Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.
No, you don’t want the Rollup Preview patchesPosted on woody Comment on the AskWoody Lounge
This topic contains 33 replies, has 10 voices, and was last updated by anonymous 2 days, 23 hours ago.
April 19, 2017 at 9:00 am #109547
April 19, 2017 at 9:05 am #109549
I’ll just note there’s no mention about fixing update block for those “accidentally” included CPUs…MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit
April 19, 2017 at 9:56 am #109551
I believe that the reason for the metadata change for the two .NET updates listed here for April 18, 2017 wasn’t due to a change in Microsoft’s update recommendation status. Instead, perhaps there were some users previously offered those two .NET updates who shouldn’t have been offered them, or perhaps there were some users who previously weren’t offered those two .NET updates who should have been offered them.
- This reply was modified 1 week, 2 days ago by MrBrian.
April 19, 2017 at 12:33 pm #109591
So they’re not appearing as Recommended?
April 19, 2017 at 1:08 pm #109602
I installed it on April 13, so it must have been either Important or Recommended as of April 13. If it was Optional, I wouldn’t have installed it.
April 19, 2017 at 1:10 pm #109603
On my machines the .NET for April was checked under “important” (that is the rollup, not the security only)
1 user thanked author for this post.
April 19, 2017 at 11:48 pm #109693
I just ran Windows Update just now (April 19) on two of my Windows 7 computers. The April, 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4015552) appeared as Optional and unchecked. Interestingly, my WU settings are configured to “Check for updates but to let me choose whether to download and install them.” WU showed that the last check for updates was earlier today on both computers, yet never raised the WU icon in both computer’s system trays. Thus, available optional yet unchecked windows updates do not raise the WU icon in the system tray.
- This reply was modified 1 week, 1 day ago by GoneToPlaid.
April 19, 2017 at 10:47 am #109570
Once again there are many more issues listed as being fixed in the Windows 8.1 preview monthly rollup than the Windows 7 preview monthly rollup.
April 19, 2017 at 5:05 pm #109631
I can’t help but see an amusing (but terrifying) conspiracy here. Excuse me just a sec while I don my tinfoil hat.
Hypothesis: by not patching known security issues in Windows 7, it follows that Windows 7 becomes more insecure. And after all, Microsoft has been saying that Windows 10 is the most secure version of Windows. Now it will be true from a certain point of view.
April 19, 2017 at 6:16 pm #109646
April 19, 2017 at 5:08 pm #109637
I’ve always wondered if the reason the Windows 7 rollups have less fixes is because it’s in extended support if Windows 8.1 is just all around buggier. I mean after the failure of Vista they probably wanted to make sure Windows 7 was as bug free as possible.
April 19, 2017 at 10:56 am #109572
The Windows 8.1 preview monthly rollup lists this as being fixed:
“Addressed issue where the printer cannot print OPENGL rastered graphics after installing any of the following updates: KB3164035, KB3205394, KB3207752, KB3212646 and KB4012215.”
All of those updates are security-related.
April 19, 2017 at 11:49 am #109581
Where do we stand on bugs in Security-only patches only being fixed in Monthly Rollups?
April 19, 2017 at 11:59 am #109583
Here is a March 2017 followup on one such bug: https://www.askwoody.com/forums/topic/is-microsoft-now-fixing-security-patch-bugs-with-non-security-patches/#post-101429.
April 19, 2017 at 11:56 am #109582
I am starting to wonder if they actually test anything at “Microsnooze HQ” any more. Dont want to join the “Insider program? No problem you can be an unwitting volunteer in the patch testing game. There has to be a sizeable chunk of folks out there that blithly or unkowingly install these preview patches and then wonder why all of a sudden the reliable machine is having a “meltdown” Just lately it seems the new “dei facto” testing regime still isnt getting it right when it comes to the official “patch Tuesday” as we are in the midst of another slew of bad patches again. The latest debacle with the Kaby lake thing is nothing short of scandalous. I was going to ay its fine if your ok with jumping though hoops to patch your machine, but its not at all. For the average user its a positive nightmare digging in to the depths of the OS where you shouldnt have to go.
It isnt my “first Rodeo” with these infernal machines but it seems every new edition/incarnation you have to learn new stuff just to keep it going and I am certainly delving in to stuff that normally I wouldnt need to. Not so bad at work where at least its paid but at home? When all I really want to do is push the “on button” and go.
On an amusing note maybe this is M$’s way of educating the masses to get round the H1-B visa problem that is currently plagueing the IT industry right now. You too can install a bad patch go through all the IT Hoops & solutions and come out a highly trained IT professional lol 😛
April 19, 2017 at 1:41 pm #109610
Most often issues comes from Secruity updates, the one you all consider as “safe” to install
Windows 7/8.1 have been recieving optional updates since the beginning
some get included later in security updates or rollups, some get offered as important.. etc
both security and non-security fixes have the same level of testing
nothing changed in that procedure with the new Rollup model
they just have the courtesy to give you non-security fixes ahead of mass deployment
one mistake they do is the labeling they choosen for the new model
“Preview” is vague word that make users think the update is beta, which is not, it’s production-ready.
April 19, 2017 at 2:45 pm #109615
By whose measure?
Everyone knows there’s risk in any change (though to be honest, it IS actually possible to write perfect software in a digital system).
The risk has to be weighed against the risk of making no change and running into whatever bug or vulnerability the patch fixes in a real world situation.
Production-ready in my book would involve the patch being WELL DOCUMENTED.
Does anyone here think they’re better documented now than at some time in the past? Microsoft already went so far as to create the system for disseminating the information. It’s just that now it’s getting filled in with “This change addresses issues in Windows”.
For what it’s worth, on a test Win 8.1 system that got April’s updates a bit over a week ago, the only update available now is Optional and unchecked:
My favorite all-but-undocumented patch in the roll-up this time around:
- Addressed issue to updated time zone information.
Attachments:You must be logged in to view attached files.
April 19, 2017 at 3:42 pm #109620
since the rollup model started in September, non-security fixes in preview rollup are implemented as they are in security rollup
April 19, 2017 at 4:39 pm #109628
So there have been no changes in the non-security Preview, between the time it was released as Preview and the time it was released as part of a Monthly Rollup?
April 19, 2017 at 4:44 pm #109630
the only expection i know is WUA that was changed from March preview to April security
but that maybe due security-only update have the same version
and i expect next month both will have new version too
April 19, 2017 at 6:43 pm #109649
Since when does what Microsoft says about their software matter? (I’ll answer my own question: It mattered last when engineers, not marketeers and lawyeers, did the saying.)
It sure seems to me they’re calling them “preview” updates precisely so only people who still trust fully in mother Microsoft will install them, and others will wait, thereby causing the roll-out to be more gradual and mitigating any unforeseen problems the patches may cause.
PRECISELY what a company who no longer tests as thoroughly would want to do.
April 19, 2017 at 4:57 pm #109634
Microsoft is cynical and irresponsible in releasing these “previews.” Given MS’s track record publishing flawed patches, no knowledgeable user would knowingly install these previews (even calling them “previews” is cynical) and be a voluntary MS beta tester. That leaves non-knowledgeable people who will unwittingly download and run these patches and as a result ruin their PCs. Meanwhile MS sits back and waits for the anguished cries of unsuspecting amateurs, then decides whether to adjust, pull, or leave these patches in the pipeline. This is behavior that crosses the line into indecency. Maybe the European Union will sue them.
- This reply was modified 1 week, 2 days ago by gkarasik.
April 19, 2017 at 6:39 pm #109648
Heh heh. Microsoft might say, in return, that savvy users who allow them to install what they want ASAP get their “issues” (i.e., bugs) fixed first (without actually saying the word “bugs” or acknowledging that they could possibly be creating new ones).
No one is going to sue Microsoft or do any damage to them in any way for fixing their problems that they built into software you bought so long ago. They’ll be given medals and accolades.
FYI, I installed the preview update on a test Windows 8.1 VM then tested it for a little while. Lo and behold they didn’t break anything that I could find.
April 19, 2017 at 7:20 pm #109657
Heh heh. Microsoft might say, in return, that savvy users who allow them to install what they want ASAP get their “issues” (i.e., bugs) fixed first (without actually saying the word “bugs” or acknowledging that they could possibly be creating new ones). No one is going to sue Microsoft or do any damage to them in any way for fixing their problems that they built into software you bought so long ago. They’ll be given medals and accolades. FYI, I installed the preview update on a test Windows 8.1 VM then tested it for a little while. Lo and behold they didn’t break anything that I could find. -Noel
Well, I don’t actually believe anyone’s going to sue MS over this; that’s just wishful thinking. Still, to quote Fats Waller, “One never knows, do one?”
Actually I’m grateful that you beta-test MS’s patches, but keep your fingers crossed: Problems, and new issues, don’t always show up right away.
More significant, at least by my lights: The evident relief you feel at having dodged a bullet. We shouldn’t have to hold our collective breath after installing MS-published patches, hoping that they don’t trash our systems.
April 19, 2017 at 11:52 pm #109695
The preview monthly rollups fix only non-security issues.
Now that is an interesting piece of information to know! I can now see the dichotomy here in terms of how security updates could subsequently break these non-security fixes since Nadella fired the entire WU quality control team.
April 20, 2017 at 7:39 am #109728
I haven’t updated since like January or February, and i was wondering: With all the 0-day exploits and whatnot, are there any patches that I absolutely MUST get A.S.A.P?
Or should I keep away from anything to do with Windows Updates, like the Defcon says, for the moment?
I never open documents in emails from even slightly unknown sources, does that mean I am safe in that regard?
Updating Windows being a hassle. Everytime! (╯°□°）╯︵ ┻━┻)
April 20, 2017 at 7:59 am #109733
The DEFCON number refers to the current month’s patches. Read here for more information on this. Previous months’ patches are safe to install. The WAIT TO INSTALL is for April updates.
If you have Office (any version) on your computer, it is recommended that you install the patches for it. In addition, you will need a March patch for Windows.
If you are in Group A (accepts Microsoft’s telemetry), you should install the “March 2017 Security Monthly Quality ROLLUP for Windows.” It is offered through Windows Update if you temporarily hide the April patch and then search for updates.
If you are in Group B (security-only patches manually installed), you should install the March 2017 Security Only Quality UPDATE and the Cumulative Update for IE11. The Group B patches can be downloaded here
April 20, 2017 at 8:25 am #109738
(I’m in Group B for now)
1. Download and install all the 8.1 Security Updates (on the page you linked) that haven’t yet been installed, but stay away from the “Apr 2017 KB 4015547” patch.
2. Install the “Mar 2017 (IE) KB 4012204” patch, but stay away from the “Apr 2017 (IE11) KB4014661” patch (or is the Apr 2017 IE11 patch the one you were referring to in your comment as the “Cumulative Update for IE11”?)
Have I understood things correctly?
April 20, 2017 at 8:29 am #109742
You are correct – the March patches are OK.
April Windows patches are still under DEFCON 1
If you have Office, you will need the current patches, either through Win Update or download here
April 21, 2017 at 4:57 am #109905
Just updated, everything works fine so far 🙂
April 20, 2017 at 8:02 am #109732
I’m on Win8.1 by the way.
April 25, 2017 at 6:59 pm #110978
After installing this update on 2012R2, Internet Explorer 11 was severely broken. A significant number of UI elements ceased to function including the address bar, manage add-ons, file->open, and even help->about. I removed and reinstalled IE, reset settings, and wasted a chunk of time attempting to repair IE until I removed KB4015553 and then everything returned to normal.
Comments are closed.
Shop on Amazon by clicking on our affiliate link.
Buy anything, AskWoody gets a small bounty.
No charge to you, of course.
Or send a check payable to AskWoody
P.O. Box 2511 - Brentwood, TN 37024
If you don't want your name to appear on the Thanks! page, please so indicate in PayPal/ Patreon comments. Your donations and ad revenue help fund the development and ongoing operation of AskWoody.com
The AskWoody Lounge
Search the Lounge
- anonymous on Tell me again – how is the “new” Win10 updating method better than the old one?
- David F on Two more casualties in the ‘Unsupported hardware’ Kaby Lake/Ryzen Windows Update lockout
- anonymous on Puzzling Dump File?
- fp on Tell me again – how is the “new” Win10 updating method better than the old one?
- wdburt1 on Tell me again – how is the “new” Win10 updating method better than the old one?
- ch100 on Time to install Creators Update?
- ch100 on Time to install Creators Update?
- Schnarph on Two more casualties in the ‘Unsupported hardware’ Kaby Lake/Ryzen Windows Update lockout
- Karlston on MS-DEFCON 3: Time to get patched but, man, what a mess this month
- Noel Carboni on Tell me again – how is the “new” Win10 updating method better than the old one?
- satrow on Puzzling Dump File?
- anonymous on Puzzling Dump File?
- NetDef on external dvd player
- abbodi86 on Tell me again – how is the “new” Win10 updating method better than the old one?
- radosuaf on Time to install Creators Update?
- AlexEiffel on Time to install Creators Update?
- anonymous on Time to install Creators Update?
- HiFlyer on Two more casualties in the ‘Unsupported hardware’ Kaby Lake/Ryzen Windows Update lockout
- MrJimPhelps on external dvd player
- AlexN on Tell me again – how is the “new” Win10 updating method better than the old one?
get rid of linux and recover disk space
19 minutes ago
Are Your Staff Your Weakest Link in A Phishing Attack?
3 hours, 57 minutes ago
Printing problem in Xubuntu Linux
6 hours, 59 minutes ago
external dvd player
2 hours, 46 minutes ago
Tell me again – how is the “new” Win10 updating method better than the old one?
10 minutes ago
Felismus Remote Access Trojan (RAT)
19 hours, 40 minutes ago
Click to Run Question for Group B
11 hours, 7 minutes ago
Cyber extortion demands surge as victims keep paying: Symantec
1 day, 4 hours ago
Script that uninstalls all installed versions of KB2952664, KB2976978, KB2977759
6 hours, 31 minutes ago
Two more casualties in the ‘Unsupported hardware’ Kaby Lake/Ryzen Windows Update lockout
41 minutes ago
Search for Topics
Recent blog posts