Standalone installer script for Windows 7 ESU, regardless the license

Topic

New Reply

[abbodi86]

# W7ESUI #

Automated batch script to install Windows 7 Extended Security Updates, regardless the ESU license and without requiring any eligibility check bypass.

* Pros:

– Process the updates from one same location

– Detect and install servicing stack update first

– Check required stack installer version for each update

– Include the Telemetry neutralize tweaks

– Works with Group A: Monthly Quality Rollup, or Group B: Security Only update / IE11 cumulative update

* Limitations:

– SHA2 support updates KB4490628 and KB4474419 are prerequisites for ESU updates.
Either install them yourself first, or put their msu files with ESU updates files together and the script will install them

– The script is specifically designed to process ESU updates only.

while it still can install regular updates, but it has no specific checks or conditions for their prerequisites
regular updates should be installed normally, manually, using Windows Update, or other tools

– You must always use the script for any future ESU updates, you cannot install them manually afterwards

* Download:

Includes corrections for those downloading using IE11:
https://github.com/abbodi1406/WHD/raw/master/scripts/W7ESUI_0.3.zip

* How to use on live OS:

– Download the ESU updates msu files from Microsoft Update Catalog, following history page or AskWoody Knowledge Base

a) if you are Group A user, you need:
latest Servicing Stack Update
latest Security Monthly Rollup
latest .NET rollup

b) if you are Group B user, you need:
latest Servicing Stack Update
latest IE11 Cumulative Update
Security Only Update for each month (e.g. February and March together)
every .NET Security Only Update (if any)

– Extract W7ESUI.cmd from the zip file, or extract the whole zip file

– Copy or move W7ESUI.cmd and place it next to (in the same folder as) the downloaded msu files
ini file W7ESUI.ini is not really necessary in this case

– Right-click on W7ESUI.cmd and “Run as administrator”

– If all goes well, you should get cmd window similar to this:

– Now press the zero 0 number on keyboard to start the process

– At the end, restart the system if prompted

See ReadMe.txt for more details, and how to use the script for offline integration.

******************************
******************************

The bypass is mainly meant for installing .NET 4 updates through WU, manual installation works too
but it has compatibility issue and cause other MSI programs to fail (including KIS 2020 or Office C2R)

the first installer was merely a simple script for installing .NET 4 updates manually using the ESU_LOCK workaround
the revived version include temporary self-bypass to work with July updates

dotNetFx4_ESU_Installer_r.zip is the safest approach so far

https://github.com/abbodi1406/WHD/raw/master/scripts/dotNetFx4_ESU_Installer_r.zip

******************************
******************************

REVISED January 2021:
Comments from 2020 have been archived here – continue posting on this page.

• This topic was modified 2 years, 10 months ago by abbodi86.
• This topic was modified 2 years, 9 months ago by PKCano.
• This topic was modified 2 years, 9 months ago by PKCano.
• This topic was modified 2 years, 9 months ago by PKCano.
• This topic was modified 2 years, 1 month ago by PKCano.
• This topic was modified 1 year, 5 months ago by Susan Bradley.

Total of 43 users thanked author for this post. Here are last 20 listed.

Pexiler, rick41, Kinjiru, Kranium, MikeL, glnz, Stephen Henry, Metanis, MrChaz, Microfix, JimBean, Silenus, Charles Pugh, ioneye, Steve, thompsgd, NetDef, paintgregg, maisy2, byteme

Reply | Quote

Replies

Did you mean W7ESUI_0.2?  W7ESUI_0.2 is the current release.

Reply | Quote

Both work 🙂
v2 additionaly support installing SHA2 updates (KB4490628/KB4474419) if not already installed

1 user thanked author for this post.

italiangm

Reply | Quote

W7ESUI v3

– Enhanced detection for updates files and KB number (to void issue with files downloaded from MU catalog via IE11)

11 users thanked author for this post.

Steve, byteme, TaskForce141, T, Cyrus Khambatta, AusJohn, SueW, Moonbear, RDRguy, zat_so, Microfix

Reply | Quote

Here’s your .NET for January, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4-7-2 and 4.8 (non-Secruity only)
The other updates in the Rollup are older and should already be installed.

.NET Quality Rollup KB4598500
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB4597239
.NET 4.8 KB4597254

5 users thanked author for this post.

byteme, jburk07, abbodi86, zat_so, SueW

Reply | Quote

When was the 3.5.1 patch in this rollup originally released?

Reply | Quote

October 2020.

1 user thanked author for this post.

Moonbear

Reply | Quote

[Microfix]

Installed SMQR kb4598279 using W7ESUIv3 (it’s a double restart) and dotNET kb4598500 using dotnetfx4 on x86 Win7 Pro. No problems reported here in event viewer.
Another clean run, so far, so good 🙂
Peripherals still to check over..to be updated

Update: No issues with local Pixma Printer or scanner, SFC – no integrity violations.

WaaS = Windows as a Syphon...suckers!

• This reply was modified 2 years ago by Microfix.

3 users thanked author for this post.

TaskForce141, jburk07, abbodi86

Reply | Quote

KB4598500 is an optional .net – meaning that there is no new security fixes in it.  If you have your system set to not offer up optional updates in the same manner as important updates it’s not shown to you in Important, but rather the Optional section.

Susan Bradley Patch Lady

2 users thanked author for this post.

jburk07, abbodi86

Reply | Quote

Jan. 2021 rollup (KB4598279) and .Net 4.8 update (KB4597254) installed without problems, using version 0.2 script, on both 32-bit desktop and 64-bit laptop.  I define “no problems” as Win loading normally or with a slightly longer 1st restart, and Firefox loading as usual and streaming youtube and basketball games.

One oddity: all of the entries for previous security monthly quality rollups are missing from the list of installed updates (Control Panel > Programs and Features > view installed updates).  Even the ones prior to Win 7 EOL Jan. 2020.   The servicing stack updates and .Net updates are still listed.   I just noticed this; perhaps this was always true, i.e. a by-product of the rollups or the installer script.

Reply | Quote

Monthly Rollups are chained together, only the latest one show up in the list

similar to KB2952664 multi versions

Reply | Quote

My wife’s Win 7 Pro 64-bit SoHo production machine wants to install Malicious Software Removal Tool KB890830 version 5.85 dated Jan 12, 2021.

Anyone have any problems with it?

Thanks.

 

Reply | Quote

KB890830 No problem with that update. It is only released on a 3 monthly basis.

Reply | Quote

MSR is an additional protection mechanism provided by MS. There is no downside to running it.

cheers, Paul

Reply | Quote

I have been running MSRT for a long time.  Never any problems with it.  Ran version 5.85 dated Jan 12, 2021 on Jan 15.

Reply | Quote

On the morning of Jan. 31 I installed these two updates to two Windows 7 Home Premium,  Service Pack 1,  x64 machines using W7ESUI.

Latest .NET for 4.8 KB4597254

Jan. Rollup KB4598279

I have been using the machines and have not encountered any problems.

Reply | Quote

Correction:

Jan. Rollup was installed using W7ESUI ,  but .NET was installed using dotNetFx4_ESU_Installer.cmd.

Sorry for the error in the original post.

Reply | Quote

I will continue to post this information in this thread as of 2/9/2021.

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on February 9, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no February IE11 CU for Win7.

February Rollup KB4601347 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August Servicing Stack KB4570673 previously installed to receive these updates).
The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2342225.

5 users thanked author for this post.

byteme, Cyrus Khambatta, jburk07, SueW, abbodi86

Reply | Quote

Here’s your .NET for February, 2021. There were Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4-7-2 and 4.8
The other updates in the Rollups are older and should already be installed.

.NET Quality Rollup KB4603002
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB4600945
.NET 4.8 KB4600944

.NET Security-only Quality Rollup KB4602958
.NET 4.6 – 4.7.2 KB4601090
.NET 4.8 KB4601089

7 users thanked author for this post.

Steve, Microfix, Cyrus Khambatta, zat_so, jburk07, SueW, abbodi86

Reply | Quote

[Moonbear]

@PKCano

I’ve been installing the .NET 3.5.1 & 4.7 updates from the .NET Quality Rollup. Can I switch to installing the .NET 3.5.1 & 4.7 updates from the Security-only Quality Rollup without breaking anything?

• This reply was modified 1 year, 12 months ago by Moonbear.

Reply | Quote

The SOs are a part of the Rollups. But SOs by themselves are NOT cumulative.
You can install the SOs whenever you want, but if you have installed the Rollup of the same date, you already have that SO and any SO that came before b/c the Rollups are cumulative.

1 user thanked author for this post.

Moonbear

Reply | Quote

[Moonbear]

Okay, I didn’t think about the SOs not being cumulative updates.

• This reply was modified 1 year, 12 months ago by Moonbear.

Reply | Quote

The first time I used the W7ESUI script it ran the anti-telemetry file but it hasn’t any time since.  Is that by design or should that file exist each time the script is run?

Thank you.

Reply | Quote

It’s created with each new installed Monthly Rollup

1 user thanked author for this post.

Microfix

Reply | Quote

Where did everything go?

Reply | Quote

https://www.askwoody.com/2021/try-to-fix-one-thing-break-another/

Slight temporary bug.  Don’t panic.

Susan Bradley Patch Lady

Reply | Quote

Reminds me of Star Trek Next Generation episode in which Dr. Crusher notices that crew starts disappearing and the Enterprise gets smaller and smaller.

Am I the only one left?

Ready to use abbodi86’s lifesavers here (again) to install the following on my Win 7 Pro 64-bit:

In the W7ESUI:
KB4601347
KB4578952

In the dotNetFx4_ESU:
KB4600944

These are “permitted” in Susan’s latest list.  Do you agree these are OK?

And please say SOMETHING so I know someone in the whole wide universe is seeing this.  (Hello?)

