Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 3: Yep, it’s time to get patched

    Home Forums AskWoody blog MS-DEFCON 3: Yep, it’s time to get patched

    This topic contains 152 replies, has 42 voices, and was last updated by  Sparky 1 week, 2 days ago.

    • Author
      Posts
    • #148601 Reply

      woody
      Da Boss

      Lots of warnings this month for odd bits and pieces, but it’s time to get everything caught up. There’s a nasty Equation Editor malware exploit making
      [See the full post at: MS-DEFCON 3: Yep, it’s time to get patched]

      8 users thanked author for this post.
    • #148608 Reply

      PKCano
      AskWoody MVP

      The KB4049011 article says it is the servicing stack for Win10 v1703. You will need to install it.

      3 users thanked author for this post.
      • #148825 Reply

        anonymous

        What exactly is a ‘Servicing Stack’?

        1 user thanked author for this post.
        • #148890 Reply

          MrBrian
          AskWoody MVP

          From Updating the Servicing Stack: “The servicing stack includes the files and resources that are required to service a Windows image.” From Servicing Windows: Part One: “Servicing is the act of installing a role, feature, service pack or windows update against a Windows OS.”

          3 users thanked author for this post.
        • #149151 Reply

          rc primak
          AskWoody Lounger

          Among other things, a Servicing Stack is involved in the updates process. Most Servicing Stack updates are meant to improve the performance of Microsoft Updates.  They seldom cause harmful side-effects, so it’s usually safe to apply them.

          -- rc primak

          1 user thanked author for this post.
    • #148614 Reply

      anonymous

      on windows 7 pc and 8.1 notebook, what problems and breakings do i have to expect after installing group b security only patches, .net and office patches?

      • #148616 Reply

        PKCano
        AskWoody MVP

        Woody did a summary of patches on Nov 28th in ComputerWorld and the discussion is here on the blog.

        He will have the DEFCON-3 article on ComputerWorld shortly. Check back here for the link once it’s posted. It will contain cautions and advice for updating all versions of Windows.

        4 users thanked author for this post.
        • #148630 Reply

          woody
          Da Boss

          Yep, that’s exactly what’s in the article….

          2 users thanked author for this post.
          • #148690 Reply

            AJNorth
            AskWoody Lounger

            Report from an outpost:

            All Windows boxes (7 Pro & 8.1 Pro – x64) successfully updated (“Group B”); a run-through of major applications on each reveals no issues (thus far…). (The unchecked .NET Security & Quality Rollups were not installed.) The Belarc Advisor reports 100%.

            As always, heartfelt thanks to Da Boss (and his stalwart MVPs)!

            (Carry on — but don’t get caught.)

            2 users thanked author for this post.
            • #148801 Reply

              Kirsty
              AskWoody MVP

              Thanks for the feedback – helpful to know your upates were successful.

              The .NET update is showing as non-security, despite the name given to KB4049016.

              2 users thanked author for this post.
        • #148725 Reply

          anonymous

          following 2000003 article for group b updating, do i need to install dot matrix patches if i don’t use dot matrix printers? or will these be part of a future security update anyway?

          • #149065 Reply

            Kirsty
            AskWoody MVP

            As I understand the Dot Matrix bug, it is not a security issue. If you aren’t affected by the issue, installing the patch is not required.

            1 user thanked author for this post.
        • #148731 Reply

          anonymous

          just found the article mentioned, there i read:

          If you manually download and install the Security-Only patch (which I no longer recommend!), and you have an Epson dot matrix printer, you also need to install the fix, called KB 4055038, manually.

          as group b i can only stick to security only patch or is there any alternative not propelling to group a?

          • #148789 Reply

            The Surfing Pensioner
            AskWoody Lounger

            If you run an Epson dot matrix printer, or you think that maybe one day you might want to, then download and install kb 4055038 along with the security patch. It takes about an extra two minutes and then you’re sorted.

            1 user thanked author for this post.
            • #148803 Reply

              anonymous

              thx, i also updated windows 7 machine, security only kb4048960, ie kb4047206 and printer kb4055038 (all 64 bit). after reboot i installed the four checked office updates for office 2010. of course i unchecked security/quality rollup. and i did NOT install malware removal tool as it is important but unchecked on windows 7 machine.

              i also did not install .net as it is unchecked optional this month. of course i did not install any optionals.

              1 user thanked author for this post.
      • #148696 Reply

        The Surfing Pensioner
        AskWoody Lounger

        “on windows 7 pc and 8.1 notebook, what problems and breakings do i have to expect after installing group b security only patches, .net and office patches?”

        None whatsoever on windows 7 pc. I’ve just updated mine Group-B style, quickly, easily and without incident. Supercedence working just as it should. Can’t help with 8.1 notebook, unfortunately. Just wish I could understand why some people discriminate against the Group-B method. Practice shows how effective it is!

        3 users thanked author for this post.
        • #148744 Reply

          anonymous

          just went ahead and updated 8.1 notebook, all 64bit. security only kb4048961, ie kb4047206 and also printer fix kb4055038 although i don’t have any dot matrix printer. after reboot i installed all checked important updates (office, flash, defender and malware removal tool). of course i unselected security/quality rollup as i don’t want group a. no .net installed on windows 8.1 this month as it appears as unchecked optional along with not needed nvidia and intel drivers and preview rollups and the old spying kb2976978 and kb3102429 for some foreign currency thingmajig i don’t need.

          have NOT applied any windows 7 updates yet, as this is my main system and i’m a bit afraid…

          • #148800 Reply

            SueW
            AskWoody Lounger

            I also just updated, Group B-style, my Windows 7 system, without issue (phew!).  I only installed 4 Important Office 2010 updates:

            Security Update for Microsoft Excel 2010 (KB4011197) 32-Bit Edition
            Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition
            Security Update for Microsoft Word 2010 (KB4011270) 32-Bit Edition
            Update for Microsoft Office 2010 (KB4011188) 32-Bit Edition

            I unchecked (Quality Rollup for Windows 7 was checked) and hid all others.

            Adding my monthly “Many Thanks!” to the Team once again!

            Win 7 SP1 Home Premium 64-bit; Office 2010; Group B; Former 'Tech Weenie'

    • #148633 Reply

      Rydan
      AskWoody Lounger

      more weirdness:
      https://www.administrator.de/frage/kb4011618-mehrfach-angezeigt-356491.html
      I see this too: 38 x 4011604, 74 x 4011618 (albeit 2010 is 32bit and 64bit vesions)
      (in WSUS, but every language has a separate update!)

      • This reply was modified 2 weeks, 4 days ago by  Rydan. Reason: forgot language remark
      2 users thanked author for this post.
    • #148644 Reply

      twbartender
      AskWoody Lounger

      Back on 11/23 I asked a question as to where we stood with this month’s unchecked MSRT in windows update, https://www.askwoody.com/forums/topic/patch-tuesday-is-rolling-out-2/#post-147126 based on @gborn‘s 11/16 statement: https://www.askwoody.com/forums/topic/patch-tuesday-is-rolling-out-2/#post-145848  “It seems that Microsoft has released a new version of MSRT, that has been fixed.”

      The problem was and still is, is that the MSRT in my windows update still remains unchecked with the original release date of 11/14/17. The Microsoft Update Catalog MSRT download still shows the original 11/14/17 date as well.

      Does the fact that the MSRT remains unchecked mean that it hasn’t been fixed, or is it just another Microsoft oversight?

      On 11/23 @mrbrian answered with the following reply: I think it’s best to assume that it hasn’t been fixed. When I installed the November Microsoft updates, I didn’t install that update. https://www.askwoody.com/forums/topic/patch-tuesday-is-rolling-out-2/#post-147131

      Now that we are at MS-DEFCON 3, is the above advice by @mrbrian still the recommended  way to deal with the November MSRT?

      1 user thanked author for this post.
      • #148645 Reply

        PKCano
        AskWoody MVP

        Woody’s usual rule of thumb is:

        “As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED.”

        From today’s CoputerWorld article.

        4 users thanked author for this post.
      • #148646 Reply

        MrBrian
        AskWoody MVP

        If it’s still unchecked by default, then my advice remains unchanged.

        4 users thanked author for this post.
      • #149105 Reply

        Noel Carboni
        AskWoody MVP

        Are people seeing the Malicious Software Removal Tool breaking things (e.g., finding false positives) in the real world? I can’t say I recall it EVER causing any problems for me, though in the grand scheme I guess I’m pretty conservative about what I download to run on my systems.

        -Noel

        • #149153 Reply

          rc primak
          AskWoody Lounger

          The Nov. 2017 user interface showed false positives on both of my Win 10 v.1703 devices. But the Reports panes showed no infections. So I don’t think anything was removed or treated. I am not aware of any time in my use of Windows updates that MSRT wrecked anything. But there might always be a first time for anything. The tool is capable of removing some of the real infections it may find. Whether this can mess up custom or OEM system files I have yet to read.

          -- rc primak

          1 user thanked author for this post.
        • #149232 Reply

          DrBonzo
          AskWoody Lounger

          In either May or June, I installed the usual batch of Group B updates on a WIN 7 x64 sp1 Dell desktop. As is my habit, I installed each one individually with a reboot after each (yes, even if not required/requested). After each reboot I checked Office, Excel, IE11, Opera, Firefox, and a handful of randomly chosen control panel settings, one of which was “Turn Windows Features On or Off”. Everything was fine until after I installed MSRT (which was the last update of the month for me), at which point the “Turn Windows Features On or Off” showed nothing but a blank white dialog box, even after waiting an hour (this box is relatively slow to fill and usually takes a couple minutes).

          Coincidence? I personally doubt it. But I will not install MSRT again.

          2 users thanked author for this post.
          • #149346 Reply

            walker
            AskWoody Lounger

            Dr.Bonzo:   I definitely agree.   In the past, for whatever “ESP” I may have had, I did not install the MSRT either, and now I am glad that I didn’t.   It is becoming more and more of a “mine field” out there.    Thank you for sharing your experiences.  🙂

            1 user thanked author for this post.
    • #148649 Reply

      anonymous

      ” … want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. We’re actively discussing whether it’s worthwhile continuing to post information about the security-only patching path.”

      I appreciate all the work that goes into providing information for the Group B patchers to continue manually installing Security Only patches on their machines. Patches have become such a minefield, I cannot in good conscience turn my computer over to Microsoft’s cavalier distribution of non-security changes through Windows Updates.

      I would put myself at a mid-level of computer expertise. Not a beginner, I have been able to research and solve most problems on my own (or discover why I can’t) over the past 20 years, but I cannot dissect and generate how to reprogram problems in the bowels of the computer. If you need another vote for continuing your practice of helping Group B, count me in.

      10 users thanked author for this post.
      • #148663 Reply

        anonymous

        Please count me in too for Group B.  Yes I understand the minefield of possible missing updates / corrections / fixes for fixes, but most importantly I don’t trust MS not to do serious damage with some non-security “feature” (which I probably don’t want anyway).

        Win7 Pro, Gp B reasonably up to date.

        HMcF

        6 users thanked author for this post.
        • #148691 Reply

          Charlie
          AskWoody Lounger

          Yeah, as usual, we’re faced with the task of choosing between the devils we know or the devils we don’t know.

    • #148662 Reply

      anonymous

      Is it Ok to skip this months .NET rollup? Does this one have more than non-security updates?

      • #148670 Reply

        MrBrian
        AskWoody MVP

        It has non-security fixes only. If you don’t want those fixes, you can skip it. I installed it.

        3 users thanked author for this post.
        • #148672 Reply

          anonymous

          Thanks for the link @mrbrian, it looks like I’ll probably skip this one since my system is humming along quite nicely with things the way they are.

          • #148677 Reply

            zero2dash
            AskWoody Lounger

            Yeah, it looks like the last .NET update that actually addressed Security was in September.
            Neither the October nor the November updates had any Security fixes. (And now I know why there hasn’t been a .NET Security Only update since September.)

            • #148797 Reply

              windows7forever
              AskWoody Lounger

              Neither the October nor the November updates had any Security fixes. (And now I know why there hasn’t been a .NET Security Only update since September.)

              Although this is what MS claims, it is wrong. (What else is new?) On the Microsoft Update Catalog site there is a November .NET Security Only update for .NET Framework 3.5.1 on Windows 7. It can be found by searching for KB3097989 (although not by searching for .NET security updates, at least as far as I can tell).

            • #148810 Reply

              MrBrian
              AskWoody MVP

              KB3097989 is from November 2015.

              1 user thanked author for this post.
            • #148824 Reply

              windows7forever
              AskWoody Lounger

              Thanks for correcting my error.

      • #149152 Reply

        anonymous

        And if someone can clarify… i search the catalog for .NET, and the only updates listed for November at all for various flavors of Windows 10.

    • #148697 Reply

      cnkit
      AskWoody Lounger

      Woody, may I make a suggestion? At least in your own writings on Win 10, could you please stop using version titles such as “Creators Update” and stick to using numbers like 1706 or 1709. With the former, I can’t keep straight which came first and which last. At least with numerical codes, it’s fairly obvious, at least as long as MS doesn’t mess it up somehow. In that case I suggest we as users come up with our own system, such as 17F (or 1709, as currently, referring to Fall 2017 or Sept 2017, respectively).

      1 user thanked author for this post.
      • #148700 Reply

        Karlston
        AskWoody Lounger

        Please use 1709 (YYMM) nomenclature. It’s fairly unambiguous, unlike “Fall” which is “Autumn” in the Northern Hemisphere outside North America, and “Spring” in the entire Southern Hemisphere.

        Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

        • This reply was modified 2 weeks, 3 days ago by  Karlston.
        • #148863 Reply

          Ascaris
          AskWoody Lounger

          Please use 1709 (YYMM) nomenclature. It’s fairly unambiguous, unlike “Fall” which is “Autumn” in the Northern Hemisphere outside North America, and “Spring” in the entire Southern Hemisphere.

          What’s ambiguous about “Fall Creator’s Update?”  There is only one update by that name.  It may be a bit annoying to some people that Microsoft used a US-centric name for its update, but there should be no confusion as to what it actually means.  It means the update that was released in October 2017, even if you don’t particularly like the term “fall.”

          Really, 1709 isn’t very accurate either, given that it was actually released a month later than indicated by the YYMM format.  They’re both just names for a thing; best not to get too wrapped up in parsing them and just accept them as a title for a given update.

          • This reply was modified 2 weeks, 3 days ago by  Ascaris.
          • #148950 Reply

            MrJimPhelps
            AskWoody MVP

            What’s ambiguous about “Fall Creator’s Update?” There is only one update by that name. It may be a bit annoying to some people that Microsoft used a US-centric name for its update

            In my opinion, “Fall Creator’s Update” isn’t really a US-centric name, but rather just a goofy, meaningless name that Microsoft came up with, that sounds “cool” if you don’t try to figure out what it might mean.

      • #149158 Reply

        MrBrian
        AskWoody MVP

        Another good reason to include the version number is because Windows 10 update history uses those.

    • #148707 Reply

      Elly
      AskWoody Lounger

      Problem here…

      I’m a dedicated Group B updater with automatic updates turned off…

      I manually ran Windows updates and unchecked the November rollup…

      November-Updates-1

      When I navigate by the go back arrow, it shows that one important update is ready to install.

      November-Updates-2

      Since I unchecked everything, I was curious what I missed. KB4048957 has rechecked itself. I unchecked it… and the same thing happens again… and again. I’ve never had an unchecked update recheck itself, and show up as ready to install before, and it is really worrisome to me.

      I don’t want KB KB4048957. This is Microsoft malware! Another bug?

      I clicked out of Windows Update with everything unchecked, via the red X, and I’m going to restart my laptop. Hopefully it stays unchecked and doesn’t install something I definitely don’t want.

      Elly-

      Win 7 Home, Group B

      Attachments:
      You must be logged in to view attached files.
      • #148719 Reply

        Elly
        AskWoody Lounger

        So that worked, not installing anything…

        I just like to observe and note what’s going on. If I click at the bottom of the updates, OK, on no updates selected, it will show up that way when I go back. I don’t remember having to do more than unclick the updates before… but I could be wrong, and just a bit paranoid…

        Elly-

        Win 7 Home, Group B

        1 user thanked author for this post.
        • #148777 Reply

          The Surfing Pensioner
          AskWoody Lounger

          But MS really, really want you to install their monthly rollups, so I have noticed some checks can reappear persistently. If you don’t want it, hide it. That motto seems to be politically correct at the moment, anyway! (I’m also Win 7 Home, Group B  – the ‘Losers’!)

          1 user thanked author for this post.
      • #148779 Reply

        PKCano
        AskWoody MVP

        If you use the back arrow, you have not APPLIED your change (check). If you press OK, it applies the change.

        But if you close WU, the next time you open it the default checks are back.

        3 users thanked author for this post.
        • #148846 Reply

          Elly
          AskWoody Lounger

          Part of me would like to see what is there, and then be able to research it, and then make my decision as to what will be installed. Since hiding all updates is part of a protocol to see if any service stack updates are offered, I decided to hide anything that is checked until I decide what to install, so it isn’t inadvertently installed just because I looked at it and was distracted and left it open and the laptop shut down. Life can get pretty distracting around here…

          I updated per Group B without further incident, and nothing else showed up after the security only, IE and dot matrix fix were installed. Windows update was closed… until next month.

          Might be the old age thing, but I don’t remember it being quite so persnickity before… was following my regular updating routine…

          Safe computing, and thanks, PKCano, for the explanation!

          Elly-

          Win 7 Home, Group B

    • #148713 Reply

      bjm
      AskWoody Lounger

      Hello, Just installed kb4051033 via Update Standalone Package and installed kb4048951 via Windows Update.

      My remaining Hidden are kb4013214 Creators Update Privacy, kb4033637 Mystery Patch, kb4023057 Update Reliability and kb4049065 Servicing Stack.

      Presume, you’ll say 4049065 Servicing Stack is okay to install.

      Just wanted to confirm 4049065 is okay to install and hear comment regarding my remaining Hidden.
      Thanks 1607 (14393.1914)

      • #148782 Reply

        PKCano
        AskWoody MVP

        You need to install the servicing stack.

        1 user thanked author for this post.
        bjm
    • #148724 Reply

      dononline
      AskWoody Lounger

      Guess what, you lucky Fall Creators Update 1709 users? Just saw HERE that you’ve got a brand spanking new CU today, presumably to fix the one issued last Patch Tuesday. KB4051963 pushes the OS to build 16299.98, and addresses many issues with Internet Explorer, Microsoft Office 365, and more. Oh, joy! 🙂

      • This reply was modified 2 weeks, 3 days ago by  dononline.
    • #148739 Reply

      abbodi86
      AskWoody MVP

      Windows 10 ver 1709 got servicing stack update too KB4054022
      http://support.microsoft.com/help/4054022

      • This reply was modified 2 weeks, 3 days ago by  abbodi86.
      1 user thanked author for this post.
      • #149155 Reply

        rc primak
        AskWoody Lounger

        That same KB Article Number applies to ver. 1703, which I have.

        There’s a Feature Upgrade update in there also, and for Version 1703, I found that wushowhide could not block it. I didn’t have any Advanced Settings to Defer Feature Updates, so I don’t know if those settings were also ignored.

        -- rc primak

        • #149165 Reply

          PKCano
          AskWoody MVP

          I have 1703. My settings are CBB (which is ignored), defer feature updates 365 days, defer quality updates 0 days. I received the 1703 CU and servicing stack. I was not offered 1709 upgrade in WU.

          1 user thanked author for this post.
          • #149261 Reply

            rc primak
            AskWoody Lounger

            Defer Feature Updates is the setting I seem to have missed. Thanks.

            -- rc primak

    • #148689 Reply

      anonymous

      For Windows 8.1, our old snooping friend KB2976978 has reappeared, dated 2017-11-14.

    • #148693 Reply

      anonymous

      ? says:

      went on the yellow/green on win7 pro w/office 2010, grope “B”. smooth as butter.

      Important:

      KB4011197-Excel

      KB4011618-Office

      KB4011270 Word

      KB4011188-Office

      KB4048957-November 2017 Rollup (Hide)

      KB8900830-MSRT (unchecked)

      Optional:

      KB4051034-Preview Rollup (hide)

      KB4049016-.Net (Unchecked, left it there)

      KB2952664 (Well, italics and yes hid)

      no Epson in-the-matrix KB for me

      so far, so good… ready for another month?

      and now for the next 5 Win7’s plus XP Pro

      many thanks fellow Woodites!

       

      • #148832 Reply

        anonymous

        ? says:

        Along the line I had a boo-boo and saw that KB4048957 roll-up was installing on a group “B” win7 machine. I stopped the update process and rebooted but it was showing as installed. Humm, so I ran cmd>wusa /uninstall /KB:4048957. Windows then reported that it had been uninstalled. When I finished the update routine and went on to DISM which removed KB3138962 MS16-027 win media update from 3/08/2016. During the cleanup process I ran Privazer which finished removing KB4048957. The Privazer report showed the KB4048957 roll-up had installed 5161 files and took up 230 MB on the hdd. I also looked at running services and they were nominal and no new entries in the task scheduler. Whew, guess I dodged the wash, rinse & repeat bullet once again…

        1 user thanked author for this post.
    • #148698 Reply

      anonymous

      Anyone seeing an issue with Internet Explorer 11 crashing when the cumulative update for the Win 7 OS KB4048957 (not the IE patch mind you – the OS cumulative patch)?

      We are seeing this on Windows 7 x64 machines at two of our sites and uninstalling the patch resolves this. Initial indicators with a case we have open with Microsoft indicates if a registry key is removed this also fixes it (ironically, the removal also causes other issues so not a vector for the fix)

      • #148785 Reply

        PKCano
        AskWoody MVP

        Back in Sept or Oct there was a problem with IE11 caused by Icon Font Size and having tabs on a separate row. It caused IE11 to either crash or not start at all.

        Information on this problem is here. And in the following replies

    • #148699 Reply

      anonymous

      KB4051963 now available on Microsoft Update Catalog brings 1709 to build 98

    • #148712 Reply

      anonymous

      Hello, Just installed kb4051033 via Update Standalone Package and installed kb4048951 via Windows Update.

      My remaining Hidden are kb4013214 Creators Update Privacy, kb4033637 Mystery Patch, kb4023057 Update Reliability and kb4049065 Servicing Stack.

      Presume, you’ll say 4049065 Servicing Stack is okay to install.

      Just wanted to confirm.
      Thanks 1607 (14393.1914)

      1 user thanked author for this post.
      bjm
      • #148786 Reply

        PKCano
        AskWoody MVP

        Yes, you need to install the servicing stack

        2 users thanked author for this post.
    • #148747 Reply

      anonymous

      i just installed MSRT November 2017 no issues so far, if there any issues with it why they just don’t remove it from windows update ?

      • #149157 Reply

        rc primak
        AskWoody Lounger

        The usual reasoning applies — there are few and scattered reports of the Nov. 2017 MSRT update causing some sorts of issues. Not enough people to prompt pulling the update. I can attest that there are probably bugs (false positives) in this update. But nothing which harmed my systems.

        -- rc primak

        1 user thanked author for this post.
    • #148780 Reply

      bjm
      AskWoody Lounger

      Hello, Just installed kb4051033 via Update Standalone Package and installed kb4048951 via Windows Update. My remaining Hidden are kb4013214 Creators Update Privacy, kb4033637 Mystery Patch, kb4023057 Update Reliability and kb4049065 Servicing Stack. Presume, you’ll say 4049065 Servicing Stack is okay to install. Just wanted to confirm. Thanks 1607 (14393.1914)

      Sorry, message above appears to be an earlier version of my message here > https://www.askwoody.com/forums/topic/ms-defcon-3-yep-its-time-to-get-patched/#post-148713

      AskWoody platform gives me grief, sometimes.
      Sorry

      • This reply was modified 2 weeks, 3 days ago by  bjm.
      1 user thanked author for this post.
    • #148802 Reply

      anonymous

      Trying to install updates on 1607 and the downloading was stuck at 10%.

      I assumed it had to do with my Internet connection not being stable, so I tried to stop the service wuauserv in Task Manager so that I can restart it. Instead, the status for wuauserv is stuck on “Stopping” and in Settings, the page is all of a sudden stuck on Preparing to install updates 0%. It also wiped out the update history in Setting.

      I tried to restart my computer but it didn’t do anything. Still stuck on Preparing to install updates 0%.

      • #149001 Reply

        dononline
        AskWoody Lounger

        Were you updating through Windows Update?

        I haven’t updated yet this month, but last month, to hopefully save time, I decided to download the Cumulative Update from the MS Catalogue to each of my three computers and update from the downloads. The rest of the patches I updated through Windows Update. It worked well and saved a ton of time — AFTER I discovered, through the help of great and knowledgeable members of the Lounge, that I had to turn off my third-party security suite to get the downloaded Cumulative Updates to install.

        I’m hoping for a perfect updating session this month. (Fingers, legs, toes and eyes crossed!)

        1 user thanked author for this post.
        • #149262 Reply

          rc primak
          AskWoody Lounger

          With Windows 10 CUs weighing in at almost 2GB apiece these days, they can take an awfully long time to download through MS Update. I too often go for the Catalog versions to save time and make sure my updates don’t get “stuck” either on the downloading side or the installing side.

          -- rc primak

          1 user thanked author for this post.
    • #148809 Reply

      anonymous

      Group B, HP Zbook 17 workstation on Win7 Pro x64.

      Installed the Security Only patches, then ran WU and got the cumulative stuff, .Net and Office 2010 updates and the unchecked MSRT. Hid the rollups and installed the 4 Office patches and the MSRT. Turned off WU again. Touch wood…, so far no issues. Never use IExploder but a couple of programs use it, so to be safe, it got the Security Only.

      No issues with Group B and I’m a dunce. Can’t fathom the pushback on Group B either. Will only do .Net Security Only in future though since that past .Net cumulative screwed up image windows. I only own this fancy box to do RAW/photo editing with DxO 9 Pro.

      On .Net 4.6.1 since 2014 and AFAIK, no reason to move to 4.7 for any of my programs.

      I’m on HP Care Pack since phone business support is pretty decent and I get critical alerts via e-mail. Lately, all updates are caused by Win10 which I will never use although this box is capable.  A few months ago I DID install an HP driver which was mainly for Win10 and did some temporary havoc before I did a system restore. Now I’m more cautious and call HP Zbook Support before touching anything, or just read the documentation mentioning Win10 and ignore it.

      The HP alert came through today on the Intel vPro WAP2 fix. Some scary stuff in the documentation, so I called HP in Rancho Rio for an expert. This box is an Energy Star, not a G4. After a lot of digging and checking, the rep found that I have vPro but lack some functionality of the later workstations. Therefore didn’t need the additional firmware mentioned but DID need the security update for my installed hardware/chip. Took 15 minutes to be sure.

      Managed to get it installed although it took two tries. Now I’m WAP2-safe allegedly…

      Regarding the HP spyware conversation, can only presume Win10 is giving HP fits since business machines have 3 year business-level 24/7 support. When this box was set up by an IT pro with HP training, on boot, we only installed a few useful HP utilities. In 2014 the v7 Support Assistant was great. 18 months later, the “upgrade” to v8 was a resource hog and didn’t offer me the correct updates. HP Support walked me through the uninstall. Assume it’s this program which was installing the “spyware”. Pity as v.7 was great… 🙁

    • #148829 Reply

      ch100
      AskWoody MVP

      Just released for Windows 10 1709:

      Servicing Stack Update KB4054022
      CU non-security (equivalent to Windows 7/8.1 Preview Updates) KB4051963

      “Normal” Windows 10 users will likely get them offered and automatically installed soon.

      2 users thanked author for this post.
    • #148885 Reply

      Jim VS
      AskWoody Lounger

      KB 4047206 downloads, but it tells me that it is not applicable to my W7 PC. I’ve been a group B adherent for the last three years and this is the first time I’ve seen this happen. Are there other slices of the IE 11  pie that are out there to be had, say for us older W7  users? PKCano and the Woody folks have never failed me so far, but I’m beginning to wonder. Is my PC too old? Is my version of W7  too old? Did I misread the Topic 2000003 pathway to monthly Nirvana?

      Any help would be much appreciated.

      Edit for content

      jimzdoats

      • This reply was modified 1 week, 5 days ago by  PKCano.
      • #148889 Reply

        PKCano
        AskWoody MVP

        Two questions:
        Did you get the right bitedness? Look at the name of the file and see x86 or x64.
        Check the history. Is it already installed?

        2 users thanked author for this post.
        • #149400 Reply

          Jim VS
          AskWoody Lounger

          Apparently I screwed up my reply (12/1/17) to your questions (#148889) regarding 4047206 being reported as not applicable by W7 (HPrem) on my PC. Since then, nothing has changed. The answers to your questions are:

          1. “bittedness” -x64 like all the previous updates

          2. History shows no installed 4047206.

          Should I try the x86 just in case?

          jimzdoats

          • This reply was modified 2 weeks ago by  Jim VS. Reason: badfinger
          • #149406 Reply

            PKCano
            AskWoody MVP

            Should I try the x86 just in case?

            If you PC is 64-bit, the answer is “no.”

            1 user thanked author for this post.
            • #149456 Reply

              Jim VS
              AskWoody Lounger

              Ah, well then; I will stand by to see what other wonderful nuggets of W7 wisdom can and shall be revealed. I appreciate your help PKCano; if my problem is a one-off then that is what I will deal with. Should it turn out to be a bigger issue, I will surely keep an eye on what goes here at Woody’s.

              Thank you and all the Woody supporters for your assistance.

              jimzdoats

            • #149457 Reply

              Jim VS
              AskWoody Lounger

              I don’t use IE11 at all; I only update to make sure that IE is up to date since it is an integral part of (and useless one to boot) of Win7. IF there should be a further update/clue regarding WTF is going on, I would be glad to know about it.

              jimzdoats

            • #149462 Reply

              windows7forever
              AskWoody Lounger

              I have no idea what is going on in your case, but I am in Group B running 64bit Windows 7 Pro and KB4047206 installed without a hitch.

            • #149464 Reply

              Kirsty
              AskWoody MVP

              Jim, if you had already installed your other updates, I wonder if this relates to your issue?

              Important

              The fixes that are included in this Security Update for Internet Explorer 4047206 are also included in the November 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.

              This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from November 2017 (or a later month) is already installed. This is because those updates contain all fixes that are in this Security Update for Internet Explorer.

              You can read the KB4047206 support page here

            • #149839 Reply

              anonymous

              Thank you Kirsty for offering another avenue of concern – and of thrashing through the muck of updates. As far s I can tell, and my practice is to download one at a time of the Woody approved Class B updates, this should not be about that. I followed PKCano’s https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ for my Ancient W7 ‘puter and downloaded the appropriate Windows Updates. I then downloaded the (same) appropriate W7 IE update for my system, aka 4047206 for x64 – and got a reply from MS that this particular update is not applicable to my system. And that process said (again) that 4047206 is not applicable to my system.

              Twice now since then because I’m happy to do MS’ work for them if it means I can trust my system I’ve tried it. But now I can’t, because twice now the IE update for my system will not load, and says it is not applicable for my system.

              I would be surprised to find out this is NOT my ****-up; I’ve had a pretty good record of either getting these updates in, or figuring out why not. But now I’m stumped.

              Any advice, help or otherwise wisdom is still, and waiting with bated breath, accepted.

              Edited for content
              Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

               

              • This reply was modified 1 week, 6 days ago by  PKCano.
              • This reply was modified 1 week, 5 days ago by  PKCano.
              • This reply was modified 1 week, 5 days ago by  PKCano.
              • This reply was modified 1 week, 5 days ago by  PKCano.
            • #149859 Reply

              Jim VS
              AskWoody Lounger

              Thanks Kirsty, you and the rest of the gang have helped us dangling B’ers try to keep up over the last few years. I don’t think your offering is my problem, due to the fact that I’ve tried to adhere to a tight Type B process these past years. I followed PKCano’s process and downloaded the latest security update for W7. I haven’t used Wupdate for years now, and have been careful to wait a week or so after Woody goes to 3 before using Type B downloads to update my PC .

              I tried three times to download this weeks’ IE11 updates, and got a “not applicable” notice on all three. That being said, I just punched up my latest WUpdate and got this: KB4040183 (.Net) and KB4048957 (MQR-Up for W7. No more IE 11 updates ( KB4047206) and therefore none that I will use.

              Nose-biting, face-spiting? We’ll see.

              jimzdoats

            • #149865 Reply

              Jim VS
              AskWoody Lounger

              Ohh (aka aw s***!); it appears that my thumb-fingered approach to digital democracy may have caused me to accidentally click on the download button for KB 4048597, aka Cumulative etc, etc. Frankly, I slammed the keyboard and stopped that s*** after a couple of seconds…

              And yet when I did that it was AFTER the first time I was denied a download of KB4047206 by my own PC. OR so I think. That was a couple of days ago…

              Does this mean I’ve popped my Type B cherry and must now forever go amongst the Type As? I’ve been such a good boy for so long…

              Then again, Woody and PK have started to harp on that quite a bit lately…

              Arrggghh!

              I could always go back a week or so and restore to a previously unviolated status…

              Or give this PC  to my Incredibly Significant Other and load up the MacBook Pro. If it’s battery is still good..

              And then have to keep 2, count ’em 2 different portals safe from the infidels.

              Lordy, lordy, what’s a feller to do?

              jimzdoats

            • #149866 Reply

              Jim VS
              AskWoody Lounger

              IF it means any single little thing, the current history shows this:

              “2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957)

              Installation date: ‎12/‎1/‎2017 1:58 AM

              Installation status: Canceled

              Error details: Code 8024000B

              Update type: Important

              A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

              More information:
              http://support.microsoft.com/help/4048957

              Help and Support:
              http://support.microsoft.com/help/4048957

               

              Any chance that I can undo this? Or am I just toast for the future on this machine?

              jimzdoats

            • #149871 Reply

              PKCano
              AskWoody MVP

              It says the install of  KB4048957 was cancelled.
              Go ahead and try to install the Group B patches.
              If KB4048957 is installed, it will tell you that the security-only patch and the IE11 update are not applicable to your machine.

              If You get that message, use a restore point created before the attempted install of KB4048957 and reinstall the Group B patches.

              1 user thanked author for this post.
            • #149990 Reply

              anonymous

              Hi PKCano, responding to you only to keep this located near my concern.

              I came to AskWoody today and read the frontpage article https://www.askwoody.com/2017/the-pollyannish-assumption-and-askwoody/ then began catching up on several hours of postings. This thread was the first new item I had not seen. I understand troubleshooting is very frustrating. But I am also very surprised the comments included here are deemed acceptable.

              A question to any MVP, does this cascading portion of this thread meet current guidlines?

            • #150056 Reply

              PKCano
              AskWoody MVP

              I’ve made a couple of edits. Can you provide any other post numbers?

              2 users thanked author for this post.
            • #150105 Reply

              anonymous

              You caught the sharpest examples from George Carlin’s seven word list. Good enough. Thanks.

            • #150127 Reply

              Jim VS
              AskWoody Lounger

              Alles ist gut. Your advice allowed me to bring things back into normal order, such as it is. I appreciate your guidance and the knowledge behind it. PKCano, you and the other MVPs are a bright light in an otherwise dark and shadowed world – outside of Ask Woody of course.

              Keep up the good work, and btw – check sent to AskWoody.

              jimzdoats

              1 user thanked author for this post.
    • #148909 Reply

      abbodi86
      AskWoody MVP

      Marginal note:
      .NET 4.6.2 is official re-supported for Windows 10 ver 1507 (Enterprise LTSB) and ver 1511 (Enterprise/Education)
      https://support.microsoft.com/en-us/help/3151800/the-net-framework-4-6-2-offline-installer-for-windows

      and they got a catalog-only update, kb4051600 (1507), kb4054057 (1511)

      3 users thanked author for this post.
    • #148911 Reply

      dgreen
      AskWoody Lounger

      My first update going to Group A using my windows update.
      It failed.  (sigh)
      kb4048957 failed code 8024200D

      WTH??????

      Now what?
      Windows 7 64 bit Home Premium

      • This reply was modified 2 weeks, 3 days ago by  dgreen.
    • #148919 Reply

      anonymous

      We still have to hide the 1709 update right? Ya know can’t install it yet until it is officially safe to install it in a few months or so after all the kinks are worked out.

      • #148923 Reply

        PKCano
        AskWoody MVP

        It’s a good idea to still wait to install 1709.

        • #149045 Reply

          anonymous

          Thanks PK-I’ll wait until the end of february/start of march to install it since it takes a few months or so to work all the bugs out of a major update for Windows.

          I was fortunate in June when I got my win10 computer and installed 1703 safely since it came out in march and there was no problems. Therefore, It’ll be safe around january, february or march to install it.

      • #149160 Reply

        rc primak
        AskWoody Lounger

        I’m on Version 1703, and hiding the Feature Update to Version 1709 was not an option.

        I have not applied any of the Advanced Updates Options to defer feature updates, nor any of the Group Policy settings, so this may have been my own fault.

        Wushowhide did not detect the Feature Update on either of my ver.1703 devices. So the download started when I ran the updates after looking through them with wushowhide.

        On both devices I quickly switched back to Metered Connection and temporarily turned off my wireless Internet. On the tablet, which has slow hardware, this worked, but MS Updates got seriously messed up and had to be reset and repaired. The Feature Update now lists as failed to install and could be offered again next month.

        My Intel NUC is much faster, and there nothing could stop this forced upgrade. It tried to go all the way through even after pulling the wireless plug and running wushowhide in hide mode. This wasted many gigabytes of downloading and over two hours of time. Then the Install routines ran another hour and a half.  After that, MS Update ran again and picked up the Version 1703 Cumulative Update and the Servicing Stack Update. MSRT ran in between, as did the Flash Player update. Both of these are the same for versions 1703 and 1709.

        Restart finally happened, and it was quick. No upgrade to version 1709 happened in the NUC. MS Update History still says the NUC needs to do a restart to perform the 1709 upgrade. Restarting several times since then has produced no further MS Updates or Feature Update activities.

        I cleaned up thoroughly and ran Disk Cleanup on the NUC after all this mess, and recovered space on my SSD. All seems well, and MS Updates is not showing any pending or available updates. But wushowhide is not showing the feature update as hidden or available. Only the Update History shows the feature update as needing a restart to install.

        So unless you go to extraordinary lengths to stop this feature update, it will be forced onto your Windows 10 version 1703 system, whether you want it or not, and whether you run wushowhide or not.

        If you’ll excuse me now, I have to begin shopping for a Chromebook and a cheap small laptop or 2-in-1 to convert to Linux.

        -- rc primak

        • This reply was modified 2 weeks, 1 day ago by  rc primak.
        1 user thanked author for this post.
    • #148924 Reply

      anonymous

      I was on 1703. I used your instructions “8 steps to install windows 10 patches like a pro”. I used the Wushowhide tool. The 1709 feature upgrade was not offered. I set my update settings as you specified (Current Branch, 0 days Feature update, 0 days Quality updates) and ran Check for Updates. The 1709 Feature Update showed up and installed. I rolled back to 1703 and went through your steps again. Same result. I’m now on 1709 and don’t want to be, but I still want security updates. How can I get them without installing the 1709 Feature update?

       

      1 user thanked author for this post.
      • #148931 Reply

        PKCano
        AskWoody MVP

        Microsoft pulled a fast on this Patch Tuesday and “by accident” (Yeah!!) didn’t honor the Current Branch for Business setting, thus upgrading a lot of people from 1703 to 1709 without their permission. (They changed the terminology from CBB to Semi Annual Channel was their excuse.) Supposedly (Sure!) they are going to fix it in the next release (meaning Patch Tues – who knows).

        If you have Win10 Home, set your Internet connection to “Don’t download over Metered connection,” run wushowhide and hide the 1709 upgrade, then change your connection back and get the 1703 CU. You are going to have to be careful. Setting “metered connection” may affect other downloads.
        Another way would be to hide the upgrade and download/manually install the 1703 CU from the MS Catalog.

        2 users thanked author for this post.
        • #148939 Reply

          anonymous

          I have W10 Pro.  When I run wushowhide the upgrade to 1079 doesn’t show up.  I can’t hide it.  But when I run Check for Updates, the 1079 upgrade shows up and updates my laptop to 1079.  I can roll it back to 1073, but I can’t hide the 1079 update since it doesn’t show up in wushowhid.

           

          1 user thanked author for this post.
          • #148944 Reply

            PKCano
            AskWoody MVP

            Set your Internet connection to “Don’t download over Metered connection” first.
            Then run wushowhide.
            The connection setting should keep the upgrade from downloading, then you should be able to hide it.

            • #148954 Reply

              anonymous

              I am rolled back to 1073. I did as you suggested and set my connection as metered. I ran wushowhide but 1079 did not show up. I changed my update settings to Current Branch, 0 days for feature updates, 0 days for quality updates. I ran “Check for Updates”. Feature Update 1079 showed up and tried to download but said that it would download later when I’m not on a metered connection. That saved me from updating to 1079, but how do I keep it from showing up when I check for updates? I run wushowhide per Woody’s instructions and it’s not there for me to hide.

               

              1 user thanked author for this post.
            • #148965 Reply

              PKCano
              AskWoody MVP

              I have Win10 Pro 1703.
              My settings are: CBB, defer feature updates for 365 days, defer quality updates for 0 days.
              My 1703 received KB4048954 CU to Build 10563.726 and 4049011 servicing stack on 11/17.
              When I search for updates, it says I am up to date and 1709 does not appear.

              Leave your connection at metered. Set your settings like mine. Reboot. Search for updates.
              See if you get the CU and servicing stack.

              1 user thanked author for this post.
        • #149007 Reply

          walker
          AskWoody Lounger

          @pkcano:  I don’t have Windows 10 (thank my lucky stars!), however it is beginning to appear that Win10 has a “ton” of problems, here and there.   I could never deal with all of that “in addition” to the “normal messes” with the other versions of Windows.   Thank you for keeping things “straight” for all of the users on Woody’s website!    🙂

          2 users thanked author for this post.
        • #150298 Reply

          walker
          AskWoody Lounger

          @pkcano:   I thank my “lucky stars” I don’t have Windows 10 on top of everything else.   This is the “worst mess” I’ve seen in many a day.   Hoping for a miracle to occur and everything will revert back to the way things were about 3 years ago.  That would be a wonderful “dream come true”!

          Thank you PKCano for all of your invaluable assistance, you have helped everyone in an astonishing manner insofar as setting forth  information for so many scenarios!  Everyone learns something from the posts you help them all with, irrespective of their own type of OS, programs, Groups A & B, ad infinitum.  Thank you once again!    🙂

      • #148963 Reply

        zero2dash
        AskWoody Lounger

        Wait, you set it to Current Branch (CB), or Current Branch for Business (CBB)?
        If you want to stay on 1703, set it for CBB.
        If you have it set on CB, it’s going to update to 1709. 1709 is CB.

        Your post specifies that you set it to CB but you want to stay on 1703 – that’s not going to work.

        Ideally (because of the 1703 -> 1709 CBB upgrade fiasco), you should set it to CBB AND set the defer period to 365 days. Apparently the issue here is they’re not honoring the CBB setting, but they ARE honoring the deferral period setting (which makes absolutely no sense, but, *Microsoft*).

        My suggestion (if you want to update now, as you should) but stay on 1703 –
        Leave the CBB setting but change the Quality Update deferral to 0 days.
        I think you’re confusing the 2 settings.
        Feature updates is for the version changes.
        Quality updates is for the monthly patches.
        As of yesterday, my 1703’s were set to Feature: CBB, 365 day deferral, Quality: 30 day deferral. (I had October’s updates.)
        I changed the Quality deferral down to 14 days, then checked for updates. They pulled all of November’s updates….the quality rollup, the Flash update, the MSRT, and an Intel update. After my systems rebooted – *still on 1703* – I reverted back Quality deferral to 30 days.

        1 user thanked author for this post.
        • #148968 Reply

          PKCano
          AskWoody MVP

          Good catch. I kept referring to CBB, but missed that he had CB.

          • #148971 Reply

            anonymous

            That worked. Although I didn’t have to download KB4048954 and kb4049011 since they were installed when I did the first update check and 1709 installed. Rolling back to 1703 did not uninstall those two KBs for 1703. Where I got messed up is when I followed Woody’s instructions for his latest Defcon 3 post and followed the steps in “To get Windows 10 patched, go through the steps in “8 steps to install Windows 10 patches like a pro.”” in his article: “Get November Windows and Office updates installed — carefully”. Maybe there should be an amendment to that for the case like this where we are waiting for CB to go to CBB to keep the update setting on CBB, 365 days, 0 days.

            1 user thanked author for this post.
            • #149019 Reply

              zero2dash
              AskWoody Lounger

              Yeah, I believe the only way of keeping sane whilst running Win10 is to change to CBB and push the deferrals for feature and quality as high as they’ll go. When the smoke clears, roll back one (or the other, or both) and update, and then revert that setting back again. Obviously this month, MS decided CBB = CB (for them); like PKCano said in the relevant thread, it screams of GWX all over again. Luckily, having the deferral period set still provided the proverbial [digital] “line in the sand” and they haven’t stepped over it. (Yet.)

              As for waiting for 1709 to go CBB, it’ll be awhile. MS so far has really handcuffed the new CB release to then-putting the previous CB release to CBB status, so, odds are, 1709 will go CBB in March next year when they inevitably release 1803 as CB. (If they stick with the “new” schedule of feature updates, which is now March and September.) Hopefully by then they’ve fixed things in 1709; if not, 1703 should still get the quality updates so waiting is not really a problem.

              I’m still very conflicted on Win10. It’s a fantastic OS that runs like a very optimized Win7, but I’m still not happy about the feature update frequencies/policies, nor am I happy about the lack of control we really have on updates (on the surface). I do, however, love the feature/quality deferrals, since those capabilities basically balance out the lack of control and not being able to pick and choose updates like we could do with previous versions of Windows. It’s a concession everyone has to make, if they want to stay with Windows at least (and still have security updates).

              3 users thanked author for this post.
            • #149263 Reply

              rc primak
              AskWoody Lounger

              Those settings may hold for awhile. Just in case they ever don’t hold, I’m putting Linux and ChromeOS in my vest pocket.

              -- rc primak

    • #148935 Reply

      CraigS26
      AskWoody Lounger

      I just Installed ONLY the (4) W7  Office Updates ; NOT the KB 4048957 Quality Rollup Update and MSRT. Awaiting new info.

      The KB 4011618 (not in my WU list) Office Security Update several say should be Installed (MrBrian: sooner or later) has 30+ .exe offerings at the Dnload site. Has Anyone actually Installed it and HOW was the Selection made?

      Thanks as always!

      WU Grp A - Win 7-64 Hm Prem / Hm-Stdnt Office '10 - NO Java or Flash

    • #148956 Reply

      amraybt
      AskWoody Lounger

      It feels like the list of ongoing issues with patches has gotten overwhelming (mainly speaking on the 7/8.1 side of things). I try to keep a list of issues with each month’s patches along with links to articles by Woody, Gunter Born, et al as well as Lounge threads, but every time Defcon 3 hits I start scrambling to see if there’s anything I need to watch out for.

      For example, on 7 and 8.1:

      • The IE cumulative updates have a strange crash issue related to font size since September.
      • The Oct rollups for Win 8.1 apparently broke login for Microsoft accounts (local accounts unaffected).
      • October patches also caused a strange “external database driver” error. Bug fixes were issued then pulled for causing even more problems. I have no idea what the status of this is.
      • November updates have the Epson printer bug, fixed by a standalone patch.
      • November updates also reset Windows Media Player settings.

      I think that’s just the tip of the iceberg, and I haven’t closely followed .NET patches which seem even more jumbled. I’ve long thought it would be great to have some kind of centralized wiki or table that summarizes the major issues with each month’s rollups (at least for 7/8.1; 10 is probably a different beast altogether) with links to relevant Lounge threads & CW Woody articles. There could also be an indication of current status (resolved, ongoing, unknown) with details on hotfixes or links to other discussions/articles detailing solutions or temporary workarounds.

      It sounds complex at first but I think we could put our heads together and pull it off. This could be a sister AKB resource to the list of each month’s patches w/ download links. That way when people are ready to patch they can get a summary of what to expect and whether certain bugs/issues may apply to their systems/configurations (and how to resolve them, if applicable). This could also make it easier for Woody to refer to outstanding or ongoing issues for his monthly patch summary articles.

      I love this community of helpful, resourceful people dedicated to cleaning up Microsoft’s monthly messes. It can be difficult to keep up with all the simultaneous discussions and issues, but that is certainly not the fault of anyone here. Sadly Windows patching is not exempt from the 2nd Law of Thermodynamics. :p

      Of course I thank everyone deeply for all their hard work – without the people here we’d all be lost in a sea of buggy, broken patches…

       

      • This reply was modified 2 weeks, 2 days ago by  amraybt.
      • This reply was modified 2 weeks, 2 days ago by  amraybt.
      • This reply was modified 2 weeks, 2 days ago by  amraybt.
      3 users thanked author for this post.
    • #148984 Reply

      DrBonzo
      AskWoody Lounger

      WIN7 Starter 32 bit group B. After installation of the security only update KB4048960, I got a “Welcome to Windows Media Player” screen. I had to do an ‘initial’ configuration to use the program. Nothing else appears to be changed. That is, Media Player works just fine and all my media are still there and working.

      This has been reported on this site before a couple times but I don’t remember where, and Gunter Born has mentioned it as well. But, it doesn’t appear to be a big deal.

      2 users thanked author for this post.
      • #148989 Reply

        PKCano
        AskWoody MVP

        You get a first-run setup with WMP after the patch. It doesn’t remove you media. But if you had settings (playlists, history, etc) they got wiped out.

        1 user thanked author for this post.
    • #149004 Reply

      pulsar
      AskWoody Lounger

      Win 7, Group A.  Only installed the Nov. Security Monthly Rollup for Windows 7. No problems noted.  MSRT was under Important but unchecked so did not install . Under Important AND checked was KB2952664.  Did not install this – was I correct in understanding that this is a snooping patch and not recommended to be installed?

      Have not installed any of the Netframe updates since August, I believe, since there were reported problems with the Sept. updates.  Are these safe to install now? If so, do I need to install all of them or is the latest November update cumulative and include the Sept. & Oct. updates?  Thanks in advance!  The info I find here is always invaluable!

      • #149008 Reply

        PKCano
        AskWoody MVP

        Hide KB2952664 if you don’t want the telemetry patches.

        Be aware that one of the patches for .NET may be the installer for .NET Framework 4.7 – it will NOT have Rollup in the name.
        The Nov .NET patches have no security content, so if you want to skip them it’s OK.
        The earlier .NET Rollups should be OK if they are checked important in WU

        1 user thanked author for this post.
    • #149010 Reply

      Marty
      AskWoody Lounger

      Normally, the Windows Malicious Software Removal Tool box is pre-checked on my Win7 machine, but for some reason this time it is not.  Has anybody else experienced this?

      1 user thanked author for this post.
      • #149022 Reply

        PKCano
        AskWoody MVP

        Nov MSRT was not checked in the important updates

        1 user thanked author for this post.
    • #149011 Reply

      walker
      AskWoody Lounger

      @Mr.Brian:   I have a question as well, and it probably seems inane,  however I do not recall ever having to “uninstall an installed update” and would like to know if there is a specific procedure which is simple enough for most of the “computer illiterates” (such as I) could do it without making errors.   ??      Thank you for any guidance you may be able to provide, and for all of the other advice, knowledge, and expertise you have always provided.    🙂  🙂

      • #149126 Reply

        MrBrian
        AskWoody MVP
        • #149146 Reply

          walker
          AskWoody Lounger

          @Mr.Brian:   Thank you so much for the link to this really excellent information!!  It is just what I need, and will be placed with the other references which possess guidance with information I’m sure “some day” I may need.   I appreciate you taking the time to send this very helpful information to me!

          Thank you, as always, for all of the information which you so freely provide to all of our members, as we all appreciate your outstanding assistance more than words can ever adequately express.     🙂  🙂

        • #149264 Reply

          rc primak
          AskWoody Lounger

          In Windows 10, this method is unavailable. So you have to follow all the steps in this article, until you reach the part about hiding the update. Wushowhide is the tool to use for that. It’s a Windows 95 era diagnostic tool, but up until the 1709 Feature Update fiasco, it worked on every unwanted or problematic update I’ve heard of. Wushowhide is a little arcane for everyday users, but it can be fathomed.

          -- rc primak

    • #149046 Reply

      KarenS
      AskWoody Lounger

      The Nov .NET patches have no security content, so if you want to skip them it’s OK. T

      PKCano you say that the Nov .NET patches have “no security content” but according to KB4049016 (which shows on the WU on my Windows 7 64 bit home premium PC – Group A) it states that it includes both SECURITY and QUALITY rollup for NET. The update is check for me, show I install it?

      • #149048 Reply

        PKCano
        AskWoody MVP

        According to the MS Software Update Service,

        Changes to existing nonsecurity content:

        • 2017-11 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4049016)
          • Metadata has changed.
          • Binaries have not changed.
          • This update does not have to be reinstalled.
        1 user thanked author for this post.
        • #149050 Reply

          KarenS
          AskWoody Lounger

          I am once again confused….

          The title of yours is: 2017-11 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4049016)

          Mine is:

          update

          Yours says “Quality” rollup and mine says it is a “Security & Quality” rollup (published 27/11/2017) but they are both under the same KB #. Mine is checked as Important! I really don’t know whether I install it or not?

          • This reply was modified 2 weeks, 2 days ago by  KarenS.
          • This reply was modified 2 weeks, 2 days ago by  KarenS.
          Attachments:
          You must be logged in to view attached files.
          • #149055 Reply

            PKCano
            AskWoody MVP

            See @mrbrian ‘s reply under this post

            https://www.askwoody.com/forums/topic/ms-defcon-3-yep-its-time-to-get-patched/#post-148662

            2 users thanked author for this post.
            • #149096 Reply

              Jim VS
              AskWoody Lounger

              The best part of Ask Woody is that there are a lot of folks out there who have the same (or similar) issues and this forum allows them to speak, spray, and otherwise ask for help.

              The worst part is that this is a small and easily over loaded website (keep up the work on getting the site bulletproof, woody!) that can do only so much – absent a fountain of money that can keep it rolling and online. All of you anons out there who ride the waves and then thank Woody’s stars for helping you out – and don’t donate – are just sucking the life out of this service. Tossing a few bucks toward keeping this site alive – and keeping the volunteer experts involved, is not a a choice. Unless you wish to deal with the Winter King (aka WinBoss) on your own.

              I choose to send a check from time to time to Woody’s address. Those who are just along for the ride and don’t do so – then you will soon stop ALL of us from getting access to semi-pro support for darned near free.

              Step up and show your support, not by asking questions (and yes you should continue doing that) but by dropping a few shekels into the basket – so you can continue to get this 99% free support.

              If you don’t want to do that, then I suggest you call/text/email Microsoft for help.

              Ah-henh!

              jimzdoats

              7 users thanked author for this post.
      • #149114 Reply

        zero2dash
        AskWoody Lounger

        Unfortunately you have to drill down a bit deeper with the .NET updates.

        Your KB links to: https://support.microsoft.com/en-us/help/4049016/november-2017-security-and-quality-rollup-for-net-framework-3-5-1-4-5
        Basically, that’s a “group post” (for lack of a better term).

        An individual file for KB4049016 does not exist.

        If you look under “More information”, you’ll see:
        – 4041778 Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4041778)
        – 4040977 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4040977)
        – 4040980 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4040980)

        If you’re running .NET 4.6-4.7 (which is most likely what you have), it is a Quality only rollup, meaning no Security updates (and WU will pull KB4041778). For older versions, the November update is a Security & Quality rollup.

    • #149154 Reply

      anonymous

      Regarding the Office security patches…

      “We’re starting to see some consumer-grade malware that exploits the Equation Editor security hole, CVE-2017-11882, and that’s the primary reason for getting patches applied now.”

      Reading the info associated with the patches mentioned, it seems this only applies to Office 2007 and 2010… so does that mean other versions of Office are NOT affected and/or no patches have been released?

    • #149208 Reply

      alpha128
      AskWoody Lounger

      I installed 2017-11 Security Monthly Quality Rollup for Windows 7 x64 (KB4048957).  Since 2017-11 Malware Removal Tool (MRT) was not checked, I rebooted after installing.  Windows Update was still nagging me after the first reboot however, so I installed November MRT and rebooted again.

      I seem to have no problems at all.  I had heard that Windows Media Player (WMP) would be reset to first run status after the install, so I took screenshots of all my WMP settings back on November 21st.  But it turns out that was unnecessary as my WMP settings and library were retained.

      1 user thanked author for this post.
    • #149256 Reply

      Latka
      AskWoody Lounger

      PHANTOM FEATURE UPDATE

      I have been trying to follow Woody’s recommendations to stay off the unpaid Windows beta tester track. By setting a metered connection and using Noel Carboni’s ConfigureAutomaticUpdates tool and the Windows WUshowHide tool, I have been able to forestall unwanted updates successfully.

      But some weird things started happening a couple months ago. Here is my story of today’s encounter with the phantom Feature Update to 1709.

      System Info: Win10 Home Edition x64, vers. 1703 (build 15063.674)

      STATUS LAN connection: none; WiFi set as metered connection: On
      WUshowHide shows no Feature Update available

      ACTION WiFi set as metered connection: changed to Off. Windows Update Settings: clicked check for updates.
      RESULT Windows Update Status: Updates are available – Feature Update to Windows 10, version 1709

      ACTION WiFi set as metered connection: changed to On. Restarted system.
      RESULT WUshowHide shows Feature Update 1709 available.

      ACTION Used WUshowHide to hide Feature Update 1709. Restarted system.
      RESULT WUshowHide shows Feature Update 1709 hidden.
      Windows Update Status: Feature Update to Windows 10, version 1709 available. Will be installed.

      ACTION Restarted system several times, with metered connection changed to both On and Off.
      RESULT Windows Update Status: Feature Update to Windows 10, version 1709
      Initializing installation; Preparing to install updates 1% [progressing to 99%]

      FINAL ACTION WiFi set as metered connection: Changed to Off. Restarted system.

      RESULT Windows Update Status: Feature Update to Windows 10, version 1709
      Installing updates 1% [progressing to 99%]

      FINAL STATUS WUshowHide shows no available Feature Update, hidden or unhidden.
      Windows Update Status: Your device is up to date. Last checked: Today, 1:36 PM
      System Info: Win10 Home Edition x64, vers. 1703 (build 15063.674)
      Update History: Feature update to Windows 10, version 1709 – Requires a restart to finish installing.

      I have restarted the machine several times, but the update history still says “Requires a restart to finish installing.”

      MY FINAL STATUS Utterly perplexed, like a prisoner led through a fake execution.

      Last month, something similar to this happened when Woody lowered the MS Patch DEFCON Level. When all the updating stopped, I was still at 1703 and the 1709 Feature Update mysteriously disappeared. I was in too much shock to remember the exact steps I took.

      Just like this month. Creepy.

    • #149388 Reply

      mazzinia
      AskWoody Lounger

      I was going to apply the patches ( group B ) in a few hours, and I went to check Windows Update to see the office and .net ( windows 7 ).

      But got something strange…

      I’m getting    Windows is up to date ( green shield )  ,  while I’m sure yesterday or 2 days ago I could see the patches available.

      I tried to run the “check for updates” and I get an error code 80248015

      Should I worry ?

    • #149407 Reply

      anonymous

      Since updating Windows 7  on 1st December I can no longer access Windows Update without getting Error Code 80248015.  I did go back to a previous restore point but to no avail. Any advice would be greatly appreciated.

    • #149415 Reply

      Noel Carboni
      AskWoody MVP

      My experience this cycle:

      Win 8.1 x64 Pro/MCE updated 17 days ago (I completed my own testing and jumped ahead of Woody’s switch to DEFCON-3). This system was used heavily every day to do software engineering and business management: No problems at all, it’s been stable.

      Win81Stability

      Win 7 x64 Ultimate updated 18 days ago, used primarily as a server. No problems at all.

      Win7Reliability

      -Noel

      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
    • #150054 Reply

      Morty
      AskWoody Lounger

      Thanks to Woody and crew.
      I updated Sunday (Dec. 3) and found five “important” files available:
      I got these three that were checked:
      2017-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4049016)
      2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957)
      Update for Windows 7 for x64-based Systems (KB2952664)

      I left these two unchecked (and didn’t download them):
      Update for Windows 7 for x64-based Systems (KB3021917)
      Windows Malicious Software Removal Tool x64 – November 2017 (KB890830)

      Before I updated, I did a full backup to my Seagate Expansion Drive. I noticed that the drive is almost full. It’s now at 228.10 GB free of 1.82 TB. (Before the backup it was at 253.06 GB free.) Is there a sensible, safe way for me to delete old backups from the drive to make room? Or should I just buy a new one?
      What about backing up to the cloud? Any recommendations? I used to be paranoid about the cloud but since I went to Group A, I had to finally accept that Microsoft and Google know everything about me anyway. (I don’t have an Apple device and haven’t used an old Facebook account in years.) And how secure is a hard drive anyway?

      Just a thought: Could there be any connection between the updates and the fact that the past few months everything has been running slower? Word, Firefox, and Chrome have been freezing and giving a “Not responding” message. I tried removing background programs (I’m an old TSR fan.) And I’ve been careful about overloading tabs in Firefox. (Even installed an extension called Tab Suspender to remove inactive tabs from memory.)

      Thanks again, Morty

      • #150304 Reply

        MrBrian
        AskWoody MVP

        “Is there a sensible, safe way for me to delete old backups from the drive to make room?”

        There should be. What program are you using to make the backups?

        2 users thanked author for this post.
    • #150363 Reply

      Sparky
      AskWoody Lounger

      Are these safe to install?

      KB4049016 2017-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64
      KB4048957 2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems
      KB890830 2017-11 Windows Malicious Software Removal Tool x64

      I’m not to sure after reading this thread.

      W7 Home Premium SP1 x64

      1 user thanked author for this post.
      • #150594 Reply

        PKCano
        AskWoody MVP

        NOVEMBER patches that are CHECKED in the “important updates” list are safe to install.

        DO NOT install anything that is UNCHECKED. DO NOT install anything that has a DECEMBER release date yet – Dec. patches have not been vetted yet

        • This reply was modified 1 week, 4 days ago by  PKCano.
        4 users thanked author for this post.
        • #150704 Reply

          Sparky
          AskWoody Lounger

          I don’t remember which patches were checked in WU. In WU are patches that are in the “important updates” list normally checked?

          The reason I ask is after running WU I usually hide all patches except MSE definitions. After hiding the patches, I go to askwoody.com to figure out what patches are safe to install. After installing, I have WU keep checking until there are no more patches to install.

          The restore hidden update list only tells you of the importance of the patches. It does not tell you which patches were checked in WU.

          Once you run WU and hide the patches and run WU again, WU will says “Windows is up to date”. WU does not show the patches with the boxes unchecked or checked like it did the first time you ran WU.  You only have one crack at it when you run WU the first time.

          My tactic next time, Before I start hiding patches is to take a screen shot of the patches in WU so I know which patches were checked or unchecked.

          I always have WU set on “Never check for updates (not recommended)”

          Restore hidden update list shows.
          KB4049016 2017-11 recommended
          KB4048957 2017-11 important
          KB890830   2017-11 important
          My hunch is, the last two patches marked important are safe to install, is this correct?

          W7 Home Premium SP1 x64 Group A

          • #150707 Reply

            PKCano
            AskWoody MVP

            It’s NOT a one-shot thing

            Be sure WU is set to “Never check”
            Go to “Restore hidden updates”
            Check those three updates
            Click “Restore” (this does not install, it only UNHIDES)
            Return to WU
            Search for updates
            Rehide the unchecked ones, install the checked ones

            • #150853 Reply

              Sparky
              AskWoody Lounger

              PKCano, Wrote: Check those three updates.”Click “Restore” (this does not install, it only UNHIDES) Return to WU”

              I learned something new today, now I know how to get the updates checked or unchecked boxes back. FYI KB890830 was the only update that was unchecked.

              Thank You, for the WU lesson.
              Sparky

              • This reply was modified 1 week, 2 days ago by  Sparky.
          • #150749 Reply

            Geo
            AskWoody Lounger

            Im group A.  I installed both KB4048957 ans KB890830.  No problems;  as for KB4049016 it doesnt show on my list.

    • #150604 Reply

      Pepsiboy
      AskWoody Lounger

      PKCano,

      Advice needed, please. I just got the following updates listed on Windows Update for both my laptop and our desk top. Both are running Win7 x64 SP1, group B.
      KB2553338 – Office 2010 – dated 11-11-17
      KB4011055 – office 2010 – dated 11-11-17
      KB4048957 – Win7 Security Quality Rollup – dated 11-11-17
      KB954430 – MSXLT SP2 – dated 11-11-17
      KB890830 – MSRT – dated 11-11-17

      All are listed as “Important” and are checked.
      I’m reluctant to install the Office updates, as we do not use and do not even have it installed on either computer. just wondering if the others are safe or not.

      Thanks, in advance.

      Dave

      2 users thanked author for this post.
      • #150607 Reply

        PKCano
        AskWoody MVP

        If you are Group B, you don’t wsnt the Security Monthly Quality Rollup KB4048957. Download the Security Only Quality Update and the IE11 Cumulative Update from AKB2000003.

        The Office updates:
        Do you have the Office viewers installed?
        Do you have the Office Trial Offer (that comes with new PCs – a 30 or 90 day trial witn an offer to buy from MS) on your PC??
        If the latter, uninstall it and see if you are still offered the updates.
        If the Trial Offer is gone, and you have the viewers (which are like a runtime ver of the s/w, accept the updates or uninstall the viewers.

        The other two should be OK. KB954430 is a security update for XML.

        • This reply was modified 1 week, 4 days ago by  PKCano.
        3 users thanked author for this post.
    • #150708 Reply

      Purg2
      AskWoody Lounger

      …My hunch is, the last two patches marked important are safe to install, is this correct? W7 Home Premium SP1 x64 Group A

      Sparky, you can find out by unhiding them.  They should restore to their original state where you will see if they are checked or not.  It won’t hurt to try & you can rehide them afterwards if you are so inclined.  Give it a whirl.

      Win 8.1 Group B

    • #150709 Reply

      Pepsiboy
      AskWoody Lounger

      If you are Group B, you don’t wsnt the Security Monthly Quality Rollup KB4048957. Download the Security Only Quality Update and the IE11 Cumulative Update from AKB2000003. The Office updates: Do you have the Office viewers installed? Do you have the Office Trial Offer (that comes with new PCs – a 30 or 90 day trial witn an offer to buy from MS) on your PC?? If the latter, uninstall it and see if you are still offered the updates. If the Trial Offer is gone, and you have the viewers (which are like a runtime ver of the s/w, accept the updates or uninstall the viewers. The other two should be OK. KB954430 is a security update for XML.

      PKCano,

      I have nothing of office on either of these machines. That is why I wonder WHY  am I getting updates for office.

      Thanks for the tip, I’ll take care of the good ones this evening.

      Dave

      1 user thanked author for this post.
    • #150722 Reply

      twbartender
      AskWoody Lounger

      Earlier today I searched for the November 2017 MSRT KB890830 update in the Microsoft Update Catalog, in hopes that an updated version was available for Windows 7 x64. I was surprised to find that all of the versions that had been previously dated 11/14/17 had been replaced with new ones dated 11/30/17. When I clicked on the download button I was presented with 2 different files to choose from. Because I was unable to determine which was the correct file to download, I decided wait rather than choose the wrong file.

      A few minutes ago I reopened the update catalog  so that I could copy the names of the 2 different download files being offered for Windows 7 x64 only to find that all the November 2017 versions had been updated yet again… It’s still being listed  as: Windows Malicious Software Removal Tool x64 – November 2017 (KB890830), but now it shows that it was update today, 12/7/17. When I clicked the download button, I was again presented with 2 different files to choose from, and I’m still left with the dilemma of which is the correct file to download.

      Below are the 2 files that are now being offered.

      windows-kb890830-x64-v5.54_ef22d1ab155e6463d05dd1a3d1bd6b069ffa2415.exe

      windows-kb890830-x64-v5.54-delta_56816c5257a3fe942c70b10c96da3caa2a7ae1eb.exe

      The KB890830 versions for Windows 8, 8.1, and10 are listed differently:  Windows Malicious Software Removal Tool for Windows Insider Preview and Server Technical Preview x64 – November 2017 (KB890830)

      • This reply was modified 1 week, 3 days ago by  twbartender.
      • #150753 Reply

        PKCano
        AskWoody MVP

        @twbartender

        Your posts were caught in the spamfilter on edits. If you submit/edit/submit/edit too quickly, the system thinks you are spamming. Slow doen and let the system refresh in between. 🙂

        • #150820 Reply

          twbartender
          AskWoody Lounger

          @pkcano

          Thank you for recovering the lost post…

          Now that the message has posted do you have any advice as to whether this updated catalog version of the November MSRT should be installed, and if so which of the 2 files is the correct one to install? I’ve been unable to locate any further information on either of the 2 files.

          windows-kb890830-x64-v5.54_ef22d1ab155e6463d05dd1a3d1bd6b069ffa2415.exe

          windows-kb890830-x64-v5.54-delta_56816c5257a3fe942c70b10c96da3caa2a7ae1eb.exe

          • #150825 Reply

            PKCano
            AskWoody MVP

            Woody just posted a new topic no the Malware engine – it should be fixed. That probably means get it through WU when it’s available.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 3: Yep, it’s time to get patched

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.