Do I need to update the Windows Update client, KB 3138612?

Topic

Short answer, no. I’ll probably change the recommendation when we back down from MS-DEFCON 2, and start slipping in the April Windows 7 security patch
[See the full post at: Do I need to update the Windows Update client, KB 3138612?]

Replies

– If I decided that I wanted an up-to-date WUC, could I just install the latest KB and then all the preceding WUC updates would disappear from my hidden list?

Microsoft periodically pulls superseded updates, generally not the immediate previous one, but leaving about 3 versions available to allow for roll-back if needed. This applies to anti-virus definitions and many other types of updates, but not all. If it happens that the original poster has hidden updates which are pulled at some stage, they will disappear from the hidden list which I consider a poor outcome as it leaves a “phantom” record” in the database. They are not getting deleted from the database, only that they are invisible. The updates which are not pulled, will not disappear from the hidden list as they have a reference in the master database at Microsoft.

– Can I install multiple WUC updates in one go without causing problems, or would they have to be done one at a time with particular attention being paid to supersedence?

This depends on the procedure.
If the updates are installed manually one by one from downloaded packages, then the versions which are superseded by a later version already installed on the machine will simply not install and a message will tell the user that the update does not apply or similar. Generally speaking Microsoft takes care of the order and unless there is a known bug or incorrect metadata which is very rare, there should be no issue.
If the updates are installed from Windows Update, again Microsoft will normally present only the later version. If the later version is hidden by the user as being undesirable, for testing or just because the user wants the previous version installed before (let’s say for knowing that there is a metadata bug in the updates and the supersedence is not quite correctly described), then the latest version before the hidden one is presented and so on.
In general there is no need for any end user to analyse the supersedence, unless that user is interested in doing own research or as I said before, if that user is interested in analysing the WU algorithm and how it all works and interested in doing testing.

Well, installing 3138612 and 3145739 restored my sanity because svchost is no longer cranking away all day, every day. So, for me, I needed to do it.

(For the answer to the question I’ve seen here: Why are you complaining of slow updating when Woody says it’s not safe to be updating anything?, I use MSE and so WU checks for updates automatically and daily so it can grab those daily virus definition updates.)

I had been hiding all the Win Update Client patches on my computers since last year, so they were all in the hidden list.

Last week during the discussion about KB3145739 and 3138612, in combination, speeding up Win Update searching, I downloaded only 3138612 (which is the latest Win Update Client patch for March for Win7) and installed it along with 3145739. All the previously dated Win Update patches that were in the hidden list disappeared.

Perhaps the Update Client patches are cumulative.

ch100,

Thank you very much for your responses to the questions that I sent to Woody.

You, Noel Carboni (+ Woody, of course) are the posters that I particularly pay attention to. I really appreciate your extensive input to this wonderful site.

@ a,
Not sure if your Q was addressed to me, the AH mentioned in the article, but in case it was (& I take no offence if it was)….I was seeking enlightenment about how WU worked in relation to catching up on multiple hidden WU Client KBs.
I am a Defcon devotee and as mentioned in my original post “…I am currently on hold, waiting for [Woody] to change the MS-Defcon status before I install diddly.”

The update client patches for Windows 7 are cumulative, or at least most of them. The new ones supersede the older updates for the WU client. This does not explain, at least in my view, why older updates have disappeared from the hidden list. I will do further testing when I will have a chance. Unfortunately all this testing takes a lot of time and I am certainly more interested in understanding Windows 10 and fixing its various ongoing issues which are many than working with the subtleties of Windows 7 at the moment.

Thank you

Thanks for the mention, Adrian.

For what it’s worth, I’ve been running my own test Win 7 and Win 8.1 systems. I’ve applied all the Windows Update updates to them and have only hidden a very few Windows 10-specific ones that are known to nag or increase telemetry.

Since I have a good deny-by-default outgoing connection firewall setup (Sphinx) that reports all attempts at communications, and I also have my own DNS server for systems on my LAN that logs all name resolutions, I can say with some certainty that the latest Windows Update hasn’t been trying any harder to call the mothership more than its predecessors so far. On those two systems I now do see quick responses when I check for updates.

But…

Also, we don’t yet know for sure whether the next large block of updates might again slow things down. I’ve found it’s not a straightforward issue to diagnose.

And we just don’t/can’t know whether there could be code that could be activated after a time (weeks/months/??). But that’s true of any and all updates. Either we continue to trust Microsoft to help you move forward or you don’t. For me it’s “trust but verify”. Testing hasn’t turned up any obvious issues so far.

As usual (and per Woody’s guidance), for systems you care about, “wait ‘n see” for a little longer may be prudent.

-Noel

You’re very welcome, Noel.

I may not always understand what you and ch100 are referring too – e.g. DNS server?! – but you guys always provide food for thought that I can then go and research for myself in order to improve my knowledge. Grazie mille!!

It depends on what WUC update(s) you had installed on your Windows 7 PCs, ch100.

Example: if I had something like KB3135445 (Feb 2016 WUC update) or KB3112343 (Dec. 2015 WUC update) installed on my Win7 machines, I don’t need to have KB3138612, just as long as I have some version of WUC 7.6.7601.x update installed and NOT using the old WUC update (7.6.7600.320) from KB2887535.

The KB3138612 patch for Win7 SP1 replaces the following updates (according to the MS Update Catalog search in IE): KB2990214, KB3050265, KB3065987, KB3075851, KB3083324, KB3083710, KB3102810, KB3112343 & KB3135445.

I use the “Windows Update Cleanup” feature from the Disk Cleanup Utility to clean out older WUC updates if I have the latest WUC patch installed.

1 user thanked author for this post.

softer

@PkCano At a second thought, I believe that what you reported is correct and in line with expected behaviour. I will explain why. When you install a superseding update, the older superseded update or updates are no longer offered by Windows Update. If you hid the superseded updates previously, they will not be visible any longer as hidden, because they do not have a reference to the Windows Update site when scanning for new updates, as they are no longer offered. The only way to make them visible again, but this is only for testing and not recommended on a production system, is to uninstall the most recent version, scan WU, hide the version just uninstalled and in this case the previous one would become visible again after the next scan.
I think I have addressed extensively this issue of using the hiding updates feature and I personally don’t think it is the best practice. In the absence of a definitive answer, this remains each user’s choice about using or not using it.

@Adrian In relation to supersedence and because a previous post used the word “cumulative” in relation to updates it should be mentioned here that there is not always a one-to-one relation between the later patch and a previous one. Most often this is not the case.
A later “Recommended” patch can and it happens more and more often to supersede Security Patches or the other way around. The patches superseding and superseded may not address exactly the same issue, but share common dll components and those components are those that make one patch superseding the other. The later patch is not necessary cumulative from this point of view, although it can be seen this way. However they do not address the same issue, but there is overlapping in scope. Because of this mixture of classification that we have seen recently and because many Optional patches are often promoted to Important, I am against hiding updates and prefer to allow Windows Update to manage the interdependencies. In this way there is less risk in breaking the Windows Update mechanism and stay with a fully supported configuration for which is much easier to find support, even if this means only searching on Google for known issues.

Thanks for taking the time to explain this. The posts on this subject have helped me immensely.

I am on day 6. Can only search and manually install updates on Win7 Home. PC working great. WUC is not. No icon in tray and it searches for updates eternally. The MS help links are invalid and the MS Update site no longer exists. Fire Nadella!