I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates. But after reading this and especially Kevin Beaumont’s tw
[See the full post at: Patch Lady – to patch or not to patch?]
Susan Bradley Patch Lady
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Patch Lady – to patch or not to patch?
I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates. But after reading this and especially Kevin Beaumont’s tw
[See the full post at: Patch Lady – to patch or not to patch?]
Susan Bradley Patch Lady
Thanks for your kind confirmation of the current massive mess with yet all massive patches of 2018 even if this confirmation is some kind of a wet one.
This approach matches my personal attitude when now I have the last of massive patches installed as KB4054518 rollup of Dec2017 but of course along with all IE11 updates also installed in standalone manner up to the present revision 11.0.57 of KB4096040 linked to the latest Mar2018 rollup preview KB4088881.
The funniest point here is that as far as I remember there was similar mess with m$ win7 updating last year that is to say from late April2017 KB4012218 (first tested & then hidden by me personally) till June2017 KB4022719 (first deployed permanently after a couple of months of easy life with outdated win7).
Now awaiting for April patching fun.
BTW, I believe that if m$ would be unexpectedly & surprisingly smart enough to change their current attitude to at least win7/8 patching to a bit more decent & comfort way towards its customers then they could completely separate the present line of its massive rollup patching from the odd & muddy Meltdown & Spectre protection one.
That is to create the independent patch concerning Meltdown/Spectre even if it will be temporary incomplete in part of Spectre protection for older hardware, and then update it upon further improvements readiness in same way as rollup patching line now, when every next patch installed replaces all previously applied ones.
I guess such approach will be very much welcomed by many windows uses worldwide.
Rgds,
I have something strange on two of my Win7 computers.
Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed.
I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?
UPDATE
After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following:
KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013.
After rebooting, the computer was up to date with no other updates offered.
Win7 Ultimate x64 Group A patching
@The Surfing Pensioner, I like yourself did not install Jan/Feb/Mar 2018 patches for both W7 Pro x32 and x64 machines albeit both in group A and one system offline. I found the whole issue of meltdown/ spectre et al too panic stricken and uncertain so, went on my gut instinct not to install the security patches.
However, I did on my W8.1 and reverted back to an image from Dec 2017 with relative ease beginning of last week on the news that the MS security fixes in Jan/Feb for the exploit/ hole was actually made worse.
Looks like the updated browser versions with AV updates will help for now without the sacrifice of performance. IMHO the fix outweighs the risk in this case.
I also use Group A…two Windows 7 SP1, one Dell Optiplex desktop, one Dell Inspiron laptop…I use Disk CleanUp after updates, and in looking I am seeing the same thing you describe. I am somewhat smart, but by no means a “techie”…as long as I use safe measures when online and avoid any patching until this is all cleared up and when we go to a higher Defcon rating, should I be somewhat alright? I have to date experienced no odd behaviors in either computers, and really don’t care to possibly mess anything up needlessly.
A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd
If you have installed the Jan and Feb Rollups and you decide not to roll back to Dec 2017. you should install KB 4100480 to mitigate the Total Meltdown vulnerability. Then I would sit tight and wait to see how this plays out.
1709 has had three cumulative updates so far this month.
The last one — which is voluminous — finally fixed the “Delta” bug introduced in January.
I’ve been so busy chasing all the patches this month that I don’t know if there are any additional problems with the three cumulative updates, thus far.
I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?
PKCano
I just checked my install update list thinking to maybe roll back to December.
The only one listed is kb4074598 (feb roll up)
All the others are gone.
I did install new hard drive in November and reloaded Windows 7 and went to Group A.
I never did a disk clean up after any updates because didn’t want to remove old updates so this wouldn’t happen. Obviously that didn’t work!
So it looks like a roll back to december is impossible?
Geeeeeeeeeeeez!!!
EDIT TO ADD:
Just checked my review of update history and the roll ups show that they were installed successfully but not showing up on my installed list. Strange!
“Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.”
Those who use Disk Cleanup to clean up Windows Updates should note that immediately after doing this, every Windows monthly rollup other than the newest installed Windows monthly rollup will be removed due to component-supersedence. If you then uninstall the newest installed Windows monthly rollup, you will find that no Windows monthly rollups are installed. To install the December 2017 Windows monthly rollup, you’ll have to either hide the March 2018, Feb 2018, and Jan 2018 Windows monthly rollups, or install the December 2017 Windows monthly rollup manually via the Catalog, or use Windows Update MiniTool with “Include superseded” ticked.
Whilst grateful for the advice, my natural inclination is to say that as the Group A updates were successfully installed in January and February, and we are at DefCon 2 for March, with no problems encountered so far this year with my home Windows 7 machines which are running normally, I will sit tight and not start uninstalling updates and reverting to an old position.
“Stability in the hand is worth two threats not yet in the wild”, or something like that!
However, I will keep the situation under review as I read further comments and recommendations.
In trying to assist a friend of mine on his Windows 7 machine, he is currently updated with the last security only, internet explorer & MSRT from February. These were installed Group B style on March 10.
I’m willing to “roll back” the January & February groups. One thing still bothers me about it though. The non-cumulative nature of the “security only” update bundle will require a reinstallation of Jan & Feb at some point. Add the March group to the mix near the end of April or beginning of May (if at all) & this all starts to seem like a vicious circle. Is FUD getting the better of us or is it just another case of “this is the new normal” for M$.
The only alternative I can see for my friend is to hold off on all the usual W7 March updates (including 4100480) hoping for a solution by the next update cycle. Any other considerations missing in my findings?
Win 8.1 (home & pro) Group B, Linux Dabbler
Easy decision for me, since my patching has not advanced beyond late 2017. I stopped after November hung up one of my Win7 machines for hours and I finally had to kill the power despite the admonition on screen warning me not to. I intend to patch through December (security patches only) and stop until the smoke clears, maybe for good.
Having not done Jan-Feb-Mar, I’m feeling smarter than I really am right now. (Which of course is dangerous.)
I don’t see a viable case for Group A over the last three months.
If my reading of the situation at MS is right, then yours might be a really long wait.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.
Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.
So far, no problems noted. (fingers crossed!)
Caveat: My usage scenario is a relatively simple one.
Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.
Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.
Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.
Which is how I’ve been spending my Saturday (until now) — getting a passel of Win 7 Pro x64 (and a few Home) machines squared away.
Like yourself, the prospect of rolling every machine back to the December 2017 patch point was singularly unattractive.
Therefore, I installed only the March MSRT, KB4096040 (the March Win 7 IE Cumulative Security Update) and KB4100480 (putting KB4099950 on hold until further word from On High).
So far, nothing untoward to report (and I’ve even left my ‘phone on its hook).
I’m on Windows 8.1, but not crowing at all. I really feel for those on Windows 7, because these problems aren’t your fault, they’re Microsoft’s. If this is another scam to con Win 7 users to upgrade to Win 10, then it’s totally wrong. Since Microsoft abandoned Win 8.1 for the enterprise, they don’t care if we upgrade. With more users still on Win 7, they’re a target. I don’t trust Nadella, since he cares about the cloud more than the desktop.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...
NASA has, at each center, a team of dedicated IT security people. I have not seen any reports from them, yet, warning about problems such as those mentioned here, or suggesting measures to resolve them. That probably will change, and soon.
I am going to ask around. If that turned up any useful and practical information, I’ll let you know.
Others using Woody’s and working also for, or with (such as myself, as a consultant), similar large organizations, might consider doing the same thing.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?
Same here, KB 4054518 only shows up in WU “View Installed Updates” as having successfully installed, just no mention of it in Programs and Features installed updates. Just confirming your findings as I have read Mr. Brians response below.
I thought I was the only one, LOL.
Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
I believe the memory leak was introduced by the Jan Rolllup, so I would say yes.
If you are not going to rollback you shouls install KB 4100480 to mitigate Total Meltdown, then hold off patching until MS gets this fixed.
Thank you for your answer,
I decided to rollback the two machines. Since that is why Susan wrote the post in the first place. I feel that if only installing KB 4100480 was good enough. Than there would be no point in taking the drastic step to tell people to roll back.
Note that after the roll back some updates will be listed as being installed on the current date. But when you check the KB numbers you will see that these updates are from before the Melt Down patches.
BTW Both my machines are running on old AMD hardware. Let us hope that Microsoft can finally come up with a solid patch that freezes the melt.
<!–DOCTY–>
According to the information on the update page of KB 4100480 in the Catalogue, this seems to be meant only for machines with AMD64 CPUs:
“A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Architecture: AMD64
Classification: Security Updates
Supported products: Windows 7
Supported languages: all ”
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Yes… And?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Do you have a 64-bit system or a 32-bit system?
x64.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Then just install the x64 version of the patch if you so choose. AMD64 is the designation Microsoft uses for almost ALL of their 64 bit patches. They don’t differentiate between AMD and Intel unless the patch is specific to the manufacturer. In other words, if a patch is specific to either AMD or Intel architecture (32 or 64 bit), Microsoft will SAY SO in the patch’s title.
That is what @satrow is trying to explain to you just below this post, and what @PKCano was trying to say in this post above here.
Case in point: When MS earlier this year bricked many older AMD machines with the January patch, they released a patch just for AMD machines and only certain AMD processors. Windows Update was smart enough to figure out which specific AMD processor was on the machine (if any) and offer the AMD-specific patch if it was called for.
Still unsure of what you’re being offered by Windows Update?
Then check out the following link to the patch you might have been ready to install for March, KB4088875, if the current mess for March hadn’t developed: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4088875 and then click on the link that says “2018-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088875)”. You’ll notice that in the “Overview” tab, the supported architectures listed are “AMD64, X86”. In other words, ALL x64 and x86 architecture, even though Microsoft doesn’t come out and say it directly.
I sincerely hope this helps clarify things for you.
EDIT html to text – content may not appear as intended
I have an x64 Intel chipset in my 7-year old HP, and dare think I am not the only one.
So this should be made very clear. It is not a trivial fact.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
MrBrian,
The link in there gets you to the same page of the Catalogue where you can find the Description mentioning that the update is for machines with the AMD64 architecture.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
It does, even though it appears counter-intuitive.
https://en.wikipedia.org/wiki/X86-64 and https://en.wikipedia.org/wiki/IA-64 also a search for AMD64 in your Windows folder should turn up an an awful lot of hits. I’d show you my hit list but I’m currently using a 2009 Atom nebook – x86 only…
Unfortunately, following your suggestion has not made it crystal clear that Intel’s x64 architecture is the same as AMD64. What I’ve found, in Wikipedia and elsewhere, mainly says that Intel’s x64 is similar, or based on AMD’s. Not identical.
For example, this from https://superuser.com/questions/383711/whats-the-difference-between-intel-64-and-amd64 :
“From what I’ve read extended Memory 64-bit Technology (EM64T) is Intel‘s implementation of AMD‘s AMD64 and the differences between the Intel64 and AMD64 are:
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Lucky you.
As to “rapid fire responses”: this is something I see as in need of urgent, and up front (main page), clarification. I don’t usually hang around a computer on Saturday evenings. Do enough of that during the week.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
The designations are definitely confusing. The way I understand it is that “AMD64” is a nod to the fact that the folks at AMD were the ones who first developed the 64-bit CPU architecture. “AMD64” does not mean that you have an AMD processor in your PC, it means that you have a 64-bit processor (manufactured by whomever) in your PC.
For information as to the company that made the CPU in your computer, you can open your Windows 7 Start Menu, then right-click on “Computer” in the right panel, then left-click on “Properties” in the resulting menu. This will open a new “System” window, where you can visually scan for the line that’s labeled “Processor.” This line will specify whether you have an Intel chip or an AMD chip in your computer.
It may be more than a nod. I have no inside information, but it always read to me as though there was an agreement that made more strenuous action not necessary.
Intel had made their game changing reputation on the 8086. They capitalized on that reputation by continuing to evoke that success in subsequent chip names. Same branding idea that Boeing used with the 7×7 series of airframes.
When AMD came up with their own game changing chip a quarter century later, it was very important to them that everyone know who did it first. I find it possible they did not like the idea of being represented by x64 as if it were some kind of lesser knockoff.
That is exactly what I’ve done. The cure is worse than the disease imho. I’ve rolled back group B updates on various Windows 7 machines so the last bundled patch was December 2018. I will wait this out, practicing safe browsing of course (no IE, noscript, etc). Altho I’ve been a Group B member, I’m not sure that’s viable any more. Sorting out this mess without giving in to the mothership in Redmond (aka joining Group A) is probably not worth my time. Group A may be the only (less in-) sane way to move forward with Windows 7 at this point. Heck – Windows 10 is looking better and better (in a relative sense at least). Perhaps it’s time.
Group A…I also ran Disk Cleanup and missing the updates in the Add/Remove. I ran Steve Gibson’s InSpectre scan and disabled the Meltdown fix and performance is back. So far everything is running good and I have not installed March updates. I’ve got WU buttoned up and on hold. Should I run KB410080 ?
W7 Home x64 Group B, currently up to date thru Feb18, including Oct-Dec17. I did a Disk Cleanup about a week ago. All appears to be operating normally, so I choose not to fix anything with a rollback, despite a vulnerability. I accept the risk. I will continue to sit on Mar until the Defcon goes to 3 or better, which probably won’t happen until after the Apr release. I maintain plenty of patience and strictly adhere to the B methodology. I read the threads daily and send Kudos to the crew, Da Boss has assembled here. Keep it up … you gals and guys are the best!
Just curious, I am Grp. A and installed Jan. & Feb but held off on March. I just checked WU and as “Important” it shows 3 updates: 1- KB 4100480, 2- KB 2952664, & the MSRT for this month.
Should I install the KB 2952664? I seem to remember that was the one that prepared you for W10 or was a telemetry update.
Thanks
Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
I just installed MSRT & KB 4100480 and hid KB 2952664 on 1 of my W7 x64 computers before installing on any others. So far no problems.
Since I have had no problems with the Jan/Feb rollups, I didn’t feel like rolling back that far so hopefully 4100480 plugs the hole.
Thanks for all the advice folks.
Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
Well, I’ll wait a few days, if Defcon changes (normally around 5th of a month?) in install this along with others.
Always have panic about installing updates and rebooting afterwards, so i’m rebooting as seldom as possible.
which means: installing patches and rebooting once per month max.
There is a lot more confusion added to the advise when there is no specific reference to what architecture is being talked about. Just stating ‘Windows 7’ gives the impression that both are equally affected and the advise applies to both. I urge everyone to add 64 or 32 after Windows 7 to avoid this confusion. The problems and remedies are, at times, different.
It would also be helpful when referring to monthly updates as either the rollup or the security-only update. Using just KB numbers works if the reader is familiar with that KB, otherwise it is not. With more KBs arriving at random (mostly for W7/64), the complexity has increased.
By no means is this a complaint. It is just a suggestion.
Everyone is trying to understand the situation, see what they should or should not do, and stay aware. We need as much clarity as we can muster right now or systems will get messed up unintentionally. Windows 7/64 and 32 may be in more trouble than Microsoft is owning up to.
Before anyone here goes ahead with the advice to install KB4100480, and unless if offered to your machine by Windows Updates, or shows up when doing a search for updates, my suggestion is to:
HOLD ON.
In the Catalogue page for KB4100480 it says that it is for machines with AMD64 architectures.
In response to my posting about this, and whether it really applies to Intel x64 machines like my own, I have got back, so far:
(1) A way-to terse-answer from PKCano.
(2) A series of postings to the effect that Intel x64 architecture is the same as AMD64, with references to Web pages that, in fact, indicate that they are similar, not identical. Is that good enough? Unclear, at this point.
So, at least for myself, until this is made crystal clear, with a sufficiently long and well-referenced explanation, I am not removing or adding any updates, something that could bring along problematic side-effects.
Of course, what you’ll do, is up to you.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
In reference to installing patch KB4100480, it does say that it’s for 64-bit processors. I think you are correct in saying HOLD ON until Susan clarifies this. Since I have an AMD 32 bit processor, I will hold on installing that patch. (It also does not show up in my Windows Update). Group A. I can only access it through Windows Catalog).
MrBrian,
Thanks for the link. I appreciate your desire to help.
That said, I am going to wait until the end of next month, while taking a good look further into this, and then decide what to do about it. Maybe.
In the meantime: none of the patches mentioned here shall be installed or removed from my PC.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
There may well be physical differences between 64 bit chips made by AMD and those made by Intel, just as there are between different generations of 64 bit Intel chips. But when used in referring to the Windows operating system ‘amd64’ means 64 bit operating system regardless of whether the chip was made by AMD or by Intel. It is confusing, but to the best of my knowledge that’s what the terminology means. So as long as you pick the 64 bit patches you should be OK – at least to the extent that the patches are OK to begin with, but that’s why Woody has the Defcon system.
Mr.Brian: I sent another message a short time ago, however I just read the post about “installing or hiding”. Is this message intended for “ALL” updates (including the March updates?). I don’t make a move unless I’m directed that the MSDefcon has cleared an update or it has been approved in some other manner. Apologies for the “lack of literacy with computers” (as always). I think I’m beginning to get “dizzy”. Thank you once again, as always. 🙂
I think Susan doesn’t like telling people to uninstall updates is because it puts people in limbo.
I am Group B and I have installed all security patches and the KB4100480 patch fix. Currently my Windows 7 machines are running fine and after these March updates, my systems actually feel cleaner if that makes sense.
I am struggling to trust MS but I think we need to go with the latest advice and nobody can guarantee that you will be safer and won’t have any problems if you roll back to Dec 2017.
For me the Meltdown exploit is more dangerous, and I am sure hackers are working on this now. I am totally not convinced rolling back is a safer option if people have a system running well. But this latest fiasco should underline that Group B updating after feedback on patches is the best option.
Saying that, I think disabling updates is becoming a viable option after this current mess is put to bed.
I have to ask; With all its experience and resources, is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design. And that is unacceptable, to support a company with such low ethical standards.
Given the context this is happening in, MS pushing Win 10 so hard, and the standard business model these days is more often than not deception (of the customer) rather than respect, it looks like one (brutal and dishonest) tactic to get people off Win 7 and onto Win 10.
I don’t want Win 10, the ever mutating OS – so I’ll stick with Win 7 until I figure out Linux. Maybe some other OS is on the horizon? Anyway, I’m done with MS as soon as it’s practicable.
is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design
Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time.
🙂
Personally, I cannot buy the “human error” or “unintended consequences” line because of GWX. It was malicious and it was most certainly intentional design 100%. After that, I can’t go along with anything being unintentional or by human error. They showed their hands with GWX which never really ended at all.
Disbanding their Windows team feels like a child throwing a temper tantrum after not being able to get his/her way. Windows 10 has failed despite all their efforts. Not even giving it away for free was enough to offset all of it’s shortcomings. It means they have given up on Windows which was already sabotaged when they got rid of their QA testing team. All of this was by design. They had to have known all these problems would arise without a testing team to make sure these patches were ready and so I cannot consider the consequences of those actions as being “unintended” at all. They knew what they were doing and what the consequences would be just like the rest of us did when we heard of it.
Cut costs to increase profits and who cares about the consequences. That’s called capitalism, something I’m not so sure is a good thing anymore.
AJNorth above, Agreed
Sessh, Agree with you on MS.
But if you go back in history greed not actually capitalism is the culprit. In the 1800’s and in the early 1900’s people with large companies ran everything. Teddy Roosevelt was one that passed anti-trust laws to stop this greed an control. It may be needed again, to review what is proper business practice and what is anti-trust or in this case, not trustworthy.
It has been reported (someone also posted that here, at Woody’s, a few days ago) that Nadella has announced that MS is going to concentrate now on AI and Cloud services, so it is cutting the Windows’ engineering staff in half by moving 50% to work on those other projects. Not a word about improving the support for Windows, or any recent problems that require greater attention.
Given that, staying with Windows 7, Windows 8.1, or moving on to Windows 10 and staying always current with its latest system upgrade, should make little difference when it comes to the patching problems that have been cropping up with such alarming frequency for some time now. It seems like a good bet to assume that they will continue to be with us for the foreseeable future. Or at least for however long Nadella and those who agree with him stay in charge of running MS.
Being Group B is what one does to have at least some control of one’s own work while using Windows.
Question is: for how much longer will still be wise to do that?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design
Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time.
Perhaps, but this is happening every month now, how long can Microsoft hide behind being incompetent and stupid? Maybe they are totally incompetent but it’s still not acceptable
Kirsty,
Yes, absolutely, there is another explanation:
Nadella and his people now think that supporting an old-fashioned, not cool anymore, activity such as maintaining the Windows OS as a working tool is not really what they ought to be doing anymore.
“Dear user of Windows, my very good man, woman, person, it, whatever: the world has moved on. Time for MS to move along with it.”
“But, wait! How about the agreement to maintain those systems, keeping them safe and stable until their appointed end of life?”
“Whaaat? I can’t hear you. Speak in proper Cool, like me, or stop wasting my time.”
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Win7 Home Premium 64-bit.
Intel i7-3770.
Stand-alone (non-networked) PC.
A proud member of Group B since 2016.
Updated thru February.
Four hours ago I sucked it up and installed KB4100480, because I know it pains Susan to watch us uninstall updates. Or perhaps that wasn’t the reason. In any case, the install/reboot went smoothly, and I’ve been using various programs since, and all seems normal.
And that is the only update I’ve installed since installing the February Group B updates on March 5th.
UPDATE After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following: KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013. After rebooting, the computer was up to date with no other updates offered. Win7 Ultimate x64 Group A patching
Interesting. On one of my Win7 computers, I had run disk cleanup on February 11, 2018. About a week ago I manually ran Windows Update. To my surprise, WU had me reinstall the following updates.
Optional:
Update for Windows 7 for x64-based Systems (KB3092627) 09/08/2015
Important:
Security Update for Windows 7 for x64-based Systems (KB2862152) 11/12/2013
Security Update for Windows 7 for x64-based Systems (KB3022777) 01/13/2015
Security Update for Windows 7 for x64-based Systems (KB3076895) 08/11/2015
Security Update for Windows 7 for x64-based Systems (KB3084135) 09/08/2015
Security Update for Windows 7 for x64-based Systems (KB3001722) 11/10/2015
It would appear that Disk Cleanup is not to be trusted. Perhaps other later updates marked the above updates as being superseded when in fact they were not? The above updates did not show up in Windows Update for re-installation until after all current updates were hidden such that WU reported that there were no updates available for my computer. Only then, and after manually checking for updates again, did the above updates show up.
I’ve seen this behavior before. It’s one of the reasons that I recommend to use Disk Cleanup of Windows updates (followed by a restart, where the cleanup happens) only immediately before checking for Windows Updates.
Every time I’ve tried to run Disk Cleanup including the windows update files, my Win 7 Pro machine gets stuck on the reboot. Ultimately, I’m forced to do a hard power down and system restore which negates cleaning up the system files. The disk cleanup is not an option for me if I include the windows update system files.
DennyC there have been times that we have run Disk Cleanup, windows update files and old Windows Versions and the reboot took up to 45 minutes to complete.
We too, got worried but we left it alone and it finally made it to the Desktop.
If you do try again, make sure you do have a good registry restore point, do the Disk Cleanup and when it reboots, leave it alone for an hour. If no good then you have some issues with Windows and may want to run SFC system file checker or maybe the Windows Update Readiness Tool.
Below are the URLs and one is even from DELL with suggestions/help.
System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [October 2014]
https://www.microsoft.com/en-us/download/details.aspx?id=20858
Fix Windows Update errors by using the DISM or System Update Readiness tool
https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness
Look for: For Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008
Repairing Windows Update Issues with the System Update Readiness Tool (CheckSUR)
http://www.dell.com/support/article/us/en/19/sln285523/repairing-windows-update-issues-with-the-system-update-readiness-tool-checksur-?lang=en
Hope this helps. Keep us Posted!
Of note, I just had the exact same issue after uninstalling the January Security Only update. This occurred on my other virtually identical Win7 machine in which the only difference is that the MB has a Z97 chipset versus my main Win7 machine’s Z87 chipset. On the virtually identical Win7 computer with the Z97 chipset, I had run Disk Cleanup on 2018-01-14. And I had to reinstall the same six much older Windows Updates. Those updates of course only showed up after all current available updates were hidden.
And on this virtually identical Win7 computer, I just discovered that some CBS log files had grown to around 2GB in size. Thus I just blew out the contents of the CBS folder, and I just rebooted so that Windows would generate new CBS log files which will be up to date. Note that blowing out the contents of the CBS folder, if the log files and/or zipped versions of older CBS log files have grown to very large sizes, results in a faster reboot since Win7 isn’t having to churn through very large and deficient older log files. In fact, a new replacement CBS log file is generated almost immediately after rebooting. In this particular case, the new CBS log file only contained information about the update which I had just uninstalled (the January 2018 update) and reported that the installation package was no longer available. This is as expected.
Susan, does this apply to 32 bit??? My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.
If things don’t improve for March is it ok to skip a month and wait for April? Any help much appreciated.
Susan, does this apply to 32 bit??? My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.
If things don’t improve for March is it ok to skip a month and wait for April? Any help much appreciated.
To the best of my knowledge, no, this should not apply to 32 bit Windows 7.
The KB4100480 emergency security update for the Total Meltdown flaw is for 64 bit Windows 7 only and does not apply to 32 bit systems. Your 32 bit system is not vulnerable to it.
And as 32 bit Windows 7 systems only start receiving Meltdown “fixes” beginning with the March rollup or security-only update, your system has not received these fixes anyway. (Meltdown “fixes” were delivered to 64 bit Windows 7 systems starting in January and so 64 bit Windows 7 systems that had any of the January / February / March rollups installed were susceptible to the Total Meltdown flaw.)
Hope for the best. Prepare for the worst.
(Edit: 5 minutes late getting a quick reply in, time to retire this 2009 netbook?)
Retire from MS windows maybe but you can just stick an LXDE hybrid OS on it and use it for surfing (limits due to hardware within), done that years ago with a 2010 netbook. Also runs WinXP offline nicely with integrated SATA drivers within the ISO.
back on topic..
Win7 SP1 Home Prem x64
Intel Core I5 2500K
I just installed KB 4100480 along with the latest MSRT and my computer powered down after install as usual but this time it did not reboot. Computer remained on but I had to hit the reset to get it to reboot. First time this has happened in 7 years.
Win 10 Pro v.20h2
If you follow my “install it or hide it” general update advice for Windows 7 and 8.1, you should hide the updates that you won’t install now.
Perhaps update your update advice to mention why one should hide updates which they do not wish to install? The reason of course being that newer updates might not show up in WU if WU presently is showing updates which have not been hidden.
Things to keep in mind — when you see AMD64 it means both an AMD and an Intel 64 bit support. AMD actually invented the 64 bit platform first, but bottom line if you see AMD64 it is applicable to both and AMD or an Intel system.
Susan Bradley Patch Lady
Dear Patch Lady,
A note of thanks, and a small request:
(a) Thanks for coming out and clarifying the meaning of AMD64.
I’ll take your word for it, as searching the Web for an equally clear and unambiguous statement on this question has proven futile.
Still and all, I do find it quite odd that, in the harshly competitive and secretive world of commercial enterprises, the name of one of them is tolerated in a term of art. That is common practice in science and engineering, where the names of the inventors or discoverers are often included in the name of their creation (Boltzmann constant, Simpson’s rule, Pythagoras’ theorem, Hooks’ module, Koch’s bacillus, etc.); but science and engineering, while highly (and often not fairly) competitive, are both essentially cooperative, collegial endeavors. Chip making? Not so much.
(b) Unrelated to the above, one small request:
Would you, please, include in all your postings the link to the current version of your Patches’ list?
And thank you, also, for your good and useful work.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
IIRC it was the AMDx64 Opteron (code name) single core CPU that was the first, had one many moons ago. Like most AMD cpu’s of that era, they ran hotter than intels equivalent performance/ speed offerings therefor requiring larger noisier fans for better cpu cooling.
Ah, I remember the AMD Opteron CPUs. We skipped that since at the time we had three computers which used AMD Athlons which had the large vertical heat sinks and fans and which were serving us very well. You bring back memories for me. The three computers with the Athlons survived a direct lightning strike to a power pole which was roughly 200 feet from the house. I say “survived” since the only things which had to be replaced were the power supplies for those computers. The other two Intel computers completely fried — power supplies fried, motherboards fried, the CPUs fried, and the serial ports fried.
Back down memory lane, I had an AMD K6-2 300 MHz CPU in which the CPU fan completely died. Did the CPU cook? No, it did not since it properly monitored its thermals. I replaced the CPU fan and that K6 CPU hummed along for around another year before I decided to replace it first with a K6 450 MHz CPU and finally with a K6 550 MHz CPU. Ah, the good old days were when Microsoft actually cared about its customers and released Windows XP updates which were fully vetted by the no longer existent Windows Update Quality Assurance Team.
Those were the good old days in the sense that I never had to worry about installing any Windows Updates. This, sadly, has been what has been lost under Nadella — trust that Windows Updates will not cause anything from minor to extremely serious issues after installing Windows Updates. It is what it is, and this is apparently the way that Nadella likes it — perhaps to support his delusional idea to investors that Windows is no longer relevant to Microsoft’s bottom line in which Nadella has banked absolutely everything on the Cloud? If I was an investor in Microsoft, I would and should be taking a really deep and hard look into this scenario since all prudent investors should know that it is unwise to put all of one’s eggs into one basket — let alone into a company which extols only one single path forward. Yet this is nothing more than my personal opinion and for what it is worth.
Looking at the most recent commentary on the Web from various specialized publications, including financial ones investors are likely to read, I have found only fan-boy type raves admiring Nadella’s vision and rapturously fawning interviews of the man himself. What gives?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
The financial press is both oriented toward short-term performance (of the kind you get from milking a dying franchise) and sucked in by the promises of tech. Not surprisingly, many investors, particularly the big institutional ones and hedge funds, also fit this description.
In the articles that appeared a few days ago concerning Microsoft’s de-emphasizing Windows, the spin was to explain this as an effort to redeploy resources into the company’s “fast-growing” cloud initiatives. I didn’t see anyone asking whether products like Edge have been successful; instead, writers simply apply a credulous belief in tech. It’s practically a cliche to have tech companies that haven’t made a profit and in many cases don’t seem to have a clear plan to do so, yet are valued by credulous investors at billions of dollars. Satya Nadella fits right in.
(Off topic) My recollections of a great cpu, which I had for many years on a home built rig, was a gem, the (retail) Slot1 intel Celeron 300A stock at 66MHz (clocked to 100MHz) that ramped up to 450MHz no problem with minimal extra cooling, albeit a 128kb on-die-cache compared to the extortionately priced flagship PIII 450 which had 256k on-die-cache at the time. All done on an Abit BH6 mobo that could run any game thrown at it with an nvidia TNT2 AGP graphics card. Those were the days, so much fun!
Sadly the overclockers are now a thing of the past as modern day Operating Systems won’ t allow it.
thanks for the memories Gone to Plaid!
(Back on topic)
Sadly the overclockers are now a thing of the past as modern day Operating Systems won’ t allow it.
thanks for the memories Gone to Plaid!
You can still do overclocking with Win7, 8.1, and even with Win10, as well as some Linux distros. A number of new MBs have dual UEFI setups to allow booting in an overclocked state.
I have OC setting for my GPU and RAM for certain games, but have not used them in years as the box ages, and I do not want to overstress or tank old hardwawre. It is easier to set an XMP memory profile than do an OC.
Given the speed of new CPUs the “need” for OC has diminished, unless you are in the crowd that shoots for massive benchmarks. It is interesting to see the setups that use liquid nitrogen or dry ice for cooling. Practical, no (maybe?), but interesting yes.
Unfortunately, what used to be interesting experiments has been eliminated by the need to defend and preserve my Win7-64Pro install from bad poatches all while fending off the MS Borg.
As B.B.King sang, “The thrill is gone.”
@Susan FWIW, yesterday I went to the update catalog to get the 4100480 update for a Win 7 Starter 32 bit. “odd”, I thought. Only 3 entries, one for Win7 64 bit, one for Embedded Win 7 and one for Server 2008 (not sure about the last one, but something like that.)
Then I remembered the issue doesn’t affect 32 bit. Got a bit of a chuckle out of that, and trust me, I don’t usually get any chuckles out of updating/patching.
A data point for Win 7 Pro SP1 x64 Group B current through February patches.
Just installed KB4100480. no apparent issues or drama, normal restart, no detectable slowdown (although I’m not a ‘heavy’ or ‘intensive’ user by any means).
Win7 Pro, 64bit, AMD 8 core CPU FX-8320e, 16 gigs memory
Multi-boot capability, Win7, Win10, Ubuntu, Mint.
Macrium Reflect backup, uninstalled 5 updates to get back to December.
Ran Windows Update, 3 Net updates, about a dozen windows updates, some of which went back to 2015, one of which was on my naughty list which I didn’t install.
Installed. Windows Update again, nothing recommended here showed up. Just downloaded and installed 4100480 & 4054521, neither of which showed up in Windows update.
I’ll do another back up.
Wondering why I just don’t shut off the internet for Windows and stick with Linux..I lost interest in this OS/computer nonsense long ago..
Every time I’ve tried to run Disk Cleanup including the windows update files, my Win 7 Pro machine gets stuck on the reboot. Ultimately, I’m forced to do a hard power down and system restore which negates cleaning up the system files. The disk cleanup is not an option for me if I include the windows update system files.
This could be caused by either cancelling the installation of an update, or by an update which failed to install. This results in a plethora of update related files which are not properly cleaned up. Ask the experts here about how to discover and then how to eliminate such cancelled or failed updates.
I have the hang up problem at the end of the re-start. It says that has reconfigured 100%, the notice goes away but then it just stays busy and I cannot do anything. I do have several cancelled and failed updates in my update history. So, what is the best way to take care of this problem? Win 7 64bit sp1
Regarding the hangup, here are two options:
1. When it is obvious that the computer has hung after displaying Configured 100%, try typing Ctrl-Alt-Delete. For some updates in which an additional update needs to also be configured, this will cause the additional update to also be configured, and you should fairly quickly see the logon screen.
2. If #1 didn’t work and after the computer is obviously hung, wait five minutes and watch the disk activity light for your hard drive. If you see that the disk activity light is blinking only once every 1 or 2 seconds, press the reset button on your computer to force a reboot. After rebooting, you probably will see a message about configuring updates. Do not be alarmed if this message displays an update number which is in the thousands, since the update number is related to the core build of Windows and not any Windows Update itself. Your computer will now be past the hung update and will then install whatever additional updates which you had wanted to install. You should see a progress screen for these additional updates, and then see your login screen.
If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update. Accomplishing this is beyond my expertise. Yet there are experts here who can help you. I suggest that you register with this web site so that you can then get the help that you need.
“If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update”
Getting out of a no-boot situation after installing Windows updates
Stand-alone Win7 Pro SP1 x64 Haswell Group B here. All 2000003 security and IE updates installed till February.
After succesfully and unproblematically installing Mar 2018 (IE11) KB 4089187 (and reading all the do’s and don’ts and maybe’s here), I took the plunge and installed KB 4100480 as well today. Didn’t want to roll back.
All seems fine.
Happy Easter!
Thanks, but it’s not on Group B’s 2000003 list (yet).
Master Patch List says “Only install if you have installed the March Windows 7 updates”, which I have not. It serves to counter IE not starting because of an invalid SHA1 certificate. A problem I did not encounter.
Waiting for gurus @PKCano or @Susan Bradley (or one of the other demigods) to give a Go!
@PKCano: Is this one “safe” to install since it’s so “old” (KB4033342) Not checked ?? Also I have another question….
What is the Disk Cleanup, and is it safe to install this on our computers. I am one of the computer illiterates, and don’t know “which end is up” so all advice is very helpful for me.
Thank you once again for everything you post for all of us who are just the regular users who have no knowledge about what is occurring in many instances. Your help is absolutely invaluable, along with others who are also wonderfully gifted with so much expertise and knowledge. I’m Win 7, Home Prem., x64, Group A. 🙂
PKCano: My apology for not seeing your reply the first time – – – – I did have problems getting the site to function, so that must have been the problem. Thank you so very, very much for the information you provided. I will now annotate the update to ignore (or hide?) for the present time. Your information was wonderful – – – – Thank you once again! 🙂
Not.
Just spent the afternoon putting up the walls around my wife’s computer, a Lenovo Yoga Book. This computer is not a beast – it’s a lightweight. Got it for her to read her Nook books, Pinterest, Facebook, Gmail, and light surfing. She uses Word 2013. It’s WinX-1607, mercifully.
Windows Update had brought the machine to its knees. The machine was basically useless. So, up go the walls. The MS cure is much, much worse than the disease.
Turned off Windows Update Service. Stopped and Disabled it. Rebooted.
Removed 4023057 by uninstalling it. Removed MS Update Assistant – how’d that thing get on my computer?!
Ran WUSHOWHIDE. Hid everything except malware removal tool and Windows Defender updates. Installed Spybot Anti-Beacon. Blocked everything with that aging utility. Ran Defender Quick Scan – nothing – as expected.
Did everything I could to block MS from altering my wife’s computer. Bad MS. Bad.
An hour after turning the machine back to my wife she comes up and plants a big one on my lips and says ‘Thanks User Support Guy!’. The machine is useful once again. Guess I still got a little magic the girl fancies.
Poor, poor MS. I watched IBM diminish years ago and wondered how such a massive organization with lots or really smart folks could miss the mark so wide. Now to watch MS do it again makes me wonder if some PhD candidate in suicidal tendencies of large American corporations should pick the on-going demise of MS as a dissertation subject. Just saying.
Thanks Patch Lady & Woody.
An update: A day later the wife pushes her Yoga Book across the table to me and says ‘It’s doing it again.’ The magic was over, and I’m not as good at blocking MS as I hoped. Sure enough the MS Updater is reinstalled and is downloading some new version of WinX. Windows Update is re-enabled! I stopped it and disabled it the day before. UGH!
Stopped Windows Update Service again. Disabled it – again.
Went to task scheduler – Aha! More stuff in there that automatically runs at 1:00 a.m. everyday. Disabled all scheduled tasks that I could relate to either Windows Update and, a new one here, the Windows Update Ochestrator. Noticed one task labeled ‘self healing’!!! Went to Services and yep – a new service that I’d never seen before. Stopped and disabled.
So, stop naughty services. Disable scheduled tasks. Hope and pray. And keep reading Woody. Wish someone would work out a procedure that we could execute that would block all of the self-healing paths MS has backdoored. Or frondoored. No difference – they haven’t knocked in any case. Trespassing on my machine. Bad MS. Bad.
If it has reached the stage where Susan Bradley is worrying about this, (meant as a compliment), then MS has a serious problem, whatever the reason for it.
This is a company in the business of causing trauma to its users, even if not by design.
I recall reading here long ago, I think it was Woody, who said that you can run a Windows computer without updating for around 9 months without panicking…(The latest fiasco with 4GB memory leaks is unbelievable). If you feel up to it, go group W after following her advice, and if you can, seriously consider alternative operating systems. It starts to get ridiculous just trying to figure out what you do and don’t need anyway. Does anyone have the time to just user their computer instead of this patching angst (even when it works?)? Just an opinion. If there is some ultra Meltdown/Spectre exploit reported, then yes, you have to patch.
Apparently I’m unable to uninstall the February patch, yeesh. It’s in my update history but when I view installed updates to remove it, it only shows me January as the latest of the monthly patches.
With that said though, I don’t have any Intel parts in my PC so will I be “okay” to just keep Jan/Feb and see what April patches offer?
If you are wanting to roll back:
Uninstall Jan Rollup for Windows, reboot, wait 15 minutes after login, run search for updates.
Hide any Rollup for Windows later than Dec 2017 and re-run scan for updates until you are offered the Dec 2017 Rollup.
Install the Dec Rollup and whatever old individual Windows patches that are offered checked by default.
Getting out of a no-boot situation after installing Windows updates
Thanks, but I’ve had no issues. It rebooted after i pushed reset, followed by the ‘ installing windows update screen’. I checked and the the update shows ‘installed’.
Win 10 Pro v.20h2
As a Group B’er since last year I have only been installing “Security Only” updates and IE updates as directed by the A000003 page which I’m very grateful for. I’ve had no problems & everything seems to be working well with the Jan. & Feb. S.O. updates installed. My WU is still showing the Feb. Group A monthly rollup for Win 7. That’s the only thing out of the ordinary I’ve noticed.
Can I continue to do the Group B updates as usual? It seems that the Group A rollup updates are the ones causing this mess. Please forgive me for being confused here, this is a lot to take in. I’ve never had to uninstall an MS update and really don’t want to now if possible. Thanks.
Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.
The Group B Jan/Feb security-only patches contain the same problems as the Rollups. So what is said applies to both Group A and Group B.
It is your choice to roll back (uninstall) or not, but understand that the same cautions apply to both.
My experience since following Win7 X64 Group B for Jan-Feb has been a slowly deteriorating environment on my single PC.
For some reason Unzipping files using 7zip began taking two steps longer, you could see that the program was stalling trying to write the uncompressed data to my SSD.
The same issue started when copying files from my Raid Array HDD to the SSD. The copy would stall and then the copying files popup window would come up and slowly chunk through the copy until complete.
I was seriously worrying that I had the start of SSD failure (several years old but health and SMART check ok with plenty of over-provisioning and space available).
I decided to roll back after seeing this post, just to check. And now file copies are back to instantaneous.
Miss Susan, you have saved me much stress and costs, Thank You!
Yep, writing to SSDs are particularly impacted. I believe that the March update makes matters worse. It has to do with the 4K blocks used by SSDs. This causes a tremendous amount of overhead after installing the Meltdown/Spectre patches. Conventional platter hard drives are the least affected.
Windows 10 is looking better and better
What’s to like about Windows 10?
Susan, I am currently Windows 7/8.1 Group B. Both are patched through January with no problems so far. I held off February’s patches due to the reported issue with two factor authentication. I currently use a military common access card (CAC) from home. In the past I have had many problems getting the CAC card to work so I didn’t want to mess with this. I was reading in some posts that this was not fixed in the security only patches and that you have to get the rollups (which I wont do). Is this true? If so could you let us know if and when this is ever fixed in the security only patches. I am also holding off on March’s patches at your advice. Since I have not had much issue with January’s I will wait and see and leave them for now.
Another question, I haven’t been able to find the answer to and maybe you might know:
KB3127916 for Office 2013 – documentation shows nothing on what it is for. I found from a good source that it is for Contactpicker.dll but I have no idea what it is doing for it.
KB3191872 for office 2013 – This update deletes or hides the From Microsoft Azure Marketplace option from the Power Pivot ribbon, because the Microsoft Azure Marketplace service is no longer exists.
What seems strange to me is that it is something like 64 MB and contains changes to 14 .dll files. For something so simple is deleting or hiding Azure, it seems like it is an excessively large file with many changes. Is something else there? I wouldn’t be surprised if MS sneaked something else there now a days and only telling you about one thing in it seemingly benign.
Windows 8.1 Group B, Brave & Dissenter & Protonmail
My support of (other than my own) computers has purposely dwindled from an unbelievable number to 3 desktop and 1 laptop Win7 plus 1 desktop and 1 laptop Win10 1703. I couldn’t keep up the large number OS supports and moderate too.
So here are some of my observations:
Two of the Win7 desktops are “Joe” users. They both have Jan and Feb Rollups installed, neither are being offered the Mar Rollup in WU. I had them stand pat – installing only MSRT and Office. Hid .NET 4.7.1 installer.
I thought about having them install KB 4100408, but since neither are big computer users, decided to wait.
The other desktop and laptop are my son’s. They also have Jan and Feb Rollups installed. He has a metal-working business. On his desktop (Dell XPS 27″ all-in-one quad core i7, 16GB RAM 4-5 yrs old) he usually has multiple DesignCad drawings, multiple large .PDFs, QuickBooks, and Chrome open at the same time. He has seen a HUGE slowdown in the computer lately – reports circle going around, long page loads, etc.
For him, I am considering the rollback to Dec. 2017. See if it relieves some of the resource loss. At the same time I’m considering long term effects of rollback on the integrity of the OS, considering MS’s problems with supersedence.
If I do this I am also considering doing the standalone IE11 CUs monthly to keep IE up to date, though he uses only Chrome. The security-only patches seem to have the same problems as the Rollups, so they’re out.
————-
Have managed to keep both the Win10 1703 Pros on 1703 by finagling. Feature updates set 365, quality updates set at 0, no pause. GP: WU Automatic = 2 notify download & install, Download set to 99 simple (no peering). Connected Customer Experience and Telemetry Service – Disabled (keeps turning back on). Tasks: All under Application Experience, Autochk, and CEIP Disabled (some turn back on). Tasks under Update Orchestrator – two USO, sched scan, Refresh settings, MusUx Disabled (some keep turning back on).
Have found that I can’t get rid of KB 4023057 from the WU queue with wushowhide unless I disable the sih and sihboot Tasks under WU then run Disk Cleanup and reboot immediately before wushowhide. Only then can I hide KB 4023057 using wushowhide and have it is out of the WU queue so I can install just the CU update.
Have had to uninstall KB 4023057 and delete the Windows\updateassistantv2 folder on occasion.
Both are still on latest build of 1703 (966), but I dread the emergency call from the office manager saying an upgrade is in progress or the machine is borked.
KB4074598
I am gonna guess that the black screen may be due to the fact that the Windows graphics component was updated by this update. Do your Windows event logs show anything? If so, then apparently we have yet another issue with this update.
Here are 2 screen shots of what showed up in Windows Update this morning. I am surprised that EVERYTHING is checked. I have downloaded and installed NOTHING from this list, just letting all know what I got this morning. I’m tempted to hide all of them, but, will wait for defcon numbers to change and MAYBE install some.
Dave
UPDATE UPDATE UPDATE KB 4096040
KB 4096040 has been added to AKB2000003 for Group B.
KB 4096040 replaces the March 2018 IE11 Cumulative Update for IE11 (KB 4089187) and fixes the “IE11 doesn’t start after installing KB 4088187” error.
@PKCano, if KB 4096040 replaces KB 4089187, would it make sense to either delete the March 2018 (IE 11) KB 4089187 line & links (or line through this line & links) on the 200003 Ongoing list page in order to ensure someone doesn’t download and install this original March 2018 (IE 11) update anyway?
If people installed the original patch and don’t have a problem, then it probably not necessary that they install the patch with the fix. If they don’t have a problem, I don’t want them to think they have to uninstall. I bolded the fact that it was a replacement, so anyone installing from now on will know.
The fixes will be included in the April Cumulative Update, out in less than a week.
This message chain has taken a few detours, and many side discussions are being carried on. I’m a Group B updater, who has installed the Security only updates from January and February. I’m considering following Susan’s suggestion to uninstall these Security updates, and then holding off on the March Security Only update until such time as Microsoft gets it right. I have two computers – both Macs running Bootcamp, one of which is 64 bit Windows 7 Pro SP1, the other 32 bit Windows 7 Pro Sp1.
For the sake of clarity, can I please get confirmation before I do the following:
Uninstall KB4056897 (Jan. Security Only)
Uninstall KB4073578 (fix for unbootable AMD computers, which I installed “just in case”)
Uninstall KB4074587 (Feb. Security Only)
Install KB4100480 (the Meltdown/Spectre quick fix to forestall the issues introduced by the Jan. and Feb. Security patches) on my 64 bit machine, only if it is offered in Windows Update.
Install KB4096040 (the updated IE11 Security Patch for March)
And then hide any Rollups, Previews or other unchecked or optional updates offered by Windows Update. Plan to hold off on installing any MS Security Updates for the foreseeable future, until such time as Woody and Susan deem them safe.
Is this a suitable plan?
Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater
Thanks to everyone on this site – you’ve all been very helpful.
I writing this post on Monday April 9, in the waning hours before the April Updates are released, in the hope that my experience may help others.
As mentioned above, I have two Windows 7 SP1 Pro machines, both Macs running Bootcamp. One installation, on a 2012 Mac Mini is 64 bit, the other is on a MacBook Pro from 2007, and is 32 bit. The process was the same on both machines.
Everything appears to be running smoothly – and the 64 bit machine feels a little snappier.
Just in case they become unavailable, I downloaded the Jan., and Feb. updaters for what was uninstalled, above, as well as KB4088878 (March Security Only), and KB4096040 (the IE11 Security update I installed above, just in case), and stored them in a folder (but didn’t install any of them). I tried to download KB4099959 (the Total Meltdown patch I hid in Windows Update above, but found that DuckDuckGo couldn’t find the page, and when I searched using Google, the page from the Windows Update Catalogue wouldn’t load (blank page instead). If I want to install it, I’ll have to un-hide it in W.U.
So I’m back to where I was at the end of December 2017, more or less – Happy New Year Everyone!
Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater
I will admit a touch of jealousy. Two months ago I would have judged you reasonably cautious. One month ago, unreasonably over-cautious. Now you have an enviable condition. Such is the evolution in this changing landscape. When in fact, what has really changed is our new understanding of what we didn’t know before.
I remember Woody’s New Year’s Eve post reminding us of the value in an image dated 31DEC2017. And while I will very likely install KB4100480, as a personal choice, I see rolling back as also very reasonable. There on my shelf is an image that would make me just like amraybt. It will be there if I need it, I suppose.
My Group B strategy has been to wait 2-3 months then catch up with the security-only and latest IE cumulative updates whenever the dust settles (e.g. during a relatively calm month with few or even no widely reported issues). I’m updated through Dec 2017 on both systems, but it feels like MS is really trying to push myself and others to Group W. I’m glad I waited to see how things would go since the mess that began in January.
Group B, like you.
After I became aware of the Total Meltdown flaw that Microsoft introduced with their Meltdown “fixes”, I have restored ALL my systems running Windows 7 x64 back to (or stopped patching beyond) the December 2017 patch level (4 used by me and several others used by family members), using system images prepared before by Acronis True Image.
For me, the decision is simple. If Group B is no longer viable then I will simply stop patching. For now I shall stop patching the Windows 7 systems until I am satisfied that the mess has been resolved. If the mess is not resolved to my satisfaction, then those systems will remain at the December 2017 patch level, effectively becoming Group W. And by stopping patching there is the additional benefit of no performance degradation.
But I can’t stop wondering : How can Microsoft be so incompetent? How can security update(s) supposed to fix security vulnerabilities make our systems even more insecure? Is this another attempt by Microsoft to “persuade” Windows 7 users like us to “upgrade” to Windows 10 by degrading the Windows 7 experience?
Hope for the best. Prepare for the worst.
Too late. Ran that peculiar gauntlet before I ever met you. 😉
Guess I did word that like an easy set-up, well turned. And I agree with your recap as well. I also think many approaches fit many people. It is the increasing disorder that causes concern. Everything indicates that rolling back by uninstall should go smoothly. But your refreshingly lighthearted description caused a smile. And gave me an opportunity to point out that even if that goes wrong having a year end full image with more recent data files backup can make a very bad day into a much simpler recovery.
That comforting thought is what makes it possible for me to go forward with choices where I really do not know what might happen next.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.