Standalone installer script for Windows 7 ESU, regardless the license

[abbodi86]

# W7ESUI #

Automated batch script to install Windows 7 Extended Security Updates, regardless the ESU license and without requiring any eligibility check bypass.

* Pros:

– Process the updates from one same location

– Detect and install servicing stack update first

– Check required stack installer version for each update

– Include the Telemetry neutralize tweaks

– Works with Group A: Monthly Quality Rollup, or Group B: Security Only update / IE11 cumulative update

* Limitations:

– SHA2 support updates KB4490628 and KB4474419 are prerequisites for ESU updates.
Either install them yourself first, or put their msu files with ESU updates files together and the script will install them

– The script is specifically designed to process ESU updates only.

while it still can install regular updates, but it has no specific checks or conditions for their prerequisites
regular updates should be installed normally, manually, using Windows Update, or other tools

– You must always use the script for any future ESU updates, you cannot install them manually afterwards

* Download:

Includes corrections for those downloading using IE11:
https://github.com/abbodi1406/WHD/raw/master/scripts/W7ESUI_0.3.zip

* How to use on live OS:

– Download the ESU updates msu files from Microsoft Update Catalog, following history page or AskWoody Knowledge Base

a) if you are Group A user, you need:
latest Servicing Stack Update
latest Security Monthly Rollup
latest .NET rollup

b) if you are Group B user, you need:
latest Servicing Stack Update
latest IE11 Cumulative Update
Security Only Update for each month (e.g. February and March together)
every .NET Security Only Update (if any)

– Extract W7ESUI.cmd from the zip file, or extract the whole zip file

– Copy or move W7ESUI.cmd and place it next to (in the same folder as) the downloaded msu files
ini file W7ESUI.ini is not really necessary in this case

– Right-click on W7ESUI.cmd and “Run as administrator”

– If all goes well, you should get cmd window similar to this:

– Now press the zero 0 number on keyboard to start the process

– At the end, restart the system if prompted

See ReadMe.txt for more details, and how to use the script for offline integration.

******************************
******************************

The bypass is mainly meant for installing .NET 4 updates through WU, manual installation works too
but it has compatibility issue and cause other MSI programs to fail (including KIS 2020 or Office C2R)

the first installer was merely a simple script for installing .NET 4 updates manually using the ESU_LOCK workaround
the revived version include temporary self-bypass to work with July updates

dotNetFx4_ESU_Installer_r.zip is the safest approach so far

https://host-a.net/f/252903-dotnetfx4esuinstallerrzip

******************************
******************************

REVISED January 2021:
Comments from 2020 have been archived here – continue posting on this page.

• This topic was modified 1 year ago by abbodi86.
• This topic was modified 12 months ago by PKCano.
• This topic was modified 12 months ago by PKCano.
• This topic was modified 11 months, 2 weeks ago by PKCano.
• This topic was modified 3 months ago by PKCano.

Attachments:

You must be logged in to access attached files.

Total of 38 users thanked author for this post. Here are last 20 listed.

glnz, Stephen Henry, Metanis, MrChaz, Microfix, JimBean, Silenus, Charles Pugh, ioneye, Steve, thompsgd, NetDef, paintgregg, maisy2, byteme, JCCWsusser, AusJohn, deuce120, davinci953, pandarunnerpt

Reply | Quote

[italiangm]

Did you mean W7ESUI_0.2?  W7ESUI_0.2 is the current release.

Reply | Quote

[abbodi86]

Both work 🙂
v2 additionaly support installing SHA2 updates (KB4490628/KB4474419) if not already installed

1 user thanked author for this post.

italiangm

Reply | Quote

[abbodi86]

W7ESUI v3

– Enhanced detection for updates files and KB number (to void issue with files downloaded from MU catalog via IE11)

10 users thanked author for this post.

byteme, TaskForce141, T, Cyrus Khambatta, AusJohn, SueW, Moonbear, RDRguy, zat_so, Microfix

Reply | Quote

[PKCano]

Here’s your .NET for January, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4-7-2 and 4.8 (non-Secruity only)
The other updates in the Rollup are older and should already be installed.

.NET Quality Rollup KB4598500
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB4597239
.NET 4.8 KB4597254

5 users thanked author for this post.

byteme, jburk07, abbodi86, zat_so, SueW

Reply | Quote

[Moonbear]

When was the 3.5.1 patch in this rollup originally released?

Reply | Quote

[PKCano]

October 2020.

1 user thanked author for this post.

