Report: October Monthly rollup patch KB 3185330 causing lockups

Topic

New Reply

This from Joe Dawson: I work in IT and have had my system set to do all security updates and it is a fully patched Windows 7 64 bit system. When patch
[See the full post at: Report: October Monthly rollup patch KB 3185330 causing lockups]

Reply | Quote

Replies

‘Curious if it was rev1 or rev2?? See:

Oct 2016 security monthly quality rollup for Win7 SP1 and Windows Server 2008 R2 SP1
– https://support.microsoft.com/en-us/kb/3185330
Last Review: 10/21/2016 15:17:00 – Rev 2.0 <<

//

Reply | Quote

Looking at MS Update Service History, I think KB3185330 was initially issued on 10/11 (patch Tues), then reissued on 10/17. Wonder which version is involved and if the second corrected something in the first, OR introduced a problem the first on didn’t have??

Reply | Quote

I assume you meant KB3185330? I have it installed on 48 Windows 7 32-bit systems and no reports of problems over the past few business days. Also, no problems as far as I know for the comparable KB3185331 on Windows 8.1 64-bit, on around 375 stations. I’ll definitely be on the lookout for reports of odd issues now though.

Reply | Quote

I guess the KB number in the title should be 3185330 and not 3185530.

Reply | Quote

@Woody
Check KB # in title of thread. Should be 3185330

Reply | Quote

Got it. Thanks.

Reply | Quote

I installed the rollup. And the preview rollup. I’ve had 0 problems. Although the preview rollup supersedes the October rollup. So maybe they fixed the problem in the preview rollup?

Reply | Quote

Possible – but that’s not something I would recommend for most users. The Preview Monthly Rollups are marked “Preview” – and listed as unchecked and optional – for a reason. They really are for people who want to test the next patch rollup.

http://www.infoworld.com/article/3132377/microsoft-windows/microsoft-previews-telemetry-push-with-new-win781-patches-kb-3192403-3192404.html

Reply | Quote

I am experiencing this problem ever since I installed this machine in August (Win 7 Pro x64) but it happens after much longer time of usage – like 1 week or something (i hibernate system and don’t have KB3185330 installed yet) but the time is fairly random. No new windows appear and system shell hangs usually very soon after I start to suspect this problem because I usually click on network or sound icon in systray. I suspect dwm and graphics subsystem (I run on intel 530 graphics).

Reply | Quote

What does it mean to uninstall a cumulative monthly rollup? The monthly rollup for October will include all updates for October. The monthly rollup for November will include all updates for October and November.

As an example, let’s say there are two brothers.

Wilbur installs the monthly rollup for October and the monthly rollup for November, then Wilbur uninstalls the monthly rollup for November. Is Wilbur still protected with the fixes released in October?

Orville installs the monthly rollup for November, but not for October, then Orville uninstalls the monthly rollup for November. Is Orville still protected with the fixes released in October?

Reply | Quote

Short answer, if you’re talking about the Monthly Rollup:

Yes, Wilbur is protected with the fixes for October.

Not known at this point if uninstalling the November Monthly Rollup changes the October Monthly Rollup. Helluva good question, and I haven’t heard anything official about it.

Reply | Quote

Try this solution. I had this problem awhile back and discovered it was caused by power saving settings. Once I turned them off or disabled them, my problem went away.

Change the settings under the ‘change power settings’ to ‘never’ for both battery and plugged in for:

— Dim the Display
— Turn off the Display
— Put the computer to sleep

Also change the ‘Sleep’ settings under the ‘change advanced power settings’ for both battery and plugged in:

— Sleep After — Never
— Allow Hybrid Sleep — Off
— Hibernate after — Never
— Allow wake timers — Disable

Reply | Quote

Just wondering for Joe: does the same “lockup” problem happen when installing the KB3192391 “security only” update instead of installing the KB3185330 update? Try uninstalling KB3185330, reboot and then manually installing the KB3192391 update from here:

http://www.catalog.update.microsoft.com/Search.aspx?q=3192391

experiment with KB3192391 first and see if the problem exists with that update or not.

Reply | Quote

Yes, that would be an interesting test in order to get closer to isolate the problem.

