January patches for Win7, KB 4480970 and KB 4480960, break networking

Topic

New Reply

Tell me if you’ve heard this one before. I first read about it on Günter Born’s site, but word is starting to spread: The KB4480970 (Monthly Rollup) a
[See the full post at: January patches for Win7, KB 44080970 and KB 4480960, break networking]

8 users thanked author for this post.

gromit01904, Elly, Demeter, Karlston, SueW, geekdom, sproket90, abbodi86

Reply | Quote

Replies

I’ll wait for the Computerworld article, but the tinfoil-hat guy in my brain says this is just the beginning of a MS plot to irritate Windows 7 users monthly. Why? To upgrade to Win 10 whatever, of course! “See? Windows 7 is old & starting to break down. Don’t stay unprotected in 2020, upgrade to Windows 10 ASAP. It’s better now!”

“No, we’ll still be rolling out new versions twice a year (more or less).”

“Well, the monthly patches shouldn’t break every month. But if they do, we’ll fix them. Just like we have all along. We promise Windows 10 will be better. Upgrade Now… pleeease?“

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

7 users thanked author for this post.

Steve, Charlie, Demeter, Karlston, Bill C., BobbyB, SueW

Reply | Quote

 I figure 7 breaks reaches end-of-life soon enough and Microsoft need to support 7 until then even if only a handful of users  are left. My logic says they are using recent graduates or other ‘cheap’ programmers on maintaining old software while their gun programmers are working on things that will earn profit in future.

Reply | Quote

The great thing about 7 is that I can choose what to install every month, and when!

I can also uninstall it no problem if it does cause problems, and it’s totally up to me when I try again! Control at my fingertips, lovely!

1 user thanked author for this post.

Cybertooth

Reply | Quote

The problem is that backing out these KBs does not fix the issue.  I use Remote Desktop Connection every day and these patches broke it.  Now I wait patiently for the geniuses at MS to fix their error.  Go to Windows 10?  Sure but I would have to update all my hardware first.

Reply | Quote

This kind of news is both irritating and scary.  MS is scaring me right out of their store!  I’m already getting familiar with Linux and it’s looking like that’s going to take the place of the OS I use for surfing the web.

If MS doesn’t get their act together soon it’s all over.  Nothing to go figure, it’s plain as day.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

woody wrote:

Tell me if you’ve heard this one before. I first read about it on Günter Born’s site, but word is starting to spread: The KB4480970 (Monthly Rollup) a[See the full post at: January patches for Win7, KB 44080970 and KB 4480960, break networking]

can confirm it broke a HP Z440 workstation this morning

1 user thanked author for this post.

woody

Reply | Quote

Krebs On Security quoted you:

It generally can’t hurt for Windows users to wait a day or two after Microsoft releases monthly security updates before installing the fixes; occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.

Case in point: Computerworld’s Woody Leonhard notes that multiple organizations are reporting problems with their file-sharing operations after installing this month’s patch rollup.

 

10 users thanked author for this post.

cesmart4125, Steve, Elly, Demeter, Karlston, WildBill, wEarwOlf505cole, fernlady, Microfix, woody

Reply | Quote

Excellent.

If you’re watching, thanks for the nod, Brian!

1 user thanked author for this post.

warrenrumak

Reply | Quote

Networking is DEFINITELY badly broken. No Windows 7 machine should apply this update. All of our test systems died a horrible death. A quick fix is to do a System Restore and disable Automatic Updating if it is not already disabled.

Reply | Quote

Are you seeing an oem<number>.inf NIC disabling problem, or one more like Martin’s description, where a person who’s an admin on the target machine can’t log on?

Reply | Quote

The primary NIC is reinstalled so it is a variation of the oem<>.inf issue. Once it reinstalls it works fine to the internet, mail, etc. A more serious issue for us is problems with SMB2. This is causing *very* slow network access to the file servers.

Update – we have “fallen back” to testing with our Samba file servers. With some tweaking to the protocol settings, they can be made to work correctly with the update even as we continue to have “issues” with the Windows file servers. It’s pretty sad when Samba works but not Windows.

Does anyone know why Microsoft chose to start modifying SMB2?

Reply | Quote

I tried restore and that did not fix the problem.

Reply | Quote

Have you tried uninstalling the update?

Reply | Quote

Windows 7 x64 Home Premium Group A.

I have NOT installed the January updates and do not plan to until further clarity.

I am trying to understand what is “smbv2” and whether the January monthly rollup networking issues would adversely affect a single computer if installation was attempted.

Reply | Quote

It’s my understanding that the problem only crops up if you’re trying to log into a patched machine over the network – and if the person doing the login uses an account that has admin privileges on the receiving end.

But I’m not 100% sure about that.

2 users thanked author for this post.

OscarCP, ashfan212

Reply | Quote

I’ve got several Win 7 Pro machines here.  The ones with the patches have broken Remote Desktop Connection.  The ones without the patches can access all computers using Remote Desktop Connection, even the ones that have been patched.  So the patch breaks RDC from working on the patched computers.  You get the message “Remote Desktop Connection error The Local Security Authority cannot be contacted” when you launch RDC and try to connect to another computer from a patched machine.

Reply | Quote

Try uninstalling the update.

Reply | Quote

I would like to but when I go to uninstall and look for the updates I find the KB4480970 (Monthly Quality Rolllup) and a KB4480063 (Update for Microsoft Windows) installed on Jan 9.  Now the problem is that when I look at the update history I don’t see the KB4480063 listed.  So do I uninstall both or just the KB4480970.  Note that there were 7 patches installed on my computer on January 9.

Reply | Quote

Check ‘Installed Updates’ (found near bottom of left panel  of Windows Update). It will list the updates that are installed, and you can uninstall them from there.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

4480063 is a .NET update. See https://support.microsoft.com/en-us/help/4480063/ .
As the title of this thread indicates, it is the Monthly Rollup Updates that are trouble makers.
Remove 4480970.

Reply | Quote

The primary NIC is reinstalled so it is a variation of the oem<>.inf issue. One it reinstalls it works fine to the internet, mail, etc. A more serious issue for us is problems with SMB2. This is causing *very* slow network access to the file servers.

2 users thanked author for this post.

Karlston, Microfix

Reply | Quote

I was born BC, before computers.  Please tell me what SMB2 is.  Is it the same as smbv2?  And what is SMB?

Thanks for your help.

Reply | Quote

So what kind of symptoms are users having?

Reply | Quote

Network connections don’t work.

Reply | Quote

see this link from main blog post: further details

If debian is good enough for NASA...

Reply | Quote

I have small home network with 2 PC’s and 3 tablets and sharing is enabled to allow file transfers between them. Is this going to break that? I can see my shared folders and files on the other computers through the navigation pane on each computer.

Reply | Quote

The patches haven’t been out for an entire day. We’re on DEFCON2. I would recommend waiting till the dust settles and we know more about the issues before trying to patch. Lately, Microsoft has been known to leave bad patches out there for 4-5 days before pulling them, and even longer before releasing a fix.

Wait.

6 users thanked author for this post.

Steve, SueW, geekdom, Elly, Microfix, woody

Reply | Quote

Thanks…I take that to mean maybe it will.  Holding off.

Reply | Quote

Question about the new Windows 10 update KB4100347 for Skylake Intel Microcode update.

Is this something that should be hidden right from the start or is this a wait and see item. The last chipset updates, I hid, and have never installed?

Reply | Quote

The Intel microcode patches issued by MS have frequently caused problems. I would continue to hide them for the time being. There are no Meltdown/Spectre exploits in the wild that I know of.

1 user thanked author for this post.

Microfix

Reply | Quote

Thanks..Will do.

