|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Kirsty, I wondered why I couldn’t access the original page . . . I kept getting 504 Timeouts last week. I had wanted to read any comments that might have pertained to January’s updates prior to installing them.
Is it possible to select and copy the comments on January’s updates (if any) from that page and then paste them here in order to make sure nothing fell through the cracks? That is, none of us in Group B missed reading something really important or helpful?
Many thanks!
@suew there have been 504s on pages with barely any posts in recent days/weeks, so that may not have been the only issue. While the topic is now closed for new postings, it can still be read (if you can get past the 504s).
If the problem persists, we might have to split the closed topic in two, but I might keep an eye on that, balanced with the other problems 😉
… it can still be read (if you can get past the 504s)
Hmmm — I gave up after at least a dozen attempts!
Thank you, @Kirsty, for your explanation (and your always helpful comments). Indeed, it is a balancing act :).
Ok @skiph, off-topic here, but to reply: no, that’s not an option (refer recent topics on nesting/threading/paging, and the various issues that caused) 🙂
We have three options:
> Let everybody post
> Break posts into pages – but you really need to have linear (not indented) posts to make that work
> Seal the topic off of further comments.
I thought we’d get better speeds by turning the replies linear, and breaking the pages up into 10 or 20 posts. But it didn’t work out that way.
If this ‘forum’ software had a way to limit the posts-per-page (other than turning off the ‘nested’ display method), then it wouldn’t take so looooog and be so sloooow to load up a page of many posts.
And that’s at the crux of the problem. If you have nested replies, how would the software break them into pages? I struggled with that for a while, and finally gave up.
It does work, intermittently. Some people get no emails at all, but I get several each day (and cannot guarantee that is all that I should be getting, though).
It may have something to do with the email address, as @sparky noticed a few months ago.
The IE patches are cumulative, so you only need the latest one.
I’m now ready to install the March update, but have I done this out of sequence, i.e. by installing the March updates now will I be undoing the remedial work of KB4100480?
No, the March patches do not cause a problem for KB4100480.
Also, weirdly, Windows Update no longer offers me the March update.
As a Group B’er, you want “Security Only” updates, which Windows Update doesn’t give you. It gives you “Security Monthly Quality Rollups”, which you do not want, nor any previews. Use this the list, which PKCano updates monthly to get the Catalog download links for both “Security Only” and IE cumulative.
Hello everyone,
Following are my notes about the Group B updates.
GROUP B SECURITY ONLY UPDATE INSTALLATION NOTES
NOTES ABOUT THE 2017 UPDATES…
The January 2017 update KB3212642 will not show up as installed after the March 2017 update is installed, because KB3212642 was superseded by the March 2017 update. This supersedence is not documented by Microsoft.
There was no February 2017 update.
The Security Only updates should be installed sequentially and in the order of their release dates, except for two notable exceptions which are described below.
1. Install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from subsequently being blocked on some older CPUs. This was Microsoft’s way of saying “thanks” to users who installed Windows 7 on newer generation hardware such as on computers with AMD Ryzen CPUs, yet at the same time Microsoft inadvertently killed Windows Update for some older CPUs such as Haswell Core I5 CPUs and other CPUs.
2. Install the September 2017 update before installing the August 2017 update since the September 2017 update includes newer updates for kernel mode drivers and the Windows kernel. The kernal mode drivers in the August 2017 update have issues. This is why you should install the September 2017 update before installing the August 2017 update.
The October 2017 update may cause Jet DB issues with much older applications. A fix is available at:
The November 2017 update may break printing for some Epson dot matrix and POS printers. Update KB4055038 is available to fix this issue.
NOTES ABOUT THE 2018 UPDATES…
The 2018 updates for Meltdown and Spectre COMPLETELY FAIL to protect against the BranchScope security vulnerability which was publicly disclosed in late March 2018. BranchScope is a new variant of the Spectre (CPU speculative execution) class of vulnerabilities which were publicly disclosed in January 2018. BranchScope theoretically can be mitigated, yet doing so is far from easy.
The QualityCompat regkey must be set before installing any 2018 updates. This regkey should be set ONLY IF ALL INSTALLED ANTIVIRUS SOFTWARE has been updated to be compatible with all 2018 updates, regardless of whether or not the antivirus software automatically runs when booting Windows or later is manually run, because most antivirus software installs low level I/O drivers which are loaded when Windows starts, regardless of whether or not the antivirus software itself actually runs when Windows starts.
The upshot of the above paragraph is: Make sure that ALL installed antivirus programs have been updated to be compatible with the QualityCompat regkey BEFORE you install any of the 2018 updates.
********************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat]
“cadca5fe-87d3-4b96-b7fb-a231484277cc”=dword:00000000
********************
The 2018-03-29 KB4100480 Windows kernel update must be installed immediately after installing any of the 2018 updates in order to address a kernel escalation of privilege vunerability. This update may be installed after installing the 2018 updates and rebooting.
The January through March 2018 updates are inherently flawed by Microsoft. These flawed Meltdown updates expose ALL kernel and program memory to ANY program. This new expoit is called Total Meltdown. Microsoft themselves created this Total Meltdown flaw. NO MALWARE TECHNIQUES WHATSOEVER ARE REQUIRED IN ORDER TO EXPLOIT THIS FLAW.
The March and April 2018 security only updates KB4088878 and KB4093108 still have issues (SMB server memory leaks and stop errors). KB4100480 Windows kernel update for Total Meltdown must be installed immediately after installing the March update. KB4099467 must be installed immediately after installing the March update to resolve stop error (ab) when exiting a Windows session.
The April 2018 security only update will be presented and will install REGARDLESS OF WHETHER OR NOT the QualityCompat regkey is present and set within your Windows 7 computer’s registry. Why? Because Microsoft is trying to cover their collective rear ends in order to resolve the Total Meltdown vulnerability which Microsoft themselves created. The upshot is that, after installing this update and if your antivirus software is not compatible with the QualityCompat regkey, then your computer may BSOD on reboot. Microsoft kindly leaves it up to you in order to figure out how to resolve this issue.
Best regards,
–GTP
Is it correct that KB4100480, KB4099467 and KB4099950 are now included in the April KB4093108 update?
Yes for KB4100480 and KB4099467. No for KB4099950.
Evidence is at https://www.askwoody.com/forums/topic/april-2018-patch-tuesday-is-here-and-its-a-biggie/#post-183508.
Is it correct that KB4100480, KB4099467 and KB4099950 are now included in the April KB4093108 update?
That is a good question. The article for KB4093108 states that KB4093108 supersedes KB4100480, yet makes no mention about KB4099467 and KB4099950. Additionally, the Microsoft Update Catalog Package Details for KB4093108 do not list KB4093108 as superseding ANY updates whatsoever. Now, isn’t this a riot of fun to try to figure out?
Yet at the end of the day, KB4099467 and KB4099950 still appear to remain stand-alone updates which are not part of KB4093108.
Nothing verified, yet this is all that I have to say at the present time.
What will Group B folks be missing by never doing 4088878 on Windows 7 x64 machines that are up to date from February? Are there stable updates from within 4088878 that can be done separately from the catalog?
I’m wondering if March updates will eventually have to be installed or if “just” April 4093108 will be the way to go due to it containing fixes for things like 4100480 & possibly 4099467.
Having only installed March MSRT last DEFCON 3, it’s a bit worrisome that the others might still need doing, so I’m hoping some can be avoided. Perhaps I’m fooling myself. Please advise, thanks.
Group B folks who do not install March update KB4088878 will be missing all the fixes contained in the patch. Security-only patches are NOT cumulative. If you do not install one, you never get the fixes contained in it.
April security-only update KB4093108 takes the place of KB4100480 and KB4099467. But it does not contain the fix for NIC/IP address problems. You will need to download KB4099950 and install it manually BEFORE you install the March and April Security Only UPdates. (And, yes, you need both).
As Group B you will also need to download and manually install the IE11 Cumulative Update every month.
My suggestion is you manually install KB4099950, reboot, check to see if C:\Windows\LOGS\PCIClearStaleCache.txt file is present. If it is….
Install 4088878 KB4093108 KB4092946 (in that order, not necessary to reboot in between), reboot.
Wait for DEFCON 3 or above to follow Woody’s patching.
Like the man said: Helps to unmuddy the water a bit. I would even say ‘a lot’.
Held off any updates (or uninstalls) for more than a month. Just couldn’t keep up with all the patches and repatches, but now I was ready to give it a try – thanks to @MrBrian’s sum up.
Had IE 4092946 and 4100480 already installed, and that turned out to be no issue when I just installed 4099950 > reboot > 4088878 > 4093108 > reboot.
Everything’s working fine – for now.
Thank you again & always @Woody @sb @MrBrian @PKCano!
Looking for clarification and a recommendation on the following.
Group B. I haven’t updated since December so nothing from January through April. Above it says to install KB4099950 prior to the March KB4088878 update. But this article, https://www.askwoody.com/2018/patch-lady-kb4099950-gets-a-revision/, says KB4099950 does not apply to Group B patchers. Come time, do I install KB4099950 reboot and check for PCIClearStaleCache and then proceed or KB4099950 is not needed?
For the January KB4073578 or KB4056897, February KB4074587 and March updates KB4088878. Is it advisable to hold off on those for a bit longer since they don’t contain any critical patches and seemed to cause many issues or it is not recommended to continue waiting on them?
Thank you very much for sharing your knowledge.
Look for the answer to your questions to be finalized when Woody raises the DEFCON level to 3 or above. At the time, he will publish his recommendations in a blog post ans a ComputerWorld article.
All the information is not in yet.
I have some possible adjustments for the list:
KB3044374 was mentioned as don’t skip (in 2015), so maybe it shouldn’t be on the avoid/uninstall list.
“so don’t think you can skip it”
https://www.computerworld.com/article/2910739/patch-management/microsoft-elaborates-on-kb-2990214-kb-3044374-windows-10-nagware-patches.html
Add to junk list to not install / uninstall:
If you still have KB3035583 installed somehow remove it?
KB3123862
KB3173040
KB3163589
KB3075249
KB3090045
KB3072318
KB3064683
KB2977759
KB3081954
Most(all?) of these never had any value and should be obsolete, so there is very little reason to have them installed.
The SmartCard problem has been fixed, if that’s what you are referring to.
There have been other problems with this year’s updates. You might want to read over Woody’s DEFCON blogs and those topics where he summarizes the problems. Be sure to include the linked ComputerWorld Articles. There have been a number of hotfixes as well.
There is a problem with the May patches uninstalling NICs in Win7 that has not been fixed.
1) I noticed there is no Windows Update Cleanup in my Disk Cleanup options.
Run Disk Cleanup, click on cleanup System Files. If you have run Windows update it will be there.
2) I read many guides and none of them mentioned KB3138612, also KB3020369 is redundant since KB3177467 replaces it, as clearly stated on its page.
(I know you are going to ask. Yes, all four)
3) Do you really have to install manually all the security-only updates? That’s really annoying… Why can’t you just select all of them in WU and let it do the job for you?
Security only patches are NOT offered in WU, only the Rollups. I thought you said you wanted to be in Group B.
4) Do you instally ANY update that shows up for Windows Office 2010, even those from 2013?
I use Office 2010. I install all the checked important updates. from WU
5) In the optional updates you don’t install anything?
Group B does not check “Give me recommended updates the same way I get important updates” in the WU settings. If you read Akb2000003 you will see the guidelines.
The Internet Explorer updates are cumulative – only the latest one needs to be installed.
4. Download and Install manually from AKB2000003, the Security Only Quality Updates from Oct 2016 to the current month and the latest Cumulative Update for IE11
IE11 Cumulative Update is part of the Rollup you install as Group A. You do not have to worry about the individual file. It is used by Group B.
6. Install everything else that is CHECKED in the “important updates” list.
Yes, yes, yes, you need them.
The Windows Security-only patches have to be downloaded from the catalogue and installed individually using the M/S standalone installer. I myself would have WU turned off whilst doing this, until I want it to do a search afterwards. But forgive me if I’ve misunderstood your point.
If you set WU to “Never check for updates” and disconnect from the Internet during the install, it may help you.
And you can do a direct download from AKB2000003 – those are direct Catalog downloads
My Windows 7 doesn’t have “unfixed bugs”. I’ve never had the problem you describe at all…………………………………..or any bug-related other problem, for some time now.
I don’t even look in the optionals b/c they are all unchecked. But you can hide them if you want. I makes no difference.
Seeing as we have probably 19 more months of Win7 Group B security-only patches & 55 more months of Win8.1 Group B security-only patches coming from MSFT, might I suggest splitting AKB 2000003 into separate AKBs, 1 for Win7 & another for Win8.1?
