Where we stand with the July 2018 Microsoft patches

Topic

New Reply

Quite possibly the worst month this year for patches. And that’s saying something! Post coming in Computerworld.
[See the full post at: Where we stand with the July 2018 Microsoft patches]

18 users thanked author for this post.

Noel Carboni, Demeter, GreatAndPowerfulTech, Spiral, sldc88, PhotM, SueW, Geo, HiFlyer, jburk07, geekdom, ch100, Microfix, abbodi86, Nibbled To Death By Ducks, fernlady, Elly

Reply | Quote

Replies

I am trying to recall if there was any time last year which was just as bad. July 2018 takes the cake.

1 user thanked author for this post.

HiFlyer

Reply | Quote

I think August 2014 was a similar disaster, but in much smaller proportion.
However March/April this year 2018 would compare well…

2 users thanked author for this post.

HiFlyer, jburk07

Reply | Quote

July 2018 may not hold the record for long, after all it is August 2018 in just a few days time…

It’s difficult on this basis to see how the DefCon rating for July is ever going to get anywhere near Defcon 3.

Reply | Quote

I so totally agree. I just so don’t see it coming for August. Too much to fix.

Reply | Quote

Is MS trying to destroy Windows? Patching is playing Russian Roulette with a fully load pistol; you will get shot. One has to wonder when users are to say enough of this and ditch Windows or at least lessen their use of it.

The value of any OS is the ecosystem built around it. But the OS needs to a stable, reliable base or the ecosystem is useless.

7 users thanked author for this post.

johnf, HiFlyer, jburk07, abbodi86, Cybertooth, GoneToPlaid, Elly

Reply | Quote

lurks about wrote:

Is MS trying to destroy Windows?

It’s been my opinion for a long time that they are.  Windows is clearly no longer the center of Microsoft’s world anymore, and it’s not the moneymaker it once was.  If PC sales keep declining, there will come a point that developing Windows is no longer profitable, since the cost to develop such a complicated piece of software won’t scale downward with the reduced sales.  There can be little doubt that MS is acutely aware of former giants (AOL, for one) that withered away when their core products, the things upon which they built their fortune, became obsolete and unwanted by the market.

I think that the goal at MS is to use their monopoly to force everyone into the monetizing line of fire as rapidly as possible, and to monetize them mercilessly as long as they are willing to be monetized, in a way that they never would have done back in the days when they wanted Windows to remain a strong and vibrant platform.  If the Windows users stay, that’s a win because of the monetizing, and if they leave, that’s a win, because eventually it will lead to MS being able to wash their hands of Windows as we have known it and become the cloud company that Nadella really wants it to be.

I don’t think the patching chaos is itself deliberate as much as it is a natural outgrowth of other deliberate actions that could easily be foreseen to cause problems.  A penny saved is a penny earned, so all the pennies saved by not having a fully staffed QA department are as good as new revenue.  It’s a form of monetization that any reasonable person could predict would lead to the exact situation we’re in now.  If you get rid of quality assurance, quality is not assured!

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

15 users thanked author for this post.

Steve, johnf, GoneToPlaid, wdburt1, SueW, HiFlyer, jburk07, AlexEiffel, lanceboil, Seff, ryegrass, David F, Mele20, Elly

Reply | Quote

Yup, Mr. N. just seems to be re-arraigning the deck chairs on the Titanic…I’m jumping into the lifeboat marked “Ubuntu” at some point…done my homework already…

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

3 users thanked author for this post.

johnf, GoneToPlaid, HiFlyer

Reply | Quote

And I will be appreciating your help, after you have made the jump.

1 user thanked author for this post.

johnf

Reply | Quote

“If you can’t aim to be the best, aim to be the worst!” – Microsoft 2018

6 users thanked author for this post.

lurks about, SueW, HiFlyer, jburk07, Nibbled To Death By Ducks, GoneToPlaid

Reply | Quote

This is the beginning of the end…
With every month’s patches being cumulative, all of July’s bugs will appear again every month from here on out, unless they strip and pull them out completely. The odds of that… we’ll lets just say I’m not holding my breath.

With July updates being this way and 3 cumulative being pushed out the chute thus far for every version of 10… well, the great 10 experiment is over in my household. I’m going back to 7 post haste and going Group B which may become group W by August patch Tuesday.

There’s not enough hats, horses, and butts to hold onto anymore for the monthly MS patch madness.

7 users thanked author for this post.

Steve, HiFlyer, jburk07, lanceboil, Nibbled To Death By Ducks, Elly, GoneToPlaid

Reply | Quote

zero2dash wrote:

This is the beginning of the end… With every month’s patches being cumulative, all of July’s bugs will appear again every month from here on out, unless they strip and pull them out completely. The odds of that… we’ll lets just say I’m not holding my breath. 

