Full details — and there are many — coming in Computerworld.
[See the full post at: MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching]
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching
- This topic has 455 replies, 81 voices, and was last updated 5 years ago.
AuthorViewing 125 reply threadsAuthor-
Oh-oh. “Victims” sounds especially ominous. I have a sinking feeling and don’t want to screw-up my machine as it’s performing fine now. Awaiting further details on Computerworld. Win 7 Pro x 64 i7-Haswell Core
1 user thanked author for this post.
-
-
I am now officially as “old as dirt” as I “get” both of your references. Which explains why I stubbornly declined the multiple offers by Microsoft to “upgrade” me to Win 10 when it was a freebie.
-
Same here. And the never-ending months of increasingly botched updates, plus the need to avoid installing telemetry updates, has given me a lot more white hair. The only upside to all of this is that everyone at the office thinks that I look more distinguished.
10 users thanked author for this post.
-
-
Telemetry: Win7 KB 2952664, Win8.1 KB 2976978
1 user thanked author for this post.
-
-
Hello heybengbeng,
Welcome to the Lounge. It sounds like you are doing Group A updating, on Windows 7, last having updated with January patches. The January patch had the Total Meltdown bug included.
The usual pattern of updating here is to wait for the Defcon level to change… and Woody writes a post like this one, and it always includes a link to a ComputerWorld article. You only need to follow Woody’s instructions for Windows 7, Group A. This month is a little different because he points out there are potential problems for Windows 7, and that users need to make a choice about what option they want to follow, in addition to being Group A or B. Woody has done an awesome job figuring out what the problems are, and what the different options are. You need to make a decision about what path to take… and then follow the instructions for that path.
In #182158 I isolated out what Woody was saying for Windows 7, Group A people, in his ComputerWorld article. It also has links to information on telemetry in Windows 7, and the Knowledge Base article on Group A updating.
The March Rollup will include February’s updates, so you don’t have to go back and patch that separately, if you decide to install March’s Rollup.
Non-techy Win 10 Pro and Linux Mint experimenter
1 user thanked author for this post.
-
-
Group A is the updating recommended by Woody for most people. It uses the Monthly Quality and Security Rollups that are offered through Windows Update. These are cumulative, and if you apply the most recent one, you are up to date.
Group B uses Security Only patches that must be individually applied. They are not offered through Windows Update. There is a Security Only patch issued for every month, since the Rollups started, and each month’s patch must be applied for your OS to be fully patched.
I assumed, since you said rollup, that you are doing Group A updating.
Non-techy Win 10 Pro and Linux Mint experimenter
-
Have the telemetry patches made it into any of the Monthly roll-ups to date? It seems like that is a separate course on the WU menu so far.
1 user thanked author for this post.
-
-
“Have the telemetry patches made it into any of the Monthly roll-ups to date? It seems like that is a separate course on the WU menu so far.”
See my post “What evidence exists that Group B gets less telemetry than Group A?”
1 user thanked author for this post.
-
-
-
ok – this is probably a stupid question – but how do you know if you have Windows 7/server 2008 R2?
When I click on computer and properties mine says – windows 7 home premium, service pack 1 but nothing else. It is a 64 bit machine with an intel core i7 processor if that matters.
-
You have Win7. The “/” means “or.” Server 2008 R2 is a different kind of computer.
1 user thanked author for this post.
-
-
Right click…
Non-techy Win 10 Pro and Linux Mint experimenter
1 user thanked author for this post.
-
-
The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.
1 user thanked author for this post.
-
-
now i’m totally confused. if i have to install kb4099950 and kb4100480 first, why aren’t these listed in article 2000003? if i just would have followed that, i would have done everything wrong… what a mess!
is this order/sequence correct?
1. kb4099950
2. kb4100480
3. kb4088878
4. kb4096040for now i stay group w. i’m not going to install any of march updates, i also won’t install kb4099950 and kb4100480. i also won’t rollback to december, so i’m staying on february patch level for a while, relying on panda endpoint protection and noscript (firefox), ublock (chrome)…
1 user thanked author for this post.
-
Follow this order
1. kb4099950
2. kb4088878
3. kb4100480
4. kb4096040now i’m totally confused. if i have to install kb4099950 and kb4100480 first, why aren’t these listed in article 2000003? if i just would have followed that, i would have done everything wrong… what a mess!
The instructions in AKB2000003 are for Group B. Group B does not include the things like hotfixes Microsoft has issued this month.
Group B is getting almost impossible to follow unless you are extremely computer literate. That is why we have been recommending people choose otherwise. -
-
-
“Would it be a good idea to install KB4099467 as well to mitigate the possible BSOD on logging out issue? I assume it’d be best to install it last if so?”
I consider whether to install KB4099467 a close call. I chose not to; I haven’t experienced the issue that KB4099467 fixes yet. For those that install KB4099467, I think it’s best to do so in this order:
1. Install KB 4088875 or KB 4088878. Do not reboot.
2. Install KB 4099467. Reboot.
-
-
“so if installing kb4099467 would make this sequence:”
Looks good to me.
1 user thanked author for this post.
-
-
-
-
Internet Explorer (IE) was integrated into the Windows Operating System, by Microsoft. Even if you don’t use it, since it is part of your OS, you need to keep it updated.
There are problems that we are dealing with, the last three months, that are related to bugs in the patches that Microsoft has issued. Those are the ones related to NIC, causing network connection problems you refer to. They are potential side-effects of patching.
There are other problems that you might not be aware of, but are vulnerabilites to malware or viruses, that are patched by the Security Only, or security part of the Rollup patches. You wouldn’t be aware of them, until after your system is compromised, but the patches help avoid getting them in the first place. Actually, some are so sneaky, you could be compromised, and not be aware of it, and be spreading bad stuff to others. You could go years and not get any (depending on your browsing and downloading habits) even if these openings to malware exist on your system… but it is probably better not to be vulnerable.
It would be wise to review how you are patching, and make sure your system is up to date.
Non-techy Win 10 Pro and Linux Mint experimenter
1 user thanked author for this post.
-
-
The Monthly Rollup contains three parts: non-security updates, security updates, and the IE11 Cumulative.
Those who do not install the Rollup need to install the Security-only update and the IE11 Cumulative. So they get two of the three parts on the Rollup.
1 user thanked author for this post.
-
-
-
-
-
-
-
-
-
-
-
The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.
1 user thanked author for this post.
