Updates to Patch Lady’s Master Patch List

Topic

New Reply

For those of you who haven’t been noodling around the site… Susan Bradley, Patch Lady, has added a massive number of patches to this month’s Master
[See the full post at: Updates to Patch Lady’s Master Patch List]

4 users thanked author for this post.

jburk07, JDeC, AJNorth, Elly

Reply | Quote

Replies

This past Friday I went ahead and approved all the office updates in WSUS for March 6 for our users that are not on Office 365 Semi annual updates. If any issues pop up I’ll be sure to report in.

Reply | Quote

I posted the message above. Looks like I wasn’t logged in?

Red Ruffnsore

1 user thanked author for this post.

woody

Reply | Quote

The March 6 office updates have been installed on around 50 computers so far and no issues reported as of yet. These would be both Windows 7 and Windows 10 computers running open license version of Office 2013.

Red Ruffnsore

Reply | Quote

I’m confused regarding all this patch information:

Currently running Windows 10 Pro x64 ver 1709 (local account) and “think” I have Windows auto updates on hold and ask to download via Group Policy and Settings.

In the list I see “optional” updates for 1709. How are those delivered to me?

Also have Office 2016 Home and Business C2R (local account) with Automatic updates currently disabled. If I understand this correctly updates are downloaded and installed by Microsoft with no warning, and no information as to what is even installed.

If this is correct, what are all the individual Office KB patches for?  Is there a way to pick and choose what C2R sends down and when that I dont know about?

Reply | Quote

“If this is correct, what are all the individual Office KB patches for?”

Those individual updates are for those with .MSI-based deployments of Office, not those with Click-to-Run deployments.

Reply | Quote

anonymous wrote:

I’m confused regarding all this patch information: Currently running Windows 10 Pro x64 ver 1709 (local account) and “think” I have Windows auto updates on hold and ask to download via Group Policy and Settings. In the list I see “optional” updates for 1709. How are those delivered to me? Also have Office 2016 Home and Business C2R (local account) with Automatic updates currently disabled. If I understand this correctly updates are downloaded and installed by Microsoft with no warning, and no information as to what is even installed. If this is correct, what are all the individual Office KB patches for? Is there a way to pick and choose what C2R sends down and when that I dont know about?

Office click to run updates are disabled in MS Office and not Windows update. Open an office program, click file, account, look for the update options box and you’ll see where you can disable updates. You can’t pick and choose those updates as C2R updates are cumulative to the product. The individual office updates are for those still running the older versions of Office that are still licensed with a product key. Those versions still offer individual updates via Windows Update.

Windows 10 updates are offered via Windows Update. Optional updates for Windows are just that, optional and not critical.

Red Ruffnsore

Reply | Quote

? says:

thanks to Susan and Woody for creating the master list!

i installed KB4089187 and KB4088878 on a Pentium 4. KB4088878 promptly bricked it. tired of complaining about microsoft. like using linux.

many thanks

Reply | Quote

When you say “bricked” it, you mean a bsod?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

? says:

yes ma’am. Windows 7 Professional 32 bit on Intel Northwood SL7EY 2800 MHz Family 15 Model 2 with MMX, SSE, SSE2 and PAE (DEP is on).

Had to do /revertpendingactions in order to get back on track. The IE-KB4089187 integrated successfully…

Thank you for all you do!

Reply | Quote

? says:

on further reflection, i did not get a chance to read the bsod (machine set to auto restart on crash). my preliminary guess without looking at the code in KB4088878 that there may be a cache side-channel attack fix in the pudding and it does not play well with ASLR on low memory? just a wild guess. i know times change and i’m hanging on to my beloved ancient equipment so the second bsod from microsoft updates in as many months is to be expected. again, thank you for all the hard work to keep things moving…

Reply | Quote

Did you see the post about Macrium backup and windows 7/32 bit?  What’s your backup software?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

? says:

Susan, thank you for your replies and question about my backup software:

provided by Karl Wallenda founder of The Flying Wallendas…

windows is one of my long term “hobbies” and after cleaning up what Hibernate and System Restore did to my HDD(s), long ago i took Charles “Black Viper” Sparks (and others) recommendations to heart and systematically strip out anything and everything that interferes with the way i expect my operating system(s) to function.

obviously there is something in the KB4088878 that my venerable machine cannot properly digest and returns a blue screen until the “update” is removed. i was remiss in not noting the information when it crashed on reboot (had similar bsod with KB4058697 in January) and went on to DISM.

as is usual time will tell us what the problem is and provide viable options and if i stumble upon the cause and a satisfactory workaround i will gladly share it, so thank you Susan for your time, interest and expertise.

 

Reply | Quote

? says:

well, finally got the KB4088878 to stick on the Intel based machines. the patch went in the AMD machines with nary a whimper. my usual problem is not taking time to read directions… when glancing through the processor requirements all signs pointed to PAE being active DEP was on, well it really was not. BSOD in ntoskrnl.exe, “page_fault_in_non_paged_area,” STOP 0x00000050. to check cmd>wmic os get PAEEnabled should =TRUE. in registry HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement\ subkey:PhysicalAddressExtension value 0 is off, 1 is on. CMD>bcdedit /set PAE FORCEENABLE. Everybody’s happier now! can’t wait for the next go-round

Reply | Quote

@Susan Bradley:      Exactly “what is Macrium”?   I’ve only seen it mentioned recently.  Thank you for all  of the help you provide – – – it’s FANTASTIC!

Reply | Quote

@ Walker

walker wrote:

Exactly “what is Macrium”?

Google is your friend: Search: Macrium Reflect

One result: https://www.macrium.com/reflectfree

1 user thanked author for this post.

walker

Reply | Quote

@NightOwl:  Thank you so much for the very helpful information!  Haven’t had the opportunity to check the links out yet, however will do so shortly.    Thank you once again!  

Reply | Quote

OP here, thanks for everyone’s replies:

Per Mr Natural:

“Windows 10 updates are offered via Windows Update. Optional updates for Windows are just that, optional and not critical.”

So Windows 10 Updater will never offer or download an Optional update? What if it is an update that I may want?  How to get or can”t?

Thx

Reply | Quote

Windows 10 doesn’t install updates that Microsoft classifies as Optional via Windows Update

Reply | Quote

While it’s tempting to apply patches manually — especially because Microsoft ships botched patches via Windows Update more often than not –, one should keep in that manually applying patches may introduce even more issues. For example, installing a patch manually may corrupt the Windows Update history (happened here on a Windows 10 Pro 1709 testlab machine after installing the January cumulative update because it was not offered via Windows Update) causing Windows Update to offer the features upgrade to Windows 10 1709 over and over again every few days! Same is true for the latest March cumulative update, which has be offered 3 times by now although it is installed already. Beside the Windows Update mess, the performance of the testlab machine has gone south. Any other machine (cloned from the same golden VM template) that gets updated via Windows Update only, does not show any such problems.

In short terms, Microsoft messed up big time and patching systems manually is no longer reliable…

Reply | Quote

I’ll do a blog post about my “optional” designation.  If you really want to manually install all updates, or as in the case of many of those 1709’s you’ll get another cumulative patch if you just wait for the normal patch Tuesday so if your machine doesn’t get around to installing that one, don’t worry.

Bottom line let me do a post explaining my conclusions.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Thank you! Much appreciated!

Reply | Quote

anonymous wrote:

OP here, thanks for everyone’s replies: Per Mr Natural:

“Windows 10 updates are offered via Windows Update. Optional updates for Windows are just that, optional and not critical.”

So Windows 10 Updater will never offer or download an Optional update? What if it is an update that I may want? How to get or can”t? Thx

One of the experts here can correct me but Windows 10 is like Office CTR in that updates are cumulative to the OS. I think the only options you’ll see are “security only” and “quality and security” updates. I can’t help but laugh at the term “quality”. Microsoft is lumping together a bunch of things into one update instead of releasing separate updates. This is one of the reasons Microsoft Update has become a fiasco and patching an adventure. Not to mention not only a monthly adventure but sometimes needing the same update multiple times in one week. At the risk of this becoming a soapbox I can’t help compare the situation to the current status of Capitol Hill.

Red Ruffnsore

Reply | Quote

“While it’s tempting to apply patches manually — especially because Microsoft ships botched patches via Windows Update more often than not –, one should keep in that manually applying patches may introduce even more issue”

In summation, Windows 10 will never download and install an Optional patch. It can be acquired and installed manually, but not advised ?

Kind of makes sense, but then why does MS even create or offer Optional patches if they are not for usage?

Reply | Quote

I am Win7 Group B – I still cannot get the Jan updates to install, so I haven’t updated since then. Windows fails to configure the updates upon reboot. Can I skip Jan and try installing the Feb Security Only update?

Reply | Quote

You can try but generally speaking once WU isn’t happy, it’s not happy.  What error messages are you getting?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Hi Susan,

No error, per se. The Jan security only update installs, then upon reboot, Windows configures the update and when it gets to 100%, the screen changes to Failure configuring Windows Updates – Reverting Changes. Windows proceeds to reboot again and no update is installed. I’ve been trying since Woody gave the all clear at the end of Jan. I even re-downloaded the update from the MS catalog just in case there was a newer version addressing the problem. I’ve had tech help to check WU, but still cannot get it to install. Thx.

Reply | Quote

Hi Susan,

I just tried installing the Feb KB4074587 Security Only Update and then the Jan KB4073578 Security Only Update (in that order – Feb before Jan) – then I rebooted the computer. The Jan Update failed, but the Feb Update was successful. Should I be concerned about not having the Jan Update installed – am I missing anything crucial or does the Feb Update cover me?

Thx!