Thanks!

Reply | Quote

The SSU KB4578952 is from Oct 2020. You probably already have it installed. There wasn’t a Feb SSU.

KB4600944 is for .NET 4.8, KB4600945 is for .NET 4.6-4.7.2 depending on which version you have installed.

Reminder: We’re still on DEFCON-2 until maybe Sunday.

Reply | Quote

Officially I’m waiting until the newsletter goes out to make the change.  But I always look at the weekend as a good time to install updates.

Susan Bradley Patch Lady

Reply | Quote

Susan B – Thanks.  But I got your “Install” from your current Patch List.  Still wait for a few days?

Reply | Quote

PKCano – What would be the February update for .NET 3.5 for Win 7 Pro 64-bit? Looks like I got it wrong.

Reply | Quote

Latest update for .NET 3.5 is 2020-10 KB4578952

Reply | Quote

There is information on this above, but you won’t be able to see it until the site is fixed Sun. morning (28th) server time. Wait a few.

Can you see #2342227 and #2342225?

Reply | Quote

PKCano – No, cannot see those two.

This is like getting on a NYC bus and seeing only the driver and me. (Drivers today, as we have abbodi86, Susan and yourself.) So, let’s go to Miami!

Reply | Quote

[glnz]

Just to let everyone know that on two Win 7 Pro 64-bit machines I successfully installed

in the W7ESUI:
KB4601347

in the dotNetFx4_ESU:
KB4600944

As PKCano pointed out, although I also put the KB4578952 installation file in the W7ESUI, it was ignored because it is just a regurgitation of the same file from before.

(Doing these updates is important for the production machine in my wife’s SoHo, a Dell Optiplex 780 I bought used on eBay seven years ago. But although she acknowledges my taste for keeping junky old computers running, she plans to throw it out and get an iMac. Oh well …)

Thanks again, and cheers!

• This reply was modified 1 year, 11 months ago by glnz.
• This reply was modified 1 year, 11 months ago by glnz.

1 user thanked author for this post.

jburk07

Reply | Quote

See #2346543 above.  The latest  is SSU KB4578952 from Oct 2020.  There is no update for .NET 3.5 for Feb.

1 user thanked author for this post.

jburk07

Reply | Quote

I wait until DEFCON says it is time to install.  (Hello back at ya!)

Reply | Quote

With the advent of DEFCON-4 on Feb. 28 I installed the following on two Win 7,  SP 1,  x64 machines.

Using W7ESUI:

Feb Rollup KB4601347

Using dotNetFx4_ESU_Installer

Feb .NET 4.8 KB4600944

1 user thanked author for this post.

jburk07

Reply | Quote

I tried to install ndp48-kb4600944-x64_20a6a012e02c9d905f6f3a24850f1218bc849a26.exe using  dotNetFx4_ESU_Installer, but it responded with the message “NDP45 exe update files are not detected.” The two files are in the same folder.

Please help. Thanks.

Reply | Quote

I tried to install ndp48-kb4600944-x64_20a6a012e02c9d905f6f3a24850f1218bc849a26.exe…

Per the message you’re getting from the script, it’s looking for a file that starts “ndp45…” and per your statement above, you’re putting a file that starts with “ndp48…” in the folder.

Also, the update you’re trying to install is only for .NET version 4.8 and not for any other versions.

From the sounds of the installer script’s error message, you might have .NET version 4.5 on your system instead of 4.8. If that is indeed the version you have, then the last update released for it was back in October of last year, KB4578955, so you don’t need to worry about an update for .NET this month.  🙂

1 user thanked author for this post.

abbodi86

Reply | Quote

Could anyone please tell me how I can install .NET 4.5.2 update (KB4578955) via administrative installation if I don’t have .NET and I would like to install it from scratch along with the latest update? I would like to avoid replacing system DLLs like dotNetFx4_ESU_Installer_r.zip does.

Reply | Quote

Before you can install an update, you have to have .NET 4.5.2 installed on your PC.

If you do not know if .NET 4.5.2 is installed on your computer, download the .NET version checker mentioned here to find the version of .NET installed on your computer.
If you do not have v4.5.2 already installed, download the .NET 4.5.2 installer from Microsoft and install it. It will not be up to date.
If you have the ESU subscription, you should receive the update through Windows Update.

If you do not have the ESU subscription, to install the update, create a folder on your C: drive and unzip dotNetFx4_ESU_Installer_r.zip into the folder.
Download KB4578955 from the MS Catalog (link in #2342225 above) and place it in the same folder.
In an elevated command prompt (right click on cmd.exe and “Run as Administrator) right click on the .cmd file in the folder and “Run as Administrator. Follow the instructions.

1 user thanked author for this post.

abbodi86

Reply | Quote

Thank you for your reply, but you haven’t got what I mean. Here abbodi86 wrote that it’s possible to install .NET updates in a way which I’ve described. dotNetFx4_ESU_Installer_r.zip replaces system DLL, I would like to avoid that. I don’t have ESU subscription. I’ve already downloaded .NET 4.5.2 installer as well as KB4578955. Now how can I install .NET along with the KB4578955 without bin folder which is stored in dotNetFx4_ESU_Installer_r.zip?

Reply | Quote

You can probably install the .NET 4.5.2, and any updates for it up to and including Jan. 2020 using Windows Update.

But after Jan 2020, WIn7 is EOL and you cannot install any of the later updates without either the ESU or circumventing the EOL with abbodi86 ‘s script. They will not install in Win7 EOL.

1 user thanked author for this post.

SueW

Reply | Quote

Hello everyone
i tried to install .NET Framework 4.8 but it gives me this error

 

Reply | Quote

Pexiler wrote:

i tried to install .NET Framework 4.8 but it gives me this error

KB4600944 is an update, not the installer for .NET 4.8. Is .NET4.8 already installed on your computer?

Reply | Quote

PKCano wrote:

Pexiler wrote:

i tried to install .NET Framework 4.8 but it gives me this error

KB4600944 is an update, not the installer for .NET 4.8. Is .NET4.8 already installed on your computer?

i don’t have framework installed.

how do I solve?

Reply | Quote

The .NET 4.8 installer can be downloaded from Microsoft.
Win7 is EOL. The same restrictions will apply as for .NET 4.5.2 in #2347965 above. It will not be up to date.

You will be able to install updates up to , and including, Jan 2020 using Windows Update. For updates after Jan 2020, including KB4600944, you will need to have the ESU subscription or you will need to use @abbodi86 ‘s bypass mentioned at the top of this thread.

A word of caution.
Although you can install .NET 4.8 on Win7, it is better to use one of the earlier versions of .NET. (4.5.2, 4.6-4.7.2 Unless you have software that specifically needs .NET 4.8, I wouldn’t worry about installing it.

1 user thanked author for this post.

abbodi86

Reply | Quote

Why do you think “,,,it is better to use one of the earlier versions of .NET. (4.5.2, 4.6-4.7.2,,,” rather than .NET 4.8?

Should I remove .NET 4.8 and install .NET 4.7.2?

PS. I have both .NET 3.5 and .NET 4.8 installed on my machine.

Reply | Quote

If you already have .NET 4.8 installed, and you have no problems with it, then keep it as is.
Information about the updates still goes.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

I agree. I held off on installing .NET 4.8 since it was initially buggy. Eventually I installed it on my Win7 computers. I haven’t encountered any obvious issues when running programs which require .NET 4.8 or earlier versions.

Reply | Quote

I could use a little help, I am not that tech savvy.

I use windows 7, with an ESU.

Worked fine last year.

When I installed the year 2 ESU and attempt to update, it gives me error Code 800B0101

That error message says the time on my PC is incorrect.

I 2x checked and the time and date are fine.

Any ideas on how I can fix this?

Thanks for your input.

Reply | Quote

We haven’t seen problems with the Feb patches so far.
Since Feb is the first of the year-2 subscription, I would suggest you go back over the ESU setup and be sure it is correct.

For Feb, there was a Rollup (or SO if you are using Group B) and .NET 4.6-4.7.2 or 4.8 depending on what .NET you have installed. There was no new Servicing Stack or update for .NET 3.5 – the latest of these was Oct 2020.

Reply | Quote

I had that 800B0101 with net framework recently and set date to febuary helped install without any problem,weird thing

2 users thanked author for this post.

kipock, T

Reply | Quote

Thanks for suggesting this, i was at my wit’s end wondering why it wouldn’t install (failed with error code – 2146762495) until i saw your comment, changed my system date to a month ago and it worked. I also noticed that it’s a known issue on the .Net 4x pages but i’m pretty sure i’ve installed .Net 4x updates outside of their release month previously so presumably the required certificate in the .Net package would not have matched the system time then either.

https://support.microsoft.com/en-us/topic/security-only-update-for-net-framework-4-6-4-6-1-4-6-2-4-7-4-7-1-4-7-2-for-windows-7-sp1-and-windows-server-2008-r2-sp1-and-windows-server-2008-sp2-kb4601090-582f84bd-c341-83c9-e428-eac9b50f021e

Reply | Quote

Much appreciation for the comments regarding this little issue.
Thank you T, for your post and thank you very much anonymous. It worked like a charm.
The new month brought this on? Never realized.

I also had [Failed. Error code: -2146762495] today
for both of these (ndp47 downloads)
2021-02 Security and Quality Rollup for .NET Framework (KB4603002)
2021-02 Security Only Update for .NET Framework (KB4602958)

Thank for helping out!

Reply | Quote

It worked, thanks for your help!!

Reply | Quote

Wow thank you so much that worked like a charm I have been trying to install this update for a few days and this finally worked.

Reply | Quote

I will continue to post this monthly information in this thread as of 2/9/2021.

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on March 9, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There is a March IE11 CU  KB5000800 for Win7. Download 32-bit or 64-bit.

