• MS-DEFCON 4: Time to get November Windows and Office patches applied

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Time to get November Windows and Office patches applied


    It’s up. I figure it’s time to get the November patches pushed onto your machine. I’ve seen very few problems with this month’s patches – a welcome ch
    [See the full post at: MS-DEFCON 4: Time to get November Windows and Office patches applied]

    Viewing 265 reply threads
    • #22031

      Definitely 4? In the present atmosphere don’t you think that is being too loose with our personal computers and privacy!! Sorry I just had to say that.

    • #22032

      This month, they took away the ability to DL the package from the support.microsoft.com site (at least for KB3197867 at https://support.microsoft.com/en-us/kb/3197867). There’s instead a link to the catalog site (http://catalog.update.microsoft.com/v7/site/Search.aspx?q=3197867). This is changed from last month, where (in October) there were download links on the KB support site as well.

      It looks like it’s still as safe as ever to get the Office updates from the WU client directly, and ignore the rest.

      There is no .NET Security only update on the catalog site, just “preview of qualifying rollup”.

      I have noticed that searching on the catalog site is not too terrible; “november security windows 7” finds you what you need.

      Thanks for the heads up, Woody!

    • #22033

      Add on to my last comment : When I saw the words Defcon 4, you just scared me right out of my browser!

    • #22034

      Not really. Microsoft has settled into the post-patchocalypse rhythm, and it seems to be working.

      Now, the big question is whether my instructions are good enough to get the Group B people going….

    • #22035


      November’s been a clean patching month. Nothing out of the ordinary that I’ve seen… but I’m always interested in corrections!

    • #22036

      I haven’t seen MS-DEFCON 4 before. When was the last time you had one Woody?

    • #22037

      This is the first time I’ve seen a Defcon 4, since going to Askwoody.

      Does 4 mean there are more active exploits being attacked or current month patches have fewer issues then say a Defcon 3?

    • #22038

      For Vista — the catalog download for kb3198483 includes 2 files. One is the expected .msu standalone update but the other is an executable by the name mpsyschk.exe. There is no mention of this executable in the update documentation. My search for information indicates that this is a compatibility checker tool. My guess is that I should run this tool before applying the standalone update with which it was bundled. Unfortunately I have no idea what I’m supposed to look for when this tool has finished executing. Can anyone confirm this speculation and/or provide more information and guidance on how to proceed?

    • #22039

      Just completed a clean install of Windows 7-SP1 Pro x64 OEM + all important, recommended, and optional updates.

      Everything is current from SP-1 up through the Nov 2016 updates, and all is in order and running well.

      Have set Windows updates to never check. The update check takes me about 3 mins.

    • #22040

      what about diagtrack

    • #22041

      Is there any reason why you link to _different_ updates for x64 and x86 respectively, that is KB3197867 for Win7 x64 vs. KB319786_8_ for Win7 x86? The same goes for Win8.1, only it’s swapped there.


    • #22043

      Woody, I was reading your Infoworld article and saw this, “Most important: You shouldn’t see an update for Security Monthly Quality Rollup…”

      That was news to me because, I did the security-only patch for October, and am still seeing the November “Security Monthly Quality Rollup” under important updates.
      I’ll hide it, but if youre Group B, watch what you update folks. I’ll now do the November Security Only update and see what comes up.

    • #22044

      Hi Woody,

      Thanks for doing this. I’m a Win7 holdout and these analyses are very useful. One thing I’ve noticed using process explorer is that wininit and a number of svchost processes seem to have TCP connections to choice.microsoft.com since the GWX thing started. Do you have any idea what this behaviour is?


    • #22045

      I haven’t a clue. Perhaps someone else here has noticed?

    • #22046

      Woody, can you mention what date these updates need to be installed by? It’s getting too confusing with all of the updates Microsoft is throwing at us! Thanks.

    • #22047

      It looks like the method has changed. Was it checked?

    • #22048

      Good to see you, Dalai!

      No reason, I was copying links directly from the Update Catalog. Are they interchangeable?

    • #22049

      Do you have a way to block it?

    • #22050

      Current patches have few issues.

    • #22051

      Looks like it was last December – back when paranoia was setting in.

    • #22052

      The usual MS-DEFCON method is to just apply the updates when they get the go-ahead, then wait until the next month.

      In absolute terms, the next round of patches will likely appear on the first Tuesday in December. But that isn’t a given.

    • #22053

      For Win 7 x64, my system last week chose KB3197868 but I see that you are recommending KB3197867.
      Does it matter which one is installed; is it necessary to install the former over the latter?

    • #22054

      Yes it is.

    • #22057

      Let me rephrase: the links point to the Security-Only update (Win7 x64 and 8.1 x86), but also to the full Monthly Rollup (Win7 x86 and 8.1 x64). I think the latter two are not the ones you’d want for Group B, am I right?


    • #22061

      Same here and yes, it was checked. Also noticed the same last month on all of our machines.

    • #22063
    • #22064

      Woody, you say on InfoWorld
      “In particular, if you go poking around, you’ll probably see something called a “Preview of Monthly Quality Rollup for Windows 7″or Win 8.1. You don’t want it. The “Preview” is, in fact, a beta version of the rollup you can expect next month — and it isn’t baked yet. That’s why Microsoft calls it a “Preview.” I have no idea why the company put it in the Windows Update collection. Normal people should never go near the “Previews.”

      In the windows XP/2003 times there was a section in Windows Update which was named beta or for Administrators only, if I remember well. I have never seen that section populated in the old times, but the current Preview type of patches are exactly why that section existed.
      I suppose that in order to implement the same concept in the current versions of Windows would require redesigning of the Windows Update and as such Microsoft does not see it as cost-effective.
      There is also a hidden reason for the current implementation. Most end-users who update do not care about filtering patches and as such have all the telemetry patches installed and active. Some of them also install the Preview patches, while Microsoft is able to collect real-time data from those users and draw conclusions for about 3 weeks in relation to the functionality and problems with the Preview patches. I think this is in fact the main reason why they are published in advance and presented in the current form.

    • #22065


      There have been references to the “Catalog” which I thought at one time was not available. I think I may have missed something which has changed (?).

      Can those of us who have “NEVER” just go ahead and do the “check updates”, and get them as we did last month? Apologies for the obtuse question, however with all of the acronyms being utilized, we non-techies are just “lost” at times.

      Thank you for any clarification you may be able to provide, and all of the help you have provided in the past. 🙂

    • #22066


      None of the links on your page for the Security Only patches seem to be working, the ones Woody has posted provide a direct download to all of them.

      Clicking either the x86 or the x64 links to the Win 7 Security Only patches on your page take me to the MS Catalog but never progress to the KB downloads. However, both links to these patches from LAST MONTH are still working fine. I am using IE-11 with ActiveX enabled by the way.

      @ Woody… Sorry Woody, I don’t know how to contact Dalai directly so I took the liberty of responding to him here.

    • #22067

      Hi Woody.

      I also have the Nov 2016 Security Monthly Quality Rollup checked in my WU Important Updates after installing the appropriate Group B securing only update linked above.

      The same thing happened in October. I have WU set to “Never Check” and only activate it once a month on your recommendation.

    • #22068

      I installed the convenience rollup for Windows 7 awhile back, installed the November updates, ran disk cleanup and now I got 2 updates from 2011. Security updates for .Net Framework 3.5.1. KB2446710 & KB2478662. They were installed prior to the disk cleanup. Do you know what’s going on?

    • #22069


      Microsoft seems to have been reading my mind lately. I have more or less made a mental note to go Group B, but in fact I got so fed up that I mainly lost interest and began to behave like I belonged to Group W.

      I still haven’t made a decision on the last set of proposed updates. They are back from September and August. The update balloon keeps popping up with the same old junk, which has not refreshed since.

      I’m on W 7 64-bit, Check for updates but let me choose, Don’t give me recommended updates the same way. What’s afoot ? Is Microsoft cross with me because I have neglected Miss Update ?

    • #22070

      Woody, I had the same situation as Rick: “Security Monthly Quality Rollup” showed up under Important Updates for both October & November, and it was checked each time. [Group B]

    • #22071


      Do you have “Give me recommended updates the same way I receive important updates” checked?

      Looks like I need to modify Group B, Step 7 in http://www.infoworld.com/article/3136173/microsoft-windows/how-to-cautiously-update-windows-7-and-81-machines.html

    • #22072

      Windows Update will continue hitting you with everything it’s got. If you’re in Group B or Group W, ignore it. There are a few minor updates from time to time that you’ll want – .NET Framework patches, servicing stack updates – but they’re nits.

    • #22073

      No problem at all. That way we can all figure out what’s going on.

    • #22074

      Just choose Group A or Group B, then follow the instructions.

    • #22075

      Could be…. Windows trolling, eh?

    • #22076

      ARGGGGH. Yes, that’s the one. I’ll get the article changed.

      Thank you!

    • #22077

      FIRST Tuesday – SECOND Tuesday ??? My brain is turning to mush !

    • #22078

      Patches now routinely arrive on three Tuesdays in every month.

      First Tuesday = Office
      Second Tuesday = Windows
      Third Tuesday = Preview of next month’s non-security Windows

      Yeah, it’s confusing. That doesn’t even list the various versions – or what happens when there’s an unexpected patch for, say, Win10 1607.

    • #22079

      Do you have “Give me recommended updates the same way I receive important updates” checked?

      I, for one, keep it unchecked so that both the Recommended and actual Optional updates will go into the “Optional” section. Don’t need no stickin’ Recommended in the Important updates list!

    • #22080

      Sorry, I did not make myself clear. I’m precisely worried because Windows Update did not hit me with anything since last September.

      I am set to receive updates, but the last ones I received date from September. Most recent check for updates (automatic) is back from October. Windows seems to have stopped checking updates although it’s set to do it.

    • #22081

      and if there’s 5 Tuesdays in a month – everybody gets an Easter Egg … Ha !

    • #22082

      You may need to knock Windows Update upside the head. I’ll defer to the updating experts for best advice on how to proceed.

      If you’re going for Group B, just manually install the patches from the Catalog. You’ll have to do that eventually anyway.

    • #22083

      Argggh. Yeah, I need to change the article at InfoWorld.

    • #22084

      … or maybe the universe will collapse. Just sayin’.

    • #22085

      Is Group W for not installing anything any more? That’s where I’m at. (I posted some questions about updating in a different thread a month or two ago, but didn’t get a response, so opted to go with no longer updating.)

