MS-DEFCON 4: Get patches, but don’t touch the Meltdown/Spectre trash heap

Topic

New Reply

Things are looking stable. Now’s a good time to get your PC caught up with Windows and Office patches. Follow the instructions in the Computerworld ar
[See the full post at: MS-DEFCON 4: Get patches, but don’t touch the Meltdown/Spectre trash heap]

11 users thanked author for this post.

SueW, columbia2011, Mele20, jburk07, Myst, AlphaCharlie, OldBiddy, Elly, Microfix, CKPanic, Morty

Reply | Quote

Replies

Woody,
Should we still avoid the July 2018 patches?

Reply | Quote

If you follow the instructions in the Computerworld article, you will (generally) be installing the patches that are recommended. In the case of Win7 and 8.1 Monthly Rollups, and Win10 Cumulative Updates, you should only see the August patches — the July patches should be gone.

“Should” being the operative term, of course…

The non-security Office updates (released on Tuesday of this week) are a bit different. You’ll get those patches if you’re running Win10, but I believe they appear unchecked on Win7/8.1, and thus won’t install automatically. The non-security Office patches appear to be relatively tame this month, so I wouldn’t get too excited if you install them or miss them.

5 users thanked author for this post.

Microfix, Myst, OldBiddy, Elly, CKPanic

Reply | Quote

Win 7 Group A 64 bit Windows Home Premium user. Here’s what happened when I updated today:

Offered five important updates – all were checked.

KB4343900 Aug roll up
KB4345590 .NET
KB890830 MSRT
KB4032222 Outlook 2010
KB4022136 PowerPoint 2010

Decided to go ahead and install them all at once (egads – shouldn’t have been such a glutton for punishment!). All updates installed, but I encountered an error with the August security roll up of all things. Can’t remember the exact error number but it was 8020000 something something. So I rebooted and tried KB4343900 once again and it worked the second time around. Don’t know whether it might have something to with installing the .NET update at the same time. In the past I think I’ve noticed kludgy things happening when installing .NET updates along with other updates. I wouldn’t have bothered with the .NET updates except that I use Paint.net and it always wants to update .NET.
Hopefully everything’s ok with my system now!

2 users thanked author for this post.

MrToad28, jburk07

Reply | Quote

Sometimes updates are a bit twitchy in the order in which they are installed. Glad to hear that the second attempt at KB4343900 worked for you.

2 users thanked author for this post.

OldBiddy, jburk07

Reply | Quote

Thanks @gonetoplaid. Yes, very relieved second attempt worked for me! Probably should have done .NET patch later.

Reply | Quote

Haven’t seen a 4 in a long time.

Reply | Quote

Yes indeed, and I can also remember when a 4 was good enough to patch without having to do a complete system/hard drive backup, and then taking deep breaths all through the updating process to help keep your heartbeat rate and anxiety level down!

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

1 user thanked author for this post.

Steve

Reply | Quote

Computerworld article link: https://www.computerworld.com/article/3303568/microsoft-windows/get-caught-up-on-your-july-and-august-windows-office-patches.html

1 user thanked author for this post.

Microfix

Reply | Quote

This month’s article is linked in the blogpost.

2 users thanked author for this post.

jburk07, walker

Reply | Quote

I know, I usually post the link in the comments because it takes a bit for it to show up (and I assume Woody can see it when it’s linked that way, and can update the blogpost accordingly). Just trying to be helpful.

3 users thanked author for this post.

SueW, jburk07, woody

Reply | Quote

Just to make sure: following 2000003 for group b patching I’ll have to install following?
windows 7:
july:
KB 4345459 (replaces KB 4338823)
KB 4339093 (IE11)
august:
KB 4343899
KB 4343205 (IE11)

windows 8.1:
july:
KB 4345424 (replaces KB 4338824)
KB 4339093 (IE11)
august:
KB 4343888
KB 4343205 (IE11)

and on both systems all security only office patches, msrt, flash update (8.1)?
right so far?

2 users thanked author for this post.

Klaas Vaak, Laptop Boy

Reply | Quote

Not a criticism — just a question.  Since IE11 updates are cumulative, why would you install both the July IE11 update and the August IE11 update?  Wouldn’t just installing the August IE11 update be sufficient?

(I suppose it wouldn’t do any harm to install both, provided that you install the July IE11 update first, followed by the August IE11 update, but I’m not sure about that; any advice from other Loungers on this this point would be appreciated.)

Reply | Quote

I’m not that professional, so I don’t know for sure. to make sure I posted all ie11 patches.
If there is something which I don’t need to install, I’ll be told so here, I assume…

Reply | Quote

in addition, as i read here, kb 4338823 (win7) and kb 4338824 (win8.1) seem NOT to be replaced…
now i’m really confused. what do i have to install in order to get from groub b june patch status to august?
like so?
july:
kb 4338823
KB 4345459 (does NOT replace KB 4338823)
KB 4339093 (IE11)
august:
KB 4343899
KB 4343205 (IE11)

windows 8.1:
july:
kb 4338824
KB 4345424 (does NOT replace KB 4338824)
KB 4339093 (IE11)
august:
KB 4343888
KB 4343205 (IE11)

and when exactly do I have to reboot in between these patches?

1 user thanked author for this post.

Klaas Vaak

Reply | Quote

So, I haven’t patched since June. (W7, Group B).

Am I right that it’s now ok to install the following?:

– KB4345459 (Jul Security. Rather than 4338823 as it apparently REPLACES it, according to AKB2000003).
– KB4339093 – (Jul IE)
– KB4343899 – (Aug Security)
– KB4343205 – (Aug IE. I realise IEs are cumulative but I prefer to do them in order anyway, just in-case).

UNLESS I use IE, (Single-sign-on error), in which case I’d be better doing the IE patches in Sept?

1 user thanked author for this post.

Klaas Vaak

Reply | Quote

We installed all this updates, no problems so far. But watch up for machines VM installed inside. Better have backup for them, I prefer acronis backup.
So test them, and apply if it passes your individual tests.

Support Open Source community for defeating Microsoft

Reply | Quote

It would be nice if we could tie Windows updates to the MS-Defcon level. Whenever it goes to 3, 4, or 5, backups would kick off; and they would be blocked for 1 and 2.

Oh well, I can dream…

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

WildBill

Reply | Quote

Some sort of API on this site which could be linked by a small bit of code to something like the WUMT minitool would do it.

Reply | Quote

Reporting in:  GROUP A
KB4343900  installed and all is well.

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1
Processor:  Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller

 

FYI Never installed July updates.
Did not install KB4345590 (.net rollup) not sure if there’s issue with it.
Did not install MSRT. Not sure if there’s issue with that one also.
Both are checked.

1 user thanked author for this post.

jburk07

Reply | Quote

dgreen

A recent BIOS update is available for your Dell Inspiron 660 computer (revision A13) – released in July 2018.

Fixes
– Updated CPU microcode to address security advisory Intel Security Advisory INTEL-SA-00115 (CVE-2018-3639 & CVE-2018-3640)

Reply | Quote

On both of my Win10 1703 pc’s (AMD Ryzen 1700 on ASRock AD350M & i5 4440 on Gigabyte H97N-WIFI) I’m not being offered the 2018-08 updates.

However, on my Win8.1 Pro Hyper-V VM (host is Win10 1703) the 2018-08 updates have been installed with no issues (so far).

Rgds, Zeus

Reply | Quote

MrJimPhelps wrote:

It would be nice if we could tie Windows updates to the MS-Defcon level. Whenever it goes to 3, 4, or 5, backups would kick off; and they would be blocked for 1 and 2. Oh well, I can dream…

mmm, thats a idea…..

Rgds, Zeus

Reply | Quote

Are .NET framework updates OK now?

Reply | Quote

Group A: Running Win 7 Home x64, only installed KB4343900

Let me tell you I sat there in dread expecting the worst, but everything seems fine so far

Reply | Quote

BobT wrote:

So, I haven’t patched since June. (W7, Group B). Am I right that it’s now ok to install the following?: – KB4345459 (Jul Security. Rather than 4338823 as it apparently REPLACES it, according to AKB2000003).  <snip>

This still isn’t clear to me. The KB4345459 support page indicates that

This update does not replace a previously released update.

Can someone definitively state yes or no that KB4345459 replaces KB4338823? I haven’t identified any information to support that KB4345459 is a replacement patch.

1 user thanked author for this post.

Klaas Vaak

Reply | Quote

No, it does not.

4 users thanked author for this post.

SueW, Klaas Vaak, OscarCP, davinci953

Reply | Quote

According to PKCano’s wording in the Group B patch list KB4345459 DOES replace KB4338823 and it seems as though Woody’s CW article would have stated that we need to install BOTH of them if that’s the case.

At any rate I guess I’ll be holding off on installing the July & August SO updates a little while longer to see how this bump in the road gets smoothed out.

1 user thanked author for this post.

SueW

Reply | Quote

Please see my post #215870. I hope this helps.

2 users thanked author for this post.

Lori, Ed

Reply | Quote

Win 7 Pro Group B here. In July I skipped KB4338823 and simply installed KB4345459 as instructed.  After doing that I had frequent and sundry non-critical errors showing up in Event Viewer. As a test yesterday to cover the bases before doing the August updates, I decided to uninstall KB4345459, go ahead and install KB4338823 followed by reinstalling KB4345459 – with the asked for reboots in between, of course (and drive images at each stage).

The frequency of errors significantly diminished and my system boots much faster. Not sure why my machine behaved this way. Maybe the original install of KB4345459 was botched? YMMV.

Then I went ahead with the August Security Only updates. All seems fine.

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

Reply | Quote

BobT wrote:

So, I haven’t patched since June. (W7, Group B). Am I right that it’s now ok to install the following?: – KB4345459 (Jul Security. Rather than 4338823 as it apparently REPLACES it, according to AKB2000003). – KB4339093 – (Jul IE) – KB4343899 – (Aug Security) – KB4343205 – (Aug IE. I realise IEs are cumulative but I prefer to do them in order anyway, just in-case). UNLESS I use IE, (Single-sign-on error), in which case I’d be better doing the IE patches in Sept?

KB4345459 does not replace KB4338823. You have to install both in addition to the August security only update. If KB4345459 replaced KB4338823, then trying to reinstall KB4338823 should report that this update is not applicable to your computer. Yet when I just now tried to reinstall KB4338823, I get a message that KB4338823 is already installed on my computer. Moreover, neither the KB article or the package details for KB4338823 mention that this update has been replaced by any other update.

Since the August update additionally fixes some issues with the July updates, I chose to install them by taking advantage of supersedence in order to avoid any issues. Here is how I did it this last weekend:

Install KB4343899 (Aug. sec. only) and reboot.

Install KB4338823 (July sec. only), don’t reboot, then install KB4345459 (patch for July sec. only) and then reboot.

I haven’t messed with the .NET or IE updates lately. I plan on trying those out this weekend, now that I know that I don’t any issues with the July security only update and its patch, and the August security only update.

6 users thanked author for this post.

Lori, Bill C., SueW, jburk07, Seattle27, woody

Reply | Quote

Excuse my ignorance: are you saying that is ok to apply first August security only update and then July ones? I always believed security only updates have to be done in order.

Also, can you clarify this: “If KB4345459 replaced KB4338823, then trying to reinstall KB4338823 should report that this update is not applicable to your computer. Yet when I just now tried to reinstall KB4338823, I get a message that KB4338823 is already installed on my computer.”
Because from my understanding the last sentence does not make sense. In other words, you shouldn’t get any messages and both updates should get installed.

My plan for Win7 July+August was to go > KB4338823 + KB4345459 > reboot > KB4343899 > reboot > KB4343205; am I wrong?

PS: Is the VMware Fling thing coming or not? Thanks for your help.

1 user thanked author for this post.

Klaas Vaak

Reply | Quote

@anonymous: his statement

Yet when I just now tried to reinstall KB4338823, I get a message that KB4338823 is already installed on my computer.

to me means thatKB4345459 indeed replaces KB4338823 because the former achieves what the latter was supposed to achieve.

To me, the issue of replacement (both Win 7 & 8.1) is not clear, as you pointed out above in your very 1st comment.

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote

@GoneToPlaid:

Install KB4343899 (Aug. sec. only) and reboot.

Install KB4338823 (July sec. only), don’t reboot, then install KB4345459 (patch for July sec. only) and then reboot.

That runs counter to what AKB2000003 recommends, which is:

“… you have to install them in chronological order — the October patch, followed by the November patch, followed by the December patch, and so on.“

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote

There are a few August  .NET updates for Windows 7, x64 waiting for me to install them. Are there any August .NET patches for my OS that are still not OK to install? Thanks.

 

Group B. Windows 7 Pro SP1, x64.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I believe that all of the .NET patches, as they currently stand, are OK.

4 users thanked author for this post.

Lori, OscarCP, dgreen, SueW

Reply | Quote

For what it’s worth, at this point I have several combined weeks of testing on Win 7 and 10 with the latest set of patches. All has been very well on my systems.

I strongly support Woody’s decision to go to MS-DEFCON 4.

All that being said, please be careful, make sure you have backups/system restore points, and set aside enough time to get the task done without having to be interrupted or rushed.

-Noel

8 users thanked author for this post.

satrow, SueW, Klaas Vaak, Jan K., jburk07, BobbyB, Karlston, Kirsty

Reply | Quote

Noel, have you installed also any August .NET patches for Windows 7, x64? All of them?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I took all the updates Windows Update made available on 8/23, including .NET Framework 4.7.2 update KB4054530.

-Noel

4 users thanked author for this post.

Lori, dgreen, woody, OscarCP

Reply | Quote

Can confirm Windows 7 patches are okay.

It does feel though they’re not being downloaded/installed as swift as they once did?

…make sure you have backups/system restore points,

I wouldn’t recommend having any trust in restore points… they may or may not work.

3 users thanked author for this post.

SueW, jburk07, BobbyB

Reply | Quote

you noticed that as well eh? Did all mine including Win8.1 another 550mb bundle that went fairly quick, Win7x86 approx. 250mb bundle that went slow, mind you it always does its an older machine. Win7’s Ent and Pro x64 were noticeably slower approx. a 400mb bundle. There was a backlog of some Office 2010 parches but even so it seemed to take a bit longer even with the default QoS settings something I never change as a rule. Not sure whether rolling over from July had anything to do with it though although as they are cumm. they just get replaced by Aug’s I would imagine.

Reply | Quote

One thing to help with seeing to it that you can actually restore to a specific restore point is to run the restoral operation from the bootup WinRE environment (i.e., choose to enter the recovery environment from the advanced startup menu).

-Noel

2 users thanked author for this post.

Lori, Jan K.

Reply | Quote

If you want to avoid the Spectre trash heap and you haven’t installed any bios microcode or bios updates, then consider disabling hyperthreading in your bios.

It’s easy to do and easy to reverse as required.

1 user thanked author for this post.

Karlston

Reply | Quote

Does that mean processors that don’t have hyperthreading, like my Skylake i5-6500 are immune to Spectre?

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

Reply | Quote

Karlston wrote:

Does that mean processors that don’t have hyperthreading, like my Skylake i5-6500 are immune to Spectre?

Unfortunately, no. Yet there are separate issues with hyperthreading which make a CPU more vulnerable to attack if hyperthreading for the CPU is enabled in BIOS.

1 user thanked author for this post.

Karlston

Reply | Quote

No but having hyperthreading enabled on systems could make those systems in effect low hanging fruit to Spectre hackers.

It is thought that probing systems could detect whether systems are more exploitable.

2 users thanked author for this post.

GoneToPlaid, Karlston

Reply | Quote

Yeah the AMD APU A8 (as an example from four years ago) processors are susceptible even though they do not have a hyperthread feature, that is so inpart because the flaws of speculative execution. I do not possess the knowledge with respect to cache design but reckoning AMD’s must be little bit diffrent from Intel, perhaps why AMD does not have the meltdown flaw.

Reply | Quote

anonymous wrote:

If you want to avoid the Spectre trash heap and you haven’t installed any bios microcode or bios updates, then consider disabling hyperthreading in your bios.

It’s easy to do and easy to reverse as required.

It bothers me that we’re having to consider disabling performance features because of these made up security issues.

-Noel

Reply | Quote

Woody, I don’t know why you’re so concerned about the Intel microcode patches. I’ve installed them and had ZERO probletdhsthodealu8cgfl;9qcoefu0la8oeufga[9oeg8ua9loe8uao.ef7ge90oae8u7a0o9e87ua90o.

