Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Tuesday: The good, the bad, the ugly and the hopeless

    Home Forums AskWoody blog Patch Tuesday: The good, the bad, the ugly and the hopeless

    Tagged: 

    This topic contains 117 replies, has 29 voices, and was last updated by  DrBonzo 1 month, 2 weeks ago.

    • Author
      Posts
    • #223063 Reply

      woody
      Da Boss

      Patch Tuesday patches are rolling out right now and there’s a bunch of them. Quick glance on the Microsoft Update Catalog shows 104 individual patches
      [See the full post at: Patch Tuesday: The good, the bad, the ugly and the hopeless]

      7 users thanked author for this post.
    • #223071 Reply

      abbodi86
      AskWoody MVP

      Win7 SSU KB3177467-v2 still exclusive
      i’m interesting to know if it will get offered alone first on WU, since it’s now Security Update

      i don’t have deployed Win7 currently to check 馃檪

      3 users thanked author for this post.
      • #223107 Reply

        geekdom
        AskWoody Lounger

        Beta Test
        Here and appeared in Windows Updates just now:
        https://support.microsoft.com/en-us/help/3177467/servicing-stack-update-for-windows-7-sp1-and-windows-server-2008-r2-sp

        This update appeared after today’s other updates were installed and I checked for updates again.

        Group G{ot backup} Win7 路 x64 路 SP1 路 i3-3220 路 TestBeta
        • This reply was modified 2 months ago by  geekdom.
        • This reply was modified 2 months ago by  geekdom.
        3 users thanked author for this post.
        • #223129 Reply

          anonymous

          This may be the first time you’ve cleared the deck to expose this service stack update. It was discussed by Mr.Brian (I believe) last year. And more recently was a subject of some contention over how to properly bring a system up to date.

          Could there have been a system change that removed an earlier install, that is now being recognized and put on offer to your system again?

          • #223158 Reply

            geekdom
            AskWoody Lounger

            An earlier version of KB3177467 was installed on my computeer September 20, 2016.

            What has occurred in the current check for updates is all other applicable updates appeared first and KB3177467-v2 showed only after current updates had been installed.

            abbodie86鈥檚 question was: does this update show alone and first. No, it doesn鈥檛; it shows alone and last after all the other current updates have been installed.

            Group G{ot backup} Win7 路 x64 路 SP1 路 i3-3220 路 TestBeta
            • #223186 Reply

              anonymous

              Thank you, I plead distraction. I had read the -v2 significance earlier then missed it when seeing your reply later. I hope my embarrassment serves to illustrate the coming questions if this eventually turns into a glitch. You did well to point this out so clearly.

      • #223191 Reply

        PKCano
        AskWoody MVP

        The original version of KB3177467 was installed on my Win7 Ult x64 in 2016

        Today (10/9), I had 5 updates in the queue (Rollup, .NET Rollup, MSRT and 2 Office Viewer patches). I hid all 5, did a search for updates, and the SSU KB3177467 -v2 showed up. It is still exclusive and does not show up until the Windows Update queue is empty.

        4 users thanked author for this post.
        • #223386 Reply

          abbodi86
          AskWoody MVP

          Hmmm.. how is that supposed to solve the Monthly Rollup issue if KB3177467 is offered and installed afterwards?

          2 users thanked author for this post.
    • #223075 Reply

      geekdom
      AskWoody Lounger

      Beta Test
      Reporting on Windows 7 x64 updates:

      • Windows Malicious Software Removal Tool x64 (KB890830)
      • Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4459922)
      • October Security Monthly Quality Rollup Windows7 x64 (KB4462923)

      All installed without error and the system rebooted without error.
      Please note that I have GWX Control Panel to prohibit Windows 10 upgrade.

      Group G{ot backup} Win7 路 x64 路 SP1 路 i3-3220 路 TestBeta
      2 users thanked author for this post.
      • #223169 Reply

        geekdom
        AskWoody Lounger

        Beta Test
        Checked for updates again.

        • KB3177467 showed as a stand-alone update.
        • KB3177467 installed without error.

        No system reboot was required nor indicated as necessary.

        Group G{ot backup} Win7 路 x64 路 SP1 路 i3-3220 路 TestBeta
        1 user thanked author for this post.
    • #223077 Reply

      PKCano
      AskWoody MVP

      Group B Security-only patches have been updated on AKB2000003 as of Oct. 9, 2018.

      The links provided are direct download to the MS Update Catalog, thus are always up to date.

      11 users thanked author for this post.
      • #223368 Reply

        PKCano
        AskWoody MVP

        How to get the Servicing Stack KB3177467 -v2 if you are in Group B

        The SSU KB3177467 will not appear in Windows Update as long as there are any other pending updates in the “important” update queue.

        In Windows Update:
        + Hide the Security Quality Monthly Rollup.
        + Hide whatever other updates you do not want to install (including unchecked).
        +Install the remaining checked updates – this should clear the WU queue.
        +Reboot if required, wait 15 minutes, search for updates
        +Install the Servicing Stack KB3177467
        +Reboot if required, wait 10 minutes
        + Install the Security-only Update and the IE11 Cumulative Update
        + Reboot, wait 15 minutes

        EDIT: Alternate method………….

        In Windows Update:
        + Hide all pending updates in the important update queue (checked and unchecked)
        + Search for updates
        + Install the Servicing Stack KB3177467
        + Reboot if required, wait 10 minutes
        + Install the Security-only Update and the IE11 Cumulative Update
        + Reboot, wait 15 minutes
        + Unhide any updates you want to install (.NET, MSRT, Office, etc)
        + Install the remaining updates
        + Reboot if required, wait 15 minutes

        Group B is a little more difficult this month!

        8 users thanked author for this post.
        • #223370 Reply

          DrBonzo
          AskWoody Lounger

          Thanks for those very clear instructions. I’m curious, though, if it’s OK to just get the SSU update from the catalog as a stand alone package and install it, reboot if required, and then install the Security Only and IE 11 updates.

