Yet another massive mess of Windows patches

Topic

New Reply

Microsoft just released dozens of new patches — some dated July 23 in the Update Catalog, some dated July 24, some dated July 20. Wotta mess. All sup
[See the full post at: Yet another massive mess of Windows patches]

8 users thanked author for this post.

MrToad28, Elly, Morty, PhotM, Myst, Microfix, geekdom

Reply | Quote

Replies

One thing I will give Win10, is the deferrals, how they relate to updates, when they’re pushed and/or you’re bugged about them (depending on WU settings)…. with the deferrals, you get no notices, nothing…until the deferral is up (me: 30 days), by which time, they’re generally sanitized enough to not break as much and the DEFCON rating has improved. Same with the feature updates as well.

For all the things MS jacked up with 10, at least (so far) deferrals work and they actually adhere to them – for now, at least.

1 user thanked author for this post.

BobbyB

Reply | Quote

@zero2dash yeah that’s what I am finding too on Win10 Pro 1709. They faithfully appear at the 29-30 day mark. Win10 1803 seems to be a bit lagged in grabbing patches on the work Machines, GPOL set at notify before download and (2) setting even Defender Signature updates you seem to have to go and get them, but theyre comfortably 1 month behind as per the defer setting, still playing the waiting game here with them, whether this is by design or M$ managed to break it cant really tell. Certainly not complaining here, strange though Win10 Pro 1709 notifies daily, some times twice with the latest Defender Signature update. Probably just about get a handle on that and then the battle to fight off a new version 1809 will commence again in earnest. 😉

Reply | Quote

The frog has been boiled. We jumped from being able to select individual patches to install just a few years ago, through cumulative updates but still being able to install them WHEN AND IF THE USER WANTS in every Windows version to being able to defer only for 30 days in the Pro version and being very happy about that.

Well done, Microsoft!

Antec P7 Silent * Corsair RM550x * ASUS TUF GAMING B560M-PLUS * Intel Core i5-11400F * 4 x 8 GB G.Skill Aegis DDR4 3200 MHz CL16 * Sapphire Radeon 6700 10GB * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit

4 users thanked author for this post.

Elly, David F, JCCWsusser, Cybertooth

Reply | Quote

I wouldn’t say I’m ‘happy’ about it per se; I’m more happy that at least they’re honoring it still.
Given their track record, that can and will probably change, since they constantly move the goalposts with everything else as it pertains to 10 (and especially 10 Pro).

Unfortunately I think things may end up getting worse in the end, especially with the recent org restructuring and the importance on cloud and AI being pushed (and Windows as a desktop being set on the shelf).

1 user thanked author for this post.

Elly

Reply | Quote

I wonder if this will be the month that the advice is finally given at least to Windows 7 users to switch to Group W – never update. It must be a close call at this stage, given the shift in balance between the major threat to our systems coming from Microsoft rather than third parties. How Windows 10 users can follow such a prompt is beyond me, it seems that they are pretty much signed up in perpetuity to whatever Microsoft chooses to throw at them – which it also seems to me is the biggest single reason to avoid “upgrading” to Windows 10!

7 users thanked author for this post.

kiwisolutionz, Elly, David F, wdburt1, The Surfing Pensioner, lanceboil, Myst

Reply | Quote

I actually started reimaging my machines last night from 10 to 7.
First one I did, I updated using Sec Only through 12/17.
I couldn’t RDP to it today, because of the CredSSP patch missing. So I installed Jan-June 18 Sec Only patches, and could RDP to it. But due to the Smeltdown patches, I worried about performance, so i disabled Smeltdown performance using Steve Gibson’s InSpectre.

In hindsight, I have a backup of 10 off it from the night before, and I think I’m going to go back to that when I get home. Why? I don’t think I can deal with using 7 if it means no updating, even Sec Only. I can continue updating, Sec Only, but it’s a hassle. Right now, with 10, I have my deferrals set, my systems notify me when an update is available (AU option 2), I have to acknowledge that and click Download. IOW, it’s a safety net. Overall though beyond that, the updates (thus far) have not broken 1703 or 1709 for me.

I’m trying to compare safety nets, in an apples-to-apples way as best as possible….and IDK, I feel like it’s less hassle to deal with 10’s updates than 7’s (assuming you set deferrals at least, and optimally, change the AU behavior and either disable reboot for scheduled installs with logged on users, or, set active hours). 7’s updates are basically a circus, but you have more control. 10’s updates are better, but you have less control. You really have to decide what poison you want to have.

I’d just switch en masse to Ubuntu MATE and get it over with, but only 1/3 of my Steam library has native Linux support, so I have to have a running, working Windows install somewhere if I want to play all the games I’ve paid for. I’m just hoping Win10 continues to improve and evolve in a way that benefits us, instead of handicapping us further.

4 users thanked author for this post.

Elly, Bill C., Seff, jburk07

Reply | Quote

Your last paragraph says it all for me. I don’t have the option to move from Windows from a gaming perspective (and I’m talking both Steam-based mainly single player CRPGs and free-standing MMOs), even assuming that at 68 years old I remotely want to contemplate taking on everything that is involved in switching my OS (which I do not).

For me, it will come down at some point to a couple of simple questions. First, is having my two home desktop PCs unsupported by Microsoft more or less safe than having them continuing to receive monthly updates? Second, is the safer of those two options better or worse for me than upgrading those machines to Windows 10?

I had rather naively assumed that as we moved nearer to the EOL date for Windows 7, the updating process would be maintained at acceptable risk levels and the benefits of upgrading to Windows 10 would be enhanced, but with each passing month we seem in both respects to be moving in the opposite direction!

Reply | Quote

Definitely, Seff – things do seem to be moving in opposite directions for both choices.
I think at this point we may all (as techies) be better off dodging the minefield and dealing with the update quirks of the old guard, the more that I think about it. Like the saying goes, “better the devil you know, than the devil you don’t”. At this point, we know the best and worst we can expect out of MS with the old; they keep moving the goalposts with 10, especially 10 Pro, and we may never know.

My hope is that in 2020, the software that we need to have updated, keeps updating. Browsers, drivers, games. I would imagine they will for a few years, since even after XP went EOL, all those things kept getting updated for a few years afterwards. By then, hopefully the picture is a bit clearer, and we have better options to choose from.

Reply | Quote

Seff wrote:

For me, it will come down at some point to a couple of simple questions. First, is having my two home desktop PCs unsupported by Microsoft more or less safe than having them continuing to receive monthly updates? Second, is the safer of those two options better or worse for me than upgrading those machines to Windows 10?

From a gaming perspective, I’d add a third quandary to that list: Can I play the games I want with my current hardware and OS?  If your library is fully established, and runs stably with Win7, you might be set, but you might be locked out of new titles that get developed exclusively for Win10.

I’m in the situation where in the near future, all of these questions might be decided for me by the age of my CPU.  I future-proofed myself pretty well when I bought my current system, but it’s nearly 8 years old now, and just as the VR market is hitting its stride, I’m realizing that the hardware I want for flying aircraft simulators is only being developed with Win10 in mind.

I was holding out hope that the Win10 situation would resolve itself in some fashion before I needed a new desktop, but at some point I will probably need to choose between the software I want to run, and the OS I need to run it.

Reply | Quote

For me, it will come down at some point to a couple of simple questions. First, is having my two home desktop PCs unsupported by Microsoft more or less safe than having them continuing to receive monthly updates? Second, is the safer of those two options better or worse for me than upgrading those machines to Windows 10?

My main PCs run W7 and Linux Mint ( I also have XP & W10 installs and VMs).

All you need to do to keep running W7 is to make regular Backup Images (remember to “Verify” the Images and store extra copies on external drives).

There are several free programs that can do this (I use Macrium Reflect Free Edition).

As for “unsupported by MS”, I’m still waiting for the “XP Armageddon” that we were promised would occur in 2014 (my XP install & VM still run properly).

Unlike W10, I can connect XP to the Internet without having to worry about it downloading GBs of garbage code and then self-destructing.

-lehnerus2000

2 users thanked author for this post.

OscarCP, JCCWsusser

Reply | Quote

I agree with both of you on one vs. another, last updates for my Win7 were for June’s rollup. Currently with Group A, about to consider Group W now, based on all this mess. Haven’t had any issues on my Win7, as a Home user with updates through June.

 

If it gets much worse for Win7 users I might just decide to use the PC as a work station off line, my Mac as a main station. Won’t go to Win10 for various reasons, some obvious, some personal having to do with losing a few good programs. What a crazy mess.

MacOS, iOS, iPadOS, and SOS at times.

3 users thanked author for this post.

Elly, Seff, jburk07

Reply | Quote

Not so soon. I am working on a Group A to mostly Group B rip, which users can run every month, after applying Group A updates. Completing the Group B rip will require making sure that CEIP is disabled, and checking for and disabling any new Task Manager tasks which are related to the Customer Experience.

“DOS isn’t done until Lotus won’t run.”

I say, “Windows 7 isn’t done, until all telemetry won’t run.”

Yep. This is my goal: Remove all telemetry updates, except for a couple of telemetry updates which one can not remove if the user has Office 365 installed, or if the user has installed one or more “Windows 10 only” apps. The user then has to verify that they are opted out of CEIP, and that they have disabled all Customer Experience tasks in Task Scheduler. The latter is not specifically required, in order to prevent telemetry from being sent to Microsoft and their affiliates which includes Facebook. Yet the point of doing the latter is to stop your computer from gathering any telemetry in the first place, regardless of whether or not it gets sent to Microsoft and Microsoft’s affiliates.

It is what it is.

 

3 users thanked author for this post.

Myst, Elly, Bill C.

Reply | Quote

Respectfully, the shift occurred a few months ago.  12/31/17, actually, though that did not become apparent until later.  Canadian Tech was ahead of his time on all this.

In my case: Updates since December have been downloaded but not installed.

2 users thanked author for this post.

Myst, Elly

Reply | Quote

Seff wrote:

I wonder if this will be the month that the advice is finally given at least to Windows 7 users to switch to Group W – never update.

Canadian Tech has been making this recommendation for a while… and there have been no problems reported by the people following this… Personally I’m holding at December 2017 (but note that I’m making that decision based on patterns rather than the technical details of patching).

However! It is likely that malware will continue to evolve and develop. Perhaps malware developers will focus on finding new flaws in the new  W10 OS… but with so many people unhappy with W10, it is likely that some malware perps will focus on exploiting older, known problems, or even find new ones, in Windows 7. Microsoft won’t care if Windows 7 is vulnerable because it will drive those users towards W10 (only the fact that they are supporting servers with long term contracts might mediate that, but their push has been towards wanting more ‘customers’ that they can harvest data from and abuse).

Personally, I think that a lot of the things that are exploitable are the same things that allow Microsoft and software developers to harvest data, along with providing services… and that by minimizing telemetry and unnecessary communications through a firewall the attack surface available is also minimized… but the non-techy Group A people are probably not going to tighten up their systems like that.

To make a recommendation to abandon updating in favor of Group W doesn’t take into consideration what the skills, and how motivated various users, actually are, and what actual dangers they might face. I recently found out a somewhat more distant family member is happily using Vista, blissfully unaware! They are of the opinion that if it works, don’t fix it… and a disaster waiting to happen… (back up, back up, back up!).

Woody has recommended that most Windows 7 users use Group A updating… and really, that is the largest group of people here, who aren’t on W10. Overall it is better to have patches against known exploits, than to play chicken and rely on hope (I’m not talking about adopting a well-shielded and backed up Group W, because most of the non-techy Group A’s aren’t going to carry through and actually do those things, and that is one of the things that must be considered in making that kind of recommendation). Of course, there might come a point of patching being such a disaster, that it is necessary to stop patching… but I’m not sure that we’ve reach that point (again, from watching patterns rather than a technical point of view).

Group B and Group W have been minority positions, however well thought out, tested, and workable they have been found to be. But the people adopting them, although perhaps not real techies, have at least taken the time to find out a little bit more about what is going on, and practice proactive defensive, protective computing. I’ve done quite a bit of coaching with family and friends, and those that have chosen Group B or W are all happy, and without adverse consequences. But… this is really a temporary position, and any recommendations need to be made with Windows 7 end of life clearly in our future.

Woody has given us Defcon patching, no matter what our patching styles are, outlining the best ways forward… and he gives us choices… anyone here value how important it is to have personal freedom and choice?

There are more people, individually, looking at Group W… and it has been a viable choice. But is it right for the majority of non-techies? July patching might justify a temporary Group W hold (don’t know, though, waiting on word from Woody). But we just don’t know what malware is being developed… and from what we do know, there is a huge untapped potential for difficult to detect, nasties, because of the flaws baked into our processors (thank you, Intel and AMD as stellar examples of deliberately creating flaws that they could utilize, but that make end users more vulnerable). Social engineering might be in play, to herd us fearfully into a future of data harvesting and marketing manipulation with W10… but hackers have made quite successful malware with less… and to ignore the likelihood of exploitation is as irresponsible as the fear-mongering. I’m not the expert Woody is, but it seems that there are pitfalls in every direction, with no perfect, good answer. In the end, pointing out the various directions and their flaws, and letting people make their own choices is probably more responsible.

People not ready to become informed and make their own decisions are choosing to be used for the prosperity of others. Freedom has to be exercised to be meaningful. The fact that Woody has always supported individual choice, is priceless…

Non-techy Win 10 Pro and Linux Mint experimenter

2 users thanked author for this post.

GoneToPlaid, Myst

Reply | Quote

Hello Elly,

I enjoyed reading your post. If you continue to hold your Win7 computers at December 2017, which I did for quite some time myself, then you are missing out on Meltdown protection and other important security updates. Note that updating Win7 computers from December 2017 to June 2018 requires installing updates in a specific order, in order to get around various update issues by taking advantage of update supersedence features.

Meltdown is readily exploitable via JavaScript in web browsers or via software downloads which include malware, whereas Spectre is  more difficult to exploit. It should be noted that Spectre vulnerabilities have now increased to four variants, with the addition of the latest side channel vulnerability. It is important to not only use the latest versions of web browsers, but also to keep Internet Explorer updated since IE is deeply embedded into Windows itself. With IE, it doesn’t matter if you are using another web browser, since a ton of IE DLLs are always running under the Windows OS itself. The upshot is that IE is a huge security hole on all Windows computers, even if IE is never visibly running.

Microsoft has implemented boot OS loaded microcode patches for both Meltdown and Spectre in Windows 10, yet Microsoft has only implemented OS loaded non-microcode kernel patches to prevent Meltdown in Windows 7 and Windows 8.1.

Presently, Meltdown is the most realistic attack vector. Yes, the latest versions of web browsers have changed default settings for JavaScript pooling to disabled, and have implemented other features to prevent Meltdown from within the web browsers themselves. Yet such protection does not extend to graphics drivers which can be touched via any web browser. Yes, the mini-computers within your computer’s graphics card can be used to exploit Meltdown. Thus, there is an additional requirement to keep your computer graphics drivers updated. This assumes that your graphics card vendor has revised their drivers to prevent Meltdown.

The upshot at the moment, since you are running Win7, is to either get updated through June via the specific January through June 2018 update installation order which I have found to work, or and if you are lucky, your computer motherboard’s manufacturer has released Intel’s V2 BIOS microcode which prevents Meltdown and Spectre. Either method will cause a noticeable slowdown of your computer. Updating your computer’s BIOS with the latest CPU microcode to prevent Meltdown and Spectre will cause the most significant performance impacts. Yet getting your Windows 7 computer updated through June 2018 for protection against Meltdown will result in a less significant performance impact.

The sad state of affairs is that most AV programs are NOT detecting Meltdown and Spectre Why? Because the code to exploit Meltdown and Spectre does NOT require any malware techniques, and because such code is easily obfuscated. Thus the reason for the so-called “no known exploits in the wild” statement. I don’t know if working Spectre exploits are out there in the wild, yet I strongly suspect that working Meltdown exploits actually are out there in the wild.

Best regards,

–GTP

 

1 user thanked author for this post.

Elly

Reply | Quote

@GoneToPlaid-

I’ve been thinking about updating to June. My old hard drive was successfully updated. What I’m battling is an emotional reaction to all of Microsoft’s problems. I’ve come to the conclusion that I don’t trust them, and that I need to focus on the future, using my Windows 7 offline, and something yet to be determined, online. I re-read your informative post several times, and although it is reassuring, and points out what path to take… I just can’t bring myself to update further… and thus I become a member of Group W (temporarily, I hope).

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

Myst

Reply | Quote

Elly – that’s exactly what I’ve been thinking about doing sometime down the road of MS havoc. but the tech folks who basically run the masses, my heart goes out to them. Personally, I’m one of the “little guys” who can walk away into the Mac world full time and pull the online plug on the PC to do the work and save to an external flash drive. Have had everything from MS-Dos (the best, but lots of writing involved haha), Win98, WinME, Vista, XP, now Win7, the latter if left alone with simple updating like once upon a time, is a perfect companion and workhorse. Living in the dark ages, still on Photoshop 7. But it’s looking sad, and I share in your emotional state. I’m holding off until the push through WU to 10 comes along again, but trying to have faith in making a major change. Hang in there kiddo

MacOS, iOS, iPadOS, and SOS at times.

1 user thanked author for this post.

Elly

Reply | Quote

Just a thought to above post; perhaps this is exactly MS way to coerce W7 users into the “Do not Update Mode” it looks like a perfect scenario in a sense, i.e. kill W7 support (or lack of), to get a percentage of users to alter their mindset to bite the bullet & upgrade to W10? Create kaos, divide & conquer, grab the masses who jump ship…and start the kaos all over again? I can’t see any other logic these past months, i.e. there will always be order even among disorder; a method to the madness exists.  (W7 forever!).

Please follow the –Lounge Rules–

If there is magic on this earth ... it's in the water.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

Your comments are quite interesting, since basically the same overall thoughts have been rolling around in the back of my mind for the past several months.

Reply | Quote

I keep seeing featured update 1803 every tuesday and I hide it with antivirus update. It’s only appeared tuesdays when it came to patches and such. But I’ve kept it hidden very well and not going to windows updates check updates.

 

I take every precautionary and check here for defcon status.

Reply | Quote

Ran “Check for Updates” on my Win 7 PC  to see if I had any of these new updates yet and got this error code….80072EE2.  I don’t believe this has happened before.  Several fixes on the internet…none of which I want to try.  Any suggestions from anyone?

Reply | Quote

Geo wrote:

If your a win 7 home user you don`t need to download any Previews.

Thanks,  I just wanted to check…I wasn’t going to install previews.  However, I just checked for updates again and it ran successfully without the error code.  Maybe the code just means the update server was busy before?

Reply | Quote

If your a win 7  home user you don`t need to download any Previews.

2 users thanked author for this post.

Myst, BobbyB

Reply | Quote

The downloads from the Catalog for the 2018-07 Previews for Win7/8.1 as of 7/24 still have the 7/18/2018 date stamp.

2 users thanked author for this post.

Pepsiboy, woody

Reply | Quote

Never say never, but I’ll keep on updating my Win 7, Pro x64 machine Group B-style. When and why?  Sometime, eventually, as usual, once the dust has finally settled, as it has always happened and I confidently expect to continue happening. So call me crazy all you want.

But I think we should always give credit where credit is due: in this case to those very active and even, yes, proactive people at MS that keep on spinning and weaving and sending us new patches like there is no tomorrow.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Myst

Reply | Quote

OscarCP – I like your attitude and would like to believe there will be light and we are again good to go, from a Win7 home user standpoint and for all others as well. For those Win7/Win10 users who rely heavily on security in order to serve the masses, I do believe this madness will end. Good thoughts OscarCP and thanks

MacOS, iOS, iPadOS, and SOS at times.

1 user thanked author for this post.

OscarCP

Reply | Quote

Your faith is misplaced. MS want to kill 7 and they will do it by hook or by crook.

I am ready to stop updating my 7 PC. Maybe get a 8.1 as backup, on an old PC.

Reply | Quote

Yeah, side-channel is another Spectre CPU vulnerability which I have known about for a good while. To quote:

“This latter attack is a big deal because Intel SGX (Software Guard eXtensions) are hardware-separated secure enclaves for processing sensitive data, one of the highest forms of protection that Intel CPUs provide to app developers.”

Interpretation: Totally blown out of the water — as in breached.

New Spectre vulnerabilities are being found considerably faster than I would have thunk. Well, perhaps not, since I did a lot of harping about Meltdown and Spectre, and since I figured that security researchers would jump on this Six Ways From Sunday. It is what it is.

I am working with a team on software which allows users to upgrade their computer BIOS to include complete Meltdown and Spectre protection via custom modified BIOS files which can be flashed. Microsoft, of course, is only implementing run time protection against Meltdown and Spectre in Windows 10. Microsoft is implementing Meltdown protection in Win7 and Win8.1 via Windows Updates, yet it is obvious that Microsoft has deliberately chosen to NOT implement run time Spectre protection when Win7 or Win8.1 computers boot up. Yet this is completely within Microsoft’s capability. It is what it is.

The final and overall upshot is this: Motherboard OEMs are not providing BIOS  updates for any motherboards which were initially released more than three years ago. It doesn’t matter if you bought one of these motherboards last week. Microsoft has implemented Meltdown protection, via Windows Updates, in Win7 and Win8.1 upon bootup, yet Microsoft refuses to implement Spectre protection in Win7 and Win8.1 upon bootup, even though Microsoft is readily doing so for their precious Windows 10.

I won’t delve into the potential legal arguments about this new Microsoft strategy, as this is a topic which is not pertinent to this forum, and which is a topic which should not be discussed on this forum. It is what it is.

Best regards,

–GTP

 

4 users thanked author for this post.

David F, Bill C., AlexEiffel, Myst

Reply | Quote

This is starting to be the new norm.  These are the 4th Tuesday updates that don’t introduce any new security fixes, just fix up issues.  Mind you they still don’t fix up the .net problems so yes, this is a pass.  They may not even be offered up in the MU channel/pushed out – which is what we’ve seen in the past.  So WSUS admins can push them out if they want to, but they may not be offered up via MU.

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

Elly, ch100, woody, PhotM

Reply | Quote

I will let you know what I see when I goto my Test Partition…..

 

Pattern! yes, one I am not liking much…… Has all of the competent people FLED Windows now? Now that it is less of a thing?????

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

2 users thanked author for this post.

Elly, woody

Reply | Quote

woody wrote:

Only a fool would tread in these waters. DON’T PATCH.

OR a Legitimate,  Knowledgeable TESTER, on a TEST PC/VM/Partition…..

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

3 users thanked author for this post.

Elly, ch100, Kirsty

Reply | Quote

That goes without saying, as does the fact that Woody has to assume that most followers of this site don’t fit into that category but are here because they have only a limited knowledge of technical matters albeit just enough to know that updating is a precarious venture and one on which they really need the advice and recommendations of those more knowledgeable than they are. Those in a much better position to judge these things are of course free to ignore the advice, but it would be wrong for the advice not to be given as the default position.

Reply | Quote

Be nice if Microsoft would get their c** together regarding the monthly updates. I can work around the annoyances and I certainly don’t see myself being better off switching to Linux distro or Chrome OS. That’s just me, and I can see this continuing to plague some users with messy updates and upgrades to consider options with Linux, Mac OS or Chrome OS. It would not be out of the question for some.

Reply | Quote

I’m sticking with Win 7: Because I love it, the few games/sims I play aren’t supported by Linux, and I’m not going to/can’t pay Apple’s double price/half performance ask.

Until late 2019 or so, I will stay in my happy holding pattern with 7 and re-evaluate then. Because I hate Windows 10.

Windows 10 Pro x64 v1909 Desktop PC

Reply | Quote

I was offered 1803 again (I get this every month and hide it as does another poster above), but this time WUMT listed it as 90 Gb! Is this right or a WUMT bug?

Reply | Quote

KB4340917 is a new 1803 Cumulative Update that brings the Build to 17134.191, and has a Date of July 24, 2018.  –  https://support.microsoft.com/en-us/help/4340917/windows-10-update-kb4340917 –  The Microsoft Update Catalog lists the x64 version as 713.1 MB = https://www.catalog.update.microsoft.com/Search.aspx?q=KB4340917 –  I have heard that the Windows Update MiniTool  WUMT sometimes has bad size listings.  That is why it is a good idea to type in the KB# into your search engine and do some homework.  Probably a good idea to  WAIT  /  Defer  this update along with all other July updates until Defcon 3.

1 user thanked author for this post.

woody

Reply | Quote

@anonymous RE: WUMT yeah I had this a bit back on a similar issue, not sure if WUMT is reporting correct sizes? or there’s some shenanigans with the upgrade process?

Reply | Quote

WUMT reports correctly the total size of the filestreaming package which is known as UUP.
WUMT is still a very good or maybe the best tool around when it comes to manually manage Windows Update.

3 users thanked author for this post.

abbodi86, Elly, BobbyB

Reply | Quote

Many thanks for the replies and explanation. Yes I’m definitely deferring this but I’m also glad that I won’t be facing a 90Gb download (or 189Gb in BobbyB’s case!) when it is eventually safe to update to 1803.

Reply | Quote

Group A….At this point in time, it’s looking like I might be wise to skip July on both Win 7 and 10 and hope they get it right next month. With the updates being cumulative, would anybody see a problem with this solution ?

Reply | Quote

Whoa. I just looked at the MS Support page (updated as of July 19, 2018) which Woody posted regarding Spectre side-channel attacks. I see that MS is recommending that users install the January and February 2018 security updates, in addition to other actions such as BIOS firmware updates, to mitigate against Spectre side-channel attacks.

Now, wait a minute. The January and February 2018 Security Only updates introduced a flaw by Microsoft which became known as Total Meltdown. I do not see any indication that these January and February updates for Windows servers have been updated to address this issue. Total Meltdown wasn’t fixed until March or April 2018, as I recall.

3 users thanked author for this post.

OscarCP, Myst, woody

Reply | Quote

Seeing http://support.microsoft.com/kb/4339284 (Time zone and DST changes in Windows for North Korea) to redirect to https://support.microsoft.com/en-us/help/4339284/time-zone-and-dst-changes-in-windows-for-morocco-west-bank-gaza

I think MS hotfix “documentation” should just be avoided. Things written by people who cannot distinguish between North Korea and Morocco obviously cannot be useful.

Reply | Quote

Well! It’s just the beginning… and the Microsoft script kiddies will cause more havoc in the future. Since Microsoft open-sourced quite a few technology stacks, it’s (no) fun to see the junk they code. In regards to .NET Framework issues… just look at the mess Microsoft calls .NET Core (github.com/dotnet). Of course, that mess makes it into the .NET Framework stack as well. The most ridiculous thing is that Microsoft traded security by allowing .NET Core 2.1+ apps targeting newer and patched .NET Core versions to run on previous and unpatched versions so they don’t have to update their Azure Web hosting servers at the time security patches get released. Says it all, right?

1 user thanked author for this post.

Cybertooth

Reply | Quote

Windows 7 users, fasten seat belts and brace for impact:
https://news.softpedia.com/news/microsoft-begins-windows-7-upgrade-offensive-ahead-of-january-2020-end-of-life-522069.shtml

Batten down the hatches with Woody’s advice:
https://www.computerworld.com/article/3049165/microsoft-windows/steve-gibsons-never10-vs-josh-mayfields-gwx-control-panel.html

Group W, disable Windows 7 Updates and never update, starting to look good.

Reply | Quote

Wonder if this update will keep doing what it promises to do:
https://support.microsoft.com/en-us/help/3184143/remove-software-related-to-the-windows-10-free-upgrade-offer

~ Annemarie

Reply | Quote

I’ll stick my head out and predict that MS will offer another FREE upgrade (downgrade?) to W10 solely for W7 users before 2020.

With this in mind, over the weekend, I re-installed W7x64 (directly) and further adopted Canadian Tech’s insight and method of installation (now in group B), I’m more than happy to have went beyond May 2017 to stay at December 2017 for security patches and the last dot NET roll-up being in September 2017 for now. Third party software, browsers, security extensions, AV’s, firewall rules and registry keys are now taking care of this device and WU is completely OFF! (and imaged off-line)

MS are tightening the screw and aren’t going to be caught out by another XP again for W7.

Credit and many thanks to Canadian Tech for the advice here: #188268

NOTE for CT: all of which still works great albeit I went to December 2017 instead of May 2017 for SO patches and Sept 2017 for dot NET roll-up.

No problem can be solved from the same level of consciousness that created IT- AE

3 users thanked author for this post.

Myst, Cybertooth, Elly

Reply | Quote

@microfix, what’s the reason for not installing .NET updates released since September?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Microfix

Reply | Quote

September .Net was the last of 2017 Roll-ups offered by WU. No particular reason, just means the PC is patched up to December 2017. This years MS patches never got off to a good start and that was an indicator for me not to go any further.

No problem can be solved from the same level of consciousness that created IT- AE

3 users thanked author for this post.

Myst, Cybertooth, Elly

Reply | Quote

softpedia is a known click-bait FUD-breeding site

the original report has nothing about any forced upgrade

Reply | Quote

“Windows upgrade offensive”: If it is much like the one they conducted when first Win 10 was offered for free, a few years ago, I imagine we’ll all be annoyed but survive it and still be Win 7 users to the bitter end, and even beyond it. At that time, for me it was simply a matter of checking on the updates by clicking on “more information” after right-clicking on the update name in the WU page in “Control Panel”. If the information had words such as “improving your experience quality” or “making it easier to transition to Windows 10”, I hid them and that was that. And I’m never, ever, going to click off popups “encouraging” me to switch to Windows 10… Instead, I’ll close down right away the whole Windows Update and the Control Panel screens. Or, if everything else fails, try logging off, or even turn off the machine, always starting the above by disconnecting it form the Internet.

Some interesting paragraphs in that “Softpedia” page:
“The end of support is coming in 2020 and it’s time to make the shift to 10,” Louisa Gauthier, product and marketing leader at Microsoft, was quoted as saying.

My comment: Making a switch then will be quite timely, yes indeed. But a switch exactly to what, eh?

“Why is end of support so important for us? Because it is a huge opportunity to get your customers to modern. It is an opportunity estimated to be worth $100 billion when you put together all the partner services, Office and solution opportunity over three years”, she said.

“Softpedia” comment: Microsoft tells partners that the end of support that Windows 7 is projected to reach in early 2020 is also an opportunity for them to boost sales, especially because many customers might seek hardware upgrades to modern devices.

“If your PC and software are more than four years old then it’s time to move to a new Windows 10 device. Modern Windows devices are cheaper to manage and faster to run,” she said.

My comment: Mi non-modern Windows 7 Professional, x64 OS cost me exactly $ 0.00 to manage and run.

