Patch Lady – to patch or not to patch?

Topic

New Reply

I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates.  But after reading this and especially Kevin Beaumont’s tw
[See the full post at: Patch Lady – to patch or not to patch?]

Susan Bradley Patch Lady

Total of 23 users thanked author for this post. Here are last 20 listed.

Lori, Erik, Fritz, jburk07, Chessie, Microfix, LH, AlexEiffel, abbodi86, Cascadian, AJNorth, Demeter, David F, JDeC, The Surfing Pensioner, Great Lake Bunyip, lurks about, HiFlyer, satrow, Elly

Reply | Quote

Replies

Just reconfirming, this apply to Windows 7 not Windows 10 right, Miss Susan?

Just someone who don't want Windows to mess with its computer.

2 users thanked author for this post.

JDeC, HiFlyer

Reply | Quote

Correct this is just about Windows 7.

Susan Bradley Patch Lady

3 users thanked author for this post.

JDeC, WildBill, Zaphyrus

Reply | Quote

Thanks for your kind confirmation of the current massive mess with yet all massive patches of 2018 even if this confirmation is some kind of a wet one.

This approach matches my personal attitude when now I have the last of massive patches installed as KB4054518 rollup of Dec2017 but of course along with all IE11 updates also installed in standalone manner up to the present revision 11.0.57 of KB4096040 linked to the latest Mar2018 rollup preview KB4088881.

The funniest point here is that as far as I remember there was similar mess with m$ win7 updating  last year that is to say from late April2017 KB4012218 (first tested & then hidden by me personally) till June2017 KB4022719 (first deployed permanently after a couple of months of easy life with outdated win7).

Now awaiting for April patching fun.

Reply | Quote

BTW, I believe that if m$ would be unexpectedly & surprisingly smart enough to change their current attitude to at least win7/8 patching to a bit more decent & comfort way towards its customers then they could completely separate the present line of its massive rollup patching from the odd & muddy Meltdown & Spectre protection one.

That is to create the independent patch concerning Meltdown/Spectre even if it will be temporary incomplete in part of Spectre protection for older hardware, and then update it upon further improvements readiness in same way as rollup patching line now, when every next patch installed replaces all previously applied ones.

I guess such approach will be very much welcomed by many windows uses worldwide.

Rgds,

Reply | Quote

I have something strange on two of my Win7 computers.
Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed.

I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?

1 user thanked author for this post.

CADesertRat

Reply | Quote

@ PK Cano-

Group B patching… Win 7 Home, 64 bit… and they are all listed for me.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

I’ve been patching Group A, and doing Disk Cleanup once a month.
Have you done Disk Cleanup?

1 user thanked author for this post.

Microfix

Reply | Quote

I do disk clean up just before installing the next month’s patches.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

UPDATE
After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following:
KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013.

After rebooting, the computer was up to date with no other updates offered.

Win7 Ultimate x64 Group A patching

5 users thanked author for this post.

walker, GoneToPlaid, Elly, CADesertRat, dgreen

Reply | Quote

Very strange. Some weird supersedence kicked in?

Reply | Quote

See @mrbrian ‘s explanation below

Reply | Quote

Alternative theories come to mind. Hey, am I glad I didn’t install the buggy patches! Felt kind of guilty about it at the time, mind.

2 users thanked author for this post.

HiFlyer, Microfix

Reply | Quote

@The Surfing Pensioner, I like yourself did not install Jan/Feb/Mar 2018 patches for both W7 Pro x32 and x64 machines albeit both in group A and one system offline. I found the whole issue of meltdown/ spectre et al too panic stricken and uncertain so, went on my gut instinct not to install the security patches.

However, I did on my W8.1 and reverted back to an image from Dec 2017 with relative ease beginning of last week on the news that the MS security fixes in Jan/Feb for the exploit/ hole was actually made worse.

Looks like the updated browser versions with AV updates will help for now without the sacrifice of performance. IMHO the fix outweighs the risk in this case.

Keeping IT Lean, Clean and Mean!

1 user thanked author for this post.

The Surfing Pensioner

Reply | Quote

@PKCano

I also use Group A…two Windows 7 SP1, one Dell Optiplex desktop, one Dell Inspiron laptop…I use Disk CleanUp after updates, and in looking I am seeing the same thing you describe. I am somewhat smart, but by no means a “techie”…as long as I use safe measures when online and avoid any patching until this is all cleared up and when we go to a higher Defcon rating, should I be somewhat alright? I have to date experienced no odd behaviors in either computers, and really don’t care to possibly mess anything up needlessly.

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

Reply | Quote

If you have installed the Jan and Feb Rollups and you decide not to roll back to Dec 2017. you should install KB 4100480 to mitigate the Total Meltdown vulnerability. Then I would sit tight and wait to see how this plays out.

5 users thanked author for this post.

Fritz, CraigS26, walker, AJNorth, Individualist

Reply | Quote

What about the patch for the ip issues? can that be skipped for now?

Reply | Quote

Win 7 x64.  Never did previews.  Did Jan and Feb roll ups.  Didn`t  do Mar unchecked 875 or 950.  Just did  checked 480.  No problems so far.

Reply | Quote

Me also. Jan, Feb 18 then Sep 17.  I also do disk clean up after every install.

Reply | Quote

@PKCano I have encountered the same thing but not for W7 security patches, it was for MSRT. I declined the licence in MSRT and it only shows four previous months, anything prior to that, does not appear at all, they drop off the list.

Keeping IT Lean, Clean and Mean!

Reply | Quote

I would say that this is expected to some extent.
Disk Cleanup probably did what was supposed to do in this case.

3 users thanked author for this post.

walker, Microfix, PKCano

Reply | Quote

How are things going this month for the 630 million users of 1709 (the version known around here as “unstable”)?

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

1709 has had three cumulative updates so far this month.

The last one — which is voluminous — finally fixed the “Delta” bug introduced in January.

I’ve been so busy chasing all the patches this month that I don’t know if there are any additional problems with the three cumulative updates, thus far.

4 users thanked author for this post.

Microfix, David F, Metanis, Elly

Reply | Quote

PKCano wrote:

I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?

PKCano
I just checked my install update list thinking to maybe roll back to December.
The only one listed is kb4074598 (feb roll up)

All the others are gone.
I did install new hard drive in November and reloaded Windows 7 and went to Group A.
I never did a disk clean up after any updates because didn’t want to remove old updates so this wouldn’t happen.  Obviously that didn’t work!
So it looks like a roll back to december is impossible?
Geeeeeeeeeeeez!!!

 

EDIT TO ADD:
Just checked my review of update history and the roll ups show that they were installed successfully but not showing up on my installed list. Strange!

Reply | Quote

If you uninstall it should put back what it replaced.

Susan Bradley Patch Lady

1 user thanked author for this post.

dgreen

Reply | Quote

A lot of people here tend to run Disk Cleanup often. In such conditions, there is a good chance that the previous update is no longer present and as such it will not be brought back by uninstalling the later update.

1 user thanked author for this post.

dgreen

Reply | Quote

See https://www.askwoody.com/forums/topic/patch-lady-patch-or-not-to-patch/#post-179787.

Reply | Quote

I looked at two Win 7 computers (32 bit and 64 bit).

I have all the Security updates I’ve manually done appearing for Oct, Nov. and Dec. 2017 in both computers.

Got coffee?

Reply | Quote

“Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.”

Those who use Disk Cleanup to clean up Windows Updates should note that immediately after doing this, every Windows monthly rollup other than the newest installed Windows monthly rollup will be removed due to component-supersedence. If you then uninstall the newest installed Windows monthly rollup, you will find that no Windows monthly rollups are installed. To install the December 2017 Windows monthly rollup, you’ll have to either hide the March 2018, Feb 2018, and Jan 2018 Windows monthly rollups, or install the December 2017 Windows monthly rollup manually via the Catalog, or use Windows Update MiniTool with “Include superseded” ticked.

4 users thanked author for this post.

walker, Great Lake Bunyip, JDeC, Cascadian

Reply | Quote

Whilst grateful for the advice, my natural inclination is to say that as the Group A updates were successfully installed in January and February, and we are at DefCon 2 for March, with no problems encountered so far this year with my home Windows 7 machines which are running normally, I will sit tight and not start uninstalling updates and reverting to an old position.

“Stability in the hand is worth two threats not yet in the wild”, or something like that!

However, I will keep the situation under review as I read further comments and recommendations.

5 users thanked author for this post.

Charlie, HiFlyer, Individualist, OscarCP

Reply | Quote

In trying to assist a friend of mine on his Windows 7 machine, he is currently updated with the last security only, internet explorer & MSRT from February.  These were installed Group B style on March 10.

I’m willing to “roll back” the January & February groups.  One thing still bothers me about it though.  The non-cumulative nature of the “security only” update bundle will require a reinstallation of Jan & Feb at some point.  Add the March group to the mix near the end of April or beginning of May (if at all) & this all starts to seem like a vicious circle.  Is FUD getting the better of us or is it just another case of  “this is the new normal” for M$.

The only alternative I can see for my friend is to hold off on all the usual W7 March updates (including 4100480) hoping for a solution by the next update cycle.  Any other considerations missing in my findings?

Win 8.1 (home & pro) Group B, Linux Dabbler

2 users thanked author for this post.

JDeC, HiFlyer

Reply | Quote

Easy decision for me, since my patching has not advanced beyond late 2017.  I stopped after November hung up one of my Win7 machines for hours and I finally had to kill the power despite the admonition on screen warning me not to.  I intend to patch through December (security patches only) and stop until the smoke clears, maybe for good.

Having not done Jan-Feb-Mar, I’m feeling smarter than I really am right now.  (Which of course is dangerous.)

I don’t see a viable case for Group A over the last three months.

Reply | Quote

If my reading of the situation at MS is right, then yours might be a really long wait.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Reply | Quote

Nor me – the Group A mob who have been virtuously installing their monthly rollups are now in a bit of a pickle. What an interesting turn-up for the books!

1 user thanked author for this post.

Cybertooth

Reply | Quote

Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.

Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.

So far, no problems noted. (fingers crossed!)

Caveat: My usage scenario is a relatively simple one.

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

5 users thanked author for this post.

HiFlyer, SueW, AJNorth, Individualist, JDeC

Reply | Quote

Did exactly what you did.  No problems so far.  Never did previews though.

2 users thanked author for this post.

JDeC, HiFlyer

Reply | Quote

Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.

Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.

Which is how I’ve been spending my Saturday (until now) — getting a passel of Win 7 Pro x64 (and a few Home) machines squared away.

Like yourself, the prospect of rolling every machine back to the December 2017 patch point was singularly unattractive.

Therefore, I installed only the March MSRT, KB4096040 (the March Win 7 IE Cumulative Security Update) and KB4100480 (putting KB4099950 on hold until further word from On High).

So far, nothing untoward to report (and I’ve even left my ‘phone on its hook).

4 users thanked author for this post.

JDeC, OscarCP, SueW, Cybertooth

Reply | Quote

After checking my installed updates KB4057400 isn’t listed BUT it is listed in my update history. Do preview rollups not show up in the installed list?

Reply | Quote

Do you have a newer Windows monthly rollup installed?

Reply | Quote

Yes I have the February rollup (KB4074598)

Reply | Quote

If I recall correctly, only the newest Windows monthly rollup installed (including previews) is shown in Installed Updates.

Reply | Quote

Ok, at least that’s settled. Now all I need to do is figure out whether rolling back or installing KB 4100480 is the better option.

1 user thanked author for this post.

JDeC

Reply | Quote

Correct, because all rollups share the same internal CBS package name
it’s like having multiple versions of KB2952664 installed, only the latest will be shown

3 users thanked author for this post.

Elly, Moonbear, MrBrian

Reply | Quote

For a Windows 7 x64 user who is current through February, and wants to move forward, not backward, is this the correct patch order?

1. Install KB4099950
2. Install KB4088875
3. Install KB4100480

Reply | Quote

Looks good.

2 users thanked author for this post.

AJNorth, alpha128

Reply | Quote

MrBrian wrote:

Looks good.

Thank you!

I’m not going to install anything tonight.  The weather has been windy and the power has gone out (briefly) three times.  Maybe tomorrow.

Reply | Quote

875 and 950 are unchecked.  I didn`t install them. 480 checked did install it.  No problems.

Reply | Quote

No fooling – I did what I said I was going to do and installed these three patches in this order:

1. KB4099950
2. KB4088875
3. KB4100480

So far there are no apparent problems.

1 user thanked author for this post.

JDeC

Reply | Quote

“And then Microsoft please please please, do something about these known issues and fix them, because it pains me greatly to publically type this.”

Hi Susan,

I appreciate your research on the issue, but I’m curious why “it pains [you] to publically type this?”

GaryK

Reply | Quote

Telling people to uninstall updates is drastic for me to do.  It pains me to come to that conclusion.

Susan Bradley Patch Lady

6 users thanked author for this post.

Elly, JDeC, GoneToPlaid, SueW, Microfix, satrow

Reply | Quote

Uninstalled Feb. kb4074598, and Jan. kb4056894 rollup updates successfully. (group A)
Never installed March anything offered.
Will sit tight and wait for MS to get their act together….
hopefully in April…..

Reply | Quote

I’m on Windows 8.1, but not crowing at all. I really feel for those on Windows 7, because these problems aren’t your fault, they’re Microsoft’s. If this is another scam to con Win 7 users to upgrade to Win 10, then it’s totally wrong. Since Microsoft abandoned Win 8.1 for the enterprise, they don’t care if we upgrade. With more users still on Win 7, they’re a target. I don’t trust Nadella, since he cares about the cloud more than the desktop.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

7 users thanked author for this post.

Charlie, Bill C., HiFlyer, SueW, Cybertooth, David F, wdburt1

Reply | Quote

NASA has, at each center, a team of dedicated IT security people. I have not seen any reports from them, yet, warning about problems such as those mentioned here, or suggesting measures to resolve them. That probably will change, and soon.

I am going to ask around. If that turned up any useful and practical information, I’ll let you know.

Others using Woody’s and working also for, or with (such as myself, as a consultant), similar large organizations, might consider doing the same thing.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

PKCano wrote:

I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?

Same here, KB 4054518 only shows up in WU “View Installed Updates” as having successfully installed, just no mention of it in Programs and Features installed updates. Just confirming your findings as I have read Mr. Brians response below.

I thought I was the only one, LOL.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

HiFlyer

Reply | Quote

On two Windows 7 machines I have installed per Windows Update when Defcon was briefly 3:

2018-2 Rollup KB4074598

and

2018-1 Rollup .NET KB4055532

Do I have a memory leak? And do I need to Rollback to December?

1 user thanked author for this post.

HiFlyer

Reply | Quote

I believe the memory leak was introduced by the Jan Rolllup, so I would say yes.

If you are not going to rollback you shouls install KB 4100480 to mitigate Total Meltdown, then hold off patching until MS gets this fixed.

5 users thanked author for this post.

Lori, JDeC, HiFlyer, walker, Pim

Reply | Quote

Thank you for your answer,

I decided to rollback the two machines. Since that is why Susan wrote the post in the first place. I feel that if only installing KB 4100480 was good enough. Than there would be no point in taking the drastic step to tell people to roll back.

Note that after the roll back some updates will be listed as being installed on the current date. But when you check the KB numbers you will see that these updates are from before the Melt Down patches.

BTW Both my machines are running on old AMD hardware. Let us hope that Microsoft can finally come up with a solid patch that freezes the melt.

<!–DOCTY–>

Reply | Quote

According to the information on the update page of KB 4100480 in the Catalogue, this seems to be meant only for machines with AMD64 CPUs:

“A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
Architecture: AMD64
Classification: Security Updates
Supported products: Windows 7
Supported languages: all ”

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

AMD64 indicates a 64-bit computer, not the company AMD

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

Yes…  And?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Do you have a 64-bit system or a 32-bit system?

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox114.0b8 MicrosoftDefender

Reply | Quote

x64.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Then just install the x64 version of the patch if you so choose. AMD64 is the designation Microsoft uses for almost ALL of their 64 bit patches. They don’t differentiate between AMD and Intel unless the patch is specific to the manufacturer. In other words, if a patch is specific to either AMD or Intel architecture (32 or 64 bit), Microsoft will SAY SO in the patch’s title.

That is what @satrow is trying to explain to you just below this post, and what @PKCano was trying to say in this post above here.

Case in point: When MS earlier this year bricked many older AMD machines with the January patch, they released a patch just for AMD machines and only certain AMD processors. Windows Update was smart enough to figure out which specific AMD processor was on the machine (if any) and offer the AMD-specific patch if it was called for.

Still unsure of what you’re being offered by Windows Update?

Then check out the following link to the patch you might have been ready to install for March, KB4088875, if the current mess for March hadn’t developed: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4088875 and then click on the link that says “2018-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088875)”. You’ll notice that in the “Overview” tab, the supported architectures listed are “AMD64, X86”. In other words, ALL x64 and x86 architecture, even though Microsoft doesn’t come out and say it directly.

I sincerely hope this helps clarify things for you.

EDIT html to text – content may not appear as intended

4 users thanked author for this post.

satrow, HiFlyer, SueW, MrBrian

Reply | Quote

See section “Affected Products” at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038.

1 user thanked author for this post.

SueW

Reply | Quote

“Architecture: AMD64” = all Windows x64 versions released in the last ~12 years.

(Edit: 5 minutes late getting a quick reply in, time to retire this 2009 netbook?)

Reply | Quote

I have an x64 Intel chipset in my 7-year old HP, and dare think I am not the only one.

So this should be made very clear. It is not a trivial fact.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

Your Intelx64 HP runs exactly the same Windows AMDx64 version as my Intel Ivybridge Xeon and i3’s do, there is no Intelx64 version of Windows.

1 user thanked author for this post.

dgreen

Reply | Quote

MrBrian,

 

The link in there gets you to the same page of the Catalogue where you can find the  Description mentioning that the update is for machines with the AMD64 architecture.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Architecture: AMD64 equates to all currently supported 64-bit versions of Windows.

2 users thanked author for this post.

dgreen, SueW

Reply | Quote

It does, even though it appears counter-intuitive.

https://en.wikipedia.org/wiki/X86-64 and https://en.wikipedia.org/wiki/IA-64 also a search for AMD64 in your Windows folder should turn up an an awful lot of hits. I’d show you my hit list but I’m currently using a 2009 Atom nebook – x86 only…

Reply | Quote

Unfortunately, following your suggestion has not made it crystal clear that Intel’s x64 architecture is the same as AMD64. What I’ve found, in Wikipedia and elsewhere, mainly says that Intel’s x64 is similar, or based on AMD’s. Not identical.

For example, this from https://superuser.com/questions/383711/whats-the-difference-between-intel-64-and-amd64  :

“From what I’ve read extended Memory 64-bit Technology (EM64T) is Intel‘s implementation of AMD‘s AMD64 and the differences between the Intel64 and AMD64 are:

• EM64T’s BSF and BSR instructions act differently when the source is 0 and the operand size is 32 bits. The processor sets the zero flag and leaves the upper 32 bits of the destination undefined.
• AMD64 supports 3DNow! instructions. This includes prefetch with the opcode 0x0F 0x0D and PREFETCHW, which are useful for hiding memory latency.
• EM64T lacks the ability to save and restore a reduced (and thus faster) version of the floating-point state (involving the FXSAVE and FXRSTOR instructions).
• EM64T lacks some model-specific registers that are considered architectural to AMD64. These include SYSCFG, TOP_MEM, and TOP_MEM2.
• EM64T supports microcode update as in 32-bit mode, whereas AMD64 processors use a different microcode update format and control MSRs.
• EM64T’s CPUID instruction is very vendor-specific, as is normal for x86-style processors.
• EM64T supports the MONITOR and MWAIT instructions, used by operating systems to better deal with Hyper-threading.
• AMD64 systems allow the use of the AGP aperture as an IO-MMU. Operating systems can take advantage of this to let normal PCI devices DMA to memory above 4 GiB. EM64T systems require the use of bounce buffers, which are slower.
• SYSCALL and SYSRET are also only supported in IA-32e mode (not in compatibility mode) on EM64T. SYSENTER and SYSEXIT are supported in both modes.
• Near branches with the 0×66 (operand size) prefix behave differently. One type of CPU clears only the top 32 bits, while the other type clears the top 48 bits. “

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Apologies for not being in a position to give detailed replies correcting your rather rapid-fire comments; I’m currently using one of those N-series Atoms from 2009 that doesn’t support AMD64… 😉

Reply | Quote

Lucky you.

As to “rapid fire responses”: this is something I see as in need of urgent, and up front (main page), clarification. I don’t usually hang around a computer on Saturday evenings. Do enough of that during the week.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Lucky me indeed.

1 user thanked author for this post.

SueW

Reply | Quote

@oscarcp,

The designations are definitely confusing. The way I understand it is that “AMD64” is a nod to the fact that the folks at AMD were the ones who first developed the 64-bit CPU architecture. “AMD64” does not mean that you have an AMD processor in your PC, it means that you have a 64-bit processor (manufactured by whomever) in your PC.

For information as to the company that made the CPU in your computer, you can open your Windows 7 Start Menu, then right-click on “Computer” in the right panel, then left-click on “Properties” in the resulting menu. This will open a new “System” window, where you can visually scan for the line that’s labeled “Processor.” This line will specify whether you have an Intel chip or an AMD chip in your computer.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

6 users thanked author for this post.

flackcatcher, dgreen, Laptop Boy, OscarCP, HiFlyer, SueW

Reply | Quote

It may be more than a nod. I have no inside information, but it always read to me as though there was an agreement that made more strenuous action not necessary.

Intel had made their game changing reputation on the 8086. They capitalized on that reputation by continuing to evoke that success in subsequent chip names. Same branding idea that Boeing used with the 7×7 series of airframes.

When AMD came up with their own game changing chip a quarter century later, it was very important to them that everyone know who did it first. I find it possible they did not like the idea of being represented by x64 as if it were some kind of lesser knockoff.

4 users thanked author for this post.

flackcatcher, OscarCP, HiFlyer, Cybertooth

Reply | Quote

True. And as usual in those days, lawyers were involved. Well, there are always lawyers….

1 user thanked author for this post.

Cybertooth

Reply | Quote

That is exactly what I’ve done.  The cure is worse than the disease imho.  I’ve rolled back group B updates on various Windows 7 machines so the last bundled patch was December 2018.  I will wait this out, practicing safe browsing of course (no IE, noscript, etc).  Altho I’ve been a Group B member, I’m not sure that’s viable any more.  Sorting out this mess without giving in to the mothership in Redmond (aka joining Group A) is probably not worth my time.  Group A may be the only (less in-) sane way to move forward with Windows 7 at this point.  Heck – Windows 10 is looking better and better (in a relative sense at least).  Perhaps it’s time.

Reply | Quote

Windows 10 is looking better and better…

That is what Microsoft wants, is higher Windows 10 adoptions rates. Somethings work better, some not…purposely or by mistake.

3 users thanked author for this post.

HiFlyer, SueW, Cybertooth

Reply | Quote

Group A…I also ran Disk Cleanup and missing the updates in the Add/Remove. I ran Steve Gibson’s InSpectre scan and disabled the Meltdown fix and performance is back. So far everything is running good and I have not installed March updates. I’ve got WU buttoned up and on hold. Should I run KB410080 ?

1 user thanked author for this post.

HiFlyer

Reply | Quote

Yes, if you don’t roll back, you should install KB 4100480

2 users thanked author for this post.

HiFlyer, walker

Reply | Quote

In the Catalog, you probably should use “2018-03 Security Update for Windows 7 for x64-based Systems (KB4100480)”.

1 user thanked author for this post.

bobcat5536

Reply | Quote

W7 Home x64 Group B, currently up to date thru Feb18, including Oct-Dec17. I did a Disk Cleanup about a week ago. All appears to be operating normally, so I choose not to fix anything with a rollback, despite a vulnerability. I accept the risk. I will continue to sit on Mar until the Defcon goes to 3 or better, which probably won’t happen until after the Apr release. I maintain plenty of patience and strictly adhere to the B methodology. I read the threads daily and send Kudos to the crew, Da Boss has assembled here. Keep it up … you gals and guys are the best!

4 users thanked author for this post.

JDeC, HiFlyer, SueW, Cybertooth

Reply | Quote

I have Win7 Pro Intel 32-bit. The KB4100480 is not for 32bit machines. Does any of this apply to me, should I roll back to December 2017? I only have applied updates using Groub-B Security Only patches.

Reply | Quote

For group B and just for clarity, I ‘m assuming the IE patches do not need be rolled back as well (e.g. like KB4088835) ?

Reply | Quote

@MrBrian If I install KB 4100480, should I install KB 4099950 first? If the answer is yes, should I also reboot between updates even if I’m not prompted to do so?

Reply | Quote

I believe there’s probably no need to do so because KB4100480 probably doesn’t introduce the two networking issues listed in KB4088875 and KB4088878 because it doesn’t contain file pci.sys.

3 users thanked author for this post.

HiFlyer, walker, Moonbear

Reply | Quote

Ok, then I think my way is clear. I’ll probably hold off until tomorrow then install the patch.

Reply | Quote

On a note of levity courtesy of Laurel and Hardy:

“Well, here’s another nice mess you’ve gotten me into Sattya”

Sadly it’s not a joke

3 users thanked author for this post.

HiFlyer, SueW, Cybertooth

Reply | Quote

Just curious, I am Grp. A and installed Jan. & Feb but held off on March. I just checked WU and as “Important” it shows 3 updates: 1- KB 4100480, 2- KB 2952664, & the MSRT for this month.

Should I install the KB 2952664? I seem to remember that was the one that prepared you for W10 or was a telemetry update.

Thanks

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

I believe you remembered right…I always hide that one.

Reply | Quote

I just installed MSRT & KB 4100480 and hid KB 2952664 on 1 of my W7 x64 computers before installing on any others. So far no problems.

Since I have had no problems with the Jan/Feb rollups, I didn’t feel like rolling back that far so hopefully 4100480 plugs the hole.

Thanks for all the advice folks.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

as i’m not going to rollback:

before installing KB4100480, are there any bugs introduced by kb4100480?

Reply | Quote

“This post discusses whether KB4100480 likely contains each issue in KB4088875.”

Reply | Quote

Well, I’ll wait a few days, if Defcon changes (normally around 5th of a month?) in install this along with others.
Always have panic about installing updates and rebooting afterwards, so i’m rebooting as seldom as possible.
which means: installing patches and rebooting once per month max.

Reply | Quote

.. i’m rebooting as seldom as possible.
which means: installing patches and rebooting once per month max

Just keep in mind that patches (updates) do not take effect until your computer is rebooted.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

I know. that’s exactly the reason why i wait regarding installation of this update.

i’m patching only once per month, as soon defcon 3 is active, do reboots necessary due to patching.

1 user thanked author for this post.

SueW

Reply | Quote

There is a lot more confusion added to the advise when there is no specific reference to what architecture is being talked about. Just stating ‘Windows 7’ gives the impression that both are equally affected and the advise applies to both. I urge everyone to add 64 or 32 after Windows 7 to avoid this confusion. The problems and remedies are, at times, different.

It would also be helpful when referring to monthly updates as either the rollup or the security-only update. Using just KB numbers works if the reader is familiar with that KB, otherwise it is not. With more KBs arriving at random (mostly for W7/64), the complexity has increased.

By no means is this a complaint. It is just a suggestion.

Everyone is trying to understand the situation, see what they should or should not do, and stay aware. We need as much clarity as we can muster right now or systems will get messed up unintentionally. Windows 7/64 and 32 may be in more trouble than Microsoft is owning up to.

9 users thanked author for this post.

Cayennejim, Laptop Boy, OscarCP, twbartender, grayslady, Microfix, HiFlyer, SueW, Elly

Reply | Quote

After installing KB4100480..I’m now being offered KB4099950 as an optional update. Was not being offered this until I installed KB4100480. Any recommendation here ?

Reply | Quote

Before anyone here goes ahead with the advice to install KB4100480, and unless if offered to your machine by Windows Updates, or shows up when doing a search for updates, my suggestion is to:

HOLD ON.

In the Catalogue page for KB4100480 it says that it is for machines with AMD64 architectures.

In response to my posting about this, and whether it really applies to Intel x64 machines like my own, I have got back, so far:

(1) A way-to terse-answer from PKCano.

(2) A series of postings to the effect that Intel x64 architecture is the same as AMD64, with references to Web pages that, in fact, indicate that they are similar, not identical. Is that good enough? Unclear, at this point.

So, at least for myself, until this is made crystal clear, with a sufficiently long and well-referenced explanation, I am not removing or adding any updates, something that could bring along problematic side-effects.

Of course, what you’ll do, is up to you.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

JDeC, HiFlyer, Cayennejim

Reply | Quote

What are the amd64 files in Windows 7 x64?

3 users thanked author for this post.

HiFlyer, SueW, satrow

Reply | Quote

In reference to installing patch KB4100480, it does say that it’s for 64-bit processors. I think you are correct in saying HOLD ON until Susan clarifies this. Since I have an AMD 32 bit processor, I will hold on installing that patch. (It also does not show up in my Windows Update). Group A. I can only access it through Windows Catalog).

Reply | Quote

MrBrian,

Thanks for the link. I appreciate your desire to help.

That said, I am going to wait until the end of next month, while taking a good look further into this, and then decide what to do about it. Maybe.

In the meantime: none of the patches mentioned here shall be installed or removed from my PC.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

There may well be physical differences between 64 bit chips made by AMD and those made by Intel, just as there are between different generations of 64 bit Intel chips. But when used in referring to the Windows operating system ‘amd64’ means 64 bit operating system regardless of whether the chip was made by AMD or by Intel. It is confusing, but to the best of my knowledge that’s what the terminology means. So as long as you pick the 64 bit patches you should be OK – at least to the extent that the patches are OK to begin with, but that’s why Woody has the Defcon system.

8 users thanked author for this post.

Elly, flackcatcher, Laptop Boy, OscarCP, HiFlyer, SueW, Cayennejim, satrow

Reply | Quote

@MrBrian I went ahead and installed KB 4100480, so far everything’s running fine. Would it be a good idea to hide the other patches offered through WU?

Reply | Quote

If you follow my “install it or hide it” general update advice for Windows 7 and 8.1, you should hide the updates that you won’t install now.

Reply | Quote

Ok then, I’ll go hide them now. Thanks for all the help.

Reply | Quote

Mr.Brian:   I sent another message a short time ago, however I just read the post about “installing or hiding”.    Is this message intended for “ALL” updates (including the March updates?).   I don’t make a move unless I’m directed that the MSDefcon has cleared an update or it has been approved in some other manner.   Apologies for the “lack of literacy with computers” (as always).     I think I’m beginning to get “dizzy”.   Thank you once again, as always.    🙂

Reply | Quote

That is a reference to my alternate unofficial instructions for updating Windows 7 and 8.1.

1 user thanked author for this post.

walker

Reply | Quote

I think Susan doesn’t like telling people to uninstall updates is because it puts people in limbo.

I am Group B and I have installed all security patches and the KB4100480 patch fix. Currently my Windows 7 machines are running fine and after these March updates, my systems actually feel cleaner if that makes sense.

I am struggling to trust MS but I think we need to go with the latest advice and nobody can guarantee that  you will be safer and won’t have any problems if you roll back to Dec 2017.

For me the Meltdown exploit is more dangerous, and I am sure hackers are working on this now. I am totally not convinced rolling back is a safer option if people have a system running well. But this latest fiasco should underline that Group B updating after feedback on patches is the best option.

Saying that, I think disabling updates is becoming a viable option after this current mess is put to bed.

Reply | Quote

I have to ask; With all its experience and resources, is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design. And that is unacceptable, to support a company with such low ethical standards.

Given the context this is happening in, MS pushing Win 10 so hard, and the standard business model these days is more often than not deception (of the customer) rather than respect, it looks like one (brutal and dishonest) tactic to get people off Win 7 and onto Win 10.

I don’t want Win 10, the ever mutating OS – so I’ll stick with Win 7 until I figure out Linux. Maybe some other OS is on the horizon? Anyway, I’m done with MS as soon as it’s practicable.

5 users thanked author for this post.

HiFlyer, SueW, Sessh, David F, Elly

Reply | Quote

anonymous wrote:

is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design

Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time.
🙂

9 users thanked author for this post.

jburk07, Moonbear, Microfix, SueW, Cascadian, satrow, AJNorth, AlphaCharlie, Elly

Reply | Quote

Then there is ordinary sloppiness — not to mention just plain lackadaisicalness.  (Gee, I can remember when companies took actual pride in their products and had genuine concern for their customers… that was then.  Sigh.)

3 users thanked author for this post.

jburk07, HiFlyer, Cascadian

Reply | Quote

How about incompetent ‘by design’? 🙂

2 users thanked author for this post.

AJNorth, HiFlyer

Reply | Quote

Personally, I cannot buy the “human error” or “unintended consequences” line because of GWX. It was malicious and it was most certainly intentional design 100%. After that, I can’t go along with anything being unintentional or by human error. They showed their hands with GWX which never really ended at all.

Disbanding their Windows team feels like a child throwing a temper tantrum after not being able to get his/her way. Windows 10 has failed despite all their efforts. Not even giving it away for free was enough to offset all of it’s shortcomings. It means they have given up on Windows which was already sabotaged when they got rid of their QA testing team. All of this was by design. They had to have known all these problems would arise without a testing team to make sure these patches were ready and so I cannot consider the consequences of those actions as being “unintended” at all. They knew what they were doing and what the consequences would be just like the rest of us did when we heard of it.

Cut costs to increase profits and who cares about the consequences. That’s called capitalism, something I’m not so sure is a good thing anymore.

5 users thanked author for this post.

David F, flackcatcher, HiFlyer, AJNorth, RamRod

Reply | Quote

AJNorth above, Agreed

Sessh, Agree with you on MS.

But if you go back in history greed not actually capitalism is the culprit. In the 1800’s and in the early 1900’s people with large companies ran everything. Teddy Roosevelt was one that passed anti-trust laws to stop this greed an control. It may be needed again, to review what is proper business practice and what is anti-trust or in this case, not trustworthy.

2 users thanked author for this post.

flackcatcher, HiFlyer

Reply | Quote

It has been reported (someone also posted that here, at Woody’s, a few days ago) that Nadella has announced that MS is going to concentrate now on AI and Cloud services, so it is cutting the Windows’ engineering staff in half by moving 50% to work on those other projects. Not a word about improving the support for Windows, or any recent problems that require greater attention.

Given that, staying with Windows 7, Windows 8.1, or moving on to Windows 10 and staying always current with its latest system upgrade, should make little difference when it comes to the patching problems that have been cropping up with such alarming frequency for some time now. It seems like a good bet to assume that they will continue to be with us for the foreseeable future. Or at least for however long Nadella and those who agree with him stay in charge of running MS.

Being Group B is what one does to have at least some control of one’s own work while using Windows.

Question is: for how much longer will still be wise to do that?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

If MS was an airplane or automotive manufacturer, this kind of incompetence (or whatever it is) would cause the NTSB to look at revoking the type approval certificates.  Long ago.

5 users thanked author for this post.

AJNorth, Moonbear, HiFlyer, SueW, Cybertooth

Reply | Quote

Kirsty wrote:

anonymous wrote:

is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design

Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time. 

Perhaps, but this is happening every month now, how long can Microsoft hide behind being incompetent and stupid? Maybe they are totally incompetent but it’s still not acceptable

1 user thanked author for this post.

HiFlyer

Reply | Quote

Oh yes, of course incompetence is always an option, but it seemed like that wasn’t the only possible other explanation… 😉

Yes, I agree, they need to do better, a lot better. This needs to be the exception, not the rule!

3 users thanked author for this post.

Elly, jburk07, HiFlyer

Reply | Quote

“This needs to be the exception, not the rule!”

But this is now the rule, not the exception. In fact this ‘new’ rule is becoming embedded. Before long people will be accepting this new norm. It seems some people already are.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Kirsty,

Yes, absolutely, there is another explanation:

Nadella and his people now think that supporting an old-fashioned, not cool anymore, activity such as maintaining the Windows OS  as a working tool is not really what they ought to be doing anymore.

“Dear user of Windows, my very good man, woman, person, it, whatever: the world has moved on. Time for MS to move along with it.”

“But, wait! How about the agreement to maintain those systems, keeping them safe and stable until their appointed end of life?”

“Whaaat? I can’t hear you. Speak in proper Cool, like me, or stop wasting my time.”

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

Win7 Home Premium 64-bit.
Intel i7-3770.
Stand-alone (non-networked) PC.
A proud member of Group B since 2016.
Updated thru February.

Four hours ago I sucked it up and installed KB4100480, because I know it pains Susan to watch us uninstall updates. Or perhaps that wasn’t the reason. In any case, the install/reboot went smoothly, and I’ve been using various programs since, and all seems normal.

And that is the only update I’ve installed since installing the February Group B updates on March 5th.

3 users thanked author for this post.

HiFlyer, SueW, MrBrian

Reply | Quote

PKCano wrote:

UPDATE After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following: KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013. After rebooting, the computer was up to date with no other updates offered. Win7 Ultimate x64 Group A patching

Interesting. On one of my Win7 computers, I had run disk cleanup on February 11, 2018. About a week ago I manually ran Windows Update. To my surprise, WU had me reinstall the following updates.

Optional:

Update for Windows 7 for x64-based Systems (KB3092627) 09/08/2015

Important:

Security Update for Windows 7 for x64-based Systems (KB2862152) 11/12/2013
Security Update for Windows 7 for x64-based Systems (KB3022777) 01/13/2015
Security Update for Windows 7 for x64-based Systems (KB3076895) 08/11/2015
Security Update for Windows 7 for x64-based Systems (KB3084135) 09/08/2015
Security Update for Windows 7 for x64-based Systems (KB3001722) 11/10/2015

It would appear that Disk Cleanup is not to be trusted. Perhaps other later updates marked the above updates as being superseded when in fact they were not? The above updates did not show up in Windows Update for re-installation until after all current updates were hidden such that WU reported that there were no updates available for my computer. Only then, and after manually checking for updates again, did the above updates show up.

Reply | Quote

I’ve seen this behavior before. It’s one of the reasons that I recommend to use Disk Cleanup of Windows updates (followed by a restart, where the cleanup happens) only immediately before checking for Windows Updates.

3 users thanked author for this post.

walker, GoneToPlaid, SueW

Reply | Quote

Mr Brian, Agreed. Run the Disk Cleanup only when the computer is running perfectly and -before- one is ready to do updates.

Reply | Quote

Every time I’ve tried to run Disk Cleanup including the windows update files, my Win 7 Pro machine gets stuck on the reboot.  Ultimately, I’m forced to do a hard power down and system restore which negates cleaning up the system files.  The disk cleanup is not an option for me if I include the windows update system files.

Reply | Quote

DennyC there have been times that we have run Disk Cleanup, windows update files and old Windows Versions and the reboot took up to 45 minutes to complete.

We too, got worried but we left it alone and it finally made it to the Desktop.

If you do try again, make sure you do have a good registry restore point, do the Disk Cleanup and when it reboots, leave it alone for an hour. If no good then you have some issues with Windows and may want to run SFC system file checker or maybe the Windows Update Readiness Tool.

Below are the URLs and one is even from DELL with suggestions/help.
System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [October 2014]
https://www.microsoft.com/en-us/download/details.aspx?id=20858

Fix Windows Update errors by using the DISM or System Update Readiness tool
https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness
Look for:  For Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008

Repairing Windows Update Issues with the System Update Readiness Tool (CheckSUR)
http://www.dell.com/support/article/us/en/19/sln285523/repairing-windows-update-issues-with-the-system-update-readiness-tool-checksur-?lang=en

Hope this helps. Keep us Posted!

1 user thanked author for this post.

DennyC

Reply | Quote

Of note, I just had the exact same issue after uninstalling the January Security Only update. This occurred on my other virtually identical Win7 machine in which the only difference is that the MB has a Z97 chipset versus my main Win7 machine’s Z87 chipset. On the virtually identical Win7 computer with the Z97 chipset, I had run Disk Cleanup on 2018-01-14. And I had to reinstall the same six much older Windows Updates. Those updates of course only showed up after all current available updates were hidden.

And on this virtually identical Win7 computer, I just discovered that some CBS log files had grown to around 2GB in size. Thus I just blew out the contents of the CBS folder, and I just rebooted so that Windows would generate new CBS log files which will be up to date. Note that blowing out the contents of the CBS folder, if the log files and/or zipped versions of older CBS log files have grown to very large sizes, results in a faster reboot since Win7 isn’t having to churn through very large and deficient older log files. In fact, a new replacement CBS log file is generated almost immediately after rebooting. In this particular case, the new CBS log file only contained information about the update which I had just uninstalled (the January 2018 update) and reported that the installation package was no longer available. This is as expected.

Reply | Quote

Susan,  does this apply to 32 bit???  My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.
If things don’t improve for March is it ok to skip a month and wait for April?  Any help much appreciated.

Reply | Quote

anonymous wrote:

Susan, does this apply to 32 bit??? My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.

If things don’t improve for March is it ok to skip a month and wait for April? Any help much appreciated.

To the best of my knowledge, no, this should not apply to 32 bit Windows 7.

The KB4100480 emergency security update for the Total Meltdown flaw is for 64 bit Windows 7 only and does not apply to 32 bit systems. Your 32 bit system is not vulnerable to it.

And as 32 bit Windows 7 systems only start receiving Meltdown “fixes” beginning with the March rollup or security-only update, your system has not received these fixes anyway. (Meltdown “fixes” were delivered to 64 bit Windows 7 systems starting in January and so 64 bit Windows 7 systems that had any of the January / February / March rollups installed were susceptible to the Total Meltdown flaw.)

Hope for the best. Prepare for the worst.

1 user thanked author for this post.

Cayennejim

Reply | Quote

satrow wrote:

(Edit: 5 minutes late getting a quick reply in, time to retire this 2009 netbook?)

Retire from MS windows maybe but you can just stick an LXDE hybrid OS on it and use it for surfing (limits due to hardware within), done that years ago with a 2010 netbook. Also runs WinXP offline nicely with integrated SATA drivers within the ISO.

back on topic..

Keeping IT Lean, Clean and Mean!

2 users thanked author for this post.

HiFlyer, satrow

Reply | Quote

When my 2009 Acer netbook’s XP Home Edition reached EOL I installed Lubuntu.  It’s been performing well ever since and I don’t miss Windows at all.

4 users thanked author for this post.

OscarCP, HiFlyer, satrow, Microfix

Reply | Quote

What about the Outlook updates? I’m using 2007 and have 3 security updates waiting. Are these OK to install or should I wait on Defcon 3? I checked the Office forums but saw no info posted there. Thanks.

Win 10 Pro v.20h2

Reply | Quote

Win7 SP1 Home Prem x64

Intel Core I5 2500K

 

I just installed KB 4100480 along with the latest MSRT and my computer powered down after install as usual but this time it did not reboot. Computer remained on but I had to hit the reset to get it to reboot. First time this has happened in 7 years.

 

Win 10 Pro v.20h2

Reply | Quote

Getting out of a no-boot situation after installing Windows updates

3 users thanked author for this post.

Elly, walker, rhp52

Reply | Quote

MrBrian wrote:

If you follow my “install it or hide it” general update advice for Windows 7 and 8.1, you should hide the updates that you won’t install now.

Perhaps update your update advice to mention why one should hide updates which they do not wish to install? The reason of course being that newer updates might not show up in WU if WU presently is showing updates which have not been hidden.

3 users thanked author for this post.

AJNorth, MrBrian, OscarCP

Reply | Quote

Thanks for the suggestion :).

I updated my unofficial instructions to add a link to this post.

Reply | Quote

Things to keep in mind  — when you see AMD64 it means both an AMD and an Intel 64 bit support.  AMD actually invented the 64 bit platform first, but bottom line if you see AMD64 it is applicable to both and AMD or an Intel system.

Susan Bradley Patch Lady

4 users thanked author for this post.

Elly, dgreen, OscarCP, Microfix

Reply | Quote

 

Dear Patch Lady,

A note of thanks, and a small request:

(a) Thanks for coming out and clarifying the meaning of AMD64.

I’ll take your word for it, as searching the Web for an equally clear and unambiguous statement on this question has proven futile.

Still and all, I do find it quite odd that, in the harshly competitive and secretive world of commercial enterprises, the name of one of them is tolerated in a term of art. That is common practice in science and engineering, where the names of the inventors or discoverers are often included in the name of their creation (Boltzmann constant, Simpson’s rule, Pythagoras’ theorem, Hooks’ module, Koch’s bacillus, etc.); but science and engineering, while highly (and often not fairly) competitive, are both essentially cooperative, collegial endeavors. Chip making? Not so much.

(b) Unrelated to the above, one small request:

Would you, please, include in all your postings the link to the current version of your Patches’ list?

And thank you, also, for your good and useful work.

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

IIRC it was the AMDx64 Opteron (code name) single core CPU that was the first, had one many moons ago.  Like most AMD cpu’s of that era, they ran hotter than intels equivalent performance/ speed offerings therefor requiring larger noisier fans for better cpu cooling.

Keeping IT Lean, Clean and Mean!

Reply | Quote

Ah, I remember the AMD Opteron CPUs. We skipped that since at the time we had three computers which used AMD Athlons which had the large vertical heat sinks and fans and which were serving us very well. You bring back memories for me. The three computers with the Athlons survived a direct lightning strike to a power pole which was roughly 200 feet from the house. I say “survived” since the only things which had to be replaced were the power supplies for those computers. The other two Intel computers completely fried — power supplies fried, motherboards fried, the CPUs fried, and the serial ports fried.

Back down memory lane, I had an AMD K6-2 300 MHz CPU in which the CPU fan completely died. Did the CPU cook? No, it did not since it properly monitored its thermals. I replaced the CPU fan and that K6 CPU hummed along for around another year before I decided to replace it first with a K6 450 MHz CPU and finally with a K6 550 MHz CPU. Ah, the good old days were when Microsoft actually cared about its customers and released Windows XP updates which were fully vetted by the no longer existent Windows Update Quality Assurance Team.

Those were the good old days in the sense that I never had to worry about installing any Windows Updates. This, sadly, has been what has been lost under Nadella — trust that Windows Updates will not cause anything from minor to extremely serious issues after installing Windows Updates. It is what it is, and this is apparently the way that Nadella likes it — perhaps to support his delusional idea to investors that Windows is no longer relevant to Microsoft’s bottom line in which Nadella has banked absolutely everything on the Cloud? If I was an investor in Microsoft, I would and should be taking a really deep and hard look into this scenario since all prudent investors should know that it is unwise to put all of one’s eggs into one basket — let alone into a company which extols only one single path forward. Yet this is nothing more than my personal opinion and for what it is worth.

 

4 users thanked author for this post.

flackcatcher, Microfix, Elly, OscarCP

Reply | Quote

Looking at the most recent commentary on the Web from various specialized publications, including financial ones investors are likely to read, I have found only fan-boy type raves admiring Nadella’s vision and rapturously fawning interviews of the man himself. What gives?

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

Bill C., wdburt1, Elly

Reply | Quote

The financial press is both oriented toward short-term performance (of the kind you get from milking a dying franchise) and sucked in by the promises of tech.  Not surprisingly, many investors, particularly the big institutional ones and hedge funds, also fit this description.

In the articles that appeared a few days ago concerning Microsoft’s de-emphasizing Windows, the spin was to explain this as an effort to redeploy resources into the company’s “fast-growing” cloud initiatives.  I didn’t see anyone asking whether products like Edge have been successful; instead, writers simply apply a credulous belief in tech.  It’s practically a cliche to have tech companies that haven’t made a profit and in many cases don’t seem to have a clear plan to do so, yet are valued by credulous investors at billions of dollars.  Satya Nadella fits right in.

3 users thanked author for this post.

flackcatcher, HiFlyer, SueW

Reply | Quote

“It’s easier to fool people than to convince them they have been fooled.”

~~ Mark Twain

5 users thanked author for this post.

jburk07, flackcatcher, HiFlyer, Cybertooth, AJNorth

Reply | Quote

(Off topic) My recollections of a great cpu, which I had for many years on a home built rig, was a gem, the (retail) Slot1 intel Celeron 300A stock at 66MHz (clocked to 100MHz) that ramped up to 450MHz no problem with minimal extra cooling, albeit a 128kb on-die-cache compared to the extortionately priced flagship PIII 450 which had 256k on-die-cache at the time. All done on an Abit BH6 mobo that could run any game thrown at it with an nvidia TNT2 AGP graphics card. Those were the days, so much fun!

Sadly the overclockers are now a thing of the past as modern day Operating Systems won’ t allow it.

thanks for the memories Gone to Plaid!

(Back on topic)

Keeping IT Lean, Clean and Mean!

Reply | Quote

Microfix wrote:

Sadly the overclockers are now a thing of the past as modern day Operating Systems won’ t allow it.

thanks for the memories Gone to Plaid!

You can still do overclocking with Win7, 8.1, and even with Win10, as well as some Linux distros. A number of new MBs have dual UEFI setups to allow booting in an overclocked state.

I have OC setting for my GPU and RAM for certain games, but have not used them in years as the box ages, and I do not want to overstress or tank old hardwawre. It is easier to set an XMP memory profile than do an OC.

Given the speed of new CPUs the “need” for OC has diminished, unless you are in the crowd that shoots for massive benchmarks. It is interesting to see the setups that use liquid nitrogen or dry ice for cooling. Practical, no (maybe?), but interesting yes.

Unfortunately, what used to be interesting experiments has been eliminated by the need to defend and preserve my Win7-64Pro install from bad poatches all while fending off the MS Borg.

As B.B.King sang, “The thrill is gone.”

Reply | Quote

My deepest apologies, because I don’t have any 32bit devices under my patching control I forgot to note that this issue only impacts the 64bit platforms.

Susan Bradley Patch Lady

2 users thanked author for this post.

SueW, Elly

Reply | Quote

@Susan FWIW, yesterday I went to the update catalog to get the 4100480 update for a Win 7 Starter 32 bit. “odd”, I thought. Only 3 entries, one for Win7 64 bit, one for Embedded Win 7 and one for Server 2008 (not sure about the last one, but something like that.)

Then I remembered the issue doesn’t affect 32 bit. Got a bit of a chuckle out of that, and trust me, I don’t usually get any chuckles out of updating/patching.

Reply | Quote

A data point for Win 7 Pro SP1 x64 Group B current through February patches.

Just installed KB4100480. no apparent issues or drama, normal restart, no detectable slowdown (although I’m not a ‘heavy’ or ‘intensive’ user by any means).

4 users thanked author for this post.

HiFlyer, SueW, AJNorth, MrBrian

Reply | Quote

Win7 Pro, 64bit, AMD 8 core CPU FX-8320e, 16 gigs memory

Multi-boot capability, Win7, Win10, Ubuntu, Mint.

Macrium Reflect backup, uninstalled 5 updates to get back to December.

Ran Windows Update, 3 Net updates, about a dozen windows updates,  some of which went back to 2015, one of which was on my naughty list which I didn’t install.

Installed. Windows Update again, nothing recommended here showed up.  Just downloaded and  installed 4100480 & 4054521, neither of which showed up in Windows update.

I’ll do another back up.

Wondering why I just don’t shut off the internet for Windows and stick with Linux..I lost interest in this OS/computer nonsense long ago..

Reply | Quote

is it safe to install IE update KB4096040 ?

Reply | Quote

DennyC wrote:

Every time I’ve tried to run Disk Cleanup including the windows update files, my Win 7 Pro machine gets stuck on the reboot. Ultimately, I’m forced to do a hard power down and system restore which negates cleaning up the system files. The disk cleanup is not an option for me if I include the windows update system files.

This could be caused by either cancelling the installation of an update, or by an update which failed to install. This results in a plethora of update related files which are not properly cleaned up. Ask the experts here about how to discover and then how to eliminate such cancelled or failed updates.

Reply | Quote

I have the hang up problem at the end of the re-start. It says that has reconfigured 100%, the notice goes away but then it just stays busy and I cannot do anything. I do have several cancelled and failed updates in my update history. So, what is the best way to take care of this problem?  Win 7 64bit sp1

Reply | Quote

Regarding the hangup, here are two options:

1. When it is obvious that the computer has hung after displaying Configured 100%, try typing Ctrl-Alt-Delete. For some updates in which an additional update needs to also be configured, this will cause the additional update to also be configured, and you should fairly quickly see the logon screen.

2. If #1 didn’t work and after the computer is obviously hung, wait five minutes and watch the disk activity light for your hard drive. If you see that the disk activity light is blinking only once every 1 or 2 seconds, press the reset button on your computer to force a reboot. After rebooting, you probably will see a message about configuring updates. Do not be alarmed if this message displays an update number which is in the thousands, since the update number is related to the core build of Windows and not any Windows Update itself. Your computer will now be past the hung update and will then install whatever additional updates which you had wanted to install. You should see a progress screen for these additional updates, and then see your login screen.

If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update. Accomplishing this is beyond my expertise. Yet there are experts here who can help you. I suggest that you register with this web site so that you can then get the help that you need.

 

1 user thanked author for this post.

MrBrian

Reply | Quote

“If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update”

Getting out of a no-boot situation after installing Windows updates

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

I figured that you would jump in and come to the rescue. Thanks! I wanted to know how to resolve this issue should it ever happen to me.

Reply | Quote

Stand-alone Win7 Pro SP1 x64 Haswell Group B here. All 2000003 security and IE updates installed till February.

After succesfully and unproblematically installing Mar 2018 (IE11) KB 4089187 (and reading all the do’s and don’ts and maybe’s here), I took the plunge and installed KB 4100480 as well today. Didn’t want to roll back.
All seems fine.

Happy Easter!

3 users thanked author for this post.

HiFlyer, SueW, MrBrian

Reply | Quote

You might want to install KB4096040 which replaces KB4089187. 😉

Reply | Quote

Thanks, but it’s not on Group B’s 2000003 list (yet).
Master Patch List says “Only install if you have installed the March Windows 7 updates”, which I have not. It serves to counter IE not starting because of an invalid SHA1 certificate. A problem I did not encounter.

Waiting for gurus @PKCano or @Susan Bradley (or one of the other demigods) to give a Go!

Reply | Quote

As an anonymous poster, your replies have to be moderated and thus may not appear immediately.

Reply | Quote

Thanks for letting us know but what I think he meant was the “Go” from  Woody  with a defcon change.

Reply | Quote

I was also offered this

https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=38e83d6e-03a3-45cf-8d9d-f7bac51ce9e2

Since i haven’t seen this one above, is it save to install?

Reply | Quote

For reference:
this is KB 4033342 the installer for .NET 4.7.1

Reply | Quote

PKCano wrote:

For reference: this is KB 4033342 the installer for .NET 4.7.1

PKCano, thanks a lot mate, i totally forgot to add it.

Reply | Quote

@PKCano:  Is this one “safe” to install since it’s so “old” (KB4033342)  Not checked ??   Also I have another question….

What is the Disk Cleanup, and is it safe to install this on our computers.    I am one of the computer illiterates, and don’t know “which end is up” so all advice is very helpful for me.

Thank you once again for everything you post for all of us who are just the regular users who have no knowledge about what is occurring in many instances.    Your help is absolutely invaluable, along with others who are also wonderfully gifted with so much expertise and knowledge.      I’m Win 7, Home Prem., x64, Group A.    🙂

Reply | Quote

KB4033342 is the .NET 4.7.1 installer. If it’s UNCHECKED – leave it alone. We don’t install un ticked updates.

Disk Cleanup is part of Win7 and is already on your computer.

1 user thanked author for this post.

walker

Reply | Quote

PKCano:  My apology for not seeing your reply the first time – – – – I did have problems getting the site to function, so that must have been the problem.   Thank you so very, very much for the information you provided.   I will now annotate the update to ignore (or hide?) for the present time.   Your information was wonderful – – – – Thank you once again!    🙂

Reply | Quote

Not.

Just spent the afternoon putting up the walls around my wife’s computer, a Lenovo Yoga Book. This computer is not a beast – it’s a lightweight. Got it for her to read her Nook books, Pinterest, Facebook, Gmail, and light surfing. She uses Word 2013. It’s WinX-1607, mercifully.

Windows Update had brought the machine to its knees. The machine was basically useless. So, up go the walls. The MS cure is much, much worse than the disease.

Turned off Windows Update Service. Stopped and Disabled it. Rebooted.

Removed 4023057 by uninstalling it. Removed MS Update Assistant – how’d that thing get on my computer?!

Ran WUSHOWHIDE. Hid everything except malware removal tool and Windows Defender updates. Installed Spybot Anti-Beacon. Blocked everything with that aging utility. Ran Defender Quick Scan – nothing – as expected.

Did everything I could to block MS from altering my wife’s computer. Bad MS. Bad.

An hour after turning the machine back to my wife she comes up and plants a big one on my lips and says ‘Thanks User Support Guy!’. The machine is useful once again. Guess I still got a little magic the girl fancies.

Poor, poor MS. I watched IBM diminish years ago and wondered how such a massive organization with lots or really smart folks could miss the mark so wide. Now to watch MS do it again makes me wonder if some PhD candidate in suicidal tendencies of large American corporations should pick the on-going demise of MS as a dissertation subject. Just saying.

Thanks Patch Lady & Woody.

5 users thanked author for this post.

GoneToPlaid, flackcatcher, HiFlyer, Seff, OscarCP

Reply | Quote

Your last paragraph, just before your thanks to Patch Lady and Woody, was a riot to read since it hits the nail on the head. Instead, I think that we eventually will see dissertations by college students who are working on their PHDs.

Reply | Quote

An update: A day later the wife pushes her Yoga Book across the table to me and says ‘It’s doing it again.’ The magic was over, and I’m not as good at blocking MS as I hoped. Sure enough the MS Updater is reinstalled and is downloading some new version of WinX. Windows Update is re-enabled! I stopped it and disabled it the day before. UGH!

Stopped Windows Update Service again. Disabled it – again.

Went to task scheduler – Aha! More stuff in there that automatically runs at 1:00 a.m. everyday. Disabled all scheduled tasks that I could relate to either Windows Update and, a new one here, the Windows Update Ochestrator. Noticed one task labeled ‘self healing’!!! Went to Services and yep – a new service that I’d never seen before. Stopped and disabled.

So, stop naughty services. Disable scheduled tasks. Hope and pray. And keep reading Woody. Wish someone would work out a procedure that we could execute that would block all of the self-healing paths MS has backdoored. Or frondoored. No difference – they haven’t knocked in any case. Trespassing on my machine. Bad MS. Bad.

Reply | Quote

I reinstalled Windows between Jan/Feb, so I didn’t see the one I was supposed to uninstall to. Rather than try to figure out, I elected to try the new kernel patch by itself. It seems to have gone without a hitch.

Man, using an SSD is so much better for this sort of thing.

Reply | Quote

See https://www.askwoody.com/forums/topic/patch-lady-patch-or-not-to-patch/#post-179737.

Reply | Quote

If it has reached the stage where Susan Bradley is worrying about this, (meant as a compliment), then MS has a serious problem, whatever the reason for it.

This is a company in the business of causing trauma to its users, even if not by design.

I recall reading here long ago, I think it was Woody, who said that you can run a Windows computer without updating for around 9 months without panicking…(The latest fiasco with 4GB memory leaks is unbelievable). If you feel up to it, go group W after following her advice, and if you can, seriously consider alternative operating systems. It starts to get ridiculous just trying to figure out what you do and don’t need anyway. Does anyone have the time to just user their computer instead of this patching angst (even when it works?)? Just an opinion. If there is some ultra Meltdown/Spectre exploit reported, then yes, you have to patch.

2 users thanked author for this post.

HiFlyer, Cybertooth

Reply | Quote

Apparently I’m unable to uninstall the February patch, yeesh. It’s in my update history but when I view installed updates to remove it, it only shows me January as the latest of the monthly patches.

With that said though, I don’t have any Intel parts in my PC so will I be “okay” to just keep Jan/Feb and see what April patches offer?

Reply | Quote

Two questions:
Does your update history say the Feb patch failed? (assuming Win7 that would be 4074598 Rollup, 4074587 security-only, or 4075211 Preview)
Is the QualityCompat Registry key, set by your anti-virus, still in place with the correct value?

Reply | Quote

Hey PKCano, my update history says Feb 4074598 Rollup was successful installing, and I have the registry key set up correctly (I run ESET and Malwarebytes)

Reply | Quote

Perhaps you uninstalled KB4074598 already?

Reply | Quote

Then he wouldn’t see the Jan Rollup listed, would he (Considering recent discussions) unless he re-installed it?

Reply | Quote

If the user installed KB4056894 and then KB4074598, and later uninstalled KB4074598 and rebooted, KB4056894 should still be installed unless Disk Cleanup of Windows Updates was run recently.

Reply | Quote

If you are wanting to roll back:
Uninstall Jan Rollup for Windows, reboot, wait 15 minutes after login, run search for updates.
Hide any Rollup for Windows later than Dec 2017 and re-run scan for updates until you are offered the Dec 2017 Rollup.
Install the Dec Rollup and whatever old individual Windows patches that are offered checked by default.

2 users thanked author for this post.

Lori, GoneToPlaid

Reply | Quote

Yep, that is the way to do it. Except I would add, wait 15 minutes after you have logged onto Windows since a lot of stuff is delayed until the user actually logs onto Windows.

1 user thanked author for this post.

Lori

Reply | Quote

MrBrian wrote:

Getting out of a no-boot situation after installing Windows updates

Thanks, but I’ve had no issues. It rebooted after i pushed reset, followed by the ‘ installing windows update screen’.  I checked and the the update shows ‘installed’.

Win 10 Pro v.20h2

Reply | Quote

As a Group B’er since last year I have only been installing “Security Only” updates and IE updates as directed by the A000003 page which I’m very grateful for.  I’ve had no problems & everything seems to be working well with the Jan. & Feb. S.O. updates installed.  My WU is still showing the Feb. Group A monthly rollup for Win 7.  That’s the only thing out of the ordinary I’ve noticed.

Can I continue to do the Group B updates as usual?  It seems that the Group A rollup updates are the ones causing this mess.  Please forgive me for being confused here, this is a lot to take in.  I’ve never had to uninstall an MS update and really don’t want to now if possible.  Thanks.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

Reply | Quote

The Group B Jan/Feb security-only patches contain the same problems as the Rollups. So what is said applies to both Group A and Group B.

It is your choice to roll back (uninstall) or not, but understand that the same cautions apply to both.

2 users thanked author for this post.

Charlie, Elly

Reply | Quote

My experience since following Win7 X64 Group B for Jan-Feb has been a slowly deteriorating environment on my single PC.

For some reason Unzipping files using 7zip began taking two steps longer, you could see that the program was stalling trying to write the uncompressed data to my SSD.

The same issue started when copying files from my Raid Array HDD to the SSD.  The copy would stall and then the copying files popup window would come up and slowly chunk through the copy until complete.

I was seriously worrying that I had the start of SSD failure (several years old but health and SMART check ok with plenty of over-provisioning and space available).

I decided to roll back after seeing this post, just to check. And now file copies are back to instantaneous.

Miss Susan, you have saved me much stress and costs, Thank You!

3 users thanked author for this post.

GoneToPlaid, flackcatcher, satrow

Reply | Quote

Yep, writing to SSDs are particularly impacted. I believe that the March update makes matters worse. It has to do with the 4K blocks used by SSDs. This causes a tremendous amount of overhead after installing the Meltdown/Spectre patches. Conventional platter hard drives are the least affected.

Reply | Quote

georgea wrote:

Windows 10 is looking better and better

What’s to like about Windows 10?

3 users thanked author for this post.

GoneToPlaid, Bill C., Cybertooth

Reply | Quote

Susan, I am currently Windows 7/8.1 Group B. Both are patched through January with no problems so far. I held off February’s patches due to the reported issue with two factor authentication. I currently use a military common access card (CAC) from home. In the past I have had many problems getting the CAC card to work so I didn’t want to mess with this. I was reading in some posts that this was not fixed in the security only patches and that you have to get the rollups (which I wont do). Is this true? If so could you let us know if and when this is ever fixed in the security only patches. I am also holding off on March’s patches at your advice. Since I have not had much issue with January’s I will wait and see and leave them for now.

Another question, I haven’t been able to find the answer to and maybe you might know:

KB3127916 for Office 2013 – documentation shows nothing on what it is for. I found from a good source that it is for Contactpicker.dll but I have no idea what it is doing for it.

KB3191872 for office 2013 – This update deletes or hides the From Microsoft Azure Marketplace option from the Power Pivot ribbon, because the Microsoft Azure Marketplace service is no longer exists.

 

What seems strange to me is that it is something like 64 MB and contains changes to 14 .dll files. For something so simple is deleting or hiding Azure, it seems like it is an excessively large file with many changes. Is something else there? I wouldn’t be surprised if MS sneaked something else there now a days and only telling you about one thing in it seemingly benign.

Windows 8.1 Group B, Brave & Dissenter & Protonmail

Reply | Quote

My support of (other than my own) computers has purposely dwindled from an unbelievable number to 3 desktop and 1 laptop Win7 plus 1 desktop and 1 laptop Win10 1703. I couldn’t keep up the large number OS supports and moderate too.
So here are some of my observations:

Two of the Win7 desktops are “Joe” users. They both have Jan and Feb Rollups installed, neither are being offered the Mar Rollup in WU. I had them stand pat – installing only MSRT and Office. Hid .NET 4.7.1 installer.
I thought about having them install KB 4100408, but since neither are big computer users, decided to wait.

The other desktop and laptop are my son’s. They also have Jan and Feb Rollups installed. He has a metal-working business. On his desktop (Dell XPS 27″ all-in-one quad core i7, 16GB RAM 4-5 yrs old) he usually has multiple DesignCad drawings, multiple large .PDFs, QuickBooks, and Chrome open at the same time. He has seen a HUGE slowdown in the computer lately – reports circle going around, long page loads, etc.
For him, I am considering the rollback to Dec. 2017. See if it relieves some of the resource loss. At the same time I’m considering long term effects of rollback on the integrity of the OS, considering MS’s problems with supersedence.
If I do this I am also considering doing the standalone IE11 CUs monthly to keep IE up to date, though he uses only Chrome. The security-only patches seem to have the same problems as the Rollups, so they’re out.

————-

Have managed to keep both the Win10 1703 Pros on 1703 by finagling. Feature updates set 365, quality updates set at 0, no pause. GP: WU Automatic = 2 notify download & install, Download set to 99 simple (no peering). Connected Customer Experience and Telemetry Service – Disabled (keeps turning back on). Tasks: All under Application Experience, Autochk, and CEIP Disabled (some turn back on). Tasks under Update Orchestrator – two USO, sched scan, Refresh settings, MusUx Disabled (some keep turning back on).
Have found that I can’t get rid of KB 4023057 from the WU queue with wushowhide unless I disable the sih and sihboot Tasks under WU then run Disk Cleanup and reboot immediately before wushowhide. Only then can I hide KB 4023057 using wushowhide and have it is out of the WU queue so I can install just the CU update.
Have had to uninstall KB 4023057 and delete the Windows\updateassistantv2 folder on occasion.
Both are still on latest build of 1703 (966), but I dread the emergency call from the office manager saying an upgrade is in progress or the machine is borked.

3 users thanked author for this post.

RamRod, abbodi86, walker

Reply | Quote

I did a fresh install one week ago and installed kb4074598. My only activity was visit microsoft support pages and askwoody with IE11 but for peace of mind should i reinstall windows? I want to have a reliable installation and create a disk image.

 

Reply | Quote

Does the computer have any new issues after installing KB4074598?

Reply | Quote

Sometimes i’m facing a black screen when i restart windows.

1 user thanked author for this post.

woody

Reply | Quote

anonymous wrote:

KB4074598

I am gonna guess that the black screen may be due to the fact that the Windows graphics component was updated by this update. Do your Windows event logs show anything? If so, then apparently we have yet another issue with this update.

Reply | Quote

Here are 2 screen shots of what showed up in Windows Update this morning. I am surprised that EVERYTHING is checked. I have downloaded and installed NOTHING from this list, just letting all know what I got this morning. I’m tempted to hide all of them, but, will wait for defcon numbers to change and MAYBE install some.

Dave

 

1 user thanked author for this post.

AJNorth

Reply | Quote

To borrow a phrase, Fascinating, Captain!

Both KB4088881 and KB4099950 — as well as the reappearance of our old friend KB2952664 — appeared on my WIN7 Pro x64 box (yesterday), but were all optional and unchecked (WU set to Check but let me choose…).

Reply | Quote

UPDATE UPDATE UPDATE               KB 4096040

KB 4096040 has been added to AKB2000003 for Group B.

KB 4096040 replaces the March 2018 IE11 Cumulative Update for IE11 (KB 4089187) and fixes the “IE11 doesn’t start after installing KB 4088187” error.

6 users thanked author for this post.

Lori, Cascadian, StruldBrug, AJNorth, JDeC, SueW

Reply | Quote

@PKCano, if KB 4096040 replaces KB 4089187, would it make sense to either delete the March 2018 (IE 11) KB 4089187 line & links (or line through this line & links) on the 200003 Ongoing list page in order to ensure someone doesn’t download and install this original March 2018 (IE 11) update anyway?

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

If people installed the original patch and don’t have a problem, then it probably not necessary that they install the patch with the fix. If they don’t have a problem, I don’t want them to think they have to uninstall.  I bolded the fact that it was a replacement, so anyone installing from now on will know.

The fixes will be included in the April Cumulative Update, out in less than a week.

 

6 users thanked author for this post.

Lori, HiFlyer, Cascadian, SueW, AJNorth, JDeC

Reply | Quote

This message chain has taken a few detours, and many side discussions are being carried on. I’m a Group B updater, who has installed the Security only updates from January and February. I’m considering following Susan’s suggestion to uninstall these Security updates, and then holding off on the March Security Only update until such time as Microsoft gets it right. I have two computers – both Macs running Bootcamp, one of which is 64 bit Windows 7 Pro SP1, the other 32 bit Windows 7 Pro Sp1.

For the sake of clarity, can I please get confirmation before I do the following:

Uninstall KB4056897 (Jan. Security Only)

Uninstall KB4073578 (fix for unbootable AMD computers, which I installed “just in case”)

Uninstall KB4074587 (Feb. Security Only)

Install KB4100480 (the Meltdown/Spectre quick fix to forestall the issues introduced by the Jan. and Feb. Security patches) on my 64 bit machine, only if it is offered in Windows Update.

Install KB4096040 (the updated IE11 Security Patch for March)

And then hide any Rollups, Previews or other unchecked  or optional updates offered by Windows Update. Plan to hold off on installing any MS Security Updates for the foreseeable future, until such time as Woody and Susan deem them safe.

Is this a suitable plan?

Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

1 user thanked author for this post.

Lori

Reply | Quote

If at any time you are offered KB 4099950 checked, go ahead and install it. Otherwise that looks OK.

1 user thanked author for this post.

Lori

Reply | Quote

Thanks to everyone on this site – you’ve all been very helpful.

I writing this post on Monday April 9, in the waning hours before the April Updates are released, in the hope that my experience may help others.

As mentioned above, I have two Windows 7 SP1 Pro machines, both Macs running Bootcamp. One installation, on a 2012 Mac Mini is 64 bit, the other is on a MacBook Pro from 2007, and is 32 bit. The process was the same on both machines.

1. I Uninstalled: KB4074587 (Feb. Security Only), KB4073578 (Jan. fix for AMD processors) and KB4056897 (Jan. Security Only), and re-booted. Following that, I ran GRC’s InSpectre and saw that I was NOT protected, but that performance was “Good”.
2. I ran Windows Update and was only offered KB890830 (March MSRT) as Important and Checked, which I installed. I was also offered KB4099950 (March Fix for the Total Meltdown problems introduced by the Jan. and Feb. Security Updates) as Optional and Unchecked. This got hidden.
3. I then downloaded and installed KB4096040, the revised March patch for IE11, followed by yet another re-boot.

Everything appears to be running smoothly – and the 64 bit machine feels a little snappier.

Just in case they become unavailable, I downloaded the Jan., and Feb. updaters for what was uninstalled, above, as well as KB4088878 (March Security Only), and KB4096040 (the IE11 Security update I installed above, just in case), and stored them in a folder (but didn’t install any of them). I tried to download KB4099959 (the Total Meltdown patch I hid in Windows Update above, but found that DuckDuckGo couldn’t find the page, and when I searched using Google, the page from the Windows Update Catalogue wouldn’t load (blank page instead). If I want to install it, I’ll have to un-hide it in W.U.

So I’m back to where I was at the end of December 2017, more or less – Happy New Year Everyone!

Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

1 user thanked author for this post.

MrBrian

Reply | Quote

KB4099950 isn’t the fix for Total Meltdown.

Reply | Quote

I will admit a touch of jealousy. Two months ago I would have judged you reasonably cautious. One month ago, unreasonably over-cautious. Now you have an enviable condition. Such is the evolution in this changing landscape. When in fact, what has really changed is our new understanding of what we didn’t know before.

I remember Woody’s New Year’s Eve post reminding us of the value in an image dated 31DEC2017. And while I will very likely install KB4100480, as a personal choice, I see rolling back as also very reasonable. There on my shelf is an image that would make me just like amraybt. It will be there if I need it, I suppose.

3 users thanked author for this post.

Elly, HiFlyer, amraybt

Reply | Quote

My Group B strategy has been to wait 2-3 months then catch up with the security-only and latest IE cumulative updates whenever the dust settles (e.g. during a relatively calm month with few or even no widely reported issues). I’m updated through Dec 2017 on both systems, but it feels like MS is really trying to push myself and others to Group W. I’m glad I waited to see how things would go since the mess that began in January.

Group B, like you.

After I became aware of the Total Meltdown flaw that Microsoft introduced with their Meltdown “fixes”, I have restored ALL my systems running Windows 7 x64 back to (or stopped patching beyond) the December 2017 patch level (4 used by me and several others used by family members), using system images prepared before by Acronis True Image.

For me, the decision is simple. If Group B is no longer viable then I will simply stop patching. For now I shall stop patching the Windows 7 systems until I am satisfied that the mess has been resolved. If the mess is not resolved to my satisfaction, then those systems will remain at the December 2017 patch level, effectively becoming Group W. And by stopping patching there is the additional benefit of no performance degradation.

But I can’t stop wondering : How can Microsoft be so incompetent? How can security update(s) supposed to fix security vulnerabilities make our systems even more insecure? Is this another attempt by Microsoft to “persuade” Windows 7 users like us to “upgrade” to Windows 10 by degrading the Windows 7 experience?

Hope for the best. Prepare for the worst.

8 users thanked author for this post.

The Surfing Pensioner, JDeC, grayslady, HiFlyer, amraybt, SueW, Cybertooth, wdburt1

Reply | Quote

Too late. Ran that peculiar gauntlet before I ever met you. 😉

Guess I did word that like an easy set-up, well turned. And I agree with your recap as well. I also think many approaches fit many people. It is the increasing disorder that causes concern. Everything indicates that rolling back by uninstall should go smoothly. But your refreshingly lighthearted description caused a smile. And gave me an opportunity to point out that even if that goes wrong having a year end full image with more recent data files backup can make a very bad day into a much simpler recovery.

That comforting thought is what makes it possible for me to go forward with choices where I really do not know what might happen next.

2 users thanked author for this post.

HiFlyer, amraybt

Reply | Quote