Is Microsoft using security patch KB 3146706 to break pirate copies of Windows 7?

Topic

New Reply

More evidence – and an English description of the mysterious “Ghost” pirate version of Win7, prominent in China. An accident? Or a fortuitous attack v
[See the full post at: Is Microsoft using security patch KB 3146706 to break pirate copies of Windows 7?]

Reply | Quote

Replies

If I remember correctly MS was allowing pirate copies of Windows to upgrade to Win10 during the free upgrade period. If so, there’s no point in targeting those copies until the free upgrade period expires.

Reply | Quote

3146706 was definitely checked when the April updates were first notified to me. It became unchecked a couple of days or so later after the China story had broken. It remains unchecked, and I anticipate hiding it when I deal with the updates generally.

Reply | Quote

Thanks!

Reply | Quote

Nope. There was a rumor that MS was allowing pirate Win7 installs to upgrade to Win10, but MS put an end to the speculation.

That’s the official story. I don’t know enough to say if one of the pirate versions of Win7 managed to get upgrade (and validated) with Win10. I also don’t know if there are any pirate versions of Win10 that work.

Reply | Quote

Woody, do you know whether you will recommend installing KB3146706 on Windows 7 computers when you move to MS-DEFCON 3? Or will you recommend hiding it? Or possibly just leaving it unchecked? Just curious.

Reply | Quote

As rumors go, it was widely reported by many reputable sources.

Regardless, if 3146706 was being used to target pirate versions of Win7 I still have to ask why now?

I’m more inclined to believe that it’s just fallout from the less than stellar QA that is applied to the update pipeline these days.

Reply | Quote

If Microsoft doesn’t check it, I certainly won’t!

Reply | Quote

Seeing that the patch is also for Vista, I don’t think this is a deliberate pirated Windows 7 crackdown. More likely that patch is incompatible with some Norton driver that Ghost is loading. Live and learn, I had no idea that’s the preferred 7 crack method of choice in the far East =) Very clumsy.

Reply | Quote

Thanks much for the reply, Woody!! I also read your comment at InfoWorld indicating you “anticipate hiding it when you deal with the updates generally”.

Reply | Quote

If it’s anything like the cracks in Thailand, somebody will run Ghost on a good copy of Windows, then modify the Ghosted copy. Subsequent installations may be called “Ghost” when they may not have any resemblance to the original Ghost. It’s colloquial for “pirate.”

Reply | Quote

Not officially and it wouldn’t make sense anyway. If this is possible or even tolerated behind the scenes this is something different.

Reply | Quote

I had the patch KB3146706 installed immediately after release without side-effects like most of the other patches which have problems for some users, due to specific configurations not sufficiently tested by Microsoft.
I uninstalled it due to many problems reported and brought to our attention by Woody here on the website and placed it in standby since then.
If it comes unticked, then the best option I think is to wait and see. This has been the case with many Office updates recently, which after a while (after being fully QA-ed?) were offered ticked by default.
It may be Microsoft’s way of saying “not fully tested, but not as bad to grant retirement (yet)”.

Reply | Quote

Well he was quoting Seff – up above – but obviously in agreement.

Reply | Quote

That comment was actually quoting my comment above, Woody has yet to advise on his views as to whether this update should be installed or hidden.

My final decision on whether to install it or hide it will depend on the advice from Woody and others as to whether there is anything specific about the update that necessitates its installation, although while it remains unchecked the usual default advice presumably applies and it should be left well alone.

Reply | Quote

It should not be installed or hidden at this point – just ignored.

Reply | Quote

Several users (specifically a certain country) received this update ticked but the majority of us received it unticked.

There is no documentation on this security update to know what it fixes, only that it has something to do with Windows OLE (which is primarily used for managing compound documents but also for transferring data between different applications using drag and drop and clipboard operations).

Unticking it is interesting. It is like saying it is not dead, just resting. It has been a week and MS has not withdrawn it or released a new version. It remains in a catatonic state, unless you nudge it yourself.

Reply | Quote

I’m not sure that (the majority of us received it unticked) is true – some people in the US report seeing it ticked, at first. I didn’t catch it soon enough (or know the importance soon enough) to verify on my machines.

I’m also not sure if it’s still ticked in China. Interesting question!

Reply | Quote

For the avoidance of doubt (having earlier referred to the update being ticked initially), I am in the UK (specifically England) and not China! I always receive my first notification of updates within a few minutes of switching on my two computers on the Wednesday after Patch Tuesday, which is when this update was ticked on both machines.

Reply | Quote

I received the patch KB 3146706 as checked on a Win 8.1 system and have not as yet installed. Still scratching my head as to whether it should be installed at this time?

Reply | Quote

You (along with Seff) are correct Woody, when KB3146706 was first released it WAS pre-selected here in the US.

I started testing the painful WU wait times at 4 am (EST) on 4/12 and when the list finally appeared at 11:45 am there were no updates in the list that were not checked.

On 4/14 I decided to test the WU wait times again on another system and noticed this update was NOT checked when they finally appeared at 9:30 pm after about a 4 hour wait.

I booted the first test system back up again for the first time since the Tuesday test and sure enough it was now un-checked. I don’t know exactly when MS made the change but it was sometime between 11:45 Tuesday morning & 9:30 Thursday evening.

Reply | Quote

I received KB 3146706 as a checked security update with the April patches on a Win 8.1 system. It remains checked but uninstalled as I have not yet decided if it is safe to install.

Reply | Quote

Thanks for the confirmation – and the GREAT recall!

Reply | Quote

Hang in there. I’ll review all of the outstanding patches shortly.

Reply | Quote

Here is Australia it was ticked when it was originally released, unticked last time when I checked.
I personally think it is safe to install by now, at least for those users not having the specific known configurations which cause issues.
Let’s wait few more days, Woody knows more about the right timing and will update the MS-DEFCON soon.

Reply | Quote

Thank you for all your help Woody.

Reply | Quote

Given that KB 3146706 remains unchecked, and with May’s updates about to hit us, is it time to hide this particular update? I don’t like having old updates that are being ignored lying around on the notification list unnecessarily, it’s too easy to get things muddled and install them by mistake. Once hidden they can always be restored – assuming they don’t get re-offered anyway.

Or is there a valid reason to install this one now despite it having remained unchecked for a couple of weeks or more?

Reply | Quote

I’m not sure what’s up with 3146706. It’s unchecked on Win7, but checked on Vista. You can hide it if you like – if MS re-releases it, almost certainly it’ll pop back out of hidden.

Reply | Quote

Not sure if this is important but 3146706 changes the BuildLab & BuildLabEx entries in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion from GDR to LDR. Uninstalling 3146706 reverts the entries back to GDR.

Also 3146706 is checked again here.

Reply | Quote

Interesting. No idea if that’s a problem or not, but I added your comment at the end of the InfoWorld post.

Reply | Quote

This update totally makes gaming on Windows 7 suck.
Even browser games like slitherio lag like crap with this OLE update installed.
https://www.dslreports.com/forum/r30756811-WIN7-I-think-Microsoft-is-sabotaging-Windows-7-with-Security-Updates

Reply | Quote