|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
Microsoft re-releases three “compatibility” patches KB 2952664, 2976978, and 2977759
I don’t understand why MS does this.
InfoWorld Woody on Windows
-
How to permanently remove KB2952664, and maybe speed up your machine in the proceess
Just got this fascinating email from Tom:
Lately I’ve been focusing on are your articles pertaining to the different widows patches / monthly windows updates that are trying to get people to install windows10 whether they want it or not. Months ago (before I found AskWoody and the GWX Control Panel) I found that I had the windows 10 GWX icon on my computer, and I had no idea as to what it was, or how it got there. The icon was the start of my education / introduction as to what Microsoft was doing to get people to upgrade to windows 10. As I’m sure most people do, I turned to Google for answers. In a short time I learned that WU KB3035583 is what caused the GWX icon to show up on my computer. KB2952664 was another update that kept popping up as something to be concerned about. I found that both of the updates were installed on my computer. I promptly uninstalled both of them and then hid them when they reappeared. After the computer rebooted the GWX icon was gone and I was a happy camper. From that point on I started doing a google search after the monthly Patch Tuesday WU’s appeared, and definitely before they were installed. That’s actually how I found AskWoody, and also when I started only installing Security updates. Not to long ago I saw the KB3035583 update was offered again. I promptly hid it along with the other KB3035583 that was already hidden. Because of one of your recent articles about KB3035583 and KB2952664 I decided to search my installed windows updates to see if either one was there. I was surprised to see that KB2952664 was. I promptly uninstalled it for a second time, then hid it again when it appeared in the available updates. A few days later while checking on another update, I happened to see that KB2952664 showed in the installed updates, again. After another google search I found that there were a lot of other people who were in the same situation I was in. It seems that anytime the update was uninstalled, it automatically reinstalled itself almost instantly. I then did a search for, “unable to remove / uninstall KB2952664”. Lots of people asked the question but nobody had a definitive way to pertinently remove the update.
Yesterday I actually found a simple solution that actually did work at removing the update. Hence the reason for the email! I thought your readers might find it useful.
It’s an easy 2 part process.First, from an elevated command prompt enter: ( dism /online /get-packages | findstr KB2952664 ) This pull up all KB2952664 packages. Mine had 10 different versions, for a total of 22 packages.
To remove them, again from an elevated command prompt enter:
( dism /online /remove-package /PackageName:Package_for_KB2952664~31bf3856ad364e35~amd64~~ 6.1.1.3 ) This removes version 6.1.1.3 only. On machines that also have versions 6.1.0.12, 6.1.3.0, 6.1.7.4, 6.1.8.2, etc. etc. this command must be repeated with the appropriate version numbers. Once all versions are processed, run: ( dism /online /get-packages | findstr KB2952664 ) again, and if it doesn’t return any packages, KB2952664 is gone…
I can’t tell you how much quicker my machine seems to run since the update is finally gone.
-
More about the interlocking GWX patches, KB 3035583 and 2952664
I assume y’all have read Andrew Orlowski’s article at The Reg.
Reader JIY did a little more sleuthing, and here’s what he found:
After reading your link to Andrew Orlowski’s article (great find) today, I broke out the tools to do some checking. Below are the screenshots of instances in which 2952664 and 3035583 were located in the registry. Five for 2952664 and one for 3035583.
All files were contained in the folders, C:\Windows\SoftwareDistribution\Download\ 4a7d77dbff0bf4a0c11e5070d988f4 7b (for 2952664) and C:\Windows\ SoftwareDistribution\Download\ 6f7643215b36bc8b4eae01ea7c4b5a ab (for 3035583). In both cases, folders were created on 1/26/2016 and file dates were mostly 12/8/2015. The findings were exactly the same on both Win 7 x64 desktops.
Below is a shot of one of the subfolders within C:\Windows\
SoftwareDistribution\Download\ 6f7643215b36bc8b4eae01ea7c4b5a ab (for 3035583). Not much more to wonder about, except how did they get there? Neither KB shows as installed on either system. The only conclusion I can reach is that I mistakenly allowed the installs in the effort to update these machines after they had been unused for about 3 months (in process of moving) and subsequently uninstalled. Still, I have a hard time understanding why I would do that since I’ve avoided non-security updates faithfully since about March 2015. So, while they might not be listed as installed, they and the related registry entries are still on those machines (for the next 2 minutes). When is an uninstall not an uninstall? 
-
Must read: The connection between GWX’s 3035583 and 2952664
Excellent detective work by Andrew Orlowski at The Register.
-
Three obnoxious Win7/8.1 updates return, plus two warmed-over patches, KB 3138612 and 3138615
KB 2952664, KB 2976978, KB 2977759, KB 3138612 and KB 3138615 all basically useless.
InfoWorld Woody on Windows
-
KB 3135449 and 3135445 could be useful, but ignore the rest of Microsoft’s batch
KB 2952664, 2977759, 2976978 are more of the same-old, same-old.
InfoWorld Woody on Windows
-
MS-DEFCON 3: Patch Windows, but beware the snoops
It’s time to get caught up with your Microsoft patches. The September Black Tuesday patches have festered, gone through a few re-releases, and generally stewed enough to warrant applying to your machine.If I count Susan Bradley’s list of patches correctly, there were 75 patches released for Vista, Win 7 and Win 8.1 in September, and another six — many of which are nagging or snooping patches — released so far in October.
I don’t see any patches screaming to get out, as long as you aren’t using Internet Explorer. Of course, as I’ve been advising for a long time (a decade?), you should update IE but not use it. Instead, use Firefox or Chrome for your day-to-day browsing. If you have Windows 10, Edge is a secure choice, but it’s still way behind the ball on features – most Windows 10 users have moved to Chrome, for good reason.
Here’s what I recommend:
Vista – install all available updates.
Windows 7 – This is hairy because of the snooping patches just re-re-released. Start by reading this article in InfoWorld, then search through your list of available patches (in Windows Update, see the tab above that says “Automatic Update” for instructions). If you see any of these patches: KB 3035583, KB 2952664, KB 2977759, KB 3068708, 3022345, 3075249, or 3080149, [UPDATE: or 3083324, which now appears to be “Important”] [UPDATE: or 3090045, which is supposed to help upgrading to Win10] make sure they’re unchecked, right-click on the patch and “Hide” it. They’re all Win10 nags or telemetry patches. If you don’t see one or more of those patches, don’t worry about it. I have an article in the works that’ll show you how to turn off most Windows 7 telemetry.
(If you’re double-checking with last month’s recommendations, note: I received official information back from Microsoft about those patches, and it was demonstrably incorrect and/or misleading.)
After installing all outstanding patches, reboot, then immediately follow the instructions here to run the GWX Control Panel. That should turn off the Windows 10 upgrade nags. Reboot again.
Windows 8.1 – Similar to Windows 7, but uncheck and hide KB 3035583, KB 2976978 KB 3068708, 3022345, 3075249, and 3080149 [UPDATE: or 3090045, which is supposed to help upgrading to Win10]. If you don’t see one or more of those patches, don’t worry about it. I have an article in the works that’ll show you how to turn off most Windows 8.1 telemetry. Reboot, use GWX Control Panel to remove the Windows 10 nagging software, and reboot again. If you have trouble getting KB 3069114 to install, try installing KB 3096053 and see if that helps.
Windows 10 – If you’ve been using the metered connection trick to block Windows 10 updates, now’s a good time to turn off the metered connection and let the updates flow. (Start, Settings, Network & internet, Wi-Fi, click on your connection, then Advanced options, turn Metered Connection off. Let Windows do its update thing, then turn the metered indicator back on.) We’re up to Cumulative Update 7.
If you’re using the new Windows Store setting to block Automatic Store app updates, turn the switch in Windows Store on, then in Windows Store, click on your picture, choose Downloads and Updates, then click to Check for updates. Remember to turn the switch off again.