      I think I’m in the same boat as clairvaux? I didn’t do the October updates either, but I turned off Automatic Updates (set to “Never Check”) and have left it like that since.

      I only use my computer for logging into two secure sites (medical chart website, and a communication website for parents), Gmail, and the ABC website to watch a show once a week on-line. (And I guess on the rare occasion, Amazon.com to order something — but that was just recently for the first time in years.) All through Firefox (which I keep up to date, as I do with Flash in Firefox, as well). I just can’t risk updates messing up my (what is admittedly old) laptop because I definitely can’t lose being able to access to those two secure sites I mentioned. There are probably plenty of reasons why this is a horrible idea (though maybe not), but my thinking is that if I’m only using my computer for the things listed in the manner listed, then I can probably get by without updating anymore. (?)

      Thoughts are appreciated. Thanks, as always.

    • #22086

      Well, it’s stupid MS again. The links I use work absolutely fine in Firefox, but not in IE. It didn’t even occur to me that they wouldn’t work in IE; that’s why I didn’t test it at all in IE.

      Using http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 redirects to http://www.catalog.update.microsoft.com/Search.aspx?q=KB3197867 in Firefox, but leads to an error (or the prompt to install the ActiveX crap) in IE. However, using the latter link directly works fine in IE, too. Go figure.

      I’ll change the links then. Neverending work because of MS…

      Anyway, thanks for the hint! I would have left them non-working for IE users without it.

      > the ones Woody has posted provide a direct download to all of them.

      Not quite, and that’s what I’m trying to say. It’s only _one_ link for every security-only update while there should be _two_ of them, one for each architecture. Like mulletback says, too, some posts below mine.


    • #22087

      Fourth Tuesday – second batch of monthly Windows 10 updates, the equivalent of the Windows 7 Preview, only not named as such.

      First Tuesday Office updates non-security can also be considered Preview initially, as they have never been ticked by default at least 1 week after their release.

    • #22088

      Just telemetry bait

    • #22089

      Group W ( = no updates) is certainly viable. You’re taking a risk, and I wouldn’t recommend it for most people, but if you’re very cautious and observant, you should be OK.

    • #22090

      That’s common for those 2 patches and I think it is a bug in the handling of the supersedence. Go ahead and install the old patches to keep WU happy. They will only be flagged as installed, because the components are already installed as part of other patches.
      Your other choice is to uninstall the Convenience Update and re-run Windows Update as many times as needed to complete the updating of Windows, because some of the components are removed when uninstalling the Convenience Update. This is all clean and would bring you back mainstream.

      The handling of the supersedence in the Convenience Update is the main reason why I don’t install and/or recommend the installation of the Convenience Rollup.
      I still hope that this will be fixed soon and made available mainstream, as otherwise it is a valuable update, containing few components not available on Windows Update and belonging to the so called LDR branch.

      Saying that, it is not a mistake to have the Convenience Update installed, only that you should expect this sort of glitches that you have already noticed. Based on current terminology, you could consider the Convenience Update in the class of Preview patches, good enough, but not perfect.

    • #22091

      Bottom line, Group B is not for you.

    • #22092

      Good points.

    • #22093

      I think for Catalog access the equivalent https URLs should always be used, because historically the http URLs have been on and off.
      There may also be differences between www. and non-www URLs, depending on the browser used.
      I would stick with IE and https and ActiveX control for the catalog as the best option.

    • #22094

      Woody: No problem installing the security- only patches on my Windows 7 & 8.1 Group B desktops (yay!). The only other patch of significance on both machines is the Malicious Software Removal Tool, but I’m now questioning if I really need it. I have fully up-to-date real-time protection from both Bitdefender and Malwarebytes Anti-Malware, and I really don’t know what else MSRT offers that is better/different. What’s your take on this?

    • #22095

      Hi Woody,

      there is no way a Security-Only Rollup could prevent offering of a Security Quality Rollup. Assume a scenario in which only the Security-Only Rollup of January 2017 gets installed on a machine. In comparison to the Security Quality Rollup of January 2017, you are now lacking the Security-Only Rollups of December, November and October. Windows Update cannot let you get away with that.

      It’s cumulative vs. non-cumulative. 🙂

    • #22096

      No question is stupid right? (cough)

      When I download the update from the catalog, I put it in my download folder.
      I then go to the folder and open the download update, and it installs on my computer.

      After a reboot, I check to be sure that it is on my windows update downloads installed….
      My question is,
      can I now delete that download in the download folder?

    • #22097

      Except for rare emergency patches which are released outside of the regular schedule, I think we should keep the regular routine of updating based on the updates released on the main Patch Tuesday which is the second Tuesday of each month. This include the outstanding patches released for the month which are the Office patches from first Tuesday.

    • #22098

      Thank you for explaining that ch100. I installed the convenience rollup to keep the number of updates down. But maybe I will uninstall it and install the regular patches. I just wish Microsoft would release a service pack 2 for Windows 7. Probably won’t happen.

    • #22099

      Disabling the ‘Connected User Experiences and Telemetry’ should do.

    • #22100

      Not a stupid question.

      Answer: Yes.

    • #22101

      Yes, but I’m surprised that they appear checked, ready to install.

    • #22102

      I’ve seen a lot of doubt lately about the efficacy of MSRT.

      I still run it. But I understand why some people don’t like it.

    • #22103

      Do you have a list of links like this for October?
      I restored back to October before the rollup.
      I’m worried about the history hiding bug

    • #22104


      Can you explain exactly what “Servicing Stack Updates” are? Is seem them mentioned however don’t know what they are. Thank you.

    • #22105

      @Woody: Is there an answer to this one submitted by cma6?

    • #22106

      KB3177467 servicing stack. Is that an avoid or install for Group B at this time?

      Thank you.

    • #22107

      If it is too much trouble and you are comfortable with the Convenience Update you might want to keep it a bit longer as it may eventually be revised and released on Windows Update. This fits nicely with the current direction from Microsoft.

    • #22108

      I run it too. People who question the Security updares should either not use Windows or design their own better Operating System.

    • #22109

      @Mike Meritt,

      Microsoft also officially calls those Week A, Week B, Week C.

      Week D is generally when Woody feels comfortable enough to recommend that the public go ahead and install Week B’s updates.

      (Because things seem to be going so well with this month’s updates, he’s doing it at the tail end of Week C this month.)

    • #22110


      1. What happens if you run Windows Update manually, by pressing the button?
      You can do that even if you have it set to “check for updates but let me choose”.

      2. Might you have turned off the “service” (in Services) of Windows Updates, based on some people’s recommendations in prior discussion threads here?
      Doing that can stop Windows Update from checking with Microsoft’s servers, I think.
      You might see if your Windows Update “service” has been “disabled”.

    • #22111

      Just wanted to let you know it also occurs on Win8.1. All systems are set “Give me recommended updates the same way I receive important updates” Unchecked

    • #22112


      It’s so hard here, with the current format, for most site visitors to notice new posts that have been made in threads that are a little bit old, because they just go under the radar.

      If you still want answers to your posts that went unanswered last month, point out to us where there are (post the links to them), or copy and paste your questions into this thread.

    • #22113


      Sometime in the last month or so there was a discussion here about MSRT.

      I think that was because MSRT was starting to do telemetry of its own, or it deleted/added something in the registry, or something?

      You might do a search on this site for that recent discussion to get an idea of some other people’s perspectives on MSRT.

      Personally, I haven’t done it since February, and I don’t miss it. It never found anything bad on my machine anyway.

    • #22114

      I posted this before, but just in case in was missed, you may want to look at this site where abbodi86 is one of the main contributors.

    • #22115

      Group B non-techie here running Win7 SP1 x64, downloaded and installed the update as per your instructions just fine (so far) THANK YOU WOODY!

    • #22116

      FYI – No, I never have it checked.

    • #22117

      I just ran into conflicts between MSE and Malwarebytes Antimalware (mbam.exe). It looks like mbam scans are taking 2X or longer to run with the latest definitions. There’s a thread on Malwarebytes forum on it,


      and the current workaround is to disable the realtime protection in MSE. Arggh.

      Not sure, but Pale Moon seems to be a lot slower today, too.

    • #22118


    • #22119

      I believe it’s the difference between Group A and Group B.

    • #22120

      They’re an adjunct to Windows Update.

    • #22121
    • #22122

      Ch100…Not sure I understand your point suggesting that we should not question security updates. I thought asking questions about updates…security and otherwise, was the purpose of this forum. You’ve apparently never been bitten by an update issue that you couldn’t resolve.

    • #22123

      Other than the thing with KB2446710 and KB2478662 I personally haven’t had any other problems with the convenience rollup. I mean the glitch with those 2 updates isn’t really enough to make me uninstall the rollup.

    • #22124

      @poohsticks MSRT has been doing that sort of telemetry and it was documented how to disable it since its release, more than 10 years ago.

    • #22125

      History in Windows Update is only a cache and has never been guaranteed. There is no bug.
      The authoritative list of updates is under Programs and FeaturesInstalled updates.

    • #22126

      I am in Group W, ie Never Check For Updates, for my Win 7 SP1 cptr, since July 2016.
      ……. Additionally, I’ve been running Linux Mint 17.3 off an external HDD on my Win 7 cptr, since I mostly do web-surfing. Others may not be able to escape the clutches of M$ n “caged” Windows, eg business users, office workers, online gamers, etc.
      Once in awhile, I may need to run my non-updated Win 7 system. I do not feel insecure about malware since I hv an antivirus program installed n practice safe-surfing. M$ may instead be the biggest “malware” hacker in the world, ie in their “malevolent” quest to push Win 7/8.1 users onto Win 10.

    • #22127

      I’m not very computer literate, but Woody–THANKS! You helped keep W10 off my W7 desktop and W8.1 laptop. I warily but resolutely joined Group B, prior to ‘patchocalypse’. (After all, I’d spent long hours and months “fighting the good anti-W10 fight.”) I did my Oct. security updates with your “step-by-step’s”. This month, you shortened things to a link. Kindness of heart! You’re a “man-of-the-people”, and a protector of those would have W10 w/o you. Question: I disabled Office 2013 updates over 2 years ago, when I found click-to-run didn’t allow me to choose among them. (Using Office v15.0.4551.1005). Should I restart Office updates? Thanks!

    • #22128

      Not sure what you mean by “didn’t allow me to choose among them.”

      Office 2013 Click-to-Run is stable right now, as best I can tell. It’s up to version 15.0.4875.1001. There’s no onerus telemetry that I know about.

