February 2018 Security Patches Are Out

Topic

New Reply

The Microsoft Software Update Services pages have finally been updated. With 34 new patches listed – first update since January 9th in spite of the pa
[See the full post at: February 2018 Security Patches Are Out]

11 users thanked author for this post.

Tiernan, zeuswoz, SueW, woody, JDeC, lanceboil, bjm, Seff, Laptop Boy, Elly, AJNorth

Reply | Quote

Replies

Group B Security-only patches have been updated on AKB2000003 as of 2/13/2018.

UPDATE: Microsoft is including the mitigations against these vulnerabilities [Meltdown and Spectre] in the February Security Only updates. These updates also include the updates for AMD-based devices.

 

Edit to add information on updates

11 users thanked author for this post.

SueW, ryegrass, Tiernan, Pepsiboy, woody, JDeC, lanceboil, Laptop Boy, Elly, AJNorth

Reply | Quote

Do these Group B security-only patches for February have a system slow-down risk since they include protection from Spectre/Meltdown?

Reply | Quote

anonymous wrote:

Do these Group B security-only patches for February have a system slow-down risk since they include protection from Spectre/Meltdown?

The Meltdown/Spectre mitigation causes some loss of performance – I understand it is more noticeable in later processors, but it affects all. It is present in the Jan and Feb Rollups and the Security-only patches.

IMHO, we will see this in the patches from now on – just guessing.

2 users thanked author for this post.

JDeC

Reply | Quote

PKCano,

Since the security only patches are not cumulative, is it possible to just skip the Meltdown/Specter patch and continue with later updates (the way Windows update used to work)? If so can the Meltdown/Specter patch still be installed at a later date?

Thanks

Reply | Quote

What you are calling the Meltdown/Spectre patch is not just that. There are other fixes in the Jan patch. And the Meltdown/Spectre mitigation is in the Feb SO patch as well (see my UPDATE to the comment above)

2 users thanked author for this post.

abbodi86, JDeC

Reply | Quote

OK, thanks for the information. I knew that KB4073578 contained other updates in addition to the Meltdown/Specter fix but was willing to forgo them so as not to take the performance hit incurred  from this update. I will now have to consider whether I want to join group W, or not.

Reply | Quote

Microsoft Edge: 14 vulnerabilities, 11 critical, 2 important, 1 moderate

OOOOOuuuuuuuchhh!!!

Reply | Quote

So not only does Windows 10 have more vulnerabilities than its predecessors, as usual, but each successive version of it has more than the one before. As for browsers, I thought IE was insecure enough yet Edge has 7 times as many vulnerabilities!

Methinks I’ll stick to my Windows 7 and Chrome combination a tad longer…

10 users thanked author for this post.

Charlie, lanceboil, Tiernan, FakeNinja, Pepsiboy, HonzaZKrumlova, woody, BobbyB, samak, AJNorth

Reply | Quote

Seff wrote:

As for browsers, I thought IE was insecure enough yet Edge has 7 times as many vulnerabilities!

Methinks I’ll stick to my Windows 7 and Chrome combination a tad longer…

A few weeks ago Chrome 64 fixed 53 security flaws and Firefox 58 fixed 32 security flaws (twice as many as Edge and IE11 put together).

3 users thanked author for this post.

Tiernan, Ascaris, dononline

Reply | Quote

The ways to enumerate flaws as two separate or one combined can be very involved. Comparing a total number across product names also does not discriminate between internal bugs or patching vulnerabilities to external exploits in common. Now that I’ve made an overly general comment, I wonder:

Does ‘a few weeks ago’ translate to ‘a few weeks ahead of Microsoft’? As in that much more responsive action by a paid in-house development and testing team. In that case, I see the high number as descriptive of a robust response.

I do not use Chrome or Firefox. But that is because of very old privacy concerns coupled with design and style decisions that I do not like. I certainly do not consider them inferior products of faulty practices.

1 user thanked author for this post.

Tiernan

Reply | Quote

What’s more, most of those “53” Chrome vulnerabilities are rated Low to Moderate severity. Only a few are High/Critical.

Reply | Quote

I think it’s difficult to compare different companies’ “flaw and fix count” because the basis on which they count separate or combined flaws/fixes can vary so much. That’s why I prefer to look at one company’s figures across their range of products as that is hopefully based on a common approach.

There is, however, no such thing as a fully secure product and they will all need fixes all the time. My main point, of course, is that Windows 10 has been marketed as being more secure than its predecessors when at best there is absolutely no evidence of that being the case, and at worst there are grounds for arguing to the contrary – not least when you add privacy and telemetry into the calculations.

4 users thanked author for this post.

Cascadian, Cybertooth, T, woody

Reply | Quote

Did you notice Ghacks mentions several security update’s for Windows XP.   That means there’s  still hope for us Window’s 7 users.

Reply | Quote

XP Embeded & POS Ready get monthly updates until 2019

1 user thanked author for this post.

Geo

Reply | Quote

Also, Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

https://helpx.adobe.com/security/products/acrobat/apsb18-02.html

 

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

4 users thanked author for this post.

Geo, Tiernan, AJNorth, PKCano

Reply | Quote

Woody,

When you re-enabled nested comments, you somehow left out your own post and thank-you link. So I thank you here.

Can I still get the January updates? Do they come with the same back up first warning?

Thanks again.

Reply | Quote

I believe you are in Group A. You can still get Jan patches, but there are things you should check first.
Your anti-virus program has to set an ALLOW RegKey in the Registry before you can receive updates from WU. Here’s how to check if the key is set.

If you have an Intel processor in your computer, You can HIDE the Feb Rollup, search for updates, and the Jan Rollup will appear. If you have an AMD processor, wait until Woody gives the go-ahead for Feb updates and install the Feb Rollup (it’s a short month, so it shouldn’t be too long)

The rest to the updates with a Jan release date (MSRT, Office, .NET Rollup) should be OK to install.

4 users thanked author for this post.

jelson, SueW, woody, Morty

Reply | Quote

Right. I was dragged over to Group A, kicking and screaming. But there I am.

I took a look at the link to checking in whether my key is set. The first words are:

If you are comfortable looking searching your Registry, you can check it yourself:

I’m about as comfortable doing that as I am doing my own root canal.

Having said that, I’m using Microsoft Security Essentials anti-virus. Don’t you think it would allow it its own family members?

My system information says, “Processor    Intel(R) Core(TM)2 CPU.” So that should work for hiding the February Rollup, right?

Frankly, as I’ve been advised, I’m getting a new box soon, but I still need to keep this one running in the meantime.

Thanks again,

Morty

 

Reply | Quote

MSE updated the magic registry key very promptly – I believe the same day we learned we needed it. Certainly, mine is set, and I have done absolutely nothing but update MSE. If you’re offered the January rollup via WU, I believe that means the RegKey has been set.

1 user thanked author for this post.

Morty

Reply | Quote

So I figured. Thanks.

Reply | Quote

Eh, Methuselah….

When you’re looking for a new machine, make sure you consider getting a Chromebook.

They’re considerably easier to keep fed and watered. If you have Windows apps that you absolutely must use, then you’re stuck with Windows. But if you can do all of your work in the Chrome browser, Windows is overkill.

1 user thanked author for this post.

Morty

Reply | Quote

Woody,

Coming from you, that’s almost enough for me to make like Ned Ludd and start smashing PCs. (OK, it’s folklore, but I’m an old folkie.)

But reality dictates that I have to work with a team that locked into Word and other evil Office orcs from the Wizard of Redmond.

Sigh….

Reply | Quote

I’m considering writing The #2 Pencil for Dummies.

3 users thanked author for this post.

Charlie, AJNorth, woody

Reply | Quote

Macs are nice too. No crashing on updates. And you can use most of the same programs you use in Windows. Check out the MacOS for Windows Wonks Forum. I put a bunch of “compares” in there.

5 users thanked author for this post.

AJNorth, JDeC, Bill C., woody, Morty

Reply | Quote

Thanks, but I have an old iMac I never made friends with. From the chiclet keyboard to the hockey-puck mouse, I’ve never hated a computer like I hated that one.

For better or for worse, I’m locked into Windows.

Morty, Unrecovered Windows Dummy

Reply | Quote

@PKCano:  I haven’t seen anything about the Windows Defender (which was noted a while back), having the (pending?) capability to remove programs that MS does not want on our computers.    Just wondering, as I still have a WD update which hasn’t been installed for a while, however I’m leery of hiding it, if this is something which MS can install with a WD update.   Thank you for any enlightenment you may be able to provide on this issue.