Reply | Quote

The Register has its usual Tongue in Cheek article on the latest patching debacle for Win7 and apparently Server 2008 R2: https://www.theregister.co.uk/2019/01/09/windows_7_network_broken/
Reddit has a few choice Solutions in its usual style: https://www.reddit.com/r/sysadmin/comments/ae5njm/warning_for_windows_7_kb4480970_smbv2_shares/
Looks like the best solution is to remove the errant patch, well we always have SMB1.0 to fall back on …..oh wait 😉 (Sarcasm)
Definite quote of the Week from Krustyy on Reddit on patching strategy:
I think I have my automated deployment rules set to something glorious.
2nd Tuesday: do nothing. Spend a week looking for complaints like this.
3rd Tuesday: download and deploy to test group.
4th Tuesday: Deploy to all systems.
Haven’t had an issue yet.
Seems to Mirror, somewhat, what we have been doing round here for years 🙂

4 users thanked author for this post.

OscarCP, fk5353, Karlston, Microfix

Reply | Quote

I am a single user, not on anybodies’ LAN or the administrator of anything that I cannot see by looking around me. But this is precisely my own approach, except that my “test group” is just me.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Steve, Demeter

Reply | Quote

Why would anyone go there without the Patch Lady’s ok?   Part of my System Admin Procedures now (I even tell the wife)

WM
--
Win7Pro SP1
new Dec 2011
rebuilt Jun 2016
& still going nicely

Reply | Quote

Win 7 Pro, SP1 x64, i7Core, Haswell, Group A. Patched through Dec. ’18 with the exception of KB4483187 and KB4471987 which I was hesitant to apply so didn’t. Update setting changed to “Never check” “the minute I see status change to DEFCON 2. Stand down fellow Win 7’ers.

Reply | Quote

“Network shares can no longer be achieved via SMBv2 in certain environments.”

I do not understand a word of this, but am making the wild guess that it means that a home user like me, with neither a PC connected to a LAN, nor the administrator of a LAN, has nothing to worry about here? Whether I’m correct or not about this, and because I see no immediate need for it, am in no hurry to install patches for at least another three weeks; by then I’ll have seen enough to act accordingly. Also, being Group B, I do not install rollups (except for .NET ones).

Group B, Windows 7 Pro, SP1, x64, I-7 quad “sandy bridge.”

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Luckily I caught this article today and was able to put a halt to my employer’s patching this coming weekend. I’ll never understand why they apply patches so quickly after release, but in any event, this article helped us avert ours (and our customers’) disaster, for the 7 and 2008 R2 boxes still out in the wild. We’re also holding off on 8.1 / 2012 / 2012 R2 patching as well. (Again, not sure why we don’t do this anyway, but – that’s above my pay grade.)

Reply | Quote

It’s just M$ trying to force all Windows 7 users to upgrade to Windows 10. Go figure.

Nah.  I mean, I get that it’s a fun conspiracy theory to bandy about, but Microsoft’s recent track record of sloppiness is affecting all supported versions of Windows.

How does that adage from the Jargon File go?  “Never attribute to malice that which can be adequately explained by stupidity.”

Reply | Quote

Two servers – 2008r2 on real hardware and 2008r2 on headless VirtualBox/Debian. After 44080970 – many errors 4625 “NULL SID”, “Invalid handle”

Reply | Quote

KB4480970 is also breaking Network Level Authentication. As with SMB, if the user trying to RDP into the machine is local and is an admin, an error occurs “The Local Security Authority cannot be contacted.” This also generates Event 4625 c0000008 on the target computer. You can still RDP using the real “Administrator” account since UAC is not active for that one. The fix is to use the policy to disable LocalAccountTokenFilterPolicy, as per https://support.microsoft.com/en-ca/help/951016/description-of-user-account-control-and-remote-restrictions-in-windows.

Reply | Quote

Oookay… so that then disables the User Account Control for pretty much all remoting…? And what effects will this then have on security in general?

I mean, sure we knew that UAC is far from perfect…

 

Oh well. Guess we’ll need to just give everyone who needs admin access a separate admin account and not delegate rights to the primary account, just as was always thought to be the better way technically but too difficult for many end users… ?

What this does is discourage all privilege separation especially in the Home versions of Windows, where it was officially Not A Problem(tm) that non-admins may not be able to log in.