      Yeah, if I were you, I’d get it updated, then shut down the automatic update.

    • #22129

      ch100 has frequently pointed out that it’s astute to wait for a while after patches are posted, before you actually install them. It’s very good advice, in my opinion.

    • #22130

      The links at Dalai’s site do work with IE now although Woody’s links above are to direct downloads bypassing the additional hoops to jump through required for using the MS catalog… but I have a question about the file names for this month’s patches.

      Why do the file names contain that long string of characters this month? I’m seeing this from the links provided above and also directly from the MS catalog. They’ve never had that long filename before and the links to PREVIOUS month’s patches at Dalai’s site still don’t either.

      I do realize the file’s name is certainly no big deal… I’m just curious.


    • #22131

      Thanks, Woody. Now if someone could point me to the appropriate tool : bat ? brick ? 2 x 4 ?

    • #22132

      I’m in group A, but I have two tasks related to KB2976978 disabled in Task Scheduler. Today I’ve installed KB3197874 (November 2016 Security Monthly Quality Rollup for Windows 8.1), after that I’ve checked the Task Sheduler and those two tasks remain disabled. KB2976978 still appears in optional updates list.
      If Microsoft includes KB2976978 in Security Monthly Quality Rollup does its installation cause disabled tasks to be re-enabled?

    • #22133

      When I enable Office updates, they download and install by default thru my wifi. They download in the background, not thru windows update. I never get to see or know what gets in. So I turned it off. Just enabled it. Updates went in, but don’t know what installed. This is on w8.1, 64bit laptop with Office 2013. Is there a better way?

    • #22134


      I tried running Windows Update manually just as was posting my question yesterday, and nothing happened. Meaning it started searching, but found nothing and still offers the same stale patches list dating back from September. It still has the same October 11 date for Most recent check for udpates.

      I did not turn the service off. Checking Services, Windows Update is set at Automatic (delayed start), Started. Started, I suppose, is related to the fact that I have just relaunched manually Check for updates, just in case ; but some more knocking over the head will be needed I’m afraid.

    • #22135

      @ Walker ……. Servicing Stack Updates are similar to the previous Windows Update Client/Agent. They are needed for the installation of the optional monthly Convenience Update Rollups that were introduced by M$ for Win 7/8.1 in April 2016.
      ……. Since April 2016, they are needed for Windows Update to work n subsequently for the installation of the monthly Update/Patch Rollups.
      B4 April 2016, Win 7 users needed to hv Windows Update Client/Agent installed b4 Windows Update would work to help them automatically install individual updates that they had selected, either with their Windows Update setting at Automatic or Manual(= eg “Check for updates but let me choose whether to download and install them”).

    • #22136

      Hi all,

      I haven’t wadded through all the comments here yet. I am a bit behind. I did the primary October update via the Catalog a while back, but did not do the October 2016 Security and Quality Rollup for .Net Framework…. (KB3188740). I had to download the fix for speeding up Windows Update, I finally did it this morning. So I assume, per instructions on previous Infoworld articles, I should install this one.

      The only others listed in the Recommended are November 2016 Security Monthly Quality Rollup for Win 7 x64 (KB3197868), which I assume should be avoided as it is not the Security Only Quality Update. A question on this actually, when I download this month’s patch from the Catalog, this is supposed to go away from Windows Update, correct?

      The last is the Malicious Removal Toolkit, which I assume going forward is always ok to install, unless noted.

    • #22137

      @woody: Have you changed your original post for yesterday, Nov. 18th, for “MS-DEFCON 4- get windows and office patched”?

      I thought I had a message this morning, however don’t see it now. There were some links which were incorrect and were updated?

      Thanks for your help. 🙂

    • #22138

      I believe that the catalog downloads the update, named as Windows Update itself would download it – ie: with the md5 (or sha1?) as part of the filename. The links to download.microsoft.com are convenience links.

      Funnily enough, they *should* result in the same binary but the July 2016 rollup KB3172605 does not for 64 bit. The x86 msu compares identical. Looking inside, the build date is different but not sure what other differences are (the cab files are *huge*!)

      (I was trying to patch up an old script I did to automate this and the change to catalog broke it a bit)

    • #22142

      Win 7 64 — Installed KB3197867 per your rec. Then it got a little confusing……

      Win Update NOW shows Security Roll-up KB3197868. Searching found 67 and 68 contain same fixes although …68 fixes something in Oct Rollup 3185330 (I don’t have 5330 /see MS verbiage as follows:)

      The security fixes that are listed in this Security Only Quality Update 3197867 are also included in the November 2016 Security Monthly Quality Rollup 3197868. Update rollup 3197868 also includes improvements and fixes from October monthly rollup 3185330 that was released on October 11, 2016. Installing either update 3197867 or 3197868 installs the security fixes that are listed here.
      If you use update management processes other than Windows Update, and you automatically approve all Security updates classifications for deployment, both this November 2016 Security Only Quality Update 3197867 and the November 2016 Security Monthly Quality Rollup 3197868 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.
      REALLY !!!!!!!!!!

      Besides KB Rollup 7868 Win Update showed for me 2010 Security Updates for Word, Excel, PPoint, Office, and Malicious Software Removal which I’ll install until advised otherwise..

    • #22146

      Because the Monthly Rollup supersedes the security-only update. It’s the trick MS came up with to get the big wad installed!

    • #22151

      Yes, that’s the way the post-patchocalypse system works. There’s a Security-only update, which (if you want it) you have to download and install manually. There’s also a Monthly rollup, which includes security and non-security patches.

      If you’re in Group A, the rollup is fine. If you’re in Group B, you want the Security-only, and don’t want the rollup.

      I hope my instructions make that clear.

      Office 2010 patches operate independently, and they’re good right now.

    • #22155

      Yes, two of the download links for “Group B” were wrong in my original post and in my original InfoWorld article. They were changed on Friday afternoon.

    • #22158

      I was surprised to find that, after you manually install the Security-only patch, from the Catalog, Windows Update will still offer the Monthly Rollup as a checked, Important update. If you follow my instructions for Group B, they say that you should uncheck the box for that patch. In


      In Group B, Step 7, I say

      Most important: You shouldn’t see an update for Security Monthly Quality Rollup, but if you do, uncheck the box next to the patch. I haven’t seen that patch appear after installing the Security-only update, but ya never know. If you install the Security Monthly Quality Rollup, it will propel you into Group A.

      Based on the experiences posted here, I’m having that changed to say

      Most important: UNCHECK the box next to the Security Monthly Quality Rollup. If you install the Security Monthly Quality Rollup, it will propel you into Group A.

      Yes, the .NET updates are OK. I install the MSRT, but some people balk because it does phone home — the exact details of the interaction aren’t known.

    • #22162

      I actually forgot the Rollup Vs Security-Only difference. Thanks for the reminder.

      Secunia PSI 2 (my are-you-updated-properly checker app)is wanting (2) IE 11 & (1) Win 7 updates that they show a solution for in Nov Rollup 3197868 that I didn’t want.

      Rarely use IE 11 but what’s the approach now for these 3 when Secunia does not reference individual KBs to chase down? Many Thanks!

    • #22163

      My guess is that you’re using Office 365, Office 2013 edition. As long as you’re paying for Office 365 you’ll get updated outside of the Windows Update sphere. And if you stop paying for Office 365, Office will stop working, so there’s kind of a symmetry involved. 🙂

      The technology involved is called Click-to-Run. You’re running the Click-to-Run version of Office 2013, but until today you’ve disabled updates. You can keep track of the latest Office 2013 CtR versions here:


      With more details here:


      Is there a better way? If you want to keep control over forced Office updates, this is the way to do it. There have been several bad Office updates this year.

    • #22164

      I don’t know. Possibly someone here does.

    • #22165

      It’s a complicated problem because many things can throw Windows Update off the rails.

      I’d start with the Windows Update troubleshooter.


      As you can see in the article, if the Fixits don’t work, the alternative is not easy. Keep in mind that the KB article is now up to revision 45.

    • #22166

      I don’t use Secunia’s advice for Windows, so I haven’t hit this one. Basically, I think you have to ignore Secunia. There are no individual KBs to chase down anymore. You can only choose Security-only or Monthly rollup. There’s no middle ground.

    • #22167

      Thanks, I will try that. The manual repair option does seem horrible.

    • #22168

      Thanks Woody! Not Office 365; not paying for it. I have MS Home and Student 2013, a 1-time buy. Loaded on my (then new) Toshiba laptop by store, who said I was stuck with it! Came as click-to-run. After I updated it today; I re-disabled auto updates till I can check out your advice! 🙂

    • #22169

      PS: Is there a way to uninstall any bad updates that I let in today?

    • #22170

      @Conor O’Rourke …

      If that’s the case, it just began this month. I’ve been using the links at Dalai’s site for months to download the “magic patches” and those ALL go through the catalog too. This month is the first time the filenames have included what you state is the “md5”.

      If you’d like visual proof go to Dalai’s site and use any one of the links posted to acquire files BEFORE November’s. They ALL direct you through the MS Update Catalog to download them but starting just this month the “md5” is part of the filename. The same applies to links that others have provided here to pre-November patches/updates, none of them have ever had that in them.

      Below is a link to Dalai’s site, Woody had it pinned in the upper right corner of his main page previously but apparently removed it once the “magic patches” became unnecessary.


    • #22171

      is it ok to hide the unwanted KB’s rather than simoly unchecking them?
      Also, Martin Brinkmann has a nice article on disabling the MSRT “Heartbeat,” telemetry:
      thank you Woody, and all contributors

    • #22172


      I’ve had Secunia (version 2) for several years, however haven’t used it at all for a long time.

      I would like to uninstall it, and just wondering if there are any residuals remaining after it’s uninstalled. Tried to find some information on this, however was not successful. I’ve read about some programs leaving “unwanted garbage” behind after being uninstalled.

      Any, and all advice is most sincerely appreciated. Thank you! 🙂

    • #22173

      I did not install october Security-only update. If I now install november’s, do I still need to install october’s? Thanks in advance

    • #22174

      If it helps, I created a batch file to try and sort the update process out (https://github.com/conoror/misc/tree/master/wupatch). It does the list one at a time starting with any service stack patches (if it doesn’t find any). Even if you don’t want to use it, the patches are all down at the end. It uses bitsadmin to do the actual download.

      I’ve done my absolute best to make sure it doesn’t do anything boneheaded but I disavow all responsibility! It also has a silly little option to “updateme” to attempt to update itself.

      I’d be interested if anyone finds it useful or finds it doing something completely stupid. It needs to be run interactively (ie: at a cmd prompt) but I could change that if people find that annoying…

    • #22175

      @Woody: Your message is excellent and VERY clear.

      The MS statement:

      “The security fixes that are listed in this Security Only Quality Update 3197867 are also included in the November 2016 Security Monthly Quality Rollup 3197868” reflects how careful we must always be!

      I see your previous advice to:

      UNCHECK: “Most important: UNCHECK the box next to the Security Monthly Quality Rollup. If you install the Security Monthly Quality Rollup, it will propel you into Group A.

      Thank you for your excellent advice on this. Your instructions are VERY clear about Group B wanting the “Security-ONLY”, and not the roll-up. GOOD JOB!! 🙂

    • #22176

      That’s happened to me both last and this month. After installing the Security Only patch, both MS Update and Secunia continue to show the rollup patch. Don’t worry about it – I’m not!

      Win10 21H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.
    • #22177

      I’m currently in Group A, but I keep the “Give me recommended updates” UNchecked. Consequently, Windows Update presents a large number of Optional updates, which I avoid.

    • #22178

      I have two laptops here. The first installed KB3197867 no problem. The second looked ok and then sort of sat there. When I tried to switch user (to admin), the screen went blank and that was that. Hard reset. Seems ok on reboot though!

    • #22179

      Yes. The Security-only updates are NOT cumulative.

    • #22180

      I haven’t seen any. Secunia PSI is actually a very useful program – just not so much for Windows.

    • #22181

      For Win7 and 8.1, there’s really no difference between unchecking and hiding.

      Win10’s another story entirely.

      Martin’s stuff is quite reliable.

    • #22182

      Still a good and interesting site!

    • #22183

      Does the September 2016 Servicing Stack update supersede the April 2015 one?

    • #22184

      Yes, it is a very good site! I’ve been going there to get the Security Only updates until it wasn’t working with IE yesterday so I tried using the links in this thread instead.

      When your links prompted me to Save the files I cancelled out after seeing those long filenames thinking something wasn’t right. After Dalai fixed the problem on his site so IE could download them I was quite surprised with all the hoops to jump through this month to download the exact same files that I didn’t download from the direct download links provided here. The links here is where I finally chose to get them from to avoid jumping through all those ridiculous hoops to download them through Dalai’s links.

      I guess all’s well that ends well but it appears to me that something has changed downloading files through the MS Update Catalog this month. For SURE those long filenames just started this month.

    • #22185

      Yes, you can uninstall anything you installed using the Uninstall an update pane in Win 8.1’s Control Panel.

    • #22186

      You’re doing fine.

    • #22187

      I believe it does.

    • #22188

      I am thinking of crossing into group A, for convenience and because it seems almost inevitable that I’ll want functionality and/or bugfixes that come with the rollups. Defeating telemetry therefore seems like the only feasible approach going forward. I will apply Windows firewall policies to default-deny, and see if I can pinpoint responsible telemetry actors, if I can. If anyone has information, I’d love to hear about it.

    • #22189

      [Oooops. I recommended O&O Shutup10, which only works with Win10. Sorry ’bout that.]

    • #22190

      @RCPete, are you using the stand-alone (free) version of Malwarebytes, or something else? On my Windows Pro x64 computers, I’m not seeing any issue with the free stand-alone MB scanner. I am running the latest MSE definitions, but I have not updated the MSE engine.

    • #22191

      You don’t need to run it if you install the full .msu, it’s just used by WU to check kernel version compatibility

    • #22192

      MU catalog and WU links had been always provided with sha1 hash appended to the file name to ease validating them
      this applies to all and every file downloaded

    • #22193

      They are important security updates, why whould not they get checked? 😀

    • #22194

      Excellent! 🙂

    • #22195

      Too much mixed or wrong informatons

      Windows Update = the engine that check, organize and offer updates
      that’s it

      servicing stack = the engine that handle and install updates and features components
      pretty much the core of windows system since Vista

      this stack needs to updated to recognize and handle some new components budled with updates

      and the last SS update was in April 2015, not 2016
      it become prerquisite for certain updates: KB3042058, KB3161608, KB3172605, KB3181988, and Convenience Rollup KB3125574
      none of new Monthly Quality Rollups require it so far

      the latest SS update is KB3177467

    • #22196

      Very unlikely they would include it
      but yes, if they did, the tasks would be enabled

    • #22197


      I agree wholeheartedly with delaying installation of patches. It is excellent advice. BUT, that’s not what was said. I don’t agree that those “who question the Security updares should either not use Windows or design their own better Operating System.”

      Different note…have updated two machines (8.1 & 7), one Group A and the other Group B. Both have gone smoothly. IF MS continues to issue clean patches, I could become a Group A convert. Even with your excellent Group B instructions, Group A is less of a hassle.

      Happy holidays to you and yours!

    • #22198

      Yeah that happened to me too. Completed update on reboot. That was on x64. X86 machine worked fine .

      Win10 21H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.
    • #22199

      Thank you the information.

    • #22200

      I use Secunia PSI on my W7 PC to make sure my installed software is patched. However, I have decided to be a member of Group B, and only install the security patches. After installing the security roll-ups, Windows Update predictably tells me that there is the Group A patch waiting to be installed. BUT, more importantly, PSI tells me that W7 and IE11 are still insecure. I suspect that this is PSI looking for the Group A patch, but I thought it should be something that others are aware of, either to correct me, or to warn people they have advised to use PSI!

    • #22201

      Group A is definitely, definitely less of a hassle.

    • #22202

      The WSUS database always gives you the files in these formats. I remember analysing this in 2008 under XP and it’s the same. The Update program pulls the files with the SHA1 hash from the WSUS database onto your hard disk.

      The links on Dalai’s site go to the support.microsoft.com which gives you different views of the database (files with neater names), until November at least.

      I guess MS don’t consider the “security only” patches as “public facing” – they don’t want the public using them (without jumping through hoops at least), thus the lack of neater links. The corporates would always travel the WSUS database route.

    • #22203

      Horrible to say, but that makes me feel better 🙂 I’ve never seen this happen before – I would think that updates actually complete during reboot and subsequently. It was quite strange, essentially the update looked like it never completed (Event Viewer says it had), and then the UI started to completely lose its mind. Like the HAL computer…

      I’m thinking that it’s a good idea to stop the Window Update service before a manual patch install, just in case. But who knows what actually happened! Lucky it’s just my test machine 🙂

    • #22204

      I’m actually using both; the desktop machine runs the paid version, while the laptop runs the free version.

      As it stands, Malwarebytes has found a couple of fixes; in MBAM, exclude
      C:Program FilesMicrosoft Security Client

      and in MSE, exclude the mbam executables in
      C:Program Files (x86)Malwarebytes

      This includes mbam.exe and the other .exe files in that directory.

      The problem showed up with the latest MSE definitions that rolled out Friday morning. See the thread in the Malwarebytes forum for more, but it was pretty devastating for several companies.

    • #22205

      I also use Secunia’s PSI and am seeing the same results as others have noted above. So I commented on Secunia’s forum for PSI about the issue. While there I saw someone else noting a similar issue from October’s patching and they were directed to run MBSA. So I did that and found that MBSA also is not detecting MS16-142 being addressed by the application of KB3197867 (the November 2016 Security Only Quality Update for Windows 7 SP1). So that leads me to think that it is MS that has the issue in their own internal detection/tracking of which KBs address which issues and probably not PSI.

      Just my logical 2cents.

    • #22206

      Doing the defcon 4 November patches using 8.1.
      I’m at Group B Step 3, the standalone installer has been “searching for updates on this computer” for 45 minutes. I know the instructions say will take a while, but this seems like it’s stalled. Last month went just fine. Shall I wait it out or is there a problem?

      As always many thanks for all your invaluable help!

    • #22207

      Hello James,

      Yes, I’ve run into the same issue with the Secunia PSI when following the Group B protocol; it’s database is indeed predicated on what Windows Update offers.

      So, what I’ve decided to do is allow the PSI to remain installed to monitor various other applications, but exclude the OS from monitoring.

      To check that Windows is fully patched, I rely on the Belarc Advisor – http://www.belarc.com/free_download.html (reviews: https://www.lifewire.com/belarc-advisor-review-2625784 & http://www.softpedia.com/get/System/System-Info/Belarc-Advisor.shtml ). In addition to providing a wealth of information about the computer, it so far has been able to accurately determine whether Group B machines are properly patched (Win 7 & 8.1).

      Hope this is useful.



    • #22208

      I made another post as Woody asked me to my current view of the Convenience Rollup.
      Check that post here. You don’t have to uninstall the Rollup.

    • #22209

      @abbodi86: Thank you for the detailed information you provided. It was very informative.

      I’m glad that none of the new Monthly Quality Rollups require it thus far. It makes a “non-techie” feel as if he/she is walking on eggs(or waiting for the “next shoe to fall”.

      Thank you once again for the very comprehensive information you provided! It is very much appreciated! 🙂

    • #22210

      @KW Guy,

      Re: “I don’t agree that those “who question the Security updares should either not use Windows or design their own better Operating System.” ”

      I don’t agree, either.

      It is well within our customer rights (and, perhaps, responsibilities, if one is an IT-industry employee as well as a customer) to question, critique, test, and suggest improvements for IT products and services that are on the market.
      And the companies who sell these products and services, if they are savvy, rational, and strategic, should welcome customer feedback and honesty.
      “Like it or lump it” isn’t a recipe for success in a capitalistic marketplace (which isn’t burdened by too many monopolies/oligopolies, at least).

    • #22211


      Well, then it was something different that several people on AskWoody.com were complaining about a month ago, related to MSRT.

      It was not something that has gone on with MSRT for 10 years, that is definite.

      Maybe it was doing something going on in the registry that had caused those people concern, I don’t remember exactly.

      I’m sure it could be easily found in a site search, for those who are interested.

    • #22212

      Due to a recent Windows Update, some people have been losing their internet search (or internet visits, I don’t remember which) history,
      and that is probably the “history” that Cartel was talking about not wanting to lose (i.e., Cartel probably was not talking about his/her Windows Update history).

      Woody recently wrote a blogpost here about the internet-history-hiding bug some people were experiencing after the recent Updates.

    • #22213

      @Woody: Thank you! 🙂

    • #22214

      July 2016 rollup update KB3172614

    • #22215

      @Woody: PLEASE HELP! I have not “checked for the November updates yet”, however noticed that KB3188740 from October 11th was installed on October 30, 2016. This states that it is “Quality Rollup for NET Framework 3.5.1”.

      NOW I am pulling my hair out because I note that it is listed as a “ROLLUP”. I’m sure that before I installed it I had noted it was “clear” because it was only for the NET Framework.

      Here is a reference I located on “dont-install-any-updates-yet-but-heres-where-to-find-them”:

      cma6 says:
      October 15, 2016 at 10:48 am

      ” “Security and Quality Rollup for .NET” KB 3188740. ”
      Where does one find that one?

      woody says:
      October 15, 2016 at 11:53 am

      Windows Update is the easiest spot.

      PLEASE ADVISE. I’ve been extremely careful about the “rollups”, however I think this one was an exception. I just can’t locate anymore notes right now.

      CAN I UNINSTALL IT IF IT’S MESSED UP MY GROUP B STATUS? I verify everything before I install, however I just can’t find any notes on this one. PLEASE HELP. 🙁 🙁

    • #22216

      @Woody: FOUND IT, AND IT’S OKAY!!

      From: ms-defcon-4-get-windows-and-office-patched/comment-page

      Here is the reference about the KB3188740 which “clears it” for installing:


      woody says:
      November 10, 2016 at 11:41 am

      First: Don’t install the November patches.

      Second: Microsoft doesn’t download the Security-only updates. You have to reach out, download and install it separately. Follow this closely:


      Assuming you’re in Group B (you only want security updates), you have to manually download and install KB3192391.

      In Group B, you don’t want KB3185330.

      ******If you want to keep .NET up-to-date, yes, install KB3188740.******

      Nobody, but nobody, wants KB3192403.

      ****I’m sure there is an earlier message similar to this one, however I just don’t have time to try to locate it.****

      Apologies for the “emergency” message. I hope I will have time to make better notes, however we get so much to read, it’s becoming overwhelming. I can only imagine how difficult it must be for you!!

      Thank you for your help, and patience.

      🙂 🙂 🙂

    • #22217

      Hmmm, I haven’t been able to duplicate that problem with either (free) MBAM or MSE doing scans with both today (Saturday, November 19).

      But it’s good to know what the remedy is when the problem does surface.

    • #22218

      @ Walker & abbo ……. I stand corrected. Sorry for the misinfo.
      Fyi, it was in April 2016 that Windows Update became broken for those who did a clean reinstall of Win 7/8.1,(Win 7 SP1) ie when M$ introduced their optional monthly Convenience Update Rollups(CUR), starting with KB3125574,(= 312MB in size for Win 7 32bit) the May 2016 CUR or Win 7 SP2.
      ……. After July 2016, to get Windows Update working again for a clean reinstalled Win 7, the users had to first manually install KB3020369, the April 2015 Servicing Stack Update n KB3172605, the July 2016 CUR.
      ……. So, the likely cause of broken Windows Update in April 2016 was the introduction of CUR or Rollups by M$. …

    • #22219

      Thanks to another AskWoody.com contributor who mentioned the following link,

      I think the recently-discussed MSRT problem is what Ghacks.net’s editor Martin Brinkmann is talking about defending against in his October 20th, 2016 post:


      A commenter there named “James Law” wrote,
      “Just checked my mrt.log and it appears that this started in September with the release of v5.40.”

      A commenter there named “Gary” wrote the following, and I would agree:
      “MS states that the Win malicious software removal tool is NOT a replacement / alternative for dedicated anti-malware and anti-virus software.
      I have good anti-malware and anti-virus software installed.
      Every month, since it first appeared, I have hidden this KB because, for me, it is irrelevant.
      Now it is exposed as yet another MS telemetry tool.
      I sympathize with users like Dave who have found out that it is flawed and not fit for purpose.”

      A commenter named “Henk” cautioned,
      “It looks like this very month, Microsoft sneakily changed its telemetry server addresses in order to foil users who blocked such addresses in their hosts file.”

    • #22220

      Win7 64-bit – Woody: I’m just so confused with all these update issues. Anyway, I’m still using the old Windows Update method to download Security updates only. Started it yesterday on Nov 18th and it’s still downloading. I stopped it twice but then restarted. What the heck is going on? Guess I’ll keep it going overnight again. What to do????


    • #22221

      I’m in group A. Win 7×64. What was ever decided about KB2952664..to install or not to install? I still have it sitting in my list from October. Also I have old KB’s that were recommended but not installed last year and some from this year. Is it okay to install those now? They are not drivers updates.

    • #22222

      KB 2952664 is a snooping patch. You don’t need it or want it.

      For the older KBs… if they’re security patches, go ahead. If not, I wouldn’t worry abou them.

    • #22223


      “…MSRT has been doing that sort of telemetry” if that is the case why then in August this year did the MAPS & Heartbeat Report suddenly appear in the mrt.log?

      Why then are both of these reports not logged the very first day I ran MSRT (in my case) November 2009?

    • #22224

      On the updates scans: http://www.infoworld.com/article/3136677/microsoft-windows/how-to-speed-up-windows-7-update-scans-forever.html

      Read this and tell me if you’re Group A or Group B


      If you’re Group A, you’re fine, keep using Windows Update. If you’re Group B, you only use Windows Update for odds ‘n ends. Follow these instructions precisely:


    • #22225

      Again, too much false information 🙂

      Windows Update was first broke in May 2015, and the break has nothing to do with any specific update
      and Convenience Rollup KB3125574 is not even published or recognized by Windows Update, only available from MU catalog

      the fix for WU issue was introduced in June 2016 rollup KB3161608, which been replaced with July rollup KB3172605

    • #22226

      Those who question and do not install the available security updates are a danger for the internet as a whole.
      This is the main reason why we see the current push for forced updates and as we see the whole industry is behind Microsoft in their attempt to resolve some of the ongoing security issues of today.

    • #22227

      You are right that it was discussed only recently, but this is because most people had no idea about it before.
      If you want to find authoritative information, you need to go to the source and not to popular sites which are very useful, but have a different role.

    • #22228

      This log sample is from a device behind a proxy server failing to submit the report.
      After October 2016, the submission was blocked as documented here https://support.microsoft.com/en-us/kb/891716 mostly to avoid network timeouts and there is no submission error logged after that date.

      Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
      Started On Sun Mar 22 03:00:12 2015

      Engine: 1.1.11400.0
      Signatures: 1.193.1181.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 22 03:00:53 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
      Started On Thu May 07 03:00:13 2015

      Engine: 1.1.11502.0
      Signatures: 1.195.1215.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Thu May 07 03:00:51 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0)
      Started On Fri May 15 03:00:12 2015

      Engine: 1.1.11602.0
      Signatures: 1.197.1100.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 03:00:48 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.25, June 2015 (build 5.25.11502.0)
      Started On Sun Jun 14 03:00:13 2015

      Engine: 1.1.11701.0
      Signatures: 1.199.892.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 14 03:01:08 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)
      Started On Fri Jul 17 03:00:13 2015

      Engine: 1.1.11804.0
      Signatures: 1.201.883.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 17 03:01:27 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
      Started On Fri Aug 14 03:00:13 2015

      Engine: 1.1.11903.0
      Signatures: 1.203.693.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 14 03:01:30 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)
      Started On Thu Sep 10 03:00:12 2015

      Engine: 1.1.12002.0
      Signatures: 1.205.646.0

      Results Summary:
      No infection found.
      Failed to submit MAPS report: 0x83760002
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 10 03:02:52 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.29, October 2015 (build 5.29.11901.0)
      Started On Thu Oct 15 03:01:09 2015

      Engine: 1.1.12101.0
      Signatures: 1.207.1429.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 15 03:02:24 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.30, November 2015 (build 5.30.12000.0)
      Started On Thu Nov 12 03:00:45 2015

      Engine: 1.1.12205.0
      Signatures: 1.209.673.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 12 03:02:01 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.31, December 2015 (build 5.31.12100.0)
      Started On Thu Dec 10 03:00:56 2015

      Engine: 1.1.12300.0
      Signatures: 1.211.637.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 10 03:02:11 2015

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.32, January 2016 (build 5.32.12202.0)
      Started On Thu Jan 14 03:00:13 2016

      Engine: 1.1.12400.0
      Signatures: 1.213.1308.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 14 03:01:30 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.33, February 2016 (build 5.33.12300.0)
      Started On Fri Feb 12 03:00:13 2016

      Engine: 1.1.12400.0
      Signatures: 1.213.4702.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 12 03:01:28 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.34, March 2016 (build 5.34.12400.0)
      Started On Thu Mar 10 03:00:12 2016

      Engine: 1.1.12400.0
      Signatures: 1.213.7173.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x83760002
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 10 03:01:25 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.38, July 2016 (build 5.38.12803.0)
      Started On Thu Jul 14 03:02:39 2016

      Engine: 1.1.12902.0
      Signatures: 1.223.2956.0

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 14 03:04:54 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.39, August 2016 (build 5.39.12900.0)
      Started On Sat Aug 13 03:00:27 2016

      Engine: 1.1.12902.0
      Signatures: 1.225.2592.0
      Run Mode: Scan Run From Windows Update

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 13 03:03:34 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.40, September 2016 (build 5.40.13000.0)
      Started On Thu Sep 15 03:00:26 2016

      Engine: 1.1.13000.0
      Signatures: 1.227.1155.0
      Run Mode: Scan Run From Windows Update

      Results Summary:
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE2
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 15 03:03:30 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.41, October 2016 (build 5.41.13100.0)
      Started On Thu Oct 13 03:01:15 2016

      Engine: 1.1.13000.0
      Signatures: 1.227.2846.0
      Run Mode: Scan Run From Windows Update

      Results Summary:
      No infection found.
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 13 03:02:02 2016

      Return code: 0 (0x0)

      Microsoft Windows Malicious Software Removal Tool v5.42, November 2016 (build 5.42.13202.0)
      Started On Thu Nov 10 03:00:21 2016

      Engine: 1.1.13202.0
      Signatures: 1.231.682.0
      Run Mode: Scan Run From Windows Update

      Results Summary:
      No infection found.
      Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 10 03:01:02 2016

      Return code: 0 (0x0)

    • #22229

      Thanks for clarifying. I was convinced that the original post was about Windows Update history. Maybe I should read more carefully next time. 🙂
      Even so, any history record is in the category of a temporary cache, so it is not quite something to rely on to a large extent. It would be preferable to be more reliable, but as we see it is not.