Also thank you for all of the other information you so freely impart to all of us!   

Reply | Quote

It doesn’t apply to Win7, only applies to Win10.

1 user thanked author for this post.

walker

Reply | Quote

Office 2016/2013/2010 only have 3 security patch for each, the article lists all February patches

2 users thanked author for this post.

woody, PKCano

Reply | Quote

Well, well, .NET Secu/Qua KB4076492, tried to download in MS Catalogue.

Didnt saw it before, what is (purpose of) this:

msipatchregfix-x86_94a84b80b8b45a1ac53a0e5d085513da0f099655.exe

Reply | Quote

Clears traces and mess for
https://support.microsoft.com/help/4055002

3 users thanked author for this post.

AJNorth, PKCano, woody

Reply | Quote

Hi there,

May I know where can I get KB 4054981 setup file besides the Windows Update? It is the update for Microsoft .Net Framework 4.7.1 in Server 2008 R2 and was then been uninstalled. I try to google around but could find any source. Any advice?

Warm regards

Ali

Reply | Quote

The Rollup patch for .NET has a KB number, but it is composed of patches for multiple versions of .NET. Each version has it’s own KB number but you can’t find it by searching the MS Catalog directly.

To find KB 4054981:
First go to the MS Software Distribution site and find the KB number of the .NET Rollup. In this case either KB 4076492 or KB 4076494.

Next, go to the MS Catalog and type in the number (without the “KB”) – in this case 4076492. Instead of clickong “Download,” click on the title of the update. In the box that pops up, click on “More information.”

That will take you to the MS Information page that shows the number for each individual version. Make a note of the patch you need.

Now, go back to the Catalog, click on the “Download” button, and download the one you need from the list available.

Reply | Quote

Hi,

Thanks a lot for the reply.

Correct me if I’m wrong, does it mean that the KB4076429 has to be installed to server first in order to get the patch update for KB4054981? There’s no other option to download the KB4054981 from MS Catalog, right? I did try to search “4054981” in Catalog but no result.

Reply | Quote

You can NOT search for the individual patch in the Catalog. It will not show up. You have to search for the Rollup.

Once you find the Rollup, read the MS page to determine which individual patch you need. When you go back to the Catalog and click “Download’ on the Rollup, a box will pop up with a list of the individual patches. There may be four or five. You only need to download the one you need – not all of them.

Reply | Quote

@PKCano:  I realize this is an “older” subject, however it does address a problem I have with an “Important” update from JANUARY.   It is:  KB4033342.  It is listed as important, and checked.  Dated January 9th and checked.  Is it “safe” to install this one?  I haven’t been able to locate any information at all on it.

Thank you for any guidance you have have on this one, and all of the help you so readily provide.  

Reply | Quote

It might be easier to download the update from the appropriate “Catalog” link at https://blogs.msdn.microsoft.com/dotnet/2018/02/13/net-framework-february-2018-security-and-quality-rollup/.

Reply | Quote

KB4076492 is the Rollup for .NET on Win7. It contains separate patches for each of the versions of .NET. If you are going to use the Rollup, it is better you install it from Windows Update on the computer because Windows Update will install whatever you need from the Rollup.

The documentation for KB4076492 is here. Please notice that the file you mention is the 32-bit version (see x86 in the file name). You must match the bits of your computer. 64-bit will have “x64” in the name.

The documentation for the update does not mention that file.

 

3 users thanked author for this post.

AJNorth, Geo, woody

Reply | Quote

Microsoft .NET Framework Registration Correction Tool

Reply | Quote

Quick update on personal experience tonight, took the plunge and

1) Win 10 64 bit  1709,   windows update got all the updates and installed them properly (slow as usual of course) and nothing seems broken

2) Win 7 32 bit. Windows update only offered me MRT and nothing else even though the AV is ok, the registry key is set, etc etc. Went to ghacks and got the KB numbers and downloaded 2 updates, installed fine. Only issue I noticed so far is that IE will not launch in Sandboxie, but launches fine if you start it outside of Sandboxie. Not a bit deal since I don’t use it much. Also the latest updates still do not protect against Meltdown vulnerability (tested with Mr. Gibson”s tool). This is going to be a big issue going forward if this remains unfixed when real world exploits show up. I would not feel comfortable doing anything then with sensitive personal information on  my computer.

3) My daughter’s Pixelbook showed up today and we’ve been playing with it tonight. Amazing how fast it boots up. It needed an OS update………..downloading and installation took about 10 minutes………WOW! Printing over wireless was fussy but we installed an HP app from the Play store and printing is fine now. Nice crisp display. Nice keyboard and touchpad.  Very nice machine so far.

1 user thanked author for this post.

woody

Reply | Quote

Try uninstalling and reinstalling the latest (maybe beta) version of Sandboxie. Reports say it’s worked for others

1 user thanked author for this post.

AJNorth

Reply | Quote

I got the ominous “KB2952664” update yet again. Win 7 x64 Sp1.

Reply | Quote

Wow, me too. It’s listed as important and ticked. Will these clowns never learn? I have the ‘give me recommended…’ option unticked so this is quite a brazen move from them. Anyone else getting it? I would’ve thought this merits its own blog post.

1 user thanked author for this post.

MrBrian

Reply | Quote

Agreed. 2664 appeared here too. 
Win 7 64 bit SP1

Reply | Quote

Same here with KB2952664. Win7 x64 SP1, group B.

Interestingly enough, I chose not to install it and yet, after installing the “Security only rollup”, on reboot I was greeted with an UAC prompt asking to allow installation of some Microsoft-signed telemetry reporting application.

Declined to allow this and it did not come back on the next reboot. KB2952664 does not show in the list of installed updates.

So I’m sort of puzzled at the moment what, if anything, they may have sneaked into the rollup?

1 user thanked author for this post.

woody

Reply | Quote

As a test, I installed KB4074587 on a Windows 7 x64 virtual machine. Upon reboot, I did not see a UAC prompt or anything else unusual.

2 users thanked author for this post.

AJNorth, woody

Reply | Quote

anonymous wrote:

Declined to allow this and it did not come back on the next reboot. KB2952664 does not show in the list of installed updates.

Try installing KB2952664 on the test machine. Maybe it was that that caused the UAC request. Maybe MS is being held accountable (Har! Ha Ha!?

1 user thanked author for this post.

AJNorth

Reply | Quote

“Try installing KB2952664 on the test machine. Maybe it was that that caused the UAC request.”

I did test that also separately. I didn’t see anything unusual.

It’s worth noting for Group B users that a previous version of KB2952664 that I tested last year can send data to Microsoft regardless of whether your computer has the Diagnostics Tracking Service. The behavior of previous versions of KB2952664 differed depending on the Windows Customer Experience Improvement Program setting. Reference: Care to join a Win7 snooping test?

1 user thanked author for this post.

JDeC

Reply | Quote

I don’t have a test machine available; this is my work computer so I’m not in a position to experiment (by “experimenting” I mean also “upgrading” to Windows 10!).

I simply hid that particular patch, so we’ll see if it comes back.

I did have to allow Sandboxie service (sbie.svc & sc.exe) on the next boot though. Not sure why it took a reboot or what exactly did the rollup change to cause this.

Oh the fun, obscure world of Microsoft “rollups”…it makes me miss Windows XP!

Reply | Quote

If you use Outlook, you may want to read the descriptions of two Outlook vulnerabilities given at The February 2018 Security Update Review.

4 users thanked author for this post.

Bill C., SueW, woody, b

Reply | Quote

It seems there is no Feb 2018 security-only update for any of the .NET versions ?

And all of the supposed Feb 2018’s (2018-02) Quality-Security .NET rollups for Win 7 – if you follow the respective links to their ultimate end – point to files that were released back in Jan 2018. What red herrings … So there are no Feb 2018 .NET Quality-Security rollups either for Win 7?

Details as follows …
Choose-Your-Own-Red Herring 1:

Microsoft’s Software Update Services page indicates:  2018-02 Quality Rollup for .NET Framework 3.5.1 on Win 7/ Server 2008 R2 (KB 4076492)

… which leads to this KB 4076492 all .NET versions summary page (last updated: 07 Feb 2018) — which indicates: Security & Quality Rollup for .NET 3.5.1 for Win 7 SP1/ Server 2008 R2 SP1 (KB 4054998)

… which in turn leads to this KB 4054998 page — which does not provide any manual download option for KB 4054998. Neither is there a KB 4054998 page in MS Update Catalog.