March Rollup KB5000841 Download 32-bit or 64-bit. for those with Win7 ESU subscriptions.

You must have at least the August Servicing Stack KB4570673 previously installed to receive these updates).
The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2349123.

****UPDATE: On 3/22/2021, Microsoft released a fix for printer issues caused by the March Patch Tuesday updates.
Out-of-Band update KB5001639 – Download 32-bit or 64-bit

4 users thanked author for this post.

jburk07, SueW, Microfix, abbodi86

Reply | Quote

Here’s your .NET for March, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
NOTE: Updates for v3.5.1 are older (Oct 2020) and should already be installed.
Updates for v5.2,  v4.6 – 4.7.2 and v4.8 have been re-signed as version 2 and should be installed.

.NET Quality Rollup KB4579977 (2020-10)
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 v2
.NET 4.6 – 4.7.2 KB4578963 v2
.NET 4.8 KB4578977 v2

.Net Quality Rollup KB4603002 (2021-02)
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 v2
.NET 4.6 = 4.7.2 KB4600945 v2
.NET 4.8 KB4600944 v2

6 users thanked author for this post.

abbodi86, Pim, jburk07, Moonbear, SueW, Microfix

Reply | Quote

2021-03 Security and Quality Rollup for .NET Framework for Windows 7 (KB4579977)
2021-03 Security and Quality Rollup for .NET Framework for Windows 7 (KB4603002)

all .NET 4.x updates (including 4.5.2) were re-signed and bumped version, for both Rollups

4 users thanked author for this post.

Pim, jburk07, Microfix, PKCano

Reply | Quote

indeed they were, well spotted 😉

no initial problems here SFC in tact /event viewer-no errors/no additional telemetry

WaaS = Windows as a Syphon...suckers!

1 user thanked author for this post.

jburk07

Reply | Quote

NONE exhibit ANY local (USB) printer printing/comms/crash issues and print queues as expected with no violations via SFC integrity check, all good here this month.

WaaS = Windows as a Syphon...suckers!

2 users thanked author for this post.

jburk07, abbodi86

Reply | Quote

Both refreshed rollups pulled

however, the updated files were added to the old rollups: 2021-02 (KB4603002), 2020-10 (KB4579977)

3 users thanked author for this post.

jburk07, Pim, Microfix

Reply | Quote

PKCano,

Microsoft Update Catalog cannot find any results for KB4578952 (for .NET 3.5.1).

Message returned from search: We did not find any results for “KB4578952”

Reply | Quote

Because KB4578952 is not listed as an individual patch. It is included in the .NET Rollup. If you click the “Download” button for the Rollup (linked) in the Catalog, you will find all the .NET updates for a given Rollup KB. That is the usual listing.
The reason the others are listed separately is because they were re-released.

Reply | Quote

[Moonbear]

@PKCano

Do both kb4578963 v2 and kb84600945 v2 need to be installed to be up to date?

 

• This reply was modified 1 year, 10 months ago by Moonbear.

Reply | Quote

No need if v1 of both are already installed

otherwise, just install kb4600945 v2

1 user thanked author for this post.

Moonbear

Reply | Quote

Will doing that also bring the October upadate to v2 as well?

Reply | Quote

You don’t need that
kb4578963 v2 is ment for Windows 7 Embedded family

1 user thanked author for this post.

Moonbear

Reply | Quote

Should the MSRT (KB890830) be considered as under the Def-Con umbrella or can it be installed at any time?

Reply | Quote

Installed at any time or skipped.

Susan Bradley Patch Lady

1 user thanked author for this post.

Moonbear

Reply | Quote

Win7 HP x64, W7ESUI_0.2

Installed;

• Jan – March 2021 SO updates (KB 4598289, KB 4601363, KB 5000851)
• Mar 2021 (IE11) – KB 5000800

No problems to report.

Thanks,all.

1 user thanked author for this post.

SueW

Reply | Quote

Heads Up!
For those who are having issues with printers post March SO/CU updates for Win7/ Windows Server 2008 R2 SP1
MSFT have released OoB updates kb5001639 for x86 and x64 versions

available from the catalog:
https://www.catalog.update.microsoft.com/Search.aspx?q=kb5001639

MSFT documentation: kb5001639

WaaS = Windows as a Syphon...suckers!

4 users thanked author for this post.

jburk07, SueW, PKCano, abbodi86

Reply | Quote

AKB2000003 has been updated for both Win7 and Win8.1.

5 users thanked author for this post.

Susan Bradley, jburk07, Kirsty, SueW, Microfix

Reply | Quote

Need to re-install windows.

I assume I don’t need to re-install all prior ESU updates, just the latest one.

Is that the correct path?

Let MS Windows Update install the regular updates.

Then by using W7ESUI …

Latest Servicing Stack Update
Latest Security Monthly Rollup
Latest .NET Rollup

Thanks

Reply | Quote

I have helped several with a new Win7 install. This information may be of some help to you.

Because there are several prerequisites along the install route, and because the updates associated with Meltdown/Spectre caused so much trouble, the installation was done in segments.
You can get Win7 up to date as of Jan 2020 EOL using Windows Update, but it is wise to to it in steps as described in Any advice on how to safely update a new Win7 installation. The outlined steps begin at #1982141, but it would probably be a good idea to read through the whole thing to understand the method used.
After your reach Jan 2020 updates, see the instructions at the top of this thread and #2349121 above to use the installer scripts for ESU updates. If you use the Rollups, they are cumulative, Security-only patches are not. The Rollups contain the IE11 CUs, so you do not need to install them separately, but be aware of the prereq’s (read “before installing this update” here).

Another similar thread for navigating a clean install is #1907521.

2 users thanked author for this post.

unleashed, abbodi86

Reply | Quote

I assume DEFCON-3 applies to these Win7 updates.  Therefore I have a question.

Do both kb5000841 and kb5001639 go into the folder with W7ESUI.cmd at the same time, or does each need to be run separately (in sequence), or is only the later update, KB5001639, needed?

 

1 user thanked author for this post.

jburk07

Reply | Quote

I did it that way, both at the same time. The script processed both and both show installed.

If you are installing the Rollup (KB5000841), I believe you need both. KB5001639 is not a cumulative update and doesn’t contain the IE11 CU.

2 users thanked author for this post.

jburk07, glnz

Reply | Quote

Am I correct in the following?

1.) Both .NET 4.8 4578977 and .NET 4.8 4600944 need to be installed again and can be put            into the folder with dotNetFx4_ESU_Installer together.

2.) Again,  there is no SSU for March.  The last SSU was KB4592510 released in December 2020.

Reply | Quote

anonymous wrote:

1.) Both .NET 4.8 4578977 and .NET 4.8 4600944 need to be installed again and can be put into the folder with dotNetFx4_ESU_Installer together.

See #2349123 above. Yes both in the same place together.

anonymous wrote:

2.) Again, there is no SSU for March. The last SSU was KB4592510 released in December 2020.

See #2349121 above.

Reply | Quote

With the DEFCON System moving to  DEFCON-4 I installed the following on two Win 7,  SP 1,  x64 machines yesterday (Mar. 27).

Using W7ESUI:

Mar. Rollup KB5000841

Mar. Rollup fix  KB5001639

Using dotNetFx4_ESU

Mar. .NET 4.8 KB4578977

Mar. .NET 4.8 KB4600944

No problems to report as of late today (Mar. 28).

 

2 users thanked author for this post.

glnz, jburk07

Reply | Quote

Sorry, that should be DEFCON-3 not DEFCON-4.

Reply | Quote

Is anyone else not able to download the patches from the update catalog?

When I tried to to begin downloading the update this morning, all 3 patches had the same strange behavior. Clicking the download button would bring up the window with the patch as normal, but clicking the patch did not trigger the download as it should.

Clicking the patch a second time triggered the blocked download warning as if clicking the first time had actually triggered the download.

Right-clicking and selecting open link in new tab acts as if your using a popup blocker to keep new tabs from opening.

If you right click and select open in a new window, all you get is a black window with untitled in the tab.

I’m posting this here in case the direct download links in the posts by @PKCano are misbehaving as well.

Reply | Quote

All worked for me – see screenshots.
The SO, OOB< and IE11 CU download links are available from AKB2000003.

1 user thanked author for this post.

Moonbear

Reply | Quote

I actually figured out what was happening.

Google Chrome in tightening the settings for insecure content on a secure site.

I had to add the update catalog to the allow list.

Reply | Quote

Yes,  I had the problem and could not figure out what was happening so I went to Firefox and did the downloads there.

Thank you for solving the problem for me,  and for sharing the solution with all of us.

 

Reply | Quote

Where did you find the allow list in  Chrome?

Reply | Quote

While on the Microsoft Update Catalog website,
tap on the lockpad icon on the top left of Chrome.
Choosing, Site settings, toggled down to ‘Insecure content’
and changed ->Block (default) to Allow

That worked for me 🙂
My thanks too, to Moonbear for solving this, much appreciated.

Reply | Quote

This is how I made the catalog downloads work.

Open the Chrome settings, scroll down to and click Site settings.

In Site settings, Scroll down to where it says Content and click on Additional content settings.

After that, scroll down to Insecure content and click.

You’ll then see 2 buttons: Add & Block

Click the Add button and type this:

https://[*.]www.catalog.update.microsoft.com

(Be sure to type this as copy/paste acts weird in the settings menus and can sometimes add random characters to what your pasting.)

Now the patch downloads should start as normal.

Reply | Quote

I spent hours in Chrome help as well as on the internet trying to find out where the “allow list” is in Chrome.  The trouble is that there is nothing called “allow list” in Chrome.

Reply | Quote

It looks like this is the “correct” way to do it,  with Chrome doing it.  Very easy to do when you know how.  Thank you for posting this.