    • #22230

      Safe surfing is probably the best practice that would protect someone’s device from malware.
      Don’t forget about Social Engineering too.

    • #22231

      @ abbo ……. Pls refer to these links …
      When first released for the April 2015 Patch Tuesday for Win 7, KB3020369 was a buggy Servicing Stack Update that was causing a few problems. About 2 weeks later, M$ issued a new KB3020369 to fix the bugs n Windows Update got working normally again.
      ……. So, this was a buggy update that was soon fixed by M$ n Windows Update got working again, even for those who did a clean reinstall of Win 7 post-end-April 2015.
      ……. IOW, Windows Update was not broken since April 2015 n onward.
      In comparison, from April 2016 onward, Windows Update was broken for those who did a clean reinstall of Win 7 unless they first manually install KB3020369 n KB3125574, the Rollup for May 2016.
      ……. After July 2016, KB3172605, the July 2016 Rollup replaced KB3125574 as a co-prerequisite for Windows Update.
      Bear in mind that those who already had a running n up-to-date Win 7 system in April 2016 n had M$’s Telemetry updates installed had a normal working Windows Update, ie they did not have a broken Windows Update n did not need to install KB3125574 or Win 7 SP2.
      ……. Only those who had hidden M$’s Telemetry updates n did a clean reinstall experienced a broken Windows Update.

    • #22232

      First of all I’m one of the “dummies” but I’m struggling to stay in Group B. Since Win10 appeared I visit this site regularly and I have learnt a lot since then, taking down tons of things I didn’t needed at all. The system is still working so I suppose I haven’t done any permanent damage to it.

      My system is now in “Never check for updates (not recommended)” and I have always unchecked the box marked “Give me recommended updates the same way I receive important updates”.

      In october (following your article – I always follow your instructions step by step) I chose to download only the “Security Only Update”.

      This month I’m going to download first this month’s “Security Only Update” directly from Microsoft Update Catalog and then I suppose that it’s time to run Windows Update and start to look for the “Security and Quality Rollup for Net Framework and Security Patches for Office. (that you say it’s important too)

      I know that I must look ONLY under important updates and no recommended updates and NEVER install “Security Monthly Quality Rollup”.
      Once I have all my downloads in my system waiting for my permission to be installed I come back to this site to see if there is some problem with any KB I want to know about first.

      In this article: http://www.infoworld.com/article/3142903/microsoft-windows/the-time-is-right-to-update-windows-and-office.html
      you say “For those in Group B, the update you want from the Microsoft Catalog is as follows:……….

      Please woody could you explain to me what that is? It’s a direct download link and I don’t understand what it is.
      Is it a THIRD STEP I should take after I have done the things I talked about above or is it this month’s “Security Only Update”

      I have Internet Explorer that I scarcely use (I don’t see my bank account or any of my country official organization pages right with Mozilla – don’t know how to fix that but it doesn’t bother me).

      So should I download everything under “important” that I see about the Internet Explorer? I suppose I should. Or is there some KB I should avoid for any reason?

      I want to thank you so much (really so much) woody and all other here in this site for all your help. I don’t know what I would do without all of you here, helping so much every month. Thanks again with all my heart.

    • #22233

      You’re on the right track. This month’s a little easier than usual because there isn’t any .NET Framework patch, nor are there any weird additional patches. Windows Update will help with Office patches this month, but that’s about it.

      First question: I’m saving you the bother of finding the update in the Catalog. If you use the link, you don’t need to mess around with the Catalog.

      So far, IE patches have been rolled into the Security-only patch. That’s a change from what MS originally announced, but it makes your job much easier. No need to even look for IE patches any more.

    • #22234

      I think I’ve discovered why some links have the long filename and some don’t. The ones that do Not have the long filenames aren’t coming from either WU or MU.

      I’ve been downloading the updates & patches from links provided at Dalai’s site since February and every one of the files I’ve saved since February are in the following format “Windows6.1-KB3192319-x64.msu”… until this month.

      Through October the links Dalai was providing directed to “microsoft.com” and this month the links Dalai provided are directing to “catalog.update.microsoft.com”. Likewise, the links Woody provided above direct to “download.windowsupdate.com.

      Maybe they can’t be acquired through “microsoft.com” anymore? I guess that’s a question for Dalai, but at least this is making sense to me now!

    • #22235

      Thank you, AJ and Mike; it’s nice to know I’m not a unique oddity! Because of Windows Update, I’m not too worried – I use PSI mainly for my other software. However, I am a completist, so would prefer a 100% system score!

      With regards Belarc, I can not find any mention of software updates being kept track of (just a ‘software profile’), except for MS updates. Have I missed something, or would I need Belarc AND PSI, rather than replacing PSI with Belarc?


    • #22236

      Thanks, Mike. I’m being cynical, but would it be reasonable to suggest MBSA doesn’t recognise the secuirty only patch intentionally? MS have a vested interest in persuading people to join Group A!

    • #22237

      Thanks woody for your replay. Many hugs from Spain

    • #22238

      KB3020369 issue was because SSU cant’ be installed with other pending updates
      the binaries was never changed from original state, they just changed WU detection rules so that KB3020369 won’t be offered with other updates

      and again, that issue has nothing to do with WU long scan issue, and KB3125574 is not related in any case with WU or KB3172605

      with all due respect, you are talking with the person who probably knows the most about windows updates and how they work
      so please, take my correct info or don’t spread wrong info 🙂

    • #22239

      Yes, Microsoft Download Center provide links without sha1 appended to file name, and it offer HTTPS links

      but since MU catalog now works with all browsers, Microsoft decided that no more need to publish windows updates to Downlod Center

    • #22240

      + 1

      Absolutely no question abbodi is the foremost authority on Windows updates. I’m surprised Microsoft hasn’t hired him away from us….

    • #22241

      In the past, most of us had automatic update on or delaying installing the patches for few weeks, since there were a few bad patches that often would be fixed.

      So, you need to ask yourself, what changed? Microsoft’s behavior since 2015 and how they treated the patches and their attitudes to the ones who had bricked computers because of their poor quality patch. Many users since then noticed the change in computer and learned how to deal with it. The fragmentize started in large scale in 2015 and especially in 2016 because of MS, not because the users are irresponsible as you seem to think. It was a reaction to what MS has done and is doing.

      I am finding it strange that you are so supportive of MS forcing updates when it was their behavior in the first place that caused this problem. Just remember how the updates used to be like before 2015 and the users’ behaviors. Remember how Woody was frustrated with the users for not getting off the Automatic Update. So please, please, stop giving the MS a free pass on this issue.

    • #22242

      @ Volume Z…

      I’m not trying to be a “grammar slammer” here but the terminology you’re using is rather confusing. Security Only updates are NOT called “Rollups”, they’re “Updates”.

      That simple distinction helps quite a bit if you want to remain in Group B… you NEVER want to install a monthly “Rollup”! If you install a monthly rollup you are instantly a member of Group A.

      The word rollup refers to being cumulative, whereas the word update does not.

    • #22243


      If I do the “manual download” from the (November 18th InfoWorld) link to the MS Catalog, do I stop the “update service” (click the “stop”) BEFORE I INSTALL the downloaded update from the catalog?

      I haven’t seen that mentioned and just want to be certain that it “IS OR IS NOT” a requirement after the manual download from the “MS Catalog” – – – BEFORE THE UPDATE IS INSTALLED. Listed as follows on your Nov. 18th InfoWorld article:


      For those in Group B, the update you want from the Microsoft Catalog is as follows:

      Win7 64-bit


      I’m Group B, running Win 7, x64.

      I am ready to get the updating process started and need verification before I proceed further.

      Thank you for your help. 🙂

    • #22244

      Those who do not question
      (in logical, educated, mature, and hopefully-courteous ways)
      are a danger to civilization.

    • #22245

      Follow the instructions exactly.

      No need to stop the update service.

    • #22246

      I don’t think he’s giving MS a free pass. He has a point. I still think MS should be blamed for many things


      But it’s certainly reasonable to add that getting people off of patches can lead to mass infections, and that “normal” users may well be better served in Group A.

    • #22247

      @Woody: Thank you so much for the current directions. I had not seen anything specific, just recall that in the past when I did a “manual update” this was a requirement.

      This makes it much easier! Thank you once again for your help! 🙂 🙂

    • #22248

      The answer is easy. Stop using products that you don’t trust. It is not your design and you cannot know better. Either use the product as instructed by the manufacturer or do not use it. Like for a fridge, TV set, car and anything else. If you don’t follow the manufacturer’s instructions, you waive your right to warranty.

    • #22249
    • #22250

      Yes, but Plan B is as instructed by the manufacturer. It’s just more difficult than it needs to be.

    • #22251

      You are the one doing the hard work! 🙂

    • #22252

      I’m not clear what rationale there is for advising Group A folks to check the WU box marked “Give me recommended updates the same way I receive important updates”.

      I have been using WU to install the October and November patches, but I have kept that box UNchecked. Consequently, even after installing the “important” updates, I am left with 74 “optional” updates that I don’t want. Those boxes are all unchecked, which is the outcome I would want.

      It strikes me that leaving the “recommended” box UNchecked still gives Group A people a fair amount of control over what gets installed by Windows Update.

    • #22253

      True. But there are Recommended updates that would likely help Group A types. In for a penny, in for a pound.

    • #22254

      Haven’t seen any Recommended updates that strike me as helpful. Guess I’m an A-/B+.

    • #22255

      @Woody: In re: Changes to your previous articles from InfoWorld & YOUR MS-DEFCON ORIGINAL posts.

      One recommendation which would help me (and perhaps others) tremendously would be a link to any previous article that you intend to “CHANGE”, and to designate whether it is Infoworld, or YOUR original post changing YOUR MS-DEFCON article.

      Apologies for having problems, however there are a lot of articles out there, some older than others, (going back to October 27th). I may be the only one who has had a problem.

      Thank you for all of the wonderful help you provide for all of us!! 🙂

    • #22256

      I’m a “Group B” member with Windows 7 (64-bit) and have exactly the same problem as Jim. Every attempt I’ve made to download a security update (starting with October, then November, plus the “Win7 64-bit” link at the top) results in a Windows Update Standalone Installer window stuck on “Searching for updates to this computer…” for over an hour. I don’t know whether to leave it sitting for 2 hours (or more) or to give up.

      abbodi86 responded “July 2016 rollup update KB3172614” but this answer makes no sense to me as it is the July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2.