Reply | Quote

Now you see the problems that arise when MS puts all of the patches into one.  If one assumes that one patch in 20 (for example) is going to have a problem or some sort (whether major or minor), and MS puts 20 patches into one mega-patch, then the probability that the mega-patch will have a problem approaches 100%.  I assume that there are no major security-related patches in this mega-patch.  If there were, then the user (or sysadmin) would have to decide whether to install the patch to get the security fix or non install it due to other problems.  I know about mega-patches from my previous work as an IBM mainframe system administrator involved with reviewing and installing patches.

I would like to install multiple patches each month – each one to fix a specific problem.  Then I could ignore patches that have problems while still getting the benefits of the other patches.

 

Reply | Quote

Its easier to diagnose and uninstall one rollup than 20 separate patches😒 It is also easier to read up on a single update in Master Patch List.

Group A (but Telemetry disabled Tasks and Registry)
1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

Reply | Quote

Yes, it is easier to uninstall one patch than to determine which one of a handful of patches is bad.  When you uninstall the mega-patch, you lose the benefits of all of the other patches, which MS has created to resolve problems.  And, I assume that even with my limited knowledge of the internals of Windows, I would be able to determine from the MS-supplied documentation which patch is causing the problem.  The only reason, as far as I can tell, that MS is bundling patches is because there are “spyware” patches that users were not installing, and MS wanted these patches installed.

2 users thanked author for this post.

Steve, Elly

Reply | Quote

Definitely the case with KB2952664 incorporated into the Monthly Rollup.

1 user thanked author for this post.

Elly

Reply | Quote

Thanks, the reg fix works!  I have linux, win xp, win 10 and one win 7 pc.  SMB was broken on all but now works normal!

Mrbeezer

Reply | Quote

Dont know what you mean by file sharing or networking. On my Win 7  systems i share files trough Homegroup and a didnt notice any problem.

Reply | Quote

As a result of this absolutely spectacular incompetence, we’re switching every single one of our clients’ computers from “update automatically” to “download and wait.”

 

Reply | Quote

I wouldn`t even check ‘Down load” and wait.  I would  check  the box ” Check for updates but let me choose whether to download and install them. “

Reply | Quote

Either that or better still, ‘never check for updates’ then
chime in to AskWoody for heads up on the situation 😉

If debian is good enough for NASA...

1 user thanked author for this post.

SueW

Reply | Quote

… or turn off update, use Belarc Advisor to check which updates you need for your computer and visit Patch Lady’s Master Patch List

Reply | Quote

Anon, Geo, Microfix, I like these ideas but for a company or clients how about setting Win 7 to update on Monday night or very early tuesday morning (your time) BEFORE the MS updates are released? This would give a week before install.

If updates could be told to update automatically the week before patch tuesday that would allow 3 weeks for it to settle.

Your ideas??

Reply | Quote

“Never check for Updates” works even better. That makes it totally manual and when you want it.

If you set it to “”Download and let me choose when to install” it will download, but the updates will be installed at the next shutdown/start or restart unless you take action to prevent it.

4 users thanked author for this post.

SueW, woody, Elly, ch100

Reply | Quote

Had a customer bit by this, their Quickbooks broke after the machine hosting the Quickbooks master file applied KB4480970 and rebooted Tuesday. Spent several hours researching the issue and found the answer in this thread.

Set all their machines to “Never Check for Updates” – at least those where Windows Update wasn’t already screwed up beyond repair.

Thanks MS!

 

Reply | Quote

I have a simple question.  I have a single Windows 7 Professional 32-bit system.  It does not contact any other computer via Windows.  Is it safe to install the patches?  Are there any reported problems with the monthly .NET mega-patch?

Reply | Quote

Wait to patch. MS-DECFON is at 2.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

We are on DEFCON2 which means we recommend waiting to patch until the DEFCON number is 3 or greater. We are reporting the problems as we hear about them, which doesn’t mean the list of issues we currently know about is complete. As far as I know, following the DEFCOM system has not put anyone’s PC in jeopardy. It has saved a lot of anguish in the past.

However, no one is obligated to follow the DEFCON system.

Reply | Quote

If you computer is a standalone that doesn’t interact with the internet or other computers in a local net and is working properly why patch at all?