However, there is a KB 4054998 file (24.74 MB msu, 03 Jan 2018) for Win 7 x64, when you go to  MS Update Catalog’s page for KB 4076492 & click any Download button there. But this file is Jan 2018’s Quality-Security rollup for .NET 3.5.1 on Win 7 x64.

Choose-Your-Own-Red Herring 2:

Back to the aforementioned KB 4076492 all .NET versions summary page — which indicates: Security & Quality Rollup for .NET 4.6.x & 4.7.x on Win 7 SP1/ Server 2008 R2 SP1 (KB 4054981)

… which leads to this KB 4054981 page — which states that for Win 7 SP1/ Server 2008 R2 SP1, look for update KB 4076492 at the MS Update Catalog. But none of the files in the Download links are for KB 4076492.

… although one of the files available on the said Catalog page is KB 4054981 (40.62 MB exe, 18 Jan 2018) — which is actually the “fixed” Jan 2018 rollup for .NET 4.6.x & 4.7.x  to replace the buggy rollup originally released in early Jan 2018. (Ref: KB 4054981 article, last updated: 14 Feb 2018.)

Lesson learnt from the above roundabout adventures:
Some of Feb 2018’s Patch Tuesday offerings are in fact Jan 2018’s Patch Tues/Wed/Thur/Fri leftovers.

Reply | Quote

There are no new .NET Framework Feb. 2018 security fixes.

4 users thanked author for this post.

Cascadian, AJNorth, walker, woody

Reply | Quote

For some reason KB 4074736 failed to be installed twice. My antivirus should be compatible with the updates.

EDIT html to text

Reply | Quote

It was a cumulative security-only update for IE 11

Reply | Quote

It’s me again. I had installed successfully security-only update for Windows before attempting to install the security update for IE; however after 5 tries KB 4074736 still gets error 80070057. Windows Update Troubleshooter was no help either. 

EDIT html to text (please save text copied into Word as .txt, before pasting it here – it saves us having to edit your reply)

Reply | Quote

I wonder if the KB update itself has a problem, because WU troubleshooter found nothing wrong on my laptop.

Reply | Quote

No problems installing KB4074736 on two WIN 7 Pro x64 Intel boxes (neither with KB4074587 installed, as of yet).

Sometimes a running Service prevents an installation / uninstallation from completing successfully. A trick that just may work is to try installing KB4074736 in Safe Mode. However, the Windows Installer does not start in Safe Mode without a Registry edit, which many are understandably reticent to attempt.

Fortunately, there is a tiny utility that performs the edit (either in normal boot or Safe Mode), SafeMSI; see https://www.raymond.cc/blog/uninstall-programs-packaged-with-windows-installer-in-safe-mode/ for a discussion and download link (though the article’s title refers to uninstalling programs, it also applies to their installation).

Please post back to let me know whether this helped. Good luck.

Reply | Quote

Will it work on manual download from MS Catalog website too?

Reply | Quote

Yes.

This procedure should work with any installer / uninstaller that utilizes the Windows MSI.  (MSI is an installer package file format used by Windows; its name comes from the program’s original title, Microsoft Installer, which has since changed to Windows Installer. MSI files are used for installation, storage, and removal of programs. The files are contained in a package, which is used with the program’s client-side installer service, an .EXE file, to open and install the program.)

Reply | Quote

Downloaded the utility but still cannot install in safe mode. -_-

Reply | Quote

Hi, There is now reported BSODs issue with Sandboxie and KB4074592 Cumulative Update for Windows 10 Version 1703 to build 15063.909 : https://forums.sandboxie.com/phpBB3/viewtopic.php?f=2&t=25448.

2 users thanked author for this post.

woody, MrBrian

Reply | Quote

Hi,
FYI, BSODs issue with Sandboxie and KB4074592 Cumulative Update for Windows 10 Version 1703 to build 15063.909 – Fixed in beta 5.23.6 : KB4074592 + Win 10×86 1703 +Web browsers = BSOD [Fixed in beta 5.23.6]

1 user thanked author for this post.

MrBrian

Reply | Quote

I give up. -_- I tried nearly everything I can manage to install KB4074736 but to no avail. I’m starting to wonder if the KB itself is having problems.

Reply | Quote

Please see my earlier post above on performing installations in Safe Mode

However, modify the procedure slightly by instead of performing a restart into Safe Mode, completely shut-down the computer, remove the power sources(s), depress the power button and hold it for ten seconds and release it; then restore the power source(s), boot into Safe Mode and attempt installing KB4074736 utilizing Safe MSI.

If still not successful, then one other possibility to try would be to uninstall KB4074587 and restart Windows and wait a few minutes; then follow the procedure directly above.

If KB4074736 does install, then reinstall KB4074587 and you should be good-to-go.  Hope this proves useful; good luck.

Reply | Quote

Hello. I had attempted the uninstall KB but no difference was shown.

Reply | Quote

I will attempt the boot when I return home for the evening. If safe mode still doesn’t work then I don’t know.

I wonder if I really do need tge security update for IE since I barely use that browser. -_-

Reply | Quote

Hmm; sorry to hear that neither installing KB4074736 in Safe Mode nor uninstalling KB4074587 made a difference.

So, next I would use System Restore to return the machine to the state it was in just before KB4074587 was installed.

If that does not permit installing KB4074736 (either in normal boot of Safe Mode), then I would back-up all my files & folders (which one ought to be doing on a regular basis…) and engage the System File Checker to check the integrity of system files, and repair any that may be corrupted (if any corrupted files should remain that were not able to be repaired, then proceed to employing the WIN 7 “System Update Readiness Tool”); here are complete instructions (including a download link for the tool): https://www.howtogeek.com/222532/how-to-repair-corrupted-windows-system-files-with-the-sfc-and-dism-commands/ .

Finally, short of a full (clean) reinstallation of Windows, I would perform a non-destructive reinstall (NOTE: either of these two drastic actions will require reinstalling all updates since Service Pack 1): https://www.winhelp.us/non-destructive-reinstall-of-windows-7.html .

Again, good luck.

Reply | Quote

Me again. Thanks for the suggestion. I will attempt the system restore and report back. If nothing works then my only hope is next month’s patch will yield better results while keeping my system safe.

Reply | Quote

I suppose you could try installing the monthly security rollup which includes the IE 11 update within it (subject to confirmation from those more experienced than me with installing a monthly rollup on top of a security-only rollup, they might suggest uninstalling the latter first), or you could simply wait either as you say until next month or else just a few days and try again as MS may have fixed it by then if your problem is more generally encountered.

This is on the basis that timing is not critical, after all the recommendation here is that no updates are installed yet. Personally, I wouldn’t touch this (or any other) update for a while, give this month’s updating process a chance to settle down. Microsoft generally sort out any necessary hotfixes for problematic updates, so keep an eye on Woody and the team’s recommendations and try again when the MS-DefCon rating is raised to 3 or higher.

Reply | Quote

abbodi86 wrote:

Clears traces and mess for https://support.microsoft.com/help/4055002

According KB 4055002, it has been replaced by …

On January 18, 2018, update 4074880 was released to replace update 4055002 for .NET Framework 4.6, … Update 4074880 no longer contains the issue

well, then, its useless except for those, updating from pre 18-Jan-2018 4.6/4.7 NET.

PKCano wrote:

It contains separate patches for each of the versions of .NET. If you are going to … you mention is the 32-bit version …

I know, I know, I am not newbie, but tried to figure, which version of NET is related. And the result (thx abbodi86): 4.6-4.7. But, AFAIK there is no official mention about that file now.

Reply | Quote

anonymous wrote:

Same here with KB2952664. Win7 x64 SP1, group B.

Interestingly enough, I chose not to install it and yet, after installing the “Security only rollup”, on reboot I was greeted with an UAC prompt asking to allow installation of some Microsoft-signed telemetry reporting application.

Declined to allow this and it did not come back on the next reboot. KB2952664 does not show in the list of installed updates.

So I’m sort of puzzled at the moment what, if anything, they may have sneaked into the rollup?

This is very, very interesting. I will definitely be on the lookout at patch time.