Reply | Quote

Of course #2354415 must refer to #2354237 as the “correct” way to do it. Many thanks to anonymous for that bit of Chrome education.

Reply | Quote

Interesting, I just updated Chrome to Ver.90.0.4430.72 (Official Build) as ‘Google rolls out Chrome 90, which defaults to HTTPS instead of HTTP’ and downloaded a catalog file with Block (default) insecure content back on – it’s fine again!

Google’s release notes say that Chrome 90 contains 37 security fixes, six of which are categorised as “high”, including a zero-day vulnerability that was recently revealed to be affecting all Chromium-based browsers.

The news comes as the company gears up to release its FLoC system, which is designed to replace third-party cookies for ad tracking through a new API which was recently added to Google Chrome. However the system has already met opposition, with a number of other browser makers saying they won’t support FLoC over concerns around user privacy.

Reply | Quote

With the previous version of Chrome I had to go to Firefox to download from the Update Catalog.  It seems crazy,  but I just did a download and can confirm catalog downloads are fine again with Ver.90.0.4430.72 (Official Build) (64-bit) with insecure content turned on.

Reply | Quote

Observation:
Older dotNET won’t update with a newer SSU using slc redirect method here!
Nand and Nor gates at work with 2021 SSU’s and 2020 dotNET’s (SMQR)
Abbodi86 can you confirm this? Is this date/year affected by SSU?
Thanks in advance

WaaS = Windows as a Syphon...suckers!

Reply | Quote

SSU and .NET 4.x updates are totally separated
which updates failed?

dotNetFx4_ESU_Installer is manual installer, not via WU

Reply | Quote

[Microfix]

kb4592510 SSU Dec 2020 and attempted to install dotNET 4.5.2 kb4578955, failed
Although I just installed March 2021 kb4578955 v2 without issue. Yeah I know it’s not a NET security update but has the security within AFAIK (Originally from an image at EOL Feb 2020)
this is what I done from EOL image resurrection:

SSU Jul 2020 ( manual restart)
ESU LLP Jul 2020 (manual restart)
SSU Dec 2020 (manual restart)
SMQR CU Feb 2021 (double restart)
.NET Oct 2020 kb4578955 Failed
.NET Mar 2021 kb4578955 v2 (manual restart)
All ok with no violations

Edit: All .NET 3.5.1 patches installed also.

WaaS = Windows as a Syphon...suckers!

• This reply was modified 1 year, 10 months ago by Microfix.

Reply | Quote

Like i said, SSUs has no affect on .NET 4.x updates at all 🙂

regarding the failed installation, it’s digital signature issue, thus they created v2

see the “Known issues”
http://support.microsoft.com/kb/4578955

2 users thanked author for this post.

Microfix, PKCano

Reply | Quote

Yeah, no SSU or dotNET updates this month 🙂
Although kb4601275 (?) is there..no documentation yet

WaaS = Windows as a Syphon...suckers!

Reply | Quote

[EP]

KB4601275 appears to be a standalone timezone patch of some sort (I checked the contents of a KB4601275 cab file and has a bunch of timezones.resources manifest files)

no need to install KB4601275

• This reply was modified 1 year, 10 months ago by EP.

2 users thanked author for this post.

Microfix, abbodi86

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on April 13, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no April IE11 CU for Win7.

April Rollup KB5001335 Download 32-bit or 64-bit. for those with Win7 ESU subscriptions.

You must have at least the August Servicing Stack KB4570673 previously installed to receive these updates).
The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There were no new .NET updates listed for Win7. See #2357362.

There is a Time Zone Change update for The Republic of South Africa and Sudan KB4601275 for Win7 and Win8.1 if you want to install it.

6 users thanked author for this post.

byteme, jburk07, unleashed, Microfix, SueW, abbodi86

Reply | Quote

Here’s your .NET for April, 2021. There were no new .NET updates for April, 2021.

There were metadata (only) changes to the following  Security-only .NET updates. You do not have to reinstall the updates.

+ 2020-05 Security Only Rollup KB4556403 (.NET 4.5.2-4.8)
KB4552952 (.NET 4.5.2), KB4552951 (.NET 4.6-4.7.2), and KB4552953 (.NET 4.8)
+ 2020-07 Security Only Rollup KB4566466 (.NET 4.5.2-4.8)
KB4565583 (.NET 4.5.2), KB4565586 (.NET 4.6-4.7.2), and KB4565589 (.NET 4.8)
+ 2020-08 Security Only Rollup KB4570500 (.NET 4.5.2-4.8)
KB4569743 (.NET 4.5.2), KB4569740(.NET 4.6), and KB4569733 (.NET 4.8)
+ 2020-09 Security Only Update  KB4576490 (.NET 4.8)
+ 2020-10 Security Only Rollup KB4580467 (.NET 4.5.2-4.8)
KB4578983 (.NET 4.5.2), KB4578987 (.NET 4.6), and KB4578990 (.NET 4.8)
+ 2021-02 Security Only Rollup KB4602958 (.NET 4.5.2-4.8)
KB4601090 (.NET 4.6-4.7.2), and KB4601089 (.NET 4.8)

4 users thanked author for this post.

jburk07, Microfix, unleashed, abbodi86

Reply | Quote

[Microfix]

Noticed both aitstatic (Application Impact Telemetry Static Analyzer) and CompatTelRunner were updated with kb5001335 SMQR. Due to the nature of the bypass script, it may be something to monitor/ check for those who do not use it.
Otherwise, seems like a a clockwork update so far.
No errors in event viewer and SFC post patch output below:

Will update should anything go south, west ot otherwise, generally too early to commit..

aitAgent, aitstatic and CompatTelRunner are already on the firewall outgoing blocklist here, as a secondary precaution.

UPDATE: nothing to report, all good here 🙂

WaaS = Windows as a Syphon...suckers!

• This reply was modified 1 year, 10 months ago by Microfix.
• This reply was modified 1 year, 9 months ago by Microfix.

1 user thanked author for this post.

jburk07

Reply | Quote

Those using .NET <4.8, you want to read this post as a warning:
Various .NET End of Service Date

WaaS = Windows as a Syphon...suckers!

3 users thanked author for this post.

jburk07, SueW, abbodi86

Reply | Quote

Reminder: This post is Important if you are upgrading from a previous version of .NET using the SMQR updates.

(NOTE: Applies to all Win7 ESU users whether using the bypass or not)

PKCano wrote:

Here’s your .NET for March, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
NOTE: Updates for v3.5.1 are older (Oct 2020) and should already be installed.
Updates for v5.2,  v4.6 – 4.7.2 and v4.8 have been re-signed as version 2 and should be installed.

.NET Quality Rollup KB4579977 (2020-10)
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 v2
.NET 4.6 – 4.7.2 KB4578963 v2
.NET 4.8 KB4578977 v2

.Net Quality Rollup KB4603002 (2021-02)
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 v2
.NET 4.6 = 4.7.2 KB4600945 v2
.NET 4.8 KB4600944 v2

WaaS = Windows as a Syphon...suckers!

Reply | Quote

Microfix wrote:

Those using .NET <4.8, you want to read this post as a warning:
Various .NET End of Service Date

No rush. There is another year (April 2022) before EOL.

Reply | Quote

though at least .NET 4.6.2 will be the minimum .NET version supported beyond April 22

Reply | Quote

DEFCON 4!  Time to install KB5001335 using W7ESUI.

I just installed it on two Win 7,  SP 1,  x64 machines.

Reply | Quote

kb5001335 installed smoothly. (including a double restart.)

System is running fine.

Something I did notice though, the 2 restore points created by the installation are labeled Windows Module Installer instead of Windows Update.

Is this because of the ESU script?

Reply | Quote

Yes, Dism.exe = Windows Module Installer

1 user thanked author for this post.

Moonbear

Reply | Quote

Which means its been showing up that way since last year.

This is what happens when i skip my morning coffee.

Reply | Quote

One more question if I may, can the Windows Server version of a patch be installed on a normal Windows system?

And, if it was installed on a non-server how could you tell?

Do server patches even work with the ESU script?

(For context, after I asked my question about the Windows Module Installer restore points, I began to wonder if I had managed to download and install the wrong version of the patch before you answered me @abbodi86 I don’t still think I did this, now I’m just curious.)

Reply | Quote

Update files (monthly rollup or security only) are the same for Server 2008 R2 x64 and Win7 x64 and Win 7 Embedded x64

except few old specific updates for each

1 user thanked author for this post.

Moonbear

Reply | Quote

I didn’t know the files were the same.

I knew the rollups were the same size but I never really thought about why that might be.

Thanks again.

Reply | Quote

While I understand that the update files are the same, I still have a question if the installer is good for Windows Server 2008 R2?

Thank you!

Reply | Quote

I’m not aware that anyone has wanted to put their production server at risk to test it out.

Susan Bradley Patch Lady

1 user thanked author for this post.

abbodi86

Reply | Quote

Hi all

Updated my win7 until jan2020 (i’m almost a year and half late…) and was trying to use the W7ESUI script to update from there.

When I run the initial command I get options 1, and E, but not D… Though it  allows me to go on with february 2020 patches but then i get the error 0x80004005 at the end  (dism log and screenshot attached).

Does anyone have any ideas about what to do?

Thanks a LOT to the author of W7ESUI

Reply | Quote

To make the script work (instructions in at top of thread):
+ Create a folder (best in the root of C:
+ Add the downloaded .zip file and expand it.
+ Add the Rollup, and you will also need the Servicing Stack Update, to that folder.
+ Right click on the .cmd file and choose “Run as Administrator”
+ Choose “0” to run the sctipt – and WAIT (it takes a while).

 

See #2357353 for some information about prerequisites. (Just ignore the “for people with ESU”)
Also, the .NET updates have to be treated differently, put in a different folder, and use a different script. The instructions are in the top Post on this thread.

