Posted on April 20th, 2017 at 07:18 Comment on the AskWoody Lounge
Zeffy’s approach works, for now, but the new update engine is already out.
You gotta wonder why Microsoft’s continuing this self-destructive push. We need more carrots, fewer sticks.
I wonder if @abbodi86’s approach could be turned into a simple program?
InfoWorld Woody on Windows.
Posted on April 11th, 2017 at 14:57 Comment on the AskWoody Lounge
In today’s Security TechCenter release notes, there’s a sobering entry that looks like this:
If the PC uses an AMD Carrizo DDR4 processor, installing this update (KB 4015549 (the Win7 Monthly Rollup), KB 4015546 (the Win7 Security-Only patch), KB 4015550 (the Win8.1 Monthly Rollup), KB 4015547 (the Win8.1 Security-Only patch) will block downloading and installing future Windows updates.
Workaround / Resolution
Microsoft is working on a resolution and will provide an update in an upcoming release.
Sound familiar? On March 22 I wrote about Microsoft’s reprehensible approach to forcing Win7 and 8.1 off the newer 7th generation Kaby Lake/Ryzen processors.
Two days later I pointed folks to companies that are maintaining lists of supported PCs — ones that wouldn’t run afoul of the blocked updating. At the time I said:
I don’t know what Microsoft intends to do with AMD chips. The way the announcements stand, AMD Bristol Ridge PCs won’t have Win7 or 8.1 support, and there’s no magic list of manufacturers or machines that are exempt from the ruling.
Now it appears we have a real-world example of a supposedly-protected 6th generation chip, AMD’s Carrizo, which got zapped by the 7th generation police.
Microsoft’s own Lifecycle Policy FAQ says:
What is the support policy for prior generations of processors and chipsets on Windows 7 or Windows 8.1?
Windows 7 and Windows 8.1 will continue to be supported for security, reliability, and compatibility on prior generations of processors and chipsets under the standard lifecycle for Windows. This includes most devices available for purchase today by consumers or enterprises and includes generations of silicon such as AMD’s Carrizo [emphasis added] and Intel’s Broadwell and Haswell silicon generations.
Even more distressing: It looks like this obnoxious behavior extends to both the Monthly Rollup patches (which I expected) and to the Security-only patches (which I did not).
What a massive screw-up.
(Can anybody point me to a commercial machine that uses Carrizo with DDR4?)
Posted on March 22nd, 2017 at 07:30 Comment on the AskWoody Lounge
We have first sightings, and some idea of how the block will be implemented. But how to break the block?
See InfoWorld Woody on Windows.
Posted on August 9th, 2016 at 08:54 Comment on the AskWoody Lounge
OK, they’re tedious, but they’re simple and easy to follow.
Go from many hours to just a few minutes.
InfoWorld Woody on Windows
My thanks — and deep admiration — to Dalai, ch100, and EP.
IMPORTANT: I forgot to mention one patch, KB 3020369, that also needs to be installed. Chances are very good you already have it, but if not, check the KB article to download and install it.
UPDATE: I’m seeing reports that the July “magic” patch, KB 3168965, works for August, too. My current best guess is that it works for those who haven’t already installed the July patches.
UPDATE 2: Dalai has updated the wu.krelay.de page to feature KB 3177725, the new “magic” August patch.
UPDATE 3: Ends up that this month’s “magic” August patch, KB 3177725, has a bug in it that screws up printing multiple pages. Details coming in InfoWorld. For now, just relax. There’s nothing in August’s patches (or even July’s!) that’s super-critical.
Posted on May 9th, 2016 at 06:08 Comment on the AskWoody Lounge
Michael Horowitz at Computerworld echoes a sentiment we’ve been debating for far too long.
Posted on April 29th, 2016 at 20:24 Comment on the AskWoody Lounge
Good note from DC:I like you assumed that standalone KB updates should install without running any Windows Update checks however this doesn’t appear to be the case if you have the Windows Update service running and/or your internet connection open.If your Win7 system is suffering from the “frozen” Windows Update issue and you want to manually install the two KB updates (3138612 & 3145739) then you need to stop the Windows Update service (wuauserv) before attempting to run the MSU installer(s) and also temporarily disconnect your internet connection.When you run the manually downloaded MSU installer it will attempt to open an internet connection via the Windows Update service – this then triggers the endless “Searching for Updates …” message. The MSU installer doesn’t require this internet check to proceed – but if available will fall into the same “hole” as the normal Windows Update system. If you prevent the connection it gives up on the “Searching for Updates ….” check after a few seconds and proceeds with the install. I assume this is because the MSU installer (Microsoft Update Standalone Package) is treated as part of the Windows Update family and attempts to “phone home” for advice – rather than accept you are calling the shots.
