We’re at MS-DEFCON 3, and it’s a very good time to get caught up. Either that, or wait for everybody to start bugging you around the holidays. I just
[See the full post at: Getting caught up with Win7 patches]
|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
Getting caught up with Win7 patches
- This topic has 9 replies, 9 voices, and was last updated 7 years, 4 months ago.
AuthorViewing 4 reply threadsAuthor-
-
Windows MSRT 64 bit for W7 November, 2017, KB 890830 is still unchecked this month. I have not installed it because it is still unchecked. Am I right? – anonymous
I am also running Windows 7 64-bit. MSRT was not checked for me either. First I installed the November Roll-up on its own. Then, after rebooting, I installed MSRT to stop the nagging. I had no issues.
-
-
-
NOVEMBER patches that are CHECKED in the “important updates” list are safe to install. DO NOT install anything that is UNCHECKED. DO NOT install anything that has a DECEMBER release date yet – Dec. patches have not been vetted yet
The quoted post by PKCano is the policy on the matter of unchecked updates.
So long as a person has a locally installed AV, all should be well.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
1 user thanked author for this post.
I fully understand that the advice here is oriented toward the masses, not to computer engineers, but this might deserve a little elaboration:
There’s no reason to disable Windows Update.
That kind of depends on 1) whether you want to retain ultimate control over your system and 2) whether you know what you’re doing and can recover from unexpected things.
I personally keep the Windows Update service disabled (along with my firewall configured to block attempts at updating the system should the service become started spontaneously). I don’t regularly enable/disable any “diagnostics” as mentioned. I’m not even sure what “diagnostics” are being referred-to; perhaps they’re in one of the updates I’ve hidden in the past. I also have a number of services and scheduled tasks that I don’t need disabled permanently.
Regarding the mechanics of actually getting through a Windows Update…
About once a month, some time after updates have become generally available and when I’m well and ready for their application, I reconfigure my firewall, enable and start wuausrv, and ask the Windows Update applet to start the process by pressing the [Check for Updates] button. I vet each of the entries listed so that I fully understand what’s about to be done, hide any that I’ve identified that I don’t / never want (this list is very small), and finally instruct the applet to apply them. Just before the reboot I configure the firewall back to its less permissive state and the Windows Update service back to Disabled.
I do all the above first on a set of virtual machines I maintain for testing, and finally on my hardware systems after I have done sufficient testing and online research to ensure there is no loss of functionality that I rely upon.
I’ve found this approach fully sustainable for both Win 7 and 8.1. All my systems are running efficiently and without faults. I can’t remember the last time I had to work around or recover from a problem unexpectedly introduced by an update, and my systems are posting Reliability scores that are the best they’ve ever achieved.
FYI, I HAVE on at least one occasion seen the Windows Update service get started spontaneously even with it’s Startup set to Disabled. This is why I’ve configured my firewall as I have. It’s MY computer system, not Microsoft’s to do with as they please, when they please. As an entrepreneur I can’t afford any downtime. Microsoft has already proven that they care less about my productivity than I do.
By the way, regarding disabling the Windows Update service between updates, Win 10 is another story entirely. I’ve found that if you don’t do things just their way, Microsoft has made the Windows Update process so that it just stops working without ANY indication of what’s gone wrong. And worse, the rules keep changing, so it’s difficult to develop and maintain a consistent strategy of control. My conclusion: A system I continually have to second-guess and tweak to keep working the way I want is simply not for my business hardware.
-Noel
Today installed the Nov 2017 Security Only Update KB4048960 for Win7 Pro x64 – which wiped out direct access to Windows Media Player. I was presented with a WMP Welcome screen when I tried to open WMP. Went thru the process provided through the Welcome screen. Discovered that I now have WMP version 12.0.7601.23930, which apparently fixes the Content Protect problem previously created for Security Only updaters.
So….., I can rip and burn CDs again and play them on CD players other than this computer, which has not been possible since the Content Protect fiasco. (This problem was apparently fixed for those who install Monthly Rollups with the Sept 2016 KB3185278 rollup which included WMP version 12.0.7601.23517.)
1 user thanked author for this post.
Viewing 4 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
OTT Upgrade Windows 11 to 24H2 on Unsupported Hardware
by 6 minutes ago
-
Inetpub can be tricked
by 1 hour, 25 minutes ago
-
How merge Outlook 2016 .pst file w/into newly created Outlook 2024 install .pst?
by 35 minutes ago
-
FBI 2024 Internet Crime Report
by 3 hours, 56 minutes ago
-
Perplexity CEO says its browser will track everything users do online
by 1 hour, 20 minutes ago
-
Login issues with Windows Hello
by 15 hours, 1 minute ago
-
How to get into a manual setup screen in 2024 Outlook classic?
by 2 hours, 55 minutes ago
-
Linux : ARMO rootkit “Curing”
by 1 day, 2 hours ago
-
Employee monitoring app leaks 21 million screenshots in real time
by 1 day, 2 hours ago
-
Google AI is now hallucinating idioms
by 1 day, 3 hours ago
-
april update
by 5 hours, 23 minutes ago
-
Windows 11 Insider Preview build 27842 released to Canary
by 1 day, 4 hours ago
-
Quick Fix for Slowing File Explorer
by 1 day, 4 hours ago
-
WuMgr not loading?
by 3 minutes ago
-
Word crashes when accessing Help
by 8 hours, 23 minutes ago
-
New Microsoft Nag — Danger! Danger! sign-in to your Microsoft Account
by 1 day, 3 hours ago
-
Blank Inetpub folder
by 1 day, 1 hour ago
-
Google : Extended Repair Program for Pixel 7a
by 1 day, 14 hours ago
-
Updates seem to have broken Microsoft Edge
by 1 day ago
-
Wait command?
by 1 day, 7 hours ago
-
Malwarebytes 5 Free version manual platform updates
by 1 day, 21 hours ago
-
inetpub : Microsoft’s patch for CVE-2025–21204 introduces vulnerability
by 2 days, 3 hours ago
-
Windows 10 finally gets fix
by 2 days, 12 hours ago
-
AMD Ryzen™ Chipset Driver Release Notes 7.04.09.545
by 2 days, 13 hours ago
-
How to use Skype after May?
by 22 hours, 16 minutes ago
-
Win 7 MS Essentials suddenly not showing number of items scanned.
by 2 days, 8 hours ago
-
France : A law requiring messaging apps to implement a backdoor ..
by 3 days, 3 hours ago
-
Dev runs Windows 11 ARM on an iPad Air M2
by 3 days, 3 hours ago
-
MS-DEFCON 3: Cleanup time
by 17 minutes ago
-
KB5056686 (.NET v8.0.15) Delivered Twice in April 2025
by 1 day, 9 hours ago
Remembering Woody