1 user thanked author for this post.

joao_h

Reply | Quote

“+ Add the Rollup, and you will also need the Servicing Stack Update, to that folder.”

I thought I should install the Servicing Stack Update that the script was asking for, instead of just adding it to the folder. IDK if it is that action that caused the successive 0x80004005 errors,

I tried to rollback/restore the system to previous points but now there is a BIG mess.  the “view update history” shows the last updates but the installed updates does not show them at all (see screenshots).

Already run update troubleshooter but to no avail. Any recommendations?

Reply | Quote

You don’t seem to have success using whatever you are doing.

I’ve been using the method above for 1 1/2 years on 6 Win7 machines. since Win7 went EOL without any problems or error codes.
In addition to helping a lot of people here do the same.

My suggestion would be to follow the instructions in the top post, which are the same as above. You don’t need the ESU stuff (license, prep pack). The rest of the links are in #2357353 except for the latest SHA-2 update (KB4474419) released September 10, 2019, which is also a prerequisite. The computer should be up to date as of Jan Patch Tuesday. The Prerequisites are listed in the MS Support Pages for the latest Rollup KB5001335 if you want to be sure you are not missing some of them. After the prereqs are installed, you will only need the latest Rollup (it’s cumulative) and latest SSU.
Only the .NET  installer (.msu file) goes in that folder. The .NET updates (.exe files) do not belong in the same folder – they require the other script mentioned in the top post.

Reply | Quote

Hello and Greetings to all,

First I would Like to show appreciation to abbodi86 for the W7ESUI script. Many thanks.

I do have a question the Script left some temp files on one of my drives and i would like to know if it’s ok to delete them and any others left after installations are finished? It usually deletes the folders but some have been missed and I was wondering if there is a reason for this?

Again Thanks for the script!!!!

Reply | Quote

Could you tell us the name of the folder and contents? And the Path would be helpful too.
And the path to the folder you ran the script from?

Reply | Quote

I have my user folders in a drive other than the C Drive
The path I have been installing from: F:UsersEaglecomanderDownloads-Win 7 ESU
The Path and name of the first folder: F:W7ESUItemp_4301 and inside that folder is a Folder named Windows6.1-KB4592510-x64 and inside that is a file named x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24563_none_0bb911db3ed3f553.manifest
The Path and name of the first folder: F:W7ESUItemp_13364 and inside that folder is three Folders (See screenshot 1). 1st folders name is 201E78BA-F422-45A9-8B80-39561070AA4D (It has a lock icon on it) and contents are 1 folder named en-US and several files (See Screenshot2) contents of Folder en-US are shown in screenshot 3. 2nd folders name is 0870618B-7276-4673-B7FA-EC4B0EC1550F and it doesn’t have any contents. 3rd folders name is Windows6.1-KB4592510-x64 and it has 2 folders and numerous files (See screenshot 4) contents of folder amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24563_none_67d7ad5ef7316689 are (See screenshot 5) and contents of folder x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24563_none_0bb911db3ed3f553 are (See Screenshot 6)

 

Reply | Quote

The installation has nothing to do with your User folders.
The .msu files for the Rollups and the SSUs contain .cab files. You do not extract anything in the update files.

If you want this to work, please follow the instructions.
To make the script work (instructions in at top of thread):
+ Create a folder (best in the root of the system drive C:) See screenshot above)
+ Add the downloaded W7ESUI_0.3.zip file and expand it. (see screenshot above)
+ Add the Rollup (.msu file), and you will also need the Servicing Stack Update, (.msu file) to that folder. (Do not expand them, the installation script does that)
+ Right click on the W7ESUI.cmd file and choose “Run as Administrator”
+ Choose “0” to run the sctipt – and WAIT (it takes a while).
+ Restart your computer.

When you log in again, you can delete the .msu files if the updates installed. The script cleans up the .cab files and they are no longer there. If you leave the folder on the C: drive with the extracted W7ESUI_0.3.zip, it will make it easier next month.
You use this same procedure to install any .msu files.

1 user thanked author for this post.

abbodi86

Reply | Quote

The updates were already installed I just think these were left over for some reason. I had to restore my computer from an older image and did all the updates after all the updates were done I found those Temp file folders on my F user drive I just want to know if I can delete them since the updates are already installed and I have rstarted numerous times I probably should have found them earlier. So since I have restarted since these folders were made would it be safe for me to delete all three?

Again thanks for the script it has worked flawlessly and I have been using it since you first posted it and this is the first time I found any left overs. When the cab files were unpacked they were saved in the root of my F drive and thats the first time it ever did that or at least the first time it didn’t delete the temp files/folders.

And I think you deserve a great big hurrah for making that script.

Reply | Quote

You don’t need the .cab files if the updates are installed. You can delete those.
I suspect that if you had installed from the C: drive, those would have been deleted by the script.

Each Patch Tuesday, I publish the Win7 information in this thread (like #2357353 and the .NET information below it) and on the main Blog under the Patch Tuesday post. The direct Catalog download links are included to make it easier.

BTW, @abbodi86 and the gurus on MDL are responsible for this workaround.
I’m just the helper here at AskWoody.

1 user thanked author for this post.

MikeL

Reply | Quote

I’ve been installing from my F:UsersEaglecomanderDownloads-Win 7 ESU for the past year and it has always deleted everything before. I wonder if it was because I installed 3 months of updates one right after the other (After restarting of course). Thanks for the info and the Script!

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on May 11, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There is a May IE11 CU KB5003165 for Win7. Download 32-bit or 64-bit.

May Rollup KB5003233 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2364213.

6 users thanked author for this post.

byteme, MrChaz, Microfix, abbodi86, pandarunnerpt, SueW

Reply | Quote

Here’s your .NET for May, 2021 . There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.

.NET Quality Rollup KB5001878
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.6 – 4.7.2 KB5001848
.NET 4.8 KB5001843

Correction: My mistake. .NET 3.5.1 KB4578952 was issued in Oct 2020 and should already be installed.

9 users thanked author for this post.

byteme, jburk07, Moonbear, MrChaz, zat_so, SueW, Microfix, abbodi86, pandarunnerpt

Reply | Quote

Thank you.

Reply | Quote

Does v2 of kb4578952 need to be installed if v1 already has been?

Or is v2 only metadata?

Reply | Quote

v2 is for ndp45-kb4578955-v2
it’s not needed if v1 is installed, or you have .NET 4.6 or later

2 users thanked author for this post.

jburk07, Moonbear

Reply | Quote

Test Win7 Pro x86 (ESUb)imaged prior to installation.
SMQR = kb5003233 (May 2021 CU)
Smooth installation, no issues via Event Viewer,
Nothing re-activated in ‘Data Collector Sets’
Canon Pixma local printer working as intended.
SFC check as below:

Any issues encountered will be added here..tbc

WaaS = Windows as a Syphon...suckers!

3 users thanked author for this post.

jburk07, MrChaz, abbodi86

Reply | Quote

Missed March and April’s ESU patches which entailed a double restart when May’s patch was installed. No issues here whatsoever. Thank you again abbodi86

illegitimi Non Carborundum

Reply | Quote

Installed April rollup kb5001335 using W7ESUI 0.3 on a Windows 7 Pro 64bit SP1.

Had installed .NET 4578977 v.2 and 4600944 v.2 previously with no problems at all (manual restart) but skipped the March rollup to avoid the printer issue.

Kb5001335 caused my computer to repeatedly and quickly fluctuate CPU from 10 to 45% or so (when it usually runs under 5%). I rebooted twice  restarted completely twice but it didn’t settle down. Finding no other reason save the April rollup, I uninstalled it. Now all is back to normal.

Win 7 Professional, 64 bit, was Defiantly Group B, but installed 0Patch and needed to become group A to comply.

1 user thanked author for this post.

jburk07

Reply | Quote

Oh, I see my signature – I was group B I am no longer, since installing 0Patch  a year + ago I’ve been group A.

Win 7 Professional, 64 bit, was Defiantly Group B, but installed 0Patch and needed to become group A to comply.

Reply | Quote

pandarunnerpt wrote:

since installing 0Patch  a year + ago I’ve been group A.

Since you installed 0Patch (Pro?) you should be Group 0P. No need of any of Microsoft updates, A or B.

Reply | Quote

Alex5723 wrote:

pandarunnerpt wrote:

since installing 0Patch  a year + ago I’ve been group A.

Since you installed 0Patch (Pro?) you should be Group 0P. No need of any of Microsoft updates, A or B.

I do have 0Patch Pro and have continued with group A  based on this info from opatch:

“As long as original vendor’s security updates are available and free, we recommend applying them as quickly as you can. Monthly Windows Updates, as well as any other software product’s updates, often include fixes for vulnerabilities we don’t have micropatches for…” https://0patch.zendesk.com/hc/en-us/articles/360018988493-Can-0patch-be-used-as-a-substitute-for-Windows-Updates-

I was hoping that I was better covered.

Win 7 Professional, 64 bit, was Defiantly Group B, but installed 0Patch and needed to become group A to comply.

1 user thanked author for this post.

Alex5723

Reply | Quote

KB5003233 and KB5001848 installed with no issue and system is running fine.

I tried to install KB4578952 but it was not detected by the ESU script even though it was in the same folder as KB5003233,

1 user thanked author for this post.

jburk07

Reply | Quote

KB4578952 is released in October 2020, it should already be installed since then

2 users thanked author for this post.

jburk07, Moonbear

Reply | Quote

KB4578952 was installed in October

I mistakenly thought the KB4578952 that’s part of KB5001878 was a replacement for the original.

Thanks again

Reply | Quote

Ooops. See correction in #2364213 above.

