MS-DEFCON 3: Yep, it’s time to get patched

Topic

New Reply

Lots of warnings this month for odd bits and pieces, but it’s time to get everything caught up. There’s a nasty Equation Editor malware exploit making
[See the full post at: MS-DEFCON 3: Yep, it’s time to get patched]

8 users thanked author for this post.

Morty, walker, Tiernan, JDeC, SueW, Elly, AJNorth, Pepsiboy

Reply | Quote

Replies

The KB4049011 article says it is the servicing stack for Win10 v1703. You will need to install it.

3 users thanked author for this post.

rc primak, Bobc, woody

Reply | Quote

What exactly is a ‘Servicing Stack’?

1 user thanked author for this post.

walker

Reply | Quote

From Updating the Servicing Stack: “The servicing stack includes the files and resources that are required to service a Windows image.” From Servicing Windows: Part One: “Servicing is the act of installing a role, feature, service pack or windows update against a Windows OS.”

3 users thanked author for this post.

rc primak, walker, SueW

Reply | Quote

Among other things, a Servicing Stack is involved in the updates process. Most Servicing Stack updates are meant to improve the performance of Microsoft Updates.  They seldom cause harmful side-effects, so it’s usually safe to apply them.

-- rc primak

1 user thanked author for this post.

SueW

Reply | Quote

on windows 7 pc and 8.1 notebook, what problems and breakings do i have to expect after installing group b security only patches, .net and office patches?

Reply | Quote

Woody did a summary of patches on Nov 28th in ComputerWorld and the discussion is here on the blog.

He will have the DEFCON-3 article on ComputerWorld shortly. Check back here for the link once it’s posted. It will contain cautions and advice for updating all versions of Windows.

4 users thanked author for this post.

walker, JDeC, Bobc, woody

Reply | Quote

Yep, that’s exactly what’s in the article….

2 users thanked author for this post.

walker, JDeC

Reply | Quote

Report from an outpost:

All Windows boxes (7 Pro & 8.1 Pro – x64) successfully updated (“Group B”); a run-through of major applications on each reveals no issues (thus far…). (The unchecked .NET Security & Quality Rollups were not installed.) The Belarc Advisor reports 100%.

As always, heartfelt thanks to Da Boss (and his stalwart MVPs)!

(Carry on — but don’t get caught.)

2 users thanked author for this post.

JDeC, SueW

Reply | Quote

Thanks for the feedback – helpful to know your upates were successful.

The .NET update is showing as non-security, despite the name given to KB4049016.

2 users thanked author for this post.

walker, AJNorth

Reply | Quote

following 2000003 article for group b updating, do i need to install dot matrix patches if i don’t use dot matrix printers? or will these be part of a future security update anyway?

Reply | Quote

As I understand the Dot Matrix bug, it is not a security issue. If you aren’t affected by the issue, installing the patch is not required.

1 user thanked author for this post.

walker

Reply | Quote

just found the article mentioned, there i read:

If you manually download and install the Security-Only patch (which I no longer recommend!), and you have an Epson dot matrix printer, you also need to install the fix, called KB 4055038, manually.

as group b i can only stick to security only patch or is there any alternative not propelling to group a?

Reply | Quote

If you run an Epson dot matrix printer, or you think that maybe one day you might want to, then download and install kb 4055038 along with the security patch. It takes about an extra two minutes and then you’re sorted.

1 user thanked author for this post.

JDeC

Reply | Quote

thx, i also updated windows 7 machine, security only kb4048960, ie kb4047206 and printer kb4055038 (all 64 bit). after reboot i installed the four checked office updates for office 2010. of course i unchecked security/quality rollup. and i did NOT install malware removal tool as it is important but unchecked on windows 7 machine.

i also did not install .net as it is unchecked optional this month. of course i did not install any optionals.

1 user thanked author for this post.

JDeC

Reply | Quote

“on windows 7 pc and 8.1 notebook, what problems and breakings do i have to expect after installing group b security only patches, .net and office patches?”

None whatsoever on windows 7 pc. I’ve just updated mine Group-B style, quickly, easily and without incident. Supercedence working just as it should. Can’t help with 8.1 notebook, unfortunately. Just wish I could understand why some people discriminate against the Group-B method. Practice shows how effective it is!

3 users thanked author for this post.

JDeC, ryegrass, SueW

Reply | Quote

just went ahead and updated 8.1 notebook, all 64bit. security only kb4048961, ie kb4047206 and also printer fix kb4055038 although i don’t have any dot matrix printer. after reboot i installed all checked important updates (office, flash, defender and malware removal tool). of course i unselected security/quality rollup as i don’t want group a. no .net installed on windows 8.1 this month as it appears as unchecked optional along with not needed nvidia and intel drivers and preview rollups and the old spying kb2976978 and kb3102429 for some foreign currency thingmajig i don’t need.

have NOT applied any windows 7 updates yet, as this is my main system and i’m a bit afraid…

Reply | Quote

I also just updated, Group B-style, my Windows 7 system, without issue (phew!).  I only installed 4 Important Office 2010 updates:

Security Update for Microsoft Excel 2010 (KB4011197) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB4011270) 32-Bit Edition
Update for Microsoft Office 2010 (KB4011188) 32-Bit Edition

I unchecked (Quality Rollup for Windows 7 was checked) and hid all others.

Adding my monthly “Many Thanks!” to the Team once again!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

more weirdness:
https://www.administrator.de/frage/kb4011618-mehrfach-angezeigt-356491.html
I see this too: 38 x 4011604, 74 x 4011618 (albeit 2010 is 32bit and 64bit vesions)
(in WSUS, but every language has a separate update!)

2 users thanked author for this post.

Bobc, woody

Reply | Quote

Back on 11/23 I asked a question as to where we stood with this month’s unchecked MSRT in windows update, https://www.askwoody.com/forums/topic/patch-tuesday-is-rolling-out-2/#post-147126 based on @gborn’s 11/16 statement: https://www.askwoody.com/forums/topic/patch-tuesday-is-rolling-out-2/#post-145848  “It seems that Microsoft has released a new version of MSRT, that has been fixed.”

The problem was and still is, is that the MSRT in my windows update still remains unchecked with the original release date of 11/14/17. The Microsoft Update Catalog MSRT download still shows the original 11/14/17 date as well.

Does the fact that the MSRT remains unchecked mean that it hasn’t been fixed, or is it just another Microsoft oversight?

On 11/23 @MrBrian answered with the following reply: I think it’s best to assume that it hasn’t been fixed. When I installed the November Microsoft updates, I didn’t install that update. https://www.askwoody.com/forums/topic/patch-tuesday-is-rolling-out-2/#post-147131

Now that we are at MS-DEFCON 3, is the above advice by @MrBrian still the recommended  way to deal with the November MSRT?

1 user thanked author for this post.

walker

Reply | Quote

Woody’s usual rule of thumb is:

“As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED.”

From today’s CoputerWorld article.

4 users thanked author for this post.

walker, JDeC, SueW, twbartender

Reply | Quote

If it’s still unchecked by default, then my advice remains unchanged.

4 users thanked author for this post.

walker, SueW, woody, twbartender

Reply | Quote

Are people seeing the Malicious Software Removal Tool breaking things (e.g., finding false positives) in the real world? I can’t say I recall it EVER causing any problems for me, though in the grand scheme I guess I’m pretty conservative about what I download to run on my systems.

-Noel

Reply | Quote

The Nov. 2017 user interface showed false positives on both of my Win 10 v.1703 devices. But the Reports panes showed no infections. So I don’t think anything was removed or treated. I am not aware of any time in my use of Windows updates that MSRT wrecked anything. But there might always be a first time for anything. The tool is capable of removing some of the real infections it may find. Whether this can mess up custom or OEM system files I have yet to read.

-- rc primak

1 user thanked author for this post.

Noel Carboni

Reply | Quote

In either May or June, I installed the usual batch of Group B updates on a WIN 7 x64 sp1 Dell desktop. As is my habit, I installed each one individually with a reboot after each (yes, even if not required/requested). After each reboot I checked Office, Excel, IE11, Opera, Firefox, and a handful of randomly chosen control panel settings, one of which was “Turn Windows Features On or Off”. Everything was fine until after I installed MSRT (which was the last update of the month for me), at which point the “Turn Windows Features On or Off” showed nothing but a blank white dialog box, even after waiting an hour (this box is relatively slow to fill and usually takes a couple minutes).

