• New versions of buggy March Win7 patches are out

    Home » Forums » Newsletter and Homepage topics » New versions of buggy March Win7 patches are out

    Author
    Topic
    #181412

    I have no idea what changed, but Günter Born reports (and a check of the Update Catalog confirms) that there are new versions of: KB 4088875 – Win7 Ma
    [See the full post at: New versions of buggy March Win7 patches are out]

    9 users thanked author for this post.
    Viewing 22 reply threads
    Author
    Replies
    • #181420

      AFAIK the updates itself hasn’t changed. But MS has changed the KB descriptions. Some details here:

      https://borncity.com/win/2018/04/05/windows-kb4090450-kb4088875-kb4088878-kb4088881/

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

      https://www.borncity.com/win/

      8 users thanked author for this post.
    • #181426

      “I have no idea what changed, but Günter Born reports (and a check of the Update Catalog confirms) that there are new versions of:

      KB 4088875 – Win7 March Monthly Rollup (dated, in the Update Catalog, as April 4)

      KB 4088878 – Win7 March Security-only patch (also April 4)

      KB 4088881 – Preview of the Win7 April Monthly Rollup (also April 4)”

      Literally nothing has changed in the Catalog for the x64 versions of these updates (the only ones that I checked). I assume the same is true for the other versions of these three updates. One can see this by downloading the given updates and checking their digital signature dates. The reason that the date changed in the Catalog for these three updates is because their metadata changed.

      So what metadata may have changed for these three updates? I already noted that the following text in these three updates changed on April 4 from prior article versions: “This issue is resolved by KB4099950 which will be automatically applied when installing this update.” This suggests that Microsoft is now bundling the download and installation of KB4099950 when one installs any of these three updates in Windows Update. I don’t know if update bundling also happens in WSUS. (I realize that KB4088878 shouldn’t appear in Windows Update, but maybe WSUS has update bundling?) As I noted in the bundling topic, one of the uses of update bundling is to ensure that a given update is installed before another given update is installed. I believe that update bundling does not happen for Catalog downloads, so those of you in Group B will still have to download and install KB4099950 before installing any of these three updates.

      12 users thanked author for this post.
      • #181433

        Can anybody confirm if KB4099950 is also bundled in WSUS? A manual search for KB4099950 in the WSUS console doesn’t show anything.

        • #181465

          If you are interested in WSUS/SCCM, you should know better than asking for advice here.
          Otherwise you should provide advice here.

          1 user thanked author for this post.
          • #181491

            If you are interested in WSUS/SCCM, you should know better than asking for advice here.

            Since Susan Bradley’s been hanging out in these parts, we have a LOT of expertise in WSUS and SCCM added to the mix.

            1 user thanked author for this post.
      • #181464

        There is no bundling in WSUS and KB4099950 is not even known to WSUS, unless imported from the Catalog.

        1 user thanked author for this post.
        • #181479

          Ok, but what is the way for WSUS users?

          On the description from KB4099950 Page it says:

          “This update is now available for installation through WSUS.
        • #181493

          These links seem to suggest that WSUS can do bundled updates:

          Relationships Among Updates

          WSUS (bundled or installable) child updates

          • #181846

            It happens all the time, when required.
            Few very well known examples:
            – Windows 7 / 2008 R2 Service Pack 1 – KB976932 SP1 bundled with SSU KB2533552
            Windows 8.1 / 2012 R2 Update 1 – KB2919355 Update 1 bundled with KB2932046, KB2937592, KB2938439, KB2934018, KB2959977
            – Windows 8.1 /2012 R2 (unofficially known as Update 3) – KB3000850 Update 3 bundled with KB3003057, KB3016437, KB3014442
            – IE11 for Windows 7 / 2008 R2 – KB2841134 IE11 bundled with KB2849696 and KB2849697 Language Packs and KB2533623, KB2639308, KB2670838, KB2729094 v2, KB2731771, KB2786081, KB2834140 v2, KB2882822, KB2888049

            More recently, most .NET Framework updates are bundles of various individual updates and I think there was at least one Windows 10 recent update which bundled the SSU and the actual update.

            Many of those patches come bundled on Windows Update in the same way like they come on WSUS.
            For most users and professionals though, there is no reason to look into the details of patching at this level and are better served by following reliable advice and regular patching using one of the proven methods and probably even better following the product manufacturer’s guidelines.

            1 user thanked author for this post.
          • #182128

            Nope, SSU and CU never been gathered in Windows 10 😀
            the only update that did iy was the security update for secure boot KB3172729

      • #181481

        So THAT’s what they’re up to…

      • #181515

        I believe that update bundling does not happen for Catalog downloads, so those of you in Group B will still have to download and install KB4099950 before installing any of these three updates.