In Group A, WU W7 Jan/ Feb/ March 2018 SMQR patches have been removed completely due to the MS meltdown fiasco and supposedly fixed in April/ May so not to re-introduce the issue. So patches jump from December 2017 to April 2018.

Group B, Catalog SO patches, however, are still there! Surely the supercedence of April/ May has removed offending meltdown issue. Which begs the question:

Why are they still there in the first place only to be undone?

No problem can be solved from the same level of consciousness that created IT- AE

5 users thanked author for this post.

SueW, HiFlyer, jburk07, zero2dash, Elly

Reply | Quote

Still as of 6:55 PM CDT, KB4338831 (Preview of Monthly Quality Rollup for August) is still marked as Optional instead of Recommended. Even if it is moved to Recommended, it won’t be installed because I’ve turned off “Give me recommended updates the same way I receive important updates”. That’s how I don’t risk installing KB3080109 (“telemetry”). Thank you, Woody, for telling us “Never check for updates” this month!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

1 user thanked author for this post.

HiFlyer

Reply | Quote

I assume you’re NOT running a Server. Yes?

Reply | Quote

KB4338831 will never be moved to Recommended (unless Microsoft is sadistic or insane to do so). I just did a WU scan on my dad’s Win8.1 laptop today and KB4338831 is listed as Optional. Same with KB4338821 for Win7, doing the recent WU scan on that Win7 SP1 computer also shows KB4338821 as an Optional update.

Reply | Quote

zero2dash: “I’m going back to 7 post haste and going Group B which may become group W by August patch Tuesday.”

Perhaps this is the unintentionally benign, but welcome all the same, result of the neglect of Windows 7 and 8.1 by MS, but after reading Woody’s article in Computerworld and also what is written in the Master Patch List, it seems to me that, other than for the .NET updates that are, after all, patches of no great urgency, things do not  look too bad this month for Windows 7 and 8.1 Group B.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

So far, Group B up to 6/18 (but skipping 3/18) for Windows, IE, and .NET 4.6.2, everything seems fine on this fresh install of 7 Pro (64-bit).
Time will tell if that continues on… I hope it does, but moving to Group W is no longer something I’m hesitant to do.

1 user thanked author for this post.

HiFlyer

Reply | Quote

hey woody.

actually the Intel Microcode Updates released in late July on MS Update Catalog have new revisions-
KB4100347 for v1803 now at V2
KB4090007 for v1709 now at V4
KB4091663 for v1703 now at V4
KB4091664 for v1607 now at V4
KB4091666 for v1507/RTM LTSB now at V3

these revised updates contain new microcodes for Intel Xeon® Phi “Knights Landing” & “Knights Mill” CPUs

also the “original” Intel Microcode Updates Microsoft made in late March 2018 are no longer listed on the MS Update Catalog site.

1 user thanked author for this post.

woody

Reply | Quote

I think v1 was released in May 2018 and I was actually able to download it few days ago from the Catalog.

Reply | Quote

Thanks for all you do Woody.

However…

While you, along with your experts, do a great, nay, mighty job, tracking the running train wreck we call WinX, where is the outcry? Where is the critical mass of fed-up WinX users ready to burn down the walls of the Redmond fortress? Where is the Enterprise saying ‘enough already’? I read the mainstream PC press and there are hardly any reports of the magnitude we discuss here. Are there two populations of WinX users: One – oblivious yet enjoying regular, predictable, stable patches that never interrupt their computing experience, and Two – those of us that participate in this venue – pulling our hair out lamenting a quickly passing golden age of Windows computing?

I urge you to ponder this query – where is the outrage in proportion to the issues we daylight herein? Very interested, as always, in your thoughts on this. Thanks Woody.

5 users thanked author for this post.

johnf, wdburt1, Barry, HiFlyer, Spiral

Reply | Quote

RamRod wrote:

Thanks for all you do Woody.

However…

While you, along with your experts, do a great, nay, mighty job, tracking the running train wreck we call WinX, where is the outcry? Where is the critical mass of fed-up WinX users ready to burn down the walls of the Redmond fortress? Where is the Enterprise saying ‘enough already’? I read the mainstream PC press and there are hardly any reports of the magnitude we discuss here. Are there two populations of WinX users: One – oblivious yet enjoying regular, predictable, stable patches that never interrupt their computing experience, and Two – those of us that participate in this venue – pulling our hair out lamenting a quickly passing golden age of Windows computing?

I urge you to ponder this query – where is the outrage in proportion to the issues we daylight herein? Very interested, as always, in your thoughts on this. Thanks Woody.

You won’t see some of the MVPs here calling Windows 10 a wreck.
And don’t forget that Woody keeps writing 1000+ pages printed books about Windows 10 and keeps releasing edition after edition, updating them in the process.
So take some of the posts here as starters for a more or less heated debate. This is a forum and not a definitive manual for Windows.