Moonbear

Reply | Quote

[Microfix]

Installed SMQR kb4598279 using W7ESUIv3 (it’s a double restart) and dotNET kb4598500 using dotnetfx4 on x86 Win7 Pro. No problems reported here in event viewer.
Another clean run, so far, so good 🙂
Peripherals still to check over..to be updated

Update: No issues with local Pixma Printer or scanner, SFC – no integrity violations.

W10, the itch you simply cannot scratch!

• This reply was modified 2 months, 4 weeks ago by Microfix.

3 users thanked author for this post.

TaskForce141, jburk07, abbodi86

Reply | Quote

[Susan Bradley]

KB4598500 is an optional .net – meaning that there is no new security fixes in it.  If you have your system set to not offer up optional updates in the same manner as important updates it’s not shown to you in Important, but rather the Optional section.

Susan Bradley Patch Lady

2 users thanked author for this post.

jburk07, abbodi86

Reply | Quote

[TaskForce141]

Jan. 2021 rollup (KB4598279) and .Net 4.8 update (KB4597254) installed without problems, using version 0.2 script, on both 32-bit desktop and 64-bit laptop.  I define “no problems” as Win loading normally or with a slightly longer 1st restart, and Firefox loading as usual and streaming youtube and basketball games.

One oddity: all of the entries for previous security monthly quality rollups are missing from the list of installed updates (Control Panel > Programs and Features > view installed updates).  Even the ones prior to Win 7 EOL Jan. 2020.   The servicing stack updates and .Net updates are still listed.   I just noticed this; perhaps this was always true, i.e. a by-product of the rollups or the installer script.

Reply | Quote

[abbodi86]

Monthly Rollups are chained together, only the latest one show up in the list

similar to KB2952664 multi versions

Reply | Quote

[glnz]

My wife’s Win 7 Pro 64-bit SoHo production machine wants to install Malicious Software Removal Tool KB890830 version 5.85 dated Jan 12, 2021.

Anyone have any problems with it?

Thanks.

 

Reply | Quote

[Pierre77]

KB890830 No problem with that update. It is only released on a 3 monthly basis.

Reply | Quote

[Paul T]

MSR is an additional protection mechanism provided by MS. There is no downside to running it.

cheers, Paul

Reply | Quote

[anonymous]

I have been running MSRT for a long time.  Never any problems with it.  Ran version 5.85 dated Jan 12, 2021 on Jan 15.

Reply | Quote

[anonymous]

On the morning of Jan. 31 I installed these two updates to two Windows 7 Home Premium,  Service Pack 1,  x64 machines using W7ESUI.

Latest .NET for 4.8 KB4597254

Jan. Rollup KB4598279

I have been using the machines and have not encountered any problems.

Reply | Quote

[anonymous]

Correction:

Jan. Rollup was installed using W7ESUI ,  but .NET was installed using dotNetFx4_ESU_Installer.cmd.

Sorry for the error in the original post.

Reply | Quote

[PKCano]

I will continue to post this information in this thread as of 2/9/2021.

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on February 9, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no February IE11 CU for Win7.

February Rollup KB4601347 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August Servicing Stack KB4570673 previously installed to receive these updates).
The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2342225.

5 users thanked author for this post.

byteme, Cyrus Khambatta, jburk07, SueW, abbodi86

Reply | Quote

[PKCano]

Here’s your .NET for February, 2021. There were Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4-7-2 and 4.8
The other updates in the Rollups are older and should already be installed.

.NET Quality Rollup KB4603002
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB4600945
.NET 4.8 KB4600944

.NET Security-only Quality Rollup KB4602958
.NET 4.6 – 4.7.2 KB4601090
.NET 4.8 KB4601089

7 users thanked author for this post.

Steve, Microfix, Cyrus Khambatta, zat_so, jburk07, SueW, abbodi86

Reply | Quote

[Moonbear]

@PKCano

I’ve been installing the .NET 3.5.1 & 4.7 updates from the .NET Quality Rollup. Can I switch to installing the .NET 3.5.1 & 4.7 updates from the Security-only Quality Rollup without breaking anything?

• This reply was modified 2 months ago by Moonbear.

Reply | Quote

[PKCano]

The SOs are a part of the Rollups. But SOs by themselves are NOT cumulative.
You can install the SOs whenever you want, but if you have installed the Rollup of the same date, you already have that SO and any SO that came before b/c the Rollups are cumulative.

1 user thanked author for this post.

Moonbear

Reply | Quote

[Moonbear]

Okay, I didn’t think about the SOs not being cumulative updates.

• This reply was modified 2 months ago by Moonbear.

Reply | Quote

[anonymous]

The first time I used the W7ESUI script it ran the anti-telemetry file but it hasn’t any time since.  Is that by design or should that file exist each time the script is run?

Thank you.

Reply | Quote

[abbodi86]

It’s created with each new installed Monthly Rollup

1 user thanked author for this post.

Microfix

Reply | Quote

[anonymous]

Where did everything go?

Reply | Quote

[Susan Bradley]

https://www.askwoody.com/2021/try-to-fix-one-thing-break-another/

Slight temporary bug.  Don’t panic.

Susan Bradley Patch Lady

Reply | Quote

[glnz]

Reminds me of Star Trek Next Generation episode in which Dr. Crusher notices that crew starts disappearing and the Enterprise gets smaller and smaller.

Am I the only one left?

Ready to use abbodi86’s lifesavers here (again) to install the following on my Win 7 Pro 64-bit:

In the W7ESUI:
KB4601347
KB4578952

In the dotNetFx4_ESU:
KB4600944

These are “permitted” in Susan’s latest list.  Do you agree these are OK?

And please say SOMETHING so I know someone in the whole wide universe is seeing this.  (Hello?)

Thanks!

Reply | Quote

[PKCano]

The SSU KB4578952 is from Oct 2020. You probably already have it installed. There wasn’t a Feb SSU.

KB4600944 is for .NET 4.8, KB4600945 is for .NET 4.6-4.7.2 depending on which version you have installed.

Reminder: We’re still on DEFCON-2 until maybe Sunday.

Reply | Quote

[Susan Bradley]

Officially I’m waiting until the newsletter goes out to make the change.  But I always look at the weekend as a good time to install updates.

Susan Bradley Patch Lady

Reply | Quote

[glnz]

Susan B – Thanks.  But I got your “Install” from your current Patch List.  Still wait for a few days?

Reply | Quote

[glnz]

PKCano – What would be the February update for .NET 3.5 for Win 7 Pro 64-bit? Looks like I got it wrong.

Reply | Quote

[abbodi86]

Latest update for .NET 3.5 is 2020-10 KB4578952

Reply | Quote

[PKCano]

There is information on this above, but you won’t be able to see it until the site is fixed Sun. morning (28th) server time. Wait a few.

Can you see #2342227 and #2342225?

Reply | Quote

[glnz]

PKCano – No, cannot see those two.

This is like getting on a NYC bus and seeing only the driver and me. (Drivers today, as we have abbodi86, Susan and yourself.) So, let’s go to Miami!

Reply | Quote

[glnz]

Just to let everyone know that on two Win 7 Pro 64-bit machines I successfully installed

in the W7ESUI:
KB4601347

in the dotNetFx4_ESU:
KB4600944

As PKCano pointed out, although I also put the KB4578952 installation file in the W7ESUI, it was ignored because it is just a regurgitation of the same file from before.

(Doing these updates is important for the production machine in my wife’s SoHo, a Dell Optiplex 780 I bought used on eBay seven years ago. But although she acknowledges my taste for keeping junky old computers running, she plans to throw it out and get an iMac. Oh well …)

Thanks again, and cheers!

• This reply was modified 1 month, 1 week ago by glnz.
• This reply was modified 1 month, 1 week ago by glnz.

1 user thanked author for this post.

jburk07

Reply | Quote

[anonymous]

See #2346543 above.  The latest  is SSU KB4578952 from Oct 2020.  There is no update for .NET 3.5 for Feb.

1 user thanked author for this post.

jburk07

Reply | Quote

[anonymous]

I wait until DEFCON says it is time to install.  (Hello back at ya!)

Reply | Quote

[anonymous]

With the advent of DEFCON-4 on Feb. 28 I installed the following on two Win 7,  SP 1,  x64 machines.

Using W7ESUI:

Feb Rollup KB4601347

Using dotNetFx4_ESU_Installer

Feb .NET 4.8 KB4600944

1 user thanked author for this post.

jburk07

Reply | Quote

[anonymous]

I tried to install ndp48-kb4600944-x64_20a6a012e02c9d905f6f3a24850f1218bc849a26.exe using  dotNetFx4_ESU_Installer, but it responded with the message “NDP45 exe update files are not detected.” The two files are in the same folder.

Please help. Thanks.

Reply | Quote

[Bob99]

I tried to install ndp48-kb4600944-x64_20a6a012e02c9d905f6f3a24850f1218bc849a26.exe…

Per the message you’re getting from the script, it’s looking for a file that starts “ndp45…” and per your statement above, you’re putting a file that starts with “ndp48…” in the folder.

Also, the update you’re trying to install is only for .NET version 4.8 and not for any other versions.

From the sounds of the installer script’s error message, you might have .NET version 4.5 on your system instead of 4.8. If that is indeed the version you have, then the last update released for it was back in October of last year, KB4578955, so you don’t need to worry about an update for .NET this month.  🙂

1 user thanked author for this post.

abbodi86

Reply | Quote

[anonymous]

Could anyone please tell me how I can install .NET 4.5.2 update (KB4578955) via administrative installation if I don’t have .NET and I would like to install it from scratch along with the latest update? I would like to avoid replacing system DLLs like dotNetFx4_ESU_Installer_r.zip does.

Reply | Quote

[PKCano]

Before you can install an update, you have to have .NET 4.5.2 installed on your PC.

If you do not know if .NET 4.5.2 is installed on your computer, download the .NET version checker mentioned here to find the version of .NET installed on your computer.
If you do not have v4.5.2 already installed, download the .NET 4.5.2 installer from Microsoft and install it. It will not be up to date.
If you have the ESU subscription, you should receive the update through Windows Update.

If you do not have the ESU subscription, to install the update, create a folder on your C: drive and unzip dotNetFx4_ESU_Installer_r.zip into the folder.
Download KB4578955 from the MS Catalog (link in #2342225 above) and place it in the same folder.
In an elevated command prompt (right click on cmd.exe and “Run as Administrator) right click on the .cmd file in the folder and “Run as Administrator. Follow the instructions.

1 user thanked author for this post.

abbodi86

Reply | Quote

[anonymous]

Thank you for your reply, but you haven’t got what I mean. Here abbodi86 wrote that it’s possible to install .NET updates in a way which I’ve described. dotNetFx4_ESU_Installer_r.zip replaces system DLL, I would like to avoid that. I don’t have ESU subscription. I’ve already downloaded .NET 4.5.2 installer as well as KB4578955. Now how can I install .NET along with the KB4578955 without bin folder which is stored in dotNetFx4_ESU_Installer_r.zip?

Reply | Quote

[PKCano]

You can probably install the .NET 4.5.2, and any updates for it up to and including Jan. 2020 using Windows Update.

But after Jan 2020, WIn7 is EOL and you cannot install any of the later updates without either the ESU or circumventing the EOL with abbodi86 ‘s script. They will not install in Win7 EOL.

1 user thanked author for this post.

SueW

Reply | Quote

[Pexiler]

Hello everyone
i tried to install .NET Framework 4.8 but it gives me this error

 

Attachments:

You must be logged in to access attached files.

Reply | Quote

[PKCano]

Pexiler wrote:

i tried to install .NET Framework 4.8 but it gives me this error

KB4600944 is an update, not the installer for .NET 4.8. Is .NET4.8 already installed on your computer?

Reply | Quote

[Pexiler]

PKCano wrote:

Pexiler wrote:

i tried to install .NET Framework 4.8 but it gives me this error

KB4600944 is an update, not the installer for .NET 4.8. Is .NET4.8 already installed on your computer?

i don’t have framework installed.

how do I solve?

Reply | Quote

[PKCano]

The .NET 4.8 installer can be downloaded from Microsoft.
Win7 is EOL. The same restrictions will apply as for .NET 4.5.2 in #2347965 above. It will not be up to date.

You will be able to install updates up to , and including, Jan 2020 using Windows Update. For updates after Jan 2020, including KB4600944, you will need to have the ESU subscription or you will need to use @abbodi86 ‘s bypass mentioned at the top of this thread.

A word of caution.
Although you can install .NET 4.8 on Win7, it is better to use one of the earlier versions of .NET. (4.5.2, 4.6-4.7.2 Unless you have software that specifically needs .NET 4.8, I wouldn’t worry about installing it.

1 user thanked author for this post.

abbodi86

Reply | Quote

[anonymous]

Why do you think “,,,it is better to use one of the earlier versions of .NET. (4.5.2, 4.6-4.7.2,,,” rather than .NET 4.8?

Should I remove .NET 4.8 and install .NET 4.7.2?

PS. I have both .NET 3.5 and .NET 4.8 installed on my machine.

Reply | Quote

[PKCano]

If you already have .NET 4.8 installed, and you have no problems with it, then keep it as is.
Information about the updates still goes.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

[GoneToPlaid]

I agree. I held off on installing .NET 4.8 since it was initially buggy. Eventually I installed it on my Win7 computers. I haven’t encountered any obvious issues when running programs which require .NET 4.8 or earlier versions.

Reply | Quote

[GBWalk]

I could use a little help, I am not that tech savvy.

I use windows 7, with an ESU.

Worked fine last year.

When I installed the year 2 ESU and attempt to update, it gives me error Code 800B0101

That error message says the time on my PC is incorrect.

I 2x checked and the time and date are fine.

Any ideas on how I can fix this?

Thanks for your input.

Reply | Quote

[PKCano]

We haven’t seen problems with the Feb patches so far.
Since Feb is the first of the year-2 subscription, I would suggest you go back over the ESU setup and be sure it is correct.

For Feb, there was a Rollup (or SO if you are using Group B) and .NET 4.6-4.7.2 or 4.8 depending on what .NET you have installed. There was no new Servicing Stack or update for .NET 3.5 – the latest of these was Oct 2020.

Reply | Quote

[anonymous]

I had that 800B0101 with net framework recently and set date to febuary helped install without any problem,weird thing

2 users thanked author for this post.

kipock, T

Reply | Quote

[T]

Thanks for suggesting this, i was at my wit’s end wondering why it wouldn’t install (failed with error code – 2146762495) until i saw your comment, changed my system date to a month ago and it worked. I also noticed that it’s a known issue on the .Net 4x pages but i’m pretty sure i’ve installed .Net 4x updates outside of their release month previously so presumably the required certificate in the .Net package would not have matched the system time then either.

https://support.microsoft.com/en-us/topic/security-only-update-for-net-framework-4-6-4-6-1-4-6-2-4-7-4-7-1-4-7-2-for-windows-7-sp1-and-windows-server-2008-r2-sp1-and-windows-server-2008-sp2-kb4601090-582f84bd-c341-83c9-e428-eac9b50f021e

Reply | Quote

[anonymous]

Much appreciation for the comments regarding this little issue.
Thank you T, for your post and thank you very much anonymous. It worked like a charm.
The new month brought this on? Never realized.

I also had [Failed. Error code: -2146762495] today
for both of these (ndp47 downloads)
2021-02 Security and Quality Rollup for .NET Framework (KB4603002)
2021-02 Security Only Update for .NET Framework (KB4602958)

Thank for helping out!

Reply | Quote

[anonymous]

It worked, thanks for your help!!

Reply | Quote

[anonymous]

Wow thank you so much that worked like a charm I have been trying to install this update for a few days and this finally worked.

Reply | Quote

[PKCano]

I will continue to post this monthly information in this thread as of 2/9/2021.

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on March 9, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There is a March IE11 CU  KB5000800 for Win7. Download 32-bit or 64-bit.

March Rollup KB5000841 Download 32-bit or 64-bit. for those with Win7 ESU subscriptions.

You must have at least the August Servicing Stack KB4570673 previously installed to receive these updates).
The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2349123.

****UPDATE: On 3/22/2021, Microsoft released a fix for printer issues caused by the March Patch Tuesday updates.
Out-of-Band update KB5001639 – Download 32-bit or 64-bit

4 users thanked author for this post.

jburk07, SueW, Microfix, abbodi86

Reply | Quote

[PKCano]

Here’s your .NET for March, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
NOTE: Updates for v3.5.1 are older (Oct 2020) and should already be installed.
Updates for v5.2,  v4.6 – 4.7.2 and v4.8 have been re-signed as version 2 and should be installed.

.NET Quality Rollup KB4579977 (2020-10)
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 v2
.NET 4.6 – 4.7.2 KB4578963 v2
.NET 4.8 KB4578977 v2

.Net Quality Rollup KB4603002 (2021-02)
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 v2
.NET 4.6 = 4.7.2 KB4600945 v2
.NET 4.8 KB4600944 v2

6 users thanked author for this post.

abbodi86, Pim, jburk07, Moonbear, SueW, Microfix

Reply | Quote

[abbodi86]

2021-03 Security and Quality Rollup for .NET Framework for Windows 7 (KB4579977)
2021-03 Security and Quality Rollup for .NET Framework for Windows 7 (KB4603002)

all .NET 4.x updates (including 4.5.2) were re-signed and bumped version, for both Rollups

4 users thanked author for this post.

Pim, jburk07, Microfix, PKCano

Reply | Quote

[Microfix]

indeed they were, well spotted 😉

no initial problems here SFC in tact /event viewer-no errors/no additional telemetry

W10, the itch you simply cannot scratch!

Attachments:

You must be logged in to access attached files.

1 user thanked author for this post.

jburk07

Reply | Quote

[Microfix]

NONE exhibit ANY local (USB) printer printing/comms/crash issues and print queues as expected with no violations via SFC integrity check, all good here this month.

W10, the itch you simply cannot scratch!

Attachments:

You must be logged in to access attached files.

2 users thanked author for this post.

jburk07, abbodi86

Reply | Quote

[abbodi86]

Both refreshed rollups pulled

however, the updated files were added to the old rollups: 2021-02 (KB4603002), 2020-10 (KB4579977)

3 users thanked author for this post.

jburk07, Pim, Microfix

Reply | Quote

[anonymous]

PKCano,

Microsoft Update Catalog cannot find any results for KB4578952 (for .NET 3.5.1).

Message returned from search: We did not find any results for “KB4578952”

Reply | Quote

[PKCano]

Because KB4578952 is not listed as an individual patch. It is included in the .NET Rollup. If you click the “Download” button for the Rollup (linked) in the Catalog, you will find all the .NET updates for a given Rollup KB. That is the usual listing.
The reason the others are listed separately is because they were re-released.

Reply | Quote

[Moonbear]

@PKCano

Do both kb4578963 v2 and kb84600945 v2 need to be installed to be up to date?

 

• This reply was modified 2 weeks, 4 days ago by Moonbear.

Reply | Quote

[abbodi86]

No need if v1 of both are already installed

otherwise, just install kb4600945 v2

1 user thanked author for this post.

Moonbear

Reply | Quote

[Moonbear]

Will doing that also bring the October upadate to v2 as well?

Reply | Quote

[abbodi86]

You don’t need that
kb4578963 v2 is ment for Windows 7 Embedded family

1 user thanked author for this post.

Moonbear

Reply | Quote

[Moonbear]

Should the MSRT (KB890830) be considered as under the Def-Con umbrella or can it be installed at any time?

Reply | Quote

[Susan Bradley]

Installed at any time or skipped.

Susan Bradley Patch Lady

1 user thanked author for this post.

Moonbear

Reply | Quote

[JimBean]

Win7 HP x64, W7ESUI_0.2

Installed;

• Jan – March 2021 SO updates (KB 4598289, KB 4601363, KB 5000851)
• Mar 2021 (IE11) – KB 5000800

No problems to report.

Thanks,all.

1 user thanked author for this post.

SueW

Reply | Quote

[Microfix]

Heads Up!
For those who are having issues with printers post March SO/CU updates for Win7/ Windows Server 2008 R2 SP1
MSFT have released OoB updates kb5001639 for x86 and x64 versions

available from the catalog:
https://www.catalog.update.microsoft.com/Search.aspx?q=kb5001639

MSFT documentation: kb5001639

W10, the itch you simply cannot scratch!

4 users thanked author for this post.

jburk07, SueW, PKCano, abbodi86

Reply | Quote

[PKCano]

AKB2000003 has been updated for both Win7 and Win8.1.

5 users thanked author for this post.

Susan Bradley, jburk07, Kirsty, SueW, Microfix

Reply | Quote

[unleashed]

Need to re-install windows.

I assume I don’t need to re-install all prior ESU updates, just the latest one.

Is that the correct path?

Let MS Windows Update install the regular updates.

Then by using W7ESUI …

Latest Servicing Stack Update
Latest Security Monthly Rollup
Latest .NET Rollup

Thanks

Reply | Quote

[PKCano]

I have helped several with a new Win7 install. This information may be of some help to you.

Because there are several prerequisites along the install route, and because the updates associated with Meltdown/Spectre caused so much trouble, the installation was done in segments.
You can get Win7 up to date as of Jan 2020 EOL using Windows Update, but it is wise to to it in steps as described in Any advice on how to safely update a new Win7 installation. The outlined steps begin at #1982141, but it would probably be a good idea to read through the whole thing to understand the method used.
After your reach Jan 2020 updates, see the instructions at the top of this thread and #2349121 above to use the installer scripts for ESU updates. If you use the Rollups, they are cumulative, Security-only patches are not. The Rollups contain the IE11 CUs, so you do not need to install them separately, but be aware of the prereq’s (read “before installing this update” here).

Another similar thread for navigating a clean install is #1907521.

2 users thanked author for this post.

unleashed, abbodi86

Reply | Quote

[anonymous]

I assume DEFCON-3 applies to these Win7 updates.  Therefore I have a question.

Do both kb5000841 and kb5001639 go into the folder with W7ESUI.cmd at the same time, or does each need to be run separately (in sequence), or is only the later update, KB5001639, needed?

 

1 user thanked author for this post.

jburk07

Reply | Quote

[PKCano]

I did it that way, both at the same time. The script processed both and both show installed.

If you are installing the Rollup (KB5000841), I believe you need both. KB5001639 is not a cumulative update and doesn’t contain the IE11 CU.

2 users thanked author for this post.

jburk07, glnz

Reply | Quote

[anonymous]

Am I correct in the following?

1.) Both .NET 4.8 4578977 and .NET 4.8 4600944 need to be installed again and can be put            into the folder with dotNetFx4_ESU_Installer together.

2.) Again,  there is no SSU for March.  The last SSU was KB4592510 released in December 2020.

Reply | Quote

[PKCano]

anonymous wrote:

1.) Both .NET 4.8 4578977 and .NET 4.8 4600944 need to be installed again and can be put into the folder with dotNetFx4_ESU_Installer together.

See #2349123 above. Yes both in the same place together.

anonymous wrote:

2.) Again, there is no SSU for March. The last SSU was KB4592510 released in December 2020.

See #2349121 above.

Reply | Quote

[anonymous]

With the DEFCON System moving to  DEFCON-4 I installed the following on two Win 7,  SP 1,  x64 machines yesterday (Mar. 27).

Using W7ESUI:

Mar. Rollup KB5000841

Mar. Rollup fix  KB5001639

Using dotNetFx4_ESU

Mar. .NET 4.8 KB4578977

Mar. .NET 4.8 KB4600944

No problems to report as of late today (Mar. 28).

 

2 users thanked author for this post.

glnz, jburk07

Reply | Quote

[anonymous]

Sorry, that should be DEFCON-3 not DEFCON-4.

Reply | Quote

[Moonbear]

Is anyone else not able to download the patches from the update catalog?

When I tried to to begin downloading the update this morning, all 3 patches had the same strange behavior. Clicking the download button would bring up the window with the patch as normal, but clicking the patch did not trigger the download as it should.

Clicking the patch a second time triggered the blocked download warning as if clicking the first time had actually triggered the download.

Right-clicking and selecting open link in new tab acts as if your using a popup blocker to keep new tabs from opening.

If you right click and select open in a new window, all you get is a black window with untitled in the tab.

I’m posting this here in case the direct download links in the posts by @PKCano are misbehaving as well.

Reply | Quote

[PKCano]

All worked for me – see screenshots.
The SO, OOB< and IE11 CU download links are available from AKB2000003.

Attachments:

You must be logged in to access attached files.

1 user thanked author for this post.

Moonbear

Reply | Quote

[Moonbear]

I actually figured out what was happening.

Google Chrome in tightening the settings for insecure content on a secure site.

I had to add the update catalog to the allow list.

Reply | Quote

[anonymous]

Yes,  I had the problem and could not figure out what was happening so I went to Firefox and did the downloads there.

Thank you for solving the problem for me,  and for sharing the solution with all of us.

 

Reply | Quote

[anonymous]

Where did you find the allow list in  Chrome?

Reply | Quote

[anonymous]

While on the Microsoft Update Catalog website,
tap on the lockpad icon on the top left of Chrome.
Choosing, Site settings, toggled down to ‘Insecure content’
and changed ->Block (default) to Allow

That worked for me 🙂
My thanks too, to Moonbear for solving this, much appreciated.

Reply | Quote

[Moonbear]

This is how I made the catalog downloads work.

Open the Chrome settings, scroll down to and click Site settings.

In Site settings, Scroll down to where it says Content and click on Additional content settings.

After that, scroll down to Insecure content and click.

You’ll then see 2 buttons: Add & Block

Click the Add button and type this:

https://[*.]www.catalog.update.microsoft.com

(Be sure to type this as copy/paste acts weird in the settings menus and can sometimes add random characters to what your pasting.)

Now the patch downloads should start as normal.

Reply | Quote

[anonymous]

I spent hours in Chrome help as well as on the internet trying to find out where the “allow list” is in Chrome.  The trouble is that there is nothing called “allow list” in Chrome.

Reply | Quote

[anonymous]

It looks like this is the “correct” way to do it,  with Chrome doing it.  Very easy to do when you know how.  Thank you for posting this.

Reply | Quote

[anonymous]

Of course #2354415 must refer to #2354237 as the “correct” way to do it. Many thanks to anonymous for that bit of Chrome education.

Reply | Quote

[Microfix]

Observation:
Older dotNET won’t update with a newer SSU using slc redirect method here!
Nand and Nor gates at work with 2021 SSU’s and 2020 dotNET’s (SMQR)
Abbodi86 can you confirm this? Is this date/year affected by SSU?
Thanks in advance

W10, the itch you simply cannot scratch!