-
-
From Woody’s Computer World Article:
“As of this moment, EVERY Windows 7 / Server 2008 R2 64-bit patch released this year opens a gaping security hole commonly called “Total Meltdown.” In addition, recent patches have a healthy collection of bugs that range from blue screens (STOP messages), to blocking Internet Explorer 11, to a particularly debilitating bug for folks running servers that leads to lockups due to SMB leaks.”
That is EVERY Windows 7 64 bit patch… which means using any of those patches will open up an easily exploitable hole in your system… although they will ‘patch’ regular Meltdown and Spector vulnerabilities, that do not, as yet, exist in the wild…
Hmmm… big, easily exploited hole that even novices can code for, or patches for relatively difficult exploits not in circulation…
or, phrased differently…
Huge risk (install patches)… vs. almost no risk (don’t install patches)…
I’m not confused… I’ll go the almost no risk route…
And I didn’t even address the other risks (BSOD) the patches have…
The evidence for not patching gets stronger…
But, as always, back up your data!
Non-techy Win 10 Pro and Linux Mint experimenter
-
-
-
-
Woody’s Computerworld article doesn’t mention KB4100480. As I understand the situation, there are two basic choices: (1) Forget about KB4100480 and roll your machine back to the December patches; (2) Keep January/February patches and install KB4100480.
-
Woody’s article in Computerworld went online a little while ago:
Get the March patches for your Windows machines installed, but watch out for Win7
I am not feeling lucky, and am choosing to hold tight, Group B updating current to December 2017.
Microsoft hasn’t been able to manage patching, and I can’t help hope that they realize that, and return to individual updates… three months of unsafe patching havoc, and soon we will be face to face with month four… and for me, the safest thing is to sit (temporarily, I hope) on the Group W bench.
Non-techy Win 10 Pro and Linux Mint experimenter
10 users thanked author for this post.
-
Elly, I am feeling lucky and still holding on Dec 2017 updates, to see what April brings.
Probably more showers!
Keeping IT Lean, Clean and Mean!5 users thanked author for this post.
-
I’m with Elly. My Win7 64b now restored to Dec 2017. I suspect IE updates are a separate track not needing roll-back (guidance did not address), but I zapped those as well. Don’t use IE anyway. At this point, I am not willing to ass-you-me ANYTHING. Like a 3rd or 4th remarriage, waiting for M$ to miraculously set everything right in April seems to me the triumph of hope over experience.
So I too now sit on the Group W bench. And I’m not leaving until there is compelling reason to do so.
Whoever came up with “When the going gets tough, the tough get going!” did not anticipate being Group B in 2018! If she had, she would have written “When the going gets tough, the tough remain determined but follow a rational plan, and the reckless plunge into the unknown!” I have to admit, though, the original phrasing is more catchy!
May The Force be with us!
I’m on Win 7 x64 and I installed the March patch that should fix the whole exploit that Microsoft caused and wow… THAT was a mistake! That update made my machine glitch out and run extremely slowly, it took about 2 seconds just to open explorer, folders, files etc which made me crazy. I uninstalled the update and now things are running normally.
-
-
-
-
-
-
I can’t remember offhand what version of Win10 locked down staff PCs (that automatically reimage when rebooted) at work are, since I’m off today, but we’re still getting the forced upgrade attempted, necessitating shutdowns on those (the upgrade will fail anyway because of the blocks, and a reboot will reset the PC). They’ll get bumped up next month, and I did pass on the image file execution options debugger registry method to IT to block upgrades, as it is working for me (although I am biting the bullet and upgrading now).
-
-
See my comments in the thread about blocking updates: I ran the script from pastebin by AveYo that was linked, without any modifications, although it was a recent version of the script as I download it over a week ago, when I started on the slow process of updating two computers that hadn’t been run in about a year, one with a bunch of programs on it and heavily modified that therefore took a while to prep (mine 😀 ). However, since my PC took a while to get ready and has been rebooted multiple times and has been online with the exception of the actual installation of the 1709 .iso, it was a good test of the script since MS did start sneaking on the prep patches before I yanked out my wifi adapter, uninstalled the one that snuck on, and ran the script. Interestingly, MS doesn’t wipe the registry settings when actually upgrading Win10, so you do have to remember to rerun the script to toggle updates back on to get fully updated after upgrading.
1 user thanked author for this post.
-
-
-
-
If you don’t have an overwhelming need for Windows – that is, if you don’t need to run a program that only runs on Windows – seriously look at Chromebooks, too.
Google mines all your data. Apple doesn’t. That’s a dealbreaker for some. But if you’re using Chrome and Google Search anyway, the Chromebook is fine.
-
Women and children only! Men go down with the ship. The Carpathian is on its way.
Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.
2 users thanked author for this post.
-
-
…or consider running Linux Mint on your current computer.
Get a good backup of the whole thing, create a Linux Live DVD, and run it for a while, to see what you think. If you like it, click the Install icon.
Group "L" (Linux Mint)
with Windows 8.1 running in a VM-
That’s the best Windows patch, EVER!!! 😉
Windows 10 Pro 22H2
-
-
What about ChromeOS?
Windows 10 Pro 22H2
-
Woody has a blank check – the rest, well…..
Stay on topic. Not every thread is about Linux!1 user thanked author for this post.
-
🙂
Windows 10 Pro 22H2
-
-
No, as of this time I still won’t patch my Windows 7 x64 systems as I consider this mess still not resolved to my satisfaction. They will stay at the December 2017 patch level for as long as necessary.
I will, however, patch my Windows 8.1 x64 systems with the March Security-only updates soon.
Hope for the best. Prepare for the worst.
4 users thanked author for this post.
-
This is exactly the way I plan to handle this mess now that I’ve uninstalled the January and February patches from my Windows 7 x64 desktop PC. Staying in Group B is getting more difficult by the month, but not impossible thanks to Woody and all the other knowledgeable contributors on this site. A big thank you to everyone.
-
We still have to patch the Win7 boxes at work for obvious reasons, but I’ve thrown in the towel on my home Win7 systems.
Whether by sheer incompetence or malicious intent, Microsoft is dismantling (brick by brick) the previously-reliable, stable, and hassle-free experience that Windows 7 provided for so long. And I don’t believe it’s just Spectre/Meltdown related.
I’ve upgraded all but two Win7 boxes at home to 8.1. The last couple are Group W effective immediately. Rolling back to December 2017, with no more ‘net access for those guys.