As it is now, it will only keep getting larger and may eventually grow too big to keep together in a single post. Once support for Win7 stops in 2020, it would make more sense to separate out Win8.1 and why wait until it gets larger to do it?
No real necessity to do it now but either way, I find this AKB to be extremely valuable especially to those who perform clean installs and wish to remain in Group B and I thank you all for keeping this AKB updated.
Thank you.
Group B / Win7 (Ultimate & Pro) [x64 & x86]
RDRguy
Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS
The instructions directly above are the correct ones after the revision 4/17.
Slight revision. Install in this order – reboot where indicated:
KB 4074587 Feb SO
KB 4073578 Jan SO
KB 4099950 (be sure you download both files .msu and .exe – only double click .msu)
KB 4088878 Mar SO
Reboot – wait 15 minutes after login to proceed.
KB 4093108 Apr SO
KB 4103712 May SO
KB 4103768 May IE CU
Reboot
First let’s get the correct information about DEFCON. The DEFCON rating only applies to the current month’s updates. The fact that we are at DEFCON-2 does not mean you can’t update anything. It only means that THIS month’s updates are on hold. Updates from previous months have been cleared (or not) and according to that month’s instructions are safe to install (or not). So th only on-hold as of today, are June 2018 Updates.
My recommendation for your case:
+ You are up to date as of your April 2017 image.
+ Download all the security-only updates. the Dec. 2017 IECU, and the May IECU.
+ Set Win Update to “Never check.” Reboot.
+ Stop (not disable) the Windows Update Service. Leave the Services window open.
+ Start with the 2017 security-only updates you are missing and install them in order. Then install the Dec. 2017 IECU. You do not have to reboot between the patches.
+ Reboot, wait 15 minutes after login (Task Manager usage should drop to 0 or a very small number)
+ Stop (not disable) the Windows Update Service. Leave the Services window open.
+ Install the May 2018 Security-only update, then Jan-April SO, then the May IECU (Hopefully, installing May’s SO first will take advantage of fixes). If you find a second .exe file with any of the SOs, download it and put it in the same location as the patches but don’t click on it)
+ Reboot.
What you are doing is updating to Dec 2017 and rebooting. You may want to make an image at this point b/c Dec 2017 is stable and before the M/S mitigation. Then catch up to date and wait for the DEFCON-3 for June patches.
Should I still wait for the DEFCON 3?
Yes, because in addition to the DEFCON number, Woody puts an article in ComputerWorld with further instructions.
That second .exe file you were talking about.
The second file (the .exe) will appear in the download link for the SO if it is still needed. The SOs have a .msu extension. If you also see an .exe when you click on the link, download it also. It has no KB number. It will get automatically executed in the SO installation process. You don’t have to do anything with it except put it in the same location (folder or whatever) as the SO.
Woody will probably raise the DEFCON number this weekend or sometime during next week. Certainly before the next Patch Tues.
@anon 210026, thanks for the info.
In the ghacks link, According to M.Brinkmann: When you check the Update Catalog listing and there the package details, you see which updates KB4345459 replaces. It does not replace 4338823.
This is why I’m suggesting that the wording on the list is confusing to others & should be changed to reflect that 4338823 is still required.
I’m not about to do that until the defcon changes. I just want to get it right when the time comes to help my buddy get his Win 7 machine updated.
@OscarCP, interesting, thanks.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
FWIW, I patched WIN 7 Starter 32 bit last night. Did the IE 11 (4339093) first, then rebooted. Then I did OscarCP’s 1) and 2) with a reboot after each patch. Everything is fine.
Also, there’s a post from Aboddi86 somewhere here on AskWoody where he states that 4345459 does indeed replace 4338823. I’ve gotta run right now, but I’ll try to find that post later. So, I think you could forget about the original SO patch (4338823) and just do 4345459 and be just fine. I did both just because I was curious and was using a guinnea pig machine.
@purg2 Look here and a few posts above and below it. It’s a short interchange between me and aboddi86 about the original SO patch and it’s replacement; i. e. KB4338823 and KB4345459, respectively.
edit: forgot the link. Here it is
DrBonzo, I really appreciate the input & links.
This post still has me concerned about the need for either 4338823 or 4345459, or both.
/snip…..install KB4345459 only as suggested, or install both either will work
Head hurts, will come back later to see what’s what.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
W7 SP1 Home x64 Group B
Installed all pertinent Aug updates after taking usual precautions and no issues.
KB890830 MSRT
KB4343899 OS Security Only
KB4343205 IE Cumulative
KB4345590 .Net Rollup
Stopping phase of the IE restart took about 15 minutes. I was patient.
Event viewer showed warning that ASP.Net setup couldn’t run because IIS was missing. I won’t enable it, either!
So, there it is. Now in holding pattern for September.
? says:
Thank you for the update info StruldBrug, i also updated 5 win7 32bit (mixed Intel and AMD processors) for July and August with the SO’s, IE’s and MSRT’s and Office 2010 (on one machine). DISM kicked out KB2509553 MS11-030 from 04/11/2011 a LLMNR DNS resolution patch…
Woody did not change the DEFCON-1 rating for the July patches because there were som many problems. And he has not changed the DEFCON-2 for August yet.
When he does give the go-ahead it will be for both July AND August. He will publish the instructions in the ComputerWorld article.
So we are still on hold for both months now. WAIT. We’ll get there eventually.
As PKCano explained, you didn’t miss it – the MS-DEFCON level was never raised (lowered?) for July, and hasn’t yet been raised for August. See the following links for woody’s posts & discussion:
https://www.askwoody.com/2018/we-continue-at-ms-defcon-1-dont-install-any-of-the-july-patches/
https://www.askwoody.com/2018/staying-the-course-at-ms-defcon-2/
As I understand it, Group B doesn’t address .NET. So you need to decide whether you want the .NET Rollup or the Security Only patches. If you want the Rollup, just let Windows Update do the install for you – it “knows” which of the slew of downloads you saw your computer needs. If you want the Security Only, then I would suggest you download ALL – actually you should find 2 equivalent sets one set being .exe and the other being .msi, either set will do – of the slew of downloads you saw for 4345679. Then install ALL of them. You may find that all will install, or you may find only some will with others giving a ‘not applicable to your computer’ message. That usually just means your system doesn’t have the version of .NET that patch is for. When you’re done, you might go back and try to install any that didn’t install initially, just to be sure.
