News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • .NET Update Confusion

    • This topic has 12 replies, 6 voices, and was last updated 1 week ago.
    Viewing 4 reply threads
    • Author
      Posts
      • #2370274
        doneager
        AskWoody Plus

        I’m confused again about what’s going on with .NET updates. The 5/27/21 Master Patch List  advised to defer 4601554, 2021-01 Cumulative Update. I hid it using wushowhide. No subsequent “go” signal noted. The 6/8/21 Master Patch List advises to defer 5003254, 2021-06 CU. I hid that as well. What, if anything, should I do about 4601554? The last .NET update on my PC is 4601050, which was installed when I was still running 2004 prior to moving to 2oH2.

         

        Thanks!

      • #2370306
        Susan Bradley
        Manager

        I’m using the “enterprise patching” view – none of these recent  .net include new security updates.

        Susan Bradley Patch Lady

        • #2370384
          Alex5723
          AskWoody Plus

          I didn’t see any .Net updates for Windows 10 Pro (20H2, 21H1) since 2/2021. Who gets them and who don’t ?

          1 user thanked author for this post.
      • #2370342
        doneager
        AskWoody Plus

        So, I’m guessing that means don’t worry about any .NET updates until you post one that says INSTALL and is for a new security update?

      • #2370348
        anonymous
        Guest

        My impression is that the .net updates are not recommended here on Ask Woody unless required by software applications.

        • #2370615
          Susan Bradley
          Manager

          No, I just want to equate what experience that businesses get. Until there is a security .net patch I don’t recommend it.

          Susan Bradley Patch Lady

      • #2370872
        lmacri
        AskWoody Plus

        The last .NET update on my PC is 4601050, which was installed when I was still running 2004 prior to moving to 2oH2.

        Hi doneagar / Alex5723:

        See WCHS’s 27-May-2021 KB4601554 – May .NET Framework for a similar discussion. We’re both still trying to figure out why our MS .NET Framework updates stopped after KB4601050 was delivered in Feb 2021. We have observed the following:

        • If you view the package details for KB4601050 (2021-02) for Windows 10 v20H2 <here> in the Microsft Update Catalog it says it has been replaced by the the Preview build of KB4601554 (2021-02) released in Feb 2021 (see Image 1), and
        • Both WCHS and I have disabled delivery of week C/D Preview Builds in our Group Policy Editor (gpedit) at Computer Configuration | Administrative Templates | Windows Components| Windows Update | Windows Update for Business | Select When Preview Builds and Feature Updates Are Received (i.e., Enabled, Semi-Annual Channel, defer for 1 day) and did not receive that KB4601554 Preview.

        If you search the Microsoft Update Catalog <here> for KB4601554 for Win 10 v20H2 there is both a Preview build for KB4601554 (2021-02) released in Feb 2021 and a “stable” build for KB4601554 (05-2021) released three months later in May 2021 (see Image 2).

        If you view the package details for the Preview build of KB4601554 (2021-02) released in Feb 2021 it replaces KB4601050 (02-2021) but was not replaced by any further updates (see Image 3). The supersedence chain for the KB4601050 seems to stops back in Feb 2021 with the KB4601554 Preview (which was never delivered to my system, presumably because of the Group policy edit I made to “Select When Preview Builds and Feature Updates Are Received“).

        If you view the package details for the “stable” release of KB4601554 (05-2021) released in May 2021 it replaces KB4586876 (01-2021) and was later replaced by KB5003254 (06-2021) but there is no mention of KB4601050 (02-2021) in those package details (see Image 4).

        At this point my best guess is that Microsoft did not revise the supersedence chain of KB4601050 when the “stable” KB4601554 was released in May 2021, and because WCHS and I never received that KB4601554 Preview build (possibly because of our gpedit tweak to “Select When Preview Builds and Feature Updates Are Received“) this has disrupted the delivery chain and is preventing further updates to KB4601050.
        ——–
        64-bit Win 10 Pro v20H2 build 19042.985 * Firefox v89.0.0 * Microsoft Defender v4.18.2105.5 * Malwarebytes Premium v4.4.0.117-1.0.1318

        • #2370912
          WCHS
          AskWoody Plus

          If you view the package details for the “stable” release of KB4601554 (05-2021) released in May 2021 it replaces KB4586876 (01-2021) and was later replaced by KB5003254 (06-2021) but there is no mention of KB4601050 (02-2021) in those package details (see Image 4).

          My situation is additionally confusing, because I did not install 20H2 until April 9, and so I do not have a record of having the 20H2’s KB4586876 (01-2021) installed because I wasn’t on 20H2 at the time it was released. The corresponding file in 1909 was KB4586878, but it was not in the WU queue to install and so was never installed. I am presuming that it was not there because a) it was not a security update and b) the GUI settings of 1909 were set to achieve the same results that the GP settings of 20H2 are set to achieve.

          The last 1909 .NET update was the 2021-02 KB4601056, which was a security update. This 1909 file corresponds to the 20H2‘s 2021 02-KB4601050, which was in the WU queue to download and install ( and I did so) after I upgraded to 20H2. All of this is to say that since the 1909 GUI and the 20H2 GP settings achieve equivalent results, the pattern is the same in 1909 and 20H2: .NET security updates will appear in the WU queue to be downloaded and installed. .NET quality and reliability improvement updates (whether Preview or later stable versions) will not appear in the WU queue.

