Search Results for 'KB3133977'

Do you have KB3133977, KB4474419, and KB4490628 installed on your PC?

Install KB3133977 (2016 Bitlocker patch), from MS Catalog. Please see the note here if you have an ASUS motherboard.
Install SHA-2 KB4474419 (the most recent updated version)
Install SSU KB4490628 from the MS catalog

Install the Security-only updates you want from AKB2000003. Seen notes which contain telemetry. September patches are at DEFCON-3.

Install IE11 Cumulative Update KB4516046

1 user thanked author for this post.

Lori

Hi. I haven’t updated my Windows 7×64 and Windows 8.1×64 computers since the May Security patches, (installed early as recommended here). I do the monthly security only updates, and am trying to catch up.

On my W7 pc, I did the Service Stack update (KB4499175), the May 2019 pciclearstalecache and the first SHA-2 KB4474419 update, and the August IE 11 Cumulative update (KB4511872). I turned off remote access.

To catch up on my W7 pc, do I:
1. install the June Security update
2. skip the July one
3. install SSU KB4490628 from the MS catalog
4. install SHA-2 KB4474419 (the most recent updated version?)
5. install KB3133977 (2016 Bitlocker patch), from MS Catalog
5. install August security update
6. Wait on the September Security update with telemetry?
7. OK to wait on Sept. IE 11 update, even though Norton sent a notice about the out-of-band patch?

The only .NET update I’m offered thru Windows Update is KB4514602, which has version 4.8. Some here said not to install v4.8. I wasn’t sure what’s best?

Sorry for the long request. Thanks to anyone who can help!

Please verify you have these three updates installed : KB3133977 (2016 Bitlocker parch), KB4474419 (SHA-2 code signing dated 9/9), and KB4490628 (SSU)
Please read this post #1940976 first before proceeding.

Hi RM,

Are you on Group A or Group B? Just curious. Either way and now that you installed KB3133977, go ahead and install these two updates, in this order:

KB4516655 (the September Windows Update Servicing Stack Update). No reboot should be required.

KB4474419-v3 (version 3 of the SHA-2 Code Signing Update). This update does require a reboot. When asked to reboot, click Cancel in order to close Windows Update. Then reboot your computer. This method gets around a bug (actually a hang) which is seen on some computers if you instead click on the Restart button in Windows Update.

I am on Group B. I then installed kb4516033 (September Security Only Update) without any issues. If you are on Group A, wait for the all clear before installing KB4516065 (September Monthly Rollup).

I have installed the September IE Cumulative Update with no issues. I have not updated .NET since I like to wait a month or two in order to see if anything hits the fan with .NET updates.

Best regards,

–GTP

 

reply to PKCano post #1964746 and Gone to Plaid post #1964783:  After checking my BIOS again, I came to the conclusion that the BIOS on my computer was released before ASUS went to the Secure BOOT configuration. The computer is not a factory computer but a computer I had custom built to meet my requirements for CAD/CAE and it was probably built before Secure Boot.  I installed KB3133977 and the computer rebooted without any immediate issues.  Now I am ready to be able to install the updates for Sept when given the OK from Woody.  Thank you very much for assisting me with this issue.  It is appreciated.

UEFI and EFI are the same thing. Since you don’t see any Secure Boot option in your BIOS, this would indicate that ASUS did not enable Secure Boot within your computer’s BIOS for Windows 7. As PKCano mentioned, you can install KB3133977. If you upgrade to Win8.1 or Win10, then Secure Boot would get enabled in the BIOS.

If you do not feel the instructions apply to your computer, you should be able to install KB3133977.

In Response to PK Cano post number 1952969 and Gone to Plaid post number 1953363:  Sorry for the late response but had another crisis (non computer) to deal with.  I managed to print the ASUS bios update directions and tried to follow them.  The directions are for UEFI BIOS.  When I was able to check the bios on my computer I found that they are EFI BIOS and the directions do not work.   My EFI bios does not have any listings for secure boot under all category headings including Advanced.  So my question is:  Since my computer is running EFI bios, do I need to install KB3133977 since it appears to be for UEFI bios? In other words, what do I do now?  Thanks very much for your assistance on this topic.

There are some things you need to know about installing KB4512506. If you were not aware of them, you may have experienced a problem.

First, there were some prerequsites for installing KB4512506. KB3133977 (a 2016 Bitlocker patch), KB4474419 (SHA-2 Coding dated 8/12 but better 9/9/2019), and KB4490628 (April 2019 Servicing Stack). There was a caution on installing KB3133977 if you have an ASUS motherboard. That may have been the problem you ran into. See #1940976 and the Blog Article here, both contain the link to the solution which was caused by ASUS.

Going forward from there:
Win7 Monthly Rollups are CUMULATIVE. That means that this month’s 2019-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4516065) will contain all past months’ Rollups. Which means KB4516065 contains KB4512506. So you will need to resolve the problem with the latter before you install the former.

If you uninstalled KB4512506 to solve your problem, that would account for the older updates showing up. Once you reinstll KB4512506, they will probably disappear.

Now for the September updates:
We are still on DEFCON-2, which means WAIT to install them.
I have installed KB4516065 CU, KB4474419 SHA-2, MSRT, and KB4516655 SSU on a test VM without any problems. But that is in a TEST environment, not on production machines.

Thanks for the responses. I’m from the Group B  camp and only install the Security only updates.

Event Logs are showing Error Ox80070643 for the KB4512486 update installation.  I have KB3133977 installed, I tried that before I posted here. I have the  SHA-2 patch KB4474419  v2 dated 8/12) listed as installed but not V1 dated in March. I have downloaded the earlier version of KB4474419 but get a message when installing saying it’s “not suitable for my computer” so not sure why that was.

KB4490628 is listed as installed

I have run the update troubleshooter and nothing found, also System File Checker and all good there also.  So any further suggestions on what to try? Thanks.

Please read #1940976 about KB3133977.
KB3133977 is a 2016 Bitlocker patch (even if you are not using Bitlocker). Check if it is already installed. Otherwise, AFTER reading the linked post, you should install it  before the SO.

? says:

any errors in the event logs to work from? and you have the items from PKCano’s post above? and you have KB3133977 bit locker patch installed? you can download the standalone KB4512486 from AKB2000003 (search the lounge box) to your desktop and try it after checking your event logs…

1 user thanked author for this post.

PKCano

It was not just HP Pro 6305’s. We found the update was required. Look through the main blog post in the last month – there was a huge discussion about KB3133977 especially on machines with ASUS motherboards.

Is OK I found a solution.

Needed to get into recovery mode and run the following.

dism.exe /image:C:\ /cleanup-image /revertpendingactions

It would error out with an error about service in use, wait a minute run it again it gives another error. Run 1 final time, still likely to give error.

Reboot machine, log in as local administrator, manually install update kb3133977

Reboot machine, Now able to get back into windows.

It is a bit of a palaver, and the update in question is meant to fix a bitlocker issue, something none of these machines should suffer from because they are Pro so no Bitlocker.  Grrrrrrr. that update isn’t even in our SCCM console so going to manually deploy the msu to all windows 7 machines.  I am also going to deploy the Server 2008R2 version of the file to our servers before they get any more updates.

So if you have a HP Pro 6305 make sure you have KB3133977 installed or are prepared to go through all the above.