Any way, that’s what I used to do and it served me well.
PS – If you know exactly which versions of .NET you have, you can eliminate many of the slew of downloads you saw and only download/install the relevant ones. I used the brute force method because I think it’s a pain to find out which versions I have and I never remembered to write them down when I found out! There are ways to find out what versions you have but I don’t know them off the top of my head.
Good luck!
If you follow Steps B3 through B6 above you will find .Net updates will show up checked within Windows Update, if any are available. There isn’t telemetry associated with the cumulative .Net updates, if that is your reason for following Group B updating. So you can install any checked .Net updates… but don’t install any unchecked updates. Remember to uncheck the Monthly Quality and Security update before installing any other checked updates.
Non-techy Win 10 Pro and Linux Mint experimenter
Net Detector on my desktop – fast and accurate.
My MS Catalog search for 4345590 shows 3 lines. For each, the applicability is in the columns Title and Products. Select your edition; and note the bits: 32 (may be unlabeled), and 64.
If you un-hide July .Net update and run Windows Update again, do you get anything different?
Non-techy Win 10 Pro and Linux Mint experimenter
Interestingly I haven’t done the August updates, and just checked Windows Update to see what is offered… and I don’t have any .Net updates offered that are checked.
Non-techy Win 10 Pro and Linux Mint experimenter
RE: #216165: .NET Framework Issues
DrBonzo:
I checked like you suggested, and the only recent .NET Framework patches installed were from June ’18, so what I wanted was not inadvertently installed. Thank you for the suggestion, however, as well as your other comments.
PaulK:
Yes, I realize this is what you get. I clicked on the appropriate one and was then offered 5 files to download (some ending in .exe and some in .msu plus another). My original question was in regard to whether or not I should download & install all 5 files offered or just specific ones. Thank you for taking the time to provide a screenshot. See below for the resolution.
Elly:
I did as you suggested (looked at hidden updates), and it turned out that the .NET Framework patch I had previously hid was KB 4345590, which is what I was looking for. Apparently, when I accessed the July Windows updates and hid some, it was actually in mid-August not July. Thus, I had hidden the August .NET Framework patch thinking it was the July patch. I subsequently downloaded & installed it.
Thank you to everyone who replied and offered suggestions. A special thanks to Elly since his suggestion led to resolution of the issue.
Over and out. Be Calm and Carry On the good work on askwoody.com.
WS7 SP1 Home x64 Group B September 08 Beta Test
Configuration: Simple home consumer with no network, no peripherals, no office, no Vmware
Malware check: Eight scan tools run, including MSRT, and quarterly anti-rootkit, all clean
System File Integrity: SFC-CBS log produced and quarterly SURT log, both clean
Backup: New full image of system drive created
Updates:
KB4457145 OS Security Only
KB4457426 IE Cumulative
KB4457918 .Net Rollup
KB4463376 IE Cumulative (fix)
After each update that offered “restart now”, first started Task Manager and waited for Trusted
Installer to complete. This took about 5-10 minutes. Then restart was selected.
After each restart, Event Viewer was checked. Only warning showed after .Net update, IIS metabase
updates were aborted … IIS isn’t installed nor is it wanted.
Tested applications, known to require .net 4.5 and 4.6, all okay. Normal operations appear A-Ok.
? says:
just installed KB4463376-IE, and KB4457145-Sept. SO from here and KB890830, and KB4457044-.Net 3.5.1 (the part of the KB4457198-.Net rollup the machine wanted) using win update on win7-32bit and it came back up for air! I must have installed KB3177467 and then removed it because of problem(s) it had two years ago? the file remnants are probably in the SxS basement? or not.
Anyway, the “b” style worked for September 2018 patches.
I follow Windows 7 (x64) Group B. I’m up to date on the security only and IE11 updates but I’m not up to date on the security only updates for .NET Framework 4.7.1
I’ve searched the site and been onto the master patch list page but I’m not sure which ones to install. I would be extremely grateful if someone could tell me which security only .NET Framework 4.7.1 to install. Microsoft downloads the rollups and previews but I hide those.
On this MS page you will find the KB number for the different versions of .NET SO for Sept, 2018. When you go to the Catalog, search for KB4457914 (this is the bundle for all the .NET SO updates). Then click on “download,” choose the link that applies to the .NET version.
You can find the MS page by searching for the bundle KB number, clicking on the name of the update (instead of “download”), and in the box that pops up, choosing “More information.”
If your computer is 64-bit, you should make sure that x64 is in the description. Some of the 32-bit do not have any x86, they are just plain.
If you are installing security only (there have not always been one each month), I would install all that you have in date order. It is probably not necessary to reboot between.
Security-only updates don’t come through Windows Update.
Look at the description of the Sept SO .NET. Use parts of it to search the Catalog (use a + between search terms). something like “2018 + security only update for .NET Framework” – should give you all for this year.
To be honest with you, Group B is about telemetry. .NET Rollups should be safe in that respect. In fact, Group B instructions recommend the .NET Rollups. That way, you don’t have to worry about which update goes with which version – WU takes care of it for you.
Guys, is it possible to use NTLite and add all the updates manually to the ISO and still be in Group B, but without wasting hours to install all the updates by hand?
You should be able to install all the others from Windows Update. Hide the Rollup first. You can download the SO and IE11 CU from AKB2000003 (direct link to the Catalog).
The recommended safe Security-only updates are listed in AKB2000003 from Oct 2016 until the present. It will be updated to reflect the Nov updates today (Nov 13, 2018).
The recommended safe Security-only updates are listed in AKB2000003 from Oct 2016 until the present. It will be updated to reflect the Nov updates today (Nov 13, 2018).
so all updates in that list are safe and cause no issues? The reason why I’m asking is because the August 2017 security-only update KB 4034679 is also still listed there and that one caused issues
You can also check Susan Bradley’s Master Patch List.
You can also check Susan Bradley’s Master Patch List.
her list starts at February this year so nothing from Sepember 2017 until January 2018
@Skunk1966
For further info regarding resolving the issue with kb4034679, see a post by @MrBrian #131353
I know, Group B is about Win SO updating, but still believe, this is right place for topic here.
I am GroupB + .NET (secu and quality) and every month I do prepare such a collection of files and scripts, to be able install Windows in exact state of that month, in 3 ways (Group A, GroupB + NET 461 and GroupB + NET 452).
Since, October was really poor month, later then usual, right now, Im closing (making) my “Win 7 – 10-2018” set and found something. Those “.NET secu and quality” … seems not to be so cumulative.
In details, .NET 2018-09 (KB4457918) include these:
– 4457044 – NET 3.5.1 patch
– 4457038 – NET 4.5.2 patch
– 4457035 – NET 4.6+ patch
– 4019990 (D3 compiler for 4.7NET patch)
In October, new secu and qua .NET “cumulative” (KB4459922) includes:
– 4457008 – NET 351 patch (I presume replacing 4457044)
– 4457019 – NET 452 (replacing 4457038)
– 4457016 – NET 4.6+ (replacing 4457035)
After clean install of my “Win7 GroupB + NET in 2018-10 state”, next WU scan ask to install KB4457918 (2018-09 .NET). wow, strange. I hit it and analyze WinUpdate.log, which shows me, KB4457044 (.NET 3.5.1 of 2018-09) has been installed.
This shows me, those .NET patches are not so cumulative, as I presume (4.5 and 4.6 actually ARE cumulative, but .NET 3.5.1 not and I have to install 351 patch 2018-09 AND 2018-10)
Any ideas why?
Whats more confusing to me is the name, listed in MS Catalogue. In my language (Czech) its written (writing exact translation to EN)> 2018-XY cumulative update for security and quality. But WinServer2008R2 version (not translated in Czech version of MSCatalogue) in original> Security and Quality Rollup for …..
Now, I am thinking, whats exact meaning of “Rollup” and “cumulative”. Is this MS bug or bad translation? Should it be cumulative, month after month those .NET updates? For anybody, not installing separate from scratch Win7 in 2 separate version (September and October) is this ….. simply invissible.
Ideas?
“Rollup” means a bundle. many patches together.
The .NET Rollup contains individual patches for multiple versions of .NET. But the Rollup does not necessarily contain updates for ALL versions of .NET – in any given month, some versions of .NET may not have an update. If there have been no changes to one of the versions, there may not be a patch for it. But Windows Update doesn’t discriminate ahead of time – everyone gets the Rollup through Windows update. It only uses the individual patches that apply to each individual machine.
“Cumulative” implies the current one contains current fixes plus all the previous fixes.
You only need KB 4345459.
KB3020369, KB3138612, KB3177467, KB3172605 – These need to be added offline immediately after installing Win7+SP1. They will speed up the search for updates through Windows Update.
Windows Update Mini Tool (WUMT) can help you download the updates. Many here use it. There are discussions about it’s use here on the site. Start by looking under the “Tools” Forum. Then use the search box. on the right side of the site.
You may find some information that will help here, and from this post to several below it. Realize these are a year old.
The latest IE11 Cumulative Update should be OK. I have not heard anything about the .NET patches causing a slowdown.
As far as the Security-only patches – I know there were slowdowns associated with the Jan-Mar patches. About the rest, well, that’s a question. You could install the patches and disable the Meltdown/Spectre protections in the Registry and see if that works. The patches can be uninstalled and the Registry setting set back to original if it doesn’t work. That’s a lot of work.
Before you try anything like that, be sure you backup your data and make a full image of your computer. Then set a restore point along the way. And don’t forget you will need the Servicing Stack update as well.
Thank you PKCano for the info. Regarding .NET updates, I just checked Windows Update and found the following:
2018-09_Security and Quality Rollup for .NET Framework (KB4457918)
9/11/2018
Security Update for Microsoft .NET Framework 3.5.1 (KB3122648)
2/9/2016
Security Update for Microsoft .NET Framework 3.5.1 (KB2972211)
9/9/2014
Security Update for Microsoft .NET Framework 3.5.1 (KB2973112)
9/9/2014
Which one(s) should I install? Also, should I install directly from WU or from the MS Catalog?
Regarding IE11, should I go ahead and install KB4466536 immediately?
I am going to give some more thought to the 2018 Security Only updates. That does sound like a lot of work to undue the updates should they slow my computer considerably.
I suggest you install the .NET through WU instead of trying to manually install the individual patches.. I think WU will install what you need.
The IE11 patches are cumulative, so you should only need the latest one. Go ahead and install it.
The Security=only patches are available here if you decide to install any of them. The links are direct downloads from the Catalog.
Install whatever is in WU for your version. Windows Update will handle whatever needs to be handled. Be careful not to get installers for later versions of .NET than what you have. I know the installer for .NET 4.7.2 sometimes shows up.
There are three separate .NET updates listed in WU for my version (3.5.1):
KB3122648, KB2972211, and KB2973112.
There is also the Security and Quality Rollup for .NET Framework (KB4457918).
Should I simply install the Security and Quality Rollup?
I just downloaded it from AKB2000003 and the download showed 36.6MB for the x64 file. Same as from the Catalog.
I also had the same experience as SueW had when I downloaded and saved the November Win 7 x6 (KB4467106) Security Only file from the “2000003” list on 12/7. At first I didn’t take note of the size of the file, and it was only after 2 attempts at trying to install it and receiving the following error & message: 0X8007000d “Data Is Invalid”, that I realized there was a problem with the file. It was at that point when I questioned the size of the file compared to previous Win 7 SO updates I’d downloaded and installed. I too went to the Microsoft Update Catalog and saw that the size of the download should be 36.6 MB rather than 8MB. I went ahead and downloaded the file from the catalog. It installed without a hitch along with the rest of the November SO updates. Later that same day, 12/7, I used the link from the “200003” list and downloaded and saved another copy of the same file, and it still only downloaded an 8MB file.
I can also confirm that after that day the file downloaded from the “200003” link downloads the correct 36.6 MB file as PKCano has so indicated.
PKCano, I have no clue as to what caused the link to download only an 8 MB file, but I can say with 100% certainty that the file had completely finished downloading to the location I intended, and the file has the same file name as the correct 36.6MB file. Not only that, as I previously stated, I was able to duplicate it by downloading it a second time about an hour later.
I still have that second copy of the 8MB file if it is of any use to you.
Looks, then, like the monkey is on MS’s back. Thanks for the confirmation.
I’ll back up both of their claims, I also downloaded an 8,192 kb file three times using the direct link from here on December 5th before finally getting the correct one on the fourth attempt. I just chocked it up as a downloading issue on my end but obviously it wasn’t.
Over the weekend I remotely installed the Group B updates on several computers using direct download links from the Catalog and on NUMEROUS occasions downloaded these same “incomplete” files mentioned above. It happened while downloading both the SO update and the IE SO update and each time the errant file downloaded was exactly 8,192 kb.
This has to be an issue with Microsoft as I downloaded these updates from computers scattered all around the US. Just figured I’d add this latest info in here so others downloading these screwed up files from M$ knows the problem absolutely is NOT on their end.
SO stands for Security-Only
? says:
thank you for the “green” light and thank you PK for helping on Christmas!
i did the out of band IE update the 19th along with the December SO, no problem(s). today i finished the updates on “B” style win7 32 bit systems. the machine with Office ’10 wanted me to download and run KB947821 the 151.6 MB “System Update Readiness Tool!” i scanned for updates after hiding this bad fish and it showed up for an encore and then slinked away on the second rescan ha, ha on you Microsoft… i skipped that ordeal (i’ve fallen in that trap b4), installed the patches and am on my merry way to happy new years!
so, KB4471328-IE and KB4471328-Dec. SO on the 19th, and:
KB4471987-.Net Dec. rollup (installed KB4470641 and KB4470640) and jacked up my fragmentation as usual.
KB890830-Dec. MSRT (sans heartbeat telemetry).
Office 2010 had 6:
KB4461577-Excel, KB4461570-Office, KB4461576-Outlook, KB4461521-Power Point, KB4427172-Office, KB4461579-Office.
ran disk cleanup\DISM and there were no updates removed this time. whew, glad that is over for a few days way to much care and feeding for windows 7, the XP downloaded and installed the December updates on the 11th in under 4, yes four minutes and the linux does not require user input to stay on the straight and narrow…
I have a (possibly dumb) question.
Topic 20000003 for Group B patchers says the following about the last patch for December:
Dec 2018 (IE11) KB 4483187 – Download 32-bit or 64-bit (Released 12/19/2018 replaces KB4470199, fixes CVE-2018-8653 Scripting Engine Memory Corruption Vulnerability)
If this patch replaces the one given just above it, why not strike out the listing above it, or better yet delete it altogether from the list? Not sure what the purpose might be of keeping it there.
Thanks in advance.
normally the IE updates are supposed to be cumulative.
however yesterday 1/13, I installed KB4480965 IE11 update on my Win7 system, rebooted and RAN Windows update again and it offered/listed the KB4483187 IE11 update. i don’t know why…
on the other hand, when the KB4483187 IE11 update is installed (and I removed/uninstalled the old KB3185319 IE11 update from my Win7 & Win8.1 computers) and ran Windows Update, it no longer offered the old IE11 updates like KB3185319. so it looks like KB4483187 completely replaces KB3185319 & older IE11 updates.
? says:
i updated win7 32 bit (Dell 4300 Dimension with Intel 2.8 MHz SL7EY, 1GB PC133 ram) today using the links on AKB2000003 with no issues. Windows update (after the standalone January SO and IE11) offered KB4481480 January .Net rollup and KB890830 January MSRT also no installation issues. i will wait a bit longer (better DEFCON position) to update the remaining 3 machines.
thank you!
? says:
Thanks for the January ’19 green lite! makes me nervous to wait around for the dust to settle while the badness never takes a day off…
updated 3 win7 32 bit pro machines (2 AMD, 1 Intel processors) and 1 with office ’10 using “B” style. the Jan SO and IE-11 stand a lone links downloaded from here with no problems.
One quirk was the .Net KB4481480 Jan roll-up that for the first time i can recall required no restart to complete the installation? see:
https://docs.microsoft.com/en-us/dotnet/framework/deployment/reducing-system-restarts
and:
https://docs.microsoft.com/en-us/windows/desktop/RstMgr/about-restart-manager
from:
https://docs.microsoft.com/en-us/dotnet/framework/index if interested.
The .Net update ngen / mscorsvw.exe took 4-6 minutes to run the servicing routine on all three machines, and wrecked my disk fragmentation, as usual. If interested Defraggler shows the (temporary) scrambling to specific files on the drive caused by .Net updates.
The Office 2010 had KB2553332, KB4161614 (unchecked), KB4461625 (Word), KB4462157, and KB4461623 (Outlook).
Thanks again for doing all the leg work to keep us from falling down the rabbit hole and saving all the precious brain cells!
p.s. PKCano, if you really do bielive “only just 1 last IE patch”, why there are so many of them in official “Group B list”
Because, by definition, they are cumulative.
The list is populated monthly and the past ones are not removed. It is ongoing.
The problem you are seeing is because there can be a difference between metadata supersedence and component supersedence. A patch can REPLACE the components of another patch and still not METADATA supercede it.
An example of this the Monthly ROLLUP and the Monthly ROLLUP PREVIEW.
The Monthly ROLLUP (issued on Patch Tues) is composed of three parts: non-security patches, security patches, and the IE11 CU. It is a SECURITY Update and is CHECKED in the Important Update list.
The Monthly ROLLUP PREVIEW (issued on the third Tues of later the same month) is composed of four parts: the three components of the Monthly ROLLUP plus the non-security updates for the following month. It REPLACES the Monthly Rollup component-wise, but because it is a NON-SECURITY update, it cannot METADATA SUPERCEDE the the Rollup. Therefore, it appears in Windows Update as an UNCHECKED Optional Update. A non-security update does not metadata supercede a security update.
You have the same situation with KB4483187. It REPLACES KB4470199, but it does not METADATA supercede it, so you will keep seeing it. But if you install it, it will not overwrite the following month’s IE11 CU components because the later CU has COMPONENT supercedence.
Windows Update works on metadata supercedence. The actual Updating Process works on component supersedence.
? says:
ok, so i patched 4 machines on 2\14 Valentines’ Day, still use IE on all Windows installs, boo who.
1 XP Pro had 8 patches KB4887085 was pulled for wrecking havoc before i ran Microsoft Update (thanks for the warning MSFN!) took 3 minutes total to patch XP.
all Win 7 Pro, 2 AMD 1 Intel
the SO’s i picked up here, thank you! then Microsoft Update offered: ( i peeked inside KB4486564 on Linux box using FF of course and did not see any stuff i did not want and it is smallish at 17.9MB.)
KB4487078- Feb. .Net S & Q (43.1MB, mscorsvw.exe took 14 minutes to run on all 3 machines)
KB4486563- you know what i did with that (Extreme Prejudice)
KB890830-Feb. MSRT (also small 2.1MB, last month was 6.0MB)
Office 2010 had 8 patches, ‘nuf said, bonus it still works!
also cleaned and shut off Shell Bags, one machine had over 2000 entries and 800+ deleted folders. and my post update cleaning system is now easier (faster)
again, many thanks for all you do Ishmael, PK and others…
@owdrtn your question about Installer Media images isn’t related to the monthly Group B updates in AKB2000003. I suggest you post your question in the AdminIT Lounge forum, perhaps in the Managing Updates in Organisations topic of that forum.
You might read Canadian Tech’s method for clean installing Windows 7 without telemetry (if telemetry is the issue for you): AskWoody #188268 and answers.Microsoft Updating Windows 7 in 2018.
I don’t have any experience with the Simplex Pack, and would have to go through its listed updates manually, to see what type of updating they are using… maybe someone will answer with more experience that can tell you. The link to pastebin just shows a very long list of included updates to have to weed through.
I’ve installed using @Canadian Tech’s method, and it went smoothly, and my Windows 7 has been very stable… and is telemetry free.
Non-techy Win 10 Pro and Linux Mint experimenter
You might find better answers by posting your question in the Windows 7 Support forum, as Knowledge Base articles are generally considered references, rather than a place to ask for help.
Non-techy Win 10 Pro and Linux Mint experimenter
The link (direct link to Catalog) gives me the correct download (with 8.1. KB4480964, and x64 in the file name). Look at the file size. I’m showing 34+ MB. Sometimes MS Catalog has a problem and the files size is considerably smaller, doesn’t work. (Also check to be sure you didn’t install the Rollup)
Well, KB4480964 is for Windows 8.1. You say you have a W7 computer, which I take to mean Windows 7. So I think it’s a good thing you’re getting the message that it (KB4480964) isn’t applicable to your computer.
Edit: If you want the January Security Only patch for Win 7 you want KB4480960.
The Win7 patches are ABOVE the Win8.1 patches.
KB4480960 IS available in its proper place.
You have to look in the Win7 patches, but the KB number you asked for was for Win8.1 which was stated in my original answer.
This is not the right place to do that. Make a topic under Win7 Patches Forum. I’ll try to put something together in my spare time (ha ha). Name it something like “How to update Win7 that has been offline since 2015” (or something like that).
There have been servicing stack updates since that was written, also…
Non-techy Win 10 Pro and Linux Mint experimenter
? says:
thank you for the not April fool’s day green light!
updated 3 win 7 pro 32 bit machines 2 AMD 1 Intel and one with Office 2010:
KB890830-March MSRT
Office:
KB4462226-Office, KB4018363-Access, KB2589339-Office, KB4461626-Office, KB4462229-Outlook…
manually installed the March SO, IE, SU and SSU and bonus being PRO machines haven’t seen hide nor hair of KB4493132 nag
Typo in ongoing list (and in https://www.askwoody.com/forums/topic/may-2019-patch-tuesday-arrives/#post-1621530):
pciclearstatecache –> pciclearstalecache.
It’s because the topic is closed to new comments that the text is different to a normal topic. However, the current site issues have changed how closed topics are displayed, making them a little harder to read currently.
A hokey little trick –
(This works on Win 7 / Firefox; I assume OK in other environments too.)
Click anywhere in the article (sets focus):
Edit > Select All -OR- just Ctrl+A
This will highlight everything: white text, on a blue ‘highlighter’, on a white page background.
To cancel, just click anywhere.
This is nice when one is contending with (e.g.) white text on a white background.
Compare the Win7 x64 May IE11 files as an example.
The top one is from the MS Catalog.
The bottom one from the AKB2000003 download link.
They appear to be the same.
Yes but that’s the filename, if you look at the table (under ‘File information’) in the link to the cumulative update i posted that hash in the filename doesn’t match any of the SHA1 hashes listed. Nor does SHA256 if you check the file from a command prompt using certutil -hashfile. This happened in january as well and i skipped that update. I’m sure it’s safe but you know, it’s microsoft we’re talking about here and since they are cumulative i’d rather just skip an update. I’m group b by the way.
Im holding off on aug updates but this popped up this morning in optional update:
August 17, 2019—KB4512514 (Preview of Monthly Rollup)
any idea what this is?
also this pc is a fresh install of win 7 ultimate and totally patched till aug and a driver update just popped up too.
advanced micro devices inc driver update for amd smbus
Im hesitant about it as pc is working exceptionally well atm. Thoughts?
MS issues a Preview Rollup each month, usually a week after Patch Tuesday, that is meant for testing of the coming month’s non-security fixes by IT departments and the like. Each time, it is an UNCHECKED OPTIONAL patch and is not meant for general installation/usage.
It contains the patches in the current Rollup (non-security, security, IE11 CU) plus the coming month’s non-security fixes for testing purposes.
KB4512514 is a Preview of Monthly Rollup
? says:
Dear Microsoft,
you lost me at KB4507456 July SO (plus Telemetry) which means i’m missing patches for:
KB2813347- MS13-029 RDP 7.0 Client 4-9-2013
KB2868626- MS13-095 XML Sigs (DOS) 11-12-2013
KB3005607- MS14-071 Audio (EOP) 11-11-2014
KB3033929 SHA-2 Code Signing 3-10-2015
KB3051768- MS15-054 Management Console (DOS) 5-12-2015
KB3108670-MS15-130 Uniscribe (RCE) 12-08-2015
KB3138962-MS16-027 Windows Media (Windows Integer Underflow Vulnerability) (RCE) 3-08-2016
i’m wondering how KB3133977 (bit locker fix) will work since i checked the “NO SYSTEM RESERVED,” box when i installed Windows 7 (trust their encryption?), and KB4474419 v2 the second SHA-2 patch will figure in the mix?
and please explain why all the feverish interest in patching Windows 7 since it is laying in the trench waiting for the final dirt to be applied?
so, it looks like August “B” style patching (or any patching for that matter) will be verrrry interesting…
I’m wondering why there are no comments about any updates for Windows 7/8.1 updates since September 8 in this topic. Is there a reason for it?
The only reason you would need what is currently on the list (as of Jan 14, 2020) is if you had a problem and had to reinstall the OS.
I don’t know if MS will continue with the Rollup/SO model or it will be Rollups only. I suspect they will not be making improvements to Win7 and the patches will, for all practical purposes, be security-only in nature, even if they split OS and IE11 updates. But I’m just guessing.
If there is still any prupose to the Group A/Group B patching, we may continue to add the latter to AKB2000003, But if there is only one patch, delivered through WU, I don’t see the justification.
I’m trying to update a pretty old Windows 7 x64 machine with a large backlog of updates.
You might have luck reading thru these two posts.
PKCano’s post #2054967 What updates NOT to install.
And @TheFamilyIT Post #1907521 PK shows how to update with a lot of updates in the queue.
hth
Group B people will loudly disagree with this, but IMHO there is no point to Group B anymore. The original purpose was to eliminate telemetry, but in avoiding it in Group B means you are also avoiding important security updates as well.
I started with Group B but long ago switched to Group A. I run @abbodi86 ‘s script as a Scheduled Task at startup, and it has worked well. The instructions are in AKB2000012.
There are two threads where a poster was guided through an update of Win7. @Bluetrix mentioned one. The other is a little more recent here.
The aspect of Group B that made the most sense to me was to avoid the nonsense of what the rollups contain.
Security only updates was what made me choose that direction.
Telemetry never entered the equation as the guiding motive for me. Checking The task scheduler settings that abbodi86 mentions in 2000012 only became necessary for me because the compatability appraiser update contained in KB4516064 from Sep.2019 was an accidental install. I meant to avoid it.
This laptop that has Win 8.1 will be ridden into the sunset avoiding rollups or until another method reveals itself as more efficient. My next machine might have Win 10 on it but it will be dual boot to Linux & Win 10 may never get updated. Time will tell for sure on that ‘cus I’m in no hurry.
Meanwhile, AskWoody continues to broaden my horizons as a helpful place to visit. Eight Semper Fi.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
Yes, the IE11 patches are cumulative. You only need the latest one.
The Security-only patches are best installed in chronological order. They are not cumulative. You may find a few around the beginning have been removed (are not available) in the Catalog.
You do not need to reboot between each one, but I wouldn’t install more than about 6 at a time, then reboot. I have tried to note on each one if there was a particular problem/fix or if there was telemetry involved.
The links are direct downloads from the MS Catalog, so whatever is there is what you will get.
Good idea on the group by year. Hopefully it lets me do that.
The SSU’s too, for sure. Been watching them trickle in. Thanks for the list, I was just gonna do what showed, now I can be more thorough.
Did the IE cummulative almost immediately.
Nice to have a plan, much appreciated.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
I don’t know of any quick ways to update 8.1. I let it do its own thing until ready.
cheers, Paul
SO patches are manual download/install. They are not available through Windows Update.
Wow, finally managed to finish this adventure. Am posting results in case anyone else might run into it in the future.
These would not install:
3021910 – no prerequisite, although it mentions it replaces 3012199. Attempted install of 3012199 said not applicable. Prerequisite is 2919355 (installed previously), which replaces 2989647 (installed previously).
4504418 – replaces 3173424, installed 102620
4512938 – replaces 4517298, installed 102820
4521864 – replaces above (4512938)
4524445 – replaces above 4521864
4540725 – replaces above 4524445
4562253 – replaces above 4540725
If I have the chain correct, it would appear I’m good to go on these pesky SSU’s, whew.
Have a good one my fellow Woody pals.
P.S. PK, regarding your attached list, here is a correction.
https://support.microsoft.com/en-us/help/4047206/cumulative-security-update-for-internet-explorer
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
I’m afraid that when I clicked on the “Keep” button, I may have done something that would make my computer insecure
If you try to download the same/other updates do you still get that message?
Can you post more details of the message?
cheers, Paul
Please save screenshots as PNG and attach direct – snipping tool saves as PNG by default. Saves us having to download Word files.
cheers, Paul
The message is from your browser and is not an indication of anything other than MS using http instead of https. See example below. Your browser is providing FUD in the name of marketing security.
cheers, Paul
http://download.windowsupdate.com/d/msdownload/update/software/secu/2020/10/windows6.1-kb4578952-x64_30ac0df8554c2647017f3b36cc02e833a3187364.msu
You can get a browser add-on for Firefox, Chrome and Opera from The Electronic Frontier Foundation
https://www.eff.org/https-everywhere
That stops you from accidentally going to an insecure (http) site. You can override it if you want to.
EFF also offers Privacy Badger.
Cheers, HF
Take a look at https://forum.palemoon.org/viewtopic.php?f=24&t=22698
What do you recommend I do in the future?
Downloading updates from MS is fine whichever way you do it. Don’t worry too much about it.
cheers, Paul
The error refer to misconfigured or corrupted .NET 4.8 installation
http://errorco.de/win32/winerror-h/error_patch_target_not_found/1642/
try to repair it (from Programs and Features control panel)
or uninstall whole .NET 4.8 and install it again
Before you start uninstalling Security Updates, try reinstalling the latest version of your printer software. If your printer is connected to your LAN, it may help to give it a static IP address either in the printer menu (manual IP) or assign it a static IP in your Router.
There are Registry hacks that may help (mentioned on this site and others) if reinstalling the software doesn’t fix things. There have been many problems across the last three or four months caused by the updates with the Printer Nightmare mitigations.
If it’s any help, I have a WiFi connected Brother MFC-J435W, and it’s working.
Pay the $29 (or so) and use the full 0Parch. Keep your browser and AV up to date religiously. And don’t click on links in e-mail.
Running without security updates is a risk.
Just keep hiding them. Or tell Windows Update not to search for updates. You have both options in Win7.
Use W7ESUI and dotNetFx4_ESU_Installer_u to install updates. The SOs and IE11 CUs are still being added to AKB200003. See other instructions I publish monthly on Patch Tues.
Viva Win7!!
The Rollup includes IE11 CU and the .NET CU contain both Security and non-Security patches.
If you are doing the Security only Win updates, you need the IE11 CU as well b/c it’s not included in the SO patches.
Check if there is a “Read Me” included with a zipped script. If so, there are additional instructions.
For Aug. 2023 the link (and text) point to:
August 8, 2023—KB5029312 (Monthly Rollup) – 576MB
Why not:
August 8, 2023—KB5029304 (Security-only update) – 38.6MB
Is there something in the Monthly Rollup that we need?
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
