Can’t get the Win7 Monthly Rollup to install? Error 0x8000FFF again? There’s a reason — and you aren’t gonna like it

Topic

New Reply

If you thought that Microsoft solved the 0x8000FFF problem last week, you thought wrong. @abbodi86, @PKCano and @geekdom have uncovered the “exclusive
[See the full post at: Can’t get the Win7 Monthly Rollup to install? Error 0x8000FFF again? There’s a reason — and you aren’t gonna like it]

6 users thanked author for this post.

cesmart4125, Elly, abbodi86, walker, dlsdjh, GreatAndPowerfulTech

Reply | Quote

Replies

I suspect Group A is partially a Group B this month.. (catalog first prior to installing any Oct 2018 patches for W7) Ouch!

If debian is good enough for NASA...

Reply | Quote

So does this mean that if I already had the SSU installed (I installed it prior to Sept. WU), that I need to install the NEW & Improved SSU for further W7 WU’s?

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

As I understand it, the SSUv2 is not necessary if you have the vintage SSUv1.

7 users thanked author for this post.

LH, abbodi86, GoneToPlaid, CraigS26, OscarCP, HiFlyer, CADesertRat

Reply | Quote

Thanks Woody, I will wait for Defcon 3 then and all should go without the error, right 🙂

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

HiFlyer

Reply | Quote

To those who are not sure if they have the first version of 3177467 installed: it came out in September 2017 so, if already installed, it should be listed in “Installed Updates” along with the other installed patches from that month.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Chessie

Reply | Quote

September of 2016, NOT 2017.

2 users thanked author for this post.

Chessie, lanceboil

Reply | Quote

Quite right. My mistake.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

To those who are not sure if they have the first version of 3177467 installed: it came out in September 2017 so, if already installed, it should be listed in “Installed Updates” along with the other installed patches from that month.

I installed KB3177467 on its own on 02/10/2018 just before installing the September 2018 patches (Win7 x64 Group B).  Downloaded it from the Catalogue.  When I checked just now, it shows in View Update History, but is missing from Installed Updates.  What gives??

 

Dell Precision 3630 w/32 GB RAM, 500 GB (C:), 1 TB (D:)
Window 10 Pro x64
Internet: FTTC (Fibre to the Kerb)

Reply | Quote

I have it around Sept 2016

Reply | Quote

It would REALLY, REALLY help, if each  person posting a comment would refer to the Verson of Windows they are utilizing and/or referring to.  I had to keep “digging” before I found out what the “SSU” was.  It would save everyone who is interested in trying to keep his/her computers up to date.    Thank you to each and everyone who everyone who contributes!!

3 users thanked author for this post.

cesmart4125, Microfix, geekdom

Reply | Quote

This is a Windows 7 problem as stated in Woody’s title.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

walker

Reply | Quote

@walker SSU = Service Stack Update which is part of Windows Update. This pertains to Windows 7 64bit but, now I’m not sure whether this is also applicable to 32bit Windows 7

Edit: Post below by anon indicates that it also affects W7 32bit here: #223615

If debian is good enough for NASA...

Reply | Quote

In the catalog, KB3177467 is both 32-bit and 64-bit:
https://www.catalog.update.microsoft.com/search.aspx?q=3177467

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I’m waiting for def-con to move to 3 or above but have on my notes to install kb3177467 version 2 first then install kb4459922, kb4462923, kb890830. I’ll keep reading askwoody!

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

HiFlyer

Reply | Quote

0x8000FFF problem was only with Monthly Rollups not Security Only as far i know is that correct ?

Reply | Quote

According to the MS pages for KB4457145, 2018-09 Security-only Update, the SSU KB3177467 is also required for Security-only updates. It should be installed BEFORE the SO Update.

1 user thanked author for this post.

walker

Reply | Quote

@PKCano:  If these continuing crazy changes don’t “do us in”, I don’t know what will.    I am so confused already, that I feel it wouldn’t take much to “push me over the edge”.    Don’t know how much more of trying to handle all of these MS errors, etc. I can deal with.    It reaches the point where a user is afraid to touch anything.    Those of us who are “computer literate” are so very, very fortunate because at least they have some idea of what “the Sam Hill” is going on.    Thank you so much PKC for always being there with the right answers.   You are absolutely outstanding!!!!

Reply | Quote

While updating for the September cycle with a friend on his W7 machine Group B style we encountered error 8024402F simply by checking for updates in windows update.  Downloading 3177467  from the catalog & installing it manually was what cleared the error.

Had we looked for it first in the install history we might’ve avoided the error [issue], palm/face.  At least it was an easy fix but only because we knew about it to a degree by staying informed here.

Bacon saved again by askwoody, woo hoo.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

Don’t hold your breath waiting for a solution.

If we could, we would all be dead by now…

Unfortunately, the installer logic isn’t robust enough to first scan for an update to itself, install only that update, reboot and continue.

Of course not. We don’t work that way…

1 user thanked author for this post.

abbodi86

Reply | Quote

As a Windows 7 user, the point at which I have to go scouring through the Windows catalogue in order to install a particular update manually before I can safely install the other updates through Windows Update is the point at which I make a permanent switch to “Never check for updates” and take my chances with those less likely to wreck my machines than Microsoft.

3 users thanked author for this post.

wdburt1, Cybertooth, walker

Reply | Quote

Dependencies is something that’s been working in Linux package managers for 20+ years. Also, Linux can replace files in use without reboots, and lately can even upgrade the kernel without reboots. Seriously, MS’s servicing stack is pile of stinking p***…

4 users thanked author for this post.

Kranium, lanceboil, lurks about, Microfix

Reply | Quote

? says:

ok, so SSU KB3020369=v7.6.7600.320 (04/2015)

and KB3138612=v7.6.7601.19161 (03/2016) from: https://social.technet.microsoft.com/Forums/en-US/25eab023-f57e-4371-9e43-83956d804868/different-versions-of-windows-update-agent-in-windows-7-sp1-clients?forum=configmanagersecurity

is the newest KB3177467=v7.6.7601.23543 still?

reason for asking is i uninstalled KB3177467 in 2016 and still have the update components in winsxs (enough to keep the “Bass-O-Matic,” whirring anyway.)

Reply | Quote

You are confusing servicing stack with Windows Update Agent
both are separate

and SSU cannot be uninstalled normally, it’s permanent update

1 user thanked author for this post.

walker

Reply | Quote

? says:

i stand corrected, thank you, abbodi86! i currently have KB3020369 SSU (4/2015) and will need KB3177467v2 SSU going forward. my confusion stems from an earlier problem caused by conflict with Intel Bluetooth and KB3172605 (solved by an Intel Bluetooth package update.)

Reply | Quote

From Woody’s article on Computerworld:

Microsoft wants you to install the SSU separately from any other patches — you don’t want to fix the blender blades while they’re whirling, eh?

This fit in perfectly with Dan Aykroyd’s “Super Bass-O-Matic” video from vintage SNL. If not for quick thinking, live TV would have gotten Messy!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

I think when I got hit by the issue, I just used the info provided by ch100 and others to hide all offered updates, then scan to have the SSU patch shown now that updates were hidden, install it, unhide other updates and then install them. I didn’t manually download the SSU. I might have had to reboot during the whole process to have some the patches appear.

Reply | Quote

? says:

downloaded kb3177467 and see the files within are 6.1.7601.23505 e.g.:

<File id=”7″ name=”x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.23505_none_0bfc08bf3ea166ba\cbscore.dll” length=”845824″ time=”131136740078890000″ attr=”32″>

etc.,

so, i guess, …never have to scale, cut or gut again!

Reply | Quote

For the Non-experts ….. you could check the WU [ see “Installed Updates”] Link via WU/ View Update History/ top of Pg link) – and Search (top Rt “Search installed” box) for  KB3177467. Woody mentioned seeing it last in Sept ’16 (wasn’t in my History date group), AND I installed it 10/28/16 per Search results. Issue solved.

My Inst’d Updates View format is jumbled right now so Search was a huge help.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

1 user thanked author for this post.

walker

Reply | Quote

For what it’s worth, KB3177467 packages are here:
https://www.catalog.update.microsoft.com/search.aspx?q=3177467

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Yes… ALL of them are listed at that Catalog link. Before the mass confusion begins, the “V-2” versions are the ones dated 10/8/2018.

This mess could have been made much simpler had M$ given “V-2” an entirely different KB number!

Reply | Quote

We are at DEFCON-1; don’t patch unless you have a good reason or you like beta testing.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

woody

Reply | Quote

Purg2 wrote:

While updating for the September cycle with a friend on his W7 machine Group B style we encountered error 8024402F simply by checking for updates in windows update. Downloading 3177467 from the catalog & installing it manually was what cleared the error. Had we looked for it first in the install history we might’ve avoided the error [issue], palm/face. At least it was an easy fix but only because we knew about it to a degree by staying informed here. Bacon saved again by askwoody, woo hoo.

Hmm…interesting. I didn’t encounter this error since I too downloaded KB3177467 v2 from the update catalog so that I could compare its contents to KB3177467 v1, and then I installed it. Error 0x8024402F translates to:

WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS External cab file processing completed with some errors.

The above suggests that either you had a momentary issue with Windows Update, or perhaps there is a bug in KB3177467 v2 when it being installed via Windows Update? If the latter, then perhaps it depends on whether or not you already had v1 installed?

1 user thanked author for this post.

Purg2

Reply | Quote

PKCano wrote:

According to the MS pages for KB4457145, 2018-09 Security-only Update, the SSU KB3177467 is also required for Security-only updates. It should be installed BEFORE the SO Update.

If KB3177467 V1 is already installed, is V2 even necessary? My understanding is that all MS did is flag the V1 as a security update and call it V2. It appears that there are no updated files in the V2 release. Is that correct?

1 user thanked author for this post.

samak

Reply | Quote

It’s not functionally needed, but WU will offer it because it’s newer
no pain or gain except silencing WU 🙂

2 users thanked author for this post.

davinci953, samak

Reply | Quote

PKCano wrote:

According to the MS pages for KB4457145, 2018-09 Security-only Update, the SSU KB3177467 is also required for Security-only updates. It should be installed BEFORE the SO Update.

I saw that too. The thing is, Microsoft was never clear about the timing issues which KB3177467 v1 or v2 are supposed to fix. I had perhaps incorrectly assumed that the timing issues were related to installing two or more updates at the same time, while those two or more updates are being processed during bootup after having rebooted the computer. And now I am not so sure. I am beginning to wonder if it could apply even when processing a single installed update after rebooting.

I have a hypothesis for what could cause some timing issues when installing updates. I think that the timing issues could be related to CBS log files having grown too large, along with the many zipped versions of the CBS log files. When updating, Windows Update and the installation of new updates does scan all unzipped CBS log files. If those files are plentiful and huge, then things can slow to a crawl, and this might cause timing issues.

Now that I have mentioned the above, one should not merrily try to delete everything in folder where these files are stored. These files are stored in:

C:\Windows\Logs\CBS

The most recent CBS log file in the above folder is always named CBS.log. That is the file which one should try to delete first. If you get a message that the file is in use, then reboot and wait 15 minutes and try again. If you now were able to delete this CBS.log file, then delete all of the other files in the C:\Windows\Logs\CBS folder, and then reboot again.**

** Note: You might want to not delete any CheckSUR or DeepClean log files, since these files contain information about Windows Update servicing corruption (saved in the CheckSUR log files) and information about your Disk Cleanup activities (saved in the DeepClean log files).

After rebooting and having waited for 15 minutes, you will find that Windows has created a new CBS.log file with a file size which should be well under 1MB (only a couple of hundred KB in size at the most). Now, when checking for updates or even when trying to install updates which are already installed, you should notice that checking for updates is somewhat faster. And in particular you should notice that if you try to reinstall an already installed update, then you should get a much faster response which indicates that the update is already installed.

The upshot is that I think that several huge CBS log text files, which must be scanned and updated when installing updates, may be the possible culprit for the possible timing issues which the SSU KB3177467 is meant to fix. Again, this is just a hypothesis.

 

1 user thanked author for this post.

Kranium

Reply | Quote

Fyi, from my notes on 10-11-16 (Win 7):

First, I noted that dreaded and long-avoided telemetry update KB2952664 had refreshingly *not* made its usual re-appearance.

After other updates I begrudgingly installed KB3177467, which was on the Important tab and ticked.  The instant it finished — without even rebooting —  I got a “new updates are available” alert, and when I opened WU there was (unticked) attention-hog KB2952664 staring at me for the umpteenth time. And I hid it for the umpteenth time.

Reply | Quote

I am Windows 7 X64  Group B and I haven’t installed anything for Oct.

I installed KB3177467 back in 2016 but I am being offered V2 now, which I will install first before I install Oct updates when the defcon rating changes.

EDIT html to text

Reply | Quote

@PKCano :

I have  WIN  7 64 bit.  I have been offered the following  windows updates.

KB4459922

KB4462923

KB890830

 

I installed SSU KB3177467 on 21st September, 2018 , prior  to installing  KB4457144 and there were no issues   with installations of the  said Updates.

With the current turmoil on Windows updates I am waiting  for Devcon 3 so that   I  can update the above.

My question, is it necessary to again install KB3177467  as a prerequisite  to install the  October  updates ? Some people are reporting that they have received V2 of   KB3177467  [ which I haven’t ]

On a side note, I was thinking of  reformatting my Hard Drive somewhere in the new future. However, with   so many problems with Windows updates  currently, I am unable to decide for myself. What advice would you give me ? My only fear is that I don’t want to be stuck, neither here nor there.

Rajdeep

 

1 user thanked author for this post.

columbia2011

Reply | Quote

After doing my October windows update check the Win7 monthly roll up KB4463097 is not being offered.
Has it been pulled?
I posted in the Windows Patches for October thread along with snip it pictures of my check for updates results. Post #223685

FYI
I do have the original version of KB3177467 installed

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1  GROUP A
Processor:  Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller

 

MSE antivirus
Chrome browser

1 user thanked author for this post.

woody

Reply | Quote

KB4463097 is the October Rollup for Windows Server 2008; it’s not for Windows 7.

I can say that I am no longer being offered the October Rollup (KB4462923) as of this evening by Windows update. I’m back to being offered the September Rollup and Preview. So, perhaps the October Rollup has been pulled – even though it’s still in the Catalog and the support page doesn’t seem to contain any new information to that effect.

(I’m Win 7 Pro, SP1, x64, Group B)

Edit: I have the original version of the SSU, KB3177467, from 2016 installed with no issues in October of 2016.

2 users thanked author for this post.

dgreen, rick41

Reply | Quote

I just checked for updates and the October rollup went away for me too (Win 7), and  likewise the 2018-09 Rollup Preview reappeared on the Optional tab (KB4457139).

3 users thanked author for this post.

dgreen, columbia2011, DrBonzo

Reply | Quote

I confirm that KB4462923 has been pulled from WU. Tried several times to check updates and see only: KB4459922 (.Net Framework), KB4054530 (Framework 4.7.2).

Windows 7 Pro 64 bit SP 1 GROUP A

3 users thanked author for this post.

woody, DrBonzo, dgreen

Reply | Quote

I wonder if MS is doing something to fix the SSU bug I talked about yesterday?

https://www.askwoody.com/2018/has-microsoft-yanked-last-weeks-win7-monthly-rollup-kb-4462923/

1 user thanked author for this post.

geekdom

Reply | Quote

I think they (Msft) are fixing October monthly rollup just now with ancient SSU installer.

Reply | Quote

DrBonzo wrote:

KB4463097 is the October Rollup for Windows Server 2008; it’s not for Windows 7. I can say that I am no longer being offered the October Rollup (KB4462923) as of this evening by Windows update. I’m back to being offered the September Rollup and Preview. So, perhaps the October Rollup has been pulled – even though it’s still in the Catalog and the support page doesn’t seem to contain any new information to that effect. (I’m Win 7 Pro, SP1, x64, Group B) Edit: I have the original version of the SSU, KB3177467, from 2016 installed with no issues in October of 2016.

DrBonzo  You are correct, I posted the wrong KB# for the Win7 October rollup.
I just did another check and it is still not in my WU but still in the Microsoft Update catalog.

As this is my first time checking WU for October, was KB4462923 (rollup) even offered before in WU and now it’s disappeared?
EDIT TO ADD:
I see in above posts that others are confirming this.

1 user thanked author for this post.

woody

Reply | Quote

The Rollup was offered to me by Windows Update on Tuesday and was there for about 24 hours, then disappeared on Wednesday evening.

I just checked another Win 7 machine that hadn’t been checked since last weekend, and there was no October Rollup offered; only the October .NET Rollup and Malicious Software Removal tool.

More funny stuff coming down the chutes from MS!

3 users thanked author for this post.

dgreen, woody, columbia2011

Reply | Quote

@DrBonzo

seems that MS temporarily stopped offering the KB4462923 update thru WU, regardless of having either original KB3177467 update or the revised V2 version of KB3177467.

I recently ran a WU scan on a Win7 SP1 computer with KB3177467 V2 and KB4462923 is not being offered there.

1 user thanked author for this post.

DrBonzo

Reply | Quote

One would think it would be child’s play for M$ to denote a single update as important, security related, exclusive and to be installed before anything else as opposed to last and only after everything else has been installed – or at the very least to hold back a dependent cumulative update until the prerequisite SSU has been installed.

 

Assumptions vs Reality – a fool’s  overture.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Bassamatic video was offered, eh, so-so…  For me this came up next >>> much, much better and thanks for the link :

https://www.youtube.com/watch?v=dPV6nKrhOGg

 

Reply | Quote

Windows 7 Group B (four computers 32 bit Pro, 32 and 64 bit Home Premium)

I first looked over Installed Updates in History but since SSU can’t be uninstalled, it won’t show up there.

I haven’t gotten errors but I download from the catalog and install the chosen Security updates only manually. One computer I allow to check for updates.

I then spent some time looking over all the updates, starting in September 2016. I finally found that I had installed it 24 May 2017. My notes indicated Susan Bradley mentioned it should be installed. It was first offered in Sept. 2016 and updated Oct. 2016.

When the Patch Lady talks, I listen and do what she recommends.

That also goes for Woody. When he talks, I listen and follow his advice.

Thankfully that has kept our 4 computers working with not many headaches.

 

Got coffee?

Reply | Quote

GoneToPlaid wrote:

/snip

It wasn’t already installed, hence the need to manually install it.  Thanks for looking out though fella, much appreciated.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

Group A, Win7Pro-64_SP1, Intel Ivy Bridge (dual core) processor here.

Current status: Fully patched (up to Sep, 2018), plus (despite DEFCON-1) KB3177467 “SSUv2” and MRT 5.65 (Oct 2018) installed: all OK for now.

For those still trying to figure out what to do regarding the [KB3177467] “SSUv2 vs. SSUv1” question, here’s the deal: if KB3177467 is not installed yet, install SSUv2; if you have SSUv1 already, you don’t need SSUv2 but you may wish to install it and remove SSUv1.

To clarify: both versions of the KB3177467 package (SSUv2 and SSUv1, which can be found and downloaded from the Microsoft Catalog) are functionally identical: both contain a couple of compressed cabinet (.cab) files (the Servicing Stack Update (SSU) itself and a Windows Update Offline Scan file (WSUSSCAN.cab)) that, ultimately, lead to the installation of the same (v6.1.7601.23505) binaries.

Unpacking and carefully comparing these contents bring up a few minor differences (it’s Autumn: some XML “leafs” [tags] felt apart… :D) but, for any practical purposes, evidences suggest that the main (“major”, meaningful) differences between the two versions of the package are on the signature/datetime stamps and version numbers:

-The 2016 SSUv1 package (digitally signed with and using a build date of July, 2016) is version 6.1.1.1.
-The 2018 SSUv2 package (digitally signed with and using a build date of September, 2018) is version 6.1.2.5.

IMHO, to be safe and avoid (current and future) weird conflicting issues I think you should have one (and one only) of these packages installed – preferably, SSUv2 (although SSUv1 is probably fine, also – for now – if you already installed it, if all seems to be working fine and, particularly, if you’re not being offered SSUv2).

To verify what version(s) of the KB3177467 package you have installed type, from an elevated command-line prompt:

dism /online /get-packages /Format:Table|findstr KB3177467

For e.g. on a x64 system where the SSUv2 was recently installed (over the previously installed SSUv1) the output may look like this:

Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.1.1
                        | Superseded  | Update          | 2016/09/22 01:23
Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.2.5
                        | Installed   | Security Update | 2018/10/10 01:23

in which case I’d say you should keep SSUv2 only and safely remove (with no ill effects and no need to restart) the old SSUv1, by typing:

dism /online /remove-package /packagename:Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.1.1

Once you do that (and only SSUv2 is installed), checking for updates on an up-to-date (Sep 2018 Rollup [Group A] or Dec 2017 Rollup + Jan-Sep 2018 Security-Only + Sep 2018 IE Rollup [Group [[A|]B]]) Win7 system will probably show only the expected, usual suspects (MRT*, and the 2018-10 Windows/.NET Framework Rollups) – which, as we’re on DEFCON-1, you should put on hold for now and avoid like the plague. 😉

*Yeah, KB890830 (MSRT) is probably okay, too.

5 users thanked author for this post.

Microfix, AusJohn, Ed, abbodi86, columbia2011

Reply | Quote

whistling, cheering, and applause

That is a well stated post, Speccy. Your process makes sense to this anonymous voice. I look forward to further review. These are decisive indications and easy to follow directions.

Heading off a predicted question. Other readers please note Speccy’s specs at top. They are running Intel and the ‘amd64’ syntax is still correct in the removal command.

It might be true that this superseded package would be removed by an elevated run of Disk Cleanup. But I have not tested that.

Reply | Quote

It might be true that this superseded package would be removed by an elevated run of Disk Cleanup. But I have not tested that.

Well, I just did, and “Windows Update Cleanup” didn’t show up in the list of things to clean up.
To avoid anyone else thinking that I didn’t do it correctly, I ran Disk Cleanup right after installing all of September’s updatesearly last week (Oct. 7th to be precise), and haven’t run any MS updates until today when I got 3177467 V2 from WU.

Reply | Quote

? says:

doesn’t get any better than that! thank you, Speccy

Reply | Quote

Hi Speccy,

Nice write-up! I am glad that you joined the forum, and I really like your layman’s style of writing which is most helpful for non-experts. I do have some comments…

First, a quick note for All Win7 users:

The October 2019 Monthly Rollup and the October 2019 Security-only update have now disappeared from the Windows Update Catalog. They were there just a couple of days ago! A few minutes ago I un-hid the October Rollup in Windows Update and then performed another check for updates. The October Rollup remains available through Windows Update, yet it is now gone from the Windows Update Catalog. At least this is what I am seeing. Are you all seeing this as well?

Speccy wrote:

Group A, Win7Pro-64_SP1, Intel Ivy Bridge (dual core) processor here. Current status: Fully patched (up to Sep, 2018), plus (despite DEFCON-1) KB3177467 “SSUv2” and MRT 5.65 (Oct 2018) installed: all OK for now. For those still trying to figure out what to do regarding the [KB3177467] “SSUv2 vs. SSUv1” question, here’s the deal: if KB3177467 is not installed yet, install SSUv2; if you have SSUv1 already, you don’t need SSUv2 but you may wish to install it and remove SSUv1.

All Win7 users actually do need to install KB3177467 v2 since the update name is changed to start with the word “Security” and since the package file version number has changed from 6.1.1.1 to 6.1.2.5 for the installation packages, even though the actual servicing stack files in v2 are identical in every way to the actual servicing stack files in v1. The point is that, from now on, Windows Update is either going to check that the friendly name for KB3177467 starts with the word “Security” or that the KB3177467 package files with version 6.2.1.5 exist in your Windows\servicing\Packages folder, or even perhaps both.

At the present time, I do not recommend uninstalling KB3177467 v1 before installing KB3177467 v2 since v1 will become a fallback installation should MS for some reason yank KB3177467 v2 in their efforts to resolve the issues of Windows Updates not showing up until one hides all currently shown updates which you don’t wish to install. The reason why I do not recommend uninstalling KB3177467 v1 is that I see no reason to believe that there will be any future conflicts whatsoever by having KB3177467 v2 installed on top of KB3177467 v1, and since the actual servicing stack files (used by Windows Update) are absolutely identical in both versions of KB3177467.

If any Win7 user does choose to uninstall the KB3177467 v1 Servicing Stack Update (SSU) before installing KB3177467 v2, do yourself a favor and download and save KB3177467 v1 to a folder on your computer. A folder which is appropriately named “KB3177467 v1 SSU” might be a good folder name in which to save it. You can get both versions of KB3177467 from here (just look at the update names and the associated update times in order to readily identify the v1 and v2 versions in the list of updates):

http://www.catalog.update.microsoft.com/search.aspx?q=3177467

Speccy wrote:

To clarify: both versions of the KB3177467 package (SSUv2 and SSUv1, which can be found and downloaded from the Microsoft Catalog) are functionally identical: both contain a couple of compressed cabinet (.cab) files (the Servicing Stack Update (SSU) itself and a Windows Update Offline Scan file (WSUSSCAN.cab)) that, ultimately, lead to the installation of the same (v6.1.7601.23505) binaries. Unpacking and carefully comparing these contents bring up a few minor differences (it’s Autumn: some XML “leafs” [tags] felt apart… :D) but, for any practical purposes, evidences suggest that the main (“major”, meaningful) differences between the two versions of the package are on the signature/datetime stamps and version numbers: -The 2016 SSUv1 package (digitally signed with and using a build date of July, 2016) is version 6.1.1.1. -The 2018 SSUv2 package (digitally signed with and using a build date of September, 2018) is version 6.1.2.5.

Yes, true, as I unpacked and then compared the v1 and v2 files six ways from Sunday, and I saved my comparison results for anyone who is interested. I would add that the contents of the installation packages, in terms of the actual servicing stack files which are used by Windows Update, are 100% identical in every way in v1 and in v2. The only differences are that the version number and time stamps of the installation packages have been changed, and that KB3177467 v2 has now been reclassified as a Security Update.

Speccy wrote:

IMHO, to be safe and avoid (current and future) weird conflicting issues I think you should have one (and one only) of these packages installed – preferably, SSUv2 (although SSUv1 is probably fine, also – for now – if you already installed it, if all seems to be working fine and, particularly, if you’re not being offered SSUv2). To verify what version(s) of the KB3177467 package you have installed type, from an elevated command-line prompt:

dism /online /get-packages /Format:Table|findstr KB3177467

For e.g. on a x64 system where the SSUv2 was recently installed (over the previously installed SSUv1) the output may look like this:

Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.1.1
                        | Superseded  | Update          | 2016/09/22 01:23
Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.2.5
                        | Installed   | Security Update | 2018/10/10 01:23

in which case I’d say you should keep SSUv2 only and safely remove (with no ill effects and no need to restart) the old SSUv1, by typing:

dism /online /remove-package /packagename:Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.1.1

Once you do that (and only SSUv2 is installed), checking for updates on an up-to-date (Sep 2018 Rollup [Group A] or Dec 2017 Rollup + Jan-Sep 2018 Security-Only + Sep 2018 IE Rollup [Group [[A|]B]]) Win7 system will probably show only the expected, usual suspects (MRT*, and the 2018-10 Windows/.NET Framework Rollups) – which, as we’re on DEFCON-1, you should put on hold for now and avoid like the plague. *Yeah, KB890830 (MSRT) is probably okay, too.

Speccy — nice job on showing non-expert Win7 users how they can use DISM to check for updates which are installed on their computers. The forum needs some sort of DISM class (e.g., DISM 101) to teach users how they can use DISM to either check for installed updates, or how to use DISM to uninstall a given update from an elevated command prompt.

I so totally agree with Speccy that we remain at Defcon-1. With that said, I do recommend that all Win7 users install KB3177467 v2. Yet I do not see any reason why it is necessary to first uninstall KB3177467 v1 at the present time.

Best regards,

–GTP

1 user thanked author for this post.

Speccy

Reply | Quote

Still seeing the Catalog entries here.

https://www.catalog.update.microsoft.com/Search.aspx?q=4462923

https://www.catalog.update.microsoft.com/Search.aspx?q=4462915

1 user thanked author for this post.

walker

Reply | Quote

My KB3177467 is V1 and the one that is hidden says 2018-10 Update for Windows 7 for x64-based Systems (Important) not Security. Everything is on hold for now.

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

SSU are permanent updates, they cannot be uninstalled normally, it’s either need system restore point, or modifying .mum file in the system

the only normal way to uninstall KB3177467-v1 is to install KB3177467-v2 first 🙂

FYI, this is the second time in Windows history to see SSU with multiple versions
the first was Windows 8.1 Update prerequisite KB2919442

3 users thanked author for this post.

Elly, Speccy, ch100

Reply | Quote

Hi GoneToPlaid,

Thank you for your kind words. I do try to write clearly (considering English’s not my native language).

As for your last sentence, maybe I wasn’t clear enough after all because I never meant to suggest that it was necessary to remove SSUv1 first, before installing SSUv2 (in fact, as abbodi86 correctly points out that doesn’t make much sense: SSU are permanent updates and you can only remove SSUv1 – as I suggested – after installing SSUv2).

I meant two simple things:

1. If KB3177467 is not installed (at all), install SSUv2 (not SSUv1).
2. If KB3177467 is installed and it is SSUv1, install SSUv2 (over SSUv1) and remove SSUv1 afterwards.

There’s little point in keeping both SSUv1 and SSUv2 installed because SSUv2 superseeds SSUv1 by reclassifying the KB3177467 package: although the binaries are exactly the same, from now on Windows Update is going to check the SSU Package Type and look for a “Security Update” Package (SSUv2) instead of an “Update” Package (SSUv1) – or, as you simply put it, WU will look for the word “Security” in the package “friendly name”.

That’s why you don’t need SSUv1 anymore: in fact, “removing” SSUv1 when SSUv2 is already in place will merely “clean things up” (not actually “removing” anything but old/orphaned references). Also, you don’t need to keep backup copies of the SSUv1 installer at hand because if MS ever yanks KB3177467 again it will rather re-release it as a “SSUv3” (and increase the 6.1.2.5 version) rather than relying (as a fallback option) on the old 6.1.1.1 version.

As for the current status of this whole “mess”, we just moved to DEFCON-2 and I noticed our Patch Lady’s post and the Master Patch List indications for Windows 7 users but little, limited beta testing experimentation told me otherwise, so I’ll wait a little bit longer… No rush yet. 🙂

Edit to remove HTML (thanks PKCano)

Reply | Quote

Just reporting that the KB 4462923 is still on the list but now it is unchecked.

Reply | Quote

@geekdom and Microfix:   Thank you both for your input relevant to this “mess”.   All of your input has been very helpful, as well a that of our “STARS” who are guiding this ship, so it doesn’t completely sink (Woody, PKCano, abbodi86, and many others).     Thank you  all, once again for your outstanding help.    🙂

Reply | Quote

PKCano wrote:

Still seeing the Catalog entries here. https://www.catalog.update.microsoft.com/Search.aspx?q=4462923 https://www.catalog.update.microsoft.com/Search.aspx?q=4462915

My bad bad. I am really tired (I’m running on only four hours of sleep). What is broken is on the following two web pages:

https://support.microsoft.com/en-us/help/4462923

https://support.microsoft.com/en-us/help/4462915

On the above two pages, the links to the Windows Update Catalog for KB3177467 are what is now broken. Ain’t that a riot? In order to get the October Rollup to show up in Windows Update, one must first download and install the v2 version of KB3177467. Yet the link for KB3177467 v2 in the above two web pages doesn’t correctly point to KB3177467 in the Windows Update Catalog! Ain’t that a riot of fun?

I guess the rats which are a peddling away on the MS treadmills are a peddling away to resolve these issues, yet apparently the teeth of the gears which connect these treadmills are worn down to nubs. There was a very interesting Ars Technica news article about Windows Updates which was published today. It is a rather interesting read. See:

Microsoft’s problem isn’t how often it updates Windows — it’s how it develops it

I think that the above article gets to the meat of the matter in terms of what has been plaguing Microsoft for the past several years.

Reply | Quote

Strange, but those two links work form me OK. Using Firefox 62.0.3.
Are you sure you don’t have something blocked in your browser?
Or they just putting the pages back up ahead of my visit (LOL 🙂 )

Reply | Quote

Just 5 minutes ago I downloaded KB4462915 from the catalog for both 32 and 64, one from my laptop and the other from my desktop, so the SO is still available.

I have not used my desktop since 9/27, but after I selected and installed MRT, windows update removed all the remaining updates that were there and sent me KB3177467 as important and recommended, so at least WU is still sending out SSU v2.

Reply | Quote

PKCano wrote:

Strange, but those two links work form me OK. Using Firefox 62.0.3. Are you sure you don’t have something blocked in your browser? Or they just putting the pages back up ahead of my visit (LOL) 

I was talking about the Microsoft Update Catalog link at the end of the last sentence in this section which is the same on both of the web pages I mentioned:

“Before installing this update

Windows cumulative updates require that you install the latest servicing stack update (SSU) for your operating system <u>before</u> installing the latest Rollup. This helps to mitigate potential issues while installing the Rollup.

If you are using Windows Update, the latest SSU (KB3177467) will be offered to you automatically. To get the stand-alone package for the latest SSU, go to the Microsoft Update Catalog.”

It would have been nice if the Microsoft Update Catalog link, at the end of the last sentence above, actually took you to KB3177467 in the update catalog instead of just to the update catalog itself.

Reply | Quote

@GoneToPlaid:  It only gets more and more “crazy”.     If any of us “survives” what has been occurring with the updates, and everything else, he/she will be “one of a kind”.    I’m not touching anything, no matter what, until we can all be assured that it is safe to “take a deep breath” without the fear that “something new” is out there just waiting for us all.    🙁

Reply | Quote