Group B and Patch blocklists

Topic

New Reply

Good question from L: I’m in Group B and I’d like to ask a question about something I’ve been confused about ever since you posted it about a year ago
[See the full post at: Group B and Patch blocklists]

Reply | Quote

Replies

In my opinion, Group A users ought to be instructed to avoid the telemetry updates also.

Reply | Quote

If you stop and think about it Woody what you’re saying is a bit contradictive. If we’re in Group B we’re supposed to be downloading and manually installing the “Security Only Update”.

So if we’re installing the “Security Only update”… why would we be installing updates that are NOT “Security” updates?

Reply | Quote

Let me try to clarify things a little., starting with Windows Update. Not all the patches delivered through Windows Update are Windows patches. There are patches for other MS products like .NET, Silverlight, Office, C++, MSE, etc.

Previous to start of Cumulative Updates, Windows patches were grouped into “Security Updates for Windows” (security) and “Updates for Windows” (non-security). There were also patches for IE. Microsoft has rolled these three up into one patch called “Security Monthly Quality ROLLUP for Windows.”

For those who did not want to install the non-security portion of the monthly updates, MS provides a “Security Only Quality UPDATE for Windows.” This used to contain the update for IE11 as well, but as of March 2017, MS separated the security-only into patches for Windows and patches for IE11.

It is my understanding that the Group A (accepts everything) and Group B (security-only) methods pertain to Windows/IE11 patching, NOT the other MS products. So patches for the other products should be installed unless they are causing problems.

And that is why Woody implements the DEFCON system, to give time for all the patches to be vetted so we are not Guinea pigs.

10 users thanked author for this post.

walker, Elly, AJNorth, SueW, abbodi86, Charlie, HiFlyer, woody, Noel Carboni, jelson

Reply | Quote

Windows Update is divided into two lists “important updates” and “optional updates.” Updates that are CHECKED get installed, no matter which list they are in. UNCHECKED updates do NOT get installed, no matter what list they are in. Microsoft’s can change the classification of updates.

The “optional  list” (link of Windows Update home screen) contains updates that Microsoft does not classify as necessary for everyone. They are UNCHECKED by default, therefore, they do not get installed by default. The updates in this list may be classified as OPTIONAL or RECOMMENDED (but not necessary). For example, they may be patches that are for specific situations that not everyone has or functions that not everyone uses. or just plain not necessary for functionality.
If the checkbox under Windows Update settings is set for “Give me recommended updates the same way I get important updates,” the RECOMMENDED updates from the “optional list” are instead sent to the “important list.”

The “important list” (link of Windows Update home screen) contains updates that Microsoft classifies as IMPORTANT or RECOMMENDED (if the “Give me recommended” box is checked). These updates can be security related or non-security. They are usually CHECKED by default, but also can be UNCHECKED by default. If unchecked, they are NOT installed when Windows Update is run.

The usual recommendation is “DO NOT check anything that is unchecked already.” That  includes all of the updates in the “optional list” as well as those unchecked in the “important list.”
If there is an update in the “important list” that you do not want to install (as with “Security Monthly Quality ROLLUP for Windows” if you are in Group B), UNCHECK it before you run Windows Update and it will not get installed.

5 users thanked author for this post.

walker, Elly, HiFlyer, SueW, woody

Reply | Quote

Woody:    Thanks very much for your response.  I’ve got a couple of questions about it in order to try to clarify my understanding.  Here are my questions:
1.   In your response, you said that in broad terms you “have those in Group B skip the Recommended updates”.  How do I tell which ones are “Recommended updates”?  In my Update window,  I see the words “Important”  and “Optional”  and “Security”,  but I don’t see the word “Recommended”.  Generally the window looks pretty much like Figure 4-4 in your book  “Windows 7 All- in-One for Dummies”,  and I don’t see the word “Recommended” in that Figure 4-4.  I assume that there’s a difference between “Important” and “Recommended” because Microsoft uses the terminology “give me recommended updates the same way I receive important updates”.   On Page 659 of your book,  you say “there’s  a very thin line between Important and Recommended”,   and then you say “see the nearby ‘What’s a critical update?’ sidebar”.  But when I read that sidebar,  I don’t see the word “Recommended” there.   Also, I don’t see the word “Recommended”  in the Microsoft article entitled   “Description of the standard terminology that is used to describe Microsoft software updates”,   and so I’m having trouble finding the difference between a “Recommended” update and an “Important” Update.   So I’d appreciate it if you could answer how to tell which updates are “Recommended”.
2.   In your reply, you also said “The most important part: If you see something that’s checked, don’t uncheck it unless the instructions specifically tell you to uncheck.”  In my experience,  usually the ones that Microsoft lists as “Important”  are checked,  and so based on that, I would install those ones that are checked (after you’ve given the Defcon Go-ahead).   But I’m wondering if the waiting period you give before giving the Defcon 3 go-ahead is long enough.  Here is one possible example:   I’ve kept screenshots of all my Windows Updates windows for the past few years and I notice that in April of 2016, the box for KB3133977 was checked.  As far as I can tell from your Defcon 3 article of April 28, 2016,  you did not recommend unchecking the box for that one.   However later in May of 2016, it surfaced that that was a problematic update which then resulted in some postings on your own website in May of 2016  as well as elsewhere on the Internet (see article “Microsoft Warns Windows 7 Has A Serious Problem” at  https://www.forbes.com/sites/gordonkelly/2016/05/04/microsoft-warns-windows-7-boot-up-problem/#42105aad7295 .  According to that article,  it turns out that in April of 2016 Microsoft switched it from “Optional” to “Recommended”.  I do know that I myself unchecked the box for that update,  but I think I did so based on your article of March 11, 2016,   in which you said “In the future,  only install security patches for Win7 and 8.1. Don’t install optional patches”.  It had appeared to me that it wasn’t described by Microsoft as either a security patch or an optional patch (it appeared to me that it was described as an “Important” patch),  so I made an assumption that I should uncheck the box for it.  But some people may not have,  and perhaps some of them ran into trouble later.  This is just something I happened to run across,  and so it’s possible I’ve got the whole thing mixed up, but don’t have time to research the whole history on it (and it’s a little confusing also because my screenshot shows it as “Important”  rather than “Recommended” and I’m still a little unclear about the difference between “Optional”, “Recommended” and “Important” partially because in my mind the word “recommended” has a connotation of being “optional”),  but the only reason I mention it is to help me understand Windows Updates better,  and also it makes me wonder whether your waiting time is long enough before you give the “Go Ahead”,  and so I ‘d appreciate any thoughts you might have on this.   It’s quite possible that this may be an example of why you gave it a level of Defcon 3,  rather than a higher- level Defcon 4 or 5,  but I just thought I would ask.

 

EDIT  Html to text

Reply | Quote

See above https://www.askwoody.com/forums/topic/group-b-and-patch-blocklists/#post-107057

2 users thanked author for this post.

L95, woody

Reply | Quote

L95 wrote:

So I’d appreciate it if you could answer how to tell which updates are “Recommended”.

Microsoft’s terminology is horrific. At the most basic level, you don’t need to worry which patches are “Recommended” if you follow the steps I print every month. The more detailed explanation:

Microsoft releases patches with one of (at least) three categories: Important, Recommended, Optional. Every patch is identified with one of those three settings.

Windows Update, on the other hand, only recognizes two categories – Important and Optional – but it also has boxes next to each patch. If you check the box, you get the patch the next time Windows Update runs; if you don’t check the box, you don’t get the patch.

Checking the box marked “Give me recommended updates the same way I receive important updates” makes Microsoft-designated Recommended updates show up in your Windows Update list as Important, and the patch is pre-selected for installation.

If you don’t have that box checked, the patch appears in the Optional section, the name’s italicized, but the installation box is not selected. Thus, the patch won’t be installed on the next run of Windows Update.

L95 wrote:

I do know that I myself unchecked the box for that update, but I think I did so based on your article of March 11, 2016, in which you said…

The world has changed since March 2016 and Win7/8.1 completely changed in Oct. 2016.

Best bet is to follow the instructions that I post every month.

L95 wrote:

it makes me wonder whether your waiting time is long enough before you give the “Go Ahead”

Sometimes I get caught – I give the go-ahead and later events prove that Microsoft screwed up. When that happens, I post detailed instructions on how to un-screw things the following month.

The particular problem mentioned by Gordon only happened with ASUS motherboards. I talk about it here: http://www.infoworld.com/article/3065487/microsoft-windows/recommended-kb-3133977-patch-can-cause-asus-pcs-to-freeze.html

3 users thanked author for this post.

L95, Charlie, HiFlyer

Reply | Quote

“Give me recommended updates”

Reply | Quote

I install all Recommended updates, except for those that are telemetry-related. Microsoft employee Nathan Mercer stated at https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/#comment-11515:

“… Microsoft recommends installing all recommended updates.”

Reply | Quote