        I’m not disbelieving you and I can well believe this is another example of Microsoft’s gross incompetence but the wording for security-only does state…

        This issue is resolved by KB4099950 which will be automatically applied when installing this update

        But the package contents have been checked, right? There definitely is no KB4099950 included? Some work experience kid has likely just copied and pasted the monthly roll up text.

        Edit to remove HTML: Use the ‘text’ tab in the post entry box when you copy/paste.

        1 user thanked author for this post.
        • #181532

          That update bundling does not happen for Catalog downloads is an assumption on my part. Installing KB4088878 with internet access would be a test of this.

          • #181626

            Has anybody tried this?

            I need to get off the fence on a DEFCON level change in the next couple of days….

            • #181683

              I just tested this. I didn’t see any evidence that KB4099950 was installed. PCIClearStaleCache.txt, a log file created when KB4099950 is run, was not present. This test should be repeated when KB4088875 reappears in Windows Update.

              3 users thanked author for this post.
      • #181640

        WSUS offers only the 2018-02 Security Monthly and Security Only, also the January equivalent patches on a machine patched until and including December 2017 Security Monthly.
        From March 2018, only the CU for IE11 is offered plus few other non-related patches, KB2952664 and the time zone rollup KB4074837.
        This may be the case because KB4099950 is not on WSUS and may be a pre-requisite now.
        Before the revisions for KB4088875/KB4088878 they were both on offer.

        Interesting that the internal date of the revisions is the same with the original release date, March 14, 2018.
        Which shows that Microsoft does not take guidance from various popular web sites for patch bugs, as some would suggest, but had internal knowledge of the issues early.

        1 user thanked author for this post.
        • #182863

          Yes, the KB4099950 is not on WSUS. Its not listed even with manual search.

          Should we download the update from the catalog and import it to WSUS?

           

      • #182040

        Microsoft doesn’t appear to be bundling KB4099950 with either KB4088875 or KB4088881, according to data from Windows Update MiniTool. I don’t understand why Microsoft is using language in the KB articles that seems to suggest bundling. Instead, KB4099950 is now a prerequisite for Windows Update to consider KB4088875 or KB4088881 installable.

        3 users thanked author for this post.
        • #182063

          What are they thinking?

          On permanent hiatus {with backup and coffee}
          offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
          offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
          online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
    • #181421

      I think this is new in 4088875:

      With both

      “A new Ethernet Network Interface Card (NIC) that has default settings may replace the previously existing NIC, causing network issues after you apply this update. Any custom settings on the previous NIC persist in the registry but are unused”

      and

      “Static IP address settings are lost after you apply this update.”

      it now says:

      This issue is resolved by KB4099950 which will be automatically applied when installing this update.

      So you no longer have to run a VSB-script yourself or apply the update 4099950 before applying 4088875: it is now rolled into the update.

      ~ Annemarie

      5 users thanked author for this post.
    • #181430

      In the description of KB4088875 it contains a new Text about the Network IP issue:
      “This issue is resolved by KB4099950 which will be automatically applied when installing this update”

      Does that mean KB4099950 is now part of the KB4088875 patch?

      1 user thanked author for this post.
      • #181437

        No, but it does mean that when one installs KB4088875 in Windows Update, Windows Update now also installs KB4099950 (first, I assume). This is an instance of update bundling. One of the uses of update bundling is to ensure that a given update is installed before another given update. As I mentioned before, I believe that update bundling does not occur for Catalog downloads.

        3 users thanked author for this post.
    • #181436

      “Looking at the KBNew page, I also see new versions of:

      KB 4099950 – the hotfix patch for bugs in the March Win7 patches (now dated April 4) – I talked about this fix of a fix of a … earlier this week in Computerworld.

      KB 4088879 – the Win8.1 Security-only patch (still dated March 10)”

      KBNew deals with article versions, not update versions.

      The Catalog downloads for KB4099950 are now dated April 4, but a check of the digital signature date of the x64 version of KB4099950 reveals that it hasn’t changed recently. I assume the same is true for the other KB4099950 Catalog downloads.

       

       

       

      2 users thanked author for this post.
    • #181439

      “KB 4090450 – Spectre V2 patch for Server 2008 (dated April 3)”

      From https://support.microsoft.com/en-us/help/4090450/security-update-for-vulnerabilities-in-windows-server-2008: “This security update was rereleased on April 3, 2018.”

      1 user thanked author for this post.
    • #181440

      “The solution on offer is KB 4099467, which is a single-shot hotfix for Win7 designed specifically to fix this bluescreen.”

      abbodi86 analyzed the contents of KB4100480 and KB4099467 at https://www.askwoody.com/forums/topic/patch-lady-more-updates-released-to-fix-march-patches/#post-179329. I analyzed the contents of KB4100480 at https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179396.

       

      2 users thanked author for this post.
    • #181457

      I have downloaded and checked for differences using “fc /b” in a command prompt window (and both DiffMerge and WinMerge as “belt and braces”) both the Windows 7 32 bit and 64 bit versions of the Security Only updates KB4088878 and KB4099950 and the Windows 8.1 versions of the Security Only updates KB4088879 (relevant to my PCs) now in the Catalogue with the versions I downloaded from the Catalogue on 14 March, 1st April and 14 March respectively and (all comparison tools) find the update files identical.

      So have only the dates in the Catalogue changed?

      • #181462

        Maybe only the metadata has changed.

        1 user thanked author for this post.
      • #181463

        “So have only the dates in the Catalogue changed?”

        Apparently yes. The date for a given update can change in the Catalog when its metadata that is used by Windows Update changes. This can be confusing, but that’s the way it works.

        2 users thanked author for this post.
        • #181496

          “So have only the dates in the Catalogue changed?” Apparently yes. The date for a given update can change in the Catalog when its metadata that is used by Windows Update changes.

          The emperor has new clothes.

          On permanent hiatus {with backup and coffee}
          offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
          offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
          online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
          1 user thanked author for this post.
    • #181480

      Just uninstalled kb4088878, kb4100480, and kb4099950 (old March versions.)

      Installed the new April versions of those three. So far, no problems. I’m your beta tester.

      2 users thanked author for this post.
    • #181487

      With these changes, whatever they are, KB408875 Monthly Rollup, previously unchecked, is now gone.  It no longer appears as an available update.  One less March patch to worry about? I’m left with 4099950 and 4100480.  Neither of which I’m in a rush to install.  Woody, it’s getting late for a March Defcon change.  Do we just wait to see what is offered for April and forget March?

      1 user thanked author for this post.
      • #181489

        March is probably coming soon.

        2 users thanked author for this post.
      • #181490

        I also noticed that KB4088875 and KB4088881 are currently unavailable in Windows Update. They should be available again sometime very soon.

        • #181737

          I also noticed that KB4088875 and KB4088881 are currently unavailable in Windows Update. They should be available again sometime very soon.

          I think they are already available, but have a dependency on KB4099950.
          KB4099950 is not available in WSUS, but it is available as Recommended update in WU.

          Until KB4099950 is installed, the latest available CU is KB4074598, which is 2018-02 Security Monthly Quality Rollup.

          This month’s updating mechanism is messed up and for those who have not installed any of the March updates yet, it is highly recommended to wait for another week until the release of the April CU.

          Keep an eye on Patch Lady’s recommendations in this matter.

          1 user thanked author for this post.
      • #181492

        Woody, it’s getting late for a March Defcon change. Do we just wait to see what is offered for April and forget March?

        I’ve been wondering that myself.

        I think the solution is to have folks avoid the Win7 patches, but to install the others. Unfortunately, that doesn’t take care of “Total Meltdown” on Win7 — and in that case, the cure is probably worse than the disease.

        Lemme start gathering together all the bug reports. They are voluminous.

        8 users thanked author for this post.
        • #181784

          Does this mean the MS-DEFCON level will change within the day or Saturday for Windows 10?

          • #181791

            It means DEFCON will  change when Woody has collected enough information to give advice on patching

            2 users thanked author for this post.
            • #181800

              Thank you. I was asking because I’m trying to decide whether it’s worth it to ticket to go and help my family and relatives (who are in another city) patch their windows 10 computers this weekend (need to return by Sunday PM), or if I can afford to have them wait another month if it’s still unclear if Match updates for Windows 10 will receive the green light. My apologies if my previous comment came off differently.

            • #181808

              Things are such a mess now, it is hard to say what Woody will recommend. It wouldn’t be the first time he has suggested NOT patching 1709 for example. So your go/no go situation is up in the air until Woody publishes his recommendations.

            • #181815

              See Woody’s latest blog article posted a few minutes ago.

      • #181535

        As per the Patch Lady’s recommendation a few days back, I installed KB4100480 since I had the Jan./Feb. Win 7 updates installed. No issues encountered. Didn’t install any March updates and not stepping into the fray until DEFCON changes. Windows Update set to “Never check”, all users in the household warned not to click on “dodgy” links, Norton Safe Search enabled. Good on you Beta testers as the rest of us watch & wait.

        3 users thanked author for this post.
    • #181486

      April updates are virtually “ditto” of March updates.

      Being Spectre and Meltdown patches these would seem to be important.

      Watching Woody’s DEFCON rating.

       

    • #181562

      I’d like to know if KB4099950 is uninstalled, will the changes it made be reversed.
      Considering it is a script.

    • #181590

      I believe that update bundling does not happen for Catalog downloads, so those of you in Group B will still have to download and install KB4099950 before installing any of these three updates.

      I did notice last night that KB4099950 dated 3/30/2019 was showing when I did a manual check of WU. It is shown in WU as Optional and Unchecked. Still no March Windows OS updates shown, only Feb. I wonder why KB4099950 is not at least recommended, especially since it is now being bundled. It might be that installing KB4099950 alone, via WU would allow the March Rollup to at least show (I wll not install the rollup as I follow Group B). I may see if/when the DefCon changes.

      I am still weighing the Rollback of Jan/Feb Group B Windows patches to December or just moving forward. If forward, I will use MrBrian’s ordering mentioned a few days ago after creating a restore point and image first. I would 1. Install KB4099950 via WU, reboot; 2. Install KB4088878 – Security Only via the catalog, reboot; and then, 3. install KB4100480, and reboot.

      This patching [problem] is a good illustrator that patience is (hopefully) rewarded and wait for the DefCon change. It is also why the rollback decision is hard, as I suspect MS will not just re-release the updated Jan/Feb catalog SO patches, but instead will issue fixes. That may leave the Group B without some of the Jan/Feb security patches since the SO patches are not rollups.

      Also, it is really time again to thank all the MVPs and other contributors, who while not able to devine the unknowable future and intents of MS, have provided valuable insights and advice.

      2 users thanked author for this post.
    • #181593

      I installed B 4100480 a few days ago (Win 7 Pro x 64 SP1, 5th generation core i3) primarily based on MrBrians analysis here:

      https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179854

      In my non-techie opinion it seems that many users would be able to install 4100480 if they DON’T have 32 bit machines and if they already have January and February patches successfully installed.

    • #181607

      Thanks to everyone for guidance in these dark days of patch confusion. So for group B, when DEFCON 3 happens will the linked catalog patches offered via topic 2000003 include needed bundled updates?

      Group L (Linux Mint 19)
      Dual Boot with Win 7
      Former
      Group B Win 7 64 bit

      • #181609

        As usual

        2 users thanked author for this post.
        • #181613

          So, KB4088878 will have the bundled KB4099950 included or will they need to be installed separately. The catalog since updated 4/4 mentions KB4099950 being installed with KB4088878.

           

          Group L (Linux Mint 19)
          Dual Boot with Win 7
          Former
          Group B Win 7 64 bit

    • #181617

      Something weird for me just happen 3pm CDT.  On my W7 machine I checked for updates and when complete KB4088875 did not show up.  KB4100480 did and KB4099950 optional did.  Interesting.

    • #181662

      Win7  sp1 x64

      I have installed KB4100480

      In WU I have one update as important and checked. A .net framework 4.7.1 installer.

      In the optional section I’m showing KB4075211- Preview of Monthly Quality Rollup dated 2.22.18, and KB4099950  dated 3.30.18  both unchecked. Not sure what to make of the rollup date? Is this a Feb. Rollup? I’m almost certain that i installed a rollup from February.

      Thanks for any help

      Win 10 Pro v.20h2

    • #181702

      Windows 7 Pro (x64) / Intel Core i7-3820QM / 16GB RAM / NVIDIA GeForce GT 650M

      I installed the Security Only updates for Jan. 2018 (KB4056897) on 02/14 and Feb. (KB4074587) on 02/22. I then installed KB4099950 on 04/01 in preparation for installing KB4088878, which I held off. While working as a video editor, I have noticed obvious performance issues, specifically video exports from both Premiere Pro and Adobe Media Encoder. Exported videos now exhibit freezes and stutters in random places (only video, not audio), something which has never occurred prior to installing the Jan/Feb updates. I’ve also noticed a slight, overall sluggishness to my system, which was not present prior to Jan/Feb.

      Should I simply uninstall the Jan/Feb updates and stay at Dec. 2017? Also, do these revamped March updates address the performance hit caused by the Jan. update?

      I have been following the protocol of Group B for quite some time, though this is my first post.

      Thank you very much for your time.

       

    • #181731

      Funny.

      KB 4099950  – 29kb registry patch-to-patch concerning Meltdown just changed it status from Optional to Recommended, thus it likely seems to be offered to install separately & supposedly prior to any of forthcoming April 10th rollup.

      Also both win7 March rollup KB4088875 & preview KB4088881 massive patches vanished from offering list while another March patch-to-patch KB4091290 of 234.9MB remains alive as Recommended.

      Rgds,

      1 user thanked author for this post.
    • #181801

      I have a headache.
      Group A
      Just did an update. Hid march rollup and  uninstalled Feb. and Jan. updates.
      Just did an update check.  Here’s what I got.
      first picture is hidden updates before I unhid them, then I did an update and the remaining is the results.

      hidden-updates-april-6

      updates-april-6

      updates-optional-april-6

      • #181812

        I had the same experience (published somewhere in one of the recent topics). What I did was to patch up to the Dec Rollup and any of the patches that showed up with earlier dates (a handful of older patches beginning with “3”) avoiding any of the telemetry patches like KB 2952664 of course. Hid any Rollups after Dec.

      • #181819

        1. The last 2 of your pics mean that Jan2018 preview KB4057400 is likely installed

        2. MSRT is never a problem in my experience. Pls just install it.

        3. Pls refer to z attached pic taken just now. This is how list should look today when you wanna temporarily stop this 2018 mess of patching based on Dec2017 rollup installed status, where:

        KB2952664 x 2 = win10 upgrade trash, KB3021917 + KB3068708 + KB3080149 = clear & confirmed snooping.

    • #181883

      I had the same experience (published somewhere in one of the recent topics). What I did was to patch up to the Dec Rollup and any of the patches that showed up with earlier dates (a handful of older patches beginning with “3”) avoiding any of the telemetry patches like KB 2952664 of course. Hid any Rollups after Dec.

      PKCano I did exactly what you did (above link) shortly after you did it.
      What I posted (#181801) is what I did today.
      Correct me if I’m wrong but is the reason that only Feb. rollup shows is because it is after all a rollup, which would include January’s roll up update???
      What I did notice is Mar. roll up is missing now. Is that because MS removed it or is that because I haven’t installed Feb.?
      and…..
      am I not still rolled back to December?
      and…..
      not install anything until MS fixes this in April (wishful thinking) or May?
      and….
      if I’m to wait…
      although I don’t use IE11 (changed to Chrome) should I maybe consider doing the IE cumulative update for March when the ok is given?

      and here I thought going to Group A would be easier.

      • #181891

        He! People are beginning to realize Group B is getting harder and harder!

        You are offered Feb Rollup b/c it is the latest (Mar no longer offered).
        You won’t see Jan b/c Feb supersedes it.
        Hide the Feb Rollup, search – the Jan Rollup should show up
        Hide the Jan Rollup – you may have some old patches show up.

        Wait for Woody on the IE11 patches. I have been considering that too as an option for those that rolled back.
        But we may get out of the woods eventually without joining Group W

        1 user thanked author for this post.
    • #181885

      1. The last 2 of your pics mean that Jan2018 preview KB4057400 is likely installed

      2. MSRT is never a problem in my experience. Pls just install it.

      3. Pls refer to z attached pic taken just now. This is how list should look today when you wanna temporarily stop this 2018 mess of patching based on Dec2017 rollup installed status, where:

      KB2952664 x 2 = win10 upgrade trash, KB3021917 + KB3068708 + KB3080149 = clear & confirmed snooping.

      laidbacktokyo:
      I just checked my installed updates. KB4057400 is not listed as installed. I never install “preview” updates.

      1 user thanked author for this post.
      • #181905

        dgreen:

        then pls check for KB4091290 as same massive but out-of-line patch.

        when you have both rollup & preview of Feb2018 listed as available for install but same time no rollup or preview of Jan2018 and KB4091290, then either Jan2018 Preview KB4057400 or KB4091290 should be installed.

        also you can download Dec2017 rollup KB4054518 from catalogue and try to install it as standalone. if win7 response will be ‘not applicable’ then one of 2018 massive patches is surely installed.

        next do win7 system disk cleanup including updates and try update search again.

        p.s. also you can try the script to list absolutely all updates installed on win7. it’s tested to perform just fine:

        https://www.bleepingcomputer.com/forums/t/597216/script-to-list-all-installed-updates/

    • #181892

      KB4099950 has now moved from optional to recommended in WU. No other updates, rollups,etc. are present except a .net 4.7.1 installer. Will I need to install this (4099950) or not? I don’t use static IP addresses.

      I’m trying to follow this as best I can but this is just getting more challenging everyday. Thanks to all of you who are trying to keep us advised. We appreciate your time and efforts.

      Win 10 Pro v.20h2

    Viewing 22 reply threads
    Reply To: New versions of buggy March Win7 patches are out

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: