Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • This month’s Win7 patches KB 4034664, KB 4034679 causing second-screen problems

    Posted on August 14th, 2017 at 12:52 woody Comment on the AskWoody Lounge

    I pointed to Günter Born’s expose on Saturday. Now we have a full description of the bug — and proof of concept code! — thanks to Christian “NineBerry” Schwartz and his Wolfsbeeren blog.

    Computerworld Woody on Windows

  • Patch Tuesday Win7 patches KB 4034664, 4034679 causing problems with multiple screens

    Posted on August 12th, 2017 at 06:50 woody Comment on the AskWoody Lounge

    Günter Born has identified a persistent problem with this month’s Win7 patches, KB 4034664 (the Monthly Rollup) and KB 4034679 (the manual Security only patch). If you have a Win7 machine with two or more monitors, you need to look at his report on Born City.

    He reports bugs in the second-screen display of PDFs using PDF-Xchange Viewer. There are also reports of second-screen display problems with IrfanView, Adobe Reader.

    There are also reports of Excel losing the VBA editor icons on the second screen, and of Office 2013 garbling window titles, scrollbars, and other screen elements.

    Are you seeing any second-screen problems with this month’s Win7 patches?

    (Just a reminder: There’s a reason why we’re still at MS-DEFCON 2, and I don’t recommend you install the August patches at this point. It takes a while for problems to, uh, surface.)

  • July 11 security-only patch KB4025337 causes BSOD

    Posted on July 13th, 2017 at 06:40 PKCano Comment on the AskWoody Lounge

    Poster @skunk1966 reports

    I just installed KB 4025337 for Windos 7 (x64). After rebooting my system I got BSOD. Started up in safemode and ran sfc /scannow. Rebooted in normal mode and again BSOD.

    In the end I couldn’t fix it so uninstalled KB 4025337 using wusa cmd. Rebooted in normal mode and all is fine again,

    The computer, running Win7 Ultimate has an older Intel Core 2 Quad Q8200 (Yorkfield) and ATI AMD Radeon HD6450 graphics.

    Is anybody else seeing problems with the July 11 Security-only patch for Windows 7?

  • .NET Framework 4.7 is now available for Win7 SP1

    Posted on June 14th, 2017 at 07:49 PKCano Comment on the AskWoody Lounge

    This question from poster @CraigS526

    I upgraded not long ago to .Net Framework 4.6.2 JUST to get Longer File names and had No Issues. It never came up in Win Update to go from 4.6.1 — to ( .2 ) — so IF it is Not an option in June, is there any reason NOT to Install 4.7 Manually?

    .NET Framework 4.7 has just recently become available for Win7 SP1. Perhaps it would be a good idea to do some research on the problems with installation and use in Win7 SP1 before moving forward.

    Read here about the DirectX Dependency

    The DirectX dependency is now available in the Preview of Monthly Rollup released via Windows Update on May 16, 2017. The Monthly Rollup is also available for deployment via WSUS and the Microsoft Update Catalog under the following Knowledge Base Article ids:

    Windows 7 SP1 and Server 2008 R2 SP2: KB4019265
    Windows Server 2012: KB4019218

    The DirectX dependency is also available outside of the Monthly Rollup as an independent/standalone package in the Microsoft Update Catalog. Due to its relatively smaller size as compared to the Monthly Rollup package, this standalone package may be preferable for ISVs that need to redistribute the .NET Framework 4.7 with their application.

    Please see the following for more information: The .NET Framework 4.7 installation is blocked on Windows 7, Windows Server 2008 R2 and Windows Server 2012 because of a missing d3dcompiler update.

    And some information on known issues can be found here.

    .NET Framework 4.7 is also available for Win8.1 as a recommended update through Windows Update as of June 2017. It is also available for versions Win10, and as a part of Win10 Creators Update.

    Join us for further discussion on .NET Framework 4.7 on Win7 SP1 at Our .Net Framework 4.7 Upgrade Intentions

  • Windows 7 is unfit for business? Yeah, sure.

    Posted on January 17th, 2017 at 10:25 woody Comment on the AskWoody Lounge

    Here’s my contribution to fake news. You’ve read the headline. This is what you haven’t read.

    Late last week, the hardware-leaning site Myce published a translation of a Microsoft Germany PR release that says (via Google translate):

    Microsoft Deutschland recommends timely changeover to Windows 10 for a secure and modern IT… One of the most successful operating systems from Microsoft is gradually approaching the end of its life cycle : the extended support of Windows 7 will be completed in three years. This means for all customers with Windows 7 PCs that from January 14, 2020 there will be no security updates, updates and no technical support from Microsoft. .. it provides for higher operating costs – for example, maintenance, lost working time due to increased malware attacks, or even increased support requests. At the same time, many hardware manufacturers no longer provide drivers for Windows 7, which means that modern peripherals such as printers are no longer recognized.

    We’ve heard all of that before, and it isn’t any more true now than it was a year ago.

    Windows 10 has its benefits. I use it all day, every day, and I’ve written two 1,000-page books on the topic. I’ve come to terms with its insistence on updating things when I least want them, and its ill-defined snooping proclivities. But Win10 isn’t for everybody, and scare tactics like this don’t do anything for Microsoft’s credibility.

    I think Win7 is going to be around a lot longer than the author of this PR release.

    UPDATE: Günter Born, whom many of you will recognize as a highly respected German blogger, has an excellent article you should read. He cites a CERT report that argues quite convincingly that Windows 7 + EMET is more secure than Win 10 without EMET. And the conclusions he draws are not the Win 10 happy-happy conclusions in the PR release.

    He also notes that Microsoft Germany has yanked the original PR report.

  • Keep Win7 running for the long haul

    Posted on January 2nd, 2017 at 07:24 woody Comment on the AskWoody Lounge

    A series of steps you can take now, to keep Win7 in top shape.

    Includes details on installing a fresh copy.

    InfoWorld Woody on Windows

  • The case for not updating Windows 7. Ever.

    Posted on November 22nd, 2016 at 05:44 woody Comment on the AskWoody Lounge

    When I wrote in InfoWorld about the Windows 7 and 8.1 “patchocalypse” – last month’s abrupt change in the way Microsoft patches Win7 and 8.1 – I described two groups. I called them “Group A” and “Group B” (imaginative, eh?). In broad terms:

    • Those in Group A are willing to take all of Microsoft’s new telemetry systems, along with potentially useful nonsecurity updates.
    • Those in Group B don’t want any more snooping than absolutely necessary, and they don’t care about improvements like daylight saving time zone changes, but want to keep applying security patches.

    I also described the hold-outs:

    A third group, Group W, doesn’t want anything from Microsoft — no patches, no security updates, nada. I don’t recommend that you sit on the Group W bench, but it can be understood given changes Microsoft has made to Win7 and 8.1 machines, without our permission, in the past.

    Since that time, I’ve written a lot of words about Group A and Group B. There are procedures, and nuances, for both. But I’ve generally avoided writing about Group W (named in homage to Arlo Guthrie; some people call it Group C). There’s a reason why.

    I have a recurring nightmare – no, really – where somebody comes up with a really pernicious piece of malware that knocks out unpatched Win 7 and 8.1 machines, even when the owners of those machines are super-cautious. I’m talking about responsible Group W benchers who use alternative browsers (Firefox, Chrome), never click on anything that looks remotely dicey, and religiously run both antivirus programs and periodic antimalware scans.

    I would never forgive myself for recommending a course of action that puts a big swath of Windows 7 users in harm’s way. After all, Windows 7 still accounts for about half of all PC use world-wide, and it’s likely to continue to be the dominant desktop operating system for years to come.

    windows-market-share-2016-11-22

    Source: NetMarketShare

    I’m convinced that Group A (Monthly rollup) and Group B (Security-only updates) are viable alternatives, but there’s a lurking demon in the Group B closet. If we ever get a bad bug in a Security-only update, and that bug is fixed in a non-security Monthly rollup, all bets are off. If Microsoft breaks something in a Security-only patch, they need to fix it in a Security-only patch. Otherwise, those who only install Security-only patches are going to end up with bug-infested systems.

    I’ve fretted over this problem in many of my InfoWorld blogs these past two months. In fact, we’ve already seen a minor example, where a Security-only update bug in MS16-087 was fixed in a non-security part of a Monthly rollup. Microsoft documents it here:

    monthly-rollup-security-patch

    As best I can tell, that bug hasn’t been fixed in a Group B Security-only update. It may never be fixed in a Security-only update. That means someone who sticks to Group B and only installs Security-only updates will have the flaw in MS16-087 forever.

    That’s simply inexcusable, even if the bug only affects a small number people in an esoteric way, even if Microsoft has documented complex manual fix instructions.

    So we’re stuck between a rock and a hard place. On the one hand, Group B seems like an excellent approach for those who don’t want Microsoft’s Windows 7 snooping enhancements. On the other hand, if Microsoft can’t fix its own mistakes in Group B, there’s nothing you or I can do about it.

    With that as background, I’ve asked Canadian Tech – who slogs through these problems with hundreds of users – to repeat a recommendation he’s made many times:

    It now appears that B is an impractical strategy for 99% of users. And, here is the reason why: When an error is made in a security-only update, if the error turns out not to have a security affect, it may be corrected in a non-security update. In that case if you were following B strategy, you would be left with an un-corrected defective update installed on your computer. If you were extremely diligent and knew about it, you may be able to get the correction in specific cases. This would entail an extreme amount of diligence that few would be willing or able to provide.

    The new rollup style of updates that Microsoft is now providing to what we would call Group A, which include all kinds of updates (security and non-security), are cumulative. That means if you miss a month or even more, it will not matter because by installing the latest month’s rollup, you would be up to date.

    NOTE well, that Security-only updates are NOT cumulative. Which means if you miss a month, you may never get the missed updates.

    So one strategy that you may wish to consider is following Group C, but still updating .net and Microsoft Office through Windows Update, but installing no Windows updates at all. It would be advisable in this case that you stop using Internet Explorer because you would not be getting those updates, but instead use an alternative browser.

    Then, after following this strategy for some time, if things take a turn for the worse, and you decide you made the wrong choice (Group C with .net an Office updates), you can easily shift to A by simply using the latest offered Rollup offered in Windows Update.

    So, as things have evolved, it looks like the vast majority have really only two choices: A as described above or C (modified as described above). The good news is that if you follow the modified C strategy, you have a way back to the Microsoft way, that is easy to implement.

    There’s been an extensive discussion of Canadian Tech’s advice on the “Malwarebytes stumbles with false positive on KB 3197868, the Win7 November Monthly Rollup” post. Unfortunately, WordPress makes it very difficult to move comments from that post to this post, so I would ask those of you with strong opinions to please restate them (or copy and paste them) into the comments here.

  • Which way with Windows? Versions, builds, rings, updates, branches, and editions, Win7 to 10.

    Posted on September 12th, 2016 at 05:31 woody Comment on the AskWoody Lounge

    Cutting through a bewildering array of options.

    InfoWorld Woody on Windows

    Kits, cats, sacks, and wives,

    How many were there going to St. Ives?