Posted on April 24th, 2016 at 17:49 Comment on the AskWoody Lounge
Short answer, no. I’ll probably change the recommendation when we back down from MS-DEFCON 2, and start slipping in the April Windows 7 security patches.
Got a good question from AH, and it all boils down to this:
– Does an up-to-date WUC currently increase the danger of MSFT being able to slip W10 in through the cat-flap or is it genuinely a benefit to the WU process?
– If I decided that I wanted an up-to-date WUC, could I just install the latest KB and then all the preceding WUC updates would disappear from my hidden list?
– Can I install multiple WUC updates in one go without causing problems, or would they have to be done one at a time with particular attention being paid to supersedence?
I have the latest version of GWX Control Panel installed and monitoring as I type, and I am currently on hold, waiting for you to change the MS-Defcon status before I install diddly.
I don’t know if the latest versions of the Windows Update program add any more snooping capabilities to Windows 7, but I highly doubt it. The problem is that we simply don’t know – and won’t ever know – what info Microsoft is starting to collect from Windows 7. Moreover, if they’re collecting more information (probably on behalf of other updates), I’m convinced they’re handling the information in accordance with commonly accepted privacy principals. You may or may not like, say, Google’s privacy record. But Microsoft certainly hasn’t done anything worse than Google. I think.
If you want the latest Windows Update program, yep, you just install KB 3138612.
Every indication I have at this point says that the settings controlled by GWX Control Panel have been respected, and will be respected. Thus, if you’ve run GWX Control Panel, you should be free from the blight of sneaky Windows 10 upgrades.
Posted on March 10th, 2016 at 05:34 Comment on the AskWoody Lounge
I have a comment from ch100 that I wanted to elevate to its own post. He says:
Woody is right! I did the test in a ‘controlled’ environment using the WSUS approval mechanism and before Windows 10 had a chance to search for updates, I ran wushowhide. When launching the utility, in the background it launches svchost.exe which I am certain is the same svchost.exe process under which Windows Update runs. So this means that Windows Update is launched by wushowhide to scan for potential updates without installing them. This looks more and more like the old (Windows 7) Windows Update in which you could hide or select updates to be installed, although it is likely that it uses a different mechanism in the background.
Now I am questioning the practicality of this finding. It appears that if the Windows 10 OS is shut down, at short time after boot will run Windows Update. There is a built in Scheduled Task for this purpose. If any updates are available at that time, they get automatically installed without any chance to intercept them.
The only working scenario for our purpose is to block the updates during the likely period in which they are released which is the Patch Tuesday and sometimes another round of patches 2 weeks after, run wushowhide and wait for few days until there is enough proof that they are reliable and only after that unhide them and allow Windows Update to complete. The only way this would work is to set the Group Policy or Registry to Never Check for Updates or maybe Notify Only while hiding the updates which are not yet desired to be installed. Disabling the Windows Update service would not work as this would not allow wushowhide to run the update process.
Fascinating finding for understanding how this works, however it is a bit complicated to be put in practice as a regular routine.
I am waiting for other posters here to confirm the same findings maybe using a different method, not via WSUS but Windows Update online site and allow Woody to correlate the findings from all of us to draw the conclusions.
Yep, I’m working on an article for InfoWorld – and welcome any input. (Let me know if I can quote you and, if so, whether I can use your name.)
It looks like Wushowhide does block updates, as long as it is applied before Windows Update gets its jaws on the patch. That’s a revelation to me, but everything I’ve seen points to a resounding success.
The next step in the approach — I’m going to call it the Carboni Technique — involves blocking Windows Update. I’m very, very concerned about stopping Windows Update for a host of reasons, but blocking Windows Update (and running it manually when you need new patches) seems to be doable, and non-destructive.
I’m looking at various ways to block Win10’s Update, and am trying to settle on a way that works for everybody (Win10 Home and Pro alike), without interfering with truly important updates, including Windows Defender, MSRT, and anything else that relies on WU. Noel Carboni recommends using gpedit (which is only available in Win10 Pro) to set the Configure Automatic Updates task to Disabled. There are other ways to turn off Windows Update, and I’m considering them, too.
If you have any specific experience with blocking WU in Windows 10, I’d sure like to hear about it.