Coincidence? I personally doubt it. But I will not install MSRT again.

2 users thanked author for this post.

Noel Carboni, walker

Reply | Quote

Dr.Bonzo:   I definitely agree.   In the past, for whatever “ESP” I may have had, I did not install the MSRT either, and now I am glad that I didn’t.   It is becoming more and more of a “mine field” out there.    Thank you for sharing your experiences.  🙂

1 user thanked author for this post.

DrBonzo

Reply | Quote

” … want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. We’re actively discussing whether it’s worthwhile continuing to post information about the security-only patching path.”

I appreciate all the work that goes into providing information for the Group B patchers to continue manually installing Security Only patches on their machines. Patches have become such a minefield, I cannot in good conscience turn my computer over to Microsoft’s cavalier distribution of non-security changes through Windows Updates.

I would put myself at a mid-level of computer expertise. Not a beginner, I have been able to research and solve most problems on my own (or discover why I can’t) over the past 20 years, but I cannot dissect and generate how to reprogram problems in the bowels of the computer. If you need another vote for continuing your practice of helping Group B, count me in.

10 users thanked author for this post.

Bill C., amraybt, Sessh, JDeC, SueW, Elly, HiFlyer, grayslady, twbartender, Cybertooth

Reply | Quote

Please count me in too for Group B.  Yes I understand the minefield of possible missing updates / corrections / fixes for fixes, but most importantly I don’t trust MS not to do serious damage with some non-security “feature” (which I probably don’t want anyway).

Win7 Pro, Gp B reasonably up to date.

HMcF

6 users thanked author for this post.

amraybt, Sessh, JDeC, ryegrass, windows7wasthebest, HiFlyer

Reply | Quote

Yeah, as usual, we’re faced with the task of choosing between the devils we know or the devils we don’t know.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Is it Ok to skip this months .NET rollup? Does this one have more than non-security updates?

Reply | Quote

It has non-security fixes only. If you don’t want those fixes, you can skip it. I installed it.

3 users thanked author for this post.

walker, JDeC, HiFlyer

Reply | Quote

Thanks for the link @MrBrian, it looks like I’ll probably skip this one since my system is humming along quite nicely with things the way they are.

Reply | Quote

Yeah, it looks like the last .NET update that actually addressed Security was in September.
Neither the October nor the November updates had any Security fixes. (And now I know why there hasn’t been a .NET Security Only update since September.)

Reply | Quote

zero2dash wrote:

Neither the October nor the November updates had any Security fixes. (And now I know why there hasn’t been a .NET Security Only update since September.)

Although this is what MS claims, it is wrong. (What else is new?) On the Microsoft Update Catalog site there is a November .NET Security Only update for .NET Framework 3.5.1 on Windows 7. It can be found by searching for KB3097989 (although not by searching for .NET security updates, at least as far as I can tell).

Reply | Quote

KB3097989 is from November 2015.

1 user thanked author for this post.

walker

Reply | Quote

Thanks for correcting my error.

Reply | Quote

And if someone can clarify… i search the catalog for .NET, and the only updates listed for November at all for various flavors of Windows 10.

Reply | Quote

See “Catalog” links at https://blogs.msdn.microsoft.com/dotnet/2017/11/14/net-framework-november-2017-security-and-quality-rollup/.

Reply | Quote

Woody, may I make a suggestion? At least in your own writings on Win 10, could you please stop using version titles such as “Creators Update” and stick to using numbers like 1706 or 1709. With the former, I can’t keep straight which came first and which last. At least with numerical codes, it’s fairly obvious, at least as long as MS doesn’t mess it up somehow. In that case I suggest we as users come up with our own system, such as 17F (or 1709, as currently, referring to Fall 2017 or Sept 2017, respectively).

1 user thanked author for this post.

MrBrian

Reply | Quote

Please use 1709 (YYMM) nomenclature. It’s fairly unambiguous, unlike “Fall” which is “Autumn” in the Northern Hemisphere outside North America, and “Spring” in the entire Southern Hemisphere.

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

Reply | Quote

Karlston wrote:

Please use 1709 (YYMM) nomenclature. It’s fairly unambiguous, unlike “Fall” which is “Autumn” in the Northern Hemisphere outside North America, and “Spring” in the entire Southern Hemisphere.

What’s ambiguous about “Fall Creator’s Update?”  There is only one update by that name.  It may be a bit annoying to some people that Microsoft used a US-centric name for its update, but there should be no confusion as to what it actually means.  It means the update that was released in October 2017, even if you don’t particularly like the term “fall.”

Really, 1709 isn’t very accurate either, given that it was actually released a month later than indicated by the YYMM format.  They’re both just names for a thing; best not to get too wrapped up in parsing them and just accept them as a title for a given update.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Ascaris wrote:

What’s ambiguous about “Fall Creator’s Update?” There is only one update by that name. It may be a bit annoying to some people that Microsoft used a US-centric name for its update

In my opinion, “Fall Creator’s Update” isn’t really a US-centric name, but rather just a goofy, meaningless name that Microsoft came up with, that sounds “cool” if you don’t try to figure out what it might mean.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Another good reason to include the version number is because Windows 10 update history uses those.

Reply | Quote

Problem here…

I’m a dedicated Group B updater with automatic updates turned off…

I manually ran Windows updates and unchecked the November rollup…

When I navigate by the go back arrow, it shows that one important update is ready to install.

Since I unchecked everything, I was curious what I missed. KB4048957 has rechecked itself. I unchecked it… and the same thing happens again… and again. I’ve never had an unchecked update recheck itself, and show up as ready to install before, and it is really worrisome to me.

I don’t want KB KB4048957. This is Microsoft malware! Another bug?

I clicked out of Windows Update with everything unchecked, via the red X, and I’m going to restart my laptop. Hopefully it stays unchecked and doesn’t install something I definitely don’t want.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

So that worked, not installing anything…

I just like to observe and note what’s going on. If I click at the bottom of the updates, OK, on no updates selected, it will show up that way when I go back. I don’t remember having to do more than unclick the updates before… but I could be wrong, and just a bit paranoid…

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

Cybertooth

Reply | Quote

But MS really, really want you to install their monthly rollups, so I have noticed some checks can reappear persistently. If you don’t want it, hide it. That motto seems to be politically correct at the moment, anyway! (I’m also Win 7 Home, Group B  – the ‘Losers’!)

1 user thanked author for this post.

Elly

Reply | Quote

If you use the back arrow, you have not APPLIED your change (check). If you press OK, it applies the change.

But if you close WU, the next time you open it the default checks are back.

3 users thanked author for this post.

Cybertooth, Elly, SueW

Reply | Quote

Part of me would like to see what is there, and then be able to research it, and then make my decision as to what will be installed. Since hiding all updates is part of a protocol to see if any service stack updates are offered, I decided to hide anything that is checked until I decide what to install, so it isn’t inadvertently installed just because I looked at it and was distracted and left it open and the laptop shut down. Life can get pretty distracting around here…

I updated per Group B without further incident, and nothing else showed up after the security only, IE and dot matrix fix were installed. Windows update was closed… until next month.

Might be the old age thing, but I don’t remember it being quite so persnickity before… was following my regular updating routine…

Safe computing, and thanks, PKCano, for the explanation!

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Hello, Just installed kb4051033 via Update Standalone Package and installed kb4048951 via Windows Update.

My remaining Hidden are kb4013214 Creators Update Privacy, kb4033637 Mystery Patch, kb4023057 Update Reliability and kb4049065 Servicing Stack.

Presume, you’ll say 4049065 Servicing Stack is okay to install.

Just wanted to confirm 4049065 is okay to install and hear comment regarding my remaining Hidden.
Thanks 1607 (14393.1914)

Reply | Quote

You need to install the servicing stack.

1 user thanked author for this post.

bjm

Reply | Quote

Guess what, you lucky Fall Creators Update 1709 users? Just saw HERE that you’ve got a brand spanking new CU today, presumably to fix the one issued last Patch Tuesday. KB4051963 pushes the OS to build 16299.98, and addresses many issues with Internet Explorer, Microsoft Office 365, and more. Oh, joy! 🙂

Reply | Quote

Windows 10 ver 1709 got servicing stack update too KB4054022
http://support.microsoft.com/help/4054022

1 user thanked author for this post.

walker

Reply | Quote

That same KB Article Number applies to ver. 1703, which I have.

