Search Results for 'KB3133977'

Did you HIDE KB3133977 at some point?
If it’s not already installed on your computer you may have the same problem.

1 user thanked author for this post.

woody

I do not have Norton on my test machines.
But I have been patching my Win7/8.1 machines Group A with all patches at once and have had no problems.
In the case of the Win7, SHA-2 KB4474419 v.1 and SSU KB4490628 as well as the older Bitlocker-related KB3133977 had already been previously installed.
These are test (not production) machines not being used on a daily basis, so I may not have experienced some of the other problems (like VB issues).

2 users thanked author for this post.

Geo, Myst

Yes, KB3133977 should (had) be installed anyway

all recommended non-security updates are useful and safe, except the telemetry ones

1 user thanked author for this post.

jburk07

Knowing what we do now about KB3133977 and Win7, would it be easier to install 3133977 before installing ANY other updates for August if we didn’t install 3133977 when it was first offered back in 2017 and hid it instead?

1 user thanked author for this post.

jburk07

The 2019 SHA-2 Code Signing Support requirement for Windows and WSUS article is updated with more info for Windows 7

while it’s not listed as prerequisite, but the FAQ section now suggest to include update KB3133977 for new installations of Windows 7

those who have failed installations for already running Windows 7 OS can try the suggestion, particulary the last one (i.e. install KB3133977, reboot, run bcdboot.exe)

2 users thanked author for this post.

jburk07, woody

Based upon my reading of the instructions contained in the SHA-2 code signing support article mentioned above in anonymous’ post number 1911404, the FAQ mentioning error code 0xc0000428, it seems to me that one can avoid having to resort to those rather geeky steps spelled out by Microsoft by just checking to see if KB3133977 has already been installed before trying to install any of this month’s Windows 7 patches. SO, is the following installation sequence correct??

1. Check for KB3133977 being installed on the machine. If it isn’t, check Windows Update to see if it’s on the list of hidden updates. If it’s been hidden, unhide it and install it by itself, rebooting after the disk activity has subsided. Alternatively, one could try getting it from the MS update catalog and manually installing it that way, rebooting afterwards in the same fashion as if it had been obtained through Windows Update.

2. Install the revised KB4474419 (released August 13th) by itself and reboot after the disk activity has subsided.

3. Install KB4512506 (monthly rollup) or KB4512486 (security only), your choice depending on if you’re Group A or Group B patching. Reboot after disk activity has subsided.

4. Install any other patches of your choosing.

MVP’s please feel free to add any clarification/correct the sequence as needed!

However, I have a question of my own for the MVP’s here, especially @abbodi86 and @PKCano:

After reading the aforementioned KB articles from MS, they mention the error of Windows being unable to verify the digital signature of the file \Windows\system32\winload.efi as part of the IA64/x64 known boot issue with this month’s security only and rollup patches. I have that file already on my computer, dated the day I installed the July rollup patches. The wording of the IA64/x64 issue from MS is “IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977) may fail to start with the following error (Windows can’t verify the signature of the file I just mentioned just above)”. (I added the emphasis to the previous sentence). I hid KB3133977 back in 2017 when it came out, because I didn’t need it, as I don’t use bit locker and neither one of my computers is attached to a domain. With all of that in mind, am I good to go by NOT installing KB3133977 and just taking the plunge once we reach DEFCON 3 or above, or is it better for me to follow the sequence I described above in this post, and install KB3133977?

1 user thanked author for this post.

abbodi86

I wonder why they refer to KB3133977 when it has been replaced by KB3125574.
Also does anybody know what “were provisioned after the July 9th updates” means in the known issues section where it says “IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start…”

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Confirming that following the steps here (linked from the KB4512506 article):

https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

… under the last heading that refers to 0xc0000428 fixed the boot issue.

Microsoft: checking for KB3133977 before installing KB4512506 isn’t that difficult!

It looks like if you are using x64 (or IA64) with UEFI Boot and did NOT install KB3133977 this can happen.

Under known issues:

https://support.microsoft.com/en-us/help/4512506/windows-7-update-kb4512506

I had a server and laptop fail to boot this AM and both are x64 w/UEFI and did not have KB3133977 installed.

The actual files within WindowsUpdateDiagnostic.diagcab are dated May 2016 or earlier. I had tried this last year after I first installed the April 2017 Security Only update which blocked Windows Update for two of my three Haswell i5 CPUs. I tried it again after I uninstalled the April 2017 Security Only update. That too was a no-go to fix Windows Update. I had to restore the OS partitions of those two computers from offline backups.

On the other hand, the update troubleshooter has come in handy in the past when I used it on a couple of computers at the office which had Windows Update issues does indeed fix a variety of issues.