1 user thanked author for this post.

RamRod

Reply | Quote

Another note, do not criticize Microsoft or you may lose your MVP status:

https://win10.guru/how-i-lost-my-windows-insider-mvp-award/

it is too bad that more powerful MS users do not say more about the lack of quality.

3 users thanked author for this post.

johnf, Elly, wdburt1

Reply | Quote

Wow, the ostracism and blocking is in line with current social media trends, and I know there’s been similar reactions from Microsoft employees over more political disagreements.  Telling them to fix something that’s broken and not bothering to even acknowledge it is a new low.  Or, at least it is when it’s coming from their Insiders group who should realize it’s their job to fix and test things.  Ignoring problems is par for the course for Microsoft in general.

I guess in the end I’m not that surprised, it’s just a new low being reached.  Grats MS, welcome to the trash bin.

2 users thanked author for this post.

Cybertooth, Elly

Reply | Quote

One word: monopoly.

Antec P7 Silent * Corsair RM550x * ASUS TUF GAMING B560M-PLUS * Intel Core i5-11400F * 4 x 8 GB G.Skill Aegis DDR4 3200 MHz CL16 * Sapphire Radeon 6700 10GB * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit

3 users thanked author for this post.

OscarCP, HiFlyer

Reply | Quote

@ RamRod

Well, the Titanic also had very good reviews from the newspapers as being unsinkable before it “intentionally” hit an iceberg and sank to the bottom of the ocean.

I only rely on news websites for news and reports about important events, not for their biased opinions and reviews.

Reply | Quote

From my talking to people there is a strong sense of frustration and anger at MS but there is a lack of knowledge about alternatives. I asked one person what software they used that was Windows only and found out she used 1 explicitly Windows software for a sewing machine. She has a Mac and I suggested to ask someone she knew local to her to set Parallels for her and run the software in it. She perked up at the possibility there might be workable solution to her Windows headaches. A couple of others at the table also perked up when they heard there might be a way to minimize their Windows headaches also.

1 user thanked author for this post.

Elly

Reply | Quote

If you run Windows in a Parallels VM on a Mac you will need a legal Windows license key (as if the VM were a PC) and you will have to maintain (update) that Windows OS the same as if it were a standalone PC.

Trust me – I have 2 iMacs, a MacMini, a 13″ and a 15″ MacBookPro. They all run Parallels Desktop with a total of 14 VMs (2XP, 4 Win7, 4 Win8.1, 1 each of Win10 1703, 1709, 1803 and Insider Preview)

4 users thanked author for this post.

walker, columbia2011, abbodi86, Elly

Reply | Quote

IMO, January 2018 still the worst, or at least it’s the base for all problems right now 🙂

2 users thanked author for this post.

walker, jburk07

Reply | Quote

The .NET Framework updates are not so bad after all. They only affect a non-mainstream little known application named Exchange Server. 🙂

1 user thanked author for this post.

Cybertooth

Reply | Quote

I feel like were in a perpetual update pattern anymore. You have monthly updates, then fixes for updates, then a second round of updates.

1 user thanked author for this post.

HiFlyer

Reply | Quote

Just saying. I installed all 3 updates on my 1803 machine with 0 problems.

Barry

 

Barry
Windows 11 v22H2

1 user thanked author for this post.

jburk07

Reply | Quote

What is the next step?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

PK – some Windows 10 Pro updating advice pls:

Running Windows 10 Pro ver 1709, WU settings Group Policy 2,  Semi-Annual, 365 Feature Delay, Monthly Quality Updates 30 day delay (time running out).

To-date no Windows updates have come down, but how to handle the now 3 updates released in July, the July Quality KB4338825, the Patch KB4345420, and the new KB4338817.

If I set the Monthly Quality Update delay to 0 days, the July Quality update will come down, but would cause problems if the other later 2 KB’s didnt also come down and install.

And not sure with my other settings that the other 2 KB’s would come down unless they were security rated ????  If not:

Should I let the July Quality KB4338817 come down and then hide it with wushowhide and wait for the August Quality Cumulative?  If yes:

Will the hidden July Quality KB automatically disappear from wushowhide when August is released?  If not, how do I do get rid of  it??

1 user thanked author for this post.

walker

Reply | Quote

First off, the Win10 CUs are cumulative. That means the later one contains the earlier ones plus whatever additional updates that have been done since. In that case, the latest CU contains everything up to its release date. KB4338817 fits this scenario.

My experience with settings is this: If you set delay Quality updates = 0, the Patch Tues. CU shows up immediately in the queue. So you know what’s coming and you can hide it. If you set delay Quality updates to any positive number, the updates don’t show up in the queue until the end of the delay arrives. So you are not offered anything and therefore can’t hide it.

In Win7/8.1, you have the Monthly Rollup that shows up CHECKED in the important updates on Patch Tues. It is a Security update containing three elements: security, non-security, and IE11 CU. This is the default.
You also have a Preview Rollup that shows up a week later on the 3rd Tues (or erratically later these days) and is in the Optional updates UNCHECKED. It contains 4 parts: the three parts of the Monthly Rollup released earlier PLUS the non-security fixes for the next (coming) month and I believe it is considered a non-security update.

Now, that explanation in relation to Win10. If your settings are CBB/SAC, you see the default security update released on Patch Tues (equivalent to Monthly Rollup). If you settings are (CB/SAC Targeted) you are essentially saying “give me everything” and you will see the Monthly security CU on Patch Tues AND the non-security CUs released later in the month that contain fixes for issues that will eventually be included in the next (coming) month’s security CU. This seems true unless MS changes the status of the non-security CUs to security or important.

If you have an issue with the Patch Tues CU, you can have several choices. One is to uninstall the patch, going back to the previous condition without the issue. Another is to install the non-security CU(s) (“Previews”) that have been released later to fix the issues. But you won’t see any of these patches until you delay is up. And you won’t see the “Preview” CUs if you are set to CBB/SAC. I believe you have to say “Give me anything” to be able to see everything. (unless MS changes the status of the non-security CUs to security or important.)

Now, that is just my experience.

3 users thanked author for this post.

walker, Elly, geekdom

Reply | Quote

So to confirm, in my case, upon setting Monthly Quality updates to 0 days will ONLY bring down the latest of the 3 released updates, KB4338817 for installation?

Going forward, I understand what you are saying about setting MQ updates to 0, and SAC to Targeted then hiding KB’s as they appear; however were’nt we advised at some point to NOT move SAC to Targeted for fear the MS may force feed ver 1803?

And procedurely, say the first Tues KB comes down and you hide, then the second KB and you hide, then the third KB and you install.  What happens to the first 2 that are hidden?  Do they automatically disappear?

Reply | Quote

anonymous wrote:

So to confirm, in my case, upon setting Monthly Quality updates to 0 days will ONLY bring down the latest of the 3 released updates, KB4338817 for installation?

No, I don’t think so. KB4338817 was released 7/23, not on Patch Tues. I think with the settings at SAC you will see KB4338825 the Monthly CU from Patch Tues. That, at least is the case with my 1709 set at SAC and MQ = 0. I installed KB4338825, and KB4338817 has not shown up.

anonymous wrote:

Going forward, I understand what you are saying about setting MQ updates to 0, and SAC to Targeted then hiding KB’s as they appear; however were’nt we advised at some point to NOT move SAC to Targeted for fear the MS may force feed ver 1803?

Setting Feature Updates = 365 should protect you from 1803 (if MS respects the settings). 1803 is not a Quality Update, it is a Feature Update.

anonymous wrote:

And procedurely, say the first Tues KB comes down and you hide, then the second KB and you hide, then the third KB and you install. What happens to the first 2 that are hidden? Do they automatically disappear?

This if only you have set SAC Targeted. Only the Patch Tues shows up for SAC. The CUs are cumulative, ie, if you hide July Patch Tues CU, Aug CU will supersede it and it will disappear. But I believe the later “Preview” CUs are non-security, and non-security can’t supersede security. What will happen, I think, is all three would disappear out of hiding when you install Aug Patch Tues CU, b/c it is security and supersedes all three. But a later non-security CU may supersede an earlier one (KB4338817 over KB4345420) IF MS has set the metadata that way.

Reply | Quote

No, I don’t think so. KB4338817 was released 7/23, not on Patch Tues. I think with the settings at SAC you will see KB4338825 the Monthly CU from Patch Tues. That, at least is the case with my 1709 set at SAC and MQ = 0. I installed KB4338825, and KB4338817 has not shown up.

Well now I’m confused and back to my original questions.  I though from your original answer (1st Paragraph) that KB4338817 was the new cumulative and superceded the other 2 KB’s?

If I set the Monthly Quality update delay to 0, and it only brings down KB4338825 with its problems and not also the patch KB4345420, all this creates is problems with no fix – right?

So how do I get both, all three, or the last cumulative KB4338817?  What settings?

Did you get the patch KB4345420?

Reply | Quote

Read again. I said contains, not supersedes. And that is true. It contains the contents of the two earlier plus some additional fixes. It is cumulative. That doesn’t mean superseded. Supersede is determined by the metadata “ranking” but not necessarily by the contents if MS has not set the metadata.

KB4338817, I believe, is non-security. And non-security doesn’t supersede security.