My other tinfoil hat wonders how long it’ll be until Microsoft does the same to Win8.1.
-
My sentiments and thoughts exactly. How coincidental and opportunistic for an ailing PC market over the last few years.
Keeping IT Lean, Clean and Mean!3 users thanked author for this post.
-
My other tinfoil hat wonders how long it’ll be until Microsoft does the same to Win8.1.
I’m wondering, too. Win 7 has less than 2 years of extended support left. Win 8.1 dropped out of mainstream support in January & has less than 5 years of extended left. Sadly, when Microsoft can convince (or force) most of the remaining Win 7 users to upgrade to Win 10 Whatever, then Win 8.1 is the next target.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...3 users thanked author for this post.
-
I don’t think that MS will ever get around to attacking Windows 8.1 like they have Windows 7. Windows 8.x is in use by such a small cadre of users (on par with the number of users that are still using XP four years after it stopped getting regular security updates) that it seems to be below the radar. Windows 7 is the big target. Windows 8, as far as most are concerned, is already dead.
The tech press has repeatedly told us (during the days when the “should I take the free upgrade to Windows 10” articles were all the rage) that while Windows 7 users may well want to avoid the upgrade, it’s a no brainer for Win 8 users to move to 10. The message appears to have gotten through, as I’ve seen so many comments on various sites where people have written that as bad as 10 is, 8.x is worse.
Naturally, I will always take that opportunity to point out why I think 8.1 is far better than 10, but it is shoveling sand against the tide. It is obvious that the idea that 8.x is even worse than 10 is pretty widespread, almost considered common knowledge. It’s just a small group of tech-savvy people who use 8.1 now; it’s kind of an open secret of sorts among people who know how to de-silly it and get the extra three years of support out of it as well as avoiding at least this one latest Microsoft “Oops!”
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon -
-
-
-
So far all the Win7x64 OS patches with a 2018 date have been poison. I’m standing pat at December 2017, maybe going to group W.
3 users thanked author for this post.
-
In your case, assuming that you are using a x64 operating system, if you want to fix the Total Meltdown vulnerability, I would install KB4100480 now. There should be no need to uninstall KB4100480 later when you’re ready to install KB4088878. Before you install KB4088878, you should install KB4099950. You may wish to consider whether to install KB4099467. If you do decide to install KB4099467, it’s probably best to install KB4099467 after KB4088878 but without a reboot in between.
-
I’m under the impression that you can leave KB4100480 installed and it’s newer files will not be overwritten but remain in place due to Smart features. I installed KB4088878 tonight after installing KB4100480 last wkend. I think MrBrian tested this and the files weren’t overwritten. So I’m hoping that’s the case and I’m protected from Total Meltdown.
Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit1 user thanked author for this post.
-
“Was NOT offered KB4088875, so assume that March roll-up has been pulled”
KB4088875 has not been pulled. See https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182023.
1 user thanked author for this post.
-
Took the plunge on Win 7.
Had already installed KB4100480 last wkend. Tonight, installed KB4088878, infer that KB4099950 was bundled with it, KB4096040, all from the catalog. Installed 3 Office security patches via WU. WU was offering KB2952664 as a checked important update. That is now hidden.
So far so good. PC is functional, posting from it.
Thanks to everyone here guiding this very difficult path.Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit1 user thanked author for this post.
-
-
I’m not sure but I think it’s better to be safe than sorry, and install KB4099950 before.
1 user thanked author for this post.
-
-
“So just to be sure the monthly roll up for win7 32bit is clean right?”
I disagree. Of the issues listed at https://support.microsoft.com/en-us/help/4088875, there is nothing there that is noted to be specific to 32 bit or 64 bit except for issue “A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled.”
-
-
“It says there that the update is only made available if the machine has PAE enable, is this true or false?”
Good catch :). I didn’t notice that before. I don’t have any independent info if that’s true or not. That issue should only apply to those who use a 32-bit processor with the 32-bit version of Windows. 64-bit Windows users have the Total Meltdown vulnerability issue though.
2 users thanked author for this post.
-
-
Unless otherwise noted, in my opinion it’s best to assume that any given issue may affect either Windows x86 or Windows x64.
1 user thanked author for this post.
-
Ok thanks, I will wait till Monday to see if anything pops up then I will update
1 user thanked author for this post.
-
? says:
i must be the only operator of windows 7 32 bit with PAE disabled. after enabling PAE, KB4088875 appeared in microsoft updates on 32 bit win7 rescan. i previously had two blue screens on two intel powered machines trying to apply KB4088878. see post #176939 on 03/19/2018. i made the false assumption that since DEP was on i had PAE enabled. to enable it if needed:
https://msdn.microsoft.com/en-us/library/aa366796(VS.85).aspx
for PKCano, long live Linux!!!
2 users thanked author for this post.
-
-
-
-
Big decision for some Windows 7 users either roll back to December or patch up for March.
If you decide not to patch then go to Group W permanently IMO.
I have patched up on 2 Windows 7 64 bit machines and my dual core laptop actually seems lighter as if it is not running as many background tasks and I am fighting the decision now to move this machine from group B to W.
Can we trust MS on Windows 7 ever again? Is Windows 7 important to MS now?
1 user thanked author for this post.
-
Anonymous:
The way forward, as I see it, is not trusting MS, but going along while taking precautions such as: back up, back up, back up. And make a restore point before every install.
And, at least for people still with Windows 7 and 8.1, wait a few more months while doing that, to see what happens.
It the situation does not improve enough by July or August, then I think it would be advisable to get as back up a non-Windows COMPUTER (or make a dual-boot install of a second OS in the now Win 7 machine). The second computer/OS could be either Mac or Linux. Then start practicing with it, if not familiar enough already.
And if one has Win 7, once we get to January and its end of life for support (o earlier, if things get much worse before that), I would say: it’s time to take the jump.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
-
-
I haven’t decided either…I downloaded a copy of 1709 on a USB just in case, but I’m going to, as you said, ride it out for a while and see how 1803 will be. I would also like to maintain the once every 18 months upgrade frequency, whenever possible, don’t want Windows to take over my life at an upgrade every 6 months.
1 user thanked author for this post.
-
Technical info about KB4100480:
https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179854
https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179396
Technical info about KB4099467:
I decided to roll back all of my Windows 7 Group B computers to December 2017. Why? Because even though the March updates fix the Total Meltdown vulnerability which allows any program to read any other program’s memory and the kernel memory, the 2018 patches for Meltdown and the March 2018 patch (which introduces Intel’s new CPU microcode to fix Spectre), do NOT fix the BranchScope vulnerability which is similar to Spectre. In other words, it is back to the drawing board for Intel in terms of having to create yet another round of new CPU microcode which will prevent BranchScope. Do you all think that Intel will decide to do something about BranchScope? I don’t think so. I think that they will leave that up to the antivirus manufacturers since Intel can now claim that their solutions for both Meltdown and Spectre are done.
It is worth noting that it probably is best to rely on Microsoft to bake Intel’s CPU microcode into Windows. Why? Because if you install a BIOS update from your computer’s motherboard manufacturer which prevents Meltdown and Spectre, most likely you will NOT be able to undo the installed BIOS update. It all depends on the motherboard manufacturer in terms of whether or not they will let you reinstall an older BIOS update. Some do, yet many don’t.
If you all Windows 7 users decide to roll back to December 2017 for the time being, then here are some things to consider:
1. Make sure that you only use the latest versions of the Crome and Firefox web browsers. The latest versions incorporate fixes which prevent Meltdown.
2. Make sure that you get IE updated with the March 2018 Cumulative Update for IE. This is especially important for laptop owners who have activated LoJack for Laptops in the laptop’s BIOS. LoJack is a product of Absolute Software. LoJack is tracking software which is used by law enforcement to recover stolen laptop computers. The reason for making absolutely sure that laptop owners, and any desktop owners who have purchased LoJack, is that LoJack launches hidden instances of IE in order to use IE to communicate with Absolute Software servers. Several security specialists consider LoJack to be malware. I agree with them.
3. Be really careful about whatever new software you decide to install on your computer. Why? It is not clear if antivirus manufacturers can detect software which tries to exploit Spectre or BranchScope before the software is actually installed. Detection of software which exploits these vulnerabilities might have to be done in real time, after the software is already installed and running.
9 users thanked author for this post.
Woody staff, pls stop all this chatter, and once and for all tell us what KB’s we should have as provided by MS and then what to do!!!
Woody says “dont install anything not checked, and dont go looking for updates not downloaded by the Windows updater”. Many seem to be seeking KB’s on their own.
I’m in Group A and I previously installed January and February downloaded and checked updates. I have done nothing since. All that Windows is currently providing is one checked file KB4100480. KB4099950 is unchecked and optional at this point.
Earlier in the month I received KB4088875 (March) and then KB4088881(Preview) they were both withdrawn over one week ago and no longer appear on the updater. So as of this minute, I have only one checked update pending KB4100480.
Anybody else?
1 user thanked author for this post.
-
You have already installed the January and February monthly rollups, and as such, are vulnerable to the Total Meltdown hole that they include. There is no one good, safe choice at this point… you are going to have to weigh the risks and decide what path to follow.
Woody gives the following choices for Windows 7:
– If you’re willing to wade through the hassles — blue screens, leaky memory, and a cornucopia of additional bugs — go ahead and install all of the CHECKED Windows updates. Realize that your machine may slow down, even if it’s still going strong after the January and February patches.
-If you don’t need the headache, and you’re reasonably sure nobody’s going to attack you with a Total Meltdown push*, don’t do anything. Don’t install any of the March patches.
-Otherwise, take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. You’ll lose some worthwhile fixes, but at least you won’t be wide open to Total Meltdown.
I’m not being offered KB 4088875, the March monthly rollup, through Windows Update, either. It was there on patch Tuesday, but disappeared shortly afterward.
Woody warns:
“Realize that some or all of the expected patches for March may not show up or, if they do show up, may not be checked. DON’T CHECK any unchecked patches. Unless you’re very sure of yourself, DON’T GO LOOKING for additional patches. That way thar be tygers. If you’re going to install the March patches, accept your lot in life, and don’t mess with Mother Microsoft.”If you are not going to uninstall the January and February updates, you should probably install KB4100480, which mitigates the Total Meltdown vulnerability that is present in all Windows 7 patches so far in 2018… which puts you on track to follow How to Apply the Win 7 and 8.1 Monthly Rollups. If you are going to follow the usual Group A updating, remember to install, reboot, recheck… and repeat until there are no new checked updates offered.
Which ever choice you make… step forward, freeze in place, or go back to December… back up… make a restore point… be prepared to deal with any bugs… You should be prepared, anyways… we just aren’t used to patches being the problem we have to worry about.
We all want to be in that lucky group that has no problems… Without a clearly safe alternative, every option has its risks… Come back and join the ‘chatter’ and help some other frustrated and confused person, by reporting what your choice was and what the results are, good or bad… You are not alone.
Non-techy Win 10 Pro and Linux Mint experimenter
-
-
For the time being I am freezing myself at: Installed KB405689 & KB407458, Jan. & Feb. Security Monthly Roll-ups respectively. KB4100480 installed 1 week ago. No issues, machine performing fine. I am not willing to wade through the morass as I am definitely on the “low to fair” end of the techie scale. Win 7 Pro x 64 i7 Haswell
PS What a long, strange trip this is compared to the days when I had MS Update settings at “Automatically download & install (recommended)” & never gave them a second thought.
1 user thanked author for this post.
-
Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.
1 user thanked author for this post.
Maybe these questions are totally off-topic but since I read about them I’ve been wondering whether they might be important clues to the root causes of the ongoing Windows 7 / Server 2008 R2 mess that started January this year? Just saying…
1. Spectre mitigations
Windows kernel modules are being recompiled with a new Visual C++ directive (the /Qspectre flag) which inserts special assembly instructions acting as a “speculation barrier” by serializing execution on critical pieces of the OS core (identified as being “at-risk code”). Could these extra assembly instructions (LFENCE on AMD/Intel, CSEL/MOVS and CSDB on ARM) be in direct relationship with many of the freezes, hang-ups and BSODs that have been reported on buggy patches?
2. Meltdown mitigations
Kernel Virtual Address Shadow (KVA Shadow) represents a major change in the way the kernel isolates its memory contents from user mode. Could the “Total Meltdown” bug be a direct consequence of failing to properly implement the “shadowing” (mapping) into user address space of the selected minimal subset of privileged kernel code and data? Quoting Microsoft:
“Mitigating hardware vulnerabilities in software is an extremely challenging proposition (…) In the case of rogue data cache load and KVA shadow, the Windows kernel is able to provide a transparent and strong mitigation for drivers and applications, albeit at the cost of additional operating system complexity, and especially on older hardware, at some potential performance cost depending on the characteristics of a given workload. The breadth of changes required to implement KVA shadowing was substantial, and KVA shadow support easily represents one of the most intricate, complex, and wide-ranging security updates that Microsoft has ever shipped.“
Source:
https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/1 user thanked author for this post.
-
Without any technical detail at all, it’s clear that big changes to the Windows Kernel, which has been stable for a long, long time, could destabilize something somewhere for someone.
It’s just the nature of risk w/regard to complex systems. And make no mistake, Windows is the kind of insanely complex system that could only get as solid as it has gotten by having the entire world use it and Microsoft fix the bugs found in it for decades.
To give a bit of perspective… By most measures, computers are at least 1,000 times faster than they were back in the early days. If your computer would typically crash once a day back then, a computer system of today running an OS at the same quality level would crash after only one minute. But they don’t, even considering that today’s systems are also much more complex than those back then. Frankly, it’s kind of amazing they got it working as well as it does for as long as it does (before January at least).
-Noel
-
It’s just the nature of risk w/regard to complex systems. … By most measures, computers are at least 1,000 times faster than they were back in the early days.
The story “Fail-Safe” originally appeared in three installments in The Saturday Evening Post on 13, 20 & 27 October 1962 (during the Cuban Missile Crisis), quickly followed by its publication as a novel; it was released as a film in 1964 (and the original screenplay performed live on CBS in 2000). This exchange comes early in the story:
KNAPP: “The more complex an electronic system gets, the more accident-prone it is. Sooner or later, it breaks down… A transistor blows, a condenser burns out. Sometimes they just get tired, like people…”
GROETESCHELE: “But Mr. Knapp overlooks one thing. The machines? are supervised by humans. Even if the machine fails, the human being can always correct the mistake.”
KNAPP: “I wish you were right. The fact is the machines work so fast; they are so intricate; the mistakes they make are so subtle that very often a human being can’t know if a machine is lying or telling the truth.”
And that was in 1962… .
-
“The more complex an electronic system gets, the more accident-prone it is…”
A spade surely must be said to be a non-complex, non-electronic simple system and yet it’s definitely an accident-prone system!
My big toe still has a scar from when I once tried to chop it off….
The scars from using PCs and Microsoft are of a different nature and though I’ve been brought to tears from time to time, it’s never made me bleed. Thank you, Microsoft.
Of course I’ll discount the little blood once lost due to trying to stop a fan with a finger… not my brightest idea.
1 user thanked author for this post.
-
-
A Windows 7 x64, group A non-techie user who has TRIED to stay up on all the mess with March patches but is still totally confused….YES…..even after reading Woody’s CW article.
I have both Jan & Feb monthly quality/security rollups installed. March’s rollup came with the usual updates but I did NOT install it as I wait for the Defcon rating to go to 3 or higher. Before the all clear came the rollup DISAPPEARED never to return. Then a few days ago KB4100480 showed up and by the advice of the “Patch Lady” I installed it. She said that if we DID NOT want to uninstall the Jan & Feb rollups that we “SHOULD” install the KB. Then shortly after I read that we had to install KB4099950 BEFORE KB4100480. Well KB4099950 didn’t show up in my updates until this morning long after I installed KB4100480, so how was I supposed to install that one first?
My questions are did I do the right thing by installing KB4100480? Do I install KB4099950 now? Or do I uninstall 0480, install 9950 and then reinstall 0480 or do I leave 0480 installed and just ignore 9950 for now?
What about the March’s MSRT is that safe to install?
Thanks in advance for any help with this confusing matter?
-
I think you’re OK. You do NOT need to uninstall 0480. When you’re ready to install KB4088878(the March Rollup), install it AFTER you install the 9950 update. At that point, you’re done, unless…
…you also decide to install KB4099467. If you do decide to install it, do it right after you install the Rollup with no restart in between.
What I’ve just described is exactly what I’m going to do. I haven’t yet decided whether to install 9467 because there is so little information about it. I’m waiting a day or 2 to see if any problems with it surface. At the moment, I’m inclined to install it since it seems to either do nothing or else perhaps prevent a BSOD. On the other hand, MrBrian decided to not install it (see his post above) and has experienced no issues because he didn’t.
Right after Woody started this thread today, I started my March catchup for a Group B W7 x64 Home system standalone. First off, I ran KB4099950, did restart, no problem. Next ran most recent IE 11, KB4096040, did restart, no problem. Then I ran the OS KB4088878, did a shutdown, no problem and restarted. Finally I finished with KB4100480, did a restart, no problem. Thanks again to Da Boss and the ensemble cast of gals and guys that maintain Group B viability. Break a leg!
Note to Windows 7 users: KB4088875 (Windows 7 2018-03 Monthly Rollup) is available on Windows Update, but there are unusual steps needed to see it. See https://www.askwoody.com/forums/topic/windows-update-not-offering-kb4074598/#post-182019 for more details.
Otherwise, take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. You’ll lose some worthwhile fixes, but at least you won’t be wide open to Total Meltdown.
Susan isn’t the only one thinking this way.
I’ve had ZERO problems with my little Win 7 server that runs 24/7 since 9 days ago dropping back to pre-January patch level.
When I did so I saw my I/O speed go back up from a bit over 900 MB/second to where it was before the debacle, now over 1800 MB/second.
There comes a time when, even ignoring risk entirely, demonstrated problems outweigh the potential reward of patching.
How do you get out from under all the work it takes to keep providing “extended support”? You change the definition of “support”… I imagine that once a large majority of Windows 7 people start avoiding patches, they’ll just decide to shut down the servers, claiming that people don’t want their “support” any more.
-Noel
-
It’s probably impossible to be sure everything you want and nothing you don’t want has been reverted, but I had no problem uninstalling the updates from my system. It’s not something I ever did before on any system, so I’m not sure whether a sample size of 1 even begins to answer your question, but it’s pertinent anecdotal evidence.
-Noel
-
I did the uninstall option back to December a couple of days ago and so far everything is looking good with no problems. Because I used Disk Clean to cleanup system, I was missing some of the updates in my Add/Remove. I had to use Windows Update Mini Tool to locate and uninstall the Jan. and Feb. updates. After uninstalling each one I ran windows update and hid the updates I didn’t want until I was back to December. After I was back to December, WU offered about a half dozen updates and I had to research each one to decide if I wanted it or not. I installed the ones I wanted and hid the ones I didn’t. So far so good. WU is locked down and will be until this mess is sorted out, and if not it’s locked down for good. I did an image before doing this just in case things went wrong. My computer is now open to the Meltdown/Spectre joke, but I have my performance back. Installed new router for security and made sure firewall and virus protection was up to date.
-
-
Thank you, Cybertooth! I will take the approach you suggest. It does match what I’ve gleaned from all the recent commentary. Grateful for your time:-)
1 user thanked author for this post.
-
You are right that 32 bit Win 7 isn’t subject to the Total Meltdown Security hole that is found in all the 2018 patches for Win 7, so you don’t have a need to mitigate for it, like 64 bit systems do… so no need to consider removing the January and February patches. That leaves you with the choice of waiting… or moving forward.
There was a problem with NIC settings being replaced or static IP address settings being lost after you install KB4088875, that affects 32 bit as well as 64 bit systems, which would cause you to lose internet connectivity. By installing KB4099950 first, you would avoid that particular danger. You may find that after installing KB4099950, rebooting, and then rechecking Windows Update, that you are offered KB4088875 (March Monthly Rollup). Install, reboot, recheck… and keep doing that as long as you are getting checked updates.
It would be important to install KB4100480 to mitigate the Total Meltdown, if you had a 64 bit system, but it doesn’t apply to you.
KB2952664 Update for Windows 7 is a known telemetry patch that has been offered over and over again. If you have only recently come to AskWoody, and were using automatic updates, it is likely that it is already on your system (you can check under installed updates). For people that kept it off… and that started before the GWX push… it is a no-no… It is like a weed that you have to remove over and over and over, if you decide to get it off your system. Not everyone cares about telemetry, or wants to be vigilant. KB2952664 keeps coming back, sometimes unchecked, sometimes checked… It is, again, a decision that you have to make about your own system. You can take a look at Turning off the Worst Windows 7 and 8.1 Snooping, if you want to know more.
As always, following How to Apply the Win 7 and 8.1 Monthly Rollups will give you step by step guidance to refer back to, if you get lost while updating. Woody refers you to it from his ComputerWorld article, when giving you the updating steps… it works…
Sometimes you can be told to just apply certain patches… and it will be okay. I can understand needing a little hand-holding when there is a risk, no matter which way you choose to go. Perhaps the details here will help you make a good decision for your situation… but if it gets more confusing for you, follow Cybertooth’s do or don’t guidance for the patches you’ve been presented with… and may your patching be successful and uneventful!
Non-techy Win 10 Pro and Linux Mint experimenter
1 user thanked author for this post.
-
Elly and Cybertooth,
Thank you both for your very helpful guidance and thoughts to ponder. Appreciate you both taking the time from your day to respond on my queries. I’m all backed up, Disk cleaned up, System Restore point made and also un-installed that miscreant KB2952664 which I realized I had installed previously. So, I think I’ve searched soul enough and am going to take the plunge with your suggestions in mind. Will report results on “the other side” of the abyss…
Hope all is well and that you both have weathered your “choices” favorably…
1 user thanked author for this post.
-
-
-
@MrBrian-
In order to clarify for everyone, if we (Win 7 x64 users) have the January and February rollups installed AND we have already installed KB4100480 to prevent Total Melltdown, then we DON’T need to:
1. Uninstall KB4100480
2. Install KB4099950
3. Install KB4088875
4. Reinstall KB4100480
in that order, correct?
To me, it sounds like we should only have to steps 2 and 3 in that order, and that’s it, right?
1 user thanked author for this post.
-
“To me, it sounds like we should only have to steps 2 and 3 in that order, and that’s it, right?”
Correct indeed. I did a test of this with one of the rollups, and posted about it somewhere on this site previously.
1 user thanked author for this post.
-
-
-
-
Per Woody’s ComputerWorld article:
“Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.”
90% of people have been moved to 1709, and for some of them, it happened forceably, as Microsoft ignored their settings. Be prepared to deal with that, one way or another.
Strategically, this is the time to go ahead and update to 1709, because after Tuesday, 1803 will be what is available through Windows Updates. You could download a copy of 1709 now, even if you don’t install it, in case 1803 is full of bugs, and Microsoft won’t stop pushing you off 1703. Woody says he is staying on 1703.
I’m just restating what Woody has already said… as it applies to your situation. There are no assurances that updating will go smoothly and that Microsoft won’t try and force an upgrade on you… in fact, the opposite might be true. But… this is the best we are going to get… for this month.
Non-techy Win 10 Pro and Linux Mint experimenter
1 user thanked author for this post.
-
-
-
Being in Group A and not having uninstalled Jan or Feb updates, you have a big, gaping hole in your security, called Total Meltdown… where the cure is potentially worse than the ill it was supposed to fix. KB4100480 is to patch those patches (and also the March Rollup, which carries the same problem forward)… and it is sitting there checked, and ready to go in your Windows Update.
No one can make the decision to roll-back, stay put, or move forward, for you. What do you want to do?
If you aren’t going to roll back to December (and there is no guarantee that the bad patches will get fixed, we are only hoping they will), you probably still need to install KB4100480 to fix the Total Meltdown vulnerability. I’m repeating this, because some people are freezing in place before this is done: Total Meltdown is a great big gaping hole that allows any program easy access to your system, no special expert black hat skills needed. Not having those patches (rolling back) is better than having them and not fixing them with KB4100480.
Then you must decide whether to sit and hope and wait… or install March’s Monthly Rollup, KB4088875, proceeding with the normal Group A updating. If you are following the full Group A updating this month, you aren’t done until you have installed the checked updates, rebooted, rechecked Windows Update, installed andy checked updates, rebooted, and repeat until there are no more checked updates.
There is a good chance that once KB4100480 is installed, KB4088875 will show up as checked. If you are satisfied that the major bugs have been addressed (and having read through things, you have as much information as the rest of us), you may decide to go ahead with Group A updating. You may want to add KB4099467 from the catalogue, just in case your system is vulnerable to the “Stop error”. As far as I have heard, there is no way to test for this ahead of time, and the “Stop error” is a BSOD issue… so it might be worth the extra step to avoid.
Believe me, there has been a lot of testing going on, and if there was one good, clear, safe choice, Woody would have presented that, instead of telling us what the pitfalls are. There isn’t a better time to back up your data, as that should give you some sense of security if the choice you make ends up with a serious consequence. Microsoft isn’t giving, or doesn’t have a safe way forward. Their best efforts have thrown a fair amount of chaos our way. I am giving them the benefit of the doubt on that… at this time…
And as to your last question… if Microsoft reissues an update that has been hidden, it will show up again if you run Windows Update… and if you decide to install it, and it hasn’t shown up again, you can unhide it… unless it gets pulled (and that is for reasons that mean you wouldn’t want it anyways). KB4088881 is the April preview… The April Monthly Rollup, will have those fixes, hopefully with any bugs ironed out… and it will probably (I say probably, because March’s Monthly Rollup didn’t show up for everyone) show up in your regular Windows Update, on next Tuesday. Woody, and most of us here, will wait and see what happens to the unpaid beta-testers, before he makes a recommendation regarding what to do with it. It does get a little confusing, because we are in April, and only just now deciding what to do with the March updates.
Hope you feel that this more thoroughly addresses your bottom line questions… and do know that none of us are happy with these answers… just doing the best we can with what Microsoft throws at us.
Non-techy Win 10 Pro and Linux Mint experimenter
-
-
-
-
Trying to make sense of it all and follow all the good suggestions here has left me shaking my head and not sure which way to go. I’m Group A Windows 7 64 bit with both the Jan & Feb rolls-ups installed. Today in WU I have offered (and all are checked) 4100480, 4099950 and MSRT.
If I decide to install these – does it matter which order I do them in, i.e., should 9950 be installed before 0480? I always do MSRT last and assume this would still be the case here.
If I don’t install them today or tomorrow, what happens on Tuesday when the April updates come out? Do the 2 that I’ve mentioned disappear and will I have lost my chance to install them?
Gosh- I wish this was easier. I feel like I’m making a monumental decision here!
1 user thanked author for this post.
-
It shouldn’t matter what order KB4100480 and KB4099950 are installed in.
If you don’t install the March 2018 updates before next Tuesday, by next Tuesday the March 2018 updates will be metadata-superseded by the April 2018 updates, but you can still install them via Windows Update by hiding the April 2018 updates. Don’t forget that you hid the April 2018 updates though.
1 user thanked author for this post.
-
-
I’m not sure if either of those two updates will disappear from Windows Update on next Tuesday without resorting to hiding other updates.
1 user thanked author for this post.
-
-
-
-
I have more of a “safety net” than some of you because I make an image (using Macrium Reflect free version) immediately before installing Windows updates, and I am fairly confident that I will be able to restore an image because once a month as a test I do a restore immediately after making an image.
-
I run scheduled weekly Macrium Reflect images on my Win 7 box, and daily on my Win 10 box. I image Win 10 more frequently because that is my daily driver at this point.
Imaging should be a consideration before risking any updates, IMHO. Knowing that you can roll a system back to it’s last known working state is a big anxiety reliever. 🙂
The peace of mind is priceless. Macrium Reflect is free, and a decent 1TB external USB3 drive can be had for around $50 USD.
So if I hold off on updates, it’s just because I don’t wish to go through the hassle of a full restore, which usually takes me less than an hour…
Windows 10 Pro 22H2
-
Macrium Reflect: Once a month, instead of once a week. Simple, reliable, easy to use, does not intrude itself, unlike a lot of other crapware these days. Maybe it’s because it’s from the U.K.
I love Seagate Dashboard almost as much as Macrium; each morning, if I don’t sleep late, it backs up just the files that have changed since yesterday, and more importantly, they can be accessed without “mounting” an image.
These, plus an online backup once every 30 days–the so-called “rule of three.” As you say, the peace of mind is worth it.
1 user thanked author for this post.
-
-
-
-
-
I opted to install KB4099467 last night on my Win 7 Starter 32 bit test machine. Did the following:
4099950 from Windows Update, no restart required or requested.
4088878 from the Update Catalog, restart required but I didn’t because I immediately installed
4099467 from the Update Catalog, restart required, and I did restart.
Everything seems to be working fine, although I would note that the install of 4099467 was VERY slow and the restart took a long time even for an Atom chip.
Another interesting thing is that after all of this Windows Update showed only 4099950 and 4088878 in the ‘view update history’ tab. 4099467 didn’t show up at all. I had no indication that anything went wrong during the above procedure, so I’m not too worried about it since I’m not having any issues. Also, I’ve noticed in the past that Windows Update doesn’t always show the latest Security Essentials definition update.
-
-
EEErrrr….
I’m embarrassed.
I use paid av on the installations with which I access the Internet, but I have so many others that I can’t afford all, so I use Bitdefender Free on most of the test stuff.
I had to shift av’s between conputers, uninstalled TMIS on the Win7 (which removed the key) and in the interim I manually added it back.
So it was there all the time.Key = QualityCompat
DWORD = cad ca5fe-87d3-4b96-b7fb-a231484277cc
value = 0Computers are dumb – they do exactly what you tell them to do….
Sometimes you just have to figure out what you told ’em.1 user thanked author for this post.
Searched soul and installed March updates B style – arghh getting harder and harder to stay in group B.
As others reported, my March rollup disappeared. When I checked for updates on 4-6, I was offered kb4099950 and kb4100480 and yes they were both checked. I installed one update at a time, made a restore point prior to each install, rebooted after each install whether I was prompted to or not, and out of curiosity checked for updates after each reboot to see if the March rollup would be offered again. It was not offered. Below is the order I installed the updates which I know is not the same order recommended by others. Computer seems to be running fine.
1. KB 4096040 (IE 11 dated March 23rd from catalog)
2. KB 4099950 (I was offered windows update, but used catalog)
3. KB 4100480 (I was offered windows update, but used catalog)
4. KB 4088878 (March Security only for Win 7 x64 from catalog)
Group B Win 7 x64 – Thanks Woody and others for your valuable research and advice.
1 user thanked author for this post.
-
-
Thanks @MrBrian. Yes, I read your article and followed every step (to get the March rollup to re-appear) except for installing KB4074598 (2018-02 Monthly Rollup) because I am in group B. I installed the group B style IE 11, Jan and Feb 2018 Security Only updates on March 5th. I also ran disk cleanup on March 5th cleaning up about 2.6 gigs of system files. KB4088875 never to appear again. Really don’t know why I tried so hard to get it to re-appear, since I was not going to install it anyway (smiles). Appreciate you sharing your research and helping others.
1 user thanked author for this post.
-
-
-
KB4100480 isn’t a prerequisite for installing KB4088875 or KB4088878. KB4099950 is a prerequisite for installing KB4088875 or KB4088878.
Microsoft now categorizes KB4099950 as a Recommended update. The “Give me recommended” Windows Update setting that Group B uses causes all Recommended updates to be put in the Optional tab in Windows Update, and be unticked by default. The “Give me recommended” Windows Update setting that Group A uses causes all Recommended updates to be put in the Important tab in Windows Update, and usually (but not always) be ticked by default. In my opinion, KB4099950 would be a good occasion to violate the “never install an unticked update” rule.
KB4100480 has not been reissued.
4 users thanked author for this post.
-
Whilst I’m grateful for this post, @MrBrian, I think it raises two important points.
First, we shouldn’t assume that only Group B users set recommended updates in the way that you indicate. I’m a Group A user and my settings result in KB4099950 appearing as both optional and unchecked, and I’m pretty certain I’m not the only one.
Second, your comment that “In my opinion, KB4099950 would be a good occasion to violate the “never install an unticked update” rule” underlines the point I made in another topic recently to the effect that it’s crucial that all members of the team are seen to be playing the same tune. If some argue that unchecked updates should never be installed, while others argue that a particular case is an exception to that then we mere mortals won’t have a clue what to do for the best.
I fully understand that these are difficult times, but if different members of the team give us different recommendations, how are we supposed to reach an informed decision on which recommendation to follow?
1 user thanked author for this post.
-
I’m a Group A user and my settings result in KB4099950 appearing as both optional and unchecked, and I’m pretty certain I’m not the only one.
I’d like to point out to you that you are not following Group A. From AKB2000004, the guidelines for Group A read:
Step A1: Get your settings right.
In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.
If you were following Group A, KB4099950 would be important and CHECKED.
-
-
-
I can fully appreciate that it’s confusing that different people here sometimes give differing advice about what to do. You could decide to always follow one particular person’s advice (if available), or you could ask the reasons why a given person gave particular advice, and decide for yourself which advice to follow. The “never install an unticked-by-default update” rule is not a rule that I personally agree with, and KB4099950 provides an excellent example of why.
4 users thanked author for this post.
-
To shed some further light on your confusing situation (and that of MANY others, I’m sure) regarding KB4100480, here’s the wording of an explanatory note that’s in the KB article about this update:
- This security update was updated on April 5, 2018 to address applicability issues in the original release of the update.
- Applicability rules have been expanded for this update. Therefore, this update will be offered via Windows Update and Windows Server Update Service (WSUS) if any of the Security Only (SO) updates that are listed in the table above are applied.
- No specific functional changes have been made to this security update. Therefore, no additional action is needed if this update has already been applied.
Notice the last sentence in the last bullet point above. If it’s already installed prior to April 5th, you’re still good to go, no action is needed.
In other words, they updated it, as you noticed, on April 5th, but only to expand the field of applicable Windows 7 SP1 and Windows Server 2008 R2 SP1 installations to include those folks who have installed the Security Only updates for any one of the months of January, February or March as well as the folks (already included) who have installed the rollups for those months.
I hope that this post, along with the post above from @MrBrian, help clear things up for you and anyone else with the same question as you about KB4100480.
R/
Bob99
2 users thanked author for this post.
-
That order looks right, except the intermediate reboots aren’t needed. Don’t forget to install a March 2018 cumulative update for Internet Explorer also.
1 user thanked author for this post.
-
Note to Windows 7 users: KB4088875 (Windows 7 2018-03 Monthly Rollup) is available on Windows Update, but there are unusual steps needed to see it. See https://www.askwoody.com/forums/topic/windows-update-not-offering-kb4074598/#post-182019 for more details.
2 users thanked author for this post.
-
And what happens to KB4088881 that is hidden?
When it is reissued as the regular Monthly Rollup it will appear back in Windows Update…Oops… edited to correct my misunderstanding…
KB4088881 stays hidden, unless you unhide it, or it gets pulled. Per PKCano, “It contains the current month’s Rollup PLUS the non-security package for the coming month (not the security package). So it’s basically a “preview of what’s to come.” Microsoft then adds the security package to it, and that becomes the next month’s Rollup.
Non-techy Win 10 Pro and Linux Mint experimenter
-
-
The preview rollups aren’t reissued later as monthly rollups. KB4088881 will remain marked as hidden.
1 user thanked author for this post.
-
Oops, I blew that one…
That means that when April’s Monthly Rollup is issued, it doesn’t matter that the preview is hidden… because the patches that are in it, are forwarded to the April Rollup?
Non-techy Win 10 Pro and Linux Mint experimenter
-
They’re different updates, with different update IDs, and different contents.
1 user thanked author for this post.
-
-
-
Hi,
i too am on Windows 7 64 bit and decided to dive right – in with the March Updates TODAY,after reading Woody’s post and thankfully everything went just fine.Still several hours later,No blue screens,No system slowdowns,Nada…A big thank you to Woody for his regular invaluable advice.
Windows 7,Home Premium 64 bit - Lenovo laptop
Group A - Intel (R)Core i7 Processors -ASUS Chromebook C213 12.5 inch
64GB memory .iphone 6,need to upgrade soon,bugger !
Reeder M7 Go 2019 Tablet !
Win 10 Pro 1703 – updated today, no issues so far. 🙂
Hid KB4023057 and the feature update to version 1709, everything else for March has been updated.
I believe I will follow advice and leave my Win 7 Pro box alone …
Windows 10 Pro 22H2
-
-
You asked for it. Here’s the big one from Microsoft.
-
-
I have read Woody’s Computer World article and all the forum comments.
If we choose Woody’s second option
“If you don’t need the headache, and you’re reasonably sure nobody’s going to attack you with a Total Meltdown push*, don’t do anything. Don’t install any of the March patches”
what do we do going forward? Do we just wait for the April patches and a subsequent DEFCON 3 announcement?
Thanks.
2 users thanked author for this post.
-
what do we do going forward? Do we just wait for the April patches and a subsequent DEFCON 3 announcement?
Yep… if you are choosing the wait and see option… you get to wait… and see…
Non-techy Win 10 Pro and Linux Mint experimenter