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

woody

Reply | Quote

I never said that my machine did not connect to the Internet.  If that were the case, how could I patch it? What I meant is that the machine is not on a LAN and is not part of a Windows Work Group.

Reply | Quote

I am a secretary, not an IT pro at all!! There are 2 computers networked and because of the most recent MS update on the main admin computer, I can’t get into the QuickBooks software that runs the business. I’ve already tried to back out the update on the main terminal, it didn’t work. I’ve also tried going back a day, but the update wouldn’t allow it! I’m going out of my mind with the IT jargon here but trying to muddle through. If there is anyone out there who can help, I need the help!! 🙂

Reply | Quote

You could try using  the standalone installer to remove the updates.

Type ‘cmd’ in the search box

Right-click on it and choose run as administrator.

Enter the following

wusa /uninstall /kb:4480970 /quiet /norestart

After that completes enter

wusa /uninstall /kb:4480960/quiet /norestart

After that runs, restart the computer.

1 user thanked author for this post.

cesmart4125

Reply | Quote

The KB articles for both of the offensive patches have been updated with information on known issues along with purported fixes.

 

Look at the known issues section.

The issue with loss of the NIC in devices is only a workaround to fix.

The issue with Win 7 KMS activation looks to be fixed at the MS backend, with a link to an article about affected systems.

The issue with loss of share (and I think RDP) access to systems is fixed by a new patch.
https://support.microsoft.com/en-us/help/4487345

That last issue also says, “This does not affect domain accounts in the local “Administrators” group. ”

And then there is a tidbit about known issue concerning the Jet database which I had not seen mention of before now.

Regards,

 

Jim

Reply | Quote

I did a “search for updates”, and I do not see any new updates.  I would have expected MS to take these new, fixing patches and release them through Windows Update.  But maybe MS will not release them until the fixes are re-packaged into the existing two mega-patches.

Reply | Quote

bsfinkel wrote:

I never said that my machine did not connect to the Internet. If that were the case, how could I patch it? What I meant is that the machine is not on a LAN and is not part of a Windows Work Group.

You can patch by downloading the new patches from the Microsoft Update Catalog onto a USB Flash drive, sticking it into one of the USB ports on the non-connected computer(s), and executing it thereupon.
Lucidly, you have a connection to the World-Wide Web. So this is possible. It refutes your prime question.  At my abode, the Windows 7 Pro, x64 computer can only connect to the W-WW via v.92. So when Woody signals here it is OK to install patches, noticing the sizes of the patches being offered, this is the sensible way to do it. (I am not spending three hours out of a four-hour v.92 session downloading Windows patches. X-[)

Important links you can use, without the monetization pitch = https://pqrs-ltd.xyz/bookmark4.html

Reply | Quote

WildBill wrote:

I’ll wait for the Computerworld article, but the tinfoil-hat guy in my brain says this is just the beginning of a MS plot to irritate Windows 7 users monthly. Why? To upgrade to Win 10 whatever, of course! “See? Windows 7 is old & starting to break down. Don’t stay unprotected in 2020, upgrade to Windows 10 ASAP. It’s better now!” “No, we’ll still be rolling out new versions twice a year (more or less).” “Well, the monthly patches shouldn’t break every month. But if they do, we’ll fix them. Just like we have all along. We promise Windows 10 will be better. Upgrade Now… pleeease?“

Dagnabbit!  My tinfoil hat is telling me the same thing!  Amazing…..

"The exercise of curiosity requires a risk, a sacrifice--a commitment."
Malcolm Gladwell

Reply | Quote

There are two things with my computer that I do not understand.  I have not installed KB4481480 nor KB4480970 (per the recommendations of this forum).  But when I backed up my machine last Monday, I noticed that “manifest” files for these two mega-patches w2ere on my C-drive and backed up.  The c:\Windows\WindowsUpdate.log states that these two patches are “downloaded and ready for installation”.  Why does Windows Update pre-process these patches before I install them?

Yesterday my machine was running slowly; it had been 22 days since the last reboot.  I did a reboot, and when Windows 7 was operational, I noticed changes in the fonts used in the various application windows.  I have not researched what changed, and I have no idea what I could have installed or changed that would cause this.