Reply | Quote

Checking Event Viewer might gives a hint about what’s crashing or wrong

Reply | Quote

Hey woody, https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/ and https://blogs.technet.microsoft.com/windowsitpro/2016/10/07/more-on-windows-7-and-windows-8-1-servicing-changes/. Think this pretty much answers most questions and what happens if there is an issue with current monthly/security updates. It’s more or less a you don’t have to apply it if you don’t want to but MS recommends you do. Since it supersedes you would pretty much have to reinstall from the beginning unless it shows you all the monthly updates (without needing to install one before the other shows up on WU) and you would only need to select the previous month to include all the other previous month updates (download catalog only has latest it seems). Still, that would require more d/l but at least it simplifies the whole patch process I guess.

Reply | Quote

Those Technet posts are useful, but they doesn’t cover the more complex questions. See my original patchocalypse article:

http://www.infoworld.com/article/3128983/microsoft-windows/how-to-prepare-for-the-windows-781-patchocalypse.html

Here’s a sample question. You install the October Monthly rollup. You install the November Monthly rollup. You find a bad bug in the November Monthly rollup, and uninstall it. Where does that leave you?

With the Security-only updates it’s relatively straightforward – they aren’t cumulative, so uninstalling November’s patches turns you back to October’s. I think.

Reply | Quote

You know I feel what they could do? If a rollup is bad they could release a temporary single patch for to fix the problem until the next rollup. That’s what I would do but I’m not sure they’d go through with that.

Reply | Quote

Also OEM Windows 7 and 8 sales end next week. Out of curiosity are you going to write an article discussing that?

Reply | Quote

I’m not planning on it. The deadline is more a line in the sand than anything else – big OEMs will continue to sell Win7 and 8.1 machines, smaller system builders will have Win7 and 8.1 machines for a long time.

Reply | Quote

Yep, that’s what I call a “Silver Bullet” patch, and it would appear to be the best solution in many cases – if Microsoft can get one out quickly.

Reply | Quote

We’ll soon knows who’s wrong or Wright.:-)

Reply | Quote

Preview is like a non-guaranteed beta and can cause issues later down the track, even if not immediately visible. Should not be installed on anything else other than test environments as this is its declared purpose. It is not even guaranteed to be updated gracefully by future patches, although chances are that things are not so bad and the Preview patches are still reasonable quality.

Reply | Quote

@morat
“The monthly rollup for November will include all updates for October and November.”

This is not certain yet, as the full CU implementation is scheduled to happen in February/March 2017. Until then, the patches are “filling the gaps” left from about 18 months of relative neglect, while the focus was entirely on developing and releasing Windows 10.

Reply | Quote

CBS doesn’t work in that way.
If you have previous patches installed, they are in a sort of “standby” and when you uninstall a later patch, the old one will come back to life.
There are few instances when the old one does not replace the newer one being uninstalled.
– If it is manually uninstalled from Control Panel at any time after installing the later one
– If Disk Cleanup is run and the old patch is uninstalled by the cleanup process as being superseded
– Starting with Windows 8/Server 2012 there is a scheduled maintenance task run every 30 days which has the same effect with running Disk Cleanup and which may uninstall certain older superseded patches. This does not apply to Windows 7/Windows 2008 R2 or earlier.

Reply | Quote

I think the Security Only is cumulative too, but only for previous Security patches. Very much like the current and previous “speed-up” patches which were superseding a lot of older patches, without being declared roll-ups as such. It may be that they were not declared rollups because they did not completely include older patches, but rather superseding parts of older patches which by combination with other patches replacing other patches would superesede older ones. It is all complicated and not easily to understand, this is why I think it is much safer for most regular end-users to move to Group A when they will become more comfortable with this idea.
The fact is that there is no strict delimitation between Security and other patches, all being part of the same system.
The only patches which should not be touched unless strictly for testing are those named “Preview”. Any older Optional patches, not named Preview should be installed as well.