Reply | Quote

[abbodi86]

SSU and .NET 4.x updates are totally separated
which updates failed?

dotNetFx4_ESU_Installer is manual installer, not via WU

Reply | Quote

[Microfix]

kb4592510 SSU Dec 2020 and attempted to install dotNET 4.5.2 kb4578955, failed
Although I just installed March 2021 kb4578955 v2 without issue. Yeah I know it’s not a NET security update but has the security within AFAIK (Originally from an image at EOL Feb 2020)
this is what I done from EOL image resurrection:

SSU Jul 2020 ( manual restart)
ESU LLP Jul 2020 (manual restart)
SSU Dec 2020 (manual restart)
SMQR CU Feb 2021 (double restart)
.NET Oct 2020 kb4578955 Failed
.NET Mar 2021 kb4578955 v2 (manual restart)
All ok with no violations

Edit: All .NET 3.5.1 patches installed also.

W10, the itch you simply cannot scratch!

• This reply was modified 1 day, 15 hours ago by Microfix.

Reply | Quote

[abbodi86]

Like i said, SSUs has no affect on .NET 4.x updates at all 🙂

regarding the failed installation, it’s digital signature issue, thus they created v2

see the “Known issues”
http://support.microsoft.com/kb/4578955

2 users thanked author for this post.

Microfix, PKCano

Reply | Quote

[Microfix]

Yeah, no SSU or dotNET updates this month 🙂
Although kb4601275 (?) is there..no documentation yet

W10, the itch you simply cannot scratch!

Reply | Quote

[EP]

KB4601275 appears to be a standalone timezone patch of some sort (I checked the contents of a KB4601275 cab file and has a bunch of timezones.resources manifest files)

no need to install KB4601275

• This reply was modified 14 hours, 31 minutes ago by EP.

2 users thanked author for this post.

Microfix, abbodi86

Reply | Quote

[PKCano]

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on April 13, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no April IE11 CU for Win7.

April Rollup KB5001335 Download 32-bit or 64-bit. for those with Win7 ESU subscriptions.

You must have at least the August Servicing Stack KB4570673 previously installed to receive these updates).
The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There were no new .NET updates listed for Win7. See #2357362.

There is a Time Zone Change update for The Republic of South Africa and Sudan KB4601275 for Win7 and Win8.1 if you want to install it.

3 users thanked author for this post.

Microfix, SueW, abbodi86

Reply | Quote

[PKCano]

Here’s your .NET for April, 2021. There were no new .NET updates for April, 2021.

There were metadata (only) changes to the following  Security-only .NET updates. You do not have to reinstall the updates.

+ 2020-05 Security Only Rollup KB4556403 (.NET 4.5.2-4.8)
KB4552952 (.NET 4.5.2), KB4552951 (.NET 4.6-4.7.2), and KB4552953 (.NET 4.8)
+ 2020-07 Security Only Rollup KB4566466 (.NET 4.5.2-4.8)
KB4565583 (.NET 4.5.2), KB4565586 (.NET 4.6-4.7.2), and KB4565589 (.NET 4.8)
+ 2020-08 Security Only Rollup KB4570500 (.NET 4.5.2-4.8)
KB4569743 (.NET 4.5.2), KB4569740(.NET 4.6), and KB4569733 (.NET 4.8)
+ 2020-09 Security Only Update  KB4576490 (.NET 4.8)
+ 2020-10 Security Only Rollup KB4580467 (.NET 4.5.2-4.8)
KB4578983 (.NET 4.5.2), KB4578987 (.NET 4.6), and KB4578990 (.NET 4.8)
+ 2021-02 Security Only Rollup KB4602958 (.NET 4.5.2-4.8)
KB4601090 (.NET 4.6-4.7.2), and KB4601089 (.NET 4.8)

1 user thanked author for this post.

abbodi86

Reply | Quote

[Microfix]

Noticed both aitstatic (Application Impact Telemetry Static Analyzer) and CompatTelRunner were updated with kb5001335 SMQR. Due to the nature of the bypass script, it may be something to monitor/ check for those who do not use it.
Otherwise, seems like a a clockwork update so far.
No errors in event viewer and SFC post patch output below:

Will update should anything go south, west ot otherwise, generally too early to commit..

aitAgent, aitstatic and CompatTelRunner are already on the firewall outgoing blocklist here, as a secondary precaution.

W10, the itch you simply cannot scratch!

Attachments:

You must be logged in to access attached files.

Reply | Quote

[Author]

Posts