Reply | Quote

PK sorry if I misunderstood.  I just thought if the last contained the same as the first 2 plus additional stuff, it would supercede the others since what value would they have IF the last one was available for install.

Please answer the real questions – There are now three (3) July KB’s:

If I set the Monthly Quality update delay to 0, and it only brings down KB4338825 with its problems and not also the patch KB4345420, all this creates is problems with no fix – right?

So how do I get both, all three, or the last cumulative KB4338817?  What settings?

Did you get the patch KB4345420?

>Which ones do I need?

>What WU settings do I need to get them?

Thx

Reply | Quote

You are still not understanding. The only one you are going to get with your settings is the KB4338825 CU. To get the others you can:

+ Feature delay = 365, Quality delay = o, Change to SAC Targeted and  see if they will show in WU. Both KB4345420 and KB4338817 are non-security.

OR

+ Download KB4338817 from the MS Catalog and manually install it (b/c it contains the fixes in the others).

OR

This is the one I recommend
You can WAIT until the DEFCON number goes to 3 or above and read Woody’s recommendations for patching. He’ll have the right answer and the instructions to go with it.

 

5 users thanked author for this post.

walker, Elly, Jan K., Microfix, woody

Reply | Quote

@anonymous:  What does the SAC acronym stand for?

Reply | Quote

@walker See here: general-forum-acronyms

No problem can be solved from the same level of consciousness that created IT- AE

3 users thanked author for this post.

SueW, jburk07, walker

Reply | Quote

@Microfix and anonymous:   Thank you both for the information you supplied.   Somewhere along the way I missed the original comments which started the topic, so therefore am “far” behind.  Yes, I am Win 7 x64, Group A, and am sitting VERY quietly not “touching” anything.  I appreciate the assistance, and once again say “thank you very, very much”.    🙂

1 user thanked author for this post.

Microfix

Reply | Quote

additional help: SAC and SAC-T for SemiAnnual Channel (Targeted) are specific to Windows 10 updating, as mentioned in Anonymous’s first comment in this subthread. This explains your unfamiliarity, as I believe you have chosen to remain Windows 7. This overall topic covers all the July patches offered by Microsoft, in all versions.

1 user thanked author for this post.

walker

Reply | Quote

Nibbled To Death By Ducks wrote:

Yup, Mr. N. just seems to be re-arraigning the deck chairs on the Titanic…I’m jumping into the lifeboat marked “Ubuntu” at some point…done my homework already…

After decades with MS products, I think I am going to join you in a lifeboat soon, but I need to learn more about that world. My naive thinking is to get a brand-new Thinkpad and install Ubuntu or Linux Mint on the first day. Would you suggest some resources for a total Linux beginner, so that I can catch up with you on the homework? Perhaps then I could say goodbye to Windows and Office and go back to using my computer for productive tasks.
Thank you very much.

Reply | Quote

You want resources for Linux beginners? Here you go:

 

How to get started with Linux: A beginner’s guide

https://www.pcworld.com/article/2918397/operating-systems/how-to-get-started-with-linux-a-beginners-guide.html

A Beginners Guide to Linux

https://www.lifewire.com/beginners-guide-to-linux-4090233

The Complete Beginner’s Guide To Ubuntu Linux

https://www.lifewire.com/beginners-guide-to-ubuntu-2205722

25 Free Books To Learn Linux For Free

https://itsfoss.com/learn-linux-for-free/

Top 10 Communities To Help You Learn Linux

http://www.linuxandubuntu.com/home/top-10-communities-to-help-you-learn-linux

 

Enjoy!

 

-- rc primak

8 users thanked author for this post.

Steve, jburk07, JSTechGeek, OscarCP, SueW, Cybertooth, AlphaCharlie, Elly

Reply | Quote

ch100 wrote:

The .NET Framework updates are not so bad after all. They only affect a non-mainstream little known application named Exchange Server.

You know, it just struck me that this is another product MS might like to be rid of in favor of their Mail as a Service.

 

Reply | Quote

Shh! don’t give them more ideas..

No problem can be solved from the same level of consciousness that created IT- AE

Reply | Quote

You are still not understanding. The only one you are going to get with your settings is the KB4338825 CU

Yes I understand this – and this by itself would do nothing but install July problems! That’s why I am trying to understand how to also get to the other 2 KB’s at the same time (at least get the patch).

To get the others you can:  + Feature delay = 365, Quality delay = o, Change to SAC Targeted and  see if they will show in WU. Both KB4345420 and KB4338817 are non-security.

That is what I have been asking “What settings do I need ….”.  (Also leave Group Policy setting at 2 – yes?).  If by chance these settings brings down all 3 of the KB’s,  do I allow all 3 to install, or hide KB4338825 and KB4345420 and only install KB4338817?

Or + Download KB4338817 from the MS Catalog and manually install it (b/c it contains the fixes in the others).

Sounds reasonable, but I have never done a one off Catalog install.  What about some type of Servicing Stack update that I see/hear about now and then with manual installs?

This is the one I recommend
You can WAIT until the DEFCON number goes to 3 or above and read Woody’s recommendations for patching. He’ll have the right answer and the instructions to go with it.

In the end, I may wait it out – but while Woody ultimately provides good advice/instructions, he may not address how to accomplish it based on an individual’s WU settings.  And I have never faced Windows 10 having 3 (currently) updates pending. You are the expert on that based on your system.
Thanks PK

Reply | Quote

PKCano wrote:

First off, the Win10 CUs are cumulative. That means the later one contains the earlier ones plus whatever additional updates that have been done since. In that case, the latest CU contains everything up to its release date. KB4338817 fits this scenario.

You only need one.

anonymous wrote:

and only install KB4338817?

Yes.

And how do you know KB4338817 doesn’t have more bugs we haven’t heard about?
You really should not be making this decision. WAIT for DEFCON 3 or above and Woody’s instructions

2 users thanked author for this post.

walker, Microfix

Reply | Quote

This is another Anonymous Woody follower.

I think the OP here is tying to understand how to make Windows 10 WUpdate work under this situation of MS releasing 3 updates in the same month, more so than the KB’s themselves.

I often wondered about the process myself.  Would they all come down or just the last one?

And what happens to those folks who have not set up controls or have Win 10 Home version? Have they automatically received and installed all 3 KB’s? Assuming the first one didnt shut down their system!

Reply | Quote

The whole thing has been explained as best as I can explain it. If you don’t understand, you should definitely WAIT until DEFCON-3 or above.

4 users thanked author for this post.

SueW, abbodi86, Elly, Microfix

Reply | Quote

to PK Cano, Bless you for your patience and helpful explanations. You are a great service to this AskWoody forum. I follow the Defcon 3 or better instructions provided by Woody and the other MVP’s here. Thanks to all of you.

5 users thanked author for this post.

walker, SueW, Elly, Demeter, abbodi86

Reply | Quote

Did some internet digging over the weekend regarding the 3 updates released in July.

Per the Window 10 update history website:

KB4345420 Under Improvement and fixes: “If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.”

Under How to get this update: “This update will be downloaded and installed automatically from Windows Update.”

KB4338817 Under Improvement and fixes: “If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.”

Under How to get this update: “To download and install this update, go to Settings>Update & Security>Windows Update and select Check for updates.”

If reading this correctly, if I set Quality Updates to 0 days, WU is going to give me KB4345420 as it appears to replace KB4338825 in part or whole depending on whether KB4338825 was ever installed.

It also appears the KB4338817 is not set to automatically come down at this point. One has to go hunting for it via clicking the Check for updates button (which could also trigger ver 1803).

I intend to wait for Woody’s advise and direction soon, but I wanted to better understand how Windows 10 will deliver what update for future reference.

Reply | Quote

Hey PK,

Still going to wait for Woody’s OK, but just to test what the Windows 10 update history site said about KB4345420 above, I set my Quality Updates delay to 0 to see what I get.

Well, KB4345420 did NOT come down as the History Update site seemed to indicate, but KB4338825 did, as well as an Adobe update and the July Malicious Software Removal KB.

So I hid KB4338825 due to its problems.   Back on July 27 a reply you wrote:

I think with the settings at SAC you will see KB4338825 the Monthly CU from Patch Tues. That, at least is the case with my 1709 set at SAC and MQ = 0. I installed KB4338825, and KB4338817 has not shown up.

Did you ever have KB4345420 come down to your system? Did KB4338825 cause problems?  I assume KB4338817 still never showed up?

This Windows 10 update situation seems crazy, if it were not for you guys telling us how to delay and hide what MS throws at us, I would currently have the problematic KB4338825 installed with no patch KB.

I am still concerned how we are going to get KB4345420 that patches KB4338825 since both appear to still be needed – right?

Reply | Quote

Per the Window 10 update history website:

KB4345420 Under Improvement and fixes: “If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.”

Under How to get this update: “This update will be downloaded and installed automatically from Windows Update.”

Interestingly as of today, the Window 10 update history website has changed the wording for KB4345420.

Under How to get this update: “To get the stand-along package for this update, go to the Microsoft Update Catalog website.”

Reply | Quote

PKCano wrote:

The whole thing has been explained as best as I can explain it. If you don’t understand, you should definitely WAIT until DEFCON-3 or above.

I don’t use Windows 10, but waiting for DEFCON-3 is definitely what I would do if I did.

Reason? As soon as the word “supersedence” makes an appearance in any discussion of Windows patching, my eyes glaze over at once.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

rc primak, Microfix

Reply | Quote

If anyone here knows of a relatively painless way to prevent MS ‘fixes’ [updates] from being forcibly installed, please lay it out or provide a link.

I’ve searched extensively, but – as near as I can tell, and I’ve been a techie for decades – unless you have the version that lets you modify a Group Policy – it’s nearly impossible.

Would be happy to be corrected, and to discover there’s a procedure that doesn’t require baying at the moon, providing a secret handshake, and other arcane moves.

Thanks.

1 user thanked author for this post.

bkbanister

Reply | Quote

If you have the Home version, about the only things you have to work with are setting your Internet connections to Metered and using wushowhide.diagcab to hide unwanted updates.

If you have the Pro version (well worth the upgrade) you can also delay and pause updates in the settings App, use Group Policy to to make it notify you before download/install, and disable some related Scheduled Tasks.

Here is Woody’s ComputerWorld article on blocking updates.

Reply | Quote

Again PKCano offers Excellent advice, and definitely read our leader Da Boss Woody’s article at Computerworld to understand how to use the wushowhide.diagcab on page 2. And if you want to go further and feel you are somewhat technical, you can review the 29 pages at My Digital Forums concerning the Windows Update MiniTool – WUMT Wrapper Script by pf100. It uses a separate program called Windows Update Blocker and some more scripts to block the automatic re-enabling of forced updates without permission. – https://forums.mydigitallife.net/threads/wumt-wrapper-script-controls-windows-update-service.72203/page-28 – You can download the latest version 2.4.7 at Major Geeks website: – https://www.majorgeeks.com/files/details/wumt_wrapper_script.html – Understand that the project is a work in progress and new versions get released often. Lars220.

Reply | Quote

Be nice to have you as a registered member here on AskWoody’s forum. It is obvious that you have considerable computer savvy.

1 user thanked author for this post.

walker

Reply | Quote

Page 2 link for wushowhide.diagcab instructions by Woody:
https://www.computerworld.com/article/3232632/microsoft-windows/how-to-block-windows-10-april-2018-update-from-installing.html?page=2

1 user thanked author for this post.

walker

Reply | Quote

I decided to perform an experimental procedure on my PC (running Windows 7 SP1 x64,I-7  “Sandy Bridge” CPU), so put some cheery and relaxing music on my Mac (nice little speakers) to get and stay in the right mood to do it, and then proceeded to install all  July patches that seemed to be safe enough after following for over three weeks, since Patch Tuesday, what people have been reporting here and elsewhere. So, at this moment, I am fully backed up through July, Group B-style, and apparently all is well.

So I:

(1) Backed up my files, both with software and with data.

(2) Installed all the Office 10 updates and the MS malware removal tool, hiding the revenant kb2952664, once more back from the underworld, and the S&Q Rollup, and also putting the .NET updates on hold until some time in the future.

(3) No restart being required at this point, I then created a Restore Point and proceeded to: (a) stop Windows Update with the command line command (from the command console run as “an Administrator”) typing: ” net stop wuauserv “; (b) install the IE11 update previously downloaded from MS Catalogue; (c) stop Windows Update from the command line, once more; (d) install this month’s Security Only update, once more from the Catalogue; (e) as now required to do, restarted the system and the updates installed. When the system was back up and I logged in, things seem to be working normally, at least those I need to use regularly. Then I shut down the machine, waited about one minute, restarted it, and things proceeded normally once more. When the system was back on, I did a bit more testing, and still things still seemed normal.

So: for now, the patient is recovering, its state remains stable and is apparently functional. If any future adverse effects of these updates are detected, I’ll report back.

After first returning, in case of trouble, the system to is pre-update state using, of the two restore points created for this purpose, either the second or both (the first one created automatically by Windows previous to the Office, etc. updates, and the second one by myself, before installing the IE11 and Security only updates.) It might not be the most complete insurance, as that would include creating an ISO disk image and etc., but that, regrettably, is not my style.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Charlie, DrBonzo

Reply | Quote

Thanks for the report. I’m glad everything seems OK.

When you say you installed the security only update do you mean KB4338823 or the patch that came out later, KB4345459?

1 user thanked author for this post.

Charlie

Reply | Quote

DrBonzo, Thanks for asking. From what I have been reading, it was not quite clear to me whether I would install KB4338823 first and then KB4345459, so I decided to install KB4338823 only, for now. How necessary, in your opinion, is KB4345459?

According to the document at MS explaining the purpose of this update, this seems to be avoiding problems caused by certain user’s actions that I would never take intentionally. So, unless those are things the OS or its ancillary software may do automatically and without my knowledge, what this update takes care of probably does not concern me. Or at least that is how it looks to me right now. Please, correct me if I am wrong. And thank you for trying to be of help, as you quite often have been.