Reply | Quote

They actually do (all released in October 2016, see the deployment method, they are only stop-gap hotfixes until they are included in a public release in the future):

Update for Internet Explorer (KB3199375)
Deployment: Catalog

Update for Internet Explorer (KB3200006)
Deployment: Catalog

Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3192321)
Deployment: WSUS and Catalog

Update for Windows 7 and Windows Server 2008 R2 (KB3198591)
Deployment: Catalog

https://support.microsoft.com/en-au/kb/894199

Reply | Quote

After the release of Windows Server 2016, I think Windows 10 1607 (Pro minimum and probably the only good choice for most end-users, avoid Home at any price) is finally ready for use, as much as the current quality standards allow unfortunately.
I don’t see much reason for most end-users to install Windows 7 and even less Windows 8.1 on NEW computers.
This does not mean that there should be a rush to upgrade, quite the opposite. Reinstalling on older hardware which came initially with Windows 7 or 8 is normal and probably recommended.
There would be businesses which have specific software running on older platforms which should continue using that software, but they have the old hardware or Virtual Machines for this purpose.

Reply | Quote

That’s the conclusion I’ve come to, although I want to wait and see if the currently-circulating cumulative update for 1607 solves most of the outstanding problems. I think it will. No idea when that’ll ship, but it should be any day now.

Reply | Quote

Not sure. MS has made it sound like the Security-only Updates (to use the original terminology) are discrete: They don’t overlap each other, and are not cumulative. But we don’t have enough experience to know for sure.

Completely agreed on the Preview patches. I’m surprised they’re released through Windows Update.

Reply | Quote

On the contrary, starting September 2016 rollup, all fixes are carried to the next rollup (security or preview)
the full CU implementation is ment for old fixes

Reply | Quote

September rollup KB3185278 (first preview rollup) got implemented preserving its exactly same state in KB3185330 (first security rollup)

so no, i don’t consider those optional preview rollups as non-guaranteed beta, they are final code that is released for early optional access

Reply | Quote

My understanding is that the Monthly Rollups are cumulative, starting in September, and going on forever. They will gradually be augmented with older patches and, by early 2017, there should be just one Monthly Rollup that’ll install all previous patches, both security and non-security.

The Security-only Updates, on the other hand, are in monthly chunks.

Which poses another interesting question: If I’ve installed the October Security-only Update, but decide to pass on the November Security-only Update, will I be able to install the December Security-only Update?

And after I’ve installed the December Security-only Update, will I be able to uninstall the November Security-Only update?

Reply | Quote

I have also seen reports that KB3192392 causes SCOM to crash on Server 2012 and W8.1. This is the October security only rollup. Similar reports are circulating that KB3185331 has caused the same issue but the thinking seems to be it is a security patch that is the issue, although things seem a bit murky at this time. As most folks do not use SCOM, this may not be a concern for most home users, but MS is still having quality assurance problems and cumulative rollups are an unwelcome approach.

Reply | Quote

After Microsoft sometime next year gets all the historical patches into the Monthly Rollup could Windows 7 be reinstalled and fully patched just by installing SP1 (after whatever updates are required before installing SP1) and then installing the latest Monthly Rollup?

Reply | Quote

That’s the goal. I think they’ll make it, although I wouldn’t want to be one of the first.

Reply | Quote

I think this will be the case. The full patch will likely be around 3 GB though.

Reply | Quote

I am running 1607 and except for the glitch in installing updates immediately after the installation, I didn’t notice any other problems. To get over the updating issue, I manually installed the 2 patches required, the CU and the servicing stack update, one at a time.

Reply | Quote

There is a hotfix for the SCOM problem, available only in the Catalog.

https://support.microsoft.com/en-us/kb/3200006

System Center Operations Manager Management Console crashes after you install MS16-118 and MS16-126

There are reports on the internet that it resolves the issue.
I am expecting this hotfix to be integrated in one of the future “quality” rollups.
“Quality” seems to be the new name for what is currently known as simply “update”, i.e. anything non-security.

Reply | Quote

The Security Only KB3192391 seems to supersede 14 older updates. I don’t know if they are “included” or rather the new components override the old components in the superseded updates, which is more likely.
2 of those 14 are not security:
Update for Windows 7 for x64-based Systems (KB3156417)
Update for Windows 7 for x64-based Systems (KB2846960)

Reply | Quote

Security-Only updates are just merely individual security updates, but one each month instead several each month
you can install, skip, uninstall as you like

Reply | Quote

It will never ever reach that size 😀
it won’t even exceed 1 GB, based on Convenience Rollup KB3125574 size which already include almost all updates, except IE and few hotfixes

Reply | Quote

Not sure yet but from what I interpret from contributor Rawr ( https://www.askwoody.com/2016/confusion-abound-in-the-new-windowsoffice-patch-rollup-only-world/#comments )below, it sounds like once you install the October monthly quality update which includes September, that the October deletes the September one. So my guess is that if you uninstall the October one you are left without the September one either. If you are in Group A this could leave you without all the past security patches (especially as they get more cumulative to the dawn of Windows 7) So your choices could be deal with a buggy patch, uninstall the patch removing all previous security patches or go to Group B:

Rawr says:
October 21, 2016 at 11:23 am

Hey Woody, this may be a bit off topic but, KB3185278 Sept. rollup update disappears from ‘Installed Updates’ on Win 7 x64. … Could it have been superseded by the Oct. rollup (monthly not security only)? I tried scanning for new updates and checked my hidden updates but I never found the Sept. rollup update (but have Oct. rollup monthly installed…

Reply | Quote

With all of the many comments about the “possibilities” related to these rollups, etc., when will we ever know how to proceed?

The average Joe/Jane, knows literally “nothing” about changing anything in the registry, etc., however apparently some users are installing updates, etc. irrespective of the MS DEFCON rating. (I’m not referring to to the IT “computer experts, only those of us who do not possess the ability to help ourselves).

Are we looking at some kind of directions to get this process “moving”? Presently we are just “lost”. Any ideas on when we will know “what to do” since we are almost at the end of the month?

Reply | Quote

Maybe I should clarify as otherwise our readers would believe that is all resolved with Windows 10 and it is just a matter of installing it and living happy with it ever after.
I have been using Windows 10 since about 7 months before the official release 10240. Except for a break for the last few months when I still had a test system but didn’t pay much attention, I have almost 2 years of experience with Windows 10 and at the same time the server equivalent since the Server Technical Preview 3 onwards.
I know how to control Windows Update via various methods and this is a non-issue for me, but may prove a huge problem for other users.
I have never used a Home Edition and I will never use as it is too restricted and it is meant for non-technical users who would be much better off by allowing Microsoft to manage their system than trying to tweak it themselves.
Pro is what everyone with some technical inclination and interest should use or if you can find a legit copy of LTSB, use that one. Until then, there is a trial version and you could try what is suggested here http://www.howtogeek.com/273824/windows-10-without-the-cruft-windows-10-ltsb-explained/
I know how to control the telemetry by using the officially released documentation and not trying to use procedures which are likely to cause more problems than resolve.
The Store applications may still be a problem and try to forget about Edge. If you need to use one of Microsoft browsers or don’t want to install an additional one, use the old trusted IE11. Edge has failed, at least this is how it looks to me after 2 years of being released.
If any of those above are non issues, just go ahead and use Windows 10 Pro or above, it is OK.

Reply | Quote

We’re fine. Patience. A couple of shoes have yet to drop.

There are no pending security patches that you need immediately, if you avoid Internet Explorer and Edge, and refrain from opening dubious RTF files with Word.

Well, OK, if you have sensitive information for a presidential campaign or carry nuclear launch codes, the situation’s a bit more intense.

Reply | Quote

It’s going to take some experimenting and experience before we know exactly what’s happening.

Reply | Quote

Good to know, I didn’t realise that they have already started rolling up the current updates. 🙂

Reply | Quote

KB3125574 does not include any security updates, only what is named now “quality” updates, i.e, Critical, Recommended & Optional.
The Security updates are not large, but there are a lot of them, so I don’t know if the size of KB3125574 is a good indication.
I know there is valuable work done at MDL in this area so I trust you about the final size 🙂

Reply | Quote

I actually read abbodi86’s post about the Security updates which means you are probably right. But this defeats the purpose stated originally, which means reducing or removing fragmentation in the CBS stack. By using the classical method, they would not reduce fragmentation even in the Security updates area.

Reply | Quote

It remains a mystery to me.

Reply | Quote

No, the September one won’t be “deleted”
it get superseded, and thus hidden, but still in the system
when you run Disk Cleanup will remove it if you check Windows Update Cleanup option

even if that happened, Group A uses Windows Update, and once you hide November one, October one will be shown, and so on

Reply | Quote

I’m telling you, KB3125574 include them all 😀
https://blogs.technet.microsoft.com/yongrhee/2016/05/20/enterprise-convenience-rollup-update-ii-2-for-windows-7-sp1-and-windows-server-2008-r2-sp1/

and yes, we done our analysis and verifed that 🙂
the updates left out are (completely or partially):
– IE
– Updates listed in KB3125574 article
– Driver Framework updates KB2685811/KB2685813
– CPU updates KB2818604/KB3064209

Reply | Quote

woody and ch100 –

The prospect of being able to reinstall Windows 7 a bit more easily than currently is at least one small advantage of the new updating scheme for those in Group A.