          At this point my best guess is that Microsoft did not revise the supersedence chain of KB4601050 when the “stable” KB4601554 was released in May 2021, and because WCHS and I never received that KB4601554 Preview build (possibly because of our gpedit tweak to “Select When Preview Builds and Feature Updates Are Received“) this has disrupted the delivery chain and is preventing further updates to KB4601050.

          but I think there will be an update when the next one is a security update.

          • #2370921
            Bob99
            AskWoody Plus

            @WCHS and @lmacri -The .NET updates released since February’s are considered non-security updates by Microsoft. You aren’t seeing them in Windows Update due to your settings in Windows Update for Business (or in the registry for users of the Home edition of Windows 10).

            While these settings keep you from being offered the preview updates for Windows and the .NET platform that are generally NOT a good idea to install, a side effect of these settings is that they are also keeping you from being offered the normal, non-security, non-preview updates for the .NET platform.



            @WCHS
            , you are right in that the next .NET update that you will be offered will be one that’s also considered by Microsoft to be a security update.

            How do I know all this? Well, because I changed my settings within Windows Update for Business in Group Policy and then used wushowhide to check for available updates. The June update for .NET showed up as available to hide, at which time I exited wushowhide, because I just wanted to see what was available with the changed settings. I then proceeded to revert my settings to those in AKB2000016 and, violà, the June .NET update disappeared from wushowhide.

            If you really want to be offered the June .NET non-security update by Windows Update, change the following items in Windows Update for Business (within Group Policy) to “Not configured”: “Select when Preview Builds and Feature Updates are received”, “Select when Quality Updates are received”, and “Select the target Feature Update version”. Just remember to change them back to Enabled along with the individual settings within each one that you had before changing them to “Not configured”.

            1 user thanked author for this post.
            • #2370941
              WCHS
              AskWoody Plus

              If you really want to be offered the June .NET non-security update by Windows Update, change the following items in Windows Update for Business (within Group Policy) to “Not configured”: “Select when Preview Builds and Feature Updates are received”, “Select when Quality Updates are received”, and “Select the target Feature Update version”.

              I ALREADY have “Select when Quality Updates are received” set to “Not Configured.” That means that in the WU queue I get the monthly CUs that come out on Patch Tuesday/Week B, but I can hide them because I have GP=2 (notify download/install). And I never see the CU Previews/Week C or D or E patches. As a matter of fact, I haven’t seen the out-of-band Week B patch KB5004476 either — that one Susan mentions today in the AskWoody Blog. I have TRV set to 20H2. If I change this to “Not configured,” then I am setting myself up for 21H1 (which I don’t want to do)!!

              So, what about just leaving “Select Quality Updates are received” to “Not configured,” leaving “TRV” to “20H2”, and changing “Select when Preview Builds and Feature Updates are received” to “Not configured”? Will that bring forth the non-security, non-preview .NET Week B patches to the WU queue? while at the same time, a) allowing Quality/Week B CUs to appear (I’m not talking about.NET updates here), b) preventing Week C/D/E CUs from appearing (I am not talking about .NET updates here, either), and c) keeping me on 20H2? And of course, remembering to set it back to “Enabled” and setting “Semi-Annual Channel” to 1 day after the non-security, non-preview Week B patch shows up in the queue, and I download and install it.

              • #2370944
                WCHS
                AskWoody Plus

                So, what about just leaving “Select Quality Updates are received” to “Not configured,” leaving “TRV” to “20H2”, and changing “Select when Preview Builds and Feature Updates are received” to “Not configured”?

                I think @Alex5723 has answered that question at
                #2370910. He’s got “Select when Preview Builds and Feature Updates are received” to “Not configured” and he has “Select the Target Feature Update Version” set to “Enabled”. As a consequence, he isn’t getting the non-security, non-preview NET week B patches.

                So, it seems to me that if you really want a non-security, non-preview Week B .NET patch, the best bet would be to manually download and install it — maybe, waiting until MS-DEFCON = 3+ to do it. That would save you having to go into GP settings to change settings and then remembering to change them back.

              • #2370946
                Bob99
                AskWoody Plus

                Sorry, I guess I should have been a bit clearer in my original post…all three of the items I mentioned must be set to “Not configured” in order for you to be offered the non-security .NET updates. I never mentioned the word “all”. My apologies.  🙁

                Once you set all 3 to “Not configured”, you should then be offered the regular, non-security update that was released on June 8th.

                Once we got to the 15th of June (the third Tuesday of the month), however, the June 8th patch is possibly going to be superseded by a preview release for .NET which you will be offered instead of the update released on June 8th.

              • #2370949
                WCHS
                AskWoody Plus

                It seems a bit risky to me to set “Select the target Feature Update version” to “Not configured”, especially since I want to stay on 20H2, now that the later 21H1 is out.

                I’m just going to note any new non-preview .NET patch on Susan’s monthly Master Patch List and if it isn’t a security update (which I would expect to show up in the WU queue because of my GP settings) and if I want to install it (i.e., a non-security, non-preview .NET patch, such as that in Week B May and Week B June), I will manually do it (or my McAfee A/V will tell me that it’s not installed and it will install it, if I tell it to.)

                That’s easier than taking a risk by not remembering to set all 3 GP settings back to what they were.

              • #2370952
                Bob99
                AskWoody Plus

                That sounds like a great plan, because it’s what works reliably for you!  🙂   👍

                1 user thanked author for this post.
    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: .NET Update Confusion

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.