There’s a fix for the double-print security bug in Win7 and 8.1 – but not Win10

Topic

New Reply

A great demonstration of the Achilles’ Heel in “Windows- as-a-Service” The congenital Windows 10 penalty. InfoWorld Woody on Windows
[See the full post at: There’s a fix for the double-print security bug in Win7 and 8.1 – but not Win10]

Reply | Quote

Replies

@Woody,

“Microsoft rolled out a fix to the bug and assigned a different KB number, KB 3187022: Print functionality is broken after any of the MS16-098 security updates are installed.
If you’re running Windows 7, Win8.1, or WinRT, that patch should’ve appeared last night in your Windows Update queue.”

Just an FYI…after the auto check for updates on boot up this morning, 8/25/16, there was no sign of KB 3187022 in Important or Optional updates. “Give me recommended…” is, and has been, UNchecked for quite some time. Thoughts?

W7 SP1 x64

Reply | Quote

Must just be rolling out. It’s listed here:

https://support.microsoft.com/en-us/kb/894199

Reply | Quote

@Woody,

I’ll play along…

From the MSFT support ling you just posted re:KB 3187022….

“Supersedes: KB3095649 on Windows 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2”

Om my W7 SP1 x64 machine, KB3095649 is not installed, is not in the uninstalled Optional updates list, and it’s not in my small list of Hidden updates.

Go figure, MSFT.

Reply | Quote

It never came down to my WSUS server last night, doing another pull right now to see if it’s showed up yet.

Can’t wait till October when my Win7 and W2K8R2 machines will only be able to get the security patch bundle each month! So when one patch is bad I have to hold back the entire month until I find a resolution. That’ll really increase our security posture! Thanks MS! Good thing they never release bad patches!

Reply | Quote

I’ve said this before, but it appears worth repeating yet again: Welcome to the age of Windows as a (dis) service!

Hang on folks, it’s going to be a bumpy ride.

Reply | Quote

Other than 3177725, 3187022 isn’t offered in the microsoft.com download-pages, but only in the Catalog.

Yay.

Reply | Quote

+1

Reply | Quote

Oy. And it looks like 3187022 is not yet in WU, but only in the Catalog.

Reply | Quote

Yeah, just noticed that. So I imported the fixes manually into my WSUS server. So they release a security patch to WSUS, but then they only release the fix for that patch to the Catalog. Stupidity reigns at MS!

Reply | Quote

I said in my comment that it’s for catalog only for now
https://www.askwoody.com/2016/acknowledged-printing-bugs-in-kb-3177725-win7-security-patch-and-kb-3176493-win10-10586-545-update/#comment-96603

as for Windows 10, build 10240 actually got the print fix in cumulative update KB3186987, which is also released in catalog only

Reply | Quote

KB2187022 has not shown up on WU on any of my machines.
I just downloaded it from the catalog and manually installed it on one of my Win7. Had no problem with the install. Will see if it causes any problems over the next few days.
Then I checked for updates – took about 2 minutes.

Reply | Quote

The only reasonable option for cumulative security updates is to hold off installing them for a lengthy period so that a bad patch in the lot does not create major issues on your system. The mobile device template MS is trying to implement will cause only headaches going forward as patching windows id a different animal than patching Android and iOS tablets/smartphones. In many ways, MS has proceeded with a strategy based upon faulty premises.

Reply | Quote

Dear Woody:

You said in your article at InfoWorld the following:

“I’m seeing reports that 3187022 is not yet available in Windows Update, or as a standalone download. It’s only in the Catalog.”

That is true. As of 8/25/2016 at 6:13 pm EST, I could not get it & it did not show in Windows Update or as a standalone even though I had KB 3177725 installed already. So I had to go to Windows Catalog which was a first for me, so I learned how to use Windows Catalog.

Reply | Quote

Ms completely lost control over windows development. And I suspect they cant regain control bcoz when they decide to use users as debuggers they got rid of all the developers that counted (and cost serious money) and now they have no talent. Moreover, once you reach this level of chaos its impossible to recover even WITH top talent.

No matter how many complaints or even revolt, I dont see how even starting from scratch they can overcome the problems. Coming after the phone failure we may b watching the beginning of the end for Ms. Unless they can survive without windows.

Reply | Quote

Guess it’s really not released on WU yet.

Just ran a scan check and it was not found here as well… Running W7 Pro X64 here…

What are your thoughts on this one Woody? Regarding it’s “safeness”…

Reply | Quote

I don’t need it-I uninstalled 3177725 right after I downloaded the August Patch. Like woody said after you install updates, uninstall 3177725 so you don’t face that printer issue.

Reply | Quote

I wouldn’t touch it – but then again, I haven’t installed the original patch.

Reply | Quote

Something strange is going on. I’ve never seen a KB with a posted KB article, listed on the Windows Update changes, https://support.microsoft.com/en-us/kb/894199 , available in the Catalog, but not pushed out the Automatic Update chute.

Perhaps MS is waiting for the Win10 version, which apparently will be 14393.103 – which was just released to the Preview ring.

Reply | Quote

I agree – and I’m not concerned about Mobile.

Reply | Quote

Not in WSUS or Windows Update here.
Supersedes: KB3095649 on Windows 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2
Target platforms: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, and Windows Server 2008 R2.
There may be pre-requisites to it? However at a minimum it should show in WSUS regardless of pre-requisites.
What is going on?

Reply | Quote

Helluva good question.

It’s in the Catalog, and has been there since Thursday:

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3187022

(IE required, of course)

Reply | Quote

Absolutely correct! Windows 7 is the last “good” desktop OS ever coming from Microsoft. With a bit of luck Windows 10 may become a worthy competitor, although the evidence seems to show otherwise. There is hope though…
Times are changing and regular end-users should prepare to use terminals or not to be involved at all and as a consequence to be left behind to some extent. Privacy? This is everyone’s guess…
WhatsApp is changing their agreement to allow more integration with Facebook with sneaky ways to get out of the integration. Apple is releasing patches to iOS 9 more and more often and nobody is questioning their content and reliability. Google is updating in the background without telling anyone. Firefox is doing the same more or less while breaking stuff in the process, but it is free, so it is acceptable. I am a Firefox user and supporter by the way. And an Apple supporter too.
Let’s bash Microsoft though, because they are the only bad corporate player…

Reply | Quote

I suspect the opposite myself.

MS have a captive audience and no matter how bad things get with Windows most users will just put up with it.

The average user would not have the confidence or skill to change to Linux (IMV) and aside from server-side services most businesses are unlikely to change as the vast majority of applications (e.g. Office) are Windows based.

MS knows this, so also knows it can literally get away with anything and be as arrogant as it chooses

Reply | Quote

Win7SP1 here –
I wonder if Microsoft is having a nice time but no idea of the game they’re playing. I assume it’s a game because if the company released a crappy KB3177725 via Windows Update then releases a KB3187022 fix only on their Catalog it must be funny, can I play?

The company is mad, nuts and so on. But we all know that already.

Forgot to mention : just uninstalled KB3177725 so I won’t have to wait for Microsoft to move their art and deliver 3187022 on WU. Lousy company, lousy.

Reply | Quote

Ditto

Reply | Quote

It may be classified as “hotfix”, i.e one of those which one has to request (free, available only by providing an email address to be sent an URL) to fix a specific problem. Those “hotfixes” not mainstream are not normally released un WU or WSUS.

Reply | Quote

Maybe it’s the only way Microsoft found to have users call IE/Edge. I’ve disabled IE here and have no intention of enabling it should it be to access their “Catalog” … what a pain.

Reply | Quote

I have not yet installed KB3177725 on my Win 8.1 system because I was aware of the printing issue. This was not a stroke of genius because I tend to hold back on kernel mode driver patches. I have KB3177725 sitting in WU but have not seen anything yet for KB3187022. Do you think this second patch only is shown if KB3177725 is already installed? I will not consider installing the first patch until the situation is clarified.

Reply | Quote

Clearly, their intent has been to grease the skids down into Win10. However, clearly, they have instead greased the skids to NO PCs. It appears that PC buying will again become a thing for hobbyists.

The decline in PC sales is much more the result of Win8 and 10, than any other factor. The average Joe went to WorstBuy and found no Windows PC that he would want to use. Instead, he bought an iPad and/or iPhone, or even an iMac.

MS has engineered its own demise, just like IBM and HP. Nothing short of an open admission to failure and a herculean effort can save them now.

The market is ripe for a new Bill Gates with a Linux-based product that is designed for ordinary people. Apple is content to be a specialty supplier that sells only premium-priced products.