3 users thanked author for this post.

jburk07, abbodi86, Moonbear

Reply | Quote

I am very confused because PKCano made this entry in #2364213.
.NET 3.5.1 KB4578952 v2 non-security, install v2 (Other ver. updated to v2 in March)
Based on this message I thought KB4578952 v2 needed tobe installed. Note the entry says there was an update to v2 in March.
The version installed on my machines is dated October 2020, as you say it should be. Since W7ESUI was giving me the message “All applicable updates are installed” I was about to uninstall it and install this new v2.
Thank goodness I saw your message. Now I am confident in leaving KB4578952 dated October 2020 installed.

Reply | Quote

DEFCON 4!  Time to install May updates.

using DOTNETFX4 for

.NET Framework 4.8 – KB5001843

and W7ESUI for

Windows Monthly Rollup – KB5003233

I installed these updates on two Win 7,  SP 1,  x64 machines.

 

1 user thanked author for this post.

jburk07

Reply | Quote

I turned on a Win 7 Pro 64-bit desktop that was out of service since January, and I used the techniques here to install ONLY

KB5003233 for Win 7 64-bit and
KB4600944v2 for .NET 4.8

I did not install updates that came out between January and these, hoping that these are cumulative.

1. So, am I OK?
2. Is KB4600944v2 the last good update for .NET 4.8?

Thanks!

Reply | Quote

You should have the SSU from Dec 2020 already installed (?)

Reply | Quote

PKCano – You wrote “You should have the SSU from Dec 2020 already installed (?)”

What is its KB?

Thanks.

Reply | Quote

It’s KB4592510

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

See #2364212 above.
The current information is posted on this thread every month on Patch Tuesday. Check back next week on the 8th for June updates.

Reply | Quote

Yes
although, you could install latest .NET 4.8 update KB5001843, but it’s non-security update

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on June 8, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was a June IE11 CU KB5003636 for Win7. Download 32-bit or 64-bit.

June Rollup  KB5003667 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

The latest is the December Servicing Stack KB4592510 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2369921.

8 users thanked author for this post.

byteme, TaskForce141, Pim, jburk07, Moonbear, abbodi86, Microfix, SueW

Reply | Quote

Here’s your .NET for June, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4.7.2 and 4.8
The other updates in the Rollups are older and should already be installed.

.NET Quality Rollup KB5003779
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB5003547
.NET 4.8 KB5003543

7 users thanked author for this post.

byteme, TaskForce141, jburk07, Pim, SueW, Moonbear, abbodi86

Reply | Quote

I think there is a typo here.  Microsoft Update Catalog shows KB5003543 as the June, 2021 .NET 4.8 Rollup,  not KB5004543.

3 users thanked author for this post.

Microfix, Pim, SueW

Reply | Quote

Yes, both 4.6-4.7.2 and 4.8 corrected to 35. Thanks.

2 users thanked author for this post.

Pim, SueW

Reply | Quote

PKCano wrote:

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no/a June IE11 CU KBxxxxxxx for Win7. Download 32-bit or 64-bit

KB5003636 for IE not included?

MSRC Number: n/a
MSRC severity: Critical
KB article numbers: 5003636
More information:
https://support.microsoft.com/help/5003636

WaaS = Windows as a Syphon...suckers!

Reply | Quote

Can you not read?

PKCano wrote:

Under construction……….

It’s not finished yet. MS still hasn’t published the June History page

Reply | Quote

Hi,

Win7 HP x64, W7ESUI_0.2

Installed;

• Apr – Jun 2021 SO updates (KB 5001392, KB 5003228, KB 5003694)
• Jun 2021 (IE11) – KB 5003636

No problems to report.

Thanks,all.

3 users thanked author for this post.

Microfix, TaskForce141, SueW

Reply | Quote

Installed June rollup kb5003667 using the script last weekend and no issues to report, all working well here 🙂

illegitimi Non Carborundum

3 users thanked author for this post.

jburk07, Microfix, TaskForce141

Reply | Quote

Thank you for reporting no issues with June rollup kb5003667

Reply | Quote

DEFCON 4!  Time to install June updates.

using DOTNETFX4 for

.NET Framework 4.8 – KB5003543

and W7ESUI for

Windows Monthly Rollup – KB5003887

I installed these updates on two Win 7,  SP 1,  x64 machines.

1 user thanked author for this post.

jburk07

Reply | Quote

Can’t find KB5003887 in the Widows Update Catalogue.
Did you mean KB5003667?

A1ex

Reply | Quote

Ooooops, my bad.  Yes the correct Windows Monthly Rollup KB is KB5003667.

Sorry.

 

Reply | Quote

I might have fallen behind in my updates for .NET 4.8 on my old Win 7 Pro 64-bit production machine.  The last ones I installed using the methods here were in late February — KB 4597254 and KB 4600944.

Which ones have I missed that should now be installed under DefCon 4?

Thanks.

Reply | Quote

Scroll up.
There is a .NET entry just below the monthly information entry each month. Start here.
The information is there.
I don’t think there have been any security contents in the .Net updates since Feb.

Reply | Quote

PKCano – Thanks.  Looks like the latest .NET 4.8 (after my prior) is KB5003543.

Now, I had also downloaded but not yet installed KB5001843 – should I install that one first or just skip to KB5003543 ?

Reply | Quote

I’d put both in the folder. Can’t hurt.
If both are needed, they will install. If not, the one needed will install.

Reply | Quote

July updates are released 1 week earlier

2021-07 Security Monthly Quality Rollup for Windows 7 (KB5004953)
2021-07 Security Only Quality Update for Windows 7 (KB5004951)

Edit:
false alarm, they are Out of Band
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#1646

couldn’t they just release small separate update instead?

1 user thanked author for this post.

PKCano

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on July 6, 2021. A Monthly Rollup and Security-only Out-of-band have been released to address the Print spooler exploit (PrintNightmare).

There is a Security-only Update for those with Win7 ESU subscriptions.

2 users thanked author for this post.

SueW, abbodi86

Reply | Quote

I guess the entry should say (Out-of-band), not (Monthly Rollup Out-of-band)

Reply | Quote

Repeating what’s on the Win7 history page – says “(Monthly Rollup) Out-of-band” 🙂

Support pages aren’t up yet as of this post.

Reply | Quote

I ment that AKB 2000003 is for Security-only updates 🙂

KB5004951 s a security only update (replace June update KB5003694)

1 user thanked author for this post.

SueW

Reply | Quote

OK, SO was linked, wording wrong. Fixed. Thanks.

2 users thanked author for this post.

abbodi86, SueW

Reply | Quote

Question about this out-of-band “July 6, 2021—KB5004951 (Security-only update) Out-of-band” —

In my wife’s mini-office, we have two Win 7 Pro 64-bit PCs that I keep updated with the techniques here (and thanks again).  We also have an HP OfficeJet Pro 8600 All in One that the PCs connect to on the LAN.  Do I need to install this KB5004951 out-of-band rush that deals with this “exploit in the Windows Print Spooler service, known as PrintNightmare” because the exploit is serious, or should I wait for DefCon 4 for the next monthly updates (as I usually do)?

Reply | Quote

I think the exploit mainly affect Print servers

Reply | Quote

Windows 7 is not affected as far as we know – this may change.
Home users are not targeted as far as we know – this may change.

Keep an eye on the home page for updates.

cheers, Paul

1 user thanked author for this post.

glnz

Reply | Quote

Think I’m going to hang off untill the July week B patch is released.

illegitimi Non Carborundum

Reply | Quote

From my experience for July patches, installed SSU kb5004378 and Monthly Rollup kb5004289 using the bypass method. Restarted then installed Net4.8 kb5004116 using the slc redirection method. No problems to report since installation on the 15th july, all working well here, long live Windows 7!

illegitimi Non Carborundum

1 user thanked author for this post.

jburk07

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on July 13, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There is a July IE11 CU KB5004233 for Win7. Download 32-2it or 64-bit.

July Rollup KB5004289 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

Note: There is a new July Servicing Stack KB5004378 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2377439.

7 users thanked author for this post.

byteme, jburk07, MrChaz, RDRguy, abbodi86, Microfix, SueW

Reply | Quote

Here’s your .NET for July, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4.7.2 and 4.8
The other updates in the Rollups are older and should already be installed.

.NET Quality Rollup KB5004229
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB5004120
.NET 4.8 KB5004116

8 users thanked author for this post.

byteme, jburk07, glnz, MrChaz, RDRguy, abbodi86, SueW, Microfix

Reply | Quote

Are you saying July Serving Stack KB5004673 should be installed only if I have a Win7 ESU subscription,  and if I do not have a Win7 ESU subscription I should NOT install July Serving Stack KB5004673 using WIN7ESUI?

 

Reply | Quote

Ignore the ESU part (everything says ESU). Install the Servicing Stack the same way you install the Rollup or SO (put it in the same folder). You don’t need the ESU if you are using this method.

Reply | Quote

I suspect you meant to say … “KB5004378” not … “KB5004673” {this doesn’t exist}

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

You are correct.  I saw the error as soon as it was posted,  but could not figure out how to make a correction.

Reply | Quote

All July updates installed with no issues.

2 users thanked author for this post.

SueW, jburk07

Reply | Quote

Although the July 2021 Rollup (KB5004289) installed without issues the script would not install the July 2021 Servicing Stack (KB5004378).  First attempt was with the Rollup and it was ignored.  Second attempt was separately and the script did not seem to recognize it.

My mistake.  I forgot that I previously installed the July SSU after the June 2021 Rollup.

Reply | Quote

DEFCON 4!  Time to install July updates.

using DOTNETFX4 for

.NET Framework 4.8 – KB5004116

and W7ESUI for

Windows Monthly Rollup – KB5004289

Service Stack Update – KB5004378

I installed these updates on two Win 7,  SP 1,  x64 machines.

P.S. Chrome would not download from Microsoft Update Catalog.  Is anyone else having this problem with Chrome?  Does anyone know what the problem is/how to fix the problem?

