Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Tuesday just hit

    Home Forums AskWoody blog Patch Tuesday just hit

    This topic contains 155 replies, has 33 voices, and was last updated by  glnz 1 month ago.

    • Author
      Posts
    • #101118 Reply

      woody
      Da Boss

      And we get Security Bulletins! https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx I count 18 of ’em…[See the full post at: Patch Tuesday just hit]

      9 users thanked author for this post.
    • #101124 Reply

      anonymous

      The link posted by Woody shows “Exploitation Detected” for CVE-2017-0149 (“Internet Explorer Memory Corruption Vulnerability”) and CVE-2017-0005 (“Windows GDI Elevation of Privilege Vulnerability”).

      • #101153 Reply

        woody
        Da Boss

        Did my edit fix the problem?

        • #101158 Reply

          anonymous

          I meant that Microsoft’s info indicates that those two vulnerabilities have already been exploited.

          1 user thanked author for this post.
    • #101133 Reply

      TweakHound
      AskWoody Lounger

      The INTEL – System driver is back. Are we OK with this or no?

      • #101154 Reply

        woody
        Da Boss

        NO.

        Which driver?

        • #101624 Reply

          AlexN
          AskWoody Lounger

          I posted this a few days ago… checking…

          I do, however, have a *new* version of the INTEL thing, labeled “INTEL – System – 8/19/2016 12:00:00 AM – 10.1.2.80” which was released on March 11th and marked optional.

          Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
          A weatherman that can code

          • This reply was modified 1 month, 1 week ago by  AlexN.
    • #101137 Reply

      anonymous

      So when will the older updates start being incorporated into the rollups?

      Also I saw this. https://blogs.technet.microsoft.com/windowsitpro/2017/03/14/unified-windows-update-history-for-windows-8-1-and-windows-7/

      2 users thanked author for this post.
    • #101138 Reply

      ViperJohn
      AskWoody Lounger

      “March 2017 Security Only Quality Update for Windows 7” is KB4012212

      2 users thanked author for this post.
    • #101140 Reply

      PKCano
      AskWoody MVP

      March Security Only Quality Update for Win8.1 is KB4012213

    • #101141 Reply

      Noel Carboni
      AskWoody MVP

      For Windows 10 “Anniversary”, we are taken to 14393.953…

      ScreenGrab_W10VM_2017_03_14_131620

      ScreenGrab_W10VM_2017_03_14_132011

      ScreenGrab_W10VM_2017_03_14_135517

      So far in very brief testing I’m not seeing any problems with my updated Win 10 test system. It booted back up. The only issue is that the Aero Glass for Win 8+ add-on sensed a compatibility issue, and apparently downloaded symbols from the Microsoft servers to compensate, because it’s working.

      Note that I have not had time to do any substantive tests yet. Those who rely on Win 10 should definitely heed Woody’s MS-DEFCON 2 setting and hold off updating for now.

      -Noel

      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
      • #101627 Reply

        anonymous

        Noel. First, I want to thank u for all ur contributions on the forum. Good thing we have alot of top notch PC gurus. I have wind 10 anniversary 1607 just updated to 14393.953. I’m in group A but awhile back used to follow Woody and not install updates till cleared but, was just too time consuming. Any how looking at ur post on March 14th 2017 @ 12:56 pm on the 3 screenshots u show of Hide Updates, 2nd screenshot about creators update available ” show me ” and the last about a description of win 10 version 14393.953. My question is I don’t see the screenshot u have of the ” Hide Updates ” I remember reading about how to do this I believe not sure but, didn’t do anything with that. Is this why I don’t see this screenshot on my Windows Update Home screen or anywhere else in my Settings screen ? As I am in group A and this ” Hide Update ” things is just if u want to use it in one of the other groups??? Hope u understand my question. Thanks Noel

    • #101148 Reply

      anonymous

      KB2952664 and KB2976978 are back! They are unchanged from the versions released a week ago, but they are probably of status Recommended now instead of Optional.

      • #101150 Reply

        PKCano
        AskWoody MVP

        They are “recommended” CHECKED in the important update list

        • #101155 Reply

          Noel Carboni
          AskWoody MVP

          CHECKED in the important update list

          Not for me on Win 8.1 it wasn’t. I had previously hidden it, and I did not uncheck it before right-clicking…

          ScreenGrab_W81EVM_2017_03_14_131338-1

          It’s now hidden. Again.

          By the way, I had some anomalies on the first bootup of my test Win 8.1 system after installing the other updates (e.g., some odd errors in the System event log, and the firewall didn’t start up right). A second reboot corrected all those it seems.

          -Noel

          Attachments:
          You must be logged in to view attached files.
          1 user thanked author for this post.
        • #101160 Reply

          woody
          Da Boss

          They’ll appear as checked if you have “Give me recommended updates the same way I receive important updates” selected in Windows Update.

          2 users thanked author for this post.
          • #101181 Reply

            Noel Carboni
            AskWoody MVP

            I’m glad one of us remembers all those intertwined dependencies. 🙂

            -Noel

        • #101184 Reply

          zero2dash
          AskWoody Lounger

          Yeah, mine has 2952664, unhidden (no surprise), under Optional with the other 69 things listed there that I won’t install.
          2 important updates, the March rollup and the March MSRT, which will both sit there in limbo until I install them in 2 weeks (or more).

          The last few times I installed the Security Only update, the same month’s Rollup still appeared in WU, despite the Rollup’s previous fixes also being installed. I wonder if they’ve fixed that (probably not). You would think if the Rollup consists of Update A and Update B, and you installed Update A a month ago and are now installing Update B, that the Rollup would not appear. Then again, this is Microsoft we’re talking about.

    • #101164 Reply

      anonymous

      Cumulative Security Update for Internet Explorer 9, 10, 11
      http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012204

    • #101175 Reply

      anonymous

      Important for Woody’s Group B: The Microsoft Catalog download link listed in “MS17-006: Security update for Internet Explorer: March 14, 2017” (https://support.microsoft.com/en-us/help/4012204/ms17-006-security-update-for-internet-explorer-march-14-2017) is http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb3218362 but the cumulative Internet Explorer update is actually at http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4012204.

      Reminder: From https://blogs.technet.microsoft.com/windowsitpro/2017/01/13/simplified-servicing-for-windows-7-and-windows-8-1-the-latest-improvements/:

      “Starting with February 2017, the Security Only update will not include updates for Internet Explorer, and the Internet Explorer update will again be available as a separate update for the operating systems listed above.”

      8 users thanked author for this post.
      • #101180 Reply

        anonymous

        From “MS17-006: Description of the security update for Internet Messaging API on Windows Vista and Windows Server 2008 R2: March 14, 2017” (https://support.microsoft.com/en-us/help/3218362/ms17-006-description-of-the-security-update-for-internet-messaging-api):

        “If you are running Windows Vista or Windows Server 2008, install this security update (3218362) in addition to security update 4012204, in order to be fully protective from this vulnerability.”

        1 user thanked author for this post.
      • #101186 Reply

        Microfix
        AskWoody Lounger

        Important for Woody’s Group B: “Starting with February 2017, the Security Only update will not include updates for Internet Explorer, and the Internet Explorer update will again be available as a separate update for the operating systems listed above.”

        Thanks for the reminder, it’s easy to forget amoungst the confusion 🙂

        | x64 Group B: W7 Pro & W8.1 Pro | | x64 Group W: 3 x Linux Hybrids |
          No problem can be solved from the same level of consciousness that created IT - AE
    • #101179 Reply

      Microfix
      AskWoody Lounger

      Wow, nice comprehesive list of patches to put on standby!

      Thanks to all who put this list up so quick on AskWoody.com 🙂

      | x64 Group B: W7 Pro & W8.1 Pro | | x64 Group W: 3 x Linux Hybrids |
        No problem can be solved from the same level of consciousness that created IT - AE
    • #101185 Reply

      anonymous

      Is there a way to tell what non-security “fixes” are embedded in the Security Quality Monthly Rollup for Windows 7?  And what (if anything) will prevent an update like KB2952664 from being embedded in one of those in the future, instead of being displayed separately as it is upon its umpteenth return this month?

      (I apologize in advance if such issues have already been addressed; I haven’t been following developments all the closely.)

