Newsletter Archives

  • More about the interlocking GWX patches, KB 3035583 and 2952664

    I assume y’all have read Andrew Orlowski’s article at The Reg.

    Reader JIY did a little more sleuthing, and here’s what he found:

    After reading your link to Andrew Orlowski’s article (great find) today, I broke out the tools to do some checking. Below are the screenshots of instances in which 2952664 and 3035583 were located in the registry. Five for 2952664 and one for 3035583.

    2952664 shot 1

    2952664 shot 2
    All files were contained in the folders, C:\Windows\SoftwareDistribution\Download\4a7d77dbff0bf4a0c11e5070d988f47b (for 2952664) and C:\Windows\SoftwareDistribution\Download\6f7643215b36bc8b4eae01ea7c4b5aab (for 3035583). In both cases, folders were created on 1/26/2016 and file dates were mostly 12/8/2015. The findings were exactly the same on both Win 7 x64 desktops.

    Below is a shot of one of the subfolders within C:\Windows\SoftwareDistribution\Download\6f7643215b36bc8b4eae01ea7c4b5aab (for 3035583). Not much more to wonder about, except how did they get there? Neither KB shows as installed on either system. The only conclusion I can reach is that I mistakenly allowed the installs in the effort to update these machines after they had been unused for about 3 months (in process of moving) and subsequently uninstalled. Still, I have a hard time understanding why I would do that since I’ve avoided non-security updates faithfully since about March 2015. So, while they might not be listed as installed, they and the related registry entries are still on those machines (for the next 2 minutes). When is an uninstall not an uninstall?

    2952664 shot 3

  • Must read: The connection between GWX’s 3035583 and 2952664

    Excellent detective work by Andrew Orlowski at The Register.

  • Two different versions of KB 3035583 issued on the 23rd and 24th

    Ends up there’s a reason why the KB article and the Windows Update site weren’t updated until a day after the new “Get Windows 10” nagware/malware was released.

    Big thanks to RD for sending me the timeline:

    It turns out that KB3035583 (and SUS/WSUS B894199) weren’t revised until after KB3035583 was pushed to Win7/Win8.1 late on the 23rd/early on the 24th. From Properties section of each KB:

    Article ID: 3035583 – Last Review: 02/24/2016 15:20:00 [UTC – i.e., 7:20 AM Pacific] – Revision: 10.0

    Article ID: 894199 – Last Review: 02/24/2016 15:23:00 [UTC – i.e., 7:23 AM Pacific] – Revision: 244.0

    KB3035583 was offered here at approx. 07:30 UTC on the 24th (i.e., 11:30 PM Pacific on the 23rd).

    FWIW a program update which upgrades Microsoft Security Essentials to v4.9.218.0 was also pushed late on the 24th. The dummy KB3140527 is associated with the update (‘dummy’ as in there isn’t a legit KB page, at least not one that’s publicly available).

  • Day late, dollar short, MS shows KB 3035583 updates on the Windows Update page and refreshed KB article

    Nice of them to oblige, almost 24 hours after the fact.

    KB 3035583 now mentions

    Last Review: 02/24/2016 15:20:00 – Revision: 10.0

    (that’s a bounce up from this morning’s 12/15/2015 Revision 7.0)

    The Windows Update page now says:

    New non-security content:

    • Update for Windows 8.1 and Windows 7 (KB3035583)

      Locale: All
      Deployment: Recommended/Automatic Updates
      Classification: Updates, Non-Security
      Supersedes: KB3035583 on Windows 8.1 and Windows 7
      Target platforms: Windows 8.1 and Windows 7
      Approximate file sizes:

      • Windows 8.1 update: ~ 615KB
      • Windows 8.1 x64 update: ~ 826KB
      • Windows 7 x64 update: ~ 821KB
      • Windows 7 update: ~ 612KB

      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.


  • KB article 3035583 – the “Get Windows 10” installer – has just been updated

    It now stands at version 10, revised 2/24/2016.

    This morning, it was at version 7, revised 12/15/2015

    Wonder when/if Microsoft will update the official Windows Update list?

  • With no warning, Win 7/8.1 ‘Get Windows 10’ nagware patch KB 3035583 suddenly re-appears

    The tenth version of the Microsoft’s much-maligned malware rolled out Tuesday afternoon

    InfoWorld Woody on Windows

    Thanks to everyone who participated in the fact-gathering,  here on AskWoody, via Twitter, and on my new AskWoody Facebook page.

  • KB3035583, the “Get Windows 10” app is re-re-re-released

    Please check your Windows 7 and 8.1 machines, and tell me if KB 3035583 appears in Windows Update? Post here and tell me (1) Windows version, (2) Does the patch appear in the Important or Optional list, (3) Is the box to the left of the patch checked or unchecked, (4) Italicized or not. Thanks!

    (Before you ask, I’ve never seen a definitive explanation about why patches appear italicized.)

    I’ve seen three many independent reports that KB3035583 – the notorious “Get Windows 10” patch – has been re-released. Not clear if it’s recommended or not, checked or not.

    Be careful out there.

    It still isn’t listed on the official Windows Update site, and the KB article hasn’t been updated, at close of business East Coast time on Tuesday.

    I’m seeing it as unchecked, Optional, italicized on Windows 7 machines.

    On my sole surviving Windows 8.1 machine, KB 3035583 appears as optional, unchecked, italicized.

    Look for the story tomorrow morning in InfoWorld.

  • Enough already: Microsoft pushes Windows nagware patch KB 3035583 for sixth time

    Make sure you run GWX Control Panel.

    InfoWorld Woody on Windows

  • Microsoft re-re-issues KB3035583, the infamous Win10 nag patch for Win7 and 8.1

    Now’s a good time to re-run GWX Control Panel.

    t/h DC

    Update: It’s in the “Important” list, but is not checked for automatic installation. Yet. That’s the approach Microsoft has taken many times in the recent patch: Don’t check it until a lot of marks, er, testers, uh, customers download and try it.

  • MS-DEFCON 3: Patch Windows, but beware the snoops

    It’s time to get caught up with your Microsoft patches. The September Black Tuesday patches have festered, gone through a few re-releases, and generally stewed enough to warrant applying to your machine.

    If I count Susan Bradley’s list of patches correctly, there were 75 patches released for Vista, Win 7 and Win 8.1 in September, and another six — many of which are nagging or snooping patches — released so far in October.

    I don’t see any patches screaming to get out, as long as you aren’t using Internet Explorer. Of course, as I’ve been advising for a long time (a decade?), you should update IE but not use it. Instead, use Firefox or Chrome for your day-to-day browsing. If you have Windows 10, Edge is a secure choice, but it’s still way behind the ball on features – most Windows 10 users have moved to Chrome, for good reason.

    Here’s what I recommend:

    Vista – install all available updates.

    Windows 7 – This is hairy because of the snooping patches just re-re-released. Start by reading this article in InfoWorld, then search through your list of available patches (in Windows Update, see the tab above that says “Automatic Update” for instructions). If you see any of these patches: KB 3035583, KB 2952664, KB 2977759, KB 3068708, 3022345, 3075249, or 3080149, [UPDATE: or 3083324, which now appears to be “Important”] [UPDATE: or 3090045, which is supposed to help upgrading to Win10] make sure they’re unchecked, right-click on the patch and “Hide” it. They’re all Win10 nags or telemetry patches. If you don’t see one or more of those patches, don’t worry about it. I have an article in the works that’ll show you how to turn off most Windows 7 telemetry.

    (If you’re double-checking with last month’s recommendations, note: I received official information back from Microsoft about those patches, and it was demonstrably incorrect and/or misleading.)

    After installing all outstanding patches, reboot, then immediately follow the instructions here to run the GWX Control Panel. That should turn off the Windows 10 upgrade nags. Reboot again.

    Windows 8.1 – Similar to Windows 7, but uncheck and hide KB 3035583, KB 2976978 KB 3068708, 3022345, 3075249, and 3080149 [UPDATE: or 3090045, which is supposed to help upgrading to Win10]. If you don’t see one or more of those patches, don’t worry about it. I have an article in the works that’ll show you how to turn off most Windows 8.1 telemetry. Reboot, use GWX Control Panel to remove the Windows 10 nagging software, and reboot again. If you have trouble getting KB 3069114 to install, try installing KB 3096053 and see if that helps.

    Windows 10 – If you’ve been using the metered connection trick to block Windows 10 updates, now’s a good time to turn off the metered connection and let the updates flow. (Start, Settings, Network & internet, Wi-Fi, click on your connection, then Advanced options, turn Metered Connection off. Let Windows do its update thing, then turn the metered indicator back on.) We’re up to Cumulative Update 7.

    If you’re using the new Windows Store setting to block Automatic Store app updates, turn the switch in Windows Store on, then in Windows Store, click on your picture, choose Downloads and Updates, then click to Check for updates. Remember to turn the switch off again.

    If you have problems installing the Cumulative Update, don’t worry about it. Microsoft will get its act together one of these days. All of the Win10 patches to date are cumulative (with a couple of driver exceptions), so when Microsoft gets caught up, you will, too.

    We’re going down to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. Specifically, I’m concerned about adding Windows 10 nagware and Microsoft snooping to Windows 7 and 8.1 machines. I’ll be following that closely in InfoWorld’s Woody on Windows.

    The usual admonitions apply: In Vista, Win7 and Win8.1, use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). For Windows 10, the situation’s more complicated, depending on how far you’ve gone to block forced patches. The general procedure’s described above.

  • Microsoft re-releases Windows telemetry “snooping” and Win10 nagging patches, including KB 3035583 and 2952664

    They’re baaaaaaack.

    InfoWorld Woody on Windows

  • Microsoft re-re-re-issues controversial Windows 10 patch KB 3035583

    Yeah, that’s the Windows 10 nagware patch for Windows 7 and 8.1.

    InfoWorld Tech Watch