CT

Reply | Quote

It looks like Microsoft hasn’t rolled the patch out Windows Update just yet. Wait a few hours and we’ll see.

Reply | Quote

Yep, but hotfixes aren’t listed on the WU list, https://support.microsoft.com/en-us/kb/894199

Reply | Quote

Er, I assume you mean “let’s NOT bash Microsoft…”

There’s plenty of blame in the industry to go around.

Reply | Quote

I believe you’re correct on all counts.

Reply | Quote

Not mutually exclusive. In fact mutually consistent. They lost control in order to cut costs precisely bcoz they know win users cant leave. Had they feared migration they would have not given up control.

Reply | Quote

Dominant vendors are like dominant civilizations: They peak and that causes them to decay. Domination breeds arrogance lazyness and incompetence

Reply | Quote

Deep in the bowels of Microsoft several key executives were discussing their new strategy for accelerating cloud computing with azure —

“We should figure out how to move everyone from their current systems to our new super awesome cloud computing initiative for all forms of intercorporate and interpersonal communications. Ah ha! I’ve got the answer. Lets bork local printing!”

“Brilliant idea!”

“Let’s get our Windows Update team on it right away!”

Reply | Quote

You can download a bootable version of Linux Mint or another distro, burn it to a DVD or copy it to a flash drive, and boot it up without installing it. It might be a little slow, but you can play around with it all you want and see if you like it. And if you do, you can just install it. It doesn’t take much skill.

Reply | Quote

I have a few Recommended and a few Optional updates ready to be selected for my Win7 computer and they are just sitting there waiting to be downloaded and installed.
What should I do?

Reply | Quote

Re: Woody “IE required of course”

https://www.askwoody.com/2016/future-windows-patches-only-available-in-the-update-catalog/#comment-81506

===========================================

“abbodi86 says:
April 24, 2016 at 9:51 am

You can use/search MU catalog site with any browser without the need for ActiveX
you just need to manually use RSS feed search url
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3103616&lang=en

change query string, you can use + sign instead of spaces, and you can drop &lang=en
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=10+for+x64”

Reply | Quote

@Simpson

Ck this link.

https://www.askwoody.com/2016/future-windows-patches-only-available-in-the-update-catalog/#comment-81506

It sez u don’t need no stinkin’ IE

Reply | Quote

Let them sit there. I’ll try to figure out which way to go, maybe over the weekend. In the interim, we still have outstanding bugs that need to be squashed.

Reply | Quote

DOS ain’t done til Lotus won’t run….

(which was never actually the case)

http://www.proudlyserving.com/archives/2005/08/dos_aint_done_t.html

Reply | Quote

FYI:
KB3187022 still has not shown up in WU – maybe next patch Tues?

I had used KB3177725 to speed up a Win7 update search and had not uninstalled it on a Win7 VM. Since Kb3187022 is supposed to be the fix for the printer problem created by KB3177725, I decided to download it from the catalog yesterday and install it on ONE Win7 VM (which I have backed up). See #6 above. I was able to print 4 copies of a 3-page Word document on two different printers without a hitch, and I used the Win7 VM extensively this morning.

I know, suck in your breath and grit your teeth about such risky behavior. But I can pass on the info risk-free to everyone, and I can always replace the VM with the backup.

Reply | Quote

Been there. Done that. I can not think of a single one of my clients that would be capable of keeping Mint running for more than a few days or weeks. It is much too dense and complicated. It requires a far greater depth of understanding than 99% are interested in or capable of.

I also discovered another thing about it. It is not good for old computers. It may take far fewer resources, but the drivers just are not there.

CT

Reply | Quote

I have some experience with Linux via Ubuntu 12.04, and I’ve seen some articles and demos about how one can put Linux on a Chromebook side-by-side with the Chrome OS. It’s not a dual boot setup, just side-by-side. Decide you don’t like Linux? Easy to remove it and go back to just Chrome OS. Put it back on whenever you want. Seems like a reasonable thing for me, a mostly internet user but with some tasks I like to use a decent application for. Looks like I would want an external hard drive, but that’s OK. Windows after 7 just doesn’t appeal to me, based on all this ‘chaos’, as someone termed it. I admit to laughing when I read a very recent review of Win10 on some tech web page. “Best Windows OS yet” Doesn’t look that way to me, sorry.

Reply | Quote

@One More Time, thanks a million for this little gem. Copy/pasted, I can tell you!