And, additionally, as I did a “search for updates” to ensure that I had not yet installed the two mega-patches, I saw a new patch – “KB4481488 2019-01 Preview of Quality Rollup for .NET …”  One of the mega-patches  is a 2019-01 .NET patch.  Is this new patch really a 2019-02 (i.e., February) preview?  Why issue a preview patch for next month when there are problems with the January .NET patch?

Reply | Quote

What is your Windows update setting? If it is set to “Download Updates but let me decide when to install them,” Windows will download the patches and install them on the next reboot if you do not take steps to prevent it. We recommend setting Windows to “Never check for updates.” That way, you do the checking manually when you want to do so.

The “Preview” patches are UNCHECKED OPTIONALS. They are usually issued the week after Patch Tuesday (or later). We do not recommend installing unchecked patches.

Reply | Quote

“Download updates but let me choose whether to install them”.  I run MSE, and I want the MSE updates installed.  But, since MSE definition updates are auto-installed, I assume that these MSE patches are not controlled by this setting.

I know about preview patches.  I was questioning the designation “2019-01 Preview”, which refers to January.  But if this is the February preview for .NET, does it contain fixes for the problems introduced in the January .NET mega-patch?  If not, will this new patch be updated to do this before the February .NET mega-patch is released?

 

Reply | Quote

The “Preview” issued in the third week o the month is the “Preview” for that month, not the preview for the coming month, because it is titled by the month in which it is issued.

Reply | Quote

I have basic questions about Windows Update.  If we are still at MS-DEFCON 2 on Feb. 12, meaning that the January mega-patches have not been installed, will the January patches be included in the February patches? If so, will there fixes for the January problems in the February mega-patches?

Are the monthly mega-patches cumulative?  If so, would this make the patches huge?  And will Windows Update re-install the pieces that have already been installed?

1 user thanked author for this post.

Morty

Reply | Quote

The Patch Tuesday updates for all versions of Windows are Cumulative. That means January updates contain December’s patches, and November’s patches, and October’s patches…..

The February updates for Windows will be Cumulative. For Win7/8.1 the cumulative updates are large. They have been large for a long time.

Although we are at DEFCON2 for January patches, The December patches and everything before that do not fall under the January DEFCON rating. Once the previous patches have DEFCON approval (December and all before) they retain their rating. So even when we are at DEFCON2 for the January patches, all the earlier updates are not under DEFCON2 and are available to install given the caveats for each of them individually.

1 user thanked author for this post.

Morty

Reply | Quote

PKCano wrote:

For Win7/8.1 the cumulative updates are large. They have been large for a long time.  

Actually I wouldn’t say that, because in comparison… given how the Windows 10 cumulatives tend to grow pretty quickly after main release…

W10 1607 / Server 2016 cumulatives are up to ~1.4 GB by now. 1803 has almost caught up to 1709 too, both in the 800-900 MB range, while 1809’s is still just 122 MB…

KB4480970 for Windows 7 is a mere 240 MB and KB4480963 for 8.1 is ~365 MB. (All sizes for x64)

 

So yeah, it’s all relative. And yes, going with the delta packages for W10 makes a lot of sense… if you can maintain the sequence, like before rollups.

Reply | Quote

Comparing one version or Windows to another, one roll-up may be larger than another but that doesn’t make any of them small. The inclusion of unchanged previously installed patches makes all roll-ups unnecessarily bloated.

 

Reply | Quote

Anyone test KB4487345 yet? If all it does is disable LocalAccountTokenFilterPolicy then we are no better, the filter policy is a security measure, disabling it is unsatisfactory…

Reply | Quote

I have tested it and got nothing. After installing it ask for restart and I was hoping that that it will bring me out from this nightmare but I am there.

Reply | Quote

Well, I was going to test KB4487345, but did not need to. I had assumed the FEB patches would have the same networking issues as the JAN ones, but nope, FEB patches have been applied and no RDP/SHARE issues. I also checked the registry for LocalAccountTokenFilterPolicy and it’s not there. So why bother with JAN, the FEB are cumulative and do not have the issues 🙂

Reply | Quote