If you have problems installing the Cumulative Update, don’t worry about it. Microsoft will get its act together one of these days. All of the Win10 patches to date are cumulative (with a couple of driver exceptions), so when Microsoft gets caught up, you will, too.
We’re going down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. Specifically, I’m concerned about adding Windows 10 nagware and Microsoft snooping to Windows 7 and 8.1 machines. I’ll be following that closely in InfoWorld’s Woody on Windows.
The usual admonitions apply: In Vista, Win7 and Win8.1, use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). For Windows 10, the situation’s more complicated, depending on how far you’ve gone to block forced patches. The general procedure’s described above.
-
Microsoft re-releases Windows telemetry “snooping” and Win10 nagging patches, including KB 3035583 and 2952664
They’re baaaaaaack.
InfoWorld Woody on Windows
-
Windows nagware patches KB 2952664 and KB 2976978 install repeatedly
They’re back again. And again. And again.
InfoWorld Tech Watch
-
Microsoft re-re-releases KB 2952664, KB 2976978, and KB 2977759
And it looks like Microsoft has re-re-released KB 3022345 — the old patch that threw the SFC /scannow error — but with a new KB number, 3068708.
InfoWorld Tech Watch
-
Win7-to-Win10 patch KB 2952664 triggers daily telemetry run in Windows 7 — and may be snooping on users
I didn’t believe it until I saw it.
InfoWorld Tech Watch
-
Microsoft reissues botched KB 2952664 Win7 upgrade pack, KB 2919355 Win 8.1 Update
And five more patches.
Oh boy.
InfoWorld Tech Watch
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
pages print on restart (Win 11 23H2)
by 51 minutes ago
-
Windows 11 Insider Preview build 26200.5581 released to DEV
by 1 hour, 7 minutes ago
-
Windows 11 Insider Preview build 26120.3950 (24H2) released to BETA
by 1 hour, 8 minutes ago
-
Proton to drop prices after ruling against “Apple tax”
by 8 hours, 30 minutes ago
-
24H2 Installer – don’t see Option for non destructive install
by 1 hour, 34 minutes ago
-
Asking Again here (New User and Fast change only backups)
by 19 hours, 51 minutes ago
-
How much I spent on the Mac mini
by 9 hours, 18 minutes ago
-
How to get rid of Copilot in Microsoft 365
by 1 hour, 45 minutes ago
-
Spring cleanup — 2025
by 1 day, 1 hour ago
-
Setting up Windows 11
by 4 hours, 5 minutes ago
-
VLC Introduces Cutting-Edge AI Subtitling and Translation Capabilities
by 21 hours, 10 minutes ago
-
Powershell version?
by 22 hours, 3 minutes ago
-
SendTom Toys
by 6 hours, 20 minutes ago
-
Add shortcut to taskbar?
by 1 day, 1 hour ago
-
Sycophancy in GPT-4o: What happened
by 1 day, 18 hours ago
-
How can I install Skype on Windows 7?
by 1 day, 17 hours ago
-
Logitech MK850 Keyboard issues
by 23 hours, 59 minutes ago
-
We live in a simulation
by 2 days, 8 hours ago
-
Netplwiz not working
by 1 day, 19 hours ago
-
Windows 11 24H2 is broadly available
by 2 days, 20 hours ago
-
Microsoft is killing Authenticator
by 1 day, 8 hours ago
-
Downloads folder location
by 3 days, 3 hours ago
-
Remove a User from Login screen
by 1 day, 22 hours ago
-
TikTok fined €530 million for sending European user data to China
by 2 days, 18 hours ago
-
Microsoft Speech Recognition Service Error Code 1002
by 2 days, 18 hours ago
-
Is it a bug or is it expected?
by 20 hours, 38 minutes ago
-
Image for Windows TBwinRE image not enough space on target location
by 2 days, 17 hours ago
-
Start menu jump lists for some apps might not work as expected on Windows 10
by 1 day, 17 hours ago
-
Malicious Go Modules disk-wiping malware
by 3 days, 7 hours ago
-
Multiple Partitions?
by 3 days, 7 hours ago
Remembering Woody
