb updates on all three of my Win7 computers without any issues. I don’t think you will encounter any issues if you have to go that route.

        4 users thanked author for this post.
      • #182250 Reply

        bobcat5536
        AskWoody Plus

        I did the uninstall option back to December a couple of days ago and so far everything is looking good with no problems. Because I used Disk Clean to cleanup system, I was missing some of the updates in my Add/Remove. I had to use Windows Update Mini Tool to locate and uninstall the Jan. and Feb. updates. After uninstalling each one I ran windows update and hid the updates I didn’t want until I was back to December. After I was back to December, WU offered about a half dozen updates and I had to research each one to decide if I wanted it or not. I installed the ones I wanted and hid the ones I didn’t. So far so good. WU is locked down and will be until this mess is sorted out, and if not it’s locked down for good. I did an image before doing this just in case things went wrong. My computer is now open to the Meltdown/Spectre joke, but I have my performance back. Installed new router for security and made sure firewall and virus protection was up to date.

        4 users thanked author for this post.
    • #182243 Reply

      anonymous

      First, major thank youS to Woody, Susan, and the many contributors to this fantastic forum!

      I have decided to face the music today on my “Group A” lowly Win7Pro SP1 32-bit machine (Intel Core2Duo E8400 3Ghz) after having successfully last updated it on 3/9/18 (Guess that puts me at Feb Group A level?).

      After reading through the many posts and Woody’s current CW article, I feel out of my depths despite having successfully kept this old machine alive and kicking through many adventures with you all.  I’m suddenly gun-shy to touch what appears to be a happy machine at the moment, but I’m aware the machine could be in some undesirable Jan-Feb state tho I gather this may be more of a 64-bit concern?  Could use a bit of hand-holding/reassurance of path forward (or backwards?) as a Group A groupie.

      Upon running WU from control panel this morning, the checked/Important category shows these 4 items:

      2018-03 Update for Windows 7 for x86-based Systems (KB4099950)

      MS.Net Framework 4..7.1 for Windows 7 (KB4033342)

      KB2952664 Update for Windows 7

      and MSRT (KB890830)

      Any guidance on whether or not to press INSTALL or perhaps backdate something and sit on sidelines?  Of course, I’ll pre-backup, set restore points and all that first…TIA!!

      • #182253 Reply

        Cybertooth
        AskWoody Lounger

        Upon running WU from control panel this morning, the checked/Important category shows these 4 items:

        2018-03 Update for Windows 7 for x86-based Systems (KB4099950)

        MS.Net Framework 4..7.1 for Windows 7 (KB4033342)

        KB2952664 Update for Windows 7

        and MSRT (KB890830)

        Based on my reading of things and the recommendations I have seen from the patching gurus, I would proceed as follows:

        1. INSTALL KB4099950
        2. IGNORE KB4033342
        3. HIDE KB2952664. If possible, shred it to a fine confetti, bury it and spread salt over that ground so that it doesn’t grow back.
        4. INSTALL KB890830

        Good luck, whatever you decide to do.

         

        1 user thanked author for this post.
        • #182445 Reply

          anonymous

          Thank you, Cybertooth!  I will take the approach you suggest.  It does match what I’ve gleaned from all the recent commentary.  Grateful for your time:-)

          1 user thanked author for this post.
      • #182341 Reply

        Elly
        AskWoody MVP

        You are right that 32 bit Win 7 isn’t subject to the Total Meltdown Security hole that is found in all the 2018 patches for Win 7, so you don’t have a need to mitigate for it, like 64 bit systems do… so no need to consider removing the January and February patches. That leaves you with the choice of waiting… or moving forward.

        There was a problem with NIC settings being replaced or static IP address settings being lost after you install KB4088875, that affects 32 bit as well as 64 bit systems, which would cause you to lose internet connectivity. By installing KB4099950 first, you would avoid that particular danger. You may find that after installing KB4099950, rebooting, and then rechecking Windows Update, that you are offered KB4088875 (March Monthly Rollup). Install, reboot, recheck… and keep doing that as long as you are getting checked updates.

        It would be important to install KB4100480 to mitigate the Total Meltdown, if you had a 64 bit system, but it doesn’t apply to you.

        KB2952664 Update for Windows 7 is a known telemetry patch that has been offered over and over again. If you have only recently come to AskWoody, and were using automatic updates, it is likely that it is already on your system (you can check under installed updates). For people that kept it off… and that started before the GWX push… it is a no-no… It is like a weed that you have to remove over and over and over, if you decide to get it off your system. Not everyone cares about telemetry, or wants to be vigilant. KB2952664 keeps coming back, sometimes unchecked, sometimes checked… It is, again, a decision that you have to make about your own system. You can take a look at Turning off the Worst Windows 7 and 8.1 Snooping, if you want to know more.

        As always, following How to Apply the Win 7 and 8.1 Monthly Rollups will give you step by step guidance to refer back to, if you get lost while updating. Woody refers you to it from his ComputerWorld article, when giving you the updating steps… it works…

        Sometimes you can be told to just apply certain patches… and it will be okay. I can understand needing a little hand-holding when there is a risk, no matter which way you choose to go. Perhaps the details here will help you make a good decision for your situation… but if it gets more confusing for you, follow Cybertooth’s do or don’t guidance for the patches you’ve been presented with… and may your patching be successful and uneventful!

        Win 7 Home, 64 bit, Group B

        1 user thanked author for this post.
        • #182795 Reply

          anonymous

          Elly and Cybertooth,

          Thank you both for your very helpful guidance and thoughts to ponder.  Appreciate you both taking the time from your day to respond on my queries.  I’m all backed up, Disk cleaned up, System Restore point made and also un-installed that miscreant KB2952664 which I realized I had installed previously.  So, I think I’ve searched soul enough and am going to take the plunge with your suggestions in mind.  Will report results on “the other side” of the abyss…

          Hope all is well and that you both have weathered your “choices” favorably…

          1 user thanked author for this post.
    • #182256 Reply

      anonymous

      What a confusing time. I’m in Group A W7 x64 Home, Kb4088875, Kb408881 both disappeared last week, all that was checked was  Kb4100480 so I installed it today rebooted and so far ok. Last time I checked Kb409950 it was unchecked, today it’s checked. Do I uninstall Kb4100480 and then install Kb409950 or leave it as is and install Kb409950? and what about Kb890830?

      • #182263 Reply

        MrBrian
        AskWoody_MVP
        • #182289 Reply

          anonymous

          Thank you Mr Brian. I checked for updates again and  KB4088875 and KB4088881 are back in hidden and that’s where they will stay. I figure the computer is running fine so why upset the apple cart. Thanks again.

          Edit to remove HTML

        • #182300 Reply

          anonymous

          @MrBrian-

          In order to clarify for everyone, if we (Win 7 x64 users) have the January and February rollups installed AND we have already installed KB4100480 to prevent Total Melltdown, then we DON’T need to:

          1. Uninstall KB4100480

          2. Install KB4099950

          3. Install KB4088875

          4. Reinstall KB4100480

          in that order, correct?

          To me, it sounds like we should only have to steps 2 and 3 in that order, and that’s it, right?

          1 user thanked author for this post.
          • #182318 Reply

            MrBrian
            AskWoody_MVP

            “To me, it sounds like we should only have to steps 2 and 3 in that order, and that’s it, right?”

            Correct indeed. I did a test of this with one of the rollups, and posted about it somewhere on this site previously.

            1 user thanked author for this post.
            • #182381 Reply

              anonymous

              Anonymous #182300 here:

              @mrbrian, TYVM for the clarification. 🙂

    • #182266 Reply

      anonymous

      Is it safe for me to install all of the patches for Win10 v1703? Will Microsoft quietly reenable the Windows Update service and install stuff without my approval? Haven’t patched since October and I know I really need to patch… but at the same time I am not in the mood to be feature upgraded anymore.

      • #182359 Reply

        Elly
        AskWoody MVP

        Per Woody’s ComputerWorld article:

        “Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.”

        90% of people have been moved to 1709, and for some of them, it happened forceably, as Microsoft ignored their settings. Be prepared to deal with that, one way or another.

        Strategically, this is the time to go ahead and update to 1709, because after Tuesday, 1803 will be what is available through Windows Updates. You could download a copy of 1709 now, even if you don’t install it, in case 1803 is full of bugs, and Microsoft won’t stop pushing you off 1703. Woody says he is staying on 1703.

        I’m just restating what Woody has already said… as it applies to your situation. There are no assurances that updating will go smoothly and that Microsoft won’t try and force an upgrade on you… in fact, the opposite might be true. But… this is the best we are going to get… for this month.

         

        Win 7 Home, 64 bit, Group B

    • #182279 Reply

      MrBrian
      AskWoody_MVP
    • #182288 Reply

      anonymous

      OK in Group A and  I have not uninstalled Jan or Feb updates.

      My Win Update showed only KB4099950 as Optional and unchecked, and KB4100480 as Important and checked.

      Early in the month Win Update showed KB4088875 and then as Optional KB4088881. About one week ago both were pulled or went missing.

      Per MrBrian’s advice that KB4088875 was not pulled, I followed the referrenced link but starting at step 5 since I already had the Feb rollup KB4074598 installed.

      Disregarding Woody’s advise to not check an unchecked item, I checked KB4099950 under Optional and installed (Step 5).  No problem

      Upon update recheck, KB4088881 re-appeared which I hid (Step 7)

      Upon update recheck, KB4075211 appeared which I hid (Step 9)

      Upon update recheck, KB4088875 re-appeared as Important but unchecked (interestingly at this point I reviewed my Hidden items which still shows KB4088881, but not KB4075211 it disappeared).  I also received KB4091290 a large Optional unchecked update?

      So I am sitting on KB4088875 (unchecked), KB4100480 (checked), KB4091290 (unchecked),  and no sign of KB4099467 (Stop error fix I have read about – where do I get this KB?)

      Should I proceed to install all the above, some of the above, or just KB4100480 and sit tight till April update?

      And what happens to KB4088881 that is hidden?

       

      • #182298 Reply

        MrBrian
        AskWoody_MVP

        KB4099467 is a Catalog-only update available at https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099467.

        • #182371 Reply

          anonymous

          Regarding my post today at 11:07am

          Was hoping for more direction to bottom line questions, please.

          Thx

          • #182426 Reply

            Elly
            AskWoody MVP

            Being in Group A and not having uninstalled Jan or Feb updates, you have a big, gaping hole in your security, called Total Meltdown… where the cure is potentially worse than the ill it was supposed to fix. KB4100480 is to patch those patches (and also the March Rollup, which carries the same problem forward)… and it is sitting there checked, and ready to go in your Windows Update.

            No one can make the decision to roll-back, stay put, or move forward, for you. What do you want to do?

            If you aren’t going to roll back to December (and there is no guarantee that the bad patches will get fixed, we are only hoping they will), you probably still need to install KB4100480 to fix the Total Meltdown vulnerability. I’m repeating this, because some people are freezing in place before this is done: Total Meltdown is a great big gaping hole that allows any program easy access to your system, no special expert black hat skills needed. Not having those patches (rolling back) is better than having them and not fixing them with KB4100480.

            Then you must decide whether to sit and hope and wait… or install March’s Monthly Rollup, KB4088875, proceeding with the normal Group A updating. If you are following the full Group A updating this month, you aren’t done until you have installed the checked updates, rebooted, rechecked Windows Update, installed andy checked updates, rebooted, and repeat until there are no more checked updates.

            There is a good chance that once KB4100480 is installed, KB4088875 will show up as checked. If you are satisfied that the major bugs have been addressed (and having read through things, you have as much information as the rest of us), you may decide to go ahead with Group A updating. You may want to add KB4099467 from the catalogue, just in case your system is vulnerable to the “Stop error”. As far as I have heard, there is no way to test for this ahead of time, and the “Stop error” is a BSOD issue… so it might be worth the extra step to avoid.

            Believe me, there has been a lot of testing going on, and if there was one good, clear, safe choice, Woody would have presented that, instead of telling us what the pitfalls are. There isn’t a better time to back up your data, as that should give you some sense of security if the choice you make ends up with a serious consequence. Microsoft isn’t giving, or doesn’t have a safe way forward. Their best efforts have thrown a fair amount of chaos our way. I am giving them the benefit of the doubt on that… at this time…

            And as to your last question… if Microsoft reissues an update that has been hidden, it will show up again if you run Windows Update… and if you decide to install it, and it hasn’t shown up again, you can unhide it… unless it gets pulled (and that is for reasons that mean you wouldn’t want it anyways). KB4088881 is the April preview… The April Monthly Rollup, will have those fixes, hopefully with any bugs ironed out… and it will probably (I say probably, because March’s Monthly Rollup didn’t show up for everyone) show up in your regular Windows Update, on next Tuesday. Woody, and most of us here, will wait and see what happens to the unpaid beta-testers, before he makes a recommendation regarding what to do with it. It does get a little confusing, because we are in April, and only just now deciding what to do with the March updates.

            Hope you feel that this more thoroughly addresses your bottom line questions… and do know that none of us are happy with these answers… just doing the best we can with what Microsoft throws at us.

            Win 7 Home, 64 bit, Group B

            3 users thanked author for this post.
        • #182515 Reply

          moonbear
          AskWoody Lounger

          @mrbrian I installed KB4099950 and KB4088875 (and then restarted) with no issues would that mean I don’t need KB409967? Or should I get it form the update catalog and install it?

          • #182670 Reply

            MrBrian
            AskWoody_MVP

            I don’t know for sure. I installed KB4088875 on March 25, and I haven’t experienced the issue that KB4099467 supposedly fixes. I didn’t install KB4099467.

    • #182311 Reply

      pkoryn
      AskWoody Plus

      Trying to make sense of it all and follow all the good suggestions here has left me shaking my head and not sure which way to go.  I’m Group A Windows 7 64 bit with both the Jan & Feb rolls-ups installed.  Today in WU I have offered (and all are checked) 4100480, 4099950 and MSRT.

      If I decide to install these – does it matter which order I do them in, i.e., should 9950 be installed before 0480?  I always do MSRT last and assume this would still be the case here.

      If I don’t install them today or tomorrow, what happens on Tuesday when the April updates come out?  Do the 2 that I’ve mentioned disappear and will I have lost my chance to install them?

      Gosh- I wish this was easier.  I feel like I’m making a monumental decision here!

      1 user thanked author for this post.
      • #182320 Reply

        MrBrian
        AskWoody_MVP

        It shouldn’t matter what order KB4100480 and KB4099950 are installed in.

        If you don’t install the March 2018 updates before next Tuesday, by next Tuesday the March 2018 updates will be metadata-superseded by the April 2018 updates, but you can still install them via Windows Update by hiding the April 2018 updates. Don’t forget that you hid the April 2018 updates though.

        1 user thanked author for this post.
        • #182330 Reply

          pkoryn
          AskWoody Plus

          Thanks MrBrian. Could you clarify if the 2 updates I’ve referred to are considered “March” updates? These aren’t the monthly roll up so I’m just wondering if they will in fact disappear on Tuesday?

          • #182337 Reply

            MrBrian
            AskWoody_MVP

            I’m not sure if either of those two updates will disappear from Windows Update on next Tuesday without resorting to hiding other updates.

            1 user thanked author for this post.
    • #182315 Reply

      Susan Bradley
      AskWoody MVP

      My 7’s are patched, monitoring for issues.  I have a few Server 2008 R2 and I’m still holding back on those due to the SMB memory leaks.

      Susan Bradley Patch Lady

      2 users thanked author for this post.
      • #182373 Reply

        DrBonzo
        AskWoody Plus

        I’m curious whether you installed KB4099467 on your Win 7 machines and the reasoning you used in making your decision. This seems to be a largely overlooked update.

        I’m leaning towards installing it because one other poster has and it either didn’t do anything or perhaps prevented a BSOD. On the other hand MrBrian decided to not install it, and his expertise is absolutely not something to be ignored.

        • #182383 Reply

          MrBrian
          AskWoody_MVP

          I have more of a “safety net” than some of you because I make an image (using Macrium Reflect free version) immediately before installing Windows updates, and I am fairly confident that I will be able to restore an image because once a month as a test I do a restore immediately after making an image.

          4 users thanked author for this post.
          • #182439 Reply

            JohnW
            AskWoody Plus

            I run scheduled weekly Macrium Reflect images on my Win 7 box, and daily on my Win 10 box.  I image Win 10 more frequently because that is my daily driver at this point.

            Imaging should be a consideration before risking any updates, IMHO.  Knowing that you can roll a system back to it’s last known working state is a big anxiety reliever.  🙂

            The peace of mind is priceless.  Macrium Reflect is free, and a decent 1TB external USB3 drive can be had for around $50 USD.

            So if I hold off on updates, it’s just because I don’t wish to go through the hassle of a full restore, which usually takes me less than an hour…

            4 users thanked author for this post.
            • #182464 Reply

              wdburt1
              AskWoody Plus

              Macrium Reflect: Once a month, instead of once a week. Simple, reliable, easy to use, does not intrude itself, unlike a lot of other crapware these days.  Maybe it’s because it’s from the U.K.

              I love Seagate Dashboard almost as much as Macrium; each morning, if I don’t sleep late, it backs up just the files that have changed since yesterday, and more importantly, they can be accessed without “mounting” an image.

              These, plus an online backup once every 30 days–the so-called “rule of three.”  As you say, the peace of mind is worth it.

              1 user thanked author for this post.
          • #182475 Reply

            DrBonzo
            AskWoody Plus

            @mrbrian – Sounds to me that you’re suggesting folks who don’t have a great deal of confidence in restoring an image should go ahead and install KB4099467. That would be fine with me because while I have an image, what I don’t have is a great deal of confidence or experience recovering from BSODs.

            • #182679 Reply

              MrBrian
              AskWoody_MVP

              I’m not sure because I don’t know if KB4099467 introduces issues.

              This may be helpful for those experiencing BSODs: 2000009: Getting out of a no-boot situation after installing Windows updates.

            • #182694 Reply

              DrBonzo
              AskWoody Plus

              I opted to install KB4099467 last night on my Win 7 Starter 32 bit test machine. Did the following:

              4099950 from Windows Update, no restart required or requested.

              4088878 from the Update Catalog, restart required but I didn’t because I immediately installed

              4099467 from the Update Catalog, restart required, and I did restart.

              Everything seems to be working fine, although I would note that the install of 4099467 was VERY slow and the restart took a long time even for an Atom chip.

              Another interesting thing is that after all of this Windows Update showed only 4099950 and 4088878 in the ‘view update history’ tab. 4099467 didn’t show up at all. I had no indication that anything went wrong during the above procedure, so I’m not too worried about it since I’m not having any issues. Also, I’ve noticed in the past that Windows Update doesn’t always show the latest Security Essentials definition update.

              2 users thanked author for this post.
    • #182316 Reply

      PKCano
      Da Boss

      @mrbrian – One for you:

      Win7 Pro SP1 32-bit (in a VM)
      Was patched through Feb Rollup (4054518 Dec RU, 4056894 Jan RU, 4057400 18-1 Preview, 4074598 Feb RU)
      Optional list unchecked – Silverlight, HP-Image, KB3102429 (Azer/Menat currency)
      ALLOW Regkey in place (Bitdefender Free)
      I have monthly copies of VM up to 18.03/06, latest includes Feb RU

      Windows Update offers NOTHING (no Rollup, no Preview, no hotfix, not MSRT, not .NET – Nada, zilch)

      Manual download/install KB 4099950, reboot, search – NOTHING (nothing to hide to make Mar Rollup appear)

      Roll back – uninstall 4074598 (others not shown in installed updates), reboot, search. WU offers 4054518 (Dec Rollup and several older updates latest of which is 2016). No later Rollups, no Previews, no hotfixes.

      Installed Dec Rollup and older patches, reboot. Search produces nothing – no recent RU, no Preview, no hotfixes. It is now stuck at Dec 2017.

      Explanation? Suggestions?

      • #182324 Reply

        MrBrian
        AskWoody_MVP

        After you rolled back, did you check that the QualityCompat registry item is still present?

        • #182326 Reply

          PKCano
          Da Boss

          Yes, still there

          • #182332 Reply

            EspressoWillie
            AskWoody Plus

            Did you try resetting Windows Update?

            The old stop Windows Update service, rename SoftwareDistribution, restart Windows Update service and check for updates?

            Cheers!!
            Willie McClure
            www.datarim.com
            Talk's cheap, takes money to buy whiskey.
      • #182329 Reply

        The Surfing Pensioner
        AskWoody Plus

        Saving grace?

      • #182340 Reply

        MrBrian
        AskWoody_MVP

        Unless Windows Update is behaving fluky at the moment on the server-side, I would guess that your computer is having Windows servicing issues. I’ve lately been referring people to post at https://www.sysnative.com/forums/windows-update/ regarding such issues.

        • #182343 Reply

          PKCano
          Da Boss

          Thanks, will pursue

        • #182396 Reply

          MrBrian
          AskWoody_MVP

          As a test, I just checked for updates on my Windows 7 virtual machine. Windows Update found 172 updates. No server-side problems in my case.

      • #182504 Reply

        ch100
        AskWoody_MVP

        @pkcano I would suggest having a look with WUMT, in particular with “include superseded” checked. You may be able to see a lot more with that setting done. This is useful for analysis and I do not necessary suggest to install the superseded patches, although sometimes this is the only way forward especially for computers which are behind with patching for a longer period and this is due to the known supersedence mess.

      • #182514 Reply

        PKCano
        Da Boss

        EEErrrr….
        I’m embarrassed.
        I use paid av on the installations with which I access the Internet, but I have so many others that I can’t afford all, so I use Bitdefender Free on most of the test stuff.
        I had to shift av’s between conputers, uninstalled TMIS on the Win7 (which removed the key) and in the interim I manually added it back.
        So it was there all the time.

        Key = QualityCompat
        DWORD = cad ca5fe-87d3-4b96-b7fb-a231484277cc
        value = 0

        Computers are dumb – they do exactly what you tell them to do….
        Sometimes you just have to figure out what you told ’em.

        1 user thanked author for this post.
    • #182322 Reply

      dononline
      AskWoody Plus

      Trying to get info on 2018-03 Update for Windows 10 Version 1607 for x64-based Systems (KB4089510) released on 3/21/2018. Windows Support says, “This update makes stability improvements for the Windows 10 Version 1607 servicing stack.” Doing a search, I see where there are reports of this update hosing Windows Server 2016. I’d very much appreciate any help as to what’s going on with this update. I don’t see it listed on Miss Susan’s nor Martin Brinkmann’s Patch Lists. Maybe I’m just missing the obvious. It wouldn’t be the first time! 🙂

      • #182331 Reply

        MrBrian
        AskWoody_MVP

        From https://support.microsoft.com/en-us/help/4088889: “Important When installing both the SSU (KB4089510) and the LCU updates from the Microsoft Update Catalog, install the SSU before installing the LCU”. Perhaps KB4089510 addresses the same issue mentioned in this post.

        • #182441 Reply

          dononline
          AskWoody Plus

          Thanks, MrBrian. Since KB4088889 was the second CU issued on March 22 (I think KB4077525 was the first), and KB4096309 was the third one issued on March 29, I installed KB4096309. KB4088889 was never installed. However, since the update in question, KB4089510, is a SSU, should it be installed anyhow? In fact, since MS seems to be saying install SSUs before LCUs, I should have installed KB4089510 before KB4096309 … but I didn’t know it even existed until today.

          So, bottom line: Should I install KB4089510? If so, when?

          Thanks again for your time and help.

      • #182578 Reply

        abbodi86
        AskWoody_MVP

        Those reports are wrong, SSU never harm or hose the system
        on the contrary, skipping installing SSU is what cause other updates to fail or cause issues

        3 users thanked author for this post.
    • #182328 Reply

      Sueska
      AskWoody Plus

      Searched soul and installed March updates B style – arghh getting harder and harder to stay in group B.

      As others reported, my March rollup disappeared. When I checked for updates on 4-6, I was offered kb4099950 and kb4100480 and yes they were both checked.  I installed one update at a time, made a restore point prior to each install, rebooted after each install whether I was prompted to or not, and out of curiosity checked for updates after each reboot to see if the March rollup would be offered again. It was not offered. Below is the order I installed the updates which I know is not the same order recommended by others. Computer seems to be running fine.

      1. KB 4096040 (IE 11 dated March 23rd from catalog)

      2. KB 4099950 (I was offered windows update, but used catalog)

      3. KB 4100480 (I was offered windows update, but used catalog)

      4. KB 4088878 (March Security only for Win 7 x64 from catalog)

      Group B Win 7 x64 – Thanks Woody and others for your valuable research and advice.

       

       

      1 user thanked author for this post.
      • #182336 Reply

        MrBrian
        AskWoody_MVP
        • #182377 Reply

          Sueska
          AskWoody Plus

          Thanks @mrbrian. Yes, I read your article and followed every step (to get the March rollup to re-appear) except for installing KB4074598 (2018-02 Monthly Rollup) because I am in group B. I installed the group B style IE 11, Jan and Feb 2018  Security Only updates on March 5th.  I also ran disk cleanup on March 5th cleaning up about 2.6 gigs of system files. KB4088875 never to appear again.  Really don’t know why I tried so hard to get it to re-appear, since I was not going to install it anyway (smiles). Appreciate you sharing your research and helping others.

          1 user thanked author for this post.
          • #182385 Reply

            MrBrian
            AskWoody_MVP

            You’re welcome :).

            In that particular sequence, installing KB4074598 is a necessary step.

      • #182375 Reply

        SueW
        AskWoody Plus

        Why would you be interested in the March Rollup when you’re in Group B?  Sounds like you’ve installed all the necessary updates (for Group B).  Congrats!

        Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

        • #182384 Reply

          Sueska
          AskWoody Plus

          Thanks @suew you are absolutely right. I was being obsessive and overthinking things. It bothered me that if  the the March roll-up was not being re-offered, I might be missing a prerequisite that also applies to the March Security only patch.

          2 users thanked author for this post.
    • #182352 Reply

      twbartender
      AskWoody Plus

      Being a  person who’s running 64-bit Windows 7, and being in Group B, I read Woody’s Computerworld article regarding DEFCON 3 very carefully. Like many others I was looking for guidance as to how to proceed or deal with the March Widows 7 Security Only, and IE 11 Cumulative Security updates. In the past I’ve always followed two basic commonsense rules that I’ve learned from following the advice given here on Askwoody. First, never install preview updates, and second never install unchecked windows updates. Up to this point that way of thinking has worked out very well.

      The problem is, at least for me, is that between Woody’s Defcon 3 Computerworld article and the various Askwoody threads pertaining to the March updates, I’ve been unable to determine the best way to deal with this issue. Between the various Hot Fixes and the randomly updated versions of certain March updates, there doesn’t seem to be clear direction on how to proceed. At this point there are 2 updates that I’m unsure of.  The first is KB4010048 which was first talked about here back on March, 29, Microsoft Patch Alert: Suddenly, Windows 7 patching is an unholy mess and here, Patch Lady – new update for Windows 7 KB 4100480. Having read both of those threads more than once, I went ahead and downloaded it from the Microsoft Catalog (was not offered in WU) and installed it on April, 1. It installed without issue… Since then I’ve viewed more recent posts suggesting that it would be better to roll back the window updates prior to January 2018 rather than install KB4010048 at all. Then I started seeing other posts indicating that KB4010048 was now being being offered in windows update. Then yesterday I discovered there’s a newer version of this update that’s dated April, 5, and is now a prerequisite for installing either KB4088875 or KB4088878, along with another prerequisite, KB4099950, which is the second update I’m unsure of.

      On April, 1 WU offered me KB4099950 as optional and unchecked update. Because it was unchecked I went ahead and hid it…  Yesterday I decided to unhide it to see if it was still unchecked. It was, and as such was re-hidden. This morning WU offered me KB4099950 once again… This one is dated April, 5, optional, written in italic, and still unchecked. Also the hidden copy of the update is no longer there.

      So here’s my conundrum… Does the never install an unchecked update still apply in this case, which means I can’t or shouldn’t install KB4088878, and is the fact that the installed version the KB4010048 update is an older version mean I have replace it with the newer version?

      As always any advice or input would be greatly appreciated…

      • #182367 Reply

        MrBrian
        AskWoody_MVP

        KB4100480 isn’t a prerequisite for installing KB4088875 or KB4088878. KB4099950 is a prerequisite for installing KB4088875 or KB4088878.

        Microsoft now categorizes KB4099950 as a Recommended update. The “Give me recommended” Windows Update setting that Group B uses causes all Recommended updates to be put in the Optional tab in Windows Update, and be unticked by default. The “Give me recommended” Windows Update setting that Group A uses causes all Recommended updates to be put in the Important tab in Windows Update, and usually (but not always) be ticked by default. In my opinion, KB4099950 would be a good occasion to violate the “never install an unticked update” rule.

        KB4100480 has not been reissued.

        4 users thanked author for this post.
        • #182405 Reply

          Seff
          AskWoody Plus

          Whilst I’m grateful for this post, @mrbrian, I think it raises two important points.

          First, we shouldn’t assume that only Group B users set recommended updates in the way that you indicate. I’m a Group A user and my settings result in KB4099950 appearing as both optional and unchecked, and I’m pretty certain I’m not the only one.

          Second, your comment that “In my opinion, KB4099950 would be a good occasion to violate the “never install an unticked update” rule”  underlines the point I made in another topic recently to the effect that it’s crucial that all members of the team are seen to be playing the same tune. If some argue that unchecked updates should never be installed, while others argue that a particular case is an exception to that then we mere mortals won’t have a clue what to do for the best.

          I fully understand that these are difficult times, but if different members of the team give us different recommendations, how are we supposed to reach an informed decision on which recommendation to follow?

          1 user thanked author for this post.
          • #182419 Reply

            PKCano
            Da Boss

            @seff

            I’m a Group A user and my settings result in KB4099950 appearing as both optional and unchecked, and I’m pretty certain I’m not the only one.

            I’d like to point out to you that you are not following Group A. From AKB2000004, the guidelines for Group A read:

            Step A1: Get your settings right.

            In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.

            If you were following Group A, KB4099950 would be important and CHECKED.

            3 users thanked author for this post.
            • #182428 Reply

              Seff
              AskWoody Plus

              The problem is that there are always going to be lots of different ways of defining the different approaches, and while you’re clearly right in theory, in practice I regard Group A users as installing the monthly rollups through Windows Updates while Group B users install the security-only updates from the MS Catalog. Whilst that may not tick all the appropriate boxes in the correct way, it seems to me to summarise the basic difference between the two approaches. However, I fully accept that under the strict definition of the different groups I am somewhere between Groups A and B, albeit very much closer to A than B.

              In any event, if you follow the advice to set Windows Updates to “Never check for updates” then all the time you maintain that setting you are effectively Group W and are in complete ignorance as to what is being offered. I prefer at all times to know what is being offered to me, and only then can I contribute such information to this site.

              I always have my main setting on “Check and notify but let me decide when to download and install” because that way I can follow what’s happening, without ever having had an update automatically install unlike when people report having it set to “Notify and download but let me decide when to install”, while I have always followed the original GXW Control Panel advice to have “Give me recommended updates the way I receive important updates” unchecked. Maybe I need to change that particular setting if it’s generally felt that there are compelling reasons to do so.

              In any event, it’s useful to know that it’s that setting that determines why KB4099950 is checked or not, so thanks for that. It helps when considering the further response below from MrBrian.

            • #182443 Reply

              OscarCP
              AskWoody Plus

              The reason I am Group B (Win 7 x64) is that, when one installs some updates by hand from the MS Catalogue, if later it turns out that there is something wrong with one of those updates, one can de-install it leaving the rest in place.
              When there is a problem with a rollup, one can only de-install everything, good and bad together.
              The main problem with being in Group B is that there may be updates fixing previous updates that are only available in the rollup. So far, nothing evil has happen to me because of that, at least that I can tell… So, still in Group B.

          • #182424 Reply

            MrBrian
            AskWoody_MVP

            I can fully appreciate that it’s confusing that different people here sometimes give differing advice about what to do. You could decide to always follow one particular person’s advice (if available), or you could ask the reasons why a given person gave particular advice, and decide for yourself which advice to follow. The “never install an unticked-by-default update” rule is not a rule that I personally agree with, and KB4099950 provides an excellent example of why.

            4 users thanked author for this post.
      • #182508 Reply

        Bob99
        AskWoody Lounger

        @twbartender

        To shed some further light on your confusing situation (and that of MANY others, I’m sure) regarding KB4100480, here’s the wording of an explanatory note that’s in the KB article about this update:

        • This security update was updated on April 5, 2018 to address applicability issues in the original release of the update.
        • Applicability rules have been expanded for this update. Therefore, this update will be offered via Windows Update and Windows Server Update Service (WSUS) if any of the Security Only (SO) updates that are listed in the table above are applied.
        • No specific functional changes have been made to this security update. Therefore, no additional action is needed if this update has already been applied.

        Notice the last sentence in the last bullet point above. If it’s already installed prior to April 5th, you’re still good to go, no action is needed.

        In other words, they updated it, as you noticed, on April 5th, but only to expand the field of applicable Windows 7 SP1 and Windows Server 2008 R2 SP1 installations to include those folks who have installed the Security Only updates for any one of the months of January, February or March as well as the folks (already included) who have installed the rollups for those months.

        I hope that this post, along with the post above from @mrbrian, help clear things up for you and anyone else with the same question as you about KB4100480.

        R/

        Bob99

        2 users thanked author for this post.
    • #182351 Reply

      anonymous

      Win 7 x64, AMD processor, Group B, Rolled back to December.

      After reading through all this I’m trying to put together some instructions for myself if I ever want to start patching again and this is what I’ve come up with.

      Install order

      KB4073578 (assuming this replaced KB4056897)

      Restart

      KB4074587

      Restart

      KB4099950

      Restart

      KB4088878

      KB4099467

      Restart

      KB4100480

      Does this look correct?

      • #182427 Reply

        MrBrian
        AskWoody_MVP

        That order looks right, except the intermediate reboots aren’t needed. Don’t forget to install a March 2018 cumulative update for Internet Explorer also.

        1 user thanked author for this post.
    • #182360 Reply

      Larry B
      AskWoody Lounger

      Strangely, KB4088875 has disappeared from my list of recommended updates for  Win 7 HP 64 bit.  It has been gone for at least 2 days now and maybe longer as I do not check WU everyday.  I did not install or hide, just not listed anymore.  I do see KB 4100480 and KB4099950 listed and checked.  Anyone else have this issue.  I have not installed any MS updates since the Feb updates.

      • #182364 Reply

        PKCano
        Da Boss

        Note to Windows 7 users: KB4088875 (Windows 7 2018-03 Monthly Rollup) is available on Windows Update, but there are unusual steps needed to see it. See https://www.askwoody.com/forums/topic/windows-update-not-offering-kb4074598/#post-182019 for more details.

        2 users thanked author for this post.
        • #182401 Reply

          Seff
          AskWoody Plus

          Indeed, but it appears from the various links that for the March monthly rollup to reappear requires the prior installation of an update – KB4099950 – that for some at least remains unchecked, and therefore according to Woody’s 1st Rule of Patching – if it isn’t checked, don’t check it – we won’t get to see the March monthly rollup!

          The more I read on this topic, the more I’m inclined to sit back and do nothing. Whether that is only until the feedback on next Tuesday’s April updates or beyond January 2020 into infinity remains to be seen.

          Microsoft have been making our patching decisions increasingly difficult for some time, yet perversely those decisions are finally beginning to be increasingly easy!

          • #182417 Reply

            anonymous

            See my post at 11:07 today – had the same situation, you need to check it and follow the trail is you want to get KB4088875.

            Still trying to decide what to do with now!

    • #182372 Reply

      Elly
      AskWoody MVP

      And what happens to KB4088881 that is hidden?

      When it is reissued as the regular Monthly Rollup it will appear back in Windows Update…

      Oops… edited to correct my misunderstanding…

      KB4088881 stays hidden, unless you unhide it, or it gets pulled. Per PKCano, “It contains the current month’s Rollup PLUS the non-security package for the coming month (not the security package). So it’s basically a “preview of what’s to come.” Microsoft then adds the security package to it, and that becomes the next month’s Rollup.

      Win 7 Home, 64 bit, Group B

      • #182418 Reply

        anonymous

        Thanks for that info

      • #182425 Reply

        MrBrian
        AskWoody_MVP

        The preview rollups aren’t reissued later as monthly rollups. KB4088881 will remain marked as hidden.

        1 user thanked author for this post.
        • #182433 Reply

          Elly
          AskWoody MVP

          Oops, I blew that one…

          That means that when April’s Monthly Rollup is issued, it doesn’t matter that the preview is hidden… because the patches that are in it, are forwarded to the April Rollup?

          Win 7 Home, 64 bit, Group B

          • #182455 Reply

            MrBrian
            AskWoody_MVP

            They’re different updates, with different update IDs, and different contents.

            1 user thanked author for this post.
      • #182459 Reply

        rhp52
        AskWoody Lounger

        After installing KB4099950,  KB4088881 reappeared in optional updates unchecked.

    • #182365 Reply

      anonymous

      Hi, I’m Windows 7 64-bit, i7-3770, with Jan and Feb patches installed.

      I’ve decided to follow, as I’ve always done, Woody’s recommandation, that is … do nothing; no March patching and no rollback.

      I’ll wait for new instructions from Woody.

      2 users thanked author for this post.
      • #182403 Reply

        Joulia.S
        AskWoody Plus

        Hi,

        i too am on Windows 7 64 bit and decided to dive right – in with the March Updates TODAY,after reading Woody’s post and thankfully everything went just fine.Still several hours later,No blue screens,No system slowdowns,Nada…A big thank you to Woody for his regular invaluable advice.

         

        Windows 7,Home Premium 64 bit - Lenovo laptop
        Group A - Intel (R)Core i7 Processors -

        ASUS Chromebook C302 12.5 inch
        64GB memory .

        2 users thanked author for this post.
    • #182388 Reply

      JohnW
      AskWoody Plus

      Win 10 Pro 1703 – updated today, no issues so far.  🙂

      Hid KB4023057 and the feature update to version 1709, everything else for March has been updated.

      I believe I will follow advice and leave my Win 7 Pro box alone …

    • #182380 Reply

      mdwpsyd
      AskWoody Lounger

      I did search AskWoody.com (site, forums; Google search, on-site search) but did not find an answer to this question. My apologies if this has been A&A (asked and answered).

      How do I determine which Windows 10 Pro update I have, e.g., 1703, 1709, 1803?

      System Info says:
      Windows 10 Pro
      Version 10.0.16299
      Build 16299

      Thanks!

      Mark

       

      Edit to remove unnecessary system information

      • #182390 Reply

        PKCano
        Da Boss

        You have Windows 10 v 1709, BUILD 16299. The 16299 indicates the Build which is indicative of the version 1709.

        2 users thanked author for this post.
    • #182413 Reply

      280park
      AskWoody Lounger

      I have read Woody’s Computer World article and all the forum comments.

      If we choose Woody’s second option

      “If you don’t need the headache, and you’re reasonably sure nobody’s going to attack you with a Total Meltdown push*, don’t do anything. Don’t install any of the March patches”

      what do we do going forward?  Do we just wait for the April patches and a subsequent DEFCON 3 announcement?

      Thanks.

      2 users thanked author for this post.
      • #182438 Reply

        Elly
        AskWoody MVP

        what do we do going forward? Do we just wait for the April patches and a subsequent DEFCON 3 announcement?

        Yep… if you are choosing the wait and see option… you get to wait… and see…

        Win 7 Home, 64 bit, Group B

        6 users thanked author for this post.
    • #182422 Reply

      bobcat5536
      AskWoody Plus

      Group A Win 7 Pro x64…I did not install any of the Mar. updates and rolled back to Dec. using Windows Update Mini Tool. Everything is working smoothly. At this point I’m being offered via WU KB4091290 ( unchecked ) and KB4099950 ( checked ). Unless I’m missing something here, it appears that everyone is being offered something different even though their configurations are similar or the same. That would lead me to believe that there is no one answer that fits all to the many questions ( including mine ) that everyone has. I’m seeing others that rolled back as I did being offered completely different updates than me. This leads to the mass confusion that’s being seen here. Please correct me if I’m looking at this wrong   🙂

    • #182444 Reply

      anonymous

      I have  two win 7 64 bit computers.  Both of them had the following on them under windows update when I checked windows update today:  KB4018317 Outlook update, KB2965234Powerpoint update, (both of these were unchecked), KB4100480 2018-03 Security Update for Win 7 64 bit, Checked,  KB4091290 2018-03 Updated for Win 7 64 bit, Unchecked and KB4099950 2018-03 update for Win 7 64 bit.  This list was off the laptop which had been turned off for 9 days since I did not need to use it.  When I when turned on the laptop today it had the KB4088875 update but when I hit check for updates, it disappeared.  The resulting list was as stated above.  I checked the list on the laptop to the list on the desktop and they were the same.  After installing the checked updates including the updates for Outlook and Powerpoint, rebooted the computer and the only update available was the unchecked KB4091290.  I then read about the KB4091290 and found it was for the smart card issue that arose in February.  I’d like to thank Mr. Brian for his comment that you do not need to install this especially since I do not use smart cards on either of the computers.  Unless something else pops up between now and Tuesday,  I am going to sit tight until the craziness that starts again on Tuesday settles down and I get the directions and advice from Ask Woody–Thanks Woody and everyone else.

    • #182454 Reply

      anonymous

      FWIW,  I’ll add my experience

      Win7 Pro 64bit

      I installed in this order

      -KB4096040 (the initial March Win 7 IE Cumulative Security Update)… IE launched fine after update, so i skipped the replacemnt patch that was issued on 3/23

      -KB4100480

      -the March MSRT

      No problems encountered.  No detectable slow down, although not a power user.

      I assume the consensus is to hold on the “full” March Win7 Security only update until further notice, even though it is listed on the Group B page?

      Edit to remove HTML. Please use the “text” tab in the entry box when you copy/paste.

    • #182469 Reply

      Rock
      AskWoody Lounger

      I thought I’d put this info here if it helps anyone like it did for me.

      On my Main PC I have Windows 7 64 Ultimate Group B Pre January patches and things work great. My laptop came with Windows 10 so I am running 1703 and I will stay here for awhile until the dust settles with 1803, for now.

      I have not had any issues with being forced to 1709 so I thought I would explain how. I too have windows update set to CBB, 365 days and 30 days. I also use wushowhide to manage the monthly cumulative updates, but I also use WPD, you can get it here https://getwpd.com/ .

      I find this program does just about everything I want it to do to Windows 10. It disables telemetry (I know there is no way to completely shut it off) it makes it super easy to remove built in apps. I have Cortana disabled and I can still search. It allowed me to remove the useless Lock screen and helps me to tame windows update. Every time I install a monthly update I have to go back into WPD to shut off 4x telemetry settings.

      I have been thinking of installing Windows 7 on my laptop as a proof of concept that I can but if time doesn’t allow me to I am currently ‘content’ with how WPD helps me manage my Windows 10.

      I hope this helps someone like it did for me.

       

      Rock

    • #182470 Reply

      anonymous

      Don’t install the WIN 10 cumulative for 1709-When it was installed and needed restart, windows has to sign you otu due to a problem. I uninstalled the cumulative for march and now everything is back to normal. I hid the cumulative update so it doesn’t bug me or harm my baby again. I also did a defragment, advanced systemcare, ccleaner AND AN ERROR check afterwards.

      All other updates for 1709 has installed normally and my computer is taking time to digest and adapt to new updates, but everything is normal again.

    • #182482 Reply

      Well, I went through the most turgid rigmarole of patching, rebooting, and running WU several times now, and seem to have all the prerequisite patches, and I’m safe from IP address wipeout; now just the Big Bad KB 4088875 leers at me now, _unchecked_, and it’s a genuine standoff as we glare at each other.

      What gives me pause before downloading and installing that morass are two things:

      1. MS’s latest info on the March roll-up (4088875) has the warning, “A Stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).”  I have NO idea what this means, nor any idea on how to ascertain if I have this function.  Can anyone tell me a method to determine if my system supports SSE2??

      2. KB4088875 is still unchecked, though “important”.  I have always wondered what determines an item in WU to be “checked” or “unchecked”; does it mean, “Kosher-no issues” if checked, and “look out, you still might hit the wall” if unchecked”?  As Groucho used to say, “Any questions?  Any answers?”

      3. If “unchecked” means “Not Yet Kosher”, I’m going to ignore the thing IF April’s rollup will contain everything OK in 408875, plus other things, good or bad.

      Any light thrown on the above deeply appreciated.   This is my only machine, and I simply can’t take a chance of BSOD’ing it.

      Thanks to all, again, who are slogging through this morass. (!)

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      • #182495 Reply

        GoneToPlaid
        AskWoody Plus

        Hello Nibbled To Death By Ducks,

        It seems that you have been nibbled to death by updates! Your computer’s CPU supports SSE2 unless your CPU is rather old. One of my favorite handy dandy utilities which I use on my computers, and which I use on all of the office computers, is Piriform’s Speccy. Basically, Speccy shows you details about all of your computer’s hardware along with a lot of other useful stuff. Get the free version of Speccy directly from Piriform at the following link:

        http://web.piriform.com/speccy

        After installing and running Speccy, Speccy could take up to around 30 seconds to analyze the details of your computer’s hardware. When the analysis is done, then suddenly the main details will appear all at once on the main screen. When you see that, click on CPU. Doing so will take you to a details page which tells you everything about your computer’s CPU. Attached are two screenshots of Speccy’s results for my computer. One screenshot is the Speccy Summary page, and the other screenshot is the Speccy CPU details page. In the CPU details page in my screenshot, you can see which instructions my CPU supports. SSE2 is one of them.

        Speccy-Summary

        Speccy-CPU-Details

        Attachments:
        4 users thanked author for this post.
      • #182502 Reply

        GoneToPlaid
        AskWoody Plus

        KB4088875 is the March Monthly Rollup. It is unchecked since it still has several issues. You should leave it unchecked for now. My next question is, what is the latest monthly rollup which you presently have installed on your computer? The only way to be sure is to go to Control Panel, launch Programs and Features, and then click on “View installed updates”. Sort the resulting list by Name, such that next to Name you see a small arrow pointing up. If the arrow is pointing down, then click on Name again to reverse the sort order. Now scroll down to the section which is labeled Microsoft Windows. Scroll down some more, and you will see a lot of entries labeled “Security Update for Microsoft Windows”. Each entry is followed by a KB number which is in parentheses. Scroll down the last “Security Update for Microsoft Windows” which you see, and tell us the KB number.

    • #182520 Reply

      OscarCP
      AskWoody Plus

      MrBrian has advised to consider installing KB4099467 after doing so with the other March updates for Windows 7, x64. It fixes some strange problem that, so far, I don’t  believe to have had; touch on wood.

      When I went to get it from the MS Catalogue, found something unexpectedly confusing there:

      There was an update labelled for “Windows 7, x64”, but the information pop-up on that update said that it was for “AMD64 x86” machines.

      Now, we’ve already had the Patch Lady explaining the believe-it-or-not fact that “AMD64” = “x64”, regardless of who made the CPU chips in our PCs. But this is something else:

      As far as I know, “x86” is another way of saying “x32”, which is definitely not the same as “x64”.

      So, is there a contradiction between the update label in the Catalogue and the information on the update itself?

      Or, to put it somewhat differently: Will Patch wonders ever cease?

       

      • #182535 Reply

        Elly
        AskWoody MVP

        There was an update labelled for “Windows 7, x64”, but the information pop-up on that update said that it was for “AMD64 x86” machines.

        Screenshot from the MS Catalogue:

        Architecture-AMD64_X86

        There is a comma, not a connector, between the two listings for Architeture.

        But… I really enjoyed, “Will Patch wonders never cease?” as it sums up my jaw dropping amazement when contemplating the mess I have to wade through to get family and friends updated every month this year.

        Win 7 Home, 64 bit, Group B

        Attachments:
        2 users thanked author for this post.
        • #182563 Reply

          OscarCP
          AskWoody Plus

          Elly,

          I’ll take your word for it — and also Anonymous’, in the next comment down.

          But if my machine gets anything after I install the ambiguous KB4099467, from halitosis to shingles, to cardiac arrest, it will be on you. It will be totally on you.

          That said and until then:

          Thanks.

           

           

          • #182620 Reply

            Elly
            AskWoody MVP

            But if my machine gets anything after I install the ambiguous KB4099467, from halitosis to shingles, to cardiac arrest, it will be on you. It will be totally on you.

            Given the choices that Woody summarized for us, I have rolled back to December, so installing KB4099467 isn’t on my agenda at all. I’m not recommending others follow my example… it just doesn’t appear to me that Microsoft and Intel have their act together regarding Meltdown and Spector vulnerabilites… and it is my style of managing risk to step back and watch it all work out. I’m hoping to go forward with updating, someday, but just not right now. I’m wishing those making other choices, all the best. I get triggered and anxious over all sorts of things, and the AMD64 terminology seems to bother you… I am hoping you are reassured that it doesn’t seem to be something you really need to be worried about, being unrelated to the AMD processor problems in January patches. I was simply addressing AMD64, x86 being listed, and trying to clarify that. There are enough things to worry about…

            Halitosis to shingles, to cardiac arrest… just don’t blame me if you don’t install KB4099467 and get a StopError BSOD after installing KB4088875… I trust MrBrian on this one. LOL.

            Win 7 Home, 64 bit, Group B

            4 users thanked author for this post.
      • #182542 Reply

        anonymous

        @oscarcp

        <span id=”ScopedViewHandler_labelArchitecture_Separator” class=”labelTitle”>Architecture:</span> AMD64 , X86

        The above is directly from the “Overview” tab of the Microsoft Update Catalog entry for KB4099467. This simply means that the patch applies to BOTH 32 bit ( i.e. X86) and 64bit (i.e. AMD64) processor architectures, with each architecture (x86 and x64) having its OWN, SEPARATE version.