      If this helps: the last update I successfully installed was KB3177186, “Security Update for Windows 7 for x64-based Systems”. Since then the only updates I’ve managed to install are definition updates for Microsoft Security Essentials – which continued to install automatically for a time, then stopped altogether (around Nov. 3 I think it was). Since then I’ve found and installed the definition updates manually.

      I believe I’m following the existing instructions (from “How to cautiously update Windows 7 and 8.1 machines”, Group B section) to the letter, but I’m really feeling stumped.

      Any advice please? Is it possible that I hooped my ability to install the security updates from October 11 onward by manually installing [more recent] MSE definition updates in the meantime? Or do I just need to be more patient with that pesky “Searching for updates…” window, i.e. be prepared to wait for hours if need be?

      Thank you for all your help!

    • #22257

      You will get those Recommended and possible Optional updates sooner or later as part of the Rollups.
      The only Optional updates which you should normally avoid are those marked as Preview as they will be delivered as part of a Security Rollup after few weeks.

    • #22258

      @ abbodi ……. U said, “Windows Update was first broke in May 2015, and the break has nothing to do with any specific update”.
      KB3020369 was the April 2015 SSU. WU was not really broken in April or May 2015. It was just the occasional buggy update from M$ which was resolved by M$ about 2 weeks later.
      Fyi, for those who were doing clean reinstalls of Win 7 or Win 7 SP1, Windows Update was working fine in April, May 2015 n right up until April 2016 when Windows Update first became really broken.
      B4 April 2016, after a clean reinstall of Win 7 SP1, the users could automatically download n install the 200+ pending important updates thru Windows Update.
      …….After April 2016, they could no longer do so bc Windows Update became broken, eg kept on checking for updates for hours without any success. The solution was to manually install KB3020369 n KB3125574 via M$ Update Catalog or Download Center.
      ……. After July 2016, the solution was changed slightly. They had to manually install KB3020369 n KB3172605, the July 2016 Convenience Update Rollup. Windows Update would work again n display the 200+ pending important updates for automatic download n install.
      ……. Why was WU broken in April 2016.? … I suspect the KB3125574 n KB3172605 Rollups contain M$’s hidden Telemetry updates, ie M$ wanted to make sure that those who do a clean reinstall of Win 7 must hv the Telemetry “spyware” installed.

    • #22259


    • #22260

      You are a very patient person 🙂

    • #22261

      Fyi, i gave up, some cases are just hopeless.

    • #22262

      @ Julia ……. There are 2 ways to install KB updates, ie automatically via Windows Update or manually and ONE-BY-ONE via M$ Update Catalog.
      ……. The manual method usually requires WU to be disabled first by selecting “Never Check For Updates” n going to Control Panel > Administration Tool > Component Services > Local Services > Windows Update Service > disable.
      We must remember that M$ had introduced optional monthly Convenience Update Rollups(CUR) for Win 7/8.1 in May 2016. The May 2016 CUR for Win 7, KB3125574, was like a Win 7 SP2 = 312MB in size(32bit) = contained all the 200+ pending important updates since the release of Win 7 SP1 in 2011.
      ……. Thereafter, the monthly CUR were cumulative, eg the July 2016 CUR, KB3172605, contained important updates for the months of May, June n July 2016.
      In October 2016, this was changed by M$ to non-optional monthly Patch Rollups(PR) where users could no longer install updates individually or separately.
      ……. PR is cumulative n has to be installed automatically via Windows Update. Whereas, the Security-only Updates r not cumulative n hv to be manually installed via M$ Update Catalog.
      ……. Eg, the Nov 2016 PR contains security n non-security updates for the months of Sept, Oct n Nov 2016 only, ie not for the months of July or Aug 2016.
      Since July 2016, for Windows Update to work normally, KB3020369 n KB3172605 hv to be already installed, either automatically via WU or manually via M$-UC.KB3020369 is the April 2015 Servicing Stack Update n KB3172605 is the July 2016 CUR.
      ……. Once WU is working normally, it will help the Win 7 users to install any missing updates n Rollups automatically, once selected.

    • #22263


      …I’m not an expert by any means and I don’t know if you have tried this already but these are the steps that work for me.

      1. Download the MSU package from the link Woody
      2. Go to “Services” and from the list find “Windows
      Update” and Stop the service. Exit from
      3. Run the MSU package, for me this takes under 10
      4. Once installed reboot the computer.
      5. After reboot “Windows Update” (in Services)
      should be restarted (this doesn’t happen for me
      so I go and select Restart the service).

      Jim uses an 8.1 computer and that is why abbodi86 provided him that patch number.

      Hope this helps you in a small way!

    • #22264

      A very comprehensive reply ch100.

      Shame the KB article you link to is not easily understood by the lay person. Maybe a degree or two in Computer Sciences might come in handy?

    • #22265

      @AJ thanks for the heads up on Belarc. It’s a long time since I used it but I ran it today and you’re right, it does show my pc as fully patched, whereas Secunia still shows the MSUpdate rollup patch. So Secunia stays to monitor other software and (whilst I remain in Group B, and as Woody said originally) I’ll take the proverbial pinch of salt with what it reports on MS patches.

      Win10 21H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.
    • #22266

      Hello James & TonyS,

      You are both welcome!

      James, TonyS basically said what I was going to in a reply I began crafting (please excuse my having taken so long to reply).

      Since a glaring red PSI icon staring from the System Tray tends to give one pause, what I have been doing on all of the Windows boxes I tend to (besides tearing out what’s left of my hair) is to exclude the OS from monitoring by the PSI, and rely on the Belarc Advisor to check the security patching integrity of the OS. One nifty feature of the Belarc Advisor is that it has the ability to detect patches that may appear to be installed, but are not actually functioning properly; on more than a few occasions, it has also found missing patches that Windows Update failed to detect (it very decently also provides links to the related KB Article, so that one can directly download the installer.

      Now, another free manually-run on-demand software update detector that some may wish to add to their tool kits is Patch My PC (it will also perform the updates, but some have reported issues with that function, and in any case, I always prefer to get the installer from a known reliable site, such as the developer, Softpedia or MajorGeeks). Patch My PC’s developer solicits input from users, so additional software not yet included can be requested for addition. It is updated every few months, or so — and it is portable (no writing to the Registry).

      While is was nice, clean and convenient to have just one utility that covered the various bases, it appears that (at least for the foreseeable future) that option has receded into history… .

      In any case, I hope this is useful, gentlemen.



    • #22267

      Excellent information to know; thank you.

    • #22268

      I’m in the B group for security only patches. I’ve downloaded the stand alone installer for November, run it, and everything appears to be ok. Do I have to leave the installer package in my downloads or can I now delete it? Since it’s only in downloads rather than programme files, I assume it would be ok to delete, but with Microsoft, who knows?

    • #22269

      You can now delete it.

    • #22270

      Win 7 Pro 64-bit

      I just used my printer for the first time since installing KB3197867 and discovered problems similiar to those caused by KB3177725 in August. The August problems disappeared after uninstalling KB3177725; the current problems seem to have disappeared after uninstalling the current Security Only So-Called Quality Update (which does contain an update for the borked KB3177725).

      Guess it’s time to reserve a seat on the Group W bench while I seriously investigate Linux Mint.

    • #22271

      I would say that instead of stopping the Windows Update service, you are better off by setting Windows Update to Never check for updates and leave the service alone.
      The rest is as GoTheSaints says and you should be OK.

    • #22272

      Thank you for this very helpful information. I have 2 desktops and 1 laptop to update. I used Group A formula as I did for October and everything worked fine for the 2 pc’s. It took approx. 15-20 mins. and done.

      The laptop for some reason took over an hour to download the update and at the end I got a ‘failed’ notice with error code 80004005 – try again. I didn’t have the time so I shut the machine off completely. Several hours later I went in and did the routine of checking updates and it came back with the same KB3197868 update (137MB). I ran it again and this time it only took about 5 mins and whilst it was downloading it said the size of the update was only 17.5MB.

      I’m not sure what happened but it seems like the part of the update that was giving the error code managed to get itself fixed somehow. It feels like I lucked out this time but I wish I knew why the laptop had a glitch but not the two desktops. In the meantime, thank you for all your helpful information.

    • #22273

      Hey Woody,

      I was looking at November’s monthly rollup, KB3197874, and it states that details for the non-security fixes included can be found in KB3185331, but that’s a regular monthly rollup. Shouldn’t it state that it’s non-security fixes are those from October’s preview rollup, KB3192404? I thought that was going to be the pattern. The previous month’s preview rollup gets rolled into the current month’s rollup. Thanks for any insight.

    • #22274

      KB 3185330 stopped the Google search history from working. Once it was removed the search history returned. I loaded KB 3197867 which appeared to be fine, but once again the Google search history does not work. Anyone else have this problem with KB 3197687?

    • #22275

      Are you losing search history in the Google Toolbar for Internet Explorer?

    • #22276

      Your understanding is the same as my understanding.

      How it’s documented… that’s a completely different can of worms. Compare and contrast the lists at https://support.microsoft.com/en-us/help/22801/windows-7-and-windows-server-2008-r2-update-history

      I think the take-away is that documentation of the non-security part of Monthly Rollups is not particularly enlightening — although it’s certainly better than nothing at all!

    • #22277

      I don’t have any idea. Those kinds of glitches are not uncommon, in my experience.

    • #22278


    • #22279

      @Woody: The “Updating”.

      It was “different”. Used the InfoWorld link to DL & Install the Security Update, had a slight problem as needed to “force” the computer to close one window to get the “restart” done.

      I now have NO Important Updates as I hid the Security Monthly Quality ROLLUP (KB 3197868 134.0 MB), as well as the MSRT, and Def. These were ALL CHECKED. ***I noted that the size of the MSRT AND the Definition were quite LARGE.

      In the “Optionals” None were checked.

      I hid the “Preview” of the Monthly Quality ROLLUP (KB3197869) and the Preview of Quality ROLLUP for NET Framework.

      I hid KB2952664 (holdover from October), which was italicized. I now only have 2 remaining holdovers from October (both italicized)

      These are KB3181988, and KB3184143. Both italicized. Is it okay to hide these as I understand we don’t need any of the “Optionals”??