There’s a Feature Upgrade update in there also, and for Version 1703, I found that wushowhide could not block it. I didn’t have any Advanced Settings to Defer Feature Updates, so I don’t know if those settings were also ignored.

-- rc primak

Reply | Quote

I have 1703. My settings are CBB (which is ignored), defer feature updates 365 days, defer quality updates 0 days. I received the 1703 CU and servicing stack. I was not offered 1709 upgrade in WU.

1 user thanked author for this post.

rc primak

Reply | Quote

Defer Feature Updates is the setting I seem to have missed. Thanks.

-- rc primak

Reply | Quote

For Windows 8.1, our old snooping friend KB2976978 has reappeared, dated 2017-11-14.

Reply | Quote

? says:

went on the yellow/green on win7 pro w/office 2010, grope “B”. smooth as butter.

Important:

KB4011197-Excel

KB4011618-Office

KB4011270 Word

KB4011188-Office

KB4048957-November 2017 Rollup (Hide)

KB8900830-MSRT (unchecked)

Optional:

KB4051034-Preview Rollup (hide)

KB4049016-.Net (Unchecked, left it there)

KB2952664 (Well, italics and yes hid)

no Epson in-the-matrix KB for me

so far, so good… ready for another month?

and now for the next 5 Win7’s plus XP Pro

many thanks fellow Woodites!

 

Reply | Quote

? says:

Along the line I had a boo-boo and saw that KB4048957 roll-up was installing on a group “B” win7 machine. I stopped the update process and rebooted but it was showing as installed. Humm, so I ran cmd>wusa /uninstall /KB:4048957. Windows then reported that it had been uninstalled. When I finished the update routine and went on to DISM which removed KB3138962 MS16-027 win media update from 3/08/2016. During the cleanup process I ran Privazer which finished removing KB4048957. The Privazer report showed the KB4048957 roll-up had installed 5161 files and took up 230 MB on the hdd. I also looked at running services and they were nominal and no new entries in the task scheduler. Whew, guess I dodged the wash, rinse & repeat bullet once again…

1 user thanked author for this post.

walker

Reply | Quote

Anyone seeing an issue with Internet Explorer 11 crashing when the cumulative update for the Win 7 OS KB4048957 (not the IE patch mind you – the OS cumulative patch)?

We are seeing this on Windows 7 x64 machines at two of our sites and uninstalling the patch resolves this. Initial indicators with a case we have open with Microsoft indicates if a registry key is removed this also fixes it (ironically, the removal also causes other issues so not a vector for the fix)

Reply | Quote

Back in Sept or Oct there was a problem with IE11 caused by Icon Font Size and having tabs on a separate row. It caused IE11 to either crash or not start at all.

Information on this problem is here. And in the following replies

Reply | Quote

KB4051963 now available on Microsoft Update Catalog brings 1709 to build 98

Reply | Quote

Hello, Just installed kb4051033 via Update Standalone Package and installed kb4048951 via Windows Update.

My remaining Hidden are kb4013214 Creators Update Privacy, kb4033637 Mystery Patch, kb4023057 Update Reliability and kb4049065 Servicing Stack.

Presume, you’ll say 4049065 Servicing Stack is okay to install.

Just wanted to confirm.
Thanks 1607 (14393.1914)

1 user thanked author for this post.

bjm

Reply | Quote

Yes, you need to install the servicing stack

2 users thanked author for this post.

walker, bjm

Reply | Quote

i just installed MSRT November 2017 no issues so far, if there any issues with it why they just don’t remove it from windows update ?

Reply | Quote

The usual reasoning applies — there are few and scattered reports of the Nov. 2017 MSRT update causing some sorts of issues. Not enough people to prompt pulling the update. I can attest that there are probably bugs (false positives) in this update. But nothing which harmed my systems.

-- rc primak

1 user thanked author for this post.

Kirsty

Reply | Quote

anonymous wrote:

Hello, Just installed kb4051033 via Update Standalone Package and installed kb4048951 via Windows Update. My remaining Hidden are kb4013214 Creators Update Privacy, kb4033637 Mystery Patch, kb4023057 Update Reliability and kb4049065 Servicing Stack. Presume, you’ll say 4049065 Servicing Stack is okay to install. Just wanted to confirm. Thanks 1607 (14393.1914)

Sorry, message above appears to be an earlier version of my message here > https://www.askwoody.com/forums/topic/ms-defcon-3-yep-its-time-to-get-patched/#post-148713

AskWoody platform gives me grief, sometimes.
Sorry

1 user thanked author for this post.

windows7wasthebest

Reply | Quote

Trying to install updates on 1607 and the downloading was stuck at 10%.

I assumed it had to do with my Internet connection not being stable, so I tried to stop the service wuauserv in Task Manager so that I can restart it. Instead, the status for wuauserv is stuck on “Stopping” and in Settings, the page is all of a sudden stuck on Preparing to install updates 0%. It also wiped out the update history in Setting.

I tried to restart my computer but it didn’t do anything. Still stuck on Preparing to install updates 0%.

Reply | Quote

Were you updating through Windows Update?

I haven’t updated yet this month, but last month, to hopefully save time, I decided to download the Cumulative Update from the MS Catalogue to each of my three computers and update from the downloads. The rest of the patches I updated through Windows Update. It worked well and saved a ton of time — AFTER I discovered, through the help of great and knowledgeable members of the Lounge, that I had to turn off my third-party security suite to get the downloaded Cumulative Updates to install.

I’m hoping for a perfect updating session this month. (Fingers, legs, toes and eyes crossed!)

1 user thanked author for this post.

rc primak

Reply | Quote

With Windows 10 CUs weighing in at almost 2GB apiece these days, they can take an awfully long time to download through MS Update. I too often go for the Catalog versions to save time and make sure my updates don’t get “stuck” either on the downloading side or the installing side.

-- rc primak

1 user thanked author for this post.

dononline

Reply | Quote

Group B, HP Zbook 17 workstation on Win7 Pro x64.

Installed the Security Only patches, then ran WU and got the cumulative stuff, .Net and Office 2010 updates and the unchecked MSRT. Hid the rollups and installed the 4 Office patches and the MSRT. Turned off WU again. Touch wood…, so far no issues. Never use IExploder but a couple of programs use it, so to be safe, it got the Security Only.

No issues with Group B and I’m a dunce. Can’t fathom the pushback on Group B either. Will only do .Net Security Only in future though since that past .Net cumulative screwed up image windows. I only own this fancy box to do RAW/photo editing with DxO 9 Pro.

On .Net 4.6.1 since 2014 and AFAIK, no reason to move to 4.7 for any of my programs.

I’m on HP Care Pack since phone business support is pretty decent and I get critical alerts via e-mail. Lately, all updates are caused by Win10 which I will never use although this box is capable.  A few months ago I DID install an HP driver which was mainly for Win10 and did some temporary havoc before I did a system restore. Now I’m more cautious and call HP Zbook Support before touching anything, or just read the documentation mentioning Win10 and ignore it.

The HP alert came through today on the Intel vPro WAP2 fix. Some scary stuff in the documentation, so I called HP in Rancho Rio for an expert. This box is an Energy Star, not a G4. After a lot of digging and checking, the rep found that I have vPro but lack some functionality of the later workstations. Therefore didn’t need the additional firmware mentioned but DID need the security update for my installed hardware/chip. Took 15 minutes to be sure.

Managed to get it installed although it took two tries. Now I’m WAP2-safe allegedly…

Regarding the HP spyware conversation, can only presume Win10 is giving HP fits since business machines have 3 year business-level 24/7 support. When this box was set up by an IT pro with HP training, on boot, we only installed a few useful HP utilities. In 2014 the v7 Support Assistant was great. 18 months later, the “upgrade” to v8 was a resource hog and didn’t offer me the correct updates. HP Support walked me through the uninstall. Assume it’s this program which was installing the “spyware”. Pity as v.7 was great… 🙁

Reply | Quote

Just released for Windows 10 1709:

Servicing Stack Update KB4054022
CU non-security (equivalent to Windows 7/8.1 Preview Updates) KB4051963

“Normal” Windows 10 users will likely get them offered and automatically installed soon.

2 users thanked author for this post.

rc primak, woody

Reply | Quote

KB 4047206 downloads, but it tells me that it is not applicable to my W7 PC. I’ve been a group B adherent for the last three years and this is the first time I’ve seen this happen. Are there other slices of the IE 11  pie that are out there to be had, say for us older W7  users? PKCano and the Woody folks have never failed me so far, but I’m beginning to wonder. Is my PC too old? Is my version of W7  too old? Did I misread the Topic 2000003 pathway to monthly Nirvana?

Any help would be much appreciated.

Edit for content

jimzdoats

Reply | Quote

Two questions:
Did you get the right bitedness? Look at the name of the file and see x86 or x64.
Check the history. Is it already installed?

2 users thanked author for this post.

Jim VS, JDeC

Reply | Quote

Apparently I screwed up my reply (12/1/17) to your questions (#148889) regarding 4047206 being reported as not applicable by W7 (HPrem) on my PC. Since then, nothing has changed. The answers to your questions are:

1. “bittedness” -x64 like all the previous updates

2. History shows no installed 4047206.

Should I try the x86 just in case?

jimzdoats

Reply | Quote

Jim VS wrote:

Should I try the x86 just in case?

If you PC is 64-bit, the answer is “no.”

1 user thanked author for this post.

Jim VS

Reply | Quote

Ah, well then; I will stand by to see what other wonderful nuggets of W7 wisdom can and shall be revealed. I appreciate your help PKCano; if my problem is a one-off then that is what I will deal with. Should it turn out to be a bigger issue, I will surely keep an eye on what goes here at Woody’s.

Thank you and all the Woody supporters for your assistance.

jimzdoats

Reply | Quote

I don’t use IE11 at all; I only update to make sure that IE is up to date since it is an integral part of (and useless one to boot) of Win7. IF there should be a further update/clue regarding [what] is going on, I would be glad to know about it.

jimzdoats

Reply | Quote

I have no idea what is going on in your case, but I am in Group B running 64bit Windows 7 Pro and KB4047206 installed without a hitch.

Reply | Quote

Jim, if you had already installed your other updates, I wonder if this relates to your issue?

Important

The fixes that are included in this Security Update for Internet Explorer 4047206 are also included in the November 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.

This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from November 2017 (or a later month) is already installed. This is because those updates contain all fixes that are in this Security Update for Internet Explorer.

You can read the KB4047206 support page here

Reply | Quote

Thank you Kirsty for offering another avenue of concern – and of thrashing through the muck of updates. As far s I can tell, and my practice is to download one at a time of the Woody approved Class B updates, this should not be about that. I followed PKCano’s https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/ for my Ancient W7 ‘puter and downloaded the appropriate Windows Updates. I then downloaded the (same) appropriate W7 IE update for my system, aka 4047206 for x64 – and got a reply from MS that this particular update is not applicable to my system. And that process said (again) that 4047206 is not applicable to my system.

Twice now since then because I’m happy to do MS’ work for them if it means I can trust my system I’ve tried it. But now I can’t, because twice now the IE update for my system will not load, and says it is not applicable for my system.

I would be surprised to find out this is NOT my ****-up; I’ve had a pretty good record of either getting these updates in, or figuring out why not. But now I’m stumped.

Any advice, help or otherwise wisdom is still, and waiting with bated breath, accepted.

Edited for content
Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

 

Reply | Quote

Thanks Kirsty, you and the rest of the gang have helped us dangling B’ers try to keep up over the last few years. I don’t think your offering is my problem, due to the fact that I’ve tried to adhere to a tight Type B process these past years. I followed PKCano’s process and downloaded the latest security update for W7. I haven’t used Wupdate for years now, and have been careful to wait a week or so after Woody goes to 3 before using Type B downloads to update my PC .

I tried three times to download this weeks’ IE11 updates, and got a “not applicable” notice on all three. That being said, I just punched up my latest WUpdate and got this: KB4040183 (.Net) and KB4048957 (MQR-Up for W7. No more IE 11 updates ( KB4047206) and therefore none that I will use.

Nose-biting, face-spiting? We’ll see.

jimzdoats

Reply | Quote

Ohh (aka aw s***!); it appears that my thumb-fingered approach to digital democracy may have caused me to accidentally click on the download button for KB 4048597, aka Cumulative etc, etc. Frankly, I slammed the keyboard and stopped that s*** after a couple of seconds…

And yet when I did that it was AFTER the first time I was denied a download of KB4047206 by my own PC. OR so I think. That was a couple of days ago…

Does this mean I’ve popped my Type B cherry and must now forever go amongst the Type As? I’ve been such a good boy for so long…

Then again, Woody and PK have started to harp on that quite a bit lately…

Arrggghh!

I could always go back a week or so and restore to a previously unviolated status…

Or give this PC  to my Incredibly Significant Other and load up the MacBook Pro. If it’s battery is still good..

And then have to keep 2, count ’em 2 different portals safe from the infidels.

Lordy, lordy, what’s a feller to do?

jimzdoats

Reply | Quote

IF it means any single little thing, the current history shows this:

“2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957)

Installation date: ‎12/‎1/‎2017 1:58 AM

Installation status: Canceled

Error details: Code 8024000B

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information:
http://support.microsoft.com/help/4048957

Help and Support:
http://support.microsoft.com/help/4048957″

 

Any chance that I can undo this? Or am I just toast for the future on this machine?

jimzdoats

Reply | Quote

It says the install of  KB4048957 was cancelled.
Go ahead and try to install the Group B patches.
If KB4048957 is installed, it will tell you that the security-only patch and the IE11 update are not applicable to your machine.

If You get that message, use a restore point created before the attempted install of KB4048957 and reinstall the Group B patches.

1 user thanked author for this post.

Jim VS

Reply | Quote

Hi PKCano, responding to you only to keep this located near my concern.

I came to AskWoody today and read the frontpage article https://www.askwoody.com/2017/the-pollyannish-assumption-and-askwoody/ then began catching up on several hours of postings. This thread was the first new item I had not seen. I understand troubleshooting is very frustrating. But I am also very surprised the comments included here are deemed acceptable.

A question to any MVP, does this cascading portion of this thread meet current guidlines?

Reply | Quote

I’ve made a couple of edits. Can you provide any other post numbers?

2 users thanked author for this post.

Bill C., walker

Reply | Quote

You caught the sharpest examples from George Carlin’s seven word list. Good enough. Thanks.

Reply | Quote

Alles ist gut. Your advice allowed me to bring things back into normal order, such as it is. I appreciate your guidance and the knowledge behind it. PKCano, you and the other MVPs are a bright light in an otherwise dark and shadowed world – outside of Ask Woody of course.

Keep up the good work, and btw – check sent to AskWoody.

jimzdoats

1 user thanked author for this post.

woody

Reply | Quote

Marginal note:
.NET 4.6.2 is official re-supported for Windows 10 ver 1507 (Enterprise LTSB) and ver 1511 (Enterprise/Education)
https://support.microsoft.com/en-us/help/3151800/the-net-framework-4-6-2-offline-installer-for-windows

and they got a catalog-only update, kb4051600 (1507), kb4054057 (1511)

3 users thanked author for this post.

walker, MrBrian, woody

Reply | Quote

My first update going to Group A using my windows update.
It failed.  (sigh)
kb4048957 failed code 8024200D

WTH??????

Now what?
Windows 7 64 bit Home Premium

Reply | Quote

dgreen,

you could try the suggestion from ElderN in this thread:

https://answers.microsoft.com/en-us/windows/forum/windows_7-update/2017-06-security-monthly-quality-rollup-kb4022719/c15128d4-45fc-41b5-bfdf-a22ac00f450b

gts

Reply | Quote

We still have to hide the 1709 update right? Ya know can’t install it yet until it is officially safe to install it in a few months or so after all the kinks are worked out.

Reply | Quote

It’s a good idea to still wait to install 1709.

Reply | Quote

Thanks PK-I’ll wait until the end of february/start of march to install it since it takes a few months or so to work all the bugs out of a major update for Windows.