Reply | Quote

Hello Anonymous,

I don’t have the answer to your question, but be aware that it can take time for anonymous replies to be moderated and posted. One of the benefits of signing up as an AskWoody Lounger, is that after your first post, you can post right away. You can also subscribe to your question, or a topic, and it will give you an e-mail notification when there is a reply. All the MVPs  here are volunteers, and while they are sometimes able to have an almost immediate response, it doesn’t always happen so quickly. Even if you are committed to being anonymous, you could pick a name, or use your original Post#, to identify your responses, as it is easier to see that your issue remains unresolved… Also, if it looks like you are going to need specific problem solving help, you could ask your question at AskWoody Support… otherwise someone may think you have received your answer, as they are reading along in the general discussion. You have a good question… I, too, use Security Only Updates… although I didn’t run into this problem. In the long run you are going to want to be fully patched… and it looks like you know that.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

If you’re having difficulty installing a security-only update, your issue is not with WU – security-only updates are downloaded from the update catalogue (as you know) and installed using Windows standalone installer. I do not think that security-only updates are cumulative, so you will have a patching gap where the January update has failed. As I recall, this was the first update with Spectre-Meltdown protection. Is it possible that your computer has not received the necessary BIOS update to install it successfully? This is only a suggestion, because I’m no tech expert! There are ways of finding out if your PC is vulnerable to these potential exploits (e.g. Steve Gibson’s InSpectre tool).

Reply | Quote

I did check and my AV had installed the updated BIOS. I am also thinking it is not a problem with WU – I have no problem checking for updates and have had support techs run the WU Fix It.

Reply | Quote

If you’re getting errors trying to install updates you may need to reset windows update catalog. I’m pretty sure there is a very helpful thread on this already here on the forum.

I can’t count the times I’ve had to reset the windows update catalog on Windows 10 computers from either a general windows update failure or failing to install updates. Woody has mentioned before that if you reset the catalog you lose your history of updates. But sometimes you need to get it working. It used to be a bit more complicated but with Windows 10 I’ve always had success by:

1. Go to the services console (services.msc), right click and stop the following 3 services. BITS (background intelligent transfer service), Cryptographic services and Windows Update service.

2. Rename (or delete if you are comfortable doing so) C:\Windows\Software Distribution folder. (ex: C:\Windows\Software Distribution.old) Restart the 3 services mentioned (right click, start) and run Windows update again.

After that Windows Update should work again……unfortunately  LOL.

Red Ruffnsore

Reply | Quote

Hello Susan,

One update for both Win 7 & 8.1 that I didn’t find on the Master Patch List is KB4089187, the Internet Explorer Cumulative Security Update. Have I somehow missed seeing it (and would that also be a recommended Hold for now)?  Many thanks!

With warmest regards,

AJN

1 user thanked author for this post.

OscarCP

Reply | Quote

I have the same question for the Patch Lady.

The Windows 7 and the E11 Security Only updates I download and install myself from the Catalog, so I need to know what is going on with them.

And thanks, anyways, for posting your updates list + comments.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

KB4089187 now noted on the Master Patch List; thank you, Susan!

Reply | Quote

Woody,

I am replying to your message at the top of this thread, though I am looking for a reply from you or Susan.

My Office 365 Business Click-to-Run (CtR) small business suite is on Semi-Annual Channel Version 1708 Build 8431.2153.  IIRC, I updated to it in late January.

I have been trying to update further since then but each time that I start it up it fails to complete and this has happened perhaps a dozen times.  I understand from the 2018-02 Master Patch List that I should have been able to update to Semi-Annual Channel version 1708, Build 8431.2215 in late February.

Most recently, I understand from the 2018-03 Master Patch List that I should be able to up date to Semi Annual Channel release 1709 (or should it be 1708?) Build 8431.2236 in late March.

Woody/Susan, I now want to be in the habit of installing Windows 10 Pro monthly non-Feature updates towards the end of each month and then installing the Office 365 non-Feature updates right behind the Windows 10 updates.  This is only one PC and I have not yet been able to follow this plan.

Jonathan

Reply | Quote

The only way you can do this is to use Windows pro and push off the Windows 10 update and then independent turn off and then on the updating for click to run.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan,

Thank you for your reply.  I am happy to do manual monthly Quality updates for both Windows 10 Pro and Office 365 Business towards the end of a month or the first few days of the following month (before the first Tuesday of the new month).  The Windows 10 Pro update works but I am having trouble with the Office 365 Business update completing when  I initiate it by clicking in Outlook -> File -> Account Information -> Office Account -> Office Updates -> Update Options -> Update Now.

I will be very happy when this works reliably month to month on Office 365 Business Quality updates.

Then, all I have to do is be able to permit a clean Feature Update from Windows 10 Version 1703 to Windows 10 Version 1709!  Recent feature updates have been problematical, as noted by Woody and Noel Carboni in “When Should You Move to the Next Windows 10 Version?”

Jonathan

Reply | Quote