Just to clarify, was it the February Security ONLY (Group B, NOT a rollup), or the February Security Monthly Quality Rollup (Group A, rollup, not security ONLY)?

I have expected MS would put it in the rollup, but hoped not the security ONLY.

Reply | Quote

It was the “security only update” from this MS link:

https://support.microsoft.com/en-us/help/4074587/windows-7-update-kb4074587

1 user thanked author for this post.

Bill C.

Reply | Quote

I don’t know what to do… I haven’t received any security updates since January. (I installed them manually, just to be safe). The MRT and Adobe are being offered, but nothing else.

The registry key is set and I now unistalled my AV, so Defender is working. But still nothing. And this is happening on both my computers with Windows 1709 and Intel CPU’s. My system with Win7 has no problem receiving updates though. Please help!!

Reply | Quote

From .NET Framework February 2018 Security and Quality Rollup: “The February 2018 Rollup does not contain new security fixes. As a result, it is an optional update.”

4 users thanked author for this post.

JDeC, Cascadian, walker, woody

Reply | Quote

From https://www.askwoody.com/forums/topic/skipping-the-meltdown-patches/#post-167137: “[…]Microsoft is including the mitigations against these vulnerabilities [Meltdown and Spectre] in the February Security Only updates. These updates also include the updates for AMD-based devices.”

From https://www.askwoody.com/forums/topic/meltdown-and-spectre-from-a-windows-users-point-of-view/#post-167134: “Microsoft has released security updates to provide additional protections [for Meltdown and Spectre] for the 32-bit (x86) versions of Windows 10 as follows:”

Reply | Quote

Just a whole lot of patching going on.

Reply | Quote

Hi,

I have a new PC with 10 PRO – 1709.  The delays in the advanced update are set.  When I run wushowhide I do not see the February updates.  I checked the registry and see the “AV” entry from last month.

Am I doing some thing wrong?

 

Reply | Quote

It’s all good. While some such-know-it-all experts will tell you the sky is falling if security updates are not installed immediately, just wait until Microsoft ships them to your machine via Windows Updates. At this time, Microsoft ships security updates to selected devices only until Microsoft is confident those updates won’t break devices due to issues with some antivirus software. So, keep your settings as is and let the wiseacres test all patches until Microsoft feels it’s time to ship them to all devices..

Reply | Quote

Actually it appears to get wushowhide to see updates, the settings in “Advanced Update” must be set to “zero” days.

Reply | Quote

Apparently the reason for switching KB2952664/KB2976978 to Important state is to help in anaylyzing spectre/meltdown protection compatibilty
https://blogs.windows.com/business/2018/02/13/windows-analytics-now-helps-assess-meltdown-and-spectre-protections/

7 users thanked author for this post.

SueW, AJNorth, Bill C., woody, geekdom, T, MrBrian

Reply | Quote

Interesting. Thanks for find that but, fool me once Microsoft… I’m never installing that demon-haunted update again and they’re clearly too stupid to rename it to something else and purge the scandalous association that update has. Microsoft: arrogant, untrustworthy, lying stains on this industry. Can you tell I’m not a fan of Microsoft today?

1 user thanked author for this post.

SueW

Reply | Quote

Windows 8.1 – once again the safest version of Windows :).

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

4 users thanked author for this post.

AJNorth, Microfix, BobbyB, Noel Carboni

Reply | Quote

That took me by surprise. I’ve seen some other folks use the number of vulnerabilities patch as an argument against a version of Windows. I’ll see most people saying Windows 7 is better because it has less vulnerabilities, but not this month. Windows 8.1 comes out on top with only 12 (not counting the server versions).

Reply | Quote

If you look month by month, 8.1 is almost always the one that has least holes to patch.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

Windows 8.1 – once tweaked to be very Windows 7-like, is arguably one of the best versions of Windows ever released. Stable, controllable, and with years of extended support left.

-Noel

1 user thanked author for this post.

AJNorth

Reply | Quote

.net question: I’ve had KB4033342 .net framework 4.71 update for win7 unchecked on my update list for at least 3 weeks. I’ve installed all the Jan. updates with no issues.

Now, I have KB4076492 .net update checked on the list as well as all the other Feb. updates.

I’m not sure what to do here. Should i leave things the way they are and just install the checked .net update (4076492) when it’s safe to do so?

Win7 SP1 x64  Thanks for any advice.

Win 10 Pro v.20h2

Reply | Quote

KB4076492 Is the .NET Rollup for Feb. When the time comes you can install it.

KB4033342 is the .NET 4.7.1 installer (not update). If it is unchecked, Woody’s advice is DO NOT CHECK ANYTHING THAT IS UNCHECKED BY DEFAULT.

3 users thanked author for this post.

cesmart4125, walker, rhp52

Reply | Quote

Thanks for responding. That’s what I thought but wanted to confirm. -Rob

Win 10 Pro v.20h2

Reply | Quote

@PKCano:  This is probably “off topic”, however there are a myriad of questions that cover numerous subjects, so thought I would ask this one.

Why do prompts continually pop up asking if Woody can send “notices” to us?  Or am I the only one that is seeing these?  Apologies if it’s “off topic”, however I’m puzzled that no one else has asked about it.    Thank you for all of the help you provide to all of us.   

1 user thanked author for this post.

JDeC

Reply | Quote

Good question. I haven’t experienced this, so I don’t know the answer.

Reply | Quote

@PKCano:  I found the answer relating to the puzzling pop-up message.    This seemed to begin after I updated Firefox (probably last version).   I found a reference to this feature, which allows any “user” to allow a website to send them “notifications”.

Hmmm.    Well, at least we know what it is, and apparently some users will be interested in its features.   However, not I.     Thank you for your reply, PC.      I am very grateful for all of the dedicated, hard work you do, and I know that everyone else appreciates it as well.  

Reply | Quote

Hello Walker, These notifications are from a “new feature” in firefox called Push Notifications. In my opinion a non wanted or asked for “feature”. You can turn it off by examining the following Mozilla sites:

https://support.mozilla.org/en-US/questions/1166835    which leads to,

https://support.mozilla.org/en-US/questions/1165867#answer-981820

One user said step #5 worked for them.

 

 

4 users thanked author for this post.

SueW, JDeC, walker, Bill C.

Reply | Quote

@Anonymous:  Thank you so much for all of this additional information!  I was unpleasantly surprised by this constant pop-up appearing without any warning.  The great reference links will most certainly be utilized as soon as I have the time.

Most important I have it in the email, and also wish to say “thank you” again for send it to me, and others so everyone is aware of how to get rid of it.   GREAT SLEUTHING!  Thank you once again!    

Reply | Quote

Walker, see woody’s new site on Firefox telemetry.

https://www.askwoody.com/forums/topic/telemetry-on-firefox/

Hope this helps you too.

 

Reply | Quote

I get them too after logging in, using Firefox browser.

Group B HP Pavilion-dv6 Win7x64 Home Premium-Intel Core i5-3210M CPU

1 user thanked author for this post.

walker

Reply | Quote

I’ve seen notifications on other forum sites, but not here.

Usually they come in the form of pop-ups somewhere in the browser page with sound… For example, “<Bleep> A new reply has been posted to this thread” or “<Bleep> Someone has replied to your thread” or similar.

Could be a WordPress feature Woody doesn’t use (or use yet).

-Noel

Reply | Quote

Win 7: Should I install KB 2952664? Now is marked as “important” so there must be some security which it fix. If will be only telemetry there is no reason mark it as important. Thank you.

Reply | Quote

anonymous wrote:

Win 7: Should I install KB 2952664? Now is marked as “important” so there must be some security which it fix. If will be only telemetry there is no reason mark it as important. Thank you.

KB2952664 is NOT a security patch. It’s purpose is for telemetry.
See @abbodi86 ‘s comments here.

1 user thanked author for this post.

BobbyB

Reply | Quote

Got a report from someone who installed the updates, group A Windows 7 64, installed nothing optional, then Firefox 64 latest version UI suddenly runs extremely slow. Not responsive at all, right after the reboot. Rebooted again, same issue.

UI is terribly unresponsive, clicking on a menu or typing in a location bar is delayed. Once you send the request, the page content is loaded quickly in one shot, but the UI is still awfully slow whenever you try to do anything with the menus or typing. Tried safe mode, a bit better but still not normal. No extension or anything running. This is weird.

2 users thanked author for this post.

AJNorth, MrBrian

Reply | Quote

I installed the Feb Rollup, .NET Rollup, MSRT, and some Office patches on Win7 Ult 64-bit. Running FF 58.0.2 with AdBloc Plus, Disconnect and NoScript.
No problems or weird stuff.

2 users thanked author for this post.

AJNorth, AlexEiffel

Reply | Quote

Hello AlexE, I have seen where after doing MS updates (that I do one-by-one), it may take 3 reboots to get the PC to boot at a normal speed. Ask the person to run MS “Disk Cleanup” and press the “Clean up System Files” button, and see about removing the “old MS updates and Previous Windows version OS” (some people are afraid of Disk Cleanup but it IS from MS and every Windows version has it). If you do, reboot afterwards.

I have found that Windows will run “idle tasks” after about 20 minutes of non use. Google “Process Idle Tasks”. Let the PC sit for an hour and not sleep. Reboot again and when up and running, the first thing you do is try Firefox. It may take Firefox 60 seconds to actually settle down. Firefox 58.0.2 is the newest release with 52.6 ESR newest Extended Release.  Others here may have suggestions too.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

From the catalog I downloaded and installed the Windows 8.1 x64 Internet Explorer security update, KB4074736, on my Win 8.1 test virtual machine and tested it, finding no problems.

I then installed in on my Windows 8.1 workstation. It went in without trouble and seems to work just fine.

I still am unwilling to accept the performance-robbing Spectre/Meltdown patches for my main workstation. I guard the borders jealously, but I don’t require my system to protect itself internally from things I actually choose to do with it. That’s just silly.

-Noel

2 users thanked author for this post.

The Surfing Pensioner, AJNorth

Reply | Quote

Thanks for your report, Noel.  I’ve made the same choice for the WIN 7 & 8.1 boxes under my wing that are operated per your careful approach, with one possible variation: the January Security Only Quality Updates have been installed (along with the IE Cumulative Security Updates), but the Meltdown mitigation was disabled utilizing GRC’s nifty InSpectre utility.

Cheers,

AJ

 

“Those are my principles, and if you don’t like them… well I have others.”
― Groucho Marx

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Noel did you install KB4074736 before installing WU’s given updates? Because I attempted to install it after WU’s updates but the installation repeatedly failed.

Reply | Quote

anonymous wrote:

Noel did you install KB4074736 before installing WU’s given updates? Because I attempted to install it after WU’s updates but the installation repeatedly failed.

Sort of. I did run Windows Update but I have never had the “QualityCompat” registry key set up by any AV software so Windows Update hasn’t even offered any substantial updates since December (“that’s not a bug, that’s a feature!”).

So this particular system is “up to date” as far as Windows Update is willing to go without that registry key, and now the latest IE update has gone in OK. Given that I’ve personally measured 30%+ I/O throughput degradations on well tuned, powerful systems on which Microsoft’s Spectre/Meltdown mitigation patches have been installed, this may be the wave I will continue to ride with this system. Daily scans with MalwareBytes haven’t turned up anything that’s gotten inside the moat, and browser updates improve the castle wall.

-Noel

1 user thanked author for this post.

AJNorth

Reply | Quote

Same here. Basically Group A, but I haven’t installed neither 2018-01, nor 2018-02 Rollups.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

2 users thanked author for this post.

Microfix, Noel Carboni

Reply | Quote

“Failed to install KB” anonymous again. I thought through this and since I downloaded the 3 updates from WU: 2 important one of them being Windows Malicious Removal Tool and 1 optional being the update for. Net Framework before downloading the security updates from MS Catalog.

I wonder if anyone can replicate my dilemma by downloading the 3 updates first and then attempt to install KB4074736 because only security-only quality update installed successfully.

If no results were yield then I’m starting to wonder if I truly need a security update for Internet Explorer since I barely use it.

Reply | Quote

anonymous wrote:

If no results were yield then I’m starting to wonder if I truly need a security update for Internet Explorer since I barely use it.

Internet Explored is an integral part of the Windows Operating System. Even if you don’t use it as your browser, the system uses it.
If you do not patch it, you leave your system vulnerable.

1 user thanked author for this post.

walker

Reply | Quote

Hello Anonymous, 1) what OS are you running? Windows 7, 8 or .. 10? 32 bit or 64 bit?  2) I agree with PKcano. You do need to install the IE11 patch because the OS uses files in IE even if you do not open IE. It is just “too integrated” to ignore.

I know people have their own ideas, and may even disagree, but…. I install IE updates first, Windows updates second, .Net updates third and the MSRT last. I have done it this way for years. Thanks to all.

Reply | Quote

Windows 7 to answer your question. But maybe after returning home I can try to perform system restore and redo the process in different manner to see if it shows different results.

Reply | Quote

Hello again Anonymous,  KB4074736 (IE11) should install. I almost never have an IE update fail. Go with your idea and do a system restore. Reboot at least 2 times afterwards. If you want to run a disk cleanup (a MS product) then fine. If not, that is fine too (some people are afraid). If you do, reboot after.

I have found that Windows will run “idle tasks” after about 20 minutes of non use. Let the PC sit for an hour and not sleep. Reboot again and when up and running, the first thing you do is try to install the KB4074736 and see if you succeed.  Others here may have suggestions too.

Reply | Quote

Hopefully it does work. >_>

Reply | Quote

Hello there,

In case you did not see it, I’ve another set of suggestions posted to your original thread, above.

Needless to say, between the various suggestions being offered by contributors, I hope that  your problem favorably resolves… .

Reply | Quote

Group A, Installed the Feb MSRT  update on Win 7 X64.  Every thing OK.  No problems. Left the rest go until Defcon 3.

Reply | Quote

Hi all,

In Microsoft support page:

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

there are registry settings to enable/disable the two security fixes related with CVE-2017-5715 and CVE-2017-5754 vulnerabilities.

Is this working? If so, maybe one can install the patches (fixes) and, in case of problems, disable the fixes via registry. In this case one can benefit from the security updates, present in the February 13, 2018-KB4074594 (win8.1), that are not related with the Meltdown/Spectre problem. Am I right?

Regards,

Rui

Reply | Quote

I did some testing on a Windows 7 hardware system that runs from an SSD array, and on which I measured a max cached I/O throughput drop from 1500 to 900 megabytes per second. That system was purpose-built to maximize I/O throughput; it’s not really acceptable to just take that away.

The after the fact registry entries made only a little difference – they did NOT return anywhere close to the original performance. I even made sure to reboot between changes/tests.

The rework of how Microsoft handles the memory management setup on entry/return from system calls is probably at fault for the slowdowns. There are also altered instruction sequences they’re compiling into Windows now, from what I understand, that may be less efficient to do the same things.

-Noel

2 users thanked author for this post.

AJNorth, MrBrian

Reply | Quote

Thank you NoelC.  We are waiting to see if MS is going to make a newer version of this January patch. We hoped something better would had emerged. If after another week there is no change I guess we will have to eat the loss and install the January Security only patch (win 7 64bit) and move on to February.  Woody, PK, Noel, any guidance at that time (in a week) is appreciated.

Reply | Quote

anonymous wrote:

We are waiting to see if MS is going to make a newer version of this January patch. We hoped something better would had emerged. If after another week there is no change I guess we will have to eat the loss and install the January Security only patch (win 7 64bit) and move on to February

MS is past January – there will be no newer version of the Jan. Patch at this point. And the Feb SO also contains the Meltdown/Spectre mitigation. See my comment at the top of this thread.

Looks like bite the bullet or stop patching.

1 user thanked author for this post.

AJNorth

Reply | Quote

Thank you PKCano for answering. I too felt “nope, this is it” and we were stuck with the January patch “as-is”. Noel did a good test and it worries me (I also assume he had the February patches too). BUT, Noel’s PC is deigned for max I/O and most typical home users are internet and email.

PK, you mentioned Spectre/Meltdown in the February SO patch. Do you know if the February SO patch tried to help this performance loss or just added more protections for Specter/Meltdown. Thank you again.               Windows 7 64bit, group b.

Reply | Quote

I suspect that the fix in Jan is the same as in Feb. There is no “helping” that I am aware of.

Reply | Quote

PKCano wrote:

Looks like bite the bullet or stop patching.

The depth of that really takes a while to sink in…

The industry has put us into a position where we have to agree to let them make our current products deliver tangibly less value or risk security problems.

And we’re nearly past questioning why we even NEED patches in the first place.

-Noel

1 user thanked author for this post.

AJNorth

Reply | Quote

All it takes is ONCE. Most people won’t know how to recover.

Reply | Quote

The cost of repairing/replacing my P.C. is going to be the same whether a buggy patch or a virus takes it out. So we’re left designing our individual risk assessment matrices.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Hi,

Using wushowhide, I see various office 2010 updates and others on my WIN01 1709. machine.  I do not see KB4074588 (cumulative update).  Any ideas why not?

Reply | Quote

In Windows Update you have to set the “delay quality updates” to “0” (zero) or the updates won’t show up. The “delay feature updates” can stay wherever you want it. (Assuming the ALLOW RegKey is set by your AV).

Reply | Quote

When I ran wushowhide, I set delay quality updates” to “0” (zero).  At that point I saw all the updates except KB4074588 (cumulative update) in wushowhide.  ALLOW RegKey is set by my AV (defender)

Reply | Quote

It was there after all – just missed it

Reply | Quote

PKCano wrote:

Looks like bite the bullet or stop patching.

I installed the January IE SO update, but not the January OS SO update (yet). Still group B; however, I’m not chomping at the bit to install it. I have an older HP system that I very much doubt will ever see processor microcode updates from HP. I might be headed to the stop patching camp.

1 user thanked author for this post.

SueW

Reply | Quote

I’m trying to understand: Are February patches still plagued by January’s patch issues related to AV installed?

February’s security only patches do not include January’s as well. The Monthly Quality Roll-up would though, correct?

Reply | Quote

Jan and Feb patches require that the AV has set the ALLOW Regkey in order to install from WU – and that is from now on.
Jan and Feb patches (Rollup and SO) contain the Meltdown/Spectre mitigation.

See my post ant the top of this thread.

Reply | Quote

Even on a clean install of Windows 10 Pro 1709 with the registry key set, Windows updates won’t show up here. Sure, the next Windows 10 release is around the corner so Microsoft retards can go ahead and break more stuff. Actually, Windows 8.1 is more stable and quite a bit faster than Windows 10 anyway; and 1709 is by far the slowest and c****ed up Windows version. Sure, the experts at Microsoft don’t care and the upcoming version has the same issues.

Reply | Quote

I updated KB4076492 which was changed to KB4054981 in the installed window, and KB0944598. So far I don’t see any problems with our Windows 7 64bit SP1 AMD processor.

Reply | Quote

For the first time in ages, I got a notification for an update with Office 2010 starter. Since I rarely use it anyways, and don’t know if it would even pop up the warning again anytime soon, I went ahead and installed it. But I have no idea what it did. Word and Excel still take their usual sweet time loading up and then work fine, with the single “ad” for upgrading to full Office.

Anyone have any details on this? If it happened all the time, I’d think it was just the Office 2010 updates filtering down to Starter, but, since such updates are so rare, I don’t know.

Reply | Quote

Yes, I have the Office Starter 2010 too, the click to run version on a Win 7 PC.  My Win 7’s windows update setting is set to “Check for updates, but let me choose whether to download and install them”. My Office Starter 2010 (click to run version) is typically (if  ever) not updated by windows updates, but instead silently updates in the background.  The only way I know Office updated is by checking the Office version number and comparing against the information in the website below. On the version I run, I check the office version by opening an office application (such as Word), select File,  Help and look for the Office click to product (click to run) update version. This is the website to see the Office Starter 2010 version update release dates. https://support.office.com/en-us/article/update-history-for-office-2010-click-to-run-products-ac74f68c-58f9-49b4-b7a7-75d899e4824d    Per this website, the newest version of Office Starter was released on 2-13-18 and is version 14.0.7194.5000.

Like you, today was the first time I was actually asked if I wanted to update Office. I was thrilled to be given a choice!!

Reply | Quote

Something else just occurred to me. If the registry setting is required going forward for updates, could it be used as a way to stop updates? Lock that setting where your AV app can’t set it and leave it off until you are ready for the latest updates, and see if it works.

Reply | Quote

Yes, for those updates that Microsoft uses it for. However, see FAQ #3 (“How long will Microsoft require setting a registry key to receive the Windows  security updates?”) at https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software.

Reply | Quote

Update from the “Failed to Install KB” Anonymous: Just performed System Restore and my Windows Update is now checking updates. Hopefully once it’s finished I will reattempt the installation of KB4074736.

If worst comes to worst, my laptop will have to survive for another month until a new IE security patch is released.

Wish me luck.

Reply | Quote

Me again. I’ve read the article about Group A and Group B. Is installing this month’s security monthly roll-up really not a good move?

Reply | Quote

Welp. System Restore plan was also a failure. I’m going Group A now and hopefully the Monthly Roll-up won’t jinx my laptop.

Reply | Quote

Thank you all for your suggestions. Now that the Monthly Roll-up is being downloaded, I salute you all for your time to assist me.

Wish me and my laptop luck.

-“Failed to install KB” anonymous

PS
I think the Internet Explorer security patch hates me because even the Monthly Roll-up won’t get installed.

Guess my laptop will have to survive for a month with just a security-only update. -_-

Reply | Quote

To Anonymous “Failed to Install KB :”   Very sorry to hear about your lack of success. This is not good.  If system restore failed then something large/system related got installed and it refuses to go back. Did you run the Microsoft “Disk Cleanup” and clean the system files of updates and previous version OS’s?

You have win 7 right?  Go here and get the update repair tool (#3) in the list for win 7.

https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors

Try the update tool and see. Good luck to you.  Keep us posted!

 

 

 

Reply | Quote

@anonymous:  What do the following mean in the email message (not on the copy I’m seeing here):

&nbsp

I see these often and don’t have a clue as to what they mean.   Thank you for any information you may have on these.   Thank you.

Reply | Quote

walker wrote:

What do the following mean in the email message (not on the copy I’m seeing here): &nbsp I see these often and don’t have a clue as to what they mean. Thank you for any information you may have on these. Thank you.

&nbsp is HTML coding for a single space within a line of text.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

walker

Reply | Quote

Walker,  Geekdom is right.  &nbsp  is a Non-Breaking SPace (NBSP) used in HTML (web page language). Some email programs don’t deal properly with HTML emails. You can ignore these HTML codes, or consider setting your email program to use and display  “Plain Text”. You will need to internet search (google) for how to do that if needed.

Edit to remove HTML from cut/paste

1 user thanked author for this post.

walker

Reply | Quote

@Anonymous I will check to see if that works. Curiously speaking, will my laptop be fine without the security update as long as I’m careful online as I’m aware vulnerabilities will remain on my system?

Reply | Quote

To Anonymous “Failed to Install KB :”  While at the moment there aren’t any attacks out for the Spectre/Meltdown it is a matter of time before they are. You can do various things to protect yourself like a good AV and have Malwarebytes, but the vulnerability and possibility is still there. Hope fully ideas here will help you, but if your MS updates fail to install, this is potentially a grave problem for a computer on the internet. I believe I read where Noel C has friends that constantly OR never update. Both seem to do well. If it were mine I would try to get Windows Update or whatever is causing the install failure, repaired.

Reply | Quote

Uninstaled Jan and Feb patches i have perfomanse lost up to 20 % on AMD Phenom 2 940 W7 SP1 x64

Reply | Quote

Update from “Failed to Install KB” Anonymous: Unfortunately, Disk Cleanup and the WU Troubleshooter was a bust as well. Error 80070057 is a stubborn foe.

Thank you all for your suggestions. My only hope now is that I’m not the only one in this boat and next month’s patch would work better for my laptop. In the meantime, I’m surfing online with care.

Reply | Quote

Forced update to 1709

Was at 1607, with Auto Update disabled, Defer Feature updates option set, and using WU ShowHide utility.  Ran WUShowHide, successfully hid the Feature Update for 1607 package, then ran Check for Updates.  PC was updated to 1709 anyway.  MS apparently is overriding other settings and the hidden status of the 1709 update this monthly cycle.  (Support for 1607 is scheduled to end in April.)   PC is stable at 1709 for first several hours of operation.  After 1709 update, privacy settings need to be reset, and various newly added pinned MS apps need to be removed to keep to previous desktop layout.  Windows Update is repeatedly giving a false error that the current Defender definition update can’t be installed, although the Defender window shows that the definition update has already been installed and definitions are current (this false error has been seen previously).

Reply | Quote

anonymous wrote:

Was at 1607, with Auto Update disabled, Defer Feature updates option set, and using WU ShowHide utility.

You’re saying that you were running 1607 Pro. Do you recall what number you had in the “Defer feature updates” box? There’s no blanket setting to defer feature updates.

Reply | Quote

Please correct me if wrong — I believe that in W10 Pro 1607 the Defer Feature Updates setting was a simple checkbox (enable/disable).   In newer Win 10 versions, MS modified it to a settable 0-365 day setting, and that modification or other more recent MS update system/policy changes may have obsoleted the old 1607 setting.   In any event, successfully hiding the Feature Update for 1607 (w/ WUShowHide) didn’t hold off the (inevitable) 1709 update any longer during this February 2018 cycle.

Reply | Quote

Some users had reported about Internet Explorer being prevented from accessing some SharePoint sites & at least 1 banking site (TD Bank), with the error message “Lockdown’ exploit prevented in Internet Explorer”.

https://community.sophos.com/products/sophos-central/f/sophos-central/100509/lockdown-exploit-prevented-in-internet-explorer-accessing-sharepoint-site/365097

Culprit patch could be Feb 2018’s Internet Explorer Cumulative Security Update (KB 4074736).

1 user thanked author for this post.

MrBrian

Reply | Quote

A different “To Anonymous Poster with IE Update Failure”.

I haven’t read through all comments posted, but in the past I have had problems on a couple of occasions updating IE using updates from the catalogue (both standalone and as part of the roll-up). My symptoms were that the update started, requested a PC reboot, but after doing this it got to about 90% completion (I forget the actual percentage) and then it would revert the changes.

I eventually found that the problem was due to incorrect logging data in the Registry in the Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT.

It was suggested in some other online forums that deleting this allowed other people to update IE, but being cautious I looked at this key using “regedit” and saw that it contained a large amount of stuff, not all related to IE, so simply deleting the whole key looked reckless.

So I did something like the following:

1) Exported this key to a file called something like WINEVT_Before.reg.

2) Deleted the key as I had read online.

3) Successfully installed the IE update.

4) Exported the new, much shorter version of the key to a file called something like WINEVT_After.reg. This contained 7 or 8 sub-keys related to the IE update which I assumed should probably be present for a successful later IE update (in a later month).

5) These .reg files can be opened in a text editor like Notepad, so I manually copied the sub-keys from the “After” file either replacing same-named sub-keys in the “Before” file or if not already present just adding the sub-key to the “Before” file. (From memory they were about half of each type.) This gave me an updated .reg file for the key containing the previous non-updated IE stuff plus the updated IE stuff. I then merged this back into the Registry (double clicking the edited .reg file).

I have since been able to update IE again in later months without problem. I have not tried this month’s IE update yet.

HTH

1 user thanked author for this post.

MrBrian

Reply | Quote

Interesting. Will that help resolve error 80070057?

– “Failed to Install KB” Anonymous

Reply | Quote

Dear Anonymous, thank you for your suggestion.

However, unfortunately error 80070057 is still my formidable foe and refuses to back down so the registry fix you suggested was sadly a bust too. -_-

I appreciate your help with my dilemma though and I hope for better luck in next month’s patch.

– “Failed to Install KB” Anonymous

Reply | Quote

error 80070057.

I’ve chased this for quite some time, on all sorts of updates that failed for an “unknown reason”.  Search the web, get suggestions for editing the registry, deleting files, renaming files, putting my hat on backwards, etc.  Nothing has worked yet..

Win7 Pro

Reply | Quote

Just to clarify I only deleted the suggested registry key as I found online.

– “Failed to Install KB” Anonymous

Reply | Quote

Sorry my suggestion did not help. I had no specific reason to think it would, but as all of the Windows Update problems I have ever had were with IE updates and not the core Windows OS file updates, I have had the same IE update frustration as you in the past.

Another possible IE-specific approach I used in the past was to uninstall the then current version of IE (possibly uninstalling each of its update KBs, working backwards before the actual KB which installed the current version – I don’t remember if I did this) and then re-install the current version from scratch using the latest installer downloaded from the Microsoft website (not via Windows Update – my thinking was that the latest installer should be up to date without having to go through the intermediate steps of the patch Tuesday update KBs after the 1st installation KB – I don’t remember if this assumption was correct). So basically if the current version was say 8, I uninstalled IE 8 (from Control Panel > Programs and Features > View installed updates) until I got back to IE 7 (or whatever came before 8 ) and then ran a downloaded IE 8 installer (and ran Window Update). As I remember this worked for me, but it may have been in the XP days 8 or 10 years ago so my memory is hazy.

Presumably this would not work with W10 because of its all or nothing updating, but it might still work for W7 or W8.1. I suppose if you have used Disk Cleanup to slim down Windows, on uninstalling IE KBs Windows to get back to the previous version it may run out of older version files to revert to – maybe it would give an error message on attempting a KB un-installation if it reaches that situation. All very messy!

Anyway if you are thinking of re-installing Windows from scratch to resolve this problem (an exercise which can take many hours), it might be worth trying this beforehand (an exercise which might take an hour?) because you would have nothing to lose (if you are going to re-install Windows anyway). Just a thought!

HTH.

 

Reply | Quote

I use Win 7 so all I have to do is to uninstall the last month’s IE KB update and reinstall before attempting the install of the current version?

 

– “Failed to Install KB” Anonymous

Reply | Quote

Hello – “Failed to Install KB” Anonymous, Glad to see you but sorry you still have the issue.

Please consider using 1) SFC System File Checker that comes with Win 7. 2) download, install and run the MS System Update Readiness Tool. I used it long ago on a Vista PC and it did help, but I had to do much work to eliminate the last few errors, but I did (you may need a technicians help).

Below are the URLs and one is even from DELL with suggestions/help.
System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [October 2014]
https://www.microsoft.com/en-us/download/details.aspx?id=20858

Fix Windows Update errors by using the DISM or System Update Readiness tool
https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness
Look for:  For Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008

Repairing Windows Update Issues with the System Update Readiness Tool (CheckSUR)
http://www.dell.com/support/article/us/en/19/sln285523/repairing-windows-update-issues-with-the-system-update-readiness-tool-checksur-?lang=en

Hope this helps. Keep us Posted!

Reply | Quote

From “Failed to Install KB” Anonymous: SFC found nothing wrong. This is what I got from CheckSUR:

https://pastebin.com/bbQY4Hi3

Reply | Quote

Hello – “Failed to Install KB” Anonymous, Sorry that failed. Looks like you did have some success in repairing some things. Found 128 errors  Fixed 112 errors. Not bad but you do have 16 errors left.

Do you have AVG antivirus?  Some of the remaining error appear to be avg: “(f)CSI Missing Winning Component Key0x00000000x86_policy.14.0.avg.vc140.crt_…….”

Another person had similar with Avast and a uninstall and reinstall of Avast fixed it.

If your updates are still failing you might consider looking into this site. I DO NOT know if they are good or not, but they seem to have success. (Anyone else here, please give opinions if you do know about, sysnative.com.)

https://www.sysnative.com/forums/windows-update-fixes-and-tutorials/11094-system-update-readiness-tool-surt.html

Person with AVAST errors and fixed them.
https://www.sysnative.com/forums/windows-update/22870-win7sp1-checksur-checking-component-store-found-18-errors.html

Hope this helps. Keep us posted.

Reply | Quote

That’s funny. My AVG was renewed and reinstalled not too long ago.
But if nothing can fix error 80070057, then I suppose I just got to be extra careful online.

– “Failed to Install KB” Anonymous

Reply | Quote

Hello – “Failed to Install KB” Anonymous, you might look at  sysnative.com  as I mentioned.

A google search did show,”[SOLVED] window update error 0x80070057 – Sysnative Forums” on at least 2 sites they have.

Windows update error 0X80070057
https://www.sysnative.com/forums/windows-update/19988-windows-update-error-0x80070057.html

window update error 0x80070057
https://www.sysnative.com/forums/windows-update/14399-window-update-error-0x80070057.html

If you do, keep us posted. Good Luck.

Reply | Quote

Except it took a short time for the IE KB to tell me it failed to install within a short time.

 

– “Failed to Install KB” Anonymous

Reply | Quote

But on the earlier suggestion of uninstalling previous KB, do I only uninstall last month’s IE KB?