Reply | Quote

FYI…

Oct 2016 security monthly quality rollup for Win7SP1 and Windows Server 2008 R2 SP1
– https://support.microsoft.com/en-us/kb/3185330
Last Review: 10/26/2016 20:28:00 – Rev: 3.0 <<<
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1

//

Reply | Quote

Too much attention 🙂
KB article revisions are not that important
they may just fixed a typo 😀

Reply | Quote

A good question indeed Woody. My advice is if you want all your answers answered, you’d only have to post a comment on the TechNet blog I have mentioned (on more recent articles) so that Nathan Mercer MS employee can answer your questions directly. He seems to answer a lot of the comments on the articles he writes out if you scroll down to some of them.

‘If any issues are encountered, we recommend stopping or pausing deployment of the update and contacting Microsoft Support as soon as possible. Based on our analysis of the issue, we may recommend different courses of action, such as:
•Rolling back the update on affected machines while the issue is being investigated.
•Installation of other updates known to resolve the issue observed.
•Working with the publisher (ISV) for an affected application.

The specific action is determined on a case-by-case basis, and could be different for each customer based on the specific impact to the organization. Regardless of the action, be assured that any issues with an update are considered top priority and that we will work hard to resolve these as quickly as possible.’

So yes, I would assume, this is an assumption, you can rollback on the update like you mentioned. I guess one needs to try it to see if it works (I would if I had an issue but I haven’t as of yet).

Reply | Quote

Microsoft has some real stars out and tackling user questions. Nathan’s certainly in the upper echelon, as are John Wink and jenmsft. The MVPs on the MS Answers site do a lot of good work, but they’re a level (or two) away from the people making the decisions and writing the code.

Reply | Quote

Similar problem as Joe Dawson.

IE en office applications would hang on 100% cpu in taskmanager and would never start.

In my case it started earlier. Before the patch bundels saw the light, a month or 2 ago? I narrowed it down to 2 patches (I dont remember which they were). Uninstalled them and all was fine. now the KB3185330 patch returns the issue.

One more thing is that the WU fix patch KB3172605 also causes the issue.

Win7 ent 32 bits.

I am an IT-engeneer from the Netherlands. This “toppic” is the first I find with someone having an similar issue. Have not heard other people with the same problem. Strange…

Maybe important?: Running EMET 5.51, Nod32 AV 4.2.35.0, good old zonealarm 11.0.768.000.

Reply | Quote

Found the 2 patches (noted them in a notepad when doing the trouble shooting).
It were:

KB3175024
Kb3185278

Reply | Quote

Think I found it. EMET is in the way….

https://support.microsoft.com/en-us/kb/3175024

pffff… all fine now.

(I’ve checked askwoody.com for a long long time. Always helps me to decite.. so this is one of my returns.. :).

Good night.. (in Hollend now…)

Carlo.

Reply | Quote

Thanks!

Reply | Quote

IT ATE MY WIN 7 SP1 64 BIT OS ALSO I WOUND UP HAVING TO BOOT MINIMALY IN SAFE MODE AND THE UPDATE WOULDN’T UNINSTALL, SO I BEGAN RESTORE ATTEMPTS AND FINALLY GOT A RESTORE TO SUCCEED FROM JULY 2016, BUT THAT UPDATE AND GETTING IT GONE AND THE UPDATES I HAD TO REPLACE AFTER SUCKED AND ATE 2 & 3/4 DAYS OF MY TIME WHICH I HAD MANY BETTER USES FOR

Reply | Quote

I run a fairly old Win7 on a laptop. KB3185330 raped my IE browser. Dropdown on Google toolbar didn’t work and IE froze if I tried to close one of the open tabs. Furious with MS.
After research here and other places, I risked uninstalling the blasted update. System works fine again. Guess I don’t have the security protection offered but would rather have a functioning system than up-to-date garbage.
This site and others are pure gold as to what to install in the future!!!

Reply | Quote