I was fortunate in June when I got my win10 computer and installed 1703 safely since it came out in march and there was no problems. Therefore, It’ll be safe around january, february or march to install it.

Reply | Quote

I’m on Version 1703, and hiding the Feature Update to Version 1709 was not an option.

I have not applied any of the Advanced Updates Options to defer feature updates, nor any of the Group Policy settings, so this may have been my own fault.

Wushowhide did not detect the Feature Update on either of my ver.1703 devices. So the download started when I ran the updates after looking through them with wushowhide.

On both devices I quickly switched back to Metered Connection and temporarily turned off my wireless Internet. On the tablet, which has slow hardware, this worked, but MS Updates got seriously messed up and had to be reset and repaired. The Feature Update now lists as failed to install and could be offered again next month.

My Intel NUC is much faster, and there nothing could stop this forced upgrade. It tried to go all the way through even after pulling the wireless plug and running wushowhide in hide mode. This wasted many gigabytes of downloading and over two hours of time. Then the Install routines ran another hour and a half.  After that, MS Update ran again and picked up the Version 1703 Cumulative Update and the Servicing Stack Update. MSRT ran in between, as did the Flash Player update. Both of these are the same for versions 1703 and 1709.

Restart finally happened, and it was quick. No upgrade to version 1709 happened in the NUC. MS Update History still says the NUC needs to do a restart to perform the 1709 upgrade. Restarting several times since then has produced no further MS Updates or Feature Update activities.

I cleaned up thoroughly and ran Disk Cleanup on the NUC after all this mess, and recovered space on my SSD. All seems well, and MS Updates is not showing any pending or available updates. But wushowhide is not showing the feature update as hidden or available. Only the Update History shows the feature update as needing a restart to install.

So unless you go to extraordinary lengths to stop this feature update, it will be forced onto your Windows 10 version 1703 system, whether you want it or not, and whether you run wushowhide or not.

If you’ll excuse me now, I have to begin shopping for a Chromebook and a cheap small laptop or 2-in-1 to convert to Linux.

-- rc primak

1 user thanked author for this post.

MrBrian

Reply | Quote

I was on 1703. I used your instructions “8 steps to install windows 10 patches like a pro”. I used the Wushowhide tool. The 1709 feature upgrade was not offered. I set my update settings as you specified (Current Branch, 0 days Feature update, 0 days Quality updates) and ran Check for Updates. The 1709 Feature Update showed up and installed. I rolled back to 1703 and went through your steps again. Same result. I’m now on 1709 and don’t want to be, but I still want security updates. How can I get them without installing the 1709 Feature update?

 

1 user thanked author for this post.

rc primak

Reply | Quote

Microsoft pulled a fast on this Patch Tuesday and “by accident” (Yeah!!) didn’t honor the Current Branch for Business setting, thus upgrading a lot of people from 1703 to 1709 without their permission. (They changed the terminology from CBB to Semi Annual Channel was their excuse.) Supposedly (Sure!) they are going to fix it in the next release (meaning Patch Tues – who knows).

If you have Win10 Home, set your Internet connection to “Don’t download over Metered connection,” run wushowhide and hide the 1709 upgrade, then change your connection back and get the 1703 CU. You are going to have to be careful. Setting “metered connection” may affect other downloads.
Another way would be to hide the upgrade and download/manually install the 1703 CU from the MS Catalog.

2 users thanked author for this post.

rc primak, walker

Reply | Quote

I have W10 Pro.  When I run wushowhide the upgrade to 1079 doesn’t show up.  I can’t hide it.  But when I run Check for Updates, the 1079 upgrade shows up and updates my laptop to 1079.  I can roll it back to 1073, but I can’t hide the 1079 update since it doesn’t show up in wushowhid.

 

1 user thanked author for this post.

rc primak

Reply | Quote

Set your Internet connection to “Don’t download over Metered connection” first.
Then run wushowhide.
The connection setting should keep the upgrade from downloading, then you should be able to hide it.

Reply | Quote

I am rolled back to 1073. I did as you suggested and set my connection as metered. I ran wushowhide but 1079 did not show up. I changed my update settings to Current Branch, 0 days for feature updates, 0 days for quality updates. I ran “Check for Updates”. Feature Update 1079 showed up and tried to download but said that it would download later when I’m not on a metered connection. That saved me from updating to 1079, but how do I keep it from showing up when I check for updates? I run wushowhide per Woody’s instructions and it’s not there for me to hide.

 

1 user thanked author for this post.

rc primak

Reply | Quote

I have Win10 Pro 1703.
My settings are: CBB, defer feature updates for 365 days, defer quality updates for 0 days.
My 1703 received KB4048954 CU to Build 10563.726 and 4049011 servicing stack on 11/17.
When I search for updates, it says I am up to date and 1709 does not appear.

Leave your connection at metered. Set your settings like mine. Reboot. Search for updates.
See if you get the CU and servicing stack.

1 user thanked author for this post.

rc primak

Reply | Quote

@PKCano:  I don’t have Windows 10 (thank my lucky stars!), however it is beginning to appear that Win10 has a “ton” of problems, here and there.   I could never deal with all of that “in addition” to the “normal messes” with the other versions of Windows.   Thank you for keeping things “straight” for all of the users on Woody’s website!    🙂

2 users thanked author for this post.

SueW, rc primak

Reply | Quote

@PKCano:   I thank my “lucky stars” I don’t have Windows 10 on top of everything else.   This is the “worst mess” I’ve seen in many a day.   Hoping for a miracle to occur and everything will revert back to the way things were about 3 years ago.  That would be a wonderful “dream come true”!

Thank you PKCano for all of your invaluable assistance, you have helped everyone in an astonishing manner insofar as setting forth  information for so many scenarios!  Everyone learns something from the posts you help them all with, irrespective of their own type of OS, programs, Groups A & B, ad infinitum.  Thank you once again!    🙂

Reply | Quote

Wait, you set it to Current Branch (CB), or Current Branch for Business (CBB)?
If you want to stay on 1703, set it for CBB.
If you have it set on CB, it’s going to update to 1709. 1709 is CB.

Your post specifies that you set it to CB but you want to stay on 1703 – that’s not going to work.

Ideally (because of the 1703 -> 1709 CBB upgrade fiasco), you should set it to CBB AND set the defer period to 365 days. Apparently the issue here is they’re not honoring the CBB setting, but they ARE honoring the deferral period setting (which makes absolutely no sense, but, *Microsoft*).

My suggestion (if you want to update now, as you should) but stay on 1703 –
Leave the CBB setting but change the Quality Update deferral to 0 days.
I think you’re confusing the 2 settings.
Feature updates is for the version changes.
Quality updates is for the monthly patches.
As of yesterday, my 1703’s were set to Feature: CBB, 365 day deferral, Quality: 30 day deferral. (I had October’s updates.)
I changed the Quality deferral down to 14 days, then checked for updates. They pulled all of November’s updates….the quality rollup, the Flash update, the MSRT, and an Intel update. After my systems rebooted – *still on 1703* – I reverted back Quality deferral to 30 days.

1 user thanked author for this post.

rc primak

Reply | Quote

Good catch. I kept referring to CBB, but missed that he had CB.

Reply | Quote

That worked. Although I didn’t have to download KB4048954 and kb4049011 since they were installed when I did the first update check and 1709 installed. Rolling back to 1703 did not uninstall those two KBs for 1703. Where I got messed up is when I followed Woody’s instructions for his latest Defcon 3 post and followed the steps in “To get Windows 10 patched, go through the steps in “8 steps to install Windows 10 patches like a pro.”” in his article: “Get November Windows and Office updates installed — carefully”. Maybe there should be an amendment to that for the case like this where we are waiting for CB to go to CBB to keep the update setting on CBB, 365 days, 0 days.

1 user thanked author for this post.

rc primak

Reply | Quote

Yeah, I believe the only way of keeping sane whilst running Win10 is to change to CBB and push the deferrals for feature and quality as high as they’ll go. When the smoke clears, roll back one (or the other, or both) and update, and then revert that setting back again. Obviously this month, MS decided CBB = CB (for them); like PKCano said in the relevant thread, it screams of GWX all over again. Luckily, having the deferral period set still provided the proverbial [digital] “line in the sand” and they haven’t stepped over it. (Yet.)

As for waiting for 1709 to go CBB, it’ll be awhile. MS so far has really handcuffed the new CB release to then-putting the previous CB release to CBB status, so, odds are, 1709 will go CBB in March next year when they inevitably release 1803 as CB. (If they stick with the “new” schedule of feature updates, which is now March and September.) Hopefully by then they’ve fixed things in 1709; if not, 1703 should still get the quality updates so waiting is not really a problem.

I’m still very conflicted on Win10. It’s a fantastic OS that runs like a very optimized Win7, but I’m still not happy about the feature update frequencies/policies, nor am I happy about the lack of control we really have on updates (on the surface). I do, however, love the feature/quality deferrals, since those capabilities basically balance out the lack of control and not being able to pick and choose updates like we could do with previous versions of Windows. It’s a concession everyone has to make, if they want to stay with Windows at least (and still have security updates).

3 users thanked author for this post.

rc primak, SueW, Noel Carboni

Reply | Quote

Those settings may hold for awhile. Just in case they ever don’t hold, I’m putting Linux and ChromeOS in my vest pocket.

-- rc primak

Reply | Quote

I just Installed ONLY the (4) W7  Office Updates ; NOT the KB 4048957 Quality Rollup Update and MSRT. Awaiting new info.

The KB 4011618 (not in my WU list) Office Security Update several say should be Installed (MrBrian: sooner or later) has 30+ .exe offerings at the Dnload site. Has Anyone actually Installed it and HOW was the Selection made?

Thanks as always!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

I installed KB 4011618 when it was offered through Windows Update.

Reply | Quote

CraigS26 said:
The KB 4011618 (not in my WU list) Office Security Update several say should be Installed (MrBrian: sooner or later) has 30+ .exe offerings at the Dnload site. Has Anyone actually Installed it and HOW was the Selection made?

KB 4011618 is for MS Office 2010 (x32/x64). Is MS Office 2010 installed on your system ? If not, Windows Update won’t offer you KB 4011618.

But in case your WU is laggy/ glitchy & you prefer a manual download, you should select the correct KB patch based on the:-

• Bitness of your MS Office 2010 — either 32 or 64 bit
• Language of your MS Office 2010 — eg. en-us (English), es-es (Spanish), etc.

 

For instance, the direct download links for the English edition of KB 4011618 (EXE patches) are as follows:-

For MS Office 2010 x32 English edition (1.5 MB):
https://download.microsoft.com/download/2/D/F/2DFCE406-3511-42F0-AE92-029784B143AE/eqnedt322010-kb4011618-fullfile-x86-en-us.exe

Source: https://www.microsoft.com/en-us/download/details.aspx?id=56268

For MS Office 2010  x64 for English edition (1.5 MB):
https://download.microsoft.com/download/8/1/9/8196E932-5D1A-48DD-986D-893C2B30B249/eqnedt322010-kb4011618-fullfile-x64-en-us.exe

Source: https://www.microsoft.com/en-us/download/details.aspx?id=56267

 

1 user thanked author for this post.

CraigS26

Reply | Quote

WIN7 Starter 32 bit group B. After installation of the security only update KB4048960, I got a “Welcome to Windows Media Player” screen. I had to do an ‘initial’ configuration to use the program. Nothing else appears to be changed. That is, Media Player works just fine and all my media are still there and working.

This has been reported on this site before a couple times but I don’t remember where, and Gunter Born has mentioned it as well. But, it doesn’t appear to be a big deal.

2 users thanked author for this post.

SueW, The Surfing Pensioner

Reply | Quote

You get a first-run setup with WMP after the patch. It doesn’t remove you media. But if you had settings (playlists, history, etc) they got wiped out.

1 user thanked author for this post.

SueW

Reply | Quote

Win 7, Group A.  Only installed the Nov. Security Monthly Rollup for Windows 7. No problems noted.  MSRT was under Important but unchecked so did not install . Under Important AND checked was KB2952664.  Did not install this – was I correct in understanding that this is a snooping patch and not recommended to be installed?

Have not installed any of the Netframe updates since August, I believe, since there were reported problems with the Sept. updates.  Are these safe to install now? If so, do I need to install all of them or is the latest November update cumulative and include the Sept. & Oct. updates?  Thanks in advance!  The info I find here is always invaluable!

Reply | Quote

Hide KB2952664 if you don’t want the telemetry patches.

Be aware that one of the patches for .NET may be the installer for .NET Framework 4.7 – it will NOT have Rollup in the name.
The Nov .NET patches have no security content, so if you want to skip them it’s OK.
The earlier .NET Rollups should be OK if they are checked important in WU

1 user thanked author for this post.

pulsar

Reply | Quote

Normally, the Windows Malicious Software Removal Tool box is pre-checked on my Win7 machine, but for some reason this time it is not.  Has anybody else experienced this?

1 user thanked author for this post.

walker

Reply | Quote

Nov MSRT was not checked in the important updates

1 user thanked author for this post.

walker

Reply | Quote

@Mr.Brian:   I have a question as well, and it probably seems inane,  however I do not recall ever having to “uninstall an installed update” and would like to know if there is a specific procedure which is simple enough for most of the “computer illiterates” (such as I) could do it without making errors.   ??      Thank you for any guidance you may be able to provide, and for all of the other advice, knowledge, and expertise you have always provided.    🙂  🙂

Reply | Quote

https://www.ghacks.net/2014/12/11/how-to-remove-installed-windows-updates-and-block-them-afterwards/

2 users thanked author for this post.

rc primak, walker

Reply | Quote

@Mr.Brian:   Thank you so much for the link to this really excellent information!!  It is just what I need, and will be placed with the other references which possess guidance with information I’m sure “some day” I may need.   I appreciate you taking the time to send this very helpful information to me!

Thank you, as always, for all of the information which you so freely provide to all of our members, as we all appreciate your outstanding assistance more than words can ever adequately express.     🙂  🙂

Reply | Quote

In Windows 10, this method is unavailable. So you have to follow all the steps in this article, until you reach the part about hiding the update. Wushowhide is the tool to use for that. It’s a Windows 95 era diagnostic tool, but up until the 1709 Feature Update fiasco, it worked on every unwanted or problematic update I’ve heard of. Wushowhide is a little arcane for everyday users, but it can be fathomed.

-- rc primak

Reply | Quote

PKCano wrote:

The Nov .NET patches have no security content, so if you want to skip them it’s OK. T

PKCano you say that the Nov .NET patches have “no security content” but according to KB4049016 (which shows on the WU on my Windows 7 64 bit home premium PC – Group A) it states that it includes both SECURITY and QUALITY rollup for NET. The update is check for me, show I install it?

Reply | Quote

According to the MS Software Update Service,

Changes to existing nonsecurity content:

• 2017-11 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4049016)
  • Metadata has changed.
  • Binaries have not changed.
  • This update does not have to be reinstalled.

1 user thanked author for this post.

walker

Reply | Quote

I am once again confused….

The title of yours is: 2017-11 Quality Rollup for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4049016)

Mine is:

Yours says “Quality” rollup and mine says it is a “Security & Quality” rollup (published 27/11/2017) but they are both under the same KB #. Mine is checked as Important! I really don’t know whether I install it or not?

Reply | Quote

See @MrBrian ‘s reply under this post

https://www.askwoody.com/forums/topic/ms-defcon-3-yep-its-time-to-get-patched/#post-148662

2 users thanked author for this post.

walker, KarenS

Reply | Quote

The best part of Ask Woody is that there are a lot of folks out there who have the same (or similar) issues and this forum allows them to speak, spray, and otherwise ask for help.

The worst part is that this is a small and easily over loaded website (keep up the work on getting the site bulletproof, woody!) that can do only so much – absent a fountain of money that can keep it rolling and online. All of you anons out there who ride the waves and then thank Woody’s stars for helping you out – and don’t donate – are just sucking the life out of this service. Tossing a few bucks toward keeping this site alive – and keeping the volunteer experts involved, is not a a choice. Unless you wish to deal with the Winter King (aka WinBoss) on your own.

I choose to send a check from time to time to Woody’s address. Those who are just along for the ride and don’t do so – then you will soon stop ALL of us from getting access to semi-pro support for darned near free.

Step up and show your support, not by asking questions (and yes you should continue doing that) but by dropping a few shekels into the basket – so you can continue to get this 99% free support.

If you don’t want to do that, then I suggest you call/text/email Microsoft for help.

Ah-henh!

jimzdoats

7 users thanked author for this post.

jburk07, Jan K., rc primak, SueW, walker, woody, Noel Carboni

Reply | Quote

Unfortunately you have to drill down a bit deeper with the .NET updates.

Your KB links to: https://support.microsoft.com/en-us/help/4049016/november-2017-security-and-quality-rollup-for-net-framework-3-5-1-4-5
Basically, that’s a “group post” (for lack of a better term).

An individual file for KB4049016 does not exist.

If you look under “More information”, you’ll see:
– 4041778 Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4041778)
– 4040977 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4040977)
– 4040980 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4040980)

If you’re running .NET 4.6-4.7 (which is most likely what you have), it is a Quality only rollup, meaning no Security updates (and WU will pull KB4041778). For older versions, the November update is a Security & Quality rollup.

Reply | Quote

Regarding the Office security patches…

“We’re starting to see some consumer-grade malware that exploits the Equation Editor security hole, CVE-2017-11882, and that’s the primary reason for getting patches applied now.”

Reading the info associated with the patches mentioned, it seems this only applies to Office 2007 and 2010… so does that mean other versions of Office are NOT affected and/or no patches have been released?

Reply | Quote

See “Affected Products” section of https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882.

Reply | Quote

I installed 2017-11 Security Monthly Quality Rollup for Windows 7 x64 (KB4048957).  Since 2017-11 Malware Removal Tool (MRT) was not checked, I rebooted after installing.  Windows Update was still nagging me after the first reboot however, so I installed November MRT and rebooted again.

I seem to have no problems at all.  I had heard that Windows Media Player (WMP) would be reset to first run status after the install, so I took screenshots of all my WMP settings back on November 21st.  But it turns out that was unnecessary as my WMP settings and library were retained.

1 user thanked author for this post.

SueW

Reply | Quote

PHANTOM FEATURE UPDATE

I have been trying to follow Woody’s recommendations to stay off the unpaid Windows beta tester track. By setting a metered connection and using Noel Carboni’s ConfigureAutomaticUpdates tool and the Windows WUshowHide tool, I have been able to forestall unwanted updates successfully.

But some weird things started happening a couple months ago. Here is my story of today’s encounter with the phantom Feature Update to 1709.

System Info: Win10 Home Edition x64, vers. 1703 (build 15063.674)

STATUS LAN connection: none; WiFi set as metered connection: On
WUshowHide shows no Feature Update available

ACTION WiFi set as metered connection: changed to Off. Windows Update Settings: clicked check for updates.
RESULT Windows Update Status: Updates are available – Feature Update to Windows 10, version 1709

ACTION WiFi set as metered connection: changed to On. Restarted system.
RESULT WUshowHide shows Feature Update 1709 available.

ACTION Used WUshowHide to hide Feature Update 1709. Restarted system.
RESULT WUshowHide shows Feature Update 1709 hidden.
Windows Update Status: Feature Update to Windows 10, version 1709 available. Will be installed.

ACTION Restarted system several times, with metered connection changed to both On and Off.
RESULT Windows Update Status: Feature Update to Windows 10, version 1709
Initializing installation; Preparing to install updates 1% [progressing to 99%]

FINAL ACTION WiFi set as metered connection: Changed to Off. Restarted system.

RESULT Windows Update Status: Feature Update to Windows 10, version 1709
Installing updates 1% [progressing to 99%]

FINAL STATUS WUshowHide shows no available Feature Update, hidden or unhidden.
Windows Update Status: Your device is up to date. Last checked: Today, 1:36 PM
System Info: Win10 Home Edition x64, vers. 1703 (build 15063.674)
Update History: Feature update to Windows 10, version 1709 – Requires a restart to finish installing.

I have restarted the machine several times, but the update history still says “Requires a restart to finish installing.”

MY FINAL STATUS Utterly perplexed, like a prisoner led through a fake execution.

Last month, something similar to this happened when Woody lowered the MS Patch DEFCON Level. When all the updating stopped, I was still at 1703 and the 1709 Feature Update mysteriously disappeared. I was in too much shock to remember the exact steps I took.

Just like this month. Creepy.

Reply | Quote

I was going to apply the patches ( group B ) in a few hours, and I went to check Windows Update to see the office and .net ( windows 7 ).

But got something strange…

I’m getting    Windows is up to date ( green shield )  ,  while I’m sure yesterday or 2 days ago I could see the patches available.

I tried to run the “check for updates” and I get an error code 80248015

Should I worry ?

Reply | Quote

Multiple people are having problems with Windows Update.

See https://www.askwoody.com/forums/topic/windows-update-service-not-running/

Reply | Quote

Since updating Windows 7  on 1st December I can no longer access Windows Update without getting Error Code 80248015.  I did go back to a previous restore point but to no avail. Any advice would be greatly appreciated.

Reply | Quote

You’re not alone! Check out this topic:
https://www.askwoody.com/forums/topic/windows-update-service-not-running/

You will have seen above, before posting here:

PKCano wrote:

Multiple people are having problems with Windows Update.

See https://www.askwoody.com/forums/topic/windows-update-service-not-running/

Reply | Quote

My experience this cycle:

Win 8.1 x64 Pro/MCE updated 17 days ago (I completed my own testing and jumped ahead of Woody’s switch to DEFCON-3). This system was used heavily every day to do software engineering and business management: No problems at all, it’s been stable.

Win 7 x64 Ultimate updated 18 days ago, used primarily as a server. No problems at all.

-Noel

2 users thanked author for this post.

Elly, walker

Reply | Quote

Thanks to Woody and crew.
I updated Sunday (Dec. 3) and found five “important” files available:
I got these three that were checked:
2017-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4049016)
2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957)
Update for Windows 7 for x64-based Systems (KB2952664)

I left these two unchecked (and didn’t download them):
Update for Windows 7 for x64-based Systems (KB3021917)
Windows Malicious Software Removal Tool x64 – November 2017 (KB890830)

Before I updated, I did a full backup to my Seagate Expansion Drive. I noticed that the drive is almost full. It’s now at 228.10 GB free of 1.82 TB. (Before the backup it was at 253.06 GB free.) Is there a sensible, safe way for me to delete old backups from the drive to make room? Or should I just buy a new one?
What about backing up to the cloud? Any recommendations? I used to be paranoid about the cloud but since I went to Group A, I had to finally accept that Microsoft and Google know everything about me anyway. (I don’t have an Apple device and haven’t used an old Facebook account in years.) And how secure is a hard drive anyway?

Just a thought: Could there be any connection between the updates and the fact that the past few months everything has been running slower? Word, Firefox, and Chrome have been freezing and giving a “Not responding” message. I tried removing background programs (I’m an old TSR fan.) And I’ve been careful about overloading tabs in Firefox. (Even installed an extension called Tab Suspender to remove inactive tabs from memory.)

Thanks again, Morty

Reply | Quote

“Is there a sensible, safe way for me to delete old backups from the drive to make room?”

There should be. What program are you using to make the backups?

2 users thanked author for this post.

Elly, walker

Reply | Quote

Are these safe to install?

KB4049016 2017-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64
KB4048957 2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems
KB890830 2017-11 Windows Malicious Software Removal Tool x64

I’m not to sure after reading this thread.

W7 Home Premium SP1 x64

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

1 user thanked author for this post.

walker

Reply | Quote

NOVEMBER patches that are CHECKED in the “important updates” list are safe to install.

DO NOT install anything that is UNCHECKED. DO NOT install anything that has a DECEMBER release date yet – Dec. patches have not been vetted yet

4 users thanked author for this post.

Elly, JDeC, walker, Pepsiboy

Reply | Quote

I don’t remember which patches were checked in WU. In WU are patches that are in the “important updates” list normally checked?

The reason I ask is after running WU I usually hide all patches except MSE definitions. After hiding the patches, I go to askwoody.com to figure out what patches are safe to install. After installing, I have WU keep checking until there are no more patches to install.

The restore hidden update list only tells you of the importance of the patches. It does not tell you which patches were checked in WU.

Once you run WU and hide the patches and run WU again, WU will says “Windows is up to date”. WU does not show the patches with the boxes unchecked or checked like it did the first time you ran WU.  You only have one crack at it when you run WU the first time.