Here is one trick to remember when reinstalling Windows 7 in order to avoid installation failures for some of updates:

1. After installing IE11, immediately configure IE11, and then turn off Protected Mode in IE11 for the time being.

2. After the new Windows 7 computer has been fully updated, at least up to the point where one has to then make the decision as to whether to go Group A and install the Monthly Quality rollups or to go Group B and instead install the Monthly Security Only rollups, re-enable IE11’s Protected Mode.

3. Occasionally an older update may show up in the build process. If any update fails to install, try disabling IE11’s Protected Mode, and then immediately try to reinstall the failed update.

4. Remember to avoid KB3133977 which is the bitlocker update. KB3133977 will fail to install on Win7 computers which do not support bitlocker, and can also brick some ASUS computers. KB3133977 was presented as a recommended update and not as a security update.

Some updates were released before IE11 was released. If Protected Mode is enabled in IE11, then some updates will fail to install since those updates are not aware of the Protected Mode feature and can not successfully check IE or integrate into IE if Protected Mode is enabled.

 

4 users thanked author for this post.

Elly, HiFlyer, woody, AJNorth

This is not a new issue, and is listed in the Known Issues section of KB3133977 (updated April 2017). as well as being discussed here.

This page from May 2016 may be of some further help to you, and check out Woody’s blog from May last year Recommended BitLocker patch KB 3133977 causes some ASUS motherboards to freeze .

Try familiarising the Lounge Rules, regarding repetition, and A Note on Anonymous Posters

well today is 12/26/2017 – 04:44 PM US Mountain Standard Time
if you have a ASUS motherboard
the KB3133977 update for windows 7
still s**w up with your Secure Boot.
Cool now I have start all over
d**n I hate microsoft…!!!!!!!

Edit for content
Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

1 user thanked author for this post.

Ascaris

Thanks for getting back to me. That’s all way over my head. So I’ll forget about the screen grab and instead list the info the old fashioned way:

July Rollup (KB4025341)  Failed  7/12/17 (twice)

Update KB3147071  Successful  7/6/17

Update KB3068708  Failed  7/6/17

Update KB3137061  Successful  7/6/17

Update KB3138612  Successful  7/6/17

Update  KB3133977  Successful  7/6/17

Update KB3172605  Failed  7/6/17

Update KB3121255  Successful  7/6/17

Malicious Software Removal Tool- June 2017  Failed  7/6/17

Update KB3179573  Failed  7/6/17

Update KB30880149  Failed 7/6/17

Update KB3181988  Successful  7/6/17

Update KB3184143  Failed  7/6/17

Update KB2952664  Successful  7/6/17

Update KB3140245  Successful  7/6/17

Update KB31138378  Successful  7/6/17

Security Update KB4022722  Failed  7/6/17

Security Update KB4021558  Successful  7/6/17

Security Update KB 4022722  Failed 7/6/17

June Rollup KB4022719  Failed 7/5/17 (3 times)

Thanks.

PKCano wrote:

More information: 1. About the telemetry related patches, please see AKB2000007 2. I don’t find KB313397 listed in the Catalog. Typo(?) 3. AKB2000004 suggests not installing known problematic patches (see Step A3) My Personal experience: >I don’t want telemetry. The ONLY patches I have hidden are KB2952664, KB3021917,KB3068708, and KB3080149. >I have ALWAYS had “Give me Recommended” and “Give me updates for other products” checked. I have had no major problems because of it. >I DO NOT check anything that is not checked by default. >I have followed Group B type patching since Nov 2016 (avoiding Monthly Rollups). Basically the only thing I uncheck from WU is the Rollup. >Under present circumstances, and except for the telemetry patches which will remain uninstalled, I am very much considering moving to Group A. I don’t want Win10 EVER, although I have three VMs with AU1607 and an Insider VM with CU1703. I want to be able to continue to feel (somewhat) safe with my Win7/8.1 computers until EOL. And I think that Group A may be the best way to do it.

I don’t find KB313397 listed in the Catalog … 2nd “7” omitted …Should have been 3133977.

Thanks for clarifying Hiddens you have. THEY were 4 of the reasons I couldn’t understand Installing the whole May List via Give Me Rec with Importants. Other than KB3133977 wanting me to DISable W7 Secure Boot, I’ll likely be comfortable with future Recommended’s UNTIL the Forum warns of a New One to HIDE.

Thanks for all that you contribute!!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Thanks for the reply PK,

There’s so much FUD/confusion surrounding this kb.. But considering it could saves me from installing ~123 individual KBs It definitely worth figuring out..

PKCano wrote:

The general consensus here was it was for Enterprise use, no the general public.

It’s applicable for Ultimate as well.

Also, maybe as a reminder, or some trigger to further discussion, don’t you remember @Gonetoplaid’s post from earlier in May, which was a list including all of the individual KBs included within SP2(3125574).
Among those were:

• 5 are known/believed to contains telemetry: (KB3118401, KB3080149, KB3075249, KB3068708, & KB2999226).
• 5 are known/believed to cause/potentially cause issues: KB3102429, KB3133977, KB3080079, KB3006137, KB2970228