 

1 user thanked author for this post.

jburk07

Reply | Quote

Go to the Microsoft site instead of the Catalog. There is a page specifically for Chromium Edge.

https://www.microsoft.com/en-us/edge

1 user thanked author for this post.

jburk07

Reply | Quote

The name is in the link – Edge.  All see there is ads for, hype about,  and links for downloading,  Edge.

Reply | Quote

using dotNetFx4

.NET Framework 4.8 – KB5004116

and W7ESUI_0.3

Windows Monthly Rollup – KB5004289

Service Stack Update – KB5004378

I installed these updates on two Win 7, SP 1, x64 machines with no problems.

Also – a very quick set of updates compared to the last few.

Win 7 Professional, 64 bit, was Defiantly Group B, but installed 0Patch and needed to become group A to comply.

1 user thanked author for this post.

jburk07

Reply | Quote

what should i do with file RunOnce_W10_Telemetry_Tasks.cmd that is on my desktop?

Reply | Quote

When I used the script on my Win7 systems it also created the telemetry related .cmd file.  I allowed the script to run.  So far, I’ve not noticed any ill effects.

1 user thanked author for this post.

Alex5723

Reply | Quote

Anonymous and EricB – My Win 7 Pro 64-bit machine also has this on its desktop.

Do we have any idea what it does, or why it appears as an option on our desktops?

I could copy and paste its lines here, but is there a way to shrink or temporarily hide them here, like “Spoiler”?

Reply | Quote

glnz wrote:

Do we have any idea what it does, or why it appears as an option on our desktops?

This question is best answered by the author of the script.  Having said that, a cursory inspection showed that Microsoft data collection/telemetry  have been deleted.  For example, the scheduled tasks used by the CEIP and ApplicationExperience that fed data to Microsoft are now gone.  Before using the script I had manually disabled such tasks.

Reply | Quote

See AKB2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model .

2 users thanked author for this post.

EricB, abbodi86

Reply | Quote

Should we run it?

Reply | Quote

I did the manual clean out as described in AKB2000012, then set the script up in Task Scheduler to run on startup (for both my Win7 and Win8.1). It assures that whatever MS tries to put back gets wiped out again on a regular basis.
Follow the instructions in AKB2000012.

2 users thanked author for this post.

jburk07, abbodi86

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on August 10, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There is an August IE11 CU KB5005036 for Win7. Download 32-bit or 64-bit.

August Rollup KB5005088 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a July 2021 Servicing Stack KB5004378 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2382937.

6 users thanked author for this post.

byteme, MrChaz, jburk07, Microfix, abbodi86, SueW

Reply | Quote

Here’s your .NET for August, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4.7.2 and 4.8
The other updates in the Rollups are older and should already be installed.

.NET Quality Rollup KB5004871
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB5004757
.NET 4.8 KB5004755

6 users thanked author for this post.

byteme, MrChaz, jburk07, SueW, Microfix, abbodi86

Reply | Quote

SMQR kb5005088 installed using ESUb, no event errors, integrity good, no telemetry added and pixma printer/ scanner works as intended. Only one restart required post patch.

WaaS = Windows as a Syphon...suckers!

2 users thanked author for this post.

MrChaz, jburk07

Reply | Quote

Homeuser – Another month free of bugs, Windows 7, simply the best! (of microsoft) Still have print nightmare mitigations in place. (have no printer anyway)

illegitimi Non Carborundum

Reply | Quote

DEFCON 4!  Time to install August updates.

using DOTNETFX4 for

.NET Framework 4.8 – KB5004755

and W7ESUI for

Windows Monthly Rollup – KB5005088

I installed these updates on two Win 7,  SP 1,  x64 machines.

P.S. Chrome would not download from the Microsoft Update Catalog.

 

Reply | Quote

Just want to point out that Susan Bradley’s Patch List might have an error for which update is which for Win 7.  I ported about it on her new thread on these forums at

https://www.askwoody.com/forums/topic/ms-defcon-4-all-clear-for-consumers-less-so-for-businesses/#post-2385842

What do you think?

Reply | Quote

You were correct about the KB numbers. See #2382936 above

1 user thanked author for this post.

glnz

Reply | Quote

August updates installed with no issue and printer still works as intended.

No problems to report at this time.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

Hi! If i have Internet Explorer uninstalled on my system, do i still have to install IE11cU?

Also, should i install the latest Servicing Stack Update (KB4570673) before starting the whole procedure?

Reply | Quote

You CANNOT uninstall IE11 from Win7. You CAN, however, remove access to the use of the browser to view the Internet.
IE is built into the functioning of the OS in Win7. Since it is still there (even when you cannot use the browser), you need the security updates.

When you run Win7ESUI, put the SSU in the same folder as the updates (either the Rollup OR the SO + IE11 CU). The script will take care of the order of installation.

Unless you have an ESU paid subscription, you should not be able to install the updates directly. Check “Installed Updates” (not Update History) to verify they are installed.

Reply | Quote

They are visible in Update history but not in Installed Updates. Does it mean they were not installed? Then why did the installation process took so long and required restart of the system?

Reply | Quote

If you are using Rollups, at least the last one you installed should show in Installed Updates.
If you are using SOs and IE11 CUs, then you should see all the SOs and at least the last installed IE11 CU in Installed Updates.
If they are not in Installed Updates, they did not install or the install failed.

Reply | Quote

Three questions:

1. IE11CU is a cumulative update. If i understand it correctly i only need the latest one if i’m up-to-date till January 2020? I don’t have to install it one-by-one like the SOs?
2. I haven’t installed the telemetry updates (listed in the separated thread). Should I install them now to make it all work properly? I would like to avoid the telemetry patches but i’m afraid that not installing them may cause the system to malfunction.
3. KB4541500 is one of the latest SOs that features telemetry. Should I avoid it too?

Reply | Quote

1. Correct. IE11 CUs are cumulative.
2. Win7 SOs are listed in AKB2000003. Avoidance/problems/comments are listed with each patch if applicable. Telemetry patches to avoid are listed at the top of the AKB and should be uninstalled if found in Installed Updates. You can use @abbodi86 ‘s guidance in AKB2000012 to minimize telemetry. If you set the script up in Task Scheduler to run on startup, you will avoid any surprises MS might try to install.
3. KB4541500 contains DiagTrack components. AKB2000012 may have instructions for controlling it. If not, and you don’t want telemetry, do not install. Remember, however, since SOs are not cumulative, you will also miss any other security patches included in the update.

Reply | Quote

Why is it necessary to have the script as a scheduled task? Wouldn’t it be enough to just launch it once after installing the updates? Does that telemetry function re-restart after some time?

Reply | Quote

Because sometimes Windows tasks put things back that you have removed/disabled. Not neccessarily during an update install.

Reply | Quote

Are you aware if AKB2000012 is effective against DiagTrack components in KB4541500?

Reply | Quote

If you run the script on startup in Task Scheduler (instructions in AKB2000012) it avoids any problems on put-back.

Reply | Quote

I have also noticed that it’s possible to install the ESU updates by just launching the regular MSU files. Is it normal?

Reply | Quote

Only if you have real ESU license, or BypassESU project

Reply | Quote

Is there any list of .NET framework Security Only updates since the free support was dropped?

Reply | Quote

Scroll up. If there were any .NET SOs, they are listed in the monthly notices on each Patch Tues.
When you run out of information in this thread, there is a link at the bottom of the first post to the Archive of earlier posts from this thread.

Also, on Patch Tuesdays (if you look at older Main Blog posts on those days), the first post at the top of the “comment on the Lounge” has update information and links to .NET.

Reply | Quote

I thought about a list like the one in the separate topic which features all the Win7 Security-Only patches.

Anyway, if i have .net framework 4.8, is it enough to install the security only updates for 4.8 or i also need the security only updates for various versions including 4.8 (like 2020-05 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7)?

By the way, if i have 4.8, is there any point in installing older versions like 4.7 or 3.5? Would 4.8 be enough to make all the .net framework applications to work properly?

Reply | Quote

.NET 3.5 is part of Win7. It’s updates are .msu files and should be included in the folder with the CUs, SOs, SSUs using Win7ESUI.
.NET 4.8 updates are .exe files and should be installed from a different folder using  dotNetFx4_ESU_Installer_r

When you download a Rollup (the one listed with all the versions of .NET) from the catalog, you will find it is a bundle of individual updates, one for each version of .NET. From that bundle, you only need the one(s) for the version(s) you have installed on your computer. The version will be listed in the update file name. You do not need to reinstall ones in the bundle you have previously installed. See #2382937 above.

Since .NET updates (Rollups or SOs) do not include telemetry, they are not listed in AKB2000003, the purpose of which is to avoid telemetry. The Rollups contain non-security and security fixes. The SOs only contain security patches.

Reply | Quote

What I meant was that besides Security Only patches for a specific version like:

2020-05 Security Only Update for .NET Framework 4.8 for Windows 7

next to it, there are Security Only patches in a single pack for various versions like:

2020-05 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7

Does the latter pack contain the same as the first when it comes to patching 4.8 only?

Reply | Quote

The first is the individual patch for .NET 4.8

The latter is the Rollup that contains the bundle of patches for all versions (including the individual patch for .NET 4.8). The Rollup (bundle) is just a collection of individual patches, not ONE single patch.

1 user thanked author for this post.

abbodi86

Reply | Quote

OK. Thanks for clearing that up.

By the way, if i have 4.8, is there any point in installing older versions like 4.7 or 3.5? Would 4.8 be enough to make all the .net framework applications to work properly?

Reply | Quote

3.5 is already installed.
I believe 4.8 removes the other earlier versions. Those should be the only two updates you need.