(Group B, Windows 7 SP1 x64,I-7  “Sandy Bridge” CPU.)

According to the MS document; this update:

• Addresses issue in which some devices may experience stop error 0xD1 when you run network monitoring workloads.
• Addresses an issue that may cause the restart of the SQL Server service to fail with the error, “Tcp port is already in use”.
• Addresses an issue that occurs when an administrator tries to stop the World Wide Web Publishing Service (W3SVC). The W3SVC remains in a “stopping” state, but cannot fully stop or it cannot be restarted.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Charlie

Reply | Quote

I think your analysis is correct, as long as you’re sure none of the 3 situations described as known issues by MS apply to you.

I asked which of the 2 KBs (or both, for that matter) you installed because of a post by abbodi86 here:
https://www.askwoody.com/forums/topic/july-patches-are-all-messed-up-but-a-good-hint-appears-in-japanese/#post-204857

The quoted stuff in the above link is from one of my posts. To me, abbodi86 is saying to apply both 8823 and then 5459, or just 5459. I guess if it was me and I had just installed 8823, I would go ahead and install 5459 just to be safe. On the other hand, if you do this and then your machine gets messed up, I’d feel pretty bad.

1 user thanked author for this post.

OscarCP

Reply | Quote

Following the preceding entry from DrBonzo, and entirely driven by an abiding desire to advance Patching Science, I decided to continue with the experiment already described further up by installing KB4345459, even while am convinced that is very unlikely to be needed in my PC Windows 7 Pro SP1 x64 , CPU I-7 “Sandy Bridge”, given the way I use and am likely to continue to use my by now 7-year old machine.

After following the procedure already explained in my initial entry here, except for a previous back up, because of it not being necessary after yesterday’s, I installed KB4345459, restarted the PC, and everything looked normal. Then I shut down the machine, restarted it again after one minute, and things again  looked OK — and continue to do so at this very moment. If this were to change, I’ll report on it again here.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

4 users thanked author for this post.

Charlie, columbia2011, Elly, DrBonzo

Reply | Quote

Ideally, updating should not be difficult: point, click, watch.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I have always been a bit weary of people I don’t know well offering free gifts: candy from strangers, or software updates to import in my own, valued for their usefulness, machines.

Long before discovering Woody’s (shortly before the irruption of Windows 10 and the sneaky updates and other problems reverberating through Windows 7), I was always looking around for people complaining online about some new patches from MS, first for xp and then for Windows 7. “ghacks” was a valued resource and still is. Always waiting a week, at least, looking for those complaints. If none came up, or those that did seem clearly irrelevant to me, then and only then did I install the updates. And never those not listed as “critical”, unless there was something in them I thought should be useful to me.

Point and click updating was never an option. Point and click and watch bought many, throughout the years, the spectacle of a pretty blue screen and little joy. Old story, nothing new in all this.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

One week to August Patch Tuesday. July patches remain at MS-DEFCON 1. .NET Framework is obfuscated.

What is the approach to July patches?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Geekdom: ” What is the approach to July patches? ” Have a look here and in subsequent entries:  #208482 .

To people running Windows 7 the one-number DEFCON is no longer enough to make a final decision, because it is inevitably influenced the most by the endless and tearful Telenovela of Windows 10. My understanding of Woody’s complaint about giving up about patches, is that it must be motivated mostly by the dog’s breakfast that Win 10 updates have become. So, unfortunately now, rather than following a single number to assess the situation and decide what to do and when to do it, everyone has to do some homework as well. But doing that is not rocket science.

I follow mainly the Master Patch List and what is being reported in other sites, such as ghacks, and what people are writing here at Woody’s about their experiences, good, bad or indifferent, with the recent patches.

Patching is far less bothersome for Win 7 and 8.1 than for Win 10 (and patching Office rarely causes problems), particularly for those of us that patch as Group B and never install the monthly S&Q Rollups that have been a recurrent source of complaints for Group A patchers.

As to August patches: none of those already distributed are critical security updates. So why even think about them? They are there? Let them stay there. Much too early to worry about them.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

geekdom wrote:

One week to August Patch Tuesday. July patches remain at MS-DEFCON 1. .NET Framework is obfuscated. What is the approach to July patches?

I’ve been wondering about that myself.  Woody had posted earlier that he had “given up” on the July patches.  And I see that the Master Patch List has already rolled to August.

Could the recommendation be to skip the July patches entirely and wait until August patches are good to go?

Reply | Quote

This non-techie is following the Master Patch List and will wait for the August updates. Maybe we’ll have better luck. LOL

Edition Windows 11 Pro
Version 22H2
Installed on ‎10/‎19/‎2022
OS build 22621.2283

Reply | Quote