8 users thanked author for this post.

johnf, JohnW, Microfix, Bill C., SteveTree, Noel Carboni, OscarCP, woody

Reply | Quote

HA!

Well said!

1 user thanked author for this post.

teuhasn

Reply | Quote

I installed Kb4343900, KB4345590, Kb890830, took a total of 28 minutes from download to reboot and so far no problems.

Windows 11 Pro
Version 23H2
OS build 22631.5189

2 users thanked author for this post.

dgreen, jburk07

Reply | Quote

On 1709 Home with metered connection set to on, 1803 update hidden in wushowhide but as per usual, it still trying to download 1803 even though it’s hidden.

Reply | Quote

Windows 7 SP1 64bit, with Broadcom network card. Group B.

Installed August’s updates; IE11 KB4343205, Security Only KB4343899.
Installed KB4345679 SO .net – with the one for 3.5.1 KB4344177.
From the catalog; Installed IE11 first, Windows SO 2nd, .net 3rd, and last from WU the MSRT.

Installed one at a time.
No network issues. No oddities.

Manually ran .net image compiler (NGEN). http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx

Rebooted 3 times and let it sit for several minutes.
No Problems.
Thanks to all here.

1 user thanked author for this post.

OscarCP

Reply | Quote

teuhasn wrote:

Woody, I don’t know why you’re so concerned about the Intel microcode patches. I’ve installed them and had ZERO probletdhsthodealu8cgfl;9qcoefu0la8oeufga[9oeg8ua9loe8uao.ef7ge90oae8u7a0o9e87ua90o.

I guess you just installed the January 2018 update with its flawed microcode which causes data corruption.

 

3 users thanked author for this post.

SueW, Microfix, Kirsty

Reply | Quote

Win7, 64bit, Group A, patched through June 2018

Wanted to run a few things off before running updates (currently on Never Check for Updates, but will switch over of course). I plan on making a full system backup before the task.

I’m all patched through June so I shouldn’t have any problems with installing the cumulative updates, specifically the NIC update correct?

You also mentioned don’t “check” any updates unchecked, for example if July updates show up alongside August unchecked, leave them unchecked. However, Unchecked/Checked Office Updates were said to be ok coming from Susan Bradley so I’ll go ahead and install those? Say that 5 times real fast. Whew

Avoid the snoop tool KB 2952664 if it shows up.

Thanks.

MacOS iPadOS and sometimes SOS

1 user thanked author for this post.

woody

Reply | Quote

NTDBD reporting in:

Installed KB4343900 Aug roll up, and KB4345590….no issues. July patches did not appear.

Gotta find a thick prayer rug and give thanks for all, including those here!

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

jburk07

Reply | Quote

Jan K. wrote:

Can confirm Windows 7 patches are okay. It does feel though they’re not being downloaded/installed as swift as they once did?

…make sure you have backups/system restore points,

I wouldn’t recommend having any trust in restore points… they may or may not work.

Wise advice.

The more restore points you need to go back, the less likely success seems to be.  However, if restore falls over, sometimes setting Safe Boot Minimal, restarting and trying again finds a way around the issue.

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

2 users thanked author for this post.

SueW, jburk07

Reply | Quote

Win 7 Group B thanks to this forum. I also take care of my elderly folks Win 7 machines as they want to remain Group B as well…….. (I also have two Win 8.1 Group B laptops)

We are all patched through June, I did not apply July security. Before I proceed, which I always do at DEFCON 4, I want to be sure I have the order correct.. and I always download from the 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1 page” here on askwoody.com

From what I read I should apply the Aug. Security Only first (kb4343899), reboot, then July Security Only (kb4338823), DONT reboot, then install the patch for the July Security Only (kb4345459) the reboot

If all goes well  should I then install IE 11 August Security kb4343205? Or perhaps install that one before all of the others? I figure I will install the .NET last if everything goes well.

Thank you for the advice, I am also able to help out my folks thanks to all of you

Reply | Quote

anonymous wrote:

Win 7 Group B thanks to this forum. I also take care of my elderly folks Win 7 machines as they want to remain Group B as well…….. (I also have two Win 8.1 Group B laptops) We are all patched through June, I did not apply July security. Before I proceed, which I always do at DEFCON 4, I want to be sure I have the order correct.. and I always download from the 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1 page” here on askwoody.com From what I read I should apply the Aug. Security Only first (kb4343899), reboot, then July Security Only (kb4338823), DONT reboot, then install the patch for the July Security Only (kb4345459) the reboot If all goes well should I then install IE 11 August Security kb4343205? Or perhaps install that one before all of the others? I figure I will install the .NET last if everything goes well. Thank you for the advice, I am also able to help out my folks thanks to all of you

I installed the patches in chronological order on a Windows 7, 64-bit system, so I think you can go either way on how you approach the updates.

• July Security Only (KB4338823), no reboot, and then install the patch for the July Security Only (KB4345459), reboot. Just a side note on the KB4345459 patch. FWIW, the update history reports this patch as an Update for Windows, not as a Security Update for Windows. I think @GoneToPlaid is correct that KB4345459 is not a replacement for KB4338823 but rather a fix patch.
• Aug. Security Only (KB4343899), reboot.
• IE 11 August Security (KB4343205), reboot.
• .NET Security and Quality Rollup (KB4345590), reboot.

I’m happy to report that all is good.

1 user thanked author for this post.

SueW

Reply | Quote

Hi all, are the .net patches now safe to install???  I can’t see anything in the Computerworld article about this, I’m on W7.

Reply | Quote

See the Master Patch List for the status of .NET updates relative to your system.
All seem to be safe to install.

Windows - commercial by definition and now function...

4 users thanked author for this post.

Lori, dgreen, Jan K., woody

Reply | Quote

There are some known issues with .NET 4.7.2

2 users thanked author for this post.

Lori, walker

Reply | Quote

8.1 Group B

I’ve installed 4338824, 4345424 and 4339093. Reboot ok.

That was yesterday. Today I installed 4343888 and 4343205. Reboot ok

Net Framework 4345592 I will install  tomorrow unless I see something on this forum warning me otherwise.

Reply | Quote

Windows 10 Pro 1709.  I did not install patches in July.  Installed the cumulative update a couple of hours ago. For the FIRST TIME since I got this computer, I had a few odd problems with the update.  I would not call this level 4 more like level 3 IMO.

I update via Microsoft update catalog. This update, I could not close my browser after downloading and update commenced with the browser open. Update appeared stuck at 1%.  Finally, I was able to close the browser and update then proceeded at a more normal rate.  After the computer rebooted, I found that Windowblinds was not running and that has not happened with earlier updates.  After I restarted it, I found it had lost my settings and was set on a strange style I have never used.  I had to reset everything. I’ve used Windowblinds for seven-eight years now (on Windows 8 and 10) and never had it lose settings after a Windows update.  I could see that perhaps happening if i was upgrading to 1803 but this was just a monthly cumulative update.

Only once before have I had a monthly cumulative update reset scrollbar width and height to the extremely narrow default made worse on wide screen large monitors.

As for Windows Defender, I am suddenly now able to click away the yellow triangle and exclamation point that has been set (with no way to remove) on App and Browser Control and Virus Protection since I got this computer.  That’s nice!

All in all it was ok.

Reply | Quote

Here is my experience – Win 8.1, Group B, SO.

In July I did not install any patches because of the mess and the continued low MS-Defcon level.

Today I decided to go ahead and install updates for July & Aug as recommended on 2000003.

KB4338824 – installation failed.

KB4345424 – installed fine, which to means KB4338824 is depracated and indeed replaced by this one. I rebooted as recommended on the screen.

KB4339093 – did not install. I shutdown and relaunched – installation succeeded.

Rebooted again. Then

KB4343888 – installed fine. Then, rather than reboot again, I installed KB4343205, which went fine. Then I rebooted.

As an aside, in the process I found out that reboot is not the same as shutdown/relaunch if you have Fast Start/Boot enabled. I shutdown my PC at the end of every day, thinking to make a fresh launch at the start of every day. That is not so with Fast Start/Boot enabled. So I have disabled it, thus ensuring a real fresh launch every day

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote

@YP (Win7 group B updated to June)

To all that are confused with whether KB4345459  replaces KB4338823.  I saw “answer” a few weeks back, see post/link below from @abbodi86 (Read the exchange from link below)

https://www.askwoody.com/forums/topic/july-patches-are-all-messed-up-but-a-good-hint-appears-in-japanese/#post-204857

From post: (Repeated here for your convenience)

• If you installed KB4338823, then you need to install KB4345459.
• If you DID NOT installed KB4338823, you only need to install KB4345459.

My plan is:

• Image my system
• Install security updates KB4345459, KB4343899
• Install IE11 KB4343205 (cumulative, so don’t need June IE)
• Reboot
• Install Net frame quality & security update
• Reboot

At least that’s my working plan.  I will do

1 user thanked author for this post.

walker

Reply | Quote

I saw TWO updates on my Win 7 Pro 64-bit box (Group A) and installed them, but THREE are now shown as installed:

KB 4344146 for .Net Framework 4.7.2 – this was expected

KB 4343900 Security Update for MS Windows

KB 4344152 Update for MS Windows

I don’t remember which of the last two was offered before I installed, but why were THREE installed instead of TWO?

Thanks.

Reply | Quote

Firstly, create a system image (preferred) or system restore point before continuing.
Better safe than sorry

W7 Group B patchers:
Install the following patches for July and August:

Jul 2018 kb4338823: no longer required superseded by kb4345459 *
Jul 2018 kb4345459: SO update – supersedes/ replaces kb4338823 (reboot twice)
Aug 2018 kb4343899: SO update (reboot)
Aug 2018 kb4343205: IE11 CU update (reboot)
————————————————–
W8.1 Group B patchers:
install the following patches for July and August:

Jul 2018 kb4338824: no longer required superseded by kb4345424 *
Jul 2018 kb4345424: SO update – supersedes/ replaces kb4338824 (reboot twice)
Aug 2018 kb4343888: SO update (reboot)
Aug 2018 kb4343205: IE11 CU update (reboot)
————————————————–
Master Patch list for .NET updates indicate that all seem to be safe to install for both W7 and W8.1 as well as MSRT and not forgetting the Flash update for W8.1 (YMMV)

NOTE: * If you haven’t been following the MS-DEFCON system and have already installed kb4338823 (W7) or kb4338824 (W8.1) then you MUST install kb4345459 (W7) or kb4345424 (W8.1) and then follow the above sequence relative to your system OS.

Patch links available at AKB-2000003 and Master Patch List

Windows - commercial by definition and now function...

4 users thanked author for this post.

Elly, Purg2, Laptop Boy, SueW

Reply | Quote

so if i understand this right, if i followed 2000003 and installed all patches including june, then have to install the following:

windows 7:
Jul 2018 kb4345459: SO update – supersedes/ replaces kb4338823 (reboot twice)
Aug 2018 kb4343899: SO update (reboot)
Aug 2018 kb4343205: IE11 CU update (reboot)

windows 8.1:
Jul 2018 kb4345424: SO update – supersedes/ replaces kb4338824 (reboot twice)
Aug 2018 kb4343888: SO update (reboot)
Aug 2018 kb4343205: IE11 CU update (reboot)

and afterwards in install all checked .net updates (if there are any), msrt, flash, office 2010…

2 users thanked author for this post.

Microfix, Charlie

Reply | Quote

so, kb4338823 (win7) and kb4338824 (win8.1) are REALLY replaced/superseded?
i’m asking this again to make sure, because someone here said that these are not replaced…

2 users thanked author for this post.

Microfix, Charlie

Reply | Quote

According to this post : #204857 and also this post: #204824 it’s replaced/ superseded. See my NOTE * at the foot of my methodology post.

Windows - commercial by definition and now function...

Reply | Quote

thx! i have followed ms defcon system and i’m still at patch level june at the moment. so, i will skip kb4338823 (win7) and kb4338824 (win8.1) on patching tomorrow morning.

Reply | Quote

That is correct and assuming you mean that

and afterwards in install all checked .net updates (if there are any), msrt, flash, office 2010

is relative and pertains to July and August patches, that is also correct.

Windows - commercial by definition and now function...

Reply | Quote

thx! then i’ll patch tomorrow morning. and yes, about .net, msrt, flash and office i meant july and august patches. everything else prior july (up to june, inclusive june) is installed already.

1 user thanked author for this post.

Microfix

Reply | Quote

I just finished updating windows 8.1 notebook, patching windows 7 computer is yet to come (still waiting for backup to be finished).

On 8.1 there are two more updates available for office 2010, not marked as security update, but “important” and checked by default. Both I did not install yet:
office 2010 kb4092436, powerpoint 2010 kb4022136.
What are these for and should I install them?

I assume, windows 7 computer (also office 2010) will offer the same updates, once it’s patched that far…

Everything else, flash, msrt, .net and all other security updates for office 2010 are installed already on win8.1 notebook.
and of course, no optional updates installed, as always.

1 user thanked author for this post.

columbia2011

Reply | Quote

To Microfix:

I’m in Group B, running Windows 8.1 Pro.  Thank you for the very clear, step-by-step instructions.

Since the July 2018 security-only update KB 4338824 has been superseded and replaced by KB 4345424, I am not installing KB 4338824.  I’ll install KB 4345424 instead.  But one question: why have you advised rebooting twice, rather than once, after installing KB 4345424?

Regards, Laptop Boy

 

 

Reply | Quote

Windows 10 Pro here. Was Version 1709. Planned on upgrading to 1803 over Labor Day Weekend even before the ME DEFCON 4 status here.

Did the Aug. 2018 MS Updates (had previously done the July 2018 updates without incident). All was well. Updated third-party programs and cleaned out residues from a driver updater which Avira hates. (I found online that copying the System32/Drivers/DriverStore folder is sufficient driver backup, and drivers can be restored from these backups with the Windows Device Manager — this is new in Windows 10.) Ran some tests, did cleanups with Glary Utilities, the newest CCleaner (without the persistent tray icon) and Windows Disk Cleanup, all stops pulled out full. Made a system backup with Macrium Reflect Free and backed up my data.

So my August 2018 MS Updates went off without a hitch. Then I ran the Update Assistant with Feature Updates no longer delayed. Ran through the 1803 update without incident. The process ran about an hour, end to end, with several restarts. Tested the results and restored several sets of system feature tweaks. (I dual-boot, so Fast Startup had to be disabled, and privacy settings were restored using O&O ShutUp 10, and then there were a few other tweaks to redo or new stuff to disable or modify in the 1803 features.) All went well.

Cleaned up as before, then made backups with Macrium Reflect Free and copying my data to separate external drive archives.

I didn’t even have to reinstall the official Intel Drivers from Intel’s Support App this time. 1803 respected my own choices for drivers in almost every case. All drivers were backed up with DriverMax (which I use only for driver backups and restores). Then I copied the DriverStore folder and finished my backup routines.

I also scan for malware with MalwareBytes Free, Avira Free, Windows Defender and ClamWin. This I do after any software update cycle. So this weekend those scans were done a total of three times (third party updates, MS Aug 2018 updates, and 1803 update). These are full system scans, with rootkit checks and memory process scans.

Happy to report I agree with the MS DEFCON 4 rating. For most folks, I would think everything is working as it should for now. As for features in 1803, nothing much to get excited about, though Timeline is both a handy tool and one more thing which needs to be cleaned out from time to time. Take the good with the bad, I guess.

-- rc primak

3 users thanked author for this post.

Elly, Jan K., johnf

Reply | Quote

As for features in 1803, nothing much to get excited about…

What!? Not even the new emojis got your heart beat faster?

1 user thanked author for this post.

Cybertooth

Reply | Quote

My Win 7 x64 system has not had any WU patches since Dec 8, 2017.

Now that Woody has announced Defcon 4, I have backed up the drive and I am ready to proceed with updates. Today I am offered 15 Important updates (JPG attached).
I figure I should do the cumulative rollup first, and then re-run WU.
But I am puzzled, since today I am offered BOTH of these:

2017-12 Security Monthly Quality Rollup KB 4054518
and
2018-08 Security Monthly Quality Rollup KB 4343900

Should I install the December one, reboot and install the August one, or just install the August one and then re-run WU? After that, my usual habit would be to consider and install the remaining KBs one at a time.

Thank you for any guidance.

Reply | Quote

If you are using Windows Update, JUST CLICK INSTALL for the checked updates. Windows Update KNOWS what you need, in which order and when you need to reboot. It’s that simple

2 users thanked author for this post.

walker, AlphaCharlie

Reply | Quote

I’ve today installed certain updates on one of my Windows 7 x64 desktop machines. Specifically, KB4343900 (quality security update) and KB4345590 (.Net Framework quality security update), both separately in that order and without any apparent issues as yet. I also subsequently installed the five checked Office 2010 updates without apparent issue, but not the unchecked Office 2010 update KB4092436.

Subject to no problems becoming apparent over the next day or two I will install the former updates on my other machine which is similar but without Office installed (it’s my gaming machine).

I have hidden where they were offered the MSRT (I’m no longer installing that following problems with it a couple of months ago), our old friend KB2952664 (for the umpteenth time), both the quality security and .Net Framework Preview updates, and KB4054530 (.Net Framework 4.72).

As always, my thanks to Woody, the Team, and my fellow commenters for their continued good advice.

2 users thanked author for this post.

Microfix, jburk07

Reply | Quote

Update: Both computers now updated as indicated, and no apparent issues.

Reply | Quote

KB4338823 contains July 2018 security fixes + may cause TCP/IP BSOD issue
KB4345459 contains July 2018 security fixes + a fix to prevent/mitigate TCP/IP BSOD issue

Reply | Quote

I haven’t found any documentation to support that it’s a replacement patch. What’s your basis for stating so? The KB4345459 support page indicates that it does not replace a previously released update and lists only what’s fixed. Windows also identifies the patch as an ‘Update for Windows’, not a ‘Security Update for Windows’.

Reply | Quote

Davinci, I agree with you. That KB did not say it was a replacement.

Installed Security Only KB4338823, rebooted, then installed KB4345459  (Microsoft did not say it replaced any previous KB).   https://support.microsoft.com/en-us/help/4345459/stop-error-0xd1-after-a-race-condition-occurs-in-windows-7-service-pac

No issues afterwards.
Windows 7 64 bit

Reply | Quote

guys is there anything wrong with KB4339093 IE11 July update i see everyone is skipping it and installing IE11 KB4343205 August update ?

Reply | Quote

The IE11 patches are CUMULATIVE, so you only need the latest one, not both.

2 users thanked author for this post.

walker, Elly

Reply | Quote

Does anyone here knows about this?

I run Win 7 x64 with Office 2010, and just have had this “important” update showing up (unchecked) in my Win 7 machine:

” Update for Microsoft Office 2010 (KB4092436) 32-Bit Edition
Download size: 33 KB
You may need to restart your computer for this update to take effect.
Update type: Important
Microsoft has released an update for Microsoft Office 2010 32-Bit Edition. This update provides the latest fixes to Microsoft Office 2010 32-Bit Edition. Additionally, this update contains stability and performance improvements. “
More information:
https://support.microsoft.com/kb/4092436
Help and Support:
https://support.microsoft.com/?LN=en-us

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Are you using the Equation Editor? After the removal of Equation Editor 3 in the January updates, you may recall there was an issue.

If you aren’t editing equations that were created in Equation Editor 3, it’s likely you can do without this update. This is probably why it is unchecked in your machine.

Reply | Quote

Kirsty, thanks; I just saw your entry. Yes, I use Equation Editor in Office 2010, the version installed in my 7-year old  Win 7 machine when the PC was still brand new. If you have a moment and to be sure I fully understand this: is this update meant also for Office 2010?

I have  been thinking all along that the Equation Editor problem had been solved already by MS with a patch.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

As the January thread established:
1) the new native equation editor is from Office versions 2007 and onwards
2) editing equations created in the earlier Equation Editor 3 was not possible after January patch
3) workaround for being able to edit the Equation Editor 3 equations in Office 2007 or higher version
4) you are using the native equation editor built into Office 2010, which did not have Equation Editor 3
5) you would only be affected in editing equations in Office 2010 that were created in the earlier Equation Editor 3 – the equations you create in Office 2010 are done with the new native equation editor, not Equation Editor 3.

So, if you continue to use only the native equation editor in Office 2010, you would not require this. Only if you have a need to EDIT equations created in the equation editor that was installed in Office 2003 and earlier versions should you need this. Most users are unlikely to be editing old Equation Editor 3 equations!

3 users thanked author for this post.

woody, Bill C., Jan K.

Reply | Quote

It’s certainly not the right time for patching Windows 10 now, since this would install the ‘cumulative’ August preview patches – and previews are known to have caused quite a few issues in the past.
Assuming Windows Update is used for installing patches, the only way to evade previews is to update between Patch Tuesday and the day before previews get released.

Reply | Quote

Sorry to repeat, but on my Win 7 Pro 64-bit box – and I’m Group A – only two updates were checkmarked (.NET update and one more), but I ended getting three (.NET update and two more).  Any ideas why?

These three were actually installed:

KB 4344146 for .Net Framework 4.7.2 – this was expected

KB 4343900 Security Update for MS Windows

KB 4344152 Update for MS Windows

After the .NET update, I expected only one more.  So why did I get two more?  Thanks.

Reply | Quote

4344152 is an update for .NET 3.5.1. Perhaps the metadata determined that you needed this to accompany 4344146?

In order easily to research KBs, one Firefox Bookmark I keep handy is http://support.microsoft.com/kb/000000 . Then I plug in the KBnumber of interest.

1 user thanked author for this post.

glnz

Reply | Quote

Security-only KB4345459 contains Security-only KB4338823 plus the fix for tcpip.sys.

Reply | Quote

Updated and all seems to be OK, although it is worth noting that you may need to be a lot more patient than usual – the .NET update took 35 minutes to install. YMMV.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

3 users thanked author for this post.

Microfix, jburk07, SueW

Reply | Quote

I had the same experience with the .net framework update for .net 3.5.1,4.5.2, etc. rather than the .net 4.7.2 fix. I only downloaded the .net fix by itself, nothing else at all. The d/l seemed to be taking forever, so I used Windows 7’s built-in tools to find out just what was going on. Turns out that the download itself was coming down from MS’s servers at a paltry 56k speed, meaning the 84.6 meg file took about a half hour to download! When I looked in Resource Monitor’s listings for networking connections, there it was, the connection to MS’s server, listed at a connection speed just below 56k, alternating between 42 and 54 k with each packet!

This was LAST Tuesday evening, August 28th, well before Woody moved us to MS-DEFCON 4. The next day, August 29th, the same download happened at a much quicker pace on another computer, and the file downloaded in just a few seconds. Just goes to show that even MS’s servers can sometimes be throttled to give everyone bandwidth to d/l files.

Yes, I tried speed tests right afterwards on various other servers in different geographic locations on the computer where the d/l took forever, and they all came back with no single speed slower that 30 megs a second, leading me to conclude the server itself was throttled in some way.

Just my 2¢ worth!

Reply | Quote

Win 7 Pro, Group A, Wolfdale Intel Core 2 Duo E8400, Last update was June Rollup

Thank yous to Woody and all Loungers.  This has been a crazy summer!
Today I took advantage of Level 4 and associated updating recommendations. Went off without any problems and Sys seems happy and, so far, running well.
Full Image, KB4343900, reboot, KB4345590, reboot, KB890830 MSRT, reboot, cleanup disk, reboot.  Hassle-free and pretty darned quick.  All in less than 30 minutes.
I was offered the evil KB2952664 and re-hid it.  Also was offered (unchecked) KB4054530 and ignored it.

As summer wanes, well wishes to all and thank yous again to the many experts!!!

2 users thanked author for this post.

Microfix, jburk07

Reply | Quote

samak wrote:

it is worth noting that you may need to be a lot more patient than usual – the .NET update took 35 minutes to install. YMMV.

I blame Woody for the slow process. Posting Defcon 4 caused a massive rush of people updating:)

Microsoft must be wondering what’s happening on their update servers.

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

2 users thanked author for this post.

Jan K., samak

Reply | Quote

So far Askwoody has been an valuable service.

3 users thanked author for this post.

Jan K., Myst, Microfix

Reply | Quote

I e-mailed my original report to Woody & he suggested I post my experience here:

Something interesting happened after I applied updates on my Windows 8.1 laptop today. 1st, I accidentally applied the Telemetry update KB3080149 instead of the .NET Framework for 4.7.2 (KB4054566). After uninstalling the 1st & installing the 2nd (& restarting a 2nd time to apply it), I checked for Windows Updates & found something New. KB4054534; .NET Framework 4.7.2 Language Packs. Since it’s only Language Packs, I have no pressing need to apply them now. I’ll wait until applying the September Updates in October.

Woody’s responses: “Fascinating!” & “Good stuff….”. Anyone else on Win8.1, Group A encounter this?

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

1 user thanked author for this post.

woody

Reply | Quote

I might understand putting executables on a diet, which would be better but it is about changing .NET languages. Maybe .NET core files are smaller sized files, they may have done this so devs can pick a preference for their native language ignoring the system’s regional settings.

Reply | Quote

I want to thank everyone here for your advice and patience.

Today I updated my Win 7 desktop and two Win 8.1 laptops. I am Group B and was patched through June.

First on my Win 7 I installed the August IE11 kb4343899. Second I installed the July Security patch kb4345459. Third I installed August Security Only update kb4343899. Finally I installed .NET update kb4345590.  I rebooted between each update. So far everything is ok. and fingers are crossed it stays this way

On my two 8.1 laptops I basically did the same installing the IE11 August update first, then the July Security kb43445424, then I installed the August Security kb434888 and finally the .NET kb4345592.

Both laptops are doing well, I have had no issues as of tonight.

Now I have to visit my folks this weekend and do the same with their Win 7 desktop and old Win 7 laptop. (They also have a Win 10 laptop they dislike)

So again, thank you all for your time, expertise and patience.

4 users thanked author for this post.

Jan K., Microfix, SueW, jburk07

Reply | Quote

Glad it worked out. Question: You have KB 4343899 listed twice, identifying it the first time as the IE 11 update and the second as the Security Only update. The IE 11 update is KB 4343205. It probably doesn’t really matter what order you applied the updates, but I’d be curious what the order actually was.

Reply | Quote

My apologies DrBonzo, I wrote it incorrectly as you stated. You are correct, the IE11 Aug. update is kb4343205. This is what happens when I try to type before bed
Although I had the wrong kb number written I did install the IE update first.
I am now at my folks using their old Win 7 laptop and about to begin the installation process. Fingers crossed……………

1 user thanked author for this post.

DrBonzo

Reply | Quote

Thanks, and good luck!

Reply | Quote

FOR ALL GROUP B PATCHERS WHO ARE CONFUSED

I see the same question here over and over concerning the Security-only patches for July: KB4338823 and KB4345459 for Win7 and KB4338824 and KB4345424 for Win8.1. So you can take this information and patch accordingly, or not take it and not patch.

@abbodi86 is one of the most knowledgeable persons contributing to this site. His post #204691 explains about the July patches. But #204857 spells it out:

No worries at all

either just install KB4345459 and be done with it, or if KB4338823 is already installed, then install KB4345459, and then be done with it.

exactly

KB4338823 contains July 2018 security fixes + may cause TCP/IP BSOD issue
KB4345459 contains July 2018 security fixes + a fix to prevent/mitigate TCP/IP BSOD issue

Security-only patches are NOT CUMULATIVE. Metadata speaking, they do not supersede/”replace” other security-only patches. But in plain English (not metadata), the later patches replace the earlier ones because they contain the earlier patches PLUS the fixes for the 0xD1 error, W3SVC,  and tcpip.sys BSOD. So what remains is:

For Win7 either just install KB4345459 and be done with it, or if KB4338823 is already installed, then install KB4345459, and then be done with it.

The same goes for the Win8.1 patches.

There is NO confusion here!

11 users thanked author for this post.

Lori, Myst, Elly, Bill C., Jan K., SueW, jburk07, Microfix, Ed, Klaas Vaak, woody

Reply | Quote

Thank you very much for converting me from confused to UN-confused

Reply | Quote

PKCano, a suggestion: Maybe you could create a one-posting thread where you explain this, and then you, or anyone else that answers this July 2018 patching question, could just write:

Your answer here: <link to your one-posting thread>

O maybe a few-postings thread, if someone like MrBrian wanted to put his two cents there as well?

Because, as far as I can see, this is bound to keep coming and coming (a bit like the “Energizer”, only in reverse.) Not necessarily the fault of those asking, because there is just too much here to go through, if looking for that answer, particularly if one is new to Woody’s and does not know yet how things work here.

And perhaps this could be a template for answering other very often repeated questions.

As I said, just a suggestion. Good thing you are around to help us Windows users.

Now that you have read this, feel free to delete it as being “off topic”.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Cybertooth, Klaas Vaak

Reply | Quote

@OscarCP: a very good suggestion.

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote

@OscarCP

The issue of the July Security-only patches for Win7/8.1 has been raised multiple times and answered:

by @abbodi86 here, here, here, here, and here.
by @PKCano (either referring to @abbodi86 ‘s answers or directly) here (and the answer to this one), here, here, here, here, here, and here.
by @DrBonzo here.
by @Microfix here.
by @anonymous here and here.
(I may have missed some)

People chose to accept the answer, or not.
I don’t see where one more posting thread would make any difference whether or not the information was accepted.

Group B patching is becoming more and more difficult. People using that method should understand more about patching than the average User. If they don’t, @abbodi86 is probably the best source of information to go by.

6 users thanked author for this post.

woody, Bill C., Jan K., OscarCP, SueW, DrBonzo

Reply | Quote

Just to give proper credit, my answer is really nothing more than a link to an answer I got from @abbodi86, so it’s really his answer. I followed his advice and everything worked out just fine.

Reply | Quote

PKCano: My suggestion was meant to make it easier for you. Those who don’t pay attention will keep coming back with the same question, but you might, who knows, save yourself the bother of answering them every time in full?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

PKCano: My suggestion was meant to make it easier for you.

And I said it does not.

There is really no reason to repeat what you said.
(Or for me to repeat the answer).

1 user thanked author for this post.

walker

Reply | Quote

OscarCP wrote:

PKCano, a suggestion: Maybe you could create a one-posting thread where you explain this, and then you, or anyone else that answers this July 2018 patching question, could just write:

Your answer here: <link to your one-posting thread>

O[r] maybe a few-postings thread, if someone like MrBrian wanted to put his two cents there as well?

 

Kirsty wrote:

It’s very frustrating when we have to deal with repeat requests for the same information, as this is very time-consuming for us. Please remember that we are just a willing band of volunteers, and we have other jobs and real lives to attend to as well as helping out here.

We also realise it’s frustrating to not get a question answered. The effort required to handle responses is severely limited when posters post the same thing again shortly after the original post, or in many places, or something already posted (and even worse, already answered).
…

6 users thanked author for this post.

woody, Charlie, Jan K., Myst, SueW, walker

Reply | Quote

Speaking as a Group B member, a good place (IMO) to set out these instructions would be in AKB 2000003, which is where we have learned to go looking for information on installing each month’s updates. The instructions could go either as a note at the end of the list of July+August patches (probably where they’d be likeliest to be noticed), or as a special comment in the “Responses” section.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Win7 SP1 64-bit Home Premium, Ivy Bridge, Group A, just reporting my update results.

I hadn’t updated since June (except for Office updates).
Yesterday I installed the August monthly rollup KB4343900 and the .NET rollup KB4345590 separately, restarting in between, and haven’t experienced any problems. The SMQR took about 15 minutes and the .NET update took about 11 minutes, so nothing out of the ordinary for this machine on our Internet connection.
I had already installed the August Office 2010 updates without problems.

I was also offered the .NET 4.7.2 update, KB4054530, but un-checked, so I’m ignoring it.
I also haven’t been installing the MSRT in recent months, so I’m ignoring it also.
I’ll wait to see what happens later in September with the Office 2010 (non-security) update KB4092436 that I got on 9/4.

Our other Windows laptop is Win7 SP1 64-bit Windows Ultimate, Arrandale processor, also Group A. I updated it the same way and haven’t had any problems.

Thanks so much to everyone here for all your help keeping our PCs running smoothly.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

3 users thanked author for this post.

Myst, Blizzard, Microfix

Reply | Quote

After reading all the relevant and helpful posts, I took the plunge and updated my system yesterday evening; it had been updated through June’s updates:

1 – imaged my disk with Macrium Reflect

2 – downloaded KB4345459 (July SO), KB4343899 (August SO) & KB4343205 (IE11 August Cumulative) Updates

3 – installed each Update, rebooting in between each one (since I hadn’t updated since June); waited 15 minutes

4 – checked “Windows Update” => 14 Important: 10 Office 2010 [including 1 unchecked (KB4092436)] and 4 Win 7: all checked; 3 Optional: all unchecked

5 – unchecked and hid “Important” updates KB4343900 (August Rollup) and KB2952664 (persistent b*st*rd)

6 – hid the 3 unchecked “Optional” updates (KB4054530, KB4346080 and KB4343894 – August Preview Rollup)

7 – checked “Windows Update” again => 12 Important: 9 Office 2010 and 3 Win 7: all checked; 1 Optional: unchecked

8 – unchecked and hid “Important” update KB4338818 (July Rollup)

9 – hid the 1 unchecked “Optional” update (KB4338821 – July Preview Rollup)

10 – checked “Windows Update” again => 11 Important: 9 Office 2010 and 2 Win 7: all checked; 0 Optional

11 – unhid any hidden updates to install (none)

12 – installed 9 Office 2010 updates, KB4345590 (2018-08 Security and Quality Rollup for .NET Framework) and KB890830 (MSRT)

13 – rebooted; waited 15 minutes

My computer continues to run the same as it’s been running.

Note: NIC = Realtek PCIe GBE Family Controller

Thanks again to the usual “suspects” and other contributors for their continued support, expertise, and patience!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

5 users thanked author for this post.

cesmart4125, jburk07, Kranium, Charlie, Microfix

Reply | Quote

SueW, Your step 13 is a good idea “rebooted; waited 15 minutes” since it does let the PC settle down. I would also suggest you go further and let it sit 45 to 60 minutes, if you can do so.

After about 20 minutes of non use (no mouse or keyboard use), “Idle Tasks” are started with windows. A fast PC may be finished in 5 or 10 minutes, but slower ones and those that never have the chance to run Idle Tasks, may take 30 minutes to run. I have known people to start the PC, check their email, then immediately shut down the PC. The only way it can run Idle Tasks is to run in the background, and slow you down. The key is, after 20 minutes of being idle, you can see the hard drive light start flashing. This is a good sign that those Idle Tasks are taking place.

You can force the Idle Tasks if you want by the administrative command prompt: rundll32 advapi32.dll,ProcessIdleTasks

You can do that and then walk away for 15 to 20 minutes. If the drive light is still on, it is still running.

Several items take place and I can not remember all, but one is a defragmentation of “boot files” and reordering their placement on the drive for faster booting.

Windows 8.1 seems to have a notification flag telling you that the process is running when done by command line. Our 8.1 PC took about 60 minutes.

With Vista and Windows 7, it takes 5 to 20 minutes depending on what tasks need to be done at that time.

I have done this for years and sometimes a sluggish PC is helped, just from letting it sit.
Hope this helps.

5 users thanked author for this post.

Lori, SueW, Charlie, columbia2011, Klaas Vaak

Reply | Quote

@anonymous: thanks for this further clarification about the idle period after the reboot. I was not aware that this is important.

1x Linux Mint 19.1 | 1x Linux antiX

Reply | Quote

Klaas Vaak, thank you. Yes, it is a good idea to “let the PC sit” for an hour. Because of Idle Tasks, and NGEN the .NET image compiler. Every time you update or patch the .NET Framework it will run a program in the background to do this “reimage”. You will notice a sluggishness.

We had a person call us one day years ago that their PC was sluggish. I remembered that there were MS patches sent out and one was a .NET patch. I had the person reboot, then run Ccleaner (we liked it at that time) and then reboot again. Upon reboot, had them go to the desktop then walk away for an hour. Do not let the PC go to sleep. You may need to adjust the power settings to stay away for an hour minimum. If a laptop make sure it is plugged into AC power!

Later that night they called back and said it was running fine.

Hope this helps you.

2 users thanked author for this post.

Lori, Klaas Vaak

Reply | Quote

@anonymous, thank you for explaining Idle Tasks and why it’s so important to let our computers finish them.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

Both my laptops are plugged in to AC power and turned ON 24/7, so I assume that idle tasks are done at the very least during the night!

Reply | Quote

Applied the following offered patches: KB4343900, KB 4345590, and KB890830 (MSRT). Installed patches individually with reboot after each, (with the exception of MSRT which did not require reboot). No issues encountered. Re-hid KB2952664, which returns over and over like a bad penny. Was patched through June, skipped over July altogether. Update setting back to “Never Check”.
Thanks Woody, Patch Lady, and all of the “loungers” for your invaluable assistance and advice in navigating through the increasingly confounding chore that is Windows Updates.
Win 7 Pro x64, i7core, Haswell, Grp. A

1 user thanked author for this post.

jburk07

Reply | Quote

This will be a redundant post as I previously posted without logging in. Installed the offered patches individually: KB4343900, KB4345590, & MSRT KB890830, in that order with reboot in between. No problems encountered. Was patched up through June. Much thanks to Woody, Patch Lady, and the “loungers”, for your invaluable advice and information on how to safely navigate the confounding chore that Windows Updates has become. Update setting back to “Never check”. Win 7 Pro, x64, Grp. A, i7-core Haswell.

Reply | Quote

One more data point here: I installed in my Win 7 Pro, SP1, x64 PC all the August Office patches, and the MSMRT, Security Only and E11 Security Cumulative ones, as well as a .NET patch that was marked with a tick,  leaving out, at least for now, one that was not.

By now, I am practically fully patched through August.

And so far, so good.

 

Win 7, Group B.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Can I please ask if it is safe to install July Net patch KB4340004 ????

– as it gives conflicting advice on the Master Patch List – in one column it says “Install and then do August updates immediately after” and in the adjacent column it says “Do not install at this time” ….so I am just a bit unsure which suggestion to follow

Reply | Quote

After patching and installing all .net, msrt, flash and office 2010 security only updates, there are two more updates available for office 2010: office 2010 kb4092436, powerpoint 2010 kb4022136. Both are “important” and checked by default.
Should I install these as well?

Reply | Quote

Both are “important” and checked by default.  Should I install these as well?

Yes ~

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

thx, what does ~ mean after “yes”?

and I forgot to mention, both updates are not named “security” update. They are only named “update for …”

Reply | Quote

and only on windows 8.1 both are checked by default, on windows 7 “update for microsoft office 2010 (kb 4092436)” is unchecked by default. Should I install it anyway on windows 7?

Reply | Quote

Did you read this thread, which explains the update you question. Before posting, please do a search, to see if you question has already been answered.

KB4022136 is also related to Equation Editor, so details in #215752 also apply.

PS Your other post which was identical has been trashed. Please refer to this.

Reply | Quote

@PKCano  Windows 10 Pro..I’m updating this AM to 1803 from 1703 and was wondering what your recommended settings are for Group Policy Windows Update and the settings under Windows update are? I know the wording has changed. I would like to avoid the next update for the maximum allowed time and am unsure of  the wording to use. That last settings worked great for 1703.

Reply | Quote

My settings are the same for 1803:

Group Policy – Windows Update\Automatic Updates = Enabled, 2
Settings\Update & Security\Advanced
+ no pause
+ Semi-Annual Channel (instead of CBB)
* delay feature updates = 365
+ delay quality updates = 0

Reply | Quote

Today I installed these updates in the following order on my Group B Win7 system:
4339093 > 4338823 > 4345459 > 4343899 > 4344167 > 4343205.
Each time windows wanted me to reboot, I did.

Also updated my ‘Group B’ Office365 a few days ago to Version 1807 of August 14.

All seems well.

LMDE is my daily driver now. Old friend Win10 keeps spinning in the background

3 users thanked author for this post.

jburk07, SueW, Elly

Reply | Quote

Win7 home user, 64bit, GroupA

All patched, did a “hide” on the MS snoop tool KB…664. Came together in a timely manner, happy. Thanks Woody and PKCano and everyone for the input. Hope it’s going well with y’all.

MacOS iPadOS and sometimes SOS

Reply | Quote

Both my W7 laptops have KB2538243 update checked: it is an update from 2012. I cannot find anything relevant in your forum which may tell me what to do,  just old questions asking what I am asking: install or not?

Reply | Quote

Have you installed a program that relies on Visual C++ on both PC’s between your last WU time and the July/August updates?

Windows - commercial by definition and now function...

Reply | Quote

I do not know what programs rely on Visual C++. How can I tell?

Reply | Quote

Update on my August Updates (had already updated KB4343900 rollup a few days ago when defcon went to 4 and have had  no issues)

KB4345590  .Netframe rollup applied earlier this morning and the download/installation went without a problem.

 

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1 GROUP A
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller

Hopefully Sept. updates will be problem free. (one can only hope)
Having said that, I actually came across (online) a Dell Inspiron 14 Chromebook with Intel core i3 processor that looks promising for my future.
Of course the cost needs to come down some.

Reply | Quote

anonymous wrote:

Both my W7 laptops have KB2538243 update checked: it is an update from 2012. I cannot find anything relevant in your forum which may tell me what to do, just old questions asking what I am asking: install or not?

KB2538243 is the MFC security update for Visual C++ 2008 Redistributable. Yes, you should install it, yet I recommend the following solution:

First, check under Control Panel >> Programs and Features and look for:

Microsoft Visual C++ 2008 Redistributable -x64
Microsoft Visual C++ 2008 Redistributable -x86

What version numbers follow either of the above two program names? The version numbers should be one of the following two version numbers:

9.0.30729.6161 (with the MFC security update)
9.0.30729.5677 (without the MFC security update)

You should see that either one or both Microsoft Visual C++ 2008 Redistributable installations mention version 9.0.30729.5677 which needs to be updated to version 9.0.30729.6161. Instead of installing KB2538243, download and install both the x86 and x64 versions the Microsoft Visual C++ 2008 Redistributable which have the MFC security update baked in. Get these from here:

https://www.microsoft.com/en-us/download/details.aspx?id=26368

On the above web page, click the download link and download and install these two packages:

vcredist_x86.exe
vcredist_x64.exe

After installing these, your Visual C++ 2008 installations will now be version 9.0.30729.6161 and KB2538243 will not show up when you do a new Check for Updates in Windows Update.

 

1 user thanked author for this post.

Ken

Reply | Quote

Thanks for your suggestion. Both my laptops have x64 version 9.0.30729.17 only. Proceed with your suggestion?  x64 and x86?

Reply | Quote

Help!  I have to admit I am pretty confused.  I read the Computer World Article and only saw what to avoid and not get sucked into for my situation, which is good up to a point.  However, I don’t think I know what to do.

Windows 10 64 bit 1709, MS Office 2007 (probably no updates-not a big deal as I do most writing on my MacBook) .

Windows 10 home- I got sucked into 1709  (16299.492)in May even with all preventions in place, but decided to stay there, and last updated in July 9 with June updates .   When I read Woody’s CW article it says (1) I am not supposed to get sucked into 1803 or 1809.  (2) I am supposed to avoid the specter mess.  But I have no clue as to what updates should be downloaded.  Remember Windows 10 people (at least I have never seen this) do not have checked updates to help them to know what is optional or not.  I did install the WUMT  back in June and found it helpful the last time I needed to hide and install things in July.

I hid everything I could find I am going to make my images today, remain on the metered connection (I do that always) until updating and try to figure out what to install.

Can someone help me with what I need to avoid KB-wise for the spectre mess and guidance with what should be installed from the following list of hidden updates:

KB4056254,

2018-7 Update for Windows 10 KB4023814

2018-8  Update for Windows 10 KB4295110

2018-9  Update for Windows 10 KB4023057

I don’t know if I ever installed any spectre mess-up installations before because I just installed what was there (nothing gets checked) and nothing was listed.

I thought each month was supposed to supercede the others, but I see I have updates for July, Aug. and Sept.  Do I install these?

Thank you so much for your help!

PS I know, for me, and that may not make sense for others it is hard to comb through all comments for my version of windows.  After Woody sets up his post perhaps one thread cold be set up  for Windows 7 and the 7 groups, and one for Windows 8 and then one for Windows 10.

Reply | Quote

The updates you have listed (KB4056254, KB4023814, KB4295110, and KB4023057 are related with upgrading you to later Feature updates. You can hide all of them using wushowhide.diagcab. KB4023057 keeps showing up over and over (like KB2952664 for Win7) so you will have to continue hiding it. (see today’s blog by Woody).

What you need is the Monthly CU issued on Patch Tuesday, the IE11 Flash update, and whatever MS application updates you have installed (like MS Office).

Wait for the DEFCON number to reach 3 or above and read Woody’s instructions for installing those updates.

Reply | Quote

Thank you fr your reply PK Cano.

I am a bit confused because on July 9 I installed the June updates KB 4284819 The MSRT update, and the Adobe Flash update.  I have not installed anything since then.  I have hidden all updates I listed along with the most recent Adobe Flash update and the MRST tool.  (I also have version 1803 hidden

I have not installed any updates yet, and I thought we were on MS Defcon 4 for August.  Yes, I will install the Adobe Flash and the MSRT I have hidden, but I have no Cumulative Update or IE updates for August hidden or ready to be hidden.

Wasn’t I supposed to install an August Cumulative update and the August IE update?

Thanks again!

 

Reply | Quote

In Win10, the IE11 update and .NET upsate are included in the CU. You only have the IE Flash update separate. And yes, the MSRT also. The CU for 1709 was KB4343897 = Build 16299.611.

Open Search, type in “winver” (without quotes) and hit enter. That will tell you what Build you have.

1 user thanked author for this post.

Irene

Reply | Quote

All caught up with Win 7 64 bit Group B. Installed the July KB4345449 SO, then the August’s KB4343899 SO and KB4343205 IE Cumulative and finally installed the Net Cumulative Security Update. All’s well thus far.
Thanks to all here that help light the path to patching.

Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit

1 user thanked author for this post.

SueW

Reply | Quote

anonymous wrote:

You can force the Idle Tasks if you want by the administrative command prompt: rundll32 advapi32.dll,ProcessIdleTasks You can do that and then walk away for 15 to 20 minutes. If the drive light is still on, it is still running.

Alternatively, put the command in a batch file followed by ‘Exit’ on the next line

Run the batch file as an administrator. When the task completes, Window closes the Cmd Window.

 

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

Reply | Quote

Ken wrote:

Thanks for your suggestion. Both my laptops have x64 version 9.0.30729.17 only. Proceed with your suggestion? x64 and x86?

Yes. The reason for installing both is to prevent any new programs which you install from installing the older C++ 2008 versions which don’t have the MFC security update.

1 user thanked author for this post.

Ken

Reply | Quote

Ken wrote:

I do not know what programs rely on Visual C++. How can I tell?

I am not sure if there is an easy way to tell. Yet most programs rely in Visual C++. There are also many different versions of Visual C++. Yet whenever I do a new Windows 7 x64 installation, I always install the x86 and x64 versions of the Visual C++ 2005 Redistributables and the Visual C++ 2008 Redistributables. These are needed by most programs which were written for XP and Win7. Some programs, written mainly for Win8x or Win10 may require even later versions. The only program on my Win7 computer which installed a later version of Visual C++ is QuickBooks. Note that later versions of Visual C++ do not replace earlier versions! Programs are very picky about the required version of Visual C++ being installed on your computer. In other words, don’t merrily uninstall any versions of Visual C++ which are installed on your computer.

4 users thanked author for this post.

SueW, Ken, columbia2011, Bill C.

Reply | Quote

Just finished updating [August updates] 6 Win 7 PC’s that had not been updated since March 2018. Most are older Core-2, Win7 Pro 64bit. Did the office updates all at once but the .net and security roll-ups separately with restore points in between. Used Spybot anti-beacon to pull the shades on Microsoft spying after the updates. Avoided the updates ending in 664 which continue to be offered. No NIC problems. Updates failed to install on a laptop with Win7 home. Went to safe mode, did sfc scannow and applied fixes. After that the updates worked.

I have 2 more Win7 PC’s to update that I use a lot and that are currently rolled back to Dec. 2017. If anything notable occurs, I will post it, but I expect those updates to go smoothly.

It’s really a shame to have to wait months to patch due to a long string of risky updates.

Reply | Quote

MrToad, you have a good plan. Could you tell us what the SFC found wrong, and what version of Spybot AntiBeacon you use?
They appear to be at, or nearing, 2.3.
Thank you.

Reply | Quote