Reply | Quote

On my Win7 machine Programs and Features shows .NET 4.8,  but does not show 3.5.  Should I install 3.5 from the update catalog?

 

Reply | Quote

Look in Programs & Features.
Upper left corner “Turn Windows features on or off.”
.NET 3.5 is part of WIn7 (whether it’s turned on or off).

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Sept 14, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was a September IE11 CU KB5005563 for Win7. Download 32-bit or 64-bit.

September Rollup KB5005633 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a July 2021 Servicing Stack KB5004378 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

 

For .NET updates listed for Win7. See #2389777.

9 users thanked author for this post.

jburk07, byteme, Steve, TaskForce141, MrChaz, Moonbear, SueW, Microfix, abbodi86

Reply | Quote

Here’s your .NET for Sept, 2021.
There were no Security .NET updates.
There were no Security-only .NET updates.

9 users thanked author for this post.

jburk07, byteme, TaskForce141, MrChaz, Fred, Moonbear, SueW, Microfix, abbodi86

Reply | Quote

Installed kb5005633 last week, no issues to report as I have no printer.

illegitimi Non Carborundum

1 user thanked author for this post.

TaskForce141

Reply | Quote

Me too.  No issues with the bypass and September rollup KB 5005633 on my last Win 7 Home desktop since installing on Sept. 20.  I have the last servicing stack update (July, KB 5004378), the last .Net 4.8 update, MS Security Essentials, MS EMET 5.52, Edge 93, and Firefox.

I define ‘no issues’ as no bluescreens, no delay or stuck on rebooting during update installation, Youtube working, and VLC media player working.  My old Laserjet is parallel port and works, so I can’t testify if the PrintNightmare patch bugs are hitting me.  That problem seems to be for network printers, not local printers.

1 user thanked author for this post.

Moonbear

Reply | Quote

No issues to report with the install of kb5005633

Everything running as intended.

The install even seemed to go a little bit faster than normal.

Reply | Quote

DEFCON 4!  Time to install September updates.

using DOTNETFX4 for

No .NET Framework updates

and W7ESUI for

Security Update for IE 11 – KB5005563

Windows Monthly Rollup – KB5005633

I installed these updates on two Win 7,  SP 1,  x64 machines.

P.S. Had to use Firefox to get the downloads from the Microsoft Update Catalog.

 

Reply | Quote

If you install the Rollups, you do not need to install the IE11 CUs. They are contained in the Rollups. You only need them if you install the Security-only patches.

The MS catalog download is from http:// not https://. That is probably you had to use Firefox (without https everywhere).

Reply | Quote

Changed https:// to http:// and still will not download in Chrome.

Reply | Quote

It’s not the catalog itself that’s http. The catalog is https.
It’s the download itself that’s http, and you don’t have any control to change that. Look at the url in the download box that pops up.
Chrome is probably blocking downloads from http.

1 user thanked author for this post.

abbodi86

Reply | Quote

Here is everything that comes up in the download box.  I do not see any url.

Download

Download Updates

2021-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB5005633)

<hr />

windows6.1-kb5005633-x64_59086895fe5fdba20aba8361778708f76489f834.msu 

If I have no control over it,  it really doesn’t matter does it?  I guess I will just have to continue switching to Firefox for downloads from the catalog.

Reply | Quote

Right click on the msu link and “Save link as ..” don’t work too?

Reply | Quote

Yes!  “Save link as…” works.  Thank you very much.

Reply | Quote

I’m having the same HTTP problem and “Save as” does NOT help.  Instead, I get a further error message that says, “The download cannot be saved because an unknown error occurred.”

Si, I can’t download  2021-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB5005633).

Any ideas?  Thanks.

Reply | Quote

See my post #2394106.

Reply | Quote

Hi, this first happened around March this year on Chrome,
and a helpful lounger posted the solution on this thread.

→ I actually figured out what was happening.
Google Chrome in tightening the settings for insecure content on a secure site.
I had to add the update catalog to the allow list.

So you need to be on the Microsoft Update Catalog website firstly
and then click the tiny padlock pic next to the https:// address bar
* Select, “Site settings” gets you to, Permissions
Choose↓
⟁ Insecure content – Change → Block (default) to Allow

Reply | Quote

I have never done this in Firefox, and have no problems with downloading given the information in the above link.

Reply | Quote

It took months for someone to finally post the correct step by step procedure for to solve this problem.  Thank you very much.

Reply | Quote

So this is how you get something to the allow list in Chrome.  Thanks for the info.

Reply | Quote

the procedure is a little different with Google Chrome versions 95 & greater [and with MS Edge Chromium 95 & newer] as they are tightening insecure content settings a little further in recent versions of Chrome/MS Edge

I set it up like this in the attached pic [currently using Chrome 96.0.4664.45] in order to download files from MS Update Catalog

Reply | Quote

Ah, thank you, perhaps it is better to manually Add in the insecure contents category – the original poster typed [*.]www.catalog.update.microsoft.com, but [*.]microsoft.com and/or windowsupdate.com looks well covered!

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Oct 12, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was a October IE11 CU KB5006671 for Win7. Download 32-bit or 64-bit.

October Rollup KB5006743 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a October 2021 Servicing Stack KB5006749 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

For .NET updates listed for Win7. See #2395474.

5 users thanked author for this post.

jburk07, byteme, zat_so, SueW, abbodi86

Reply | Quote

Here’s your .NET for Octobert, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were only updates for .NET 4.6-4.7.2 and 4.8
The other updates in the Rollups are older and should already be installed.

.NET Quality Rollup KB5006761
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB4578955 (Oct 2020)
.NET 4.6 – 4.7.2 KB5006061
.NET 4.8 – KB5006060

6 users thanked author for this post.

jburk07, byteme, zat_so, SueW, Microfix, abbodi86

Reply | Quote

.NET 4.8 link kb5006066 is for Win8/embedded/2012 Server..tut tut 🙂
NET4.8 for Win7

WaaS = Windows as a Syphon...suckers!

1 user thanked author for this post.

PKCano

Reply | Quote

Thanks. Wrong KB number – fixed.
That’s my first mistake (snick) 🙂

Reply | Quote

Thanks.

Reply | Quote

Time to install October updates.

using DOTNETFX4 for

.NET Framework 4.8 KB5006060

and W7ESUI for

Servicing Stack Update KB5006749

Windows Monthly Rollup – KB5006743

I installed these updates on two Win 7,  SP 1,  x64 machines.

 

1 user thanked author for this post.

A1ex

Reply | Quote

Installed October Win7 SP1 ESU patches using the bypass method for both service stack update KB500674 and monthly rollup KB5006743, then .NET4.8 KB5006060
All is well here after near on a week since botch tuesday.

Reply | Quote

Hi there,

kb5006743 does not install here, (even with all prerequisites) W7ESUI saying “all applicable updates are detected as installed”, but that’s not true, nothing happened and Belarc confirm that, only <span id=”ctl00_catalogBody_searchString”>KB5005633</span> (sept-2021) is installed. Something wrong with this month release?

Any idea?

Reply | Quote

Did you install the new Servicing Stack KB5006749 first?

Reply | Quote

Did you download the correct file architecture (x86 – x64)?

Reply | Quote

Can I use the same script for Windows Server 2008 R2 SP1 extended security updates without license?

Reply | Quote

Updates all installed with no issues.

Printing tested and still working as normal

2 users thanked author for this post.

Kranium, jct

Reply | Quote

On a window 7 x32 machine,  the computer was unable to install the Sept. IE KB5005563, but was able to install SO KB5005615.   However, both Oct. S0 KB5006728 and IE KB5006671 failed.  The message was window failed to install update, and reversed back to previous window.  Any advice?

Reply | Quote

See #2395473.
Do you have the prerequisite August SSU KB5004378 installed?
Have you installed the Oct SSU KB6749?

Reply | Quote

SSU KB5004378 was installed on Aug. 21.   Oct SSU KB 5006749 has not been installed yet, but that SSU should only be required for Nov. updates?

Reply | Quote

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Nov 9, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no Nov. IE11 CU  for Win7.

November Rollup KB5007236 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a October 2021 Servicing Stack KB5006749 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2400690.

7 users thanked author for this post.

byteme, pandarunnerpt, jburk07, RDRguy, SueW, Microfix, abbodi86

Reply | Quote

Here’s your .NET for Nov, 2021. There were no Security-only .NET updates.

Download only the update for the version(s) installed on your PC.
There were updates for .NET  4.5.2, 4.6-4.7.2 and 4.8
The other update in the Rollups are older and should already be installed.

.NET Quality Rollup KB5007299
.NET 3.5.1 KB4578952 (Oct 2020)
.NET 4.5.2 KB5007167
.NET 4.6 – 4.7.2 KB5007150
.NET 4.8 KB5007149

8 users thanked author for this post.

byteme, pandarunnerpt, Steve, jburk07, RDRguy, SueW, Microfix, abbodi86

Reply | Quote

This is difficult to find. Thank you.

Reply | Quote

November Report:
Imaged prior to installation then installed SMQR which invokes a double re-start once injected. No errors in Event logs and SFC verification all good. NET 4.8 patch was installed, all in for the fun of it.
Fully patched and Local Canon Pixma Printer works as normal. Bring on December…

WaaS = Windows as a Syphon...suckers!

4 users thanked author for this post.

pandarunnerpt, jburk07, abbodi86, RDRguy

Reply | Quote

SMQR and .NET 4.7 patch both installed smoothly. no issues to report.

Printing still working as expected.

 

1 user thanked author for this post.

jburk07

Reply | Quote

DEFCON-3.  Time to install October updates.

using DOTNETFX4 for

.NET Framework 4.8 KB5007149

and W7ESUI for

Windows Monthly Rollup – KB5007236

Installed these updates on two Win 7,  SP 1,  x64 machines.

1 user thanked author for this post.

jburk07