        In your case, simply click on the download button for the version that’s listed as “2018-03 Update for Windows 7 for x64-based Systems (KB4099467)” and you’ll get the version meant for 64 bit systems. You’ll notice that the file name of what you’re downloading begins with “windows6.1-kb4099467-x64” and then goes on with a long trail of characters after that, ending with the .msu suffix.

        The same holds true for ANY Microsoft patch listed that way in the catalog. If it says “Architecture: AMD64 , X86” it simply means that the patch you’re being shown, or told about, is meant for 32 bit and 64 bit systems. It also means that there is a separate patch for 32 bit systems and a separate patch for 64 bit systems, but they share the same KB number.

        This is simply Microsoft’s version of “shorthand” notation, in that they’re trying not to be too wordy. They’re trying to get the information out by being as brief as possible. At one time (within the last two or two and a half years), the Microsoft Update Catalog was meant only for IT professionals, not for the rest of us. That has since changed under Satya Nadella, as have many other things you’ve probably noticed coming from Microsoft.

        Any or all AskWoody MVP’s please feel free to correct the previous statement about the Update Catalog if it’s not completely accurate!

        @oscarcp , I hope this helps to stop your head from spinning now and in the future due to Microsoft’s apparently excessive brevity in describing the applicable processor architectures for patches in the Update Catalog. 🙂

         

        Edited for HTML.

        4 users thanked author for this post.
        • #182622 Reply

          Elly
          AskWoody MVP

          Thank you for your much better explanation.

          Win 7 Home, 64 bit, Group B

        • #182693 Reply

          satrow
          AskWoody MVP

          This simply means that the patch applies to BOTH 32 bit ( i.e. X86) and 64bit (i.e. AMD64) processor architectures, with each architecture (x86 and x64) having its OWN, SEPARATE version.

          MS make software, not CPUs, better to say:
          “This simply means that the patch applies to BOTH 32 bit ( i.e. X86) and 64bit (i.e. AMD64) Operating System architectures, with each architecture (x86 and x64) having its OWN, SEPARATE version.

          1 user thanked author for this post.
          • #182956 Reply

            Elly
            AskWoody MVP

            That’s right, because the processor is hardware (could be with Intel or AMD branding).

            The operating system is software, and the 32 bit (x86) and 64 bit (AMD64) architecture is part of the operating system.

            Even the ‘answer’ was getting it confused…

            Thank you!

            Win 7 Home, 64 bit, Group B

            1 user thanked author for this post.
    • #182525 Reply

      GoneToPlaid, thanks so much for getting back to me!

      Downloaded the program, and it indicates support for SSE2. (Handy little thing, better than many seen in the past.)

      Last Security Update for Windows was KB 3185349 April 7 2018.

      Also, there’s another warning on 4088875 I missed the first time:

      “After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:

      SESSION_HAS_VALID_POOL_ON_EXIT (ab)”

      Should I apply KB4099467 before applying KB4088875, if I should apply 4088875 at all?

      Many Thanks!

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #182518 Reply

      anonymous

      I am in Group B Windows 7 64 bit and I am wondering what I should do with NET Framework Quality Rollup  to 4.7.1 dated 2018-02 ?

      I am going to install up to March security only including  KB4100480 and KB4099950.

      I assume then I won’t need April Security only even when Woody gives the Defcon go ahead.

      Thanks Woody and guys

       

      Edited for HTML. Please use the text tab when doing copy/paste in a reply.

       

       

      • #182538 Reply

        Elly
        AskWoody MVP

        I assume then I won’t need April Security only even when Woody gives the Defcon go ahead.

        Why is that?

        Win 7 Home, 64 bit, Group B

        • #182539 Reply

          Zaphyrus
          AskWoody Lounger

          I think he/she means that he/she doesn’t need to install them right away, and that like everyone here, will pay attention to the MS-DEFCON level changes.

          Just someone who don't want Windows to mess with its computer.
    • #182545 Reply

      Cybertooth
      AskWoody Lounger

      As I write these words, this thread on the March updates contains 240 replies (and this one will make it 241). Could there be a more telling commentary on the current state of Windows patching?

       

      4 users thanked author for this post.
      • #182553 Reply

        Zaphyrus
        AskWoody Lounger

        actually its more like we are making sure rocks aren’t falling from the sky  and we are correctly protected in case rocks will fall in the future.

        Just someone who don't want Windows to mess with its computer.
    • #182568 Reply

      anonymous

      Help please!  I have W7 32 bit, ran WU and only got MSRT and the snooper kb2952664 as important. For recommended I got – kb4076492, kb4033342, kb3184143 and kb4099950. Also kb4075211 as optional, which I think is preview for Feb rollup? But I have all rollups successfully installed upto and including Feb. I hid kb4075211 and ran WU again and was offered kb4091290 as a recommended update it’s 137.7MB! Which is about the usual size of my rollups. This is the first time I haven’t been offered the monthly rollup, the last couple of months I’ve held my breath and took the plunge and installed what I thought I should, but this time I don’t know what to do for the best.

      Should I install, if so in what order or just leave March well alone, and wait till the end of April for (fingers crossed, prayers said) an improvement. I can’t afford to lose this netbook . All words of wisdom welcome at this point.
      Many thanks,  –   Watson.

      • #182582 Reply

        PKCano
        Da Boss

        **kb4076492 is a .NET Rollup – safe to install if checked
        kb3184143 is a patch to remove GWX components (old) – no needed
        kb4033342 is the installer for .NET 4.7.1 – you can hold off on this one for now, install later when there is not all this chaos. Hide or uncheck.
        **kb4099950 is a required hotfix – install it FIRST before any Rollup
        kb4091290 is a fix for a Smart Card bug issued in Feb – if you are not using Smart Card ID it is not required.

        Hide any Previews that show up in the optional updates list (like you did kb4075211). See @mrbrian ‘s instructions here about getting the current Rollup to appear.

        So far.KB 4088875 (Mar Rollup) may appear as an unchecked important update.

        2 users thanked author for this post.
        • #182669 Reply

          anonymous

          PKCano – Thanks for the timely sage advice earlier! On my W7 32 bit i installed March MSRT, kb4076492 and kb4099950. Hid kb2952664, kb3184143 and kb3102429??? (forgot to mention that one). Reboots inbetween , ran WU again and am offered kb4033342 (checked) and kb4091290 (unchecked) – not installing either. I still have not been offered March rollup…??? Don’t know why, all previous rollups successfully installed. So i guess i wait until Defcon 3 for April as I’m Group A, that rollup will supersede the March one, yes? Will i be offered that one…? I hope April’s updates are easier (sigh) as I’m starting to swim out of my depth. Many thanks again,   –    Watson.

          • #182678 Reply

            PKCano
            Da Boss

            Hide any Previews in the oprionals, search again – until there are no Previews left. March Rollup may show up unchecked.

            • #182696 Reply

              anonymous

              PKCano – I only had one preview appear, which i hid yesterday, kb4075211, today it’s not there anymore, in fact it’s no where to be seen. In hidden updates i have kb2952664, kb3184143 and kb3102429. In important updates i have  kb4033342 checked, kb4091290 unchecked. There are no updates in optionals, and still no March rollup….. Aah well.   –   Watson.

               

            • #182703 Reply

              PKCano
              Da Boss

              Check @mrbrian ‘s post immediately below this. Cleck on the link and be sure you have done everything in his instructions.

          • #182682 Reply

            MrBrian
            AskWoody_MVP
            • #182763 Reply

              anonymous

              Couldn’t do all the steps in mr.brians post as i have never been offered March rollup preview kb4088881, so i couldn’t hide it. Only preview i have seen is kb4075211 Feb rollup preview, which i did hide.  The other steps i have done, i cant hide what doesn’t appear – why does MS have to make things so difficult…..   (Tired) Watson.

        • #188670 Reply

          anonymous

          re: **kb4076492 is a .NET Rollup – safe to install if checked

          what if it is NOT checked?? it is listed under “important”, but no check.

          thanks

          • #188672 Reply

            PKCano
            Da Boss

            Rule of thumb: DO NOT check anything that is UNCHECKED by default.

    • #182585 Reply

      anonymous

      About why it is so crucial to update, maybe.

      248 comments here, it seems like a lot is wondering about what to do, in what order and how to be safe agains this mess, some people(in January) even said that we should download a new bios update even before they where made to be safe against Spectre/Meltdown.

      In January i followed this page https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

      First downloaded Windows Management Framework 5.0 and that was the first time I ever used that program, pretty scary to mess things up. And with help from an youtube video in a language i dont understand https://youtu.be/46a1bcmjUyI

      Now with this Total Meltdown things got even worse https://blog.frizk.net/2018/03/total-meltdown.html

      I guess an informative video or a program to help us check if our computers have these vulnerabilities would be the best way for information about our security.

      Are we really safe if we have an certain kb file installed?

      I noticed that the IE security patches was not cumulative or is it, that is really stupid to have to install every patch since one year back, does it matter what order. With firefox i just download the latest update.

      And I never know if my firewall is safe either but that is an another question…

      Is our computer ok just because we dont see any problem?

      And big thanks for all the help and information here!

      • #182590 Reply

        PKCano
        Da Boss

        The IE11 security patches ARE cumulative. The Win7/8.1 security-only patches ARE NOT cumulative, so each one has to be installed separately.

        • #182733 Reply

          anonymous

          If IE11 security patches ARE cumulative, then it makes things more confusing. I installed december 2017 patch first, rebooted, then installed every patch from may to november without any word that IE it was updated.

          So this means that I can Uninstall every IE security patch i installed and then install the latest one?? This would clean up my installed kb files.

          • #182738 Reply

            PKCano
            Da Boss

            You do not have to uninstall anything. Just install the latest IE11 patch and you will be fine.

            1 user thanked author for this post.
    • #182593 Reply

      LH
      AskWoody Plus

      Win 7 Pro x64, Group B.
      Installed patches as follows in two sessions (this afternoon and evening, Sunday):
      1. 4099950, 4100480 (from Windows Update – had to tick 4099950)
      Forgot to Check for Updates afterwards.
      2. 4088878 (reboot – OK; Checked for Updates – no new ones found)
      3. 4099467 (temp. hitch as wouldn’t download from Catalog via Pale Moon browser – don’t know why; switched to Chrome, all OK)
      4. 4096040 (reboot – OK; Checked for Updates – no new ones found)
      5. Office 2010 patches x 4 (ticked ones only; no reboot called for; checked for updates: found 4018317 for MS Outlook, unticked)

      So far (late Sunday evening), all still OK.

      2 users thanked author for this post.
    • #182595 Reply

      rowrbazzle
      AskWoody Plus

      HTH:

      Win7 Pro x64 SP1, AMD Phenom II X4, Group B

      wuauserv Disabled until searching and manually downloading

      Up to date through February.

      Dates and March updates:

      0401 KB4100480 from catalog

      0406 all four checked Office 2010 updates from WU

      (Soul search: not found)

      0407 imaged disk w/ Macrium Reflect

      KB4099950 from catalog (unchecked at WU, BTW)
      KB4088878 from catalog
      KB4096040 from catalog
      KB4099467 from catalog
      AOK after restart

      0408 first boot morning after — AOK.

      3 users thanked author for this post.
      • #182699 Reply

        Charlie
        AskWoody Plus

        Thank you so much!  You’re the first person to mention that you installed the four checked Office 2010 updates!  I’ve been waiting and waiting for some news about this, and you also confirmed that all seems to be AOK.  Thanks again!

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

    • #182598 Reply

      JohnW
      AskWoody Plus

      Updated my Win 7 Pro box today (Intel Core i3 – Sandy Bridge).  Only one important update was available, KB4100480, 2018-03 Security Update for Windows 7 x64.

      Was previously current with updates through 2018-02, except for the .NET 4.7.1 update, which I left unchecked.

      Security Update install went fine, but after the restart the desktop was very slow to appear, then was not responsive at all.  Let it run for a few minutes, then did a hard shutdown.  Was half expecting to need to reboot to safe mode, but everything was fine when the system booted up again.  Weird!

      Except for that initial hiccup, everything is functional and stable now.  🙂

       

      2 users thanked author for this post.
    • #182605 Reply

      anonymous

      I feel like I am going back to AskWoody School. I switched to Group A because patching was becoming a right pain. I’m a Windows 7 Home Premium 64-bit user with no network to worry about.

      I toned down telemetry and install the monthly rollups but left my settings as “check for updates but let me choose to download/install”, and unchecked the”give me recommended…” option.

      I always wait until Defcon 3 and/or advised by you to patch. So far things have worked out.

      I had KB4074598 and KB4056894 installed and added KB4100480 and the end of March after checking the forums. I haven’t had any problems.