      • #101191 Reply

        PKCano
        AskWoody MVP

        Information on the Security-Only UPDATES and the Security Monthly Quality ROLLUPS (Security + non-security) is on the Win7 History page

        https://support.microsoft.com/en-us/help/22801/windows-7-sp1-and-windows-server-2008-r2-sp1-update-history

        And on the Software Update Services page

        https://support.microsoft.com/en-us/help/894199/description-of-software-update-services-and-windows-server-update-services-changes-in-content-for-2017

        1 user thanked author for this post.
        • #101195 Reply

          anonymous

          Unfortunately the “update history” pages sometimes don’t list all of the non-security changes made. Example: On that list under KB3172605 the Windows Update client improvements aren’t listed.

          • #101299 Reply

            radosuaf
            AskWoody Lounger

            Look at wording – it says “Key changes include:”. So, if MS believes adding telemetry is not a “key change”, it won’t be listed.

            MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit
            • This reply was modified 1 month, 2 weeks ago by  radosuaf.
          • #102271 Reply

            abbodi86
            AskWoody MVP

            Because these WU improvements were not introduced in KB3172605 itself, they are part of KB3161608, which got replaced by KB3172605
            https://support.microsoft.com/en-us/help/3161608

            rest assure that every “telemetry” change will be documented

            1 user thanked author for this post.
        • #101996 Reply

          walker
          AskWoody Lounger

          @pkcano:

          Since I’ve gotten behind with everything I would appreciate it very much if you could verify the following as being “CORRECT”?   Is this the one for Win 7 x64 GROUP B, the SECURITY Only?

          Win7 Security Only x64

          http://download.windowsupdate.<wbr />com/d/msdownload/update/softwa<wbr />re/secu/2017/02/windows6.1-<wbr />kb4012212-x64_2decefaa02e2058d<wbr />cd965702509a992d8c4e92b3.msu

          And is the following link correct for  Win7 x64, Group B, for the IE 11, update?

          Win7 x64

          http://download.windowsupdate.<wbr />com/c/msdownload/update/softwa<wbr />re/secu/2017/03/ie11-windows6.<wbr />1-kb4012204-x64_aae120b92b5160<wbr />44b82e6462288521e8974f8e2e.msu

          The final question which I must have missed “somewhere” is:

          Is it “safe” to download these now, or is it recommended to WAIT until the Defcon level is raised to SAFE?   Also I do not know exactly what “stand-alone” means.  (A REAL “dummy I am).

          Thank you so much for all of the outstanding work you have done and for contributing tremendously to this site.       🙂   🙂   🙂

           

           

           

          • #101999 Reply

            PKCano
            AskWoody MVP

            The time to download and install the updates is when Woody’s MS-DEFCON number is 3 or greater. So WAIT.
            For further reference check AKB2000003 – I am keeping the links there up to date.
            https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/#post-98061

            But to answer your questions:
            Yes, those two links are correct for Group B. “Win 7 Security Only x64” is Security Only Quality UPDATE for Windows 7 and “Win 7 x64” under IE is the security only patch for IE11.

            Also I do not know exactly what “stand-alone” means.

            This means the patch is not delivered through Windows Update, but must be downloaded fromt he Microsoft Update Catalog and installed manually. To do this:
            1. Download the file
            2. Go to Control Panel\Administrative Tools\Services. Scroll down and highlight Windows Update Service. At the top left click on “Stop” to stop the service.
            3. Double click on the downloaded file.
            4. After installation finishes, reboot the computer, log back in, and wait 10 minutes before doing anything else.

            If you have any questions, come back here and get help.

            • This reply was modified 1 month, 1 week ago by  PKCano.
            • This reply was modified 1 month, 1 week ago by  PKCano.
            2 users thanked author for this post.
            • #102033 Reply

              walker
              AskWoody Lounger

              PKCano:    Thank you so very, very much for your clear and concise answers to my questions.    Your knowledge is outstanding, and I sincerely appreciate you taking the time to reply to my questions.    You have really “made my day”!!  It’s wonderful that you so willingly share  your expertise.   It is appreciated more than words can express.    Thank you once again!   🙂   🙂  🙂

      • #101193 Reply

        woody
        Da Boss

        As far as I know, there isn’t, never has been, and never will be a definitive list of all of the non-security changes in the Monthly Rollup. Here’s the KB article for this month’s 8.1 Monthly Rollup: https://support.microsoft.com/en-us/help/4012216/march-2017-security-monthly-quality-rollup-for-windows-8-1-and-windows-server-2012-r2

        It has a full list of security bulletins (which surprises me!) and nothing more.

    • #101188 Reply

      EP
      AskWoody Lounger

      hey woody.

      New “magic” win32k.sys updates for Windows Vista SP2 to speed up Windows Update scans on Vista: KB4012497. Replaces KB3204723 & previous win32k.sys fixes.

      And Microsoft is STILL publishing new MS security bulletins like they did with MS17-005 and earlier.

      1 user thanked author for this post.
      • #101194 Reply

        woody
        Da Boss

        Interesting. Wonder if we’ll see an update in wu.krelay.de ‘s list?

        And the Security Bulletins – very strange given their send-off in January.

      • #101285 Reply

        Pim
        AskWoody Lounger

        Are you sure that KB4012497 replaces KB320472? MS17-018 states “None” in the column Updates replaced.

        • #101303 Reply

          ch100
          AskWoody MVP

          It is about Vista if you read @ep‘s post and it specifically relates to the speed-up functionality.
          @ep is one of the few people who keep Vista alive, while almost everyone else prefers to think that Vista does no longer exist.

          • #101309 Reply

            Pim
            AskWoody Lounger

            Thanks. I know it is for Vista as I am trying to update a Vista machine and want to have a speedier update process. In the past whenever a “magic update” replaced an earlier one, it was always indicated in the Security Bulletin. Because this time it states “None” in the “Updates replaced” column, I am wondering how EP knows KB4012497 replaces KB320472.

            • #101312 Reply

              PKCano
              AskWoody MVP

              From here https://support.microsoft.com/en-us/help/894199/description-of-software-update-services-and-windows-server-update-services-changes-in-content-for-2017

              MS17-018: Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded (KB4012497)

              Locale: All
              Deployment: Important/Automatic Updates, WSUS, and Catalog
              Classification: Security Updates
              Security severity rating: Critical
              Supersedes: MS16-151 (KB3204723) on Windows Server 2008, Windows Vista, and Windows XP Embedded
              Target platforms: Windows Server 2008, Windows Vista, and Windows XP Embedded

              2 users thanked author for this post.
            • #101350 Reply

              Pim
              AskWoody Lounger

              Thanks. Apparently MS17-018 should be corrected.

              (My apologies for the double post, I assumed I was logged in but I wasn’t. Therefore my original response was Anonymous. That one may be deleted if an MVP reads this and can do that).

            • #101499 Reply

              walker
              AskWoody Lounger

              @pkcano:

              This is enough to make me even dizzier than I already am.   I missed a lot being away from the computer for a while, so now I’m REALLY getting confused.    Guess I’ll just have to try to do my best.

              Win7 x64:  Group B.

              I hope there will be explicit instructions on  “checking for updates” and WHEN THE TIME COMES (Defcon Level SAFE)  know which ones to install.  Thank you for all of the detailed guidance – – – You provide a lot of very important information to us all!    🙂   🙂   🙂

    • #101189 Reply

      anonymous

      Microsoft Security Advisory 3123479 (“SHA-1 Hashing Algorithm for Microsoft Root Certificate Program”) (https://technet.microsoft.com/en-us/library/security/3123479.aspx) was revised on March 14, 2017.

      1 user thanked author for this post.
    • #101197 Reply

      ViperJohn
      AskWoody Lounger

      Is there a way to tell what non-security “fixes” are embedded in the Security Quality Monthly Rollup for Windows 7? And what (if anything) will prevent an update like KB2952664 from being embedded in one of those in the future, instead of being displayed separately as it is upon its umpteenth return this month? (I apologize in advance if such issues have already been addressed; I haven’t been following developments all the closely.)

      They are all inclusive rollups so the chance of KB2952664 being included is probably 99.99%.

       

      • #101304 Reply

        ch100
        AskWoody MVP

        They are all inclusive rollups so the chance of KB2952664 being included is probably 99.99%.

        This is non-sense and “fake news”.

        Like Jim Morrison would say, “I think its a bunch of bulls**t myself”

        2 users thanked author for this post.
        • #102006 Reply

          Microfix
          AskWoody Lounger

          And I thought this was about Windows, not The Doors 🙂

          | x64 Group B: W7 Pro & W8.1 Pro | | x64 Group W: 3 x Linux Hybrids |
            No problem can be solved from the same level of consciousness that created IT - AE
    • #101198 Reply

      samak
      AskWoody Lounger

      I notice the Flash Player update “resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.”

      No mention of Windows 7. Does this mean Windows 7 is more secure and therefore doesn’t need to be patched, or that they haven’t been able to fix the vulnerability in Windows 7?

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      • #101199 Reply

        PKCano
        AskWoody MVP

        Flash Player is incorporated into IE11 in Win8.1 and the updates come from Microsoft.

        For IE11 in Win7, you need to download the Flash Player updates from Adobe.com

        3 users thanked author for this post.
      • #101200 Reply

        Microfix
        AskWoody Lounger

        Adobe Flash wasn’t baked into Windows 7 it was a third party addition hence no patch from MS.

        [edit] you just beat me to it PKCano

        | x64 Group B: W7 Pro & W8.1 Pro | | x64 Group W: 3 x Linux Hybrids |
          No problem can be solved from the same level of consciousness that created IT - AE
        • This reply was modified 1 month, 2 weeks ago by  Microfix.
        2 users thanked author for this post.
    • #101202 Reply

      samak
      AskWoody Lounger

      Ah! That makes sense. Thanks PKCano and Microfix.

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

    • #101204 Reply

      JNP
      AskWoody Lounger

      For those running Windows XP, in LTSB mode, there exist a number of security updates this month as well.

    • #101212 Reply

      Pepsiboy
      AskWoody Lounger

      And we get Security Bulletins! https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx I count 18 of ’em…[See the full post at: Patch Tuesday just hit]

      Woody,

      Thanks for the comprehensive list and the big heads up ! ! I’m sure everyone appreciates all the hard work you do to help keep our computers safe.

      Dave

      1 user thanked author for this post.
    • #101229 Reply

      anonymous

      Thank you PKCano for the direct links.

      Just to confirm. All the SECURITY ONLY links show they come from *2017/02* folders (..msdownload/update/software/secu/2017/02/..) instead of the *2017/03* folders the cumulative update links come from. That is correct even though they are the March patches?

      Also, the IE 11 links are listed as “Direct links for the IE 11 CUMULATIVE security patches:” but those are the SECURITY ONLY patches and not the MONTHLY ROLLUP ones right? Or are IE patches also cumulative for the SECURITY ONLY unlike the Windows ones?

      • #101232 Reply

        PKCano
        AskWoody MVP

        KB4012212 (Win7)
        32-bit or 64-bit

        Yes, the 2017/02 folder (unless MS has it wrong on their site). Maybe held over from the non-existent Feb?

        The IE security updates are included in the Security Monthly Quality ROLLUP. But if you are in Group B, they are NOT included in the Security Only Quality UPDATE so you have to download them separately. Group B has two updates from the Catalog as of March.

        4 users thanked author for this post.
    • #101247 Reply

      dononline
      AskWoody Lounger

      “5 patches for Office 2010 (all security)” — Woody, I’m seeing only 3 patches for Office 2010 (all security): KB3178687, KB3178688 and KB3178690 on my WIN 10 1607 computers.

      • This reply was modified 1 month, 2 weeks ago by  dononline.
      • This reply was modified 1 month, 2 weeks ago by  dononline.
    • #101250 Reply

      anonymous

      I am the anonymous poster for Intel Corporation – Display- 11/10/16 12:00:00 AM – 20.19.15.4549.  I am not computer savvy.

      Windows 10 Home ver. 1607 HP pavilion desktop Intel(R) HD Graphics 5500, 2.2gHz 5th generation Intel Core i3-5020U Dual Core processor (Broadwell)

      I hid all I received.  And, I will wait until Woody calls all clear to install, but I have questions on a couple listed below.

      I received the Windows 10 updates Woody mentions, I also received the driver update, again – Intel Corporation – Display- 11/10/16 12:00:00 AM – 20.19.15.4549.  So, if I need it for the next version of Windows 10, I certainly won’t install until until I know that for certain, hopefully from this site.

      After a hiatus of a few months, SilverLight appeared, again.  I do not have nor want  SilverLight installed, so I will always hide this as I have done many times.

      I also got this smorgasbord :

      KB2687440 – MS office update Infopath (I didn’t know I have Infopath, but I did find it in a search).  Do I have to, or should, I install it for a safety factor if I don’t consciously use this?  I may be using it, but I don’t know if I do.

      3 MS Office 2007  Security updates, 1 Excel 2007, 1 Word 2007 and  2 MS Office Compatibility Service pack 3.

      This was topped off by a Broadcom–Net-1/28/16 12:00:00 AM 7.35.344.0  Should I install this update if WiFi is working fine?  (seems as if it should have been installed already in my February 2016 computer purchase–I did have the wonderful (tongue in cheek) install done by the Staples guy (who even though was told to install 64 bit programs for stuff like Firefox, did them all with 32 bit–yes, I fixed those issues).

      Thanks for all the help!

    • #101255 Reply

      ch100
      AskWoody MVP

      The big rollups promised starting with March 2017 including older patches for windows 7 / 2008 R2 and Windows 8.1 / 2012 R2 have not been released today.
      Why? Will everything be delayed for one month because of the February 2017 glitch?
      https://blogs.technet.microsoft.com/windowsitpro/2016/10/07/more-on-windows-7-and-windows-8-1-servicing-changes/

      1 user thanked author for this post.
    • #101301 Reply

      anonymous

      Could someone clarify please? Security Only Quality is not Security Only? If you haven’t patched IE since the new updating system, can you install the IE kb? What number kb is it?

    • #101310 Reply

      anonymous

      Have not had updates for office 2007 (enterprise edition) for some time.  Are these suitable for windows 7 or are they only for 10.   Should I update from the catalogue.  Thank you in advance.

      Glenda Hewitt

      • #101316 Reply

        PKCano
        AskWoody MVP

        MS Office is not the same as Windows.

        Office 2007 is compatible with Windows 7/8.1/10. Office 2007 reaches end-of-life on 4/11/2017 – that means that after that date there will be no more patches. You should update it with all the currently available patches.

        Keep in mind that there have been few patches released for anything in Jan or Feb this year. Patches should be available on Microsoft Update (Windows Update – give me updates for other MS products). If they are not, then information for those available is here

        https://blogs.technet.microsoft.com/office_sustained_engineering/tag/office/

      • #101386 Reply

        radosuaf
        AskWoody Lounger

        6 updates for Office 2007 today:

        MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit
    • #101315 Reply

      radosuaf
      AskWoody Lounger

      Have not had updates for office 2007 (enterprise edition) for some time. Are these suitable for windows 7 or are they only for 10. Should I update from the catalogue. Thank you in advance. Glenda Hewitt

      I have Office 2007 Enterprise myself on W8.1. Will let you know later today, when I check it at home.

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit
    • #101326 Reply

      twbartender
      AskWoody Lounger

      Being a member of group B, I’m a little confused about which IE update I should be installing on my Win7 x64 system, with IE11.

      According to the Microsoft Security Bulletin MS17-006 article found here,  https://technet.microsoft.com/library/security/MS17-006  it indicates that KB4012204 is for, “Windows 7 for x64-based Systems Service Pack 1 Security Only” and KB4012215 is for, “Windows 7 for x64-based Systems Service Pack 1 Monthly Rollup”.

      The thing is, if you go to the catalog for KB4012204, it indicates that the download is a, “<u>Cumulative</u> Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems”. The KB4012215 catalog entry indicates the download is the, “March, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems”.

      Based on the titles of each of the two downloads, it would seem to contradict what the Microsoft Security Bulletin MS17-006 description indicates.

      What’s even more confusing is, the size of  KB4012215 is 145.5 MB and the size of KB4012204 which is supposedly the cumulative update is only 51.7 MB…

      That being said, which of the 2 updates should I be installing if I’m in group B?

      • #101328 Reply

        PKCano
        AskWoody MVP

        KB4012215 is the Security Monthly Quality ROLLUP for Windows 7. This is for Group A. This ROLLUP contains the Cumulative Rollup for IE11 as well as Windows.

        KB4012212 is the Security Only Quality UPDATE for Windows 7. It does NOT include the update for IE11. This is for Group B. Since the IE11 update is not included in this patch, Group B now has to download a second update to cover Internet Explorer 11.

        KB4012204 is the Cumulative Security Rollup for IE11. This is for Group B.

        From now on, Group B will need to download TWO updates from the Catalog to stay patched

        6 users thanked author for this post.
        • #101336 Reply

          twbartender
          AskWoody Lounger

          PKCano,

          Thanks for the clarification it’s much appreciated.

      • #101334 Reply

        anonymous

        4012215 is the full monthly rollup, which includes the IE patch, for group A. 4012204 is the separate IE patch, for those installing 4012212, which is the security-only patch and does not include the IE one.

        • #101341 Reply

          anonymous

          Meep, ninja’d, and much more thoroughly too.

          But on that note, no file hash info for 4012204, is there? (The SHA256, I mean, since the SHA1 is in the file name too.) For the security only rollup it’s there, for this it isn’t.

          • #101343 Reply

            PKCano
            AskWoody MVP

            I’m going to guess Microsoft has to change the name of an inordinate number of files. Maybe this one was created before the SHA1 to SHA256 transitions and they just haven’t gotten around to it yet. 😉  😉

    • #101339 Reply

      liamZ
      AskWoody Lounger

      After installing the 3 updates without problems, my W10x64 is now downloading KB3176936, old service stack again for installing.
      Anyone with the same problem?

    • #101360 Reply

      anonymous

      I have a question for you Woody. It concerns Trusted Installer that is invoked by Windows to install the updates. I ask because I remember reading a comment on another thread made by one of your MVPs who suggested we give Trusted Installer time to do its thing. I took that as I should not interrupt it or bad things might happen. How would I know how long to wait?

      In the past I let Windows Update take care of the installation and install of all the updates that were pre-selected by Microsoft. Having chosen Group B, I am now no longer depending on Windows Update to do this, as the ones I want come from the MS catalog.

      This month I have the IE cumulative update and the security only update to install. How long should I wait between the first install finishing and starting the second?

      • #101366 Reply

        PKCano
        AskWoody MVP

        If you manually install an update that requires a boot, you should go ahead and reboot the computer after the installation. After the reboot and login, rule of thumb is wait 10 minutes before proceeding to allow Trusted Installer to finish it’s work. But one way to gauge this is to open Task Manager and watch the CPU usage. Wait until it drops below 7-10% and stays there.

        3 users thanked author for this post.
      • #101377 Reply

        abbodi86
        AskWoody MVP

        You can install them both before restarting

        i.e. install security only, when it prompt to restart, close
        then install IE cumulative, when it prompt to restart, restart

        5 users thanked author for this post.
        • #101458 Reply

          ch100
          AskWoody MVP

          Please see @abbodi86 post in context, only for the updates which are mentioned here in the post.
          This should not be seen as generic advice as different updates may behave differently.

          3 users thanked author for this post.
      • #101391 Reply

        PKCano
        AskWoody MVP

        @abbodi86 has much more insight than I do. Take his advice on this.

      • #101372 Reply

        anonymous

        From https://en.wikipedia.org/wiki/Transactional_NTFS:

        “Transactional NTFS (abbreviated TxF[1]) is a component introduced in Windows Vista and present in later versions of the Microsoft Windows operating system that brings the concept of atomic transactions to the NTFS file system, allowing Windows application developers to write file-output routines that are guaranteed to either succeed completely or to fail completely.[2] Transactional NTFS is also known informally as NTFS 6.0, because it was introduced with Windows Vista, which has internal Windows version designation NT 6.0.

        Major operating system components, including System Restore, Task Scheduler, and Windows Update, rely on TxF for stability.”

        “Hasn’t the problem of updates being partially installed until the next reboot already been solved by changes in Windows?” – https://blogs.msdn.microsoft.com/oldnewthing/20151211-00/?p=92501.

      • #101448 Reply

        ch100
        AskWoody MVP

        Normally TrustedInstaller continues where it was left.
        However, if Windows update is configured on Never check for updates, there is a good chance that TrustedInstaller (and TiWorker which is an associated process in Windows 8 and Windows 10, not Windows 7) never completes its task, until the next scan which may take much longer that normal due to this configuration.
        The other post mentioned was probably asking for the computer not to be restarted following any update, until TrustedInstaller becomes quiet.
        This is monitored with Task Manager.
        I think for regular users, the original recommendation from Woody for most users to select Check for updates but do not download has merit as it allows TrustedInstaller to do its work in the background. Users who are fully patched until the last month (Group A) should never have any issues with slow scans.
        I personally prefer the Download but do not install configuration, but this has downsides as it may install at shutdown if the user does not fully understand its behaviour.

        • This reply was modified 1 month, 2 weeks ago by  ch100.
        1 user thanked author for this post.
    • #101413 Reply

      Jim
      AskWoody Lounger

      Did I not get the memo that said my XXX@live.com email (outlook) was going to be killed?  As of today 3/15 it says “last updated 4 days ago”.   I use Win  version 1607.

    • #101415 Reply

      JohnW
      AskWoody Lounger

      Microsoft Silverlight KB4013867 appeared in my update list.  I do not want, or have Silverlight installed here.  Hidden.

      I am on Windows 10 Pro 1607 “Anniversary”.

      I looked in “Programs and Features”, also ran a registry search, and a file search to see if I had a hidden Silverlight install.  Nada.

      Weird!!!

      Security Update for Microsoft Silverlight (KB4013867) https://www.microsoft.com/en-us/download/details.aspx?id=54857

      • #101461 Reply

        ch100
        AskWoody MVP

        Microsoft Silverlight KB4013867 appeared in my update list.

        You have the check box to check for updates from Microsoft Update selected.
        If you have Office installed, you need that check box selected, but unfortunately this comes with Silverlight as another Microsoft product.
        Does it force you to install Silverlight?

        • #101511 Reply

          anonymous

          I’m another anonymous who 1st mentioned they got Silverlight.  I’ve hidden it on my win 10 1607 about 4 times now since a year ago February.  I don’t have Silverlight, and don’t want it.  I think MS is just trying to force it down our throats like so many other things.  I think they push it more before version updates.  I have not been forced to install it yet–I just hide it.

          • #101519 Reply

            BobbyB
            AskWoody Lounger

            Yeah on Win7x86/64 Silverlight showed up here as well and as I dont use it, it either sits there or is hidden. If any of you dont want Silverlight (and I dont) and your contemplating a clean install in the future. You should be aware that youll get offered it about 13-14 times according to the versions out there. Its a pain on a new setup and it takes up room on an older smaller machine.

            • This reply was modified 1 month, 2 weeks ago by  BobbyB. Reason: details
          • #101528 Reply

            dononline
            AskWoody Lounger

            Same here.

    • #101432 Reply

      Noel Carboni
      AskWoody MVP

      Some of my early testing feedback, after having applied the March updates (group A style with a few exceptions) to Windows 7 x64 Ultimate, Windows 8.1 x64 Enterprise, and Windows 10 x64 Pro VMs:

      Windows 7:

      • The updates went in smoothly and quickly.
      • SFC /VERIFYONLY passed.
      • Brief tests of system functionality are all good. No problems found so far.

      Windows 8.1:

      • The updates went in smoothly and quickly.
      • After the first reboot I saw an error message in the System event log implying the user registry was found corrupted and recovered. I also saw two other messages implying something went wrong with enabling event publisher “Microsoft-Windows-Kernel-ShimEngine/Operational”.
      • I found my Sphinx Windows Firewall Control driver had not started.
      • After a second reboot, all seems well, no errors were logged, and the firewall software was performing nominally. Based on this experience I suggest rebooting twice after the updates go in.
      • SFC /VERIFYONLY passed.
      • Development operations I typically do (e.g., builds with Visual Studio) seem to be functioning nominally.

      Windows 10:

      • A check for updates with the WUShowHide tool went smoothly and quickly.
      • The update installation with the Settings App went smoothly and quickly.
      • After reboot, Aero Glass for Win 8+ reported an incompatibility error and inability to find debug symbols for the new modules, but works okay anyway.
      • SFC /VERIFYONLY passed.
      • The Sphinx firewall software is performing nominally.
      • Development operations I typically do (e.g., builds with Visual Studio) seem to be functioning nominally.
      • O&O ShutUp10 did not show any privacy settings reverted.

      -Noel

      5 users thanked author for this post.
      • #101542 Reply

        PhotM
        AskWoody Lounger

        Hey Noel,

        I was just curious about a couple of your procedures. Of course we have our own way of doing things. SFC, why only Verify? and why no DISM /RestoreHealth? 😀

        W 8.1 Pro Test partition. All WU updates presented installed. All OKAY so far.
        SFC /Scannow clean.
        DISM /RestoreHealth on last released ESD W 8.1.3 Pro Clean
        DISM /RestoreHealth on current MS Servers clean.
        DISM Component Cleanup Clean.

        W 10.0 1607 RR partition RTM CU and other Updates presented on WU Installed. All OKAY so far.
        SFC /Scannow Clean.
        DISM /RestoreHealth on CBB Released ESD Clean
        DISM /RestoreHealth on current MS Servers clean
        DISM component Cleanup Clean.

        W 10.0 1703 RS2 IP Build 15058
        Full ESD > ISO Created
        UUP > Delta ISO Created

        Delta ISO Install Pending but soon.

        ----------------------------------------

        1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

        SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

        CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
        Graphics Radeon 6880, Neither Over Clocked

        2xMonitors Asus DVI, Sony 55" UHD TV HDMI

        1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
        1xOS W8.1 Pro, NAS Dependent, Same Sony above.

        -----------------

        Best Regards,

        Crysta

        1 user thanked author for this post.
        • #101555 Reply

          Noel Carboni
          AskWoody MVP

          SFC, why only Verify? and why no DISM /RestoreHealth?

          I always like to know whether something’s wrong before giving a command that will try to correct problems.

          If it passes SFC /VERIFYONLY why do more?

          I have used the others in the past when I’ve detected problems. In this case there were none.

          -Noel

          1 user thanked author for this post.
          • #101560 Reply

            PhotM
            AskWoody Lounger

            Noel, 😀

            Are you saying I am throwing caution to the wind? 😆 hehehe

            Seriously, I have been doing it this way for years. The reason is I don’t want to take 2-3 times longer then necessary. If there is something wrong, I want it fixed. I also believe, especially earlier SFC, was more thorough in Scannow then in Verifyonly. That maybe different now, I am not sure. I simple applied this to RestoreHealth. Also SFC can come out clean but DISM may not.

            Anyway I was just curious and not trying rearrange your thinking…..

            ----------------------------------------

            1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

            SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

            CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
            Graphics Radeon 6880, Neither Over Clocked

            2xMonitors Asus DVI, Sony 55" UHD TV HDMI

            1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
            1xOS W8.1 Pro, NAS Dependent, Same Sony above.

            -----------------

            Best Regards,

            Crysta

            • #101569 Reply

              Noel Carboni
              AskWoody MVP

              You make a very good point about using a more thorough check, such as…

              DISM /Online /Cleanup-Image /ScanHealth
              -or-
              DISM /Online /Cleanup-Image /CheckHealth

              Do you know whether /ScanHealth encompasses all of what /CheckHealth shows? Or are both required, in order?

              -Noel

          • #101572 Reply

            PhotM
            AskWoody Lounger

            Noel,

            If I knew at one time, I don’t remember now. I just never use them, sorry. I can’t imagine that they are the same. To what degree difference, I just can’t say….

            ----------------------------------------

            1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

            SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

            CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
            Graphics Radeon 6880, Neither Over Clocked

            2xMonitors Asus DVI, Sony 55" UHD TV HDMI

            1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
            1xOS W8.1 Pro, NAS Dependent, Same Sony above.

            -----------------

            Best Regards,

            Crysta

            1 user thanked author for this post.
            • #101574 Reply

              Noel Carboni
              AskWoody MVP

              Just a guess, but it looks from the output like /ScanHealth is a superset of /CheckHealth. The former took minutes to run, while the latter put out its result immediately.

              ScreenGrab_W10VM_2017_03_16_001444

              -Noel

              Attachments:
              You must be logged in to view attached files.
            • #101583 Reply

              ch100
              AskWoody MVP

              The most useful ones

              dism.exe /online /Cleanup-Image /AnalyzeComponentStore
              dism.exe /online /Cleanup-Image /StartComponentCleanup

              dism.exe /online /Cleanup-Image {/CheckHealth | /ScanHealth | /RestoreHealth}

              1 user thanked author for this post.
            • #101587 Reply

              PhotM
              AskWoody Lounger

              You got that Right CH100,

              I can’t live without any of them!!!

              ----------------------------------------

              1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

              SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

              CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
              Graphics Radeon 6880, Neither Over Clocked

              2xMonitors Asus DVI, Sony 55" UHD TV HDMI

              1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
              1xOS W8.1 Pro, NAS Dependent, Same Sony above.

              -----------------

              Best Regards,

              Crysta

              1 user thanked author for this post.
        • #101588 Reply

          PhotM
          AskWoody Lounger

          I am on my Delta ISO Upgrade to Build 15058.0 it appears health so far. It was as fast as a Full ISO or maybe a bit faster. It wasn’t that noticeable. Full ISO is between 15 to 20 minutes.

          Have not run DISM of SFC yet though.

          A very special Thank You to “abbodi86” for supporting his convertion software!!!! CUDOS!!!
          I send somebody over here to get your software link as well and he said it worked great and was up and running in no time.

          ----------------------------------------

          1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

          SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

          CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
          Graphics Radeon 6880, Neither Over Clocked

          2xMonitors Asus DVI, Sony 55" UHD TV HDMI

          1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
          1xOS W8.1 Pro, NAS Dependent, Same Sony above.

          -----------------

          Best Regards,

          Crysta

    • #101512 Reply

      anonymous

      I just installed all the March Window Updates on my Exchange 2016 Edge server on Windows Server 2016 and the Exchange Transport won’t start:

       

      Microsoft Exchange couldn’t initialize the Content Filter agent because ExSMime.dll couldn’t be initialized.

       

      Failed to create agent factory for the agent ‘Content Filter Agent’ with error ‘Failed to create type ‘Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll’ due to error ‘Exception from HRESULT: 0xC0630005′.’. Please verify the corresponding transport agent assembly and dependencies with correct version are installed.

       

       

      1 user thanked author for this post.
      • #101527 Reply

        ch100
        AskWoody MVP

        Which version of Windows Server? 2012R2 maybe?

        • #101593 Reply

          anonymous

          Windows Server 2016Datacenter

          1 user thanked author for this post.
          • #101632 Reply

            ch100
            AskWoody MVP

            This is interesting because what you report is actually Exchange components being blocked by an update for Windows and not an update made to Exchange.
            I am wondering what incompatibilities may be there.
            Exchange 2013/2016 are entirely built on .NET Framework 4.5.x and there were known issues with .NET Framework 4.6.x, at least until recently.
            This is the reason why I asked about the OS, but I noticed that you mentioned that the OS is Windows Server 2016.
            Windows Server 2012 R2 comes by default with 4.5.1 if I remember well, while Windows Server 2016 comes with .NET Framework 4.6.x

            • #101655 Reply

              anonymous

              So I restored my Exchange server from backups and ran the updates again and after the reboot the Exchange Transport service still don’t start so I’m a bit stuck. The Google Foo I did didn’t help…

    • #101517 Reply

      Seff
      AskWoody Lounger

      I haven’t been offered any Office 2010 updates yet on my Win7 machine with Office 2010 installed. Both my Win7 machines have Silverlight long since uninstalled but received an update for it (KB4013867). It’s hidden on both machines, along with our dear friend KB2952664.

      The standard monthly roll-up KB4012215 caught someone on Windows 7 Help forum with a catastrophic boot error:-

      https://www.sevenforums.com/news/405958-patch-tuesday-march-2017-a-2.html

      1 user thanked author for this post.
    • #101597 Reply

      Pepsiboy
      AskWoody Lounger

      And we get Security Bulletins! https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx I count 18 of ’em…[See the full post at: Patch Tuesday just hit]

      Woody,

      As of this morning, I am showing 12 of them. Included is one for Silverlight. I don’t even have Silverlight installed on this machine. I guess it is just something else MS is trying to shove down my throat, AGAIN.

      The way things are going, I probably will only install  or 4 of them and HIDE the rest. After the all clear is given, of course. Thanks, again for the comprehensive list.

      Dave

    • #101600 Reply

      anonymous

      Hello,

      Yesterday on one of my pc after patch kb4012212 the file wow64win.dll

      dated 09/02/2017  was  zero  kb instead of  362.496 kb .

      I had to disinstall the patch !

    • #101604 Reply

      Sailor
      AskWoody Lounger

      Windows 10: March 15th 2017 Update KB3150513 for Windows 10 Version 1607

      https://www.catalog.update.microsoft.com/Search.aspx?q=KB3150513

      1 user thanked author for this post.
      • #101619 Reply

        PKCano
        AskWoody MVP

        This is being offered on all versions of Windows. It is a compatibility definition update. A new release for Win10, but Win7 and Win8.1 are seeing the earlier version appear if they installed KB2952664 (Win7) or KB2976978 (Win8.1) with the recent updates. The latter are prerequisites. It is also showing up in Win10.

        It appears as an additional update after WU install and reboot

        4 users thanked author for this post.
        • #101622 Reply

          Sailor
          AskWoody Lounger

          Thank you!

        • #101623 Reply

          ch100
          AskWoody MVP

          I think this is a late release, at least for Windows 10 1607.
          It was not released in the original batch of files for Patch Tuesday March 2017.
          Other versions were released in the past for Windows 10 1511.
          To me, without having the full details, it indicates that the functionality from KB2952664 in Windows 7 is built-in at least in Windows 10 1511 and 1607. Otherwise we wouldn’t see KB3150513 being on offer for those versions of Windows 10.
          There was no KB3150513 release for Windows 10 1507.

          It makes me wonder if we should revise the advise for Windows 7 Group A model of patching in relation to KB2952664/KB3150513 in the sense that maybe we should let them be installed when KB2952664 moves to Recommended.

          1 user thanked author for this post.
          • #101640 Reply

            woody
            Da Boss

            I hated myself when I did it, but starting in December, I had people in group A install all recommended patches.

            That still sticks in my craw.

            1 user thanked author for this post.
            • #101654 Reply

              Noel Carboni
              AskWoody MVP

              I hated myself when I did it, but starting in December, I had people in group A install all recommended patches.

              That still sticks in my craw.

              I wouldn’t worry, Woody. Those who think for themselves will make their own decisions anyway, and systems really are hanging together pretty well (color me a bit surprised) with all of Microsoft’s recent accumulated work. I didn’t think they’d be able to pull it off, but maybe a lot of the smart, detail-oriented people who didn’t like where Microsoft management was going with the new OS moved over to older system maintenance.

              -Noel

          • #101670 Reply

            abbodi86
            AskWoody MVP

            Appraiser KB2952664 and Telemetry DiagTrack are built-in Windows 10 since RTM

            Both KB2952664/KB3150513 are only needed for upgrade
            they have nothing useful for current Windows 7 (well, except providing MSFT with Appraiser statistics)

            5 users thanked author for this post.
    • #101609 Reply

      radosuaf
      AskWoody Lounger

      https://www.reddit.com/r/Windows10/comments/5zlk1z/march_14th_updates_screwed_my_computer/

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit
      1 user thanked author for this post.
    • #101633 Reply

      SonicMojo
      AskWoody Lounger

      Anyone getting WSUS failures with the new patches?

      WSUS has been rock solid over here and suddenly now with three March patches (KB 4014329, KB 4013418 and KB 4013429) – I get this:

      “Client computers are installing updates with a higher than 25 percent failure rate. This is not normal.”

      This appears in the event log on the server when I manually check for updates from a Windows LTSB 1607 or a Enterprise 1607 workstation. Both stations are configured correctly and have been reporting into WSUS correctly and regularly.

      I also see all three March patches for 1607 have a big red X on them within the WSUS console – with a blurb “The update failed to install on 2 computers”?

      I have checked the update server – all is well. IP is correct. Machine is pingable from the clients. Ran the Windows Troubleshooter etc etc.

      Appreciate anyone checking in that is updating via WSUS and has had success.

      Cheers!

      Sonic.

       

      1 user thanked author for this post.
      • #102295 Reply

        woody
        Da Boss

        I was hoping to get a response directly here in the Lounge, but it looks like we don’t have the expertise on board.

        You should definitely post this on Susan Bradley’s patchmanagement.org mailing list. All sorts of WSUS victims, er, gurus, hang out there….

    • #101682 Reply

      anonymous

      All right, installed both the IE update (yesterday) and the security only bundle (less than 1h ago) on my Win 7 32-bit, no obvious issues at the moment. Had a couple of odd errors in event logs after yesterday’s reboot, plus the expected ones, but the odd ones didn’t seem connected. And I expected yesterday to be odd, because I hadn’t rebooted in 3 months (91 days, 2 hours and ~41 min to be exact – which I’m thinking is quite a feat for a Windows system), also had a pending antivirus update which had been quietly waiting for a reboot for a couple of weeks, and hadn’t even installed the December .NET updates, plus of course the small January security only patch.
      So first move was use Windows Update to install that .NET patch and the MRT, then reboot, give it a while, install the January security patch and the IE update, reboot again. Then waited till today for the March security patch. Tried the usual things I do and a couple of tests, nothing seems awry so far.

    • #101703 Reply

      Cybertooth
      AskWoody Lounger

      Downloaded KB4012212 for my Windows 7 x64 PC, and the installation is failing with a pop-up window claiming that “This update is not applicable to your computer.”

      The IE11 update and the Office updates installed earlier just fine.

      What am I missing?

       

      • #101706 Reply

        PKCano
        AskWoody MVP

        First thing comes to mind: check to see if you installed KB4012215 the Security Monthly Quality ROLLUP. If so, the security-only UPDATE will give you that message if you try to install it.

        Second thing, check the bittedness of the file you downloaded. There will be x86 or x64 in the file name. Does that match your computer 32-bit or 64-bit respectively?

        1 user thanked author for this post.
        • #101711 Reply

          Cybertooth
          AskWoody Lounger

          Check and check: I did download the update with the right bittedness (x64), and I haven’t installed 4012215 (Windows Update is still offering it for download).

          ??

           

          • #101713 Reply

            PKCano
            AskWoody MVP

            Hmmm. I’m running out of ideas. Try reboot, wait 10 min after login, stop Windows Update Service, try manual install again.

            1 user thanked author for this post.
          • #101740 Reply

            anonymous

            Only thing I can add is make really sure it’s the right file by checking hash too.

            For the built in tool, open a command prompt window and run:
            certutil -hashfile [path_and_filename] SHA256

            Should output

            e9 8d 6c 7f 09 c8 ab c5 9e da 19 88 80 07 46 75 a7 07 41 5d bd db 69 4a 4a 4a 6a 98 df 63 a7 c8

            If that’s so and 4012215 isn’t installed, really have no idea why it could possibly not work.

          • #101751 Reply

            satrow
            AskWoody MVP

            I was wondering whether the failure might be down to a workaround/mitigation already in place for one of the included patches, there are partial workarounds listed for 2 of the Critical patches:
            Windows DLL Loading Remote Code Execution Vulnerability – CVE-2017-0039 https://technet.microsoft.com/library/security/MS17-012
            Multiple Windows SMB Remote Code Execution Vulnerabilities https://technet.microsoft.com/library/security/MS17-010

          • #101759 Reply

            Cybertooth
            AskWoody Lounger

            PKCano’s suggestion (reboot, stop the Windows Update Service, and try to install again) did the trick. Thank you!

            The other suggestions are also appreciated, thankfully it didn’t come to that.

             

            • This reply was modified 1 month, 1 week ago by  Cybertooth.
            2 users thanked author for this post.
    • #101732 Reply

      bobcat5536
      AskWoody Lounger

      For info only. Using Windows 10 Home and based on the few comments of those that haven’t had any problems, I made an image this morning and went for it. Took 20 minutes total from start of the download to the complete install and so far, nothing negative to report. Seems like all went well.

    • #101765 Reply

      anonymous

      Meh, seem to have some trouble on all three of my Win 10 machines. Hangs at 95% download for updates on one, the other failed twice to install KB4013429 and finally found a Windows update reset tool that seem to fix it. Funny my oldest desktop with a Hazwell CPU i3 updated without issues. It was only a KabyLake notebook and a Dell Mini desktop that had issues. Well I guess you had to figure after taking a month off that Microsoft couldn’t do a smooth roll out of updates. That company has totally gone down the wrong path with updates. I think their image is worse than ever now, and it won’t help sell users on Windows 10. too many of these flubs and people will avoid Win 10 like the plague. I sort of wish I did looking back.

      1 user thanked author for this post.
    • #101784 Reply

      SonicMojo
      AskWoody Lounger

      My WSUS issues just got a bit more strange. After my earlier post this monring – I decided to “unapprove” the 3 Windows 10 1607 patches on the WSUS server.

      As soon as I did that – and then manually pressed Check for Updates on my 10 Win 10 workstations – they ran thru the check motions normally and reported back that they were up to date. Which they should be (assuming nothin new was found on WSUS).

      Then just moments ago – I approved just one of the three patches (KB 4013429) – the cumulate update patch – and clicked Check for Updates again. Instantly I get the error message attached….

      Couldnt-Connect-to-Update-Service
      Then  if I “unapprove” this file – and do another manual check – it goes fine. Just what the heck is going on here?

      Oddly – for a brief second before the above error appears – I can see a quick reference to the actual Cumulative Update file descriptor etc – which disappears and is replaced by the error above.

      And over in the update history – the following failures are record…

      Manually-check-failures-1

       

      Any ideas?

      Sonic.

      • This reply was modified 1 month, 1 week ago by  SonicMojo.
      • This reply was modified 1 month, 1 week ago by  SonicMojo.
      • This reply was modified 1 month, 1 week ago by  SonicMojo.
      • This reply was modified 1 month, 1 week ago by  SonicMojo.
      Attachments:
      You must be logged in to view attached files.
    • #101875 Reply

      samak
      AskWoody Lounger

      How-to Geek not happy either:

      https://www.howtogeek.com/298940/microsoft-please-stop-breaking-my-pc-with-windows-10s-automatic-updates/

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      • This reply was modified 1 month, 1 week ago by  samak.
      • #101877 Reply

        PKCano
        AskWoody MVP

        Suggestion: Try converting the post to text before cut/paste-ing.

        1 user thanked author for this post.
    • #101890 Reply

      AJNorth
      AskWoody Lounger

      NOT to pit colleague against colleague, in her 2017.03.16 Patch Watch column for Windows Secrets, Susan Bradley is recommending the installation of the OS March security patches KB4012215 (Win7) and KB4012216 (Win8.1), as well as the Office security patches (not the optional updates); curiously, for Windows 7 she has this:
      Windows 7 KB4012215
      7 gets only security fixes

      The March release for Windows 7 only includes security updates. This month update includes fixes for Windows DVD Maker, Microsoft Graphics Component, Windows kernel-mode drivers, Windows Media Player, Microsoft XML Core Services, Windows OS, SHA-1 deprecation for SSL/TLS certificates, Internet Explorer, Windows kernel, Microsoft Uniscribe, SMB Server, Windows Hyper-V, Internet Information Services, and Active Directory Federation Services.

       

      For my machines, and those of my clients, I shall continue to hold-off until the Oracle of Brentwood and his able associates also issue their imprimatur.

      • This reply was modified 1 month, 1 week ago by  AJNorth.
      1 user thanked author for this post.
      • #101928 Reply

        ch100
        AskWoody MVP

        @ajnorth
        Susan Bradley is targeting a different audience, which is sysdmin/sysengineer type.
        Woody is targeting mostly the home user audience.
        However there is no conflict as there is a lot of overlapping and if you can follow both and if you can make up your own mind, it is probably the ideal situation. As a good example of how Woody is supporting the enterprise users, just follow the recent CRM 2011 related posts and notice how successful were those threads, which provided a very good solution in only 2 days from the release of the problematic patches.
        I think this is the only public site which provides a solution until now.
        While Microsoft originally issued that solution as it is their duty to do so, they prefer to keep it private at this stage and work on individual cases. However, not everyone can afford to pay Microsoft for custom solutions and the fact that there is a public forum posting a possible solution, even if it is early and only experimental at this stage, is a very good thing. Good developers can take it from here and fine tune further if they find it necessary.

        For the purpose of this forum, you should support Woody’s approach.
        If you post on patchmanagement.org, where Woody posts often, you should support Susan’s approach.
        I would say it is a matter of courtesy for the host of each site. 🙂

        • This reply was modified 1 month, 1 week ago by  ch100.
        2 users thanked author for this post.
        • #102025 Reply

          AJNorth
          AskWoody Lounger

          @ch100

          Thank you for your reply.

          Yes, I certainly appreciate that each forum has its own subset of followers; still, there is quite a bit of overlap — and well before reaching the horizon, both approaches do usually tend to converge. (The matter of CRM 2011 is point well taken.)

          My post was intended to reflect that there are other readers of both (and even additional) forums for whom some of the same questions may arise.

          As is the nature of knowledge, when confronted with issues that may not strictly resolve with absolute objectivity, then some degree of art enters into the equation which one then uses in conjunction with the science to balance the various parameters involved and arrive at a solution (even if only interim).

          And, of course, trust — which for Susan and Woody (together with their respective cadres of highly-skilled and conscientious associates and contributors) is implicit — and never in doubt.

          To borrow something from those old enough to remember (or younger fans of Old Time Radio), once again with Windows this is akin to Molly warning Fibber, “Don’t open that closet door, McGee!”

          1 user thanked author for this post.
    • #101906 Reply

      AJNorth
      AskWoody Lounger

      Please do not construe this as any sort of criticism, much the pitting of two collegial professionals against one another, but in her Patch Watch column dated 2017.03.16, Susan Bradley has given the go-ahead to install some of the March security updates, including KB4012215 for Windows 7 and KB4012216 for Windows 8.1, as well as the various Office security updates. For KB4012215, she writes:

      “The March release for Windows 7 only includes security updates. This month update includes fixes for Windows DVD Maker, Microsoft Graphics Component, Windows kernel-mode drivers, Windows Media Player, Microsoft XML Core Services, Windows OS, SHA-1 deprecation for SSL/TLS certificates, Internet Explorer, Windows kernel, Microsoft Uniscribe, SMB Server, Windows Hyper-V, Internet Information Services, and Active Directory Federation Services.”

      Which is odd, as there are clearly both the Quality and Security Only roll-ups for Win 7 (with a stand-alone IE update for the latter).

      For my own Windows boxes, not to mention those of clients, I shall hold-off on any updates until we’ve moved from DEFCON 2.

       

      [Woody, not sure what happened to my post from two hours and thirty-odd minutes ago; it seems to have disappeared after I edited it. So, if this turns out to be a duplicate, then please delete one of them.]

      • This reply was modified 1 month, 1 week ago by  AJNorth.
      • #102044 Reply

        Noel Carboni
        AskWoody MVP

        Personally I think it’s too soon to tell whether the March patches cause havoc amongst any particular audience.

        There could be some, for example, who updated earlier this week and lost system functionality entirely, or lost network connectivity. They’re not necessarily back online with their war stories yet. The patches are only a few days old!

        Others might not know why their systems became unstable (or more unstable, in some cases). Not everyone runs a tight ship and they might just view what’s happening to them this week as another step toward reinstallation of the whole thing.

        And certainly no one does everything their system can do every day. Maybe there are classes of applications that are only run occasionally (e.g., monthly tasks) that are utterly broken but as it happens few have tried them yet. Yes, it’s a big, statistical world. But Windows is a BIG, complex blob of software!

        Personally, I update my virtual test systems right away, but often wait nearly a month to update my critical working systems. I do my OWN testing on virtual machines as well as online research – before choosing to (or NOT to) install a particular set of updates on my hardware.

        Finally, let’s not forget that individual users and systems have specific needs… Sure, it sounds like bunches of things are fixed in Windows 7. I have a particular system that’s running Windows 7 and has a very specific use as a server, and doesn’t get interactive use. For that it’s already utterly reliable and efficient. Microsoft hasn’t fixed anything I need for that system, thus that particular system continues running with updates deferred indefinitely, and only if something I really do or will need is documented in the updates will that change.

        StableWithoutUpdates

        I suggest that Woody’s MS-DEFCON system – which Woody usually only switches to 3 or higher after some weeks of observation – is being operated adeptly and with seasoned insight few folks – even including other respected journalists – have.

        -Noel

        Attachments:
        You must be logged in to view attached files.
        5 users thanked author for this post.
        • #102314 Reply

          walker
          AskWoody Lounger

          Good advice, Noel.

          I usually wait a while before I even do the “check for updates”.   (Paranoia perhaps? ).     Then once everything is there to review, I await the Defcon number going up to 3 or above before taking any action.   Thank you the information you have provided.     🙂  🙂  🙂

          1 user thanked author for this post.
    • #102251 Reply

      SonicMojo
      AskWoody Lounger

      Just wanted to report back – my issues (WSUS errors n such) were the result of some very incorrect client settings.

      After I removed all these settings and reset my Win 10 clients correctly – they are all downloading and installing the patches from WSUS with no issues.

      Sonic.

       

       

    • #102308 Reply

      abbodi86
      AskWoody MVP

      Security Update for Microsoft Excel 2010 (KB3178690) has some issues 😀
      https://support.microsoft.com/en-us/help/3178690

      it’s not pulled

      1 user thanked author for this post.
    • #102406 Reply

      anonymous

      https://www.ghacks.net/2017/03/14/microsoft-security-updates-march-2017/#comments

      This site has users from different Windows versions having severe trouble with latest patches. Anyone read anything additional?

    • #102714 Reply

      Cybertooth
      AskWoody Lounger

      It may be too late in the game for anybody to read this and reply to this thread, but regarding the installation of KB4012212 — it went well, but (when re-enabled) Windows Update is still offering KB4012215. I thought that installing the one would make the other one disappear?

      No biggie, I can always just hide the update, but I’m curious.

      • #102764 Reply

        abbodi86
        AskWoody MVP

        regular Windows Update never recognize Security Only updates

        just the managed environments like WSUS/SCCM have the ability to choose between Security Only and Monthly Rollup

        3 users thanked author for this post.
    • #103082 Reply

      anonymous

      An interesting item in the rollup previews for Win 7 and 8.1 released today:

      “Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.”

      Sources:

      https://support.microsoft.com/en-us/help/22801/windows-7-sp1-and-windows-server-2008-r2-sp1-update-history

      https://support.microsoft.com/en-us/help/24717/windows-8-1-and-windows-server-2012-r2-update-history

      https://support.microsoft.com/en-us/help/22811/windows-server-2012-update-history

       

      1 user thanked author for this post.
    • #103186 Reply

      anonymous

      This update was released on March 21: “DST changes in Windows for Northern Cypress, Mongolia, and Russian Saratov region” – https://support.microsoft.com/en-us/help/4012864/dst-changes-in-windows-for-northern-cypress-mongolia-and-russian-sarat. This update is available in WSUS and Microsoft Update Catalog, but not in Windows Update.

      • #103193 Reply

        abbodi86
        AskWoody MVP

        Preview Rollup already have it

        • #103241 Reply

          ch100
          AskWoody MVP

          Then it will be in the next monthly rollup.
          No need to install early, unless living in one of the affected time zones or doing business in that part of the world.

    • #103901 Reply

      anonymous

      On March 23, 2017, Microsoft released these two new non-security updates:

      KB3191564 – “Update for Windows Management Framework 5.1 for Windows 8.1 and Windows Server 2012 R2” – https://support.microsoft.com/en-us/help/3191564/update-for-windows-management-framework-5-1-for-windows-8-1-and-window

      KB3191565 – “Update for Windows Management Framework 5.1 for Windows Server 2012” – https://support.microsoft.com/en-us/help/3191565/update-for-windows-management-framework-5-1-for-windows-server-2012

      Both of these updates are available only on Microsoft Update Catalog.

    • #103911 Reply

      PhotM
      AskWoody Lounger

      On March 23, 2017, Microsoft released these two new non-security updates:

      By the Release Notes: Windows Management Framework (WMF) 5.1 Release Notes

      KeithB | Last Updated: 1/31/2017

      https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes

      ………

      Both of these updates are available only on Microsoft Update Catalog.

      If you really like using the Catalog one can BUT this might be a bit nicer:

      Install and Configure WMF 5.1
      https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure

      OR

      Microsoft download center

      For those of you that haven’t been following the following information this may very well may be new BUT it was actually released in January.

      PowerShell- Learning Virtually on MV Academy & MSDN Channel 9 from Videos, eBooks and Blogs
      https://www.askwoody.com/forums/topic/powershell-learning-virtually-on-mv-academy-msdn-channel-9-from-videos-ebook/

      …….

      Windows PowerShell

      Automating the world one-liner at a time…
      https://blogs.msdn.microsoft.com/powershell/

      Windows Management Framework (WMF) 5.1 Released
      https://blogs.msdn.microsoft.com/powershell/2017/01/19/windows-management-framework-wmf-5-1-released/

      Update January 27, 2017: .Net version info updated.

      “We are pleased to announce that we are releasing the Windows Management Framework (WMF) 5.1 via the Microsoft download center.

      WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition.

      You can find out more about the WMF 5.1 release in the Release Notes.

      Please note that for Windows 7 and Windows Server 2008 R2 the installation instructions have changed significantly. Please read the Install and Configure topic in the release notes. We have removed the requirement for pre-installing WMF 4 on Windows 7 and Windows Server 2008 R2, but to do so we had create a script for checking the prerequisites that accompanies the MSU in a ZIP file. WMF 5.1 requires .Net version 4.5.2, and cannot be installed on Windows 7 or Windows Server 2008 R2 if WMF 3.0 is installed. This affects only Windows 7 and Windows Server 2008 R2. The Install and Configure topic in the release notes provides details on using the script.

      As always, we welcome your feedback on PowerShell and WMF via our UserVoice site.

      Thank you –”

      The PowerShell Team

      …….

      I was almost caught on this, I had even Downloaded the MSU but when I started my usual cross checks, I found I have the same KB’s and information I had in January. In short if you already have WMF 5.1 there is nothing to see here folks.

      However, with the extra talk of DISM lately, maybe it is a good opportunity to become more aware of Powershell and Powershell ISE.

      ----------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon 6880, Neither Over Clocked

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

      Best Regards,

      Crysta

      2 users thanked author for this post.
      • #103994 Reply

        Pepsiboy
        AskWoody Lounger

        Crysta,

        Just 1 QUICK question. Is WMF 5.1 FASTER, SAFER, MORE RELIABLE, or EASIER to use than the Catalog?

        Thanks for the in depth article on the subject.

        Dave

        • #104034 Reply

          PhotM
          AskWoody Lounger

          Golly Pwpsiboy,

          I am not sure I really understand what you’re asking????

          WMF’s are what is downloaded for installation of Powershell, Powershell ISE(both x86 & x64), as well as the group of stock Modules and Scripts. The most important ones in my opinion are PowershellGet and PackageManagemet Modules that allows one to get established with Repositories for the purpose of expanding ones Module and Script collection.

          There are 3 ways one can download the WMF I.x, one is from the Catalog which MS is getting more and more complete it seems. For the more experienced to advanced user there is probably little difference between them BUT for somebody whom has never been in the Catalog, is could seem very foreign. If one tries searching around in the Catalog and they haven’t found the list of search terms, etc, that can be very daunting.

          Therefore, many people may feel more comfortable using one of the other methods to download WMF’s as well, in general, other things that MS makes available. Is the Catalog going to become more of a common repository, I do not know BUT surely they can do better then their antiquated Catalog approach.

          My teaching guide is not meant to be in depth. Instead it is a starter for the beginner to novice. Woody’s article mention at the beginning is a starter for the novice/mid user to more advanced entry but even his is not meant to be in depth.

          Sorry to poop all over you premises, but I believe in complete and clear answers designed to teach(albeit more verbose then a seasoned writer).

          I hope this helps get you started in a much more competent CLI than CMD is. As I pointed out in the Post, PS ISE is a great way to start since it’s semi GUI. Yes, I know that, the more advanced user see it as an avenue to develop scripts BUT it is also designed to be used in a non development way as well, like I use it too.

          ----------------------------------------

          1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

          SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

          CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
          Graphics Radeon 6880, Neither Over Clocked

          2xMonitors Asus DVI, Sony 55" UHD TV HDMI

          1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
          1xOS W8.1 Pro, NAS Dependent, Same Sony above.

          -----------------

          Best Regards,

          Crysta

          1 user thanked author for this post.
          • #104275 Reply

            Pepsiboy
            AskWoody Lounger

            Crysta,

            OK, I guess I misunderstood what was being talked about. My mistake. Sorry.

            Dave

            1 user thanked author for this post.
            • #104279 Reply

              PhotM
              AskWoody Lounger

              No Problem Dave,

              No need to be sorry about what you don’t understand. Hopefully you learned something and are willing to stick your toe in a little deeper. Powershell as a USER is really not that difficult just different. I DO NOT Develop in it even though I use the ISE allot.

              It is very Powerful even for a novice user like myself…..

              ----------------------------------------

              1. Tower Totals: 2xSSD ~512GB, 2xHHD 4TB, Memory 32GB

              SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

              CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
              Graphics Radeon 6880, Neither Over Clocked

              2xMonitors Asus DVI, Sony 55" UHD TV HDMI

              1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
              1xOS W8.1 Pro, NAS Dependent, Same Sony above.

              -----------------

              Best Regards,

              Crysta

    • #105139 Reply

      glnz
      AskWoody Lounger

      My comment doesn’t show, so I’ll try again —

      I read Woody’s “Patch Tuesday” entry on March 14.  So, on my Win 7 Pro 64-bit machines, I installed just four security-only updates – KB 890830, 4013867, 4012204 and 4012212.

      But more than two weeks have now passed, so do we think that the full roll-up is OK?  (March, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4012215).)
      Has anyone’s PC melted after the full roll-up?

      Many thanks to Woody and all here for looking out for us !!!

      • This reply was modified 1 month ago by  glnz.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Tuesday just hit

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.