      Thank you for any further information you may have on the “Updating”, Group B (Win7 x64). You have helped all of us so much! It is most sincerely appreciated by all of us! 🙂 🙂 🙂

    • #22280

      Thank you Woody, and an “Argh” to MS…

    • #22281

      No need to hide anything. You’re fine just how you are.

    • #22282

      Update: For those using PSI that installed KB3197867 (Group B): if you’ll hide KB3197868 in WU and re-scan with PSI, it’ll stop complaining and you’ll get a green icon (assuming all else is good).

      And MBSA still complains….

    • #22283

      Win 7 64bit

      WOW! i did the security only rollup. how was >100 Mb update the fastest update in forever… i feel cheated! 😉

    • #22284

      Therre’s no such thing as a “security only rollup.” The Security-only update isn’t a rollup. The Monthly Rollup isn’t security-only.

      Confusing, eh?

    • #22285


    • #22286

      Thank You for providing the 4 links – great help – worked fine – I’m in Group-B

      But Windows Malicious Software Removal Tool is in my list of update patches – should I UNcheck everything but and still run the WMSRT as in previous months?

    • #22287

      I, personally, run the MSRT. I’m sure it phones home, and I’m not overly concerned about it.

    • #22288

      Indeed, THANKS!! 🙂

    • #22289

      @Julia, temporarily set your Windows Update to “Never check for updates (not recommended)”. This will stop WU from continually searching for updates.

      Download the September 2016 Servicing Stack Update https://www.microsoft.com/en-us/download/details.aspx?id=53863 and July CUR https://www.microsoft.com/en-us/download/details.aspx?id=53332

      Install each using WUSA: wusa.exe “C:fullpathtoUpdate.msu” /quiet /norestart

      KB3177467 didn’t need a reboot, KB3172605 did need a reboot.

      Set your Windows Update back to “Check for updates but let me choose whether to download and install them”

      This resolved the problem I had with WU continually searching for updates.

    • #22290


    • #22291

      I’ve downloaded the Win7 64-bit November patch (KB3197867) using Woody’s link and also directly from the Microsoft Update Catalog by searching for it from within the catalog. The two files have identical names and sizes, except that the name of the one downloaded directly from the Microsoft Update Catalog is prefixed by the characters “AMD64-all-“. If both files are coming from the same repository, why do they have slightly different names?

      And can I simply rename either file to Windows6.1-KB3197867-x64.msu?

    • #22292

      No need to rename. Just run it.

      The AMD64-all- signifies that it’s a 64-bit version. Other than that, no idea why the names differ.

    • #22293

      IE ActiiveX/basket download changes the file name to add Architecture

      use new MU experience url to get direct link with consistent name

      you name it NovemberPatch.msu or anything else, it would be still the same 🙂

    • #22294


      Yes, I discovered that by experimenting. If I access the Catalog by http://catalog.update.microsoft.com/…, I get the “basket” interface and the filename is prefixed by “AMD64-all-“. On the other hand, if I access the Catalog by http://www.catalog.update.microsoft.com/ …, I don’t get the “basket” interface and the filename is not prefixed by AMD64-all-“.

    • #22295

      Maybe I am the faintist of the faint-hearted, but I still find the patchwork of patches sort of a basket-case. Moreover, there is that lingering injury: After being repeatedly beat up by MS over months and months with their poison-pill updates, I now keep them very much at arm’s distance (if not more). When (if ever) Woody goes to MS-DEFCON 5, then I will take another look. I know that in the meantime maybe I am skating on thin ice as far as security goes; but, truth be told, I feel safer without MS than with them.

    • #22296

      Installed KB3192391 and KB3197867 on my Windows 7 sp1 32 as indicated by Woody. Every thing OK, thanks a lot

    • #22297

      (Win 10 Pro 64-bits with Carboni mods and metered connection WuShowhide run before any MS Updates)

      In spite of using Metered Connection and WuShowHide to block driver updates before MS Updates can automatically download them, last weekend I got a driver update which listed below the Cumulative Update for Windows 10 Pro on my laptop. This turned out to mean that this update would be offered even in spite of my setting not to ever get a driver update through Microsoft Updates. (Once again, MS is not respecting explicit settings in Windows 10.) So naturally, this update when it downloaded, failed and stalled, causing the CU to fail to install (though it did download).

      I went to the Microsoft Updates Catalog in Internet Explorer 11 (though I could have used any of the major web browsers) and downloaded the manual stand alone update for my configuration. (Win 10 v.1607, 64-bits.) I also opened up Manage my PC, went to Device Manager, clicked on the Pointing Devices, found the Device (Touchpad — long unused on this laptop) and ran Update Driver Software with Search Online (search MS Updates for the driver). The driver updated through the Device Manager. Now the problem was, had the CU begun its install routine, or was it safe to restart the laptop? I restarted, knowing I had a System Restore point and the stand alone installer for the CU to fall back on, plus a fairly recent System Image archive which tests good.

      The restart took nearly a half-hour going down, and ten minutes starting up. Then I ran MS Updates again, and the driver update was gone from the current list. The CU finished installing (it was already downloaded) and another restart was called for. The downloaded stand alone installer never needed to be used. Again, the restart took a half-hour going down and ten minutes coming up, but everything lists as successfully installed now.

      Take Home Lesson — if a driver lists in WuShowHide below any other type of update, HIDE it immediately and use the Device Manager if there appears to be a security reason to get the updated driver. Better yet, go to the manufacturer (if the device is still supported) and get the updated driver from there. I would have saved a half a day’s work and grief if I had known to do this.

    • #22298

      I have Win10 Pro set to defer upgrades. Does anyone know how long 1607 will remain deferred?

    • #22299

      How did you defer it? With GPEdit?

    • #22300

      No, I just checked off “Defer Upgrades” in the Advanced Options of the Settings applet.

    • #22301

      Then you should be safe until 1703 comes out. At that point, give or take a week or two, I think we’ll see the “Defer Upgrades” setting allow 1607.

      I think.

    • #22302

      1607 will be released to CBB (Defered) next month, or at the beginning of 2017 at most

    • #22303

      False alarm?

      Previously unidentified variable(s)?

      Re-installed KB3197867 and am unable to duplicate above-reported “problems”.

      Back to the Group B bench again.

    • #22304

      hi guys, hi woddy,

      im having a problem now.

      i have to administrate 3 devices. wich all run win7 (two 64bit and one 32bit system).

      since i heard that MS will force more and more involuntary updates onto costumers (and seeing the whole “bigbrother only wants the good for you” direction this society is going)

      i stoped downloading WIN updates for quiet some time (on one system its really long ago probably more then a year) and the other updates are a few months back now( since i have to drive there and provide backup. you gotta love your family 😀 )

      -so now i have the problem that i have system which are not updated to the point of the last “more open” updates from september2016.

      -i wish to stay in group b as long as possible.

      -i cant find a startpoint for me to get the system uptodate.

      can you or maybe someone help me?


    • #22305

      Generally, the start point I’ve been using is July – patch everything up to July, then “Group B” should apply security-only patches after that point.

      Unfortunately, Security-only patches only started rolling out in October.


      Of course, if you want to take a patch-by-patch approach to the pre-August updates, there are many lists of “bad” patches from which to choose!

    • #22306

      hey woody,

      thank you for your fast answer!

      i feel really stupid right now (usually im not that stupid with this stuff..)

      do i just let windows update search for updates?
      or how do i get to the point of no return? 😀

      lets say i have a fresh installed win7 sp1 system.

      what do i get to patch it up to the july updates (or the october updates)

      im really sorry for these stupid questions..

    • #22307

      because it seems that i can only find full-updatepacks with the “questionable” updates already included.

    • #22308

      Not stupid at all! In fact, we had a post about it not long ago.


      As you can see, there are many nuances and varying opinions. There’s no royal road to Win7 update!

      I’d like to turn it into an InfoWorld post at some point, if we can ever draw a conclusion.

    • #22309

      i seems that i got dizzy from searching the web.. that i couldnt even find that post of yours!

      i will take a look into that post.
      and i bet i will have a question or two for you later 😀

      thanks again and have a nice weekend.

    • #22310

      You have my sympathies. Searching for stuff on this site is abysmal. I hope that growing the Lounge appendage will help…

    • #22311

      On a Windows 7 system that was last updated with patches Oct. 10th, Windows Update is now running for 17 hours and counting. The system has the Win Update “speed up” patch installed. Constant cpu usage of 25% on a machine with 4 cpus. All in a copy of svchost that includes the Windows Update service.

      Just me? Will try other systems soon…

    • #22312

      Oh no. Not again.

    • #22313

      Nothing is again 🙂
      all is excellent here

      are you pretty sure the “speed up” kb3172605 is properly installed?

    • #22314

      You could try this approach too.
      This will get you to be fully patched until November 2016, unless you deselect on purpose the updates which are available after July 2016, which is a bit difficult. Supersedence built-in later patches would make it even more difficult.

    • #22315

      hello why is there multiple choices in the catalog? im a bit confused and just wanted to ask. but your link to win 7 64 bit worked fine

    • #22316

      Each of the choices in the Microsoft Update Catalog is for a different patch, for a different version of Windows. Which ones are confusing for you?

    • #22317

      what was confusing me is that one of them said win 7 embedded standard, and the other was win 7 64 bit. both of them were 88MB in size. im a noob to this stuff since MS starting messing things up. i followed your link for the win 7 64 bit but somehow i mixed it up with the embedded one. i almost installed it but came here first and followed the link you posted to the 64 bit win 7 so everythings all good now. thanks alot for all the info and instructions you provide man its really been helpfull

    • #22318

      Yeah, it’s confusing. Win 7 embedded standard is something you won’t need to be concerned about. The most confusing part is that 64-bit versions are marked x64, while 32-bit versions have no distinguishing marks.

    • #22319

      My mistake. There were different magic speed-up fixes for Windows Update over the last few months, and I confused them. Sorry.

    • #22320

      Ah, that makes me feel much better.

    • #22321

      In following the instructions for Group B, in Step 6 I get one update showing up on “important” list, namely KB3138612 which is not described as a security update. I don’t have enough information from Step 6 or Step 7 of the Group B instructions as to whether to install that update or not. Apparently it’s an update for Windows 7 update client. Have people had any problems resulting from installing KB3138612, and in particular, does it contain “snooping” or “nagware”? If there hasn’t been any “snooping”, “nagware” or other problems with it, then maybe I’ll just go ahead and install it.

    Viewing 265 reply threads
    Reply To: MS-DEFCON 4: Time to get November Windows and Office patches applied

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: