No, you don’t want the Rollup Preview patches

Topic

New Reply

For those of you new to this game… Yesterday, Microsoft released April, 2017 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008
[See the full post at: No, you don’t want the Rollup Preview patches]

1 user thanked author for this post.

MrToad28

Reply | Quote

Replies

I’ll just note there’s no mention about fixing update block for those “accidentally” included CPUs…

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

I believe that the reason for the metadata change for the two .NET updates listed here for April 18, 2017 wasn’t due to a change in Microsoft’s update recommendation status. Instead, perhaps there were some users previously offered those two .NET updates who shouldn’t have been offered them, or perhaps there were some users who previously weren’t offered those two .NET updates who should have been offered them.

Reply | Quote

So they’re not appearing as Recommended?

Reply | Quote

I installed it on April 13, so it must have been either Important or Recommended as of April 13. If it was Optional, I wouldn’t have installed it.

Reply | Quote

On my machines the .NET for April was checked under “important” (that is the rollup, not the security only)

1 user thanked author for this post.

MrBrian

Reply | Quote

So it appeared as Recommended prior to this week?

Reply | Quote

I updated Win7 and Win8.1 last week on the 11-13th or 14th. The Security and Quality Rollup for .NET was checked in the important updates or it would not have been installed.

Reply | Quote

I just ran Windows Update just now (April 19) on two of my Windows 7 computers. The April, 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4015552) appeared as Optional and unchecked. Interestingly, my WU settings are configured to “Check for updates but to let me choose whether to download and install them.” WU showed that the last check for updates was earlier today on both computers, yet never raised the WU icon in both computer’s system trays. Thus, available optional yet unchecked windows updates do not raise the WU icon in the system tray.

Reply | Quote

Once again there are many more issues listed as being fixed in the Windows 8.1 preview monthly rollup than the Windows 7 preview monthly rollup.

Reply | Quote

I can’t help but see an amusing (but terrifying) conspiracy here. Excuse me just a sec while I don my tinfoil hat.

Hypothesis: by not patching known security issues in Windows 7, it follows that Windows 7 becomes more insecure. And after all, Microsoft has been saying that Windows 10 is the most secure version of Windows. Now it will be true from a certain point of view.

Bah! Humbug.

Reply | Quote

The preview monthly rollups fix only non-security issues.

1 user thanked author for this post.

Elly

Reply | Quote

I’ve always wondered if the reason the Windows 7 rollups have less fixes is because it’s in extended support if Windows 8.1 is just all around buggier. I mean after the failure of Vista they probably wanted to make sure Windows 7 was as bug free as possible.

Reply | Quote

The Windows 8.1 preview monthly rollup lists this as being fixed:

“Addressed issue where the printer cannot print OPENGL rastered graphics after installing any of the following updates: KB3164035, KB3205394, KB3207752, KB3212646 and KB4012215.”

All of those updates are security-related.

Reply | Quote

Oh no.

Where do we stand on bugs in Security-only patches only being fixed in Monthly Rollups?

Reply | Quote

Here is a March 2017 followup on one such bug: https://www.askwoody.com/forums/topic/is-microsoft-now-fixing-security-patch-bugs-with-non-security-patches/#post-101429.

1 user thanked author for this post.

woody

Reply | Quote

I am starting to wonder if they actually test anything at “Microsnooze HQ” any more. Dont want to join the “Insider program? No problem you can be an unwitting volunteer in the patch testing game. There has to be a sizeable chunk of folks out there that blithly or unkowingly install these preview patches and then wonder why all of a sudden the reliable machine is having a “meltdown” Just lately it seems the new “dei facto” testing regime still isnt getting it right when it comes to the official “patch Tuesday” as we are in the midst of another slew of bad patches again. The latest debacle with the Kaby lake thing is nothing short of scandalous. I was going to ay its fine if your ok with jumping though hoops to patch your machine, but its not at all. For the average user its a positive nightmare digging in to the depths of the OS where you shouldnt have to go.
It isnt my “first Rodeo” with these infernal machines but it seems every new edition/incarnation you have to learn new stuff just to keep it going and I am certainly delving in to stuff that normally I wouldnt need to. Not so bad at work where at least its paid but at home? When all I really want to do is push the “on button” and go.
On an amusing note maybe this is M$’s way of educating the masses to get round the H1-B visa problem that is currently plagueing the IT industry right now. You too can install a bad patch go through all the IT Hoops & solutions and come out a highly trained IT professional lol 😛

2 users thanked author for this post.

WildBill, Elly

Reply | Quote

Most often issues comes from Secruity updates, the one you all consider as “safe” to install

Windows 7/8.1 have been recieving optional updates since the beginning
some get included later in security updates or rollups, some get offered as important.. etc

both security and non-security fixes have the same level of testing

nothing changed in that procedure with the new Rollup model
they just have the courtesy to give you non-security fixes ahead of mass deployment

one mistake they do is the labeling they choosen for the new model
“Preview” is vague word that make users think the update is beta, which is not, it’s production-ready.

Reply | Quote

abbodi86 wrote:

it’s production-ready.

By whose measure?

Everyone knows there’s risk in any change (though to be honest, it IS actually possible to write perfect software in a digital system).

The risk has to be weighed against the risk of making no change and running into whatever bug or vulnerability the patch fixes in a real world situation.

Production-ready in my book would involve the patch being WELL DOCUMENTED.

Does anyone here think they’re better documented now than at some time in the past? Microsoft already went so far as to create the system for disseminating the information. It’s just that now it’s getting filled in with “This change addresses issues in Windows”.

For what it’s worth, on a test Win 8.1 system that got April’s updates a bit over a week ago, the only update available now is Optional and unchecked:

My favorite all-but-undocumented patch in the roll-up this time around:

• Addressed issue to updated time zone information.

-Noel

Reply | Quote

By Microsoft’s

since the rollup model started in September, non-security fixes in preview rollup are implemented as they are in security rollup

Reply | Quote

So there have been no changes in the non-security Preview, between the time it was released as Preview and the time it was released as part of a Monthly Rollup?

Reply | Quote

No
the only expection i know is WUA that was changed from March preview to April security
but that maybe due security-only update have the same version
and i expect next month both will have new version too

 

1 user thanked author for this post.

HiFlyer

Reply | Quote

abbodi86 wrote:

By Microsoft’s

Since when does what Microsoft says about their software matter? (I’ll answer my own question: It mattered last when engineers, not marketeers and lawyeers, did the saying.)

It sure seems to me they’re calling them “preview” updates precisely so only people who still trust fully in mother Microsoft will install them, and others will wait, thereby causing the roll-out to be more gradual and mitigating any unforeseen problems the patches may cause.

PRECISELY what a company who no longer tests as thoroughly would want to do.

-Noel

2 users thanked author for this post.

HiFlyer, Elly

Reply | Quote

Microsoft is cynical and irresponsible in releasing these “previews.” Given MS’s track record publishing flawed patches, no knowledgeable user would knowingly install these previews (even calling them “previews” is cynical) and be a voluntary MS beta tester. That leaves non-knowledgeable people who will unwittingly download and run these patches and as a result ruin their PCs. Meanwhile MS sits back and waits for the anguished cries of unsuspecting amateurs, then decides whether to adjust, pull, or leave these patches in the pipeline. This is behavior that crosses the line into indecency. Maybe the European Union will sue them.

GaryK

Reply | Quote

Heh heh. Microsoft might say, in return, that savvy users who allow them to install what they want ASAP get their “issues” (i.e., bugs) fixed first (without actually saying the word “bugs” or acknowledging that they could possibly be creating new ones).

No one is going to sue Microsoft or do any damage to them in any way for fixing their problems that they built into software you bought so long ago. They’ll be given medals and accolades.

FYI, I installed the preview update on a test Windows 8.1 VM then tested it for a little while. Lo and behold they didn’t break anything that I could find.

-Noel

Reply | Quote

Noel Carboni wrote:

Heh heh. Microsoft might say, in return, that savvy users who allow them to install what they want ASAP get their “issues” (i.e., bugs) fixed first (without actually saying the word “bugs” or acknowledging that they could possibly be creating new ones). No one is going to sue Microsoft or do any damage to them in any way for fixing their problems that they built into software you bought so long ago. They’ll be given medals and accolades. FYI, I installed the preview update on a test Windows 8.1 VM then tested it for a little while. Lo and behold they didn’t break anything that I could find. -Noel

Well, I don’t actually believe anyone’s going to sue MS over this; that’s just wishful thinking. Still, to quote Fats Waller, “One never knows, do one?”

Actually I’m grateful that you beta-test MS’s patches, but keep your fingers crossed: Problems, and new issues, don’t always show up right away.

More significant, at least by my lights: The evident relief you feel at having dodged a bullet. We shouldn’t have to hold our collective breath after installing MS-published patches, hoping that they don’t trash our systems.

 

GaryK

2 users thanked author for this post.

SueW, Noel Carboni

Reply | Quote

MrBrian wrote:

The preview monthly rollups fix only non-security issues.

Now that is an interesting piece of information to know! I can now see the dichotomy here in terms of how security updates could subsequently break these non-security fixes since Nadella fired the entire WU quality control team.

Reply | Quote

I haven’t updated since like January or February, and i was wondering: With all the 0-day exploits and whatnot, are there any patches that I absolutely MUST get A.S.A.P?

Or should I keep away from anything to do with Windows Updates, like the Defcon says, for the moment?

I never open documents in emails from even slightly unknown sources, does that mean I am safe in that regard?

Updating Windows being a hassle. Everytime! (╯°□°）╯︵ ┻━┻)

Reply | Quote

The DEFCON number refers to the current month’s patches. Read here for more information  on this. Previous months’ patches are safe to install. The WAIT TO INSTALL is for April updates.
If you have Office (any version) on your computer, it is recommended that you install the patches for it. In addition, you will need a March patch for Windows.
If you are in Group A (accepts Microsoft’s telemetry), you should install the “March 2017 Security Monthly Quality ROLLUP for Windows.” It is offered through Windows Update if you temporarily hide the April patch and then search for updates.
If you are in Group B (security-only patches manually installed), you should install the March 2017 Security Only Quality UPDATE and the Cumulative Update for IE11. The Group B patches can be downloaded here

1 user thanked author for this post.

Elly

Reply | Quote

(I’m in Group B for now)

So:

1. Download and install all the 8.1 Security Updates (on the page you linked) that haven’t yet been installed, but stay away from the “Apr 2017 KB 4015547” patch.

2. Install the “Mar 2017 (IE) KB 4012204” patch, but stay away from the “Apr 2017 (IE11) KB4014661” patch (or is the Apr 2017 IE11 patch the one you were referring to in your comment as the “Cumulative Update for IE11”?)

Have I understood things correctly?

 

Reply | Quote

You are correct – the March patches are OK.
April Windows patches are still under DEFCON 1
If you have Office, you will need the current patches, either through Win Update or download here

Reply | Quote

Just updated, everything works fine so far 🙂

Reply | Quote

#109728

I’m on Win8.1 by the way.

Reply | Quote

After installing this update on 2012R2, Internet Explorer 11 was severely broken. A significant number of UI elements ceased to function including the address bar, manage add-ons, file->open, and even help->about. I removed and reinstalled IE, reset settings, and wasted a chunk of time attempting to repair IE until I removed KB4015553 and then everything returned to normal.

1 user thanked author for this post.

woody

Reply | Quote

May I assume the same ‘Don’t install optional rollup PREVIEW patches,’ applies to May and future preview patches?

Reply | Quote

You should not install “Preview” patches .

Reply | Quote

If you’re concerned about Daylight Savings Time in Magallenas, Chile, you might consider installing KB 4015193. As you do so, contemplate why it’s so infernally difficult to change something that should be easy and transparent — like, say, the time on your phone.

Thanks for the informative article.  It definitely gave me the info I was looking for.

But to be fair to Microsoft, Magallenas recently changed to Daylight Saving Time indefinitely.  So unless you’re getting your time set externally by a time server or cell phone network (like your phone does), you’ll need the OS to be aware of that.  And hopefully someone on that end of things knows about the DST change (and umm… installs a patch), otherwise Magallenas is going to have a lot of people late (early?) for work come the old DST/ST switchover days.

 

Reply | Quote

No, you don’t want them. They’re test versions.

Two August 26, 2017 tweets from Microsoft employee Michael Niehaus:

Tweet #1: ‘We made the opposite argument: These are not “preview” updates at all, they are the same non-security fixes in the Patch Tuesday bundle’

Tweet #2: ‘So they are poorly labeled, making people afraid of them’

4 users thanked author for this post.

WildBill, walker, abbodi86, ch100

Reply | Quote

It has been known by some of us since very early days that the Preview patches are supposed to be production-ready in terms of quality, but early releases, very much in the same way that CB is early release for Windows 10.
I always use Windows 10 CB and patch often as it is the case with the CB releases, but this may not work for everyone.

1 user thanked author for this post.

MrBrian

Reply | Quote

Perhaps this applies to the Windows monthly previews, but not to the .NET monthly previews? Evidence: Rich Lander’s comment: “The quality level of some of these fixes isn’t quite to where they need to be yet (the WPF ones in particular) for broad distributions (100s of millions of machines). That’s why they are still in preview.”

Reply | Quote

Until they all in Microsoft decide what to do, it may be a better option to avoid the preview patches. As you say there seems to be a difference in the quality of the two types of preview releases and I was referring to the Windows updates in my previous post. I don’t follow closely the .NET releases which are bundles of various updates and done differently for different operating systems. I install them all when they are post preview though.
With the version, I would stay with 4.5.2 where possible pre Windows 10.

2 users thanked author for this post.

walker, MrBrian

Reply | Quote

I do not understand the first tweet, does he mean that patches were stripped of their preview status and poorly renamed to make them appear like normal updates?

Reply | Quote

Tweet from Michael Niehaus: ‘Never? They are not named very well, as there is nothing “preview” about them, except in relation to what you will see on Patch Tuesday.’

3 users thanked author for this post.

WildBill, walker, abbodi86

Reply | Quote

Glad to see the point is proven 😀

a better naming would be:

Security Monthly Rollup – 2nd tuesday

Quality Monthly Rollup – 3rd/4th tuesday

2 users thanked author for this post.

walker, MrBrian

Reply | Quote

@abbodi86:  Definitely  “better naming”!

Reply | Quote