          While I’m sure your way will work, it seems that MS is using some very convoluted logic (you need the SSU before installing the Rollup, Security Only, or IE 11 updates, but you’re not offered the SSU until after you’ve either installed those updates – that’s the convoluted part – or gone to the trouble of hiding them – which is not quite so convoluted but is certainly devious/obtuse/obfuscated/etc.) Or perhaps I’m missing something?

          • #223411 Reply

            PKCano
            AskWoody MVP

            It is certainly OK to download the SSU from the Catalogue and install it manually. But it can be had from Windows Update with a little effort while the Security-only patches cannot.

            MS should present the SSU first in Windows Update and not allow the Rollup to show up unless it is install first. That would be logical.

            But this is MS we are talking about.

            4 users thanked author for this post.
        • #223638 Reply

          RTEsysadmin
          AskWoody Lounger

          Thanks for those instructions. Still, it seems easier to install the update manually. Also, if you have a lot of machines on an AD domain that need it, you can probably plan on losing at least a night’s sleep. For our servers, I’m planning to deploy it through Group Policy, as we do with all updates (we don’t Windows Update or WSUS) with a start-up script:

          wusa.exe聽\\server\Share\Windows6.1-KBxxxxxx-….msu聽/quiet /norestart
          shutdown /r

          This avoids having to repackage the .msu file as an .msi, as you’d normally have to do to run a program at startup.

          Group K(ill me now)
          • This reply was modified 2 months ago by  RTEsysadmin.
          • This reply was modified 2 months ago by  RTEsysadmin.
    • #223086 Reply

      Susan Bradley
      AskWoody MVP

      That’s only one bug fixed.聽 The user files bug is a second and as far as I’m aware, not yet fixed.

      Susan Bradley Patch Lady

      1 user thanked author for this post.
      • #223101 Reply

        woody
        Da Boss

        That appears to be the case. Wonder why they don’t just come out and say it?

        1 user thanked author for this post.
    • #223087 Reply

      OscarCP
      AskWoody Lounger

      As I have every month and for several years now, and being Group B, I am going to wait for at least three weeks before even considering patching my Windows 7 PC this time — unless something like the Meltdown/Specter scare happens — and while keeping an eye most particularly on the comments here and elsewhere about problems people may encounter and, of course, also on the Master Patch List.

      Group B, Windows 7 Pro, Sp1, x64.

      2 users thanked author for this post.
    • #223089 Reply

      anonymous

      Microsoft shows deep disrespect for its 鈥榗lients鈥. Think we are seeing the beginning of the end of Windows. Just because of arrogance, pushing despite customers are begging and screaming 聽to stop that.

      1 user thanked author for this post.
    • #223093 Reply

      Geo
      AskWoody Lounger

      Good news for us W7’s .聽 I see they still have some for XP.

      3 users thanked author for this post.
    • #223106 Reply

      Zaphyrus
      AskWoody Lounger

      Doees the MSDEFCON rating apply to this updates?

      Just someone who don't want Windows to mess with its computer.
      • #223111 Reply

        PKCano
        AskWoody MVP

        The DEFCON-1 of 10/9/18 applies to the October updates (any of them).

        Sept updates were approved under DEFCON-3 with reference to the conditions and caveats listed in the Master Patch List.

        2 users thanked author for this post.
        • #223113 Reply

          woody
          Da Boss

          In other words, you bet your sweet bippy.

          I wouldn’t touch any of these patches just yet. Let’s see what shakes loose.

          3 users thanked author for this post.
    • #223118 Reply

      Karlston
      AskWoody Lounger

      It’s interesting that “the most secure version of Windows ever” AKA Windows 10, has more vulnerabilities being patched than the “older less secure” versions.

      Another Microsoft Windows 10 lie claim bites the dust?

      Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

      • This reply was modified 2 months ago by  Karlston.
      • #223125 Reply

        Zaphyrus
        AskWoody Lounger

        I think it has to do that the people that creates virus and stuff,聽 moves to newer OS since they are more widely used

        That’s why I have a personal theory that under that logic, IT MAY be safe to use older systems like XP.

        for example, if I was someone that want to mess up with people computers, I wouldn’t create a virus that target an OS that only 1 or 2 persons use. I would target the lastest OS.

        YES I know, all of us should be in supported systems.

        Just someone who don't want Windows to mess with its computer.
        • #223166 Reply

          Karlston
          AskWoody Lounger

          If we’re to believe the usage statistics, then more people don’t use Windows 10 than use it.

          Wouldn’t that make Windows 10 a less tempting target?

          Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

          • This reply was modified 2 months ago by  Karlston.
          • This reply was modified 2 months ago by  Karlston.
          • This reply was modified 2 months ago by  Karlston.
        • #223161 Reply

          anonymous

          Karlston – The amount of vulnerability patches don’t necessarily relate to how vulnerable the system actually is.聽 Things like the Zero Day Initiative didn’t really exist back in the day of (say) XP.聽 Many exploits existed that were never patched because they were never reported nor found.聽 Many of the vulnerability patches fix vulnerabilities that exist but are non-trivial to exploit.聽 Many of the exploits from XP’s era were quite trivial.

          Zaphyrus – Picking an old OS may protect you from some of the mass exploits, however if you’re ever targeted you’d be toast.聽 Most kits still have exploits for older systems, or they’re still common enough to find.聽 Also if the phishing email you clicked on contained a link to an automated downloader server, it may have exploits for many different systems.

          • #223225 Reply

            Zaphyrus
            AskWoody Lounger

            I am aware of the flaw of my theory, as I said, its better to be in a newer and supported OS.

            Just someone who don't want Windows to mess with its computer.
      • #223126 Reply

        krzemien
        AskWoody Lounger

        Indeed, spotted that too.

      • #223185 Reply

        b
        AskWoody Lounger

        Developers create vulnerabilities. Only Windows 10 is being developed.

        Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

        • #223201 Reply

          EstherD
          AskWoody Lounger

          Not true. Bug fixers create bugs, too. Have you already forgotten the Win7 Spectre/Meltdown fiasco from earlier this year? The bug introduced by that patch was FAR worse than the bug that patch was trying to fix.

          • #223327 Reply

            b
            AskWoody Lounger

            Worse how? More vulnerable?

            Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

            • This reply was modified 2 months ago by  b.
            • #223351 Reply

              AlexEiffel
              AskWoody MVP

              I think she might refer to Total Meltdown.

            • #223353 Reply

              b
              AskWoody Lounger

              Ah yes. Got it. Thanks.

              Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

    • #223123 Reply

      anonymous

      KB4462923 is back with the “NIC disappearing” issue

      https://support.microsoft.com/en-us/help/4462923/windows-7-update-kb4462923

      2 users thanked author for this post.
    • #223124 Reply

      anonymous

      There was a last minute change on daylight saving time here on Brazil – as discussed here:聽https://social.technet.microsoft.com/Forums/pt-BR/2e144152-c2c1-48cf-a22b-023d094e30ef/horrio-de-vero-20182019-nova-alterao?forum=w8serverpt

      As far as I can see none of those updates will fix it, right?

      • #223131 Reply

        PKCano
        AskWoody MVP

        The daylight savings time fixes usually come out in separate updates for Win7/8.1
        Unless you see it mentioned in the MS pages for the specific update you need, it probably has not been applied.

    • #223136 Reply

      anonymous

      Win 10 1809 home user. Have a question maybe someone could help with.

      I just updated my computer, and strange….In the update history, the cumulative update (KB4464330) shows twice. Once it shows it successively installed on 10/9/2018. However, below that it shows the same KB4464330 Failed to install on 10/9/2018 – 0x8024200d.

      I checked my Windows version, and I am on build 17763.55 (which I believe is what build I should be on).

      Computer appears to be working fine.

      In two years of owning this computer, I have never seen an install error message in the update history.

      The actual update process seemed to go fine.

      Is this something to be concerned about?

      Many many thanks….

       

      • #223143 Reply

        PKCano
        AskWoody MVP

        If it shows installed finally, and the Build number is correct, and you are not having problems, I wouldn’t worry about it. 1809 is still a question mark.

      • #223208 Reply

        anonymous

        Two of my Win10 Home machines download and install each update two or three times before they are successful.聽 But, recently, I noticed that one of them has successfully installed an update twice.

        I know not why.聽 But I don’t worry as v1809 will remove any evidence…

      • #223212 Reply

        anonymous

        Yeah, sometimes happens here too. Installed = installed in the end. One of the many, many Windows 10 mishaps.

      • #223240 Reply

        anonymous

        The same happened to me.

        So far I ran sfc / scannow without integrity errors and am in buid 17763.55.

        Several users on other forums report this problem in today’s 1809 update.

    • #223142 Reply

      Mr. Natural
      AskWoody Lounger

      It’s like a runaway train. Despite all the obstacles, derailing’s聽 and catastrophe’s that have occurred there is no stopping this train. Total disregard and oblivious to the past. Moving full steam ahead regardless. Absolutely no stopping or slowing down.

      Hmmmmm… kind of like some sort of A.I. making the decisions and following the prescribed schedule regardless. Calling the shots with no consideration for the lowly human “element”.

    • #223157 Reply

      anonymous

      Win8.1 x64 – updates, no issue noticed (yet).

      Win 10 x64 1803 – updated, no issues noted (yet).聽 That is an evaluation version.

      POSready/WES09 – updated, no issues noted.

    • #223160 Reply

      samak
      AskWoody Lounger

      Interesting to see that the W7 monthly roll-up patch KB4462923 has the NIC issue but the Security-only patch KB4462915 doesn’t. Yay for Group B 馃檪

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      1 user thanked author for this post.
    • #223172 Reply

      Bill C.
      AskWoody Lounger

      And just in time for Halloween, IIRC, this is the month that the Win7 telemetry updates are to be included in the Monthly Rollups (Group A), correct. I think that was discussed last month.

      If so, I suspect someone will reference it and refresh my mind.

      1 user thanked author for this post.
      • #223180 Reply

        PKCano
        AskWoody MVP

        According to @abbodi86 , you are correct. Telemetry, here it comes!

        1 user thanked author for this post.
        • #223232 Reply

          Noel Carboni
          AskWoody MVP

          Wait… WHY would Microsoft need telemetry from a Win 7 system?

          Are they trying to discover what people need with real computer operating systems?

          Or just slow them down and make them less secure?

          -Noel

          5 users thanked author for this post.
        • #223399 Reply

          Microfix
          AskWoody MVP

          Ah, ‘Telemetry Tuesday’..more fiery hoops and loops to avoid it Grrr.. 馃檪

          | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
    • #223179 Reply

      ViperJohn
      AskWoody Lounger

      Group B Security-only patches have been updated on AKB2000003 as of Oct. 9, 2018. The links provided are direct download to the MS Update Catalog, thus are always up to date.

      PKCano the Group B’ers also have the KB3177467-v2 Servicing Stack Update to manually install this month.

      Viper

      • #223181 Reply

        PKCano
        AskWoody MVP

        The SSU is available through Windows Update after they hide the other update(s). No need for a Catalogue link.

    • #223187 Reply

      Geo
      AskWoody Lounger

      Group A,聽 Win 7X64,聽 Home Premium,聽 AMD,聽 MS security essentials,聽 Office 10.聽 No problems, no slowdown after installation.

       

      2 users thanked author for this post.
    • #223197 Reply

      Geo
      AskWoody Lounger

      Let’s hear from the XP people.聽 You never hear any complaints or problems coming from them.

      • #223397 Reply

        Microfix
        AskWoody MVP

        no complaints here from an offline XP user 馃檪 Just like the MS wallpaper – Bliss

        | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
        2 users thanked author for this post.
    • #223199 Reply

      anonymous

      I’d say it’s pretty important to make a note of it. Doubt I’m the only one who doesn’t hide everything…

      — Cavalary

      1 user thanked author for this post.
    • #223235 Reply

      ViperJohn
      AskWoody Lounger

      The SSU is available through Windows Update after they hide the other update(s). No need for a Catalogue link.

      The SSU should be installed before Octobers Security Only updates shouldn’t it???聽 That is normally how SSU’s are applied.聽 Without at least a reference to it the risk of out of order updates goes through the roof.聽 I always install the Security Only updates from the catalog before I even run WU to get the .NET updates and hide the other junk in WU.聽 I bet I am not alone in doing that.

      1 user thanked author for this post.
      • #223245 Reply

        anonymous

        I’m still wondering if it is the October update itself that makes a change that requires a new install of the service stack update. I lack the skills, and am waiting for more information.

    • #223237 Reply

      Carl D
      AskWoody Lounger

      Wait鈥 WHY would Microsoft need telemetry from a Win 7 system? Are they trying to discover what people need with real computer operating systems? Or just slow them down and make them less secure? -Noel

      Noel, I’ve asked that question myself a few times. Never really received any sort of satisfactory answer apart from “oh, it helps MS improve Windows” or words to that effect.

      What sort of ‘improvements’ is MS planning for W7 between now and January 2020, I wonder? Unless they’re slowly laying the foundations for all remaining Windows 7 computers worldwide to automatically ‘upgrade’ themselves to Windows 10 immediately following W7 EOL.

      I’ll have my popcorn ready when January 2020 arrives, just in case.

      • This reply was modified 2 months ago by  Carl D.
      1 user thanked author for this post.
    • #223238 Reply

      TheOwner
      AskWoody Lounger

      Installed rollup and stack update on my Win 7 64 bit.

      After that, new update appeared KB3150513. What is it? Is very old update so why appeared now?

      Also i noticed one more scheduled task in my task manager, but i dont know which task was added last. Anyone noticed this?

      Thank you.

      • #223246 Reply

        PKCano
        AskWoody MVP

        MS added the telemetry to the Win7 Rollup this month. Those is probably the additional tasks.

        2 users thanked author for this post.
        • #223251 Reply

          Carl D
          AskWoody Lounger

          Someone recently posted a link to a batch file which disables/removes the added telemetry to Windows 7.

          Because the telemetry isn’t ‘baked’ into the OS like Windows 10 it is easier the defeat/remove apparently.

          Can’t remember which thread it was in but I have the batch file saved here. The creator recommended running it after installing Windows Updates every month from now on.

        • #223644 Reply

          anonymous

          It鈥檚 probably the prelude to yet another round of desperate pushing to get Windows 7 users to 10. Next year is Microsoft鈥檚 last chance to keep them onboard. Expect many dirty tricks as 2019 closes to an end.

          1 user thanked author for this post.
      • #223248 Reply

        anonymous

        KB3150513, the palindrome update, is on my prohibited list. Will have to look into why.

      • #223254 Reply

        anonymous

        My notes show that KB3150513 follows on from KB2952664, a well documented item to avoid. I intended to write that you should look for, and remove that item. But now understand that may be what is now bundled into the October Cumulative Update. Please someone say if this is correct or no.

        This may be more help, https://www.askwoody.com/forums/topic/neutralize-telemetry-and-sustain-windows-7-and-8-1-monthly-rollup-model/

        • #223261 Reply

          PKCano
          AskWoody MVP

          You are most probably right.

          KB3150513 shows up in Windows Update only if KB2952664 is installed. Since KB2952664 has been baked into the Rollup that might be the answer.

          1 user thanked author for this post.
          • #223267 Reply

            TheOwner
            AskWoody Lounger

            I have KB2952664 hiden, never was installed on my PC but KB3150513 now offered for install.

            • #223273 Reply

              PKCano
              AskWoody MVP

              KB2952664 is now included in the October Rollup. If you have updated this month, you have installed it.

              2 users thanked author for this post.
            • #223277 Reply

              TheOwner
              AskWoody Lounger

              Well then i dont understand why is KB2952664 still in my hiden list. If i hide preview rollup, it automaticaly disappear when monthly rollup is avaivable.

            • #223282 Reply

              PKCano
              AskWoody MVP

              Because KB2952664 is not a stand-alone patch anymore (it is included in the Rollup) and the metadata probably does not show that it supersedes the version you have hidden.

              5 users thanked author for this post.
      • #223382 Reply

        abbodi86
        AskWoody MVP

        KB3150513 is an old and superseded update to fix a security vulnerability in older KB2952664 version
        but Microsoft is lazy enough and forgot to expire it

        5 users thanked author for this post.
    • #223287 Reply

      TheOwner
      AskWoody Lounger

      So should i now install KB3150513?

      • #223292 Reply

        PKCano
        AskWoody MVP

        We are still at DEFCON-1. The patches just came out today and DEFCON-1 means WAIT to 1nstall. I think you should wait until Woody has had time to sort all this out and make recommendations for patching safely. A DEFCON number of 3 or above will signify that.

        5 users thanked author for this post.
    • #223301 Reply

      b
      AskWoody Lounger

      There鈥檚 a bumper crop of Office security patches, for Office 2010, 2013, 2016, several viewers, SharePoint Server 2010, 2013 and 2016.

      150 million users of Office 365 ProPlus (Click to Run) also had updates made available:

      Release information for updates to Office 365 ProPlus

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

      2 users thanked author for this post.
      • #223643 Reply

        anonymous

        But this time no updates for the 鈥榥ormal鈥 Office 365 Pro suite. Phew. That meant I had to wait half an hour less for those pesky patches to finish.

        • #223654 Reply

          b
          AskWoody Lounger

          I don’t understand what ‘normal’ means there; as far as I can see, ALL versions of Office 365 were updated yesterday.

          Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

    • #223328 Reply

      Geo
      AskWoody Lounger

      Woody wrote about KB3150513 in his 4 may 2016 article in Computerworld.聽 Mystery Solved.聽 For us W7 aficionados聽 if your not upgrading聽 to W10 hide it.聽 Pretty sneaky of MS to include 664 in the Oct. updates.

      • This reply was modified 2 months ago by  Geo.
      • This reply was modified 2 months ago by  Geo.
      • This reply was modified 2 months ago by  Geo.
    • #223363 Reply

      GoneToPlaid
      AskWoody Lounger

      Win7 SSU KB3177467-v2 still exclusive i鈥檓 interesting to know if it will get offered alone first on WU, since it鈥檚 now Security Update i don鈥檛 have deployed Win7 currently to check聽

      I am pretty sure that KB3177467 is simply a re-release of this update which was originally released on or about 2016-09-19.

      What? There is a KB3177467-v2? And this is not simply a re-release of the original KB?

      I am Group B, and I have had KB3177467 installed on all of my Windows 7 computers since around 2016-10-02 with no issues aside from the Stage 3 of 3 hang. I encountered the Stage 3 of 3 hang when I inadvertently installed this update at the same time as other updates on one of my Windows 7 computers.

      Think about it. This is a Servicing Stack Update (SSU) for Windows Update. You really should install any SSU by itself (as in not installing any other updates at the same time) and reboot your computer before proceeding to install any other updates.

      For all Windows 7 users, installing this update is important since it fixes some critical timing issues which could occur when installing other updates. KB3177467 does not contain telemetry, does not alter Windows Update settings, and has nothing to do with either Windows 10 or GWX.

      The upshot is that KB3177467 is now flagged as a Security Update in order to hopefully get all Windows 7 users to install it, which they should if it is not already installed even though this update has nothing to do with security.

      • This reply was modified 2 months ago by  GoneToPlaid. Reason: remove the giant smilely face
      • This reply was modified 2 months ago by  GoneToPlaid.
      4 users thanked author for this post.
      • #223371 Reply

        DrBonzo
        AskWoody Lounger

        This version 2 thing seems pretty fishy to me. I installed the original SSU in October 2016 with no problems at all (no hanging on ‘2 of 3’ or ‘3 of 3’, nor any other problems). My September 2018 group B Win 7 Security only and IE 11 patches installed with no problems at all. So now all of the sudden, MS has come up with a new version of the SSU!!!??? I’m thinking the likelihood of there being hidden nasty tricks in this new SSU is very high.

        • #223390 Reply

          abbodi86
          AskWoody MVP

          SSU never contain anything fishy

          they could have release completely new SSU update with different KB number, would that make a difference? 馃檪

          but they should do that really, and get rid of exclusive attribute

          1 user thanked author for this post.
      • #223389 Reply

        abbodi86
        AskWoody MVP

        Yes, KB3177467-v2 do not contain any new files, just new package with higher version and “Security Update” classification

        but how WU users can handle “possible” Monthly Rollup issue if KB3177467-v2 only show up after installing the rollup (and clear other updates)?
        IMHO, they should treat the rollup just like Windows 8.1 KB2919355, it won’t show up in WU until the proper SSU is installed

        i’m pretty sure the “exclusive” attribute is the cause of “Stage 3 of 3 hang”
        previous SSU KB3020369 does not have it, and i didn’t hear any issue with installing it

        3 users thanked author for this post.
        • #223497 Reply

          GoneToPlaid
          AskWoody Lounger

          Correct. I just installed the v2 and noted that KB3177467 is now listed as “Security Update for Microsoft Windows (KB3177467)” under Installed Updates, whereas v1 was listed as “Update for Microsoft Windows (KB3177467)” under Installed Updates.

          abboi86 is also correct that v2 contains no new files nor anything fishy. I also agree with him about the exclusive nature of SSUs as the cause of any Stage 3 of 3 hangs.

          3 users thanked author for this post.
      • #223408 Reply

        Ed
        AskWoody Lounger

        @gonetoplaid

        “Think about it. This is a Servicing Stack Update (SSU) for Windows Update. You really should install any SSU by itself (as in not installing any other updates at the same time) and reboot your computer before proceeding to install any other updates.”

        OK, I thought about it, and once again I’m posing the same question. You’re telling people they should restart their computers after installing this update and it should be installed by itself… I’d like an explanation as to WHY we need to do this? Unless you’re seeing a “Restart Now” prompt after installing KB3177467 why should we do a restart? Are YOU seeing a “Restart Now” prompt after installing only KB3177467?

        For the third time now I’m asking you to explain why anybody would need to restart their computer after installing an update that does NOT require a restart! If my most recent unanswered request for clarification on this is a bit foggy see here……

        https://www.askwoody.com/forums/topic/ms-defcon-1-if-you-didnt-get-the-september-updates-installed-fuhgeddaboutit/#post-222552

        • #223500 Reply

          GoneToPlaid
          AskWoody Lounger

          I stand corrected. If you installed KB3177467 exclusively, you do not have to restart your computer.

          • #227412 Reply

            anonymous

            “I stand corrected. If you installed KB3177467 exclusively, you do not have to restart your computer.”

            I fixed your comment for you GoneToPlaid, in the link Ed provided he clearly stated he installed the SSU (KB3177467) and then two Security Only updates directly afterwards without a restart between any of them.

            I’d have to think Ed’s 100% success rate on 16 individual computers would be pretty stealth proof that a restart is not needed regardless if the SSU is installed “exclusively” or not.

            • #227431 Reply

              anonymous

              NewAnon correcting your correction. You read the word exclusively different than Microsoft intends, and GtP is using their term. Exclusively is the only way to install the SSU. And then after you may install additional updates seperately before updating.

    • #223394 Reply

      Microfix
      AskWoody MVP

      NOTE: For those of a ‘nervous telemetry disposition’
      Just installed SQMR kb4462926 on W8.1 without issue but, found 2 nodes of telemetry had appeared to the system due to telemetry being integrated in the SQMR patch, now neutered until next SMQR.<sigh>

      W7 will be much the same on SQMR kb4462923 patch (with integrated KB2952664)

      I would suggest reading neutralize-telemetry-and-sustain-windows-7-and-8-1-monthly-rollup-model
      by @abbodi86

      What, no integrated Adobe Flash update for W8.1 this month!

      EDIT: Another method is to use WPD which claims to work on versions of Windows 7-10

      https://wpd.app/

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
      • #223409 Reply

        Noel Carboni
        AskWoody MVP

        I’m always curious how others take control of such things, on the chance that there is an even deeper disablement process I don’t know about that could lead to even better performance…

        What did you do (if anything) beyond changing the Customer Experience Improvement Program settings and configuring the scheduled tasks to Disabled?

        I’ve been wondering whether disabling some of the underlying trace logging will reclaim a few percent of computer power, to be put to better use on actual work. Not long ago I followed some advice (I’m sorry to say I forgot the source) to disable tracing for something on my Win 8.1 system, and I do believe I picked up a few percent in software build speed (which a new version of Visual Studio promptly ate up again).

        -Noel

        • #223427 Reply

          Microfix
          AskWoody MVP

          Noel, for me it’s not about performance, it’s more to do with MS and their intrusive hidden agendas, aka snooping in W7 and W8.1

          What I did was re-check the system with Spybot Anti-Beacon to discover 2 nodes had been re-activated. Then using the script abbodi86 posted, checked all the settings within the script manually (in the registry) to ensure that they hadn’t changed and if so, revert them back – without actually using the script batch file at all, I don’t like the idea of not being able to revert back 馃槈

          I’ve been following ‘Crazyws’ (WindowsSpyBlocker author) who generated the firewall rules to circumvent MS snooping for a good while now, who continuously updates the firewall rulesets to reflect updated MS evolving methods for snooping. WPD utilizes the updated rulesets as well as implements useful switches to prevent further background data transfer.

          When I discovered WPD, the plus was for me, being able to revert back to defaults (Important) should something go haywire online, it hasn’t, tested on both W7 and W8.1: WU works as intended and that’s all I need from MS, nothing more and nothing less. (QA Patches might help)

          WPD is portable and satisfies what I wish to achieve. From within the portable app, one can export the blocked IP’s and check the IP addresses online. The internal switches within WPD all retain default values which is hard to find these days as a failsafe.

          It’s not about performance for me, more peace of mind and an OS under my control..YMMV

          Note: I have no association with WPD, Crazyws etc..and like what they are doing and producing to help others from the transparency at MS. 馃檪

          | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
    • #223424 Reply

      anonymous

      Oops. I installed the updates from patch Tuesday today on a 1709 machine. Since then, a worrying text appears in Settings/Windows update. It says that Microsoft started distributing a new version of Windows and that from now on I should regularly check when I can get this wonderful piece of software on my systems. Mind you: I am on Semi Annual, 365 days deferral. Doesn’t sound good at all :-(((

    • #223428 Reply

      anonymous

      Quick question: what does group A/B mean in this context? Googling didn’t help (guess the term is too generic). I don’t know a lot about tech, I’m just here to try and figure out which if any of these updates to install.

    • #223429 Reply

      anonymous

      adobe flash for 8.1 showed up in the optional updates on my PC (along with the .NET cumulative update)

      1 user thanked author for this post.
      • #223450 Reply

        Microfix
        AskWoody MVP

        Yup seen .NET in optional but, Flash is usually in Important for W8.1..will check later thanks.

        | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
        • #223452 Reply

          abbodi86
          AskWoody MVP

          Both are non-security updates this month (regardless the description in .NET rollup)

          1 user thanked author for this post.
    • #223553 Reply

      anonymous

      For group B, when time comes, do I have to install the latest version of KB3177467 although I already have installed the older version before installing the security only update for windows 7, KB4462915? Thanks!

      • #223558 Reply

        PKCano
        AskWoody MVP

        Woody seems to think that having the older version already installed is sufficient.

        • #223568 Reply

          anonymous

          I am the anonymous that replied to @geekdom further up the page yesterday. I happen to be Group A, but not sure that affects this point. This is where I misunderstood geekdom when I read his result. (-v1 installed long ago, -v2 offered after cleared deck following October 2018 install)

          This brought me to the temporary theory that October 2018 update itself causes a change that results in the new offer of -v2. Since geekdom already had -v1 onboard.

          I’m not overly concerned, as one way or another this will resolve itself. I’m just noting what seems inconsistent to me.

    • #223569 Reply

      anonymous

      Thanks PK!

    • #223685 Reply

      dgreen
      AskWoody Lounger

      Just did a windows update check for October updates (I have it do not check)
      FYI
      KB3177467 was installed after new hard drive installed last fall (2017) when I deceided to go to Group A at that time.
      September updates installed 10/2 (defcon 3) with no issues

      Today’s update offerings
      Important:
      Kb4459922 (.net rollup)
      MSRT

      NOTE: Rollup not offered.聽 Has it been pulled?

      Optional:
      Kb4457139 2018-09 preview

      Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
      Windows 7 Home Premium 64 bit SP 1聽 GROUP A
      Processor:聽 Intel i3-3240 (ivy bridge 3rd generation)
      chipset Intel (R) 7 series/C216
      chipset family SATA AHCI Controller -1 E02
      NIC Realtek PCLE GBE Family Controller

      MSE antivirus
      Chrome browser

      Attached Important updates, Optional updates, Hidden updates.

      update-october-2018

      update-october-2018-optional

      update-october-10-2018-hidden-updates

      • This reply was modified 2 months ago by  dgreen.
      • This reply was modified 2 months ago by  dgreen.
      • This reply was modified 2 months ago by  dgreen.
      Attachments:
      You must be logged in to view attached files.
    • #223808 Reply

      bsfinkel
      AskWoody Lounger

      I run Windows 7 Professional 32-bit, and I have not experienced the Windows Update problem.聽 On Tuesday, WU told me that there two updates:

      KB4462923 2018-10 Security Monthly Quality Rollup Win 7
      KB4459922 2018-10 Security and Quality Rollup for .NET

      I usually wait one day, per Woody, before I install them, but I installed both as soon as they were available.聽 No problems and a reboot.聽 Then I did another WU, and

      KB3177467 Upd Win 7 (Servicing stack update)

      appeared.聽 I was curious as to why this did not appear with the first batch (now I know why), so I checked my manual install log.聽 I had installed this previously on 22-Sep-2016.聽 I then installed the new version, and a reboot was not required.聽 I do not like MS’s re-use of patch IDs.

       

       

    • #224750 Reply

      anonymous

      Hi all, I don’t know if you guys/girls have thought about this view, but I think if you must go through one installation of
      windows6.1-kb3177467-v2-x86_abd69a188878d93212486213990c8caab4d6ae57.msu, [one],
      then you will probably, [?], whitout your knowledge install KB 302 03 69.

      Instead of doing it in your mind that you have installed only one file, which have the valid name KB 317 74 67.

      Why I think this is becauce I don’t have this file KB 302 03 69 installed on my system, and I have also compared this file KB 317 74 67
      which I tried to install on the september installation, but I couldn’t do it. Becauce it was already installed on my system.

      Thouse two files are NOT same of the amount in the data.

      [one]
      windows6.1-kb3177467-v2-x86_abd69a188878d93212486213990c8caab4d6ae57.msu
      have 4,214,830 kb.

      [Two]
      Windows6.1-KB3177467-x86.msu
      have 4,212,488 kb.

      Link:
      http://support.microsoft.com/help/3177467

      If you read on the page you will find this text:

      Update replacement information
      This update replaces the previously released update 3020369.

      Best regards
      Christer

      Ds. I’m within the group B and I have installed september without mars, april, may, june, july, augusty.
      And when I check my logs all things are reported as normal within the information of my files. Ps.

    • #225101 Reply

      geekdom
      AskWoody Lounger

      Bleeping Computer reports on October Windows 10 updates:
      https://www.bleepingcomputer.com/news/microsoft/known-problems-and-fixes-for-october-2018-windows-10-updates/

      Group G{ot backup} Win7 路 x64 路 SP1 路 i3-3220 路 TestBeta
      • This reply was modified 1 month, 4 weeks ago by  geekdom.
      2 users thanked author for this post.
    • #227471 Reply

      bsfinkel
      AskWoody Lounger

      Another problem with Windows Update that I currently have on my Windows 7 Professional system – MSE updates.聽 My MS Security Essentials icon is brown, not green.聽聽 It tells me that my definitions are out-of-date.聽 I ran Windows Update, and it told me that I needed to install update 1.279.572.0 .聽 I try to install it, and it did not install.聽 I checked the log (which I process with an awk script), and that 572 update was installed at 11:53 this morning.聽 I did another “check for updates”, and it still told me that I needed to install 572 (along with two preview updates that I will not install).

      And there was a case earlier (Oct 21) when WU told me to install definition update 102, when I had installed 102 on Oct 19, and the last pattern update I had installed was 247.

       

      • #227473 Reply

        anonymous

        @bsfinkel , there were similar posts regarding Defender earlier this month that resolved without corrective action. MSE and Defender update definitions from the same pool so I am jumping to conclude this may be similar. I am curious of three things:

        Do you have KB3177467 installed?

        Is it -v1 from 2016, or -v2 from 2018?

        Does your WU setting ask to recieve updates for Microsoft products along with Windows Updates?

        I’m sure the answer to the last is yes, because of what you have written. But I hope to learn if cutting that tie and updating through the MSE user interface would give a different result. I do not know that the Service Stack Update is responsible for this. I am noticing the coincidence of Microsoft AV’s showing failures during this same timeframe. The KB number is specific to Windows 7.

      • #227487 Reply

        DrBonzo
        AskWoody Lounger

        For what it’s worth:

        Win 7 Pro x64, sp1, running MSE as the only AV program. I have MSE set to automatically update definitions every day at a set time. I usually also update it through the MSE interface once a day, and sometimes it will update itself automatically at some other time. I NEVER update MSE through the Windows Update interface. Occasionally I find that WU and MSE don’t ‘communicate’ correctly regarding the definition update numbers. Sometimes WU will say an update failed and sometimes it will show the latest update as being a slightly earlier version than MSE reports. If there is a discrepancy or a ‘failed’ entry in WU, I can almost always fix it by doing a manual update through MSE. Alternatively, if I just wait for MSE to auto update again, things almost always get back in sync.

        I’ve also found that sometimes the update version reported in MSE doesn’t quite match up with the latest version found at https://www.microsoft.com/en-us/wdsi/definitions (scroll about half way down to see the latest version number)

        I have v1 KB3177467 installed (no v2 yet).

        I consider this to basically be a non-issue; mildly annoying that MS can’t get it right, but then I’m at the point where I’m more surprised when MS DOES get something right than when they don’t.

        • #227497 Reply

          anonymous

          I am the anonymous from #post-227473 above. A non-issue minor annoyance can still be an opportunity to learn rather than ignore. Even issues of unusual size (ht to The Princess Bride) can be discussed without stress.

          My thought was that while we can easily receive definitions with the ‘optional’ SSU, there may be a condition where improving the engine might require the new ‘security’ SSU. If such an event were attempted, that could cause failure. My first questions were to establish which condition was already present.

          I thought the response may be either, “never mind, all better now” or “still failing”; and could learn more from there.

          Honestly, I haven’t even checked Microsoft information yet to see what the current engine version number should be, because it may change again before bsfinkel responds. DrBonzo, is your engine current when compared to documentation?

          I ask because the one system that I look at already has -v2, and so would be expected to be current either way. It shows Engine Version: 1.1.15400.4

          • #227501 Reply

            DrBonzo
            AskWoody Lounger

            Yep, everything is current/up to date on my MSE.

            In regards to your comment “… opportunity to learn rather than ignore.”, I’m running Win 7 now because for a variety of reasons, I must. In 14 months at EOL for Win 7 I will be out the door and using Mac and Linux exclusively. Since on my Win 7 machines the MSE “issue” has always resolved itself after the next one or two definition updates, I have chosen to ignore it. For me, learning more about Windows is a lost cause for my situation. Everyone makes ‘learn or ignore’ decisions every day about a wide variety of things, and in regards to computers I have chosen to learn more about Mac and Linux and less about Windows. 馃檪

            • #227506 Reply

              anonymous

              That would seem to indicate my theory is busted. Thanks for saying -v1 yields same result. I’m near certain @bsfinkel has that already, but has not said. It is also possible the engine has not updated this month anyway. It is not a frequent event. May still be interesting to know if their experience is better updating through MSE directly.

              On your lost cause and better plan for the future, it is a good plan. But it might not be bsfinkel’s plan.

            • #227511 Reply

              DrBonzo
              AskWoody Lounger

              Whatever bsfinkel’s plan is, I hope it works out for the best.

              I understand someone being concerned about whether definition updates are or are not current, but given that the log shows a successful update, I would think the definitions are in fact current.

              I consider Windows Update to be essentially worthless now and would put much more trust in a log file than in WU. And, I would suggest doing definition updates only through the MSE interface. I never do ANY updating through WU; I install ALL updates/patches manually from the MS Catalog.

    • #227672 Reply

      bsfinkel
      AskWoody Lounger

      Here is an update.聽 This morning, after my weekly MSE full scan, the MSE icon in the system tray was brown.聽 So I opened it, and it said that my definitions were out-of-date.聽 So I told MSE to update.聽 It sat for a long time (20-30 minutes) searching for updates.聽 I was watching the network graph in Task Manager, and nothing was being updated.聽 Then I open Windows Update to see what it told me.聽 It said that pattern 691 was available, so I tried the installation from WU.聽 Just before I had WU do the download, I saw that MSE was doing a download.聽 Wu told me that 691 failed with error code 80070714 at 08:42.聽 I wish that Microsoft would give a real error message instead of a hex code that requires an Internet search to investigate.聽 I know from experience that that error code means that the update has already been installed.聽 The log (via my awk script) said that the update had occurred at 08:40 (probably via the MSE window).聽 But when I got the error code, MSE said that the update (number not given) was being installed.聽 Eventually the MSE window told me that the (unknown) update failed at 9:01 due to Internet or network connectivity problem.聽 And MSE tells me that my definitions are at version 140, installed 10/19 at 7:09PM.

      I do not care how the MSE patterns are updated; I usually check via WU a few times each day.聽 When I see a pattern update that I have not installed via WU, I really do not care if it was installed via WU automatically (these pattern updates are the ONLY updates I have WU install automatically) or via MSE.聽 I am assuming that the updates are installed in the same place in the operating system, independent of how they were installed.聽 MSE should not tell me that the update it download was not installed (due to a network problem), when it DID download and install an update.聽 And why does MSE sit and think for 30 minutes, when WU thinks and downloads within a few minutes?

      To answer previous questions:

      > Do you have KB3177467 installed?
      > Is it -v1 from 2016, or -v2 from 2018?

      Yes. #1 on 09/22/2016 and #2 on 10/09/2018.

      > Does your WU setting ask to recieve updates for Microsoft products along with Windows Updates?

      I think so.聽 I am not sure what is meant by “Microsoft products”.聽 I am not sure what WU setting I can check.

      • #227675 Reply

        PKCano
        AskWoody MVP

        In Windows Update, on the left click on change settings. In that window there is a checkbox for “give me updates for other MS products” – is it checked or not.

        MSE is an MS product. It is not Windows.

        • #227677 Reply

          bsfinkel
          AskWoody Lounger

          My settings:

          Important updates: download but let me choose when to install
          Recommended updates: checked
          Who can install: Any user (I am the only user on this computer.)
          Microsoft Update: checked (Give me updates for MS products.)
          Software Notifications: checked (Show me about updates MS software.)

      • #227707 Reply

        anonymous

        bsfinkel, I am the anonymous #post-227497 from above. I see this continues for you. There are sources for better information available to you, but the reading is quite dry and tedious. Some may suggest third party solutions, or a clean uninstall and reinstall of MSE direct from Microsoft sources only.

        I want to suggest consulting two .log files that are created and appended by MSE during activity. They can be found through Windows Explorer, as it is still called in my Windows 7, by following these branches: C:\Windows\Temp\MpCmdRun.log, and C:\Windows\Temp\MpSigStub.log

        These are text files that will open in Notepad for review, and may be quite lengthy. Consult datestamps on entries separated by hyphen lines to get your bearings. New entries are appended at the bottom of the document. There is no need to edit changes. When you exit the document later, do not save any changes that may have occurred from an errant keystroke.

        The CmdRun log tracks each instance the MsMpEng.exe filename is run as a command, either by you manually or automatically by a scheduled task. The SigStub log tracks specific details exchanged during those executiona. These may give you more questions than answers, but you will have a more reliable source behind your discussion.

        For instance I myself found that the engine 1.1.15400.4 mentioned before was in fact updated on the 18th of October. It has been reported that -v1 of the SSU is sufficient to install that upgrade. That date is different than your reported hiccough, so may still be unrelated. But may be worth verifying for yourself using these sources.

        It is a deeper dive than most users wish to endure. Certainly too tedious to waste time on daily. But if you want to look into repair rather than starting over with a new install, I hope this guidance helps you along the way.

        Should you need to post more on this troubleshoot, may I further suggest starting a question topic separate from this long Patch Tuesday topic. May all your computing be fruitful.

    • #227778 Reply

      OscarCP
      AskWoody Lounger

      To whom it might concern:

      After waiting for nearly three weeks after Patch Tuesday and not seeing any signs of serious problems experienced by those already doing so, as is my invariable practice, I have installed today all the October patches for my OS: those offered through Windows Update, as well as KB3177467, that appeared afterwards, plus the Security Only and the one for IE11, both from the Catalogue, for Windows 7, SP1, x64 on my Win 7 Pro PC. And, again as usual, installing all patches as Group B. Restore points were created before the Windows-Update offered patches (by WU itself) and by myself before installing the rest of them.

      As in most other months this year (and many previous ones over the years), no issues after doing that, so far. If anything bad happens later, I’ll be sure to let you know.

      Group B, Windows 7 Pro, SP1 x64, CPU I-7 Sandy Bridge.

      (Seriously less painful than updating as Group A; immensely less hurtful than Windows 10, any group, at least in my own experience.)

      1 user thanked author for this post.
      • #227786 Reply

        DrBonzo
        AskWoody Lounger

        Thanks for the update OscarCP.

        I’m assuming that when you say you first installed the updates offered by Windows Update you mean you installed everything you wanted but hid the October Rollup (KB4462923) and any others you didn’t want. After doing that was when the SSU (KB3177467 version 2 from 2018) showed up in Windows Update. You then installed the SSU and then the IE 11 and Security only patches from the MS Catalog.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Tuesday: The good, the bad, the ugly and the hopeless

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.