My tactic next time, Before I start hiding patches is to take a screen shot of the patches in WU so I know which patches were checked or unchecked.

I always have WU set on “Never check for updates (not recommended)”

Restore hidden update list shows.
KB4049016 2017-11 recommended
KB4048957 2017-11 important
KB890830   2017-11 important
My hunch is, the last two patches marked important are safe to install, is this correct?

W7 Home Premium SP1 x64 Group A

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

It’s NOT a one-shot thing

Be sure WU is set to “Never check”
Go to “Restore hidden updates”
Check those three updates
Click “Restore” (this does not install, it only UNHIDES)
Return to WU
Search for updates
Rehide the unchecked ones, install the checked ones

Reply | Quote

PKCano, Wrote: Check those three updates.”Click “Restore” (this does not install, it only UNHIDES) Return to WU”

I learned something new today, now I know how to get the updates checked or unchecked boxes back. FYI KB890830 was the only update that was unchecked.

Thank You, for the WU lesson.
Sparky

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

Im group A.  I installed both KB4048957 ans KB890830.  No problems;  as for KB4049016 it doesnt show on my list.

Reply | Quote

PKCano,

Advice needed, please. I just got the following updates listed on Windows Update for both my laptop and our desk top. Both are running Win7 x64 SP1, group B.
KB2553338 – Office 2010 – dated 11-11-17
KB4011055 – office 2010 – dated 11-11-17
KB4048957 – Win7 Security Quality Rollup – dated 11-11-17
KB954430 – MSXLT SP2 – dated 11-11-17
KB890830 – MSRT – dated 11-11-17

All are listed as “Important” and are checked.
I’m reluctant to install the Office updates, as we do not use and do not even have it installed on either computer. just wondering if the others are safe or not.

Thanks, in advance.

Dave

2 users thanked author for this post.

JDeC, walker

Reply | Quote

If you are Group B, you don’t wsnt the Security Monthly Quality Rollup KB4048957. Download the Security Only Quality Update and the IE11 Cumulative Update from AKB2000003.

The Office updates:
Do you have the Office viewers installed?
Do you have the Office Trial Offer (that comes with new PCs – a 30 or 90 day trial witn an offer to buy from MS) on your PC??
If the latter, uninstall it and see if you are still offered the updates.
If the Trial Offer is gone, and you have the viewers (which are like a runtime ver of the s/w, accept the updates or uninstall the viewers.

The other two should be OK. KB954430 is a security update for XML.

3 users thanked author for this post.

JDeC, Pepsiboy, walker

Reply | Quote

Sparky wrote:

…My hunch is, the last two patches marked important are safe to install, is this correct? W7 Home Premium SP1 x64 Group A

Sparky, you can find out by unhiding them.  They should restore to their original state where you will see if they are checked or not.  It won’t hurt to try & you can rehide them afterwards if you are so inclined.  Give it a whirl.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

PKCano wrote:

If you are Group B, you don’t wsnt the Security Monthly Quality Rollup KB4048957. Download the Security Only Quality Update and the IE11 Cumulative Update from AKB2000003. The Office updates: Do you have the Office viewers installed? Do you have the Office Trial Offer (that comes with new PCs – a 30 or 90 day trial witn an offer to buy from MS) on your PC?? If the latter, uninstall it and see if you are still offered the updates. If the Trial Offer is gone, and you have the viewers (which are like a runtime ver of the s/w, accept the updates or uninstall the viewers. The other two should be OK. KB954430 is a security update for XML.

PKCano,

I have nothing of office on either of these machines. That is why I wonder WHY  am I getting updates for office.

Thanks for the tip, I’ll take care of the good ones this evening.

Dave

1 user thanked author for this post.

JDeC

Reply | Quote

Earlier today I searched for the November 2017 MSRT KB890830 update in the Microsoft Update Catalog, in hopes that an updated version was available for Windows 7 x64. I was surprised to find that all of the versions that had been previously dated 11/14/17 had been replaced with new ones dated 11/30/17. When I clicked on the download button I was presented with 2 different files to choose from. Because I was unable to determine which was the correct file to download, I decided wait rather than choose the wrong file.

A few minutes ago I reopened the update catalog  so that I could copy the names of the 2 different download files being offered for Windows 7 x64 only to find that all the November 2017 versions had been updated yet again… It’s still being listed  as: Windows Malicious Software Removal Tool x64 – November 2017 (KB890830), but now it shows that it was update today, 12/7/17. When I clicked the download button, I was again presented with 2 different files to choose from, and I’m still left with the dilemma of which is the correct file to download.

Below are the 2 files that are now being offered.

windows-kb890830-x64-v5.54_ef22d1ab155e6463d05dd1a3d1bd6b069ffa2415.exe

windows-kb890830-x64-v5.54-delta_56816c5257a3fe942c70b10c96da3caa2a7ae1eb.exe

The KB890830 versions for Windows 8, 8.1, and10 are listed differently:  Windows Malicious Software Removal Tool for Windows Insider Preview and Server Technical Preview x64 – November 2017 (KB890830)

Reply | Quote

@twbartender

Your posts were caught in the spamfilter on edits. If you submit/edit/submit/edit too quickly, the system thinks you are spamming. Slow doen and let the system refresh in between. 🙂

Reply | Quote

@PKCano

Thank you for recovering the lost post…

Now that the message has posted do you have any advice as to whether this updated catalog version of the November MSRT should be installed, and if so which of the 2 files is the correct one to install? I’ve been unable to locate any further information on either of the 2 files.

windows-kb890830-x64-v5.54_ef22d1ab155e6463d05dd1a3d1bd6b069ffa2415.exe

windows-kb890830-x64-v5.54-delta_56816c5257a3fe942c70b10c96da3caa2a7ae1eb.exe

Reply | Quote

Woody just posted a new topic no the Malware engine – it should be fixed. That probably means get it through WU when it’s available.

Reply | Quote

I realize I probably missed the bus on this one. I am current on patches for Group B, but I hadn’t installed KB4049016 yet. Is it something that should be installed now?

Thanks!

1 user thanked author for this post.

walker

Reply | Quote

KB4049016 is the Nov .NET Rollup. Yes it should be installed if it is offered as checked in the important updates.

1 user thanked author for this post.

walker

Reply | Quote

@PKCano:  I have a question which I hope you can answer.    I still have KB4042076 listed in my Optionals, (not checked)  however do not have the KB4049016 listed.

When I check on the KB4049016 it states that the KB4042076 has been replaced by the KB 4049016.  It appears that the 4042076 should be hidden (?) and perhaps then the KB4049016 will come up when I check for updates?  I must have missed “something” along the way here.   Thank you for any advice you may be able to provide.    I sincerely appreciate your help, as always.    🙂

Reply | Quote

You can hide KB4042076 if you want to (or not). Since it is UNCHECKED and in the optionals it won’t get installed anyway.
If KB4049016 shows up CHECKED in the important updates, then you can install it.

1 user thanked author for this post.

walker

Reply | Quote

@PKCano:  Thank you very much for the advice about this one.   Without your vast wealth of knowledge, I would not have known.   Your guidance is very much appreciated, as always.    🙂   🙂

Reply | Quote

@PKCano:  Since I was unable to get to the computer to try to get caught up on my messages, I have now “found” that KB4049016 is in the “hidden” list. I must have hidden it, however don’t have any note on it, so don’t know for certain.    If I unhide it and it’s checked is it okay to install it?

I don’t know if this is for Group A or not, however I will try to check.   Being out of commission for such a long time has really knocked me for a loop.  Thank you once again for providing the wealth of information you provide…..    I don’t know what a lot of us would ever do without your help.    🙂

Reply | Quote

KB4049016 is the Nov 2017 .NET Rollup. If you unhide it and it shows up checked, it should be OK to install.

Don’t install any of the Jan updates yet, though

Reply | Quote

Thanks PKCano! I sort of thought it needed to be installed. One other question though, it is actually unchecked in optional, does that make a difference?

Reply | Quote

Rule of thumb – Do not check anything that is UNCHECKED by default.

Reply | Quote

I didn’t think there were any exceptions to that rule, but thought to ask to be certain.

Thanks!

Reply | Quote