There are here, perhaps, certain assumptions made by certain people, that users share some important modes of behavior with lemmings. Interestingly enough, and contrary to common belief, it has been recently scientifically proven that lemmings do not jump off cliffs and into the sea en masse:

“Softpedia” comment: According to third-party data, Windows 7 is the leading choice on the desktop with a share of 43 percent, while Windows 10 is the runner up with approximately 34 percent share.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

We both are in the same boat — deciding to what to switch to once Win7 support ends.

Reply | Quote

Quite so, GoneToPlaid. My situation is that I am going to have four computers, three already in hand and the other coming soon (a second Mac, this one from the government, that now wants me to use one of their own exclusively to access from home my email account and some computers there I work with using remote login). The others three are, ordered by age:

(1) An IBM Thinkpad ca. 2005 running Widows xp that I have been hoping to turn into a Linux PC, mainly for practicing with Linux, but has a bad keyboard that needs replacing, and I have no idea where to get a new keyboard for it. Suggestions welcome! Alternatively, I could put it in one those funny stands that held a laptop open almost vertically, and use an external keyboard and a mouse (instead of the built-in track pad), with the machine using also a separate, large monitor I have as the display unit. Sort of a totally catheterized PC.

(2) My Windows 7 Pro x64 HP Pavilion PC ca. 2011, that I will continue to use with Windows 7  after January 2020, either going Group W for ever, or using it entirely off-line, because of some software I have there that I really like, e.g. Office 2010.

(3) My own Mac, a MacPro Book ca. 2015, bought new from Apple and just 14 months in my possession. That is going to be kept on active duty, and quite intensively, I would expect.

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Hi OscarCP,

Occasionally parts for older laptop models do show up on eBay. You might want to save a search for the keyboard for your specific IBM laptop model.

Best regards,

–GTP

 

1 user thanked author for this post.

OscarCP

Reply | Quote

I would not be surprised if Microsoft releases new Windows 10 updates next Tuesday July 31 🙂

Reply | Quote

Elly wrote:

@GoneToPlaid- I’ve been thinking about updating to June. My old hard drive was successfully updated. What I’m battling is an emotional reaction to all of Microsoft’s problems. I’ve come to the conclusion that I don’t trust them, and that I need to focus on the future, using my Windows 7 offline, and something yet to be determined, online. I re-read your informative post several times, and although it is reassuring, and points out what path to take… I just can’t bring myself to update further… and thus I become a member of Group W (temporarily, I hope).

Hi Elly,

Note that all of the KB articles for all of the 2018 updates have been updated by Microsoft. Details are now missing in regards to what one could have manually checked for in a computer’s registry.

I too have been emotionally battling the seemingly unending issues of Microsoft updates. And I too, up until June, held all of my Win7 computers at December 2017. Yet there were issues with a couple of older XP programs which had started crashing either when running or during shutdown. These issues started roughly around September 2017 after installing updates which were meant to fix security issues in the Windows kernel. These issues continued up and until I installed the June Security Only update, and then sequentually “back installed” the other 2018 Security Only updates.

All of the Jan through May 2018 updates have issues, which must by avoided by implementing supersedence by first installing the June 2018 update and rebooting, and then sequentially installing the Jan through May 2018 updates without any reboots when installing them. To perform this procedure, any installed 2018 updates must first be uninstalled.

The upshot is that the June 2018 update for the Win7 kernel does fully implement Repotline protection within the Windows kernel against Meltdown, regardless of whatever version of web browser you are using, since web browsers are the most likely scenarios for Meltdown attacks, and since the latest versions of all of the popular web browsers have internally implemented Meltdown protection.

The June Win7 update also, and finally, fixes the months long issues when running older XP programs which could crash with “Pure function call” messages. I have been experiencing this specific issue since around Setember 2017.

The upside, after getting updated to June 2018, after holding at Dec 2017, is that Win7 will be fully protected against Meltdown, regardless of whatever version of web browser you run and regardless of whatever software you subsequently install. Note that outdated web browsers and outdated graphics card drivers remain the most likely vectors for Meltdown.

The downside, after getting updated to June 2018, is that Win7 likely will run somewhat slower, yet mostly only under the specific scenarios of copying or moving files. I have been successfully running all of my Win7 computers, fully updated through June, yet on Group B, for around a month with no issues.

The upshot is that June 2018, versus December 2017, has become my new “holding point.”

Best regards,

–GTP

 

2 users thanked author for this post.

Dascombe, Elly

Reply | Quote