      KB4099950 and KB4091290 were offered as recommended and unchecked. After
      reading the discussions about settings and those patches – and rereading AKB 2000004 – I changed my settings.

      KB4099950 shows up as important and checked while KB4091290 is important and unchecked.

      I will install the first and wait on the second. Does it “activate” once KB4099950 is installed?
      -firemind

      • #182617 Reply

        PKCano
        Da Boss

        Hide any Previews that show up in the optional updates, then search again, until there are no other Previews. When you do this, some other updates may show up.

        1 user thanked author for this post.
    • #182615 Reply

      edric_now
      AskWoody Lounger

      Hello, I want to ask some question

      I just recently updated my windows

      1. January rollup update KB4056894 (installed since january )

      2. KB4100480 (installed recently)

      I dont know if this sequence okay or not?

      and I read this article by woody https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

      As of this moment, EVERY Windows 7 / Server 2008 R2 64-bit patch released this year opens a gaping security hole commonly called “Total Meltdown.” In addition, recent patches have a healthy collection of bugs that range from blue screens (STOP messages), to blocking Internet Explorer 11, to a particularly debilitating bug for folks running servers that leads to lockups due to SMB leaks.

      Microsoft has released a fix for the Total Meltdown hole, but installing it brings along many of those creepy bugs.

      from what I know KB4100480 is for total meltdown right? so is it really bring bugs from march? since the statement on the article said “EVERY” and the 2nd statement said total meltdown fixes. and is KB4100480 already full patch for total meltdown? I read that march rollup supposed to partially fix it but KB4100480 added later or KB4100480 enough for total meltdown fixes?

      Edit to remove HTML: Use the ‘text’ tab in the post entry box when you copy/paste.

      • #182619 Reply

        PKCano
        Da Boss

        If you have installed any of the Jan, Feb, and/or Mar Rollups or security-only patches, you need to apply KB4100480. Those patches opened another vulnerability called Total Meltdown that KB4100480 fixes. This is not the original Meltdown/Spectre vulnerability, but an ADDITIONAL one.

      • #182657 Reply

        MrBrian
        AskWoody_MVP

        “so is it really bring bugs from march?”

        Here is my analysis of KB4100480.

        • #182923 Reply

          edric_now
          AskWoody Lounger

          Hi MrBrian

          “so is it really bring bugs from march?”

          “Here is my analysis of KB4100480.”

          so based on this analysis KB4100480 should be okay for win 7 64bit. i checked my procie and it have SSE2 and PAE issue only for 32bit so it shouldnt affect me i guess.

          and IE, NIC, and SESSION_HAS_VALID_POOL_ON_EXIT (ab)” file not included in KB4100480, so i guess i should be okay since my rollup is January. well i use my pc and so far now bsod, try to log off and its log on fine but im admin tho dont know if its another user log off since its home pc, and my IE not updated so its still IE8, never using it anyway but it wont matter if the file not included anyway xD

          and SMB and antivirus registry is already known since January rollup so i guess im just gonna wait till another good security rollup out i guess? rather than installing so many confusing things to fix March update bugs 🙁

           

           

    • #182621 Reply

      bobcat5536
      AskWoody Plus

      Question ? I just finished updating Win 10 Pro x64 ( 1703 ) and it updated the March updates and brought my version up to 15063.994 with KB4088891. Is this the right version ?? I’m showing that KB4088891 should be version 15063.997 on the MS update history page.

      https://support.microsoft.com/en-us/help/4018124/windows-10-update-history?ocid=update_setting_client

      • #182623 Reply

        PKCano
        Da Boss

        I believe that is a typo on the pulldown. If you open up the link it says .994 (nad that’s what I got too)

        1 user thanked author for this post.
    • #182625 Reply

      anonymous

      I am Group A.  I have kept Jan and Feb installed and installed KB4099950 and KB4100480.

      I did all the gyrations and have March KB4088875 back as an Important update but MS has it unchecked.

      KB4099467 (catalogue update for Stop Error) reads to be not an option but a must, yet it is a manual procedure. So do I download and have it available in case I need it – in which case how do you install it on a Stopped Error computer (is this BSOD)?  Or install it before installing KB4088875?

      Anyone know what it does?  Can it hurt to install it whether or not it is necessary?

      • #182627 Reply

        PKCano
        Da Boss

        If you install KB4088875 and decied to install KB4099467, then install it immediately afterward WITHOUT/BEFORE a reboot in between.

        • #182640 Reply

          anonymous

          Hmmm, but ususally one has to reboot to have an update complete installation.  So do the two of them sort it out during the install process and hopefully come back up with no Stop screen?

          • #182644 Reply

            PKCano
            Da Boss

            If you reboot before  KB40999467, then KB4088875 will cause the BSOD. So you install KB40999467 beforehand to prevent it.

            1 user thanked author for this post.
          • #182660 Reply

            GoneToPlaid
            AskWoody Plus

            The upshot from PKCano is that you should ignore the reboot requirement by clicking cancel. And then you proceed to install the subsequent update as he recommended in order to prevent any potential BSOD after reboot.

            • #182717 Reply

              anonymous

              Understand the concept, but if I “install” KB4088875 and select cancel for no reboot – is KB4088875 “really fully installed”?  But then I am going to “install” KB4099467, then actually reboot.

              How do the two “not fully installed” KB’s sort it out in time. If enough of KB4088875 gets installed before KB4099467 gets installed; won’t KB4088875 throw a Stop Screen anyway?

              Are we sure this will work?

            • #182719 Reply

              PKCano
              Da Boss

              They both get installed before the reboot, during the reboot and while the computer is restarting. So both are in place to prevent the BSOD.

              1 user thanked author for this post.
            • #182720 Reply

              MrBrian
              AskWoody_MVP

              “Are we sure this will work?”

              See the part of Mark Phaedrus’ answer from “As it happens” to the end at https://www.quora.com/What-would-happen-if-Windows-10-suddenly-decided-to-reboot-because-of-update-during-defragmentation.

            • #182739 Reply

              anonymous

              I went back to read the latest 3/17 MS KB4088875 wherein it referenced at the end the Stop problem and the need for KB4099467 so surprizing it is not listed as Important on WU.

              However, I also looked at KB4088881 the April Preview and the issues read identical EXCEPT the Stop problem is no longer listed as is the need to apply KB4099467!

              Did they include the “fix” in the April Preview?

            • #182794 Reply

              MrBrian
              AskWoody_MVP

              ‘However, I also looked at KB4088881 the April Preview and the issues read identical EXCEPT the Stop problem is no longer listed as is the need to apply KB4099467!

              Did they include the “fix” in the April Preview?’

              I think that KB4088881 probably doesn’t fix that particular stop error because according to KB4088881’s file list, it doesn’t include the updated version of file win32k.sys that is in KB4099467. KB4088881 does however fix the Internet Explorer issue that is also fixed in KB4096040.

      • #182674 Reply

        MrBrian
        AskWoody_MVP

        I installed KB4088875 on March 25, and I haven’t experienced the issue that KB4099467 supposedly fixes. I didn’t install KB4099467.

        If you want to install KB4099467, I think the best way to do it is install KB4099467 right after installing KB4088875, without a reboot in between. The reason for not rebooting in between is so that when the next reboot happens, the faulty parts of KB4088875 never become active because they’ve been replaced with the fixed parts from KB4099467.

        As with any update, the question is whether KB4099467 introduces any issues.

        1 user thanked author for this post.
    • #182631 Reply

      Anonymous

      Hello all fellow sufferers!  Please be kind as this is my first time here!  I’m learning as I go with notebooks of instructions.  I am Group A.  I have installed  Jan – KB4056894, Feb – KB4074598, KB4100480.

       

      I redid the instructions to show “Give me recommended updates the same way I receive important updates” and that brought up KB99950 in the important updates which I have not installed.

      Previously, I had installed the March monthly rollup including KB4099467 which did not keep the computer from the BSOD so I uninstalled the March rollup and presently have installed what I have in the first paragraph.

      The March rollup KB4088875 does not show up.

      I would greatly appreciate your advice as to what, if anything, I should install now — and if so in what order.  Also, it has been suggested that after installing KB99950 and KB4088875 not to reboot and then after installing KB40999467 to reboot — am I wrong to believe that in Group A we don’t have the option to not reboot after each installation?  Thanks in advance — I am extremely security minded and not knowing what to do is stressful.

       

      • #182639 Reply

        PKCano
        Da Boss

        In this case you should choose “reboot later” between KB4088875 and KB40999467.

        • #182642 Reply

          Anonymous

          Much obliged — I was not aware of the “reboot later” option as I did not use it in the past.  I also want to add that I am windows 7 a five year old Lenovo desktop.

      • #182667 Reply

        GoneToPlaid
        AskWoody Plus

        Peacelady, welcome to AskWoody! It is nice to have you here. Feel free to fire away with any questions which you have about Windows Updates. After all, this is what AskWoody is all about.

        • #182675 Reply

          Anonymous

          Thank you so much Gone to Plaid — this group is a blessing to me.  So, not to be repetitive (lol) but here is what I am understanding:  Install KB99950.  reboot.

          Install KB4088875 but click “cancel”

          Install KB4099467 and reboot.

          Maybe KB4099467 did not work for me the first time because I rebooted after KB4088875?

          And then the big question — should I do this or just leave what I have and wait for April?

          Thanks again for your welcome and your help.

      • #182677 Reply

        MrBrian
        AskWoody_MVP
      • #182919 Reply

        MrJimPhelps
        AskWoody_MVP

        Peacelady: What version of Windows are you running? Windows 7-64? Windows 7-32? Something else?

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        • #182933 Reply

          Anonymous

          Mr. JimPhelps – I have Windows 7 Professional, Service Pack 1, Intel (R) Core  64bit, Lenovo desktop.  Let me know if you need anything else.  BTW – I’m new here and need advice how to quote parts of someone’s post in my answer.  I see the quotes on the top here but I’m at a loss.  Also, if anyone can help me – the blog site keeps freezing up on me and I’m not able to use the refresh button — is this a common problem because of the increased volume lately?  I do have the posts sent to my email where it’s more handy for me to read them.  Any tricks of the trade are deeply appreciated!  And I have been logging on and off and have not had any BSOD issues this morning.  Yeah!!!!

          1 user thanked author for this post.
          • #182954 Reply

            Individualist
            AskWoody Lounger

            @peacelady

            I am having issues logging in, then once in having problems logging out as well as problems with refreshing..I suspect it is a traffic issue. Well, I am taking the plunge today on the desktop as well as the laptop…I am somewhat reassured by your experience however my fingers shall remain crossed until my knuckles turn white! I am isolated in the country and somewhat disabled and rely heavily upon my machine to keep me in touch with the outside world. Wish me well, and thank you for all of your input.

            A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

            • #182958 Reply

              Anonymous

              Individualist – I certainly do wish you well.  You will be fine!  Also, I never had a problem with uninstalling the updates when I had the BSOD issue — it never totally crashed the computer.  Knowing that you can probably use the “uninstall” should give you more peace of mind.  Maybe you can help me — when you answer someone’s post how to you put their name on the top?  And do you know how to quote a part of someone’s post that you are answering?  The mechanics of posting is unsettling until I get the hang of it.  Also, do you get the error message that I frequently do: “Error established a data base connection”?

            • #182961 Reply

              PKCano
              Da Boss

              In the post you want to reply to, click on the reply button.
              That will drop you down to a reply box.
              Scroll back up to what you want to quote and highlight the text you want.
              Then click on the “Quote” button at the bottom of that post (next to the “Thanks” button.
              That will drop your quote into your reply box at the bottom.
              The person’s name will be there too.

              4 users thanked author for this post.
    • #182632 Reply

      anonymous

      My Win 10 Home 1607 usually has Win Update turned off in services and WiFi connection set to metered so I don’t get any updates unless I want them.

      With 1607 at end of support, and patch Tues coming up, I thought I’d update to 1709 before 1803 comes around with probable issues and spent nearly 24 hours nursing it along, restart after restart, download after download.

      What a rigamarole Win 10 is when you try take some control of it.

      Have to sat though, my cheap newish Dell lappy is feeling good for it, much faster for some reason – no stats, and no issues so far. Except Acronis wouldn’t let it start up again after cloning, then froze it on second attempt. Got rid of Acronis and installed free EaseUS Todo Backup – working good now.

      1 user thanked author for this post.
      • #182833 Reply

        anonymous

        Win 7 64bit sp1. Wound back to Dec ’17 updates, stopped updates and sitting tight until Meltdown is fixed for good. Or I’ll just sit on that until I figure out Linux.