Reply | Quote

They will survive and do well without the Desktop OS. They have no choice in fact.
I remember reading somewhere that the Desktop OS team and the Server OS team are no longer one team or something like that and that they were more or less decoupled internally at Microsoft. The server team was either merged with or working very closely with the Cloud (Azure) team. I am convinced that if this is the case, the more senior level developers have been moved over to the server side.
As things are now, every Desktop OS after Windows 2000 was a server operating system with limited functionality or less components. NT branded desktop versions were the same. Many Linux distributions are released in the same way. Windows 10 is also a cut-down version of the Server 2016 with the added functionality for the Windows Store and Apps, where things started to break from Windows 8 onwards.
It is all evolving and unlikely to be known in detail even at Microsoft.

Reply | Quote

You are right Woody, I was just guessing. It is not in WSUS for another day and this may set a new trend. Or simply they don’t trust the quality of the update to be released to the wider public, not even in the Optional category. Maybe the next revision, or with reduced human resources, it is possible that someone at Microsoft just didn’t publish it correctly.
The obvious recommendation is to hold and install only if experimenting or if it is absolutely required for whatever reason, to compensate for the risk.

Reply | Quote

I am in the other camp. While not my 1st preference browser, IE is definitely the second choice (after Mozilla Firefox ESR) and it gets used very close to 30% of the time at home and close to 100% at work. I almost ignore Chrome and Edge was never a serious choice against IE, even when I was using Windows 10 daily.
However I wish @abbodi86 to post more often. The quoted post is a very useful reference for those who decided to completely discontinue the use of IE and this is very understandable.

@abbodi86’s posts are very valuable and the information much appreciated.

Reply | Quote

@woody This is certainly the meaning, but it is not a typo

Reply | Quote

It may be premature to import in WSUS until there is more infomration. If you want to delete it later, the only choice is to use less known PowerShell commmands.

Reply | Quote

+1

Reply | Quote

+1

Reply | Quote

It’s really weird because the Catalog lists it as going out on Tuesday. No info as of 5:00 my time – 3:00 Redmond time. I still don’t see it in WU.

Even more perplexing is 14393.103 going out to the Preview insider ring. (Dona’s tweet said the “Slow” ring, too, but I have no idea what that means.)

They’re really winging it this time.

Reply | Quote

It appears clear from the current revision of the KB article https://support.microsoft.com/en-us/kb/3187022 that the update is only released in the Catalog for now. Only that it says in the article that “This update doesn’t replace a previously released update.” which may not be true after all.

Reply | Quote

The printer bug is a very subtle thing that’ll only normally appear for people who use special kinds of printing software. I wouldn’t worry about it unless you’re printing labels.

Reply | Quote

@Canadian Tech I think the fact that the PC sales have decreased is a consequence of multiple factors and the most important is evolution towards a new model, which is more like the old mainframe style of computing. Microsoft has nothing to do with it. They are only trying to be proactive and minimise the financial impact for them. The average Joe has no understanding of most of what is discussed here and has no time to spend on those issues. If the current computer that the average Joe uses is still working with whatever version it currently runs, average Joe has no good reason to spend money on a new machine and this indeed decreases the sales. The push for Windows 10 was actually a way to stimulate sales and not to decrease them. It created a need where there was no need.
A lot of enterprises move towards a VDI model instead of refreshing the PCs every 3 years, which is an arbitrary limit anyway, dictated by the financial considerations related to the manufacturer’s warranty rather than physical failure.
Apple sells less tablets and phones which is not a consequence of a poor release or faulty patching of the iOS. This indicates to me a market saturation and people’s resistance to change for the sake of it and no significant benefit to them, at least for a while. Same thing with the PCs.

Reply | Quote

No need to invoke malvolence when incompetence is sufficient

Reply | Quote

What is so risky about installing a patch?
It can always be uninstalled and I think it should be uninstalled if it was installed on any regular computer until and if it is made available mainstream.
Test machines are always fine in any configuration.

Reply | Quote

Ha ha living in the past… Let’s get Windows 1.01 on top of DOS
http://www.guidebookgallery.org/screenshots/win101

Reply | Quote

This is the popular theory among professionals.

However, I speak from the ground so to speak. I look after about 150 client computers. The clients are of all sorts of ages, types, genders, professions, even countries.

Over the past 3 or 4 years, since Win8 first fell on the scene, my clients have refused to buy Win8 and consider Win10 to be ever worse. They were the average Joe who walked into the WorstBuy only to be told by the salesperson that they could not buy Win7. When they looked at 8, then 10, they told the salesperson no thanks. A few bought them and most of those returned them to WorstBuy. A few have become doorstops.

I have helped some of my clients buy new Dells Sm Bus. computers that came with a Win8 or 10 licence but had Win7 installed. Those sales counted for sales of Win8 and 10 and never will see either installed. This is exactly what happened to most corporate purchases during this time.

So, I am speaking of observation of what is actually taking place at the retail level, where Joe makes his buying decision.

Many of my clients have now opted for iPads and iPhones. However, most still come back to their Windows PCs when there is any work to be done. They consider their Apple devices to be play/entertainment things.

These clients wanted to buy new PCs. They just did not because what was offered was not acceptable. This is the point I am making. That MS was the architect of the demise of the PC, not the other way around.

Consequently, I do a lot repair/refurbish work to extend the lives of their Win7 machines. Many of them are approaching 10 years now and still run well. Because of this, there is drastically less demand among my clients for new PCs.

CT

Reply | Quote

Thanks for sharing another perspective about the demise of the PCs as we have known them for many years.

Reply | Quote

“The market is ripe for a new Bill Gates with a Linux-based product that is designed for ordinary people.” That would be Ikey Doherty and Solus.

Reply | Quote

KB articles almost never correct about replacement, it’s just generic description

Reply | Quote

I’m well aware of Hanlon’s razor but the temptation to make a snarky comment was too great to resist!

Reply | Quote

Risky for the average Joe. He has no test machine.

Reply | Quote

The Catalog site is supposed to be revamped soon so that it will no longer require ActiveX and can be used with any browser. No idea when that will happen though.

“For those who aren’t familiar with the Microsoft Update Catalog website, note that it still requires using Internet Explorer at this point because of an ActiveX control used. Later this summer, we will be updating the site to eliminate the ActiveX control in order to support other browsers.”

https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-updates-for-windows-7-and-8-1/

Reply | Quote

Ah, but the site lies!

In fact, you can download any published KB article in the catalog, from any browser. Just go to:

http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3186987&lang=en

for example – replace the KB number with whatever one you want – and you can find, then download the MSU file. From there it’s easy to install.

I won’t call them lying liars but, well, you can come to your own conclusions.

Reply | Quote

Yes, but the patch can be uninstalled gracefully which makes it only an annoyance, not a risk.

Reply | Quote

@woody: The KB3187022 updates for Windows Vista & Windows Server 2008 (R0/R1) have recently showed up on MS Update Catalog after doing a search on KB3187022 there on Aug. 30; release date for the Vista/Server 2008 versions of KB3187022 is 8/29/2016.

Reply | Quote

Thanks!

Reply | Quote

I had the printer and slow update scan problems. On 5 Sep. I uninstalled KB3177725 and installed KB 3187022 and it fixed the printer problem and sped up my scan time to a few minutes. I didn`t do the Canadian Tech suggestion.

Reply | Quote

It should be OK, only that KB3187022 is not an official Windows Update patch, but rather a private hotfix as it has only limited release. The only thing you should be concerned, but not as much as to lose sleep over it :), is that with KB31807022 installed, your system becomes non-typical, which is what Microsoft calls “fragmentation” of Windows Update.
The idea is that future patches are tested for a limited number of scenarios and those scenarios which do not fit the mainstream, will be unsupported by default.
I am completely on Microsoft’s side on this issue from an engineering perspective, because all other companies of relevance have been practising the same for many years.
I don’t know how many of those protesting the new patching system have had to deal with major hardware companies which do not provide warranty assistance even to Government organisations, which are significant customers, if the system to be repaired is not up to date with firmware and all officially released drivers. They do not discuss at all each individual customer’s requirements and what may be broken by a patch or another, as long as it is officially released and company requirement.

Reply | Quote

I’m unable to install this fix (kb3187022) on Server 2012 Standard.

Using IE, I’ve selected Server 2012 and downloaded the MSU file. The file I get is named “AMD64-all-windows8-rt-kb3187022-x64_9714e4806790b661c4b8438f65c2bebc2178f95b.msu”.

When installing it I get Error 0x8007000d “The data is invalid”.

Reply | Quote