– “Failed to Install KB” Anonymous

Reply | Quote

Re: “But on the earlier suggestion of uninstalling previous KB, do I only uninstall last month’s IE KB?”

With respect to my #168466 suggestion above I thought I would try a little experiment to see if my half-remembered suggestion is still a valid idea.

I copied my current Windows 7 32 bit system partition to a spare disk (because I did not want to disrupt my existing setup which is working fine) and put this drive into my PC for the experiment.

I searched for “internet explorer 11 installer” in a search engine and the 1st entry was

https://support.microsoft.com/en-gb/help/18520/download-internet-explorer-11-offline-installer

and scrolling down I found the Windows 7 SP1 32-bit installer and downloaded it. There is a similar 64 bit installer if you have 64 bit Windows 7. These installers are .exe files i.e. they are executable in their own right and are not inputs for the Windows Update mechanism. (This is how I remembered them.) Download the appropriate language version for your PC.

I uninstalled IE 11 by going to “Control Panel > All Control Panel Items > Programs and Features” and then “View installed updates”, scrolling down the list of updates until I found the line for “Internet Explorer 11” (it did not have a KB number) and using the right mouse button to uninstall it. It needed a reboot. I opened IE and it was now version 8 i.e. IE 8.

I now ran the installer “IE11-Windows6.1-x86-< your language >.exe” by double clicking it. It did request outgoing internet access (if you have a firewall blocking by default be prepared to allow this) and stated that it was downloading something during installation. I assumed that this was some updates but cannot be sure. This completed and it requested a reboot of the PC. After this completed successfully IE 11 was now (re-)installed.

I then installed the Feb 2018 IE update KB4074736 (the IE updates are cumulative) downloaded from the Windows Update Catalogue in the normal manner. As usual it requested a PC reboot and this update completed successfully.

I do not normally use IE (I’m a Firefox or PaleMoon man!) so I do not know if any of the IE settings before these operations were changed. You will need to check this yourself and set things back as appropriate.

So in summary:

1) Download the IE 11 .exe installer for your 32 or 64 bit Windows 7 and language from

https://support.microsoft.com/en-gb/help/18520/download-internet-explorer-11-offline-installer

2) Uninstall your existing IE 11 from

Control Panel > All Control Panel Items > Programs and Features > View installed updates

rebooting as requested.

3) Re-install IE 11 using the installer downloaded in 1) above rebooting as requested.

Hopefully this clean re-install will clean up the Windows Update mechanism failure which you are experiencing.

4) Bring this re-installed IE 11 up to date by downloading KB4074736 from the catalogue and installing it in the same way that you have been attempting so far. Hopefully this will now be successful.

5) Check your IE settings in case these have been altered.

Again I make no claims that this will fix your specific problem, but this approach did fix an IE update problem for me a few years ago.

HTH.

 

Reply | Quote

Oh so I should try make clean reinstallation of IE 11. I suppose one more option wouldn’t hurt.

But would the process affect my previous IE security updates?

 

Thank you for your time to assist me.

– “Failed to Install KB” Anonymous

Reply | Quote

As I understand it, the latest IE update which is currently KB4074736 contains all of the security updates included in earlier IE updates (released on earlier patch-Tuesdays).

So on uninstalling IE 11 (step 2) you will not have all security updates. On re-installing IE 11 using the downloaded installer (step 3) you may not have all security updates (unless Microsoft update the installer every month with the latest updates, which seems unlikely since Microsoft are not really interested in IE or pre-Windoes 10 software any longer – Edge and Windows 10 are their priority now).

If you successfully install KB4074736 (step 4) you will then get all of the previous security updates plus the latest Feb 2018 security updates i.e. you will be up to date.

Of course if you are still unable to install KB4074736 then this will leave you without the latest security updates. I guess that you could then try installing the Jan 2018 IE update which I assume you were able to install successfully to get nearly up to date, but that would not fix your Feb 2018 IE update problem.

If you have a spare disk drive for your PC, then you could copy your system partition to it and try this out using that disk (like I did) to see if it fixes your problem. If it doesn’t just put your current disk back in the PC again and you have not lost anything (except some of your time).

As I wrote above, if you are going to try to fix the problem by re-installing Windows completely, this might be worth trying beforehand because if it does not work you haven’t lost anything (except a little time) because you were intending to re-install Windows anyway.

I don’t think that there is anything more I can suggest in this area. Sorry!

HTH.

Reply | Quote

I understand what you mean. At the very least I can hope for next month’s update to be more successful.

Thank you for providing me help.
– “Failed to Install KB” Anonymous

Reply | Quote

*bows* I truly thank you from the bottom of my heart for all the time you put in to assist me with my issue.

While all the methods were no match against the ruthless and relentless Error 80070057, I am still grateful for your assistance.

Wish me luck for next month’s update.
– “Failed to Install KB” Anonymous

Reply | Quote

@anonymous:    I can’t find the message referenced in the email I received.   Showed it was sent on 2-16-18   at 4:14 p.m.  Message #167931 I think was the number.

This is about the “Push Notifications” which are really a nuisance.  I tried to utilize the information which is as follows:

*****************************

https://support.mozilla.org/en-US/questions/1166835    which leads to,

https://support.mozilla.org/en-US/questions/1165867#answer-981820

One user said step #5 worked for them.

**********************************

I tried the first link which took me to a “Page Not Found”, then tried the second link without any results either.   However  within a few moments there was the “Prompt” about allowing “Notifications”.   I clicked on the one box (I think it was the one on the R side of the pop-up”) and it allowed you to “allow, not allow, and one other option I think”.

I was so happy to see the “not allow”, I went for that, and it’s “permanent”.   Apparently this is not “old”, because I encountered on old link which showed it had been utilized before now, and the old messages had been archived..    I’m just enormously relieved that I found a way to stop these intrusive pop-ups in the middle of what a user it trying to do on the computer!

Thank you s0 very, very much for the information – – – – It really helped me to find the way to stop this irritating “pop-up”.        

Reply | Quote

Hello Walker, Yes I see the first link fails because there is an odd set of characters after it. It should go to,  https://support.mozilla.org/en-US/questions/1166835

(it should should stop at the 5, which is the last number, but it had a %A0 attached).

The 2nd link did work for me.  Drag down 1/2 way and read the section “All-Site Persistent Disable”.   https://support.mozilla.org/en-US/questions/1165867#answer-981820

 

1 user thanked author for this post.

walker

Reply | Quote

@anonymous:  Thank you for the clarification on the reason I had a problem getting to that first link.   I haven’t had time to try the new references yet.   If these “pop-ups” never show up again that will be “too soon”.     I’m too busy today to try to deal with it, however hopefully I’ll have time to devote to it in a few days.  Thank you for taking the time to respond to my message.    I appreciate all of the very knowledgeable assistance you provide!  

Reply | Quote

@geekdom and @anonymous:

I had to do some searching however located your msgs.  Thank you both so much for taking the time to respond to my question.   I sincerely appreciate it.     We are all fortunate to have members who are as knowledgeable as you are, that will share their information with us.      It means more than words can  adequately express,  and I know that others who are “computer illiterate” (as I am) also appreciate it as well.    Thank you once again!   

Reply | Quote

A security patch for Windows 10 (and Windows Server 2016) contains a hole. More information is here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-vulnerability-but-doesnt/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Question: Would turning off IE Protected Mode possibly allow KB4074736 to be installed successfully?

 

– “Failed to Install KB” Anonymous

Reply | Quote

Hello “Failed to Install KB” Anonymous, One poster called Gone To Plaid had a post on that below.

https://www.askwoody.com/forums/topic/new-version-of-the-windows-update-troubleshooter/#post-170663

Maybe he has a reason, and an answer for us.

Sorry to see you have not had luck installing that IE patch yet.

 

 

Reply | Quote

To Anonymous poster with failure of IE11 update. Reposting with more information.

Here is a video of repairing the WU. This will also work for windows 7 & 8.

The man goes into using Disk Cleanup and clearing system update files, then uses a MS Windows Update Repair tool and mentions  power management settings to allow large updates to succeed. He has success with these tools on his PC which was Windows 10 failing to go to build 1709.

Windows Update Troubleshooter BuildOrBuy Published on Jan 28, 2018
https://www.youtube.com/watch?v=XmH5mDpXj-U

 

Reply | Quote