    • #182664 Reply

      dgreen
      AskWoody Lounger

      You have Win7. The “/” means “or.” Server 2008 R2 is a different kind of computer.

      PKCano
      This is what I found when I checked my computer properties.
      I always thought  I had Windows 7 SP1 Server 2008 R2x64 bit..
      now I’m confused, do I have server 2008 R2x64?

      Capture4

      Attachments:
      • #182668 Reply

        GoneToPlaid
        AskWoody Plus

        You have Windows 7 Home Premium 64-bit and not Windows 7 Server 2008.

        2 users thanked author for this post.
      • #182671 Reply

        PKCano
        Da Boss

        You have Win7 SP1. But if you look at patch descriptions that are offered they say Win7 SP1/Server 2008 R2 meaning they are for both Win7 based systems.

        I can’t find it right now, but wasn’t the question from an anon poster who didn’t seem to know there was a difference between Win7 SP1 (like home or pro) and Server 2008 R2? That is why I gave that answer.

    • #182680 Reply

      Demeter
      AskWoody Plus

      Out of curiosity I just turned Updates back on to have a look. Here is what I have checked as important: KB4099950, 03-2018 Update for Win 7 x 64, Published 05/04/2018

      KB2952664, Update for Win7 x64 13-03-2018

      MSRT 03-2018.

      I’ve got the Jan. & Feb. Security Monthly Roll Ups installed, ( KB4056894 & KB407458, didn’t roll them back), and installed KB4100480 last week. Have been following the Group A protocol,  but now I’m not so certain what group I fall into. Need advice, proceed with patches? Stand pat? Win 7 Pro i7 Haswell 4700 Core

    • #182686 Reply

      TonyC
      AskWoody Lounger

      I took the plunge today and decided to patch my Windows 7 64-bit system (still Group B). Everything appears to be fine, although there was one “hiccup” during the process (see later).

      Following advice in this thread, my installation procedure was KB4099950, reboot, KB4088878, KB4099467, reboot, KB4100480, reboot, KB4096040, reboot. (And, yes, I know that some of the reboots were not necessary. It is just the way that I like to work.) All the patches were downloaded from the Microsoft Update Catalog.

      Then, for Windows Update, I followed MrBrian’s “unofficial” procedure, but the only important update offered that I installed was MSRT (Malicious Software Removal Tool).

      The “hiccup” occurred when I came to reboot after installing the IE11 cumulative security update, KB4096040. My system got stuck at the message “Preparing to configure Windows. Do not turn off your computer.”. I waited about 20-25 minutes, and then I decided to hit the “big red button”. When I restarted my PC, I chose a normal start (i.e. not safe made, etc.). Some diagnostic messages flashed across the screen for a number of seconds but, happily, my PC then appeared to finish off the installation and I was presented with the logon screen. I have never encountered this problem before.

      Anyway, KB4096040 appears in Installed Updates, Update History, and IE11 itself believes it is at the KB4096040 level (11.0.57). So I assume everything is OK.

      2 users thanked author for this post.
    • #182688 Reply

      anonymous

      This is with respect to KB4088875 2018-03 Monthly roll-up.  I installed KB4100480 win 7 2018-03 security and KB4099950 win7 64 bit 2018-03 update since they were the only checked updates when I looked at Windows Update.   KB4088875  was not on Windows Update at this time.  After installing these two updates and the ones for Outlook, KB4018317, and KB2965234, PowerPoint, KB4088875 showed up in Windows Update after restarting the computer.  However it is unchecked.  So my question is do I install this one?  It seems to have a lot of issues listed in the Knowledge Base article.  Should I follow Woody’s rule of not installing anything that is not checked?  Do I need to install KB4099467 since it does not show up in Windows update for either my desktop or my laptop?  Thanks very much for the assistance and advice on this forum.

      • #182690 Reply

        PKCano
        Da Boss

        KB4088875 is unchecked on my computers too, and I have not installed it.

        1 user thanked author for this post.
    • #182691 Reply

      Geo
      AskWoody Plus

      Win 7 x64, AMD.  I uninstalled 480 which really slowed my computer down.  Since I’m a light used I never installed any of the Preview’s.

      1 user thanked author for this post.
    • #182697 Reply

      anonymous

      Is the general consensus amongst the tech gurus helping us here (thanks!) to download and install in this order (if you’re Win 7 Pro x64 Group B with already installed  Jan & Feb security only & IE patches):   KB4099950, KB4088878 (don’t reboot and then install KB4099467 right after and then reboot), KB4100480, and KB4096040?   Or do the above in same order except avoid KB4099467 for now?  Appreciate the help.

      • #182715 Reply

        MrBrian
        AskWoody_MVP

        That order looks right. Whether to install KB4099467 is your decision. I just tested in a Windows 7 x64 virtual machine the installation of KB4088878 followed by KB4099467 with no reboot in between. After a reboot, the Windows booted normally. An updated version of win32k.sys was indeed present, consistent with abbodi86’s analysis of KB4099467. You don’t need to reboot immediately after installing KB4099467.

      • #182760 Reply

        DrBonzo
        AskWoody Plus

        @Anonymous – Aside from the fact that I had already installed 4100480, I did last night what you just described. It was on a Win 7 Starter (32 bit) Intel Atom chip, but it all worked well. The 4099467 install and reboot was very slow but no issues so far.

        I’m about to do the same on my ‘daily driver’ Win 7 Pro x64 SP1 laptop now.

    • #182700 Reply

      Individualist
      AskWoody Lounger

      To anyone out there for whom this may apply…

      I am running Windows7x64 SP1-Group A. I have been tracking this posted Topic since day one and have watched it grow from an anthill to a Matterhorn, soon to become Mt. Everest it appears! What I have been watching for are comments/replies from those with similar machines who have taken the plunge into the depths of the unknown and have updated to the “March Era” of Life With Windows. While all of the comments and questions and replies are valuable, in one way or another, I would really be interested in the experiences and consequential outcomes of those whom HAVE, in real-time or by testing in Virtual Machine, ventured into the unknown…this would be very helpful in making a better informed decision in whether one might jump forward at this point or not relative to W-7 Group A. I am current up to Feb 2018…did not roll back…but have downloaded the stand-alone KB4100480.

      Thank You.

      A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

      1 user thanked author for this post.
      • #182707 Reply

        MrBrian
        AskWoody_MVP

        My experiences:

        I’m in Group A using Windows 7 x64. I installed all updates except for KB4088875 on March 18. On March 25, I ran the fix script (which has since been replaced by KB4099950), and then installed KB4088875. I did not install KB4099467. I’ve had no issues so far.

        2 users thanked author for this post.
        • #182790 Reply

          MrBrian
          AskWoody_MVP

          I forgot to mention that I installed KB4100480 on March 29.

          1 user thanked author for this post.
      • #182716 Reply

        Anonymous

        Ditto Individualist — I’m right here with you eagerly awaiting actual results from folks who installed the March updates in our category.  I’m the same as you except I have KB4100480 installed.  It did not upset anything for me.

        1 user thanked author for this post.
        • #182729 Reply

          Demeter
          AskWoody Plus

          Ditto to both of you. I’m in the same boat, have KB4100480 installed since last week. No March updates. Several of the Updates talked about in the conversation aren’t in my MS Update. Where are they finding them? I’m standing pat, I guess, for now as this is my only machine and I can’t afford to have a major mess up. Would someone please post a simple straightforward answer for Win 7 Group A?  My eyes are crossing & my head is aching from reading all of this. I’m beginning to lose the thread.

          1 user thanked author for this post.
    • #182706 Reply

      Geo
      AskWoody Plus

      Win7x64.  AMD  Lucky Me.  Didn’t know about the 894 install causing the black screen.  Didn’t back up my system.  Installed 894 and got the black screen.  Here’s what happened after 5 minutes or so of the black screen the computer started to function and my system came back on it’s own with out having to take any of the measure’s suggested for the black screen. Uninstalled 894.

      1 user thanked author for this post.
    • #182726 Reply

      anonymous

      Troubles with updating attempt, after seeing the MS-Defcon change and trying to now  update with deferred March updates.

      Win 10 1709 x64, WU autoupdate reg setting disabled, WU service disabled, Update Asst/Orchestrator tasks disabled and app uninstalled, feature days 365/quality days 30.

      Turned on WU service, ran “Check for Updates.”  Got Office updates successfully, and did restart to complete their installation.  Ran “Check for Updates” again to go ahead to the delayed March Windows core updates.  No updates found.  Went to MS Update Catalog, and tried the various Win 10 1709 cumulative update packages released during March — all stopped with an error saying the package did not apply.  (Downloaded monthly delta updates have worked OK for a number of months previously.)   Went back to Settings/Windows Update, turned feature and quality days to 0, ran “Check for Updates” — again “no updates found” message.  What gives?  Has MS paused Win 10 core updating until this week’s April round commences on Tuesday?

    • #182732 Reply

      anonymous

      I’m Win 7 32 bit, group B. Is it safe for me to install March’s Security Updates? The topic seems to be concentrating on advice for Win 7 64  bit users, with no help for 32 bit users…

      • #182767 Reply

        DrBonzo
        AskWoody Plus

        @Anonymous – I have a Win7 Starter 32 bit Atom chip. I installed 4100480 a few days ago. (I was current with Group B patches through February.

        Last night I installed 4099950, 4088878, 4099467, restart, 4096040, restart.

        All is well! 4099467 was VERY slow on my Atom chip so you might need to just give it time, but no issues so far.

        • #182817 Reply

          DrBonzo
          AskWoody Plus

          Sorry everyone. I did NOT apply KB 4100480 to my Atom chip machine as I stated above. Got my computers mixed up. KB4100480 is only applicable to 64 bit machines, not 32 bit.

          Sorry for contributing to the already confusing state of affairs.

    • #182737 Reply

      rhp52
      AskWoody Lounger

      I have KB4088881 in WU>optional >unchecked. This appears to be the March Quality Rollup, but haven’t seen anyone else post this number here. Is this correct or something to be concerned about? I’m running Win7 sp1 x64.   Thanks!

      • #182745 Reply

        PKCano
        Da Boss

        KB4088881 is a Preview. It should be unchecked in the optional updates. You should not install it, instead HIDE it.

        2 users thanked author for this post.
    • #182755 Reply

      OscarCP
      AskWoody Plus

      My PC is running Win 7 Pro, SP1, x64.
      Last week, as the situation was still very confused, I installed the E11 patch, KB4096040, hoping to improve my chances of browsing without being ambushed and killed. So far, E11 seems working normally, with no other apparently unrelated problems that I have noticed.
      Then I started finding postings from PKCano, MrBrian, etc. to install it as pretty much the last patch, after the security only (still waiting to do that, “Hold for now” still being advised in the Master Patch) and those that follow it in the recommended order.

      So my question is:
      Once I decide to install security only kb4088878 et seq., should I first de-install the E11 patch, and then re-install it last, after those others have been installed?

      Thanks.

      • #182761 Reply

        PKCano
        Da Boss

        You do not need to uninstall it. The Windows installer will take care of the other installations if you do them in the recommended order when the time comes.

        1 user thanked author for this post.
      • #182791 Reply

        MrBrian
        AskWoody_MVP

        One can install the updates in any order, with the exceptions that have been noted already in this topic.

    • #182757 Reply

      SueW
      AskWoody Plus

      As many have done, and it was a huge help to me, I am posting my results in the hopes that others might benefit:

      – My computer was up-to-date through February, and I installed KB4100480 last week as I did not want to uninstall January & February Security Only updates.

      – Imaged my disk with Macrium Reflect earlier today.

      – Downloaded KB4099950, KB4099467, KB4088878 (W7x64 SO), and KB4096040 (IE) from the Windows Update Catalog (see Note below) and PKCano’s list for Group B.

      – Installed, in order, KB4099950, KB4088878, and KB4099467 and then rebooted.

      – Then installed KB4096040 and rebooted.

      – Checked for updates (and hid as necessary):

      Important:
      – 3 March Office 2010 Security Updates (Access, Excel, Word) – all checked
      – 2 April Office 2010 Updates (Outlook, PowerPoint) – all unchecked; did not hide these
      – 2018-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088875) <= was unchecked; hid
      – Update for Windows 7 for x64-based Systems (KB2952664) <= was checked; unchecked & hid
      – Windows Malicious Software Removal Tool x64 – March 2018 (KB890830) – was checked
      Optional:
      2018-03 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088881) <= was unchecked; hid

      – Checked for updates again, and then installed the same above checked updates (4)

      – My computer seems to run the same as it’s been running (Phew!)

      Note: The link to the Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Home.aspx.  Just type your KB number into the search box.  From the results, make sure to select your ‘bittedness’ (x86 or x64).

      “Many thanks” once again to Woody, MrBrian, PKCano, and everyone else who continues to contribute their time and expertise to AskWoody!

      Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

      6 users thanked author for this post.
      • #190556 Reply

        Ed
        AskWoody Lounger

        @suew… Thanks for your precise installation breakdown, I followed your routine and everything appears to be fine! So far, anyhow.

    • #182774 Reply

      Thanks to MrBrian, GoneToPlaid, and others who have helped me slog through this “Slough of Despond” patching nightmare.  Update:

      Applied (in order) KB 4099950, KB 4091290, KB 3185319, KB 4099467, and the dreaded KB 4088875 (“Aaaaargh!), THEN rebooted, ran around the block widdershins three times, touched an object made of wood, (just kidding, that’s not from Redmond) and came back to the PC.  Here’s what happened:

      Upon reboot, the “trusted installer” ran it’s head off for several minutes; I didn’t start ringing things out until the CPU was quiet, and the “trusted installer” turned itself off.  Much to my horror, the internet connection was gone.  As I had already applied the patch that was supposed to fix the wiping of IP addresses, I surmised that it hadn’t taken properly.  Ran every diagnostic, couldn’t find the issue. Did the next best thing: rebooted.

      It worked. (Put down the chaser, and let out a breath.) Interestingly enough, the “trusted installer” (trusted by who? Not me…) was still running for another few minutes on this boot, THEN the internet connection kicked in.  Still can’t figure this part out.

      Notes that may be useful:

      1. When manually installing KB 4099467, the manual installer took 5 minutes to rummage around the system looking for updates-very slow.

      2. The whole process took 1.5 hours today to run and ring out, far less than what I imagined, thanks to all the wonderful people on this site!

      3. Patches were applied over a period of 3 days.

      4. “Speccy” is a great little tool; thanks to GoneToPlaid for steering me to it.

      5. Steve Gibson’s InSpectre” still shows my CPU vulnerable to Spectre,

      I’m going to have a little lie-down now, and let y’all know if anything weird happens after this, if anything. (We all live in Hope.)

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      3 users thanked author for this post.
    • #182780 Reply

      Anonymous

      On a whim I decided to install KB99950

      (I’m windows 7 Group A and have already installed Jan and Feb rollups and KB4100480).).

      And guess what — miraculously when I checked for updates KB4088875 appeared unchecked.  I keep putting my toe further in the water.  Should I go ahead and now install KB4088875 (no reboot) and then KB40999457 (reboot).  Be still my beating heart!!!  Or should I stand still at this point since KB4088875 is unchecked.

      1 user thanked author for this post.
      • #182823 Reply

        Individualist
        AskWoody Lounger

        @peacelady

        I followed your ‘whim’ and just installed KB4099950…also went ahead and did the MSRT while I was at it and had the same results as you stated…KB4088875 miraculously appeared, also unchecked. My heart still be beating though!! At least I know that I am not alone in some paddleless boat up some scary creek! Keep sharing, as your boat looks eerily similar to mine at this point…however you seem to be a tad braver than me. 🙂

        A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

        1 user thanked author for this post.
        • #182838 Reply

          Anonymous

          Hi Individualist,

          It does appear that we are in the same boat.  My dilemma is twofold:  1) KB4088875 is unchecked and Woody said don’t install unchecked stuff.  2)  I’m nervous when it comes to performing the “secret handshake” between installing KB4088875 and then ticking “cancel” in order to reboot after installing KB4099467.  Truth be told, in preparation, I went to the Update Catalog to download KB4099467 to put it on my desktop to have it available instantly after KB4088875 and by mistake it installed — so I had to remove it.  Any detailed instructions on how to initiate this “delicate dance” would be greatly appreciated.  Let’s hope this gets resolved soon!

           

           

          1 user thanked author for this post.
    • #182808 Reply

      anonymous

      From:YP

      DrBonzo you said that you had installed KB4100480 on the 32bit Atom.  I thought this update is available for 64bit only.  Is this a mistype  or was the available via update?

      • #182811 Reply

        PKCano
        Da Boss

        KB4100480 is supposed to be for 64-bit systems only. 32-bit are not vulnerable.

        1 user thanked author for this post.
      • #182816 Reply

        DrBonzo
        AskWoody Plus

        @YP – Sorry, my mistake. When I wrote that I had just finished updating my 64 bit core i3 to which I had applied 4100480.

        For what its worth, I just reread my post about the Atom and everything else is correct. But PKCano is correct: KB 4100480 is not applicable to 32 bit systems.

    • #182825 Reply

      Bob99
      AskWoody Lounger

      I have a Win 7 x64 SP1 installation with an Intel i5-750 (1st generation Core) CPU,  an Intel motherboard and nVIDIA-based graphics card.

      Installed Jan and Feb rollups with no issues when Woody gave the go-ahead each time.

      Installed KB4100480 on April 1st with no issues, rebooting afterwards. Installed it via its listing in Windows Update.

      Yesterday, I successfully installed KB4099950 and rebooted afterwards. As with KB4100480, installed via its listing in Windows Update.

      Today, I bit the bullet and successfully installed KB4088875, March’s rollup, from within Windows Update and rebooted afterwards. No issues upon reboot nor during a subsequent logoff and login (letting someone else use the booted up computer) nor during a subsequent shutdown and restart. I looked in the Event Log to see if there were any entries in there for shutdown problems, and there were none.

      All of the above updates were installed in the sequence listed and were installed alone, one at a time, without installing any other updates at that time.

      I have not installed KB4099467, but I did download it from the Catalog in case it would have been needed. My plan was to install it if I’d had any problems during shutdown as, from what I’ve read from others here, it didn’t stop others from being able to shut down and reboot back to the desktop, it just slowed down the shutdown with a black screen for a few minutes.

      I also checked for the proper installation of KB4100480, and when I ran it as if to install it from the file I downloaded from the Catalog, it reported it had already been installed on my machine, so there was no need to reinstall it.

      Bottom line: If you’ve already installed KB4100480, then install KB4099950 FIRST and then install KB4088875. It will leave KB4100480’s updated files alone while it installs the rest of itself. Whether or not you’ll need to install KB4099467 afterwards is anyone’s guess, unfortunately. YMMV.

      BTW, I haven’t noticed any performance slowdowns at all, so maybe the Intel microcode update for my processor isn’t included in KB4088875. I’ll see how things go performance-wise after installing either the April or May rollups. As before, My MMV.

      5 users thanked author for this post.
      • #182841 Reply

        Individualist
        AskWoody Lounger

        @bob99
        Thank you…this is the comment I have been waiting for after reading what now appears to be up to 345+ replies to this topic…I am down to just the remaining KB4088875!! Tomorrow will be the big day…off to try and get a good nights sleep now and pray nothing changes between now and then. 🙂

        A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

    • #182840 Reply

      Anonymous

      OK kids:  here goes.  I have KB4099467 on my desktop and I am going to bite the bullet and install KB4088875 and KB4099467.  I’ll report back.

      1 user thanked author for this post.
      • #182852 Reply

        Anonymous

        I hope I won’t have to eat these words but I installed KB4088875 and KB4099467 and all is well!  I tried a few times to log off and did not get the BSOD.  I did get both the updates from the Microsoft Catalog — don’t ask me how I finally did the “kabuki dance” trying to install at first without reboot — but down loading them both first to the desktop was my route.  If I subsequently get the BSOD upon logging off I will let you all know and in that case I’ll uninstall the two updates and probably wait for April.  This has been a nightmare but I am so grateful to all on this blog for your expertise, generosity and support.  I couldn’t have done it without you.

        4 users thanked author for this post.
        • #182955 Reply

          GoneToPlaid
          AskWoody Plus

          If it was going to BSOD, it would have done so the first time.

          1 user thanked author for this post.
          • #183426 Reply

            Anonymous

            I am terribly sorry to have to tell you all that I got the BSOD once yesterday (which I thought was unrelated) but just now got it again and it’s the pool_exit thing.

            I just uninstalled KB4088875 and KB4099467.  I have the January & February patches installed and I have KB4100480 and KB4099950 still installed.

            In your expert opinions, should I leave KB4099950 installed?  Should I roll back everything to December?  I’m nervous and disgusted. 🙁

            • #183430 Reply

              PKCano
              Da Boss

              Are you still having the problem?

              If you are not still having the problem, you should just sit tight and do nothing for the moment. KB 4088875 was not checked for most people and probably should not have been installed for that reason anyway.

            • #183439 Reply

              Anonymous

              @pkcano
              Thank you – that’s exactly what I will do. I’m staying put and will follow the threads on the April updates until we get the go-ahead on them.

    • #182842 Reply

      ht
      AskWoody Lounger

      Win 7 x64 SP1, group A. Up to date through February. Like others I installed kb4100480 and subsequently kb4099950, but I’m getting neither KB4088875 nor KB4099467, even after rebooting, when I re-check for updates. Don’t know if its absence is an issue since I didn’t plan to install KB4088875 (especially if it’s unchecked), had planned to see what sugars out in April. My question is whether my NOT getting KB4088875 warrants my further attention and, if so, what more I can do to “bring it on” (e.g., should I hide the unchecked preview rollup that is listed in the “optional” section?).

    • #182845 Reply

      Bill C.
      AskWoody Plus

      Glad to hear you updating went well.

      I have a Win 7 x64 SP1 installation with an Intel i5-750 (1st generation Core) CPU, an Intel motherboard and nVIDIA-based graphics card.

      <<<<Snip>>>>

      BTW, I haven’t noticed any performance slowdowns at all, so maybe the Intel microcode update for my processor isn’t included in KB4088875. I’ll see how things go performance-wise after installing either the April or May rollups. As before, My MMV.

      I hate to be the bearer of bad (but maybe good) news, that CPU is an Intel Lynnfield (2009), an bit newer than my Win7-64Pro Intel Bloomfield i7-960 on an Intel DX58SO2 MB. While initially the Intel website did show firmware in a “being studied” category for my CPU, the master status list is now unavailable (or behind a log-in) and I read on the site that first gen i5 and i7 CPUs were not going to get a firmware update as the data on the original BIOS for my board was no longer available.

      I too saw minimal slowdown on that machine, but on my Win7-64Pro laptop with a 4th gen i5 was fairly significantly slower, but only after the Lenovo UEFI/Firmware update.

      • #183537 Reply

        Bob99
        AskWoody Lounger

        While initially the Intel website did show firmware in a “being studied” category for my CPU, the master status list is now unavailable (or behind a log-in) and I read on the site that first gen i5 and i7 CPUs were not going to get a firmware update as the data on the original BIOS for my board was no longer available.

        @bill-c

        Well, I have dug up some news for you. As of the April 2nd. release of their microcode update guidance, microcode development/production for your generation of processors, Bloomfield, has indeed been discontinued. The production for all Lynnfield processors is in full swing for now. However, I doubt Intel is going to release a BIOS update for my board at all, so I’m completely at Microsoft’s mercy as far as receiving any microcode update.

        I found the April update from Intel at this link. It shows your processor family in red, indicating that Intel has decided to stop production of microcode updates for that family. Please read the very last bullet point under the “LEGEND” heading; it’s for the “Stopped” production status. That is a very good explanation of exactly why Intel decided to stop production of microcode updates for certain entire families of processors, not just your family.

        2 users thanked author for this post.
    • #182827 Reply

      anonymous

      Anonymous #182243 here–with an update on MY “Group A” results on Win7Pro 32bit, based on the wonderful help obtained here.  Particularly, thank youS to CyberTooth and Elly, plus the sundry excellent guiding thoughts from PKCano, MrBrian and so many others.  What a community!

      Firstly, I happened to notice I’d errantly installed evil KB2952664 back in Nov 2017, so I uninstalled it (that took over 1/2 hour to complete even after WU said 100% complete…)

      Started with a machine updated with Jan/Feb stuff, Group A-style.  Taking a look at WU, I was, today, offered up (all checked) KB4099950, KB4033342, evil KB2952664 and MSRT KB890830.  Per advice of CyberTooth and Elly, I unchecked and hid 3342 and 2664.  Next, I allowed install on 9950 without issue.  WU then showed KB4088875 (unchecked), KB4033342 (which I unchecked and re-hid), plus MSRT 830 and Smart Card KB4091290 (which I unchecked and hid).  I also hid any Preview stuff on Optional category.

      I then allowed MSRT without issue.  Only weird thing was an alert, upon reboot, that “C++ application development framework has stopped working.”  I re-rebooted and this alert did not reappear, so, I’m hoping all is OK.  Otherwise, PC seems to be working fine.

      For now, since unchecked, I’m taking no action on KB4088875.  I’ll keep watching commentary to decide if/when to do anything about tha