• Which window-7 Updates should never be installed

    Home » Forums » AskWoody support » Windows » Windows 7 » Questions: Windows 7 » Which window-7 Updates should never be installed

    • This topic has 18 replies, 9 voices, and was last updated 2 months ago.

    Hello Everyone,

    I am helping family fix an older CPU for sentimental value.  I am having to reinstall windows 7 from scratch.  I found several lists of of updates not to install.  I was hoping that I could get some expert advice on their accuracy.  I am trying to figure out which updates to ABSOLUTELY NEVER install in windows-7.  I keep getting numerous conflicting answers as I look more into them.  I am hoping to find a consensus among the knowledgeable members in these forums….

    The post is long thanks to the list. To help simplify things and make for easier reading, I am everything as an excel and a word file.

    List Start:

    So… If you don’t want Windows 10, you’re best off avoiding these:

    as they’re all Windows 10 preparation updates.

    If you’re worried about being spied upon, I’d give these a miss:

    as they bring Windows 7 “telemetry” stuff into line with Windows 10. (This is info that gets phoned-home from your copy of Windows back to Microsoft. In all probability it is just info to help them identify reasons for software crashes etc, but given wording like:

    “Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary.” in Windows 10’s EULA, I won’t blame anyone who feels paranoid.

    And lastly, if you’re having trouble getting Windows to validate as being genuine (whether because you’re running a pirated copy and your crack tools aren’t working properly all of a sudden, or because your actually valid copy of Windows isn’t validating) then avoid this one:



    Like the majority of Windows users, I am running Windows 7 and there are numerous “updates” with which Microsoft tries to sneak in telemetry (or the dreaded Windows 10) with. I compiled the list from various reputable sources and, even though everyone is responsible for his own PC, I never encountered any problem by blocking or uninstalling them whenever they do manage to slip in.

    Needless to say, one needs to block all automatic updates (yes, the red option Microsoft does not seem to like) yet perform a manual update once every month or two.

    I arranged then alphanumerically for easier use. Note that if you perform a search in your installed Windows updates, make sure to include the letters KB before the number of the update, otherwise the search may come back falsely negative.

    The extra nasty ones (as well as the ones Microsoft insists in including even if asked to hide them) have been noted in Bold.

    KB2505438: Although Microsoft claims to fix performance issues, it often breaks fonts.
    KB2670838: The EVIL Update, breaks AERO on Windows 7 and makes some fonts on websites fuzzy, Windows 7 specific update only (Do not install IE10 or 11, otherwise it will be bundled with them. IE9 is the max version you should install – and who uses IE, honestly?).
    KB2882822: Very fishy update that just popped up with not enough detail about it
    KB2902907: Microsoft Security Essentials.
    KB2976987: Telemetry.
    KB3022345: Telemetry.
    KB3015249: Adds telemetry points to consent.exe in Windows 7 & Windows 8.
    KB3042058: Microsoft claims its a security update but it contains WinLogOn Spying.
    KB3068707: Customer experience telemetry points
    KB3068708: Telemetry
    KB3075249: Telemetry.
    KB3080149: Telemetry.
    KB3081954: Telemetry Update for Windows 7.
    KB3083710: Update for the Windows Update client with sketchy details for Windows 7, see this thread.
    KB3083711: Update for the Windows Update client with sketchy details for Windows 8.
    KB3086255: Flagged as an Important update. It disables SafeDisc games in Windows Vista, 7, and 8/8.1.
    KB3088195: Microsoft claims it’s a security update but also has a key logger on the Kernel Level.
    KB3093983: Microsoft claims it’s a security update but it contains IE spying.
    KB3107998: Removes Lenovo USB Blocker.
    KB3118401: Allows Windows 10 dependent Universal Runtime apps to run on earlier versions of Windows.
    KB3138612: Fishy update for Windows Updates.
    KB3138615: Security update for IE11 which adds Windows 10 preparation.
    KB3139929: Fishy update for Windows 7/8 to Windows 10 Upgrade and a Security update for IE11 which adds Windows 10 preparation.
    KB3148198: Cumulative update for IE11. Includes previous Windows 10 preparation.

    KB2952664: “Get Windows 10” Assistant.
    KB2976978: Windows 10 Upgrade preparation for Windows 8.
    KB2977759: Windows 10 Upgrade preparation for Windows 7.
    KB2990214: Windows 10 Upgrade preparation for Windows 7.
    KB3012973: Force Trigger Download and Install of Windows 10.
    KB3021917: Windows 10 Upgrade preparation and Telemetry.
    KB3035583: GWX Update installs the “Get Windows 10” app in Windows 7 & 8.
    KB3044374: Windows 10 Upgrade for Windows 8.
    KB3050265: Windows Update Client for Windows 7. Since June 2015 the Windows Update Service updated to accept upgrade to W10 and other fixes.
    KB3050267: Windows 10 upgrade preparation but also adds the option in GPEDIT to disable Windows 10 upgrade altogether so you may want to actually install this – I did not.
    KB3064683: Windows 10 Upgrade for Windows 8.
    KB3065987: Windows 10 Upgrade for Windows 7.
    KB3065988: Windows 10 Upgrade for Windows 8.
    KB3072318: Windows 10 Upgrade preparation for Windows 8.
    KB3074677: Windows 10 Upgrade preparation.
    KB3075851: Windows 10 Upgrade for Windows 7
    KB3075853: Windows 10 Upgrade for Windows 8.
    KB3081437: Windows 10 Upgrade preparation.
    KB3081454: Windows 10 Upgrade preparation.
    KB3083324: Windows 10 Upgrade preparation for Windows 7.
    KB3083325: Windows 10 Upgrade preparation for Windows 8.
    KB3090045: Windows 10 Upgrade Update for Windows 7/8.
    KB3102810: Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 Upgrade preparation for Windows 7.
    KB3102812: Fixes an issue regarding long wait while searching for Windows Updates but also has Windows 10 Upgrade preparation for Windows 8.
    KB3112336: Windows 10 Upgrade for Windows 8.
    KB3112343: Windows 10 Upgrade for Windows 7.
    KB3123862: Windows 10 Upgrade for Windows 7 & 8.
    KB3135445: Windows 10 Upgrade for Windows 7.
    KB3135449: Windows 10 Upgrade for Windows 8.
    KB3146449: Windows 10 Upgrade for Windows 7/8.
    KB3150513: Windows 10 Upgrade for Windows 7/8.

    KB454826: Slow performance in applications that use the DirectWrite API on a computer that is running Windows 7 or Windows Server 2008 R2 = It often breaks fonts.
    KB971033: Description of the update for Windows Activation Technologies.

    Major Sources:




    Thank you everyone for their assistance,



    6 users thanked author for this post.
    Viewing 5 reply threads
    • #2054967

      IMHO what you are trying to do here is like flogging a dead horse. Useless.

      Around 5 years ago, Microsoft began cleaning up its Updates. So many of the updates you have listed have been superseded by newer updates. If you do not install the old ones, you will at least get their functionality in the newer ones that have superseded them.

      In 2016, Microsoft instituted Cumulative updates. Since then, the functionality of many of the older (and some not too old, even) have been incorporated into these Rollups. Back in the days of GWX, everyone was going crazy trying to find “bad” updates and making list after list to avoid installing them. Our “Ultimate” list of telemetry patches to avoid boiled down to turning off CEIP and avoiding six updates:
      (Plus the validation patch KB971033 not related to telemetry)
      But even so, the Compatibility Appraiser functionality, KB2952664, has been incorporated into the Monthly updates, both Rollup and Security-only.
      And with IE, you are making a mistake stopping at IE9. Even if you do not use IE as your browser, it is an integral part of the Win7 OS. You cannot uninstall it. And other parts of the OS continue to use its functionality even it you think you have turned it off. The older IE, unpatched, is one of the biggest dangers in Win7.

      If your plans are to bring the computer in question up to date to protect it from vulnerabilities, you should go ahead and install the updates until EOL. To avoid the telemetry, turn off CEIP and follow the instructions in AKB2000012. Install IE11 and update it to the latest patch, but do not use it for a browser. Choose another browser like Firefox, Chrome, or even Edge, and keep it updated. Install a good anti-virus and keep it updated. And last of all, practice safe browsing on the Internet.

      5 users thanked author for this post.
      • #2516784

        But even so, the Compatibility Appraiser functionality, KB2952664, has been incorporated into the Monthly updates, both Rollup and Security-only.

        Exactly so! M$ is determined to force these thinly veiled corporate malwares on us one way or the other. If KB ‘drive-by downloads’ was the next move, it would come as no great surprise. The choice is a simple one. Gates and Nadella has drawn the line in the sand, and made it an all or nothing proposition, so it is now up to each end-user to decide whether it is all…or nothing. Either swallow whatever M$ is cooking, or or stay out of their diner altogether.

        Frankly I’ve never been enamored with their updates and patches. Maybe due to five+ years of running XP Pro pretty much problem-free, before finally switching to Win 7 a few months ago. Maybe because I have a tech on retainer that does housecalls, and can handle anything the technovandals send this way. Maybe given the history of how regularly these ‘upgrades’ either make things worse, or contain hidden nasties that make the cure far worse than the disease. Most likely a bit of all three! First thing I did upon getting the XP Pro rig was to end access to it by M$, and over five years later, never had any reason to regret that. First thing I did upon getting the Win 7 rig was exactly the same (if it ain’t broke don’t fix it). I’m betting in five years from now I’ll still have no reason to reaccess my method. The price of having M$ provide my security is too high (not to mention just how shoddy the security they provide always seems to be), so me and my tech will be taking care of that, sans the nasties embedded in the wares Billie Gates is so eager to provide. I’ll be passing on the updates and patches….again.

      • #2560497

        Out of curiosity, do legacy Win7 systems that are fully up to date through EoS like you described continue to have to deal with nagging to update to Win10 and/or the hijacking and forced update to Win10 that caused so much consternation when Win10 came out? If so, can it be avoided or mitigated like the telemetry can be?

        • #2560557

          First off, I would hope that any Windows 7 would be isolated and not going on the web.  I would hope that you would get a cheap android tablet to do that.  You aren’t going online, right?  So you shouldn’t be getting a nag.

          Secondly you can use Ultimate Outsider – Software Downloads GWX control panel as  – like GRC in control – keeps Windows 10 tamed.

          Susan Bradley Patch Lady/Prudent patcher

    • #2466787

      Hokay, so I’m an old fogey.  I’m trying to update as much as possible my old win 7 machine — I had some bad experiences with the “forced” update to 10 on and older machine, so that soured me on upgrades.  Now they come up with Win 11, which will not run  on my perfectly adequate machine, and so I should spend a couple K to fix what isn’t broken??  Sounds like a .gov fix to me, even tho it’s MS.com.  Don’t expect me (or many others) to pop for the latest glitzy stuff — BW

      • #2532408

        So I think it’s pretty obvious that for some of us, this is the end of the road for Windows. As a long-time Windows user, I just don’t see a path forward from here. I think at this point the only answer is to go to some version of Linux. I’m not happy about this but it seems every new version is a new learning curve. So why not just make the ultimate switch to an OS you can actually trust? The downside of course is that it is a big change at the fundamental hardware level of how the system operates. This has been the reason I’ve held out so long. I’ll always keep a version of 7 around unpatched to do the chores I just can’t figure out how to do on Linux. I had hoped MS would come to its senses but of course, that has been a pipe dream for years now. Their agenda sadly doesn’t have anything to do with usability for its users. Since most of what I do anymore occurs in a browser I just see less and less reason to even consider upgrading any further.

        2 users thanked author for this post.
        • #2532441

          Dedoimedo.com tells his view of why he doesn’t want to follow along with Windows and how he plans to migrate to Linux.  If your hardware supports it, it is possible to run Linux as a VM with Windows as the host, or to run Windows as a VM with a Linux host.  Note that a Windows VM is supposed to have a license (retail I believe not OEM).

          If you are doing well with Windows 7, but are concerned about security, most users I think can just keep using it with a few precautions.  Chrome will no longer get updates, so it will become more and more risky to use.  Try Firefox if you once liked it or are open to trying it.  Make sure to use a good adblocker, Ublock Origin or Adblock Plus, to reduce the risk of viruses or phishing from ads.  Be very cautious with attachments from email – assume they are bad and do not click links in emails.  If an email tells you to go to a website, and you want to, do not click the link but instead type the address you know to be right in the address bar.  Use a full on-access Antivirus, one that you really trust.  As a quick suggestion I’ll say use Bitdefender, although they only promise support until the end of the year.  https://www.bitdefender.com/consumer/support/answer/32549/

          And make lots of full system backups, and don’t keep only the last one or two images.  Perhaps buy an external hard drive that can store many, like 6+, full drive images, and make sure to make them on a reliable schedule.

          Switching to Linux is great as long as you meet 3 requirements- 1. you like to learn new things 2. you don’t need ALL Windows games to work 3. you don’t heavily trade Microsoft Office files with other users

          If you have a powerful laptop and an SSD, Kubuntu is one of the most Windows-like experiences.  If your computer is older, I’m going to suggest MX Linux.  Most people have several used computers around or friends with junk laptops.  Doing as you suggest, keeping one as Windows 7 and using Linux on another gives you the best of both worlds.

          2 users thanked author for this post.
        • #2532471

          @Energy Saver, you’ve written a very thoughtful and helpful response, as I, too, will be migrating from Windows 7 to Linux.

          In addition to the host-VM options, there’s also the dual-boot option where the user can choose to run either Win7 or Linux at boot time.

          , I’m in total agreement with your sentiments! Here’s my plan; maybe parts of it will be helpful. As I currently use Office 2010 (including Outlook), I’ll first migrate from Outlook to Thunderbird while on Win7 (I already use Firefox ESR). I’ll then install Linux Mint Cinnamon (most likely) in a dual-boot environment, along with Firefox and Thunderbird, and then copy my profiles over from Win7.

          Bottom line: I will use Linux online and Windows offline. As to whether I’ll eventually want to use LibreOffice or another Office-type package on Linux, time will tell. Good luck to both of us!

          Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'
        • #2534877

          Been looking for an update list for some time now, I believe I have what I wanted now, thank you.


    • #2560574

      I would hope that you would get a cheap android tablet to do that

      Android smartphone/tablet aren’t more secure on the web than an unpatched/unsupported Windows 7.

      • #2560578

        I would hope that you would get a cheap android tablet to do that

        Android smartphone/tablet aren’t more secure on the web than an unpatched/unsupported Windows 7.

        and evidence of this blastphemous statement is where exactly?

        FYI – android is built on one of the safest systems on the planet, linux (unix) unlike the windows disfunctional ecosystem.

        • #2560595

          It will depend on what the vendor has done to it and what apps you have downloaded so not ALL android operating systems are the same, but on the Android platform is more dependent on WHAT you download, not how the attacker can abuse the Windows “living off the land” vulnerabilities inherent in an out of date operating system.

          Susan Bradley Patch Lady/Prudent patcher

      • #2560594

        No active X.

        No macros.

        No java script.

        I beg to disagree.

        Susan Bradley Patch Lady/Prudent patcher

    • #2574299

      Here’s the original version of the main above article, but at a different address.  It’s not very useful without the color coding:  “Windows 7 Updates, Descriptions & Telemetry“.

      KB2670838 doesn’t seem to be evil.  It doesn’t ruin Aero or cause other problems on my system.  You’ll see a bunch of systems it is reported to be incompatible with (e.g. it’s required to use Radeon HW acceleration features.)  If it has this, it’s called “Win7 SP1 Platform Update”.

      I’m still rockin’ Win7 in 2023.  While a determined attacker might be able to hack my system, I run my browser in a sandbox, use HostsMan to block out EasyList URLs, and never install software from some unknown third party when I can download it from the author’s site or a trusted site.  If I can’t, I run it in a sandbox.  No antivirus or other protection needed for years.

      OTOH: Look at all the “features” you’ll be missing with Win10 telemetry: “Windows 10 Creators Update Problems, Privacy Invasion & Petition for Change“.

      I’d upgrade to a de-spywared version of Win11 if I played a lot of games, because DirectX12 is required for all but a few games.

      1 user thanked author for this post.
    • #2574390
    • #2574413


      Or tiny-11-NTDEV

    Viewing 5 reply threads
    Reply To: Which window-7 Updates should never be installed

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: