July 2019 Patch Tuesday has arrived

Topic

New Reply

There are 212 entries in the Windows Update Catalog for July. Two major issues affecting all versions of Windows have been addressed by Microsoft, alo
[See the full post at: July 2019 Patch Tuesday has arrived]

7 users thanked author for this post.

Chessie, Bluetrix, Myst, geekdom, Geo, abbodi86, Microfix

Reply | Quote

Replies

The 2019-07 Security-only Update and IE11 Cumulative Update have been added to AKB2000003  for Group B patchers (and anyone else who needs them).

NOTE: The links in AKB2000003 are direct download links to the MS Update Catalog.

A reminder for those still on Windows 7 and/or Server 2008: SHA-2 Code Signing also becomes mandatory in July. You will also need to download KB4474419 (the SHA-2 update) and the Servicing Stack KB4490628 if they have not been previously installed.

There is also a new Servicing Stack Update for Win 8.1 KB4504418

11 users thanked author for this post.

Chessie, WildBill, Myst, lanceboil, AJNorth, Geo, abbodi86, Hopper15, Lars220, fernlady, Microfix

Reply | Quote

I might be misreading things but the code signing support page seems to be saying that the SHA-2 code signing and servicing stack updates (KB4474419 & KB4490628) will be mandatory from august onwards not july. For windows 7 anyway. I just did an update check and i was offered the monthly rollups for july, i assumed if i didn’t have either of those updates installed then i wouldn’t be offered it. Currently i only have the servicing stack update installed.

Reply | Quote

Microsoft’s pages on SHA-2 say:

Any devices without SHA-2 support will not be offered Windows updates after July 2019.

It would seem making it required with the July patches is a better option than wondering why Windows Update doesn’t work in August.
Although there will be those that decide to wait and come begging for help when the August patching comes around and they have no updates.

3 users thanked author for this post.

walker, Chessie, abbodi86

Reply | Quote

Correction: SHA-2 Code Signing becomes mandatory for Windows Server 2008 this month. For Windows 7 and Windows Server 2008 it will be mandatory only next month.

https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

2 users thanked author for this post.

Chessie, T

Reply | Quote

Yes, this. I just read this comment but that’s my understanding of the situation.

Reply | Quote

Installed:

KB4507453 2019-07 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (OS Build 18362.239)

KB4506991 2019-07 Cumulative Update for .NET Framework 3.5, 4.8 for Windows 10 Version 1903 for x64

KB4509096 2019-07 Servicing Stack Update for Windows 10 Version 1903 for x64-based Systems

No issues.

1 user thanked author for this post.

rexr

Reply | Quote

So the trend of the “more secure” Windows 10’s with ~double security holes vs Windows 7 continues.

Reply | Quote

Naturally. Windows 7 is on life support. But they’re not holes once they’re filled.

Reply | Quote

[Alex5723]

b wrote:

But they’re not holes once they’re filled

They were holes until today and are holes until end of deferral days.

The fact remains. Windows 10 is less secure than Windows 7.

• This reply was modified 5 years, 9 months ago by Alex5723.

Reply | Quote

Alex5723 wrote:

They were holes until today and are holes until end of deferral days.

Both? The choice is ours.

Alex5723 wrote:

The fact remains. Windows 10 is less secure than Windows 7.

That’s no fact. You can’t judge security by the number of patches not issued for an OS which hasn’t been developed for 4.5 years.

Windows 10 vs Windows 7: Microsoft’s newer OS is almost ‘twice as secure’

2 users thanked author for this post.

Barry, Geo

Reply | Quote

You can judge security by the number of actual attacks that occur in the wild, as opposed to the speculative potential for theoretical attacks. On that basis both Windows 7 and 10 seem pretty reliable.

Some of that may be down to the protective measures applied by MS through updates, but the positive experience of those who abandoned those measures some time ago on Windows 7 suggests we shouldn’t apply too much credence to the importance of those measures – at least in respect of Windows 7 as there’s no corresponding experience to report on Windows 10 although there’s no reason to suppose it would be any different if there were.

2 users thanked author for this post.

Myst, Geo

Reply | Quote

Seff wrote:

You can judge security by the number of actual attacks that occur in the wild, as opposed to the speculative potential for theoretical attacks. On that basis both Windows 7 and 10 seem pretty reliable.

Devices that use Windows 10 are at least twice as secure as those running Windows 7

2019 WEBROOT THREAT REPORT

Reply | Quote

[warrenrumak]

Ehhh, you’re exaggerating.  Nearly 100% of the delta between this month’s Windows 7 and Windows 10 patch count is down to a single root issue.

The reality of what happened here is pretty interesting.  Windows 10 1709 included new support for OpenType Variable Fonts. This new standard allows for setting any arbitrary level of bold-ness, not just “bold” and “normal”.  Like this:

Adobe has an open-source library on GitHub for interpreting this new type of font.  Microsoft decided to incorporate this library into DirectWrite.  Google Project Zero investigated this library and discovered it does almost no error checking at all when loading these fonts from disk.  A rookie mistake — as we’ve come to expect from Adobe, if the number of Flash vulnerabilities over the years has been any indication.

Anyways, as a result, DirectWrite’s font loading inherited a lot of vulnerabilities caused by maliciously-crafted Adobe OpenType font files.  According to Google, the vulnerability can only be exploited when someone tries to print a file containing a malicious OpenType font file via Edge, or by using “Microsoft Print to PDF”.  Just looking at it in the browser is apparently safe.

Because exploiting the vulnerability requires printing a document from unproven origin, it’s been rated as a low security threat.

So, yes, sure, Windows 7 doesn’t have those vulnerabilities…. but that’s ONLY because it is 9 years behind in its font standards support!

• This reply was modified 5 years, 9 months ago by warrenrumak.
• This reply was modified 5 years, 9 months ago by warrenrumak.

1 user thanked author for this post.

b

Reply | Quote

Boring month so far

i wonder why no Flash updates yet

1 user thanked author for this post.

WildBill

Reply | Quote

abbodi86 wrote:

Boring month so far

i wonder why no Flash updates yet

Adobe Flash Player 32.0.0.223 is out for IE11 and Firefox…

2 users thanked author for this post.

WildBill, Geo

Reply | Quote

yes, and adobe released flash updates today!
Adobe Flash Player 32.0.0.223 but none from MS for W8/W10..strange

July 9, 2019
In today’s scheduled release, we’ve updated Flash Player with important bug fixes.

from: https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html

Windows - commercial by definition and now function...

1 user thanked author for this post.

Geo

Reply | Quote

because these new Flash updates are non-security updates and do not address any new security issues

MS may release the Win8.x & Win10 versions of Flash 32.0.0.223 between Wed. and Fri (or whenever they’re ready this week)

3 users thanked author for this post.

Microfix, abbodi86, PKCano

Reply | Quote

I see

so would get rid of KB4462930, in favor of new one
hopefully they don’t forget to supersede it next month 😀

Reply | Quote

that may only apply to the Win8.1 version of KB4462930, abbodi.

The Win10 versions of KB4462930 (as well as the Win8 embedded/server 2012 r0 version) are properly superseded by newer flash updates and attempting to install KB4462930 produces “not applicable” message when newer flash updates were installed.

Reply | Quote

I’m pretty sure 9200 builds have the same issue
yes, Win 10 don’t have the issue because the update is declared superseded via CBS (flash component version didn’t change like Win 8.1)

nevertheless, this does not change the fact that this update should be added to Flash supersedence chain, or expired
just check the details for any OS, the update is rogue without any relation
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4462930

Reply | Quote

[EP]

NO abbodi86!

I manually ran the Win8.0 version of KB4462930 on a Win8.0 Pro 9200 machine while it had a newer flash update already installed like KB4503308 and the KB4462930 patch told me that “the update is not applicable to your computer.” I’ve done a test on this to confirm that (at least that occurred with Win8.0 Home/Pro/Enterprise – don’t know if the result will be the same on Win8 embedded or Server 2012) – so 4462930 on Win8.0 IS properly superseded by newer flash updates

• This reply was modified 5 years, 8 months ago by EP.
• This reply was modified 5 years, 8 months ago by EP.

1 user thanked author for this post.

abbodi86

Reply | Quote

[EP]

and I have recently gotten proof of this

double-clicking on the KB4462930 MSU W8.0 file when a Nov. 2018 (KB4467694) or higher flash update is installed (recent one of course is KB4503308 from Jun. 2019), results in this under Win8.0:

therefore KB4462930 under Win8.0 is truly superseded by newer flash updates, unless you can prove otherwise and do actual testing on a Win8.0 machine, abbodi.

• This reply was modified 5 years, 8 months ago by EP.
• This reply was modified 5 years, 8 months ago by EP.
• This reply was modified 5 years, 8 months ago by EP.

Reply | Quote

Beta Test Report Windows 7 x64 Updates

– Windows Malicious Software Removal Tool x64 – July 2019 (KB890830)
– Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4507420)

Both updates installed without error and the system rebooted without error.

Checked again for updates.

– July 2019 Security Monthly Quality Rollup Windows7 x64 (KB4507449)

This update installed without error and the system rebooted without error.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

7 users thanked author for this post.

jburk07, wEarwOlf505cole, JohnH, Myst, AJNorth, fernlady, Geo

Reply | Quote

Installed all available updates for WIN10 V1903. No apparent problems.

Barry
Windows 11 v23H2

2 users thanked author for this post.

rexr, Microfix

Reply | Quote

Monthly Rollup for Windows 8.1 (KB4507448) also required two restarts to complete on my machine, no issues

according to CBS.log, this seem to be related to updated IE11 product policy
C:\Windows\System32\spp\tokens\ppdlic\Microsoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms

2 users thanked author for this post.

Microfix, PKCano

Reply | Quote

July 16, Preview Rollup KB4507463 also required two restarts, 3rd rollup on a row

do other Windows 8.1 users have same experience? or my system have something different? 🙂
i have no Event log error or issues though

Reply | Quote

I did encounter a double restart for KB4507448 but don’t do previews unless they fix something that’s busted from patch tuesday’s offerings that affect our systems.

more info on this preview:
https://support.microsoft.com/en-us/help/4507463/july-16-2019-kb4507463-os-build-preview-of-monthly-rollup

Abbodii86: have you checked for/noticed any changes in the task scheduler after installing the preview?

Windows - commercial by definition and now function...

1 user thanked author for this post.

abbodi86

Reply | Quote

You mean Application Experience tasks? they only got enabled after Security Rollup KB4507448

1 user thanked author for this post.

Microfix

Reply | Quote

Abbodi, I’m curious..and perhaps using an old apple slogan ‘think different’
Is there anything to gain/lose by flipped patching..no SMQR (Group A) on patch tuesday, just dotnet/flash etc.. then install the preview a week later on W8.1.? Theoretically, the patch tuesday SMQR should have burning issues fixed in the preview as well as introductory fixes. Pros and cons going in this direction?

Windows - commercial by definition and now function...

1 user thanked author for this post.

geekdom

Reply | Quote

That’s actually very reliable route

non-security rollups rarely introduce show-stopper bugs, and they mostly fix security updates bugs

2 users thanked author for this post.

geekdom, Microfix

Reply | Quote

I had two restarts with July patches on my Win8.1 as well. One after KB4507448, and one after the SSU KB4504418 which came down after the CU/reboot. The second was not required but I did it anyway.

2 users thanked author for this post.

walker, abbodi86

Reply | Quote

b wrote:

Installed:

KB4507453 2019-07 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (OS Build 18362.239)

KB4506991 2019-07 Cumulative Update for .NET Framework 3.5, 4.8 for Windows 10 Version 1903 for x64

KB4509096 2019-07 Servicing Stack Update for Windows 10 Version 1903 for x64-based Systems

No issues.

1903 was Same for me; Install time drags but no issue. WU inst’d SSU as I didn’t see it until -b- posted and I looked.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

Warning for group B Windows 7 users!

The “July 9, 2019—KB4507456 (Security-only update)” is NOT “security-only” update.

It replaces infamous KB2952664 and contains telemetry. Some details can be found in  file information for update 4507456 (keywords: “telemetry”, “diagtrack” and “appraiser”) and under http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=7cdee6a8-6f30-423e-b02c-3453e14e3a6e (in “Package details”->”This update replaces the following updates” and there is KB2952664 listed).

It doesn’t apply for IA-64-based systems, but applies both x64 and x86-based systems.

 

10 users thanked author for this post.

owdrtn, jburk07, JohnH, AJNorth, woody, Microfix, abbodi86, Bluetrix, OscarCP, PKCano

Reply | Quote

Twisted move 😀

2 users thanked author for this post.

PKCano, woody

Reply | Quote

So should this update be skipped or installed? This appears to pose a dilemma, at least right now. I hope that some weeks from now, by the time we are closer to a green DEFCON, this has been sorted out.

Group B, Windows 7, SP1, x64, with I-7 “sandy bridge” four cores CPU.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[abbodi86]

Disabling (or deleting) these schedule tasks after installation (before reboot) should be enough to turn off the appraiser

\Microsoft\Windows\Application Experience\ProgramDataUpdater
\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
\Microsoft\Windows\Application Experience\AitAgent

but it’s best to wait next month to see if the SO update comes clean

• This reply was modified 5 years, 9 months ago by abbodi86.

6 users thanked author for this post.

jburk07, PKCano, Microfix, AJNorth, woody, OscarCP

Reply | Quote

For those who use the ‘Group B’ (Security Only /SO) method of patching, @abbodi86 has previously posted a great checklist and walkthrough in:
AKB2000012 – Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model
looks like this is applicable to both SMQR and SO patching groups henceforth..

Windows - commercial by definition and now function...

5 users thanked author for this post.

Fritz, jburk07, geekdom, AJNorth, woody

Reply | Quote

Rotten. So guess this falls under don’t install, but also assume that all that will come after it will be the same, so then what?

— Cavalary

1 user thanked author for this post.

woody

Reply | Quote

Anonymous: “… so then what?”

My guess would be to follow abbodi86’s advice ( #1872928  ). If those “Experience” services one would disable accordingly, came back as active during the next install, then the procedure would have to be repeated. Tedious, yes, but this is a tedious issue, so the solution would fit the problem.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Seriously,  i wonder if this is the end of Group B as we know it.

1 user thanked author for this post.

geekdom

Reply | Quote

OK, that’s a worry on the basis that I have seen the monthly rollup (KB4507449) described as “the same as” the security-only version, KB4507456. Does this suggest KB4507449 is also likely to carry the telemetry payload?

Reply | Quote

The monthly rollup had been carrying already
the “Unified Telemetry Client” since since October 2016 preview rollup, and the “Compatibility Appraiser” since September 2018 preview rollup

security-only update KB4507456 only have the second payload (Appraiser)

1 user thanked author for this post.

PKCano

Reply | Quote

The Rollups have had KB2952664 functionality rolled into them since Sept. or Oct 2018. It’s nothing new for the Monthly Rollups.

Reply | Quote

How do we know if our WSUS has SHA-2 support? Would the rollups have included it?

Reply | Quote

If you are using Win7 or one of the Server 2008s, you need the to check that the SHA-2 and SSU  patches mentioned in the above article are installed or included in WSUS,

Reply | Quote

Rather than waiting until the end of the month like I usually do, I went ahead and updated 3 X64 Win 7 systems: two Ultimate and one Home Premium.

No problems noted – other than MS re-installing the Win 10 comparability stuff (eg: compattel).  I anticipated this, so I confirmed the Application Experience tasks were as I had them set: disabled.  I checked again before rebooting after the install: yep, still disabled.  But, after the reboot I found them enabled again, so I had to disable them yet again.  Sheesh.

One thing I noted is win32\compattelrunner.exe is indeed a new version and a slightly larger file size than the previous version (which was installed in Jan 2019).  So this tells me MS is still actively developing code for automatically assessing Win 10 compatibility of Win 7 (or 8.1) systems.   They REALLY want this service running on all Win 7/8.1 systems.

I can’t help but think this is in preparation for a “Last Chance To Get Win 10 Free” campaign.  But, to me, this is so silly.  My Win 7 systems are all 6+ years old and not really worth upgrading them to 10.  I’m going to replace the systems in the next 12-24 months & when I do THAT’S when I’ll put Win 10 on some/all of them.

I just wish MS would just implement a simple one time pop-up that asks:

“Hey, we’ve been inspecting every last bit of your system (every time you boot) and noticed it’s pretty old.  It’s probably not ideal for Win 10.  Select one of these: 1) I plan to replace this system with new suitable hardware & install Win 10 on it.  2) I don’t intend to install Win 10 on this old system.   3) Yep, I plan to attempt installing Win 10 on this antique.”

For responses 1 & 2, there’s no need for MS to bother constantly scanning your system over and over and over again for potential Win 10 compatibility.

I’m half serious here, but I can imagine calculating the amount of power being wasted by compattelrunner.exe unnecessarily loading up the millions of Win 7/8 systems every time it runs.  A few watts per system – multiplied by millions – probably adds up to a pretty big number…

 

3 users thanked author for this post.

jburk07, bifido, abbodi86

Reply | Quote

[Geoff King]

On one machine, .Net Framework failed to install with the comment Retry.

Wonder if that’s a sneaky way for Microsoft to make you a ” Seeker ” !

• This reply was modified 5 years, 9 months ago by Geoff King.

Reply | Quote

Call me a knowledgeable user, not an expert by any means, but what I don’t get is why a non-security Office 2016 update of 248.4MB is needed to fix what seems a remarkably straightforward issue (see uploaded screen grab). In fact, it seems that almost every month there is an Office 2016 patch that exceeds 200MB. The fact that I’m even posing this issue demonstrates how comprehensively MS has shattered my confidence over the years by including sneaky s*** (that’s the tech term, right?) in the update channel.

MVP Edit: please refrain from posting bad language as per lounge rules.

Reply | Quote

1- Since Office 2013 SP1, Office 2013 and Office 2016 patches are cumulative and multilingual

that’s why the size is big, and gets bigger (because it cover more and more different-version binaris)

2- Traditional MSI technology don’t support delta-express delivery mechanism, so you are committed to download and install the whole patch

3- Microsoft had forsaken MSI technology in the favor of Click To Run
that’s why there will be no more Service Packs

3 users thanked author for this post.

jburk07, Lugh, Sueska

Reply | Quote

abbodi86 wrote:

1- Since Office 2013 SP1, Office 2013 and Office 2016 patches are cumulative and multilingual

that’s why the size is big, and gets bigger (because it cover more and more different-version binaris)

… and this kind of thing really isn’t sustainable in the long term.

Oh well, product management choice at MS to do it that way instead of one of the better ways.

Reply | Quote

Got some messages, that cumulative Update KB4507453 for Windows 10 V1903 is causing a reboot loop – the user receives a notification, the the machine need to reboot in times, if it isn’t in use, to sucessful install this update. But this notification is indefinitely.

One user has cured it with shutting down the machine via start menu command and was able to solve that issue. Don’t know, how widespread this issue is (I found a hand full German users affected)

German article: Windows 10 V1903: Update KB4507453 mit Reboot-Schleife

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

2 users thanked author for this post.

Sueska, geekdom

Reply | Quote

Vista 32 (aka, x86 Architecture. Windows Server 2008 ), W7 Starter 32, W7 64. Updated. OK !

Reply | Quote

KB4504418 service stack update for Windows 8.1 showed up after all of the July updates were installed. When I went to install the service stack update it said I needed to be administrator to install, which I already am. I’ve never had this issue before – don’t remember installing service stack updated previously either though. I did successfully install manually through the Microsoft website.

Reply | Quote

Servicing Stack Updates have to be installed exclusively (by themselves). They will not show up in the update queue as long as there is any pending update (checked or unchecked). So that’s why it showed up after you installed everything else. Because the update queue is often never emptied completely, some people miss the SSUs completely.

BTW Win8.1 hasn’t had a new Servicing Stack update in a long time.

Reply | Quote

Thank you for the information – I really appreciate it. Any idea on why Windows Update would not let me install stating I need to be an Administrator even when I already am an Administrator? I’ve never had this issue previously. Just previous to trying to install the servicing stack I was able to successfully update all the other July updates in Windows Update.

Wondering if I need to run DISM RestoreHealth or Scannow (haven’t had any other issues though) or maybe the issue with KB4504418 is on Microsoft’s end (haven’t seen anything else about this online).

Thank you again for your help.

Reply | Quote

Running the troubleshooters can’t hurt anything.

I installed the SSU through Windows update with no problem. Who knows?

Reply | Quote

I did run the Windows Update troubleshooter but it didn’t fix the issue. Hopefully it won’t be an ongoing issue and was only isolated to this one SSU. Thanks.

Reply | Quote

Do you have secure boot enabled? maybe Bitlocker?
because the new SSU is ment to fix issue related to that combination

Reply | Quote

I haven’t touched those settings at all – so they are whatever they were at default. I was able to install the update manually via Microsoft Catalog. Windows Update just wouldn’t install it saying I needed to be an Administrator which I am – so very confused by that.

Reply | Quote

@PKCano:  I have encountered an update that I have been unable to find in “hidden updates” (as that sometimes occurs).  It was  referenced in a group of updates otherwise noted from April, and installed at that time.  Those are KB 4474419 and KB4490648.   The one which I have not been able to locate (this happens sometimes when attempting to find “hidden patches”) is KB 4484071

The one I cannot locate (as being installed or hidden) is:  KB 4484071.  Do you have any information on that one?

I also noted that a KB 4503392 showing a JULY date was installed on July 7th.   I do not recall ever installing that one.  Also I cannot locate any information on that one.  It seems to be getting “crazier and crazier”.     Thank you for any information you may be able to provide.  Your assistance, as always, is most sincerely appreciated.

 

Reply | Quote

[PKCano]

KB4484071 is for Windows Server 2008 – not for you
I do not have the information on the other one at the moment

Update: If the second patch is KB4503292 (instead of 392), that is the June Rollup for Win7, and you should have it installed.

• This reply was modified 5 years, 9 months ago by PKCano.

Reply | Quote

@PKCano:  Thank you so much PK!  You are a “miracle worker” when it comes to finding out “everything there is to know”.    At least I can put that one to rest, and that helps considerably, as I like to keep everything “up to date” as much as possible.

Know how busy you must be fielding all of the questions which are thrown at you so rapidly.  My admiration for your abilities continues to increase “ad finitum”.    Once again, “Thank you so very, very much”.

Reply | Quote

@PKCano:  My most sincere apology.  The KB  number IS, as you noted, KB4503292.  I made a typo.   You are CORRECT, and it is a June update.   Installed in July as one of the June updates.  I am having more and more problems with my vision, and will strive to not make such an error again.

THANK YOU, THANK YOU, THANK YOU!!!

Reply | Quote

[Geo]

Group A,  Win 7X64,  Home Premium,  security essentials,  AMD.  Took the roll up and removal tool.  said Net Framework not needed.   Everything OK, no slow down.  Only used for email,internet and printing.

• This reply was modified 5 years, 9 months ago by Geo.

1 user thanked author for this post.

jburk07

Reply | Quote

Windows 7 x64 Home Premium Group A.

All of this month’s updates installed successfully followed by a successful reboot. However, I experienced severe issues the first time that I started my computer after the successful reboot and shutdown. I am hoping that someone may be able to offer guidance.

On this next startup, I received a SYSTEM EVENT NOTIFICATION SERVICE error. Visually, the taskbar graphics no longer appeared in their usual aero theme. Out of desperation, I ran the command NETSH WINSOCK RESET from an elevated command prompt. I had difficulties rebooting my computer after successfully running that command as EXPLORER.EXE would not terminate neither on its own nor when I clicked on the button to force the termination of that process. After a hard shutdown and going through the same process a couple of times, I was able to reboot my computer and, as far as I can tell, the SENS message/error disappeared and my taskbar graphics reverted back to normal.

I have no idea if my running the NETSH WINSOCK RESET command resolved the problem or whether the errors went away fortuitously after executing a few reboots. I also don’t know if what I experienced was related to the Event Viewer issues that this month’s rollup was designed to fix. For the record, I experienced no issues with the June rollup nor did I install the subsequent preview rollup. I never use the Event Viewer and therefore never had experienced any issues pertaining to Custom Views.

If anyone understands what causes these SENS errors in the first place and can suggest a better way to avoid/resolve such issues in the future, I would be most appreciative.

1 user thanked author for this post.

jburk07

Reply | Quote

about KB4507456 security-only update containing the telemetry stuff from KB2952664 – now it’s being mentioned on Softpedia news:

https://news.softpedia.com/news/microsoft-hides-telemetry-features-in-security-only-update-for-windows-7-526691.shtml

1 user thanked author for this post.

Microfix

Reply | Quote

Well, it’s Patch Tuesday +2 and no mention of the 2010 Excel/Office/Outlook patches for Windows 7 x64. They are KB4464572, KB4462224, and KB4475509, respectively. With only six months left for Window 7 support, I am taking all updates MS wants to give me. I envision a crunch at midnight on January 20, 2020. I want to be up-to-date when Windows 7 goes silent so I can continue to use it.

I have read all the doom and gloom warnings, but I have free Norton provided by Concast so I don’t think I have anything to worry about. I have gotten all the latest HP drivers for my HP Compaq 6005 Pro SFF. It has an AMD Athlon II X2 B24 3.00 GHz processor with 4GB of RAM. I feel hackers will turn their focus to the dominant OS as they have done in the past. I believe Vista and 7 can be used until the machines give out.

Appreciate any feedback on my assertions and helps to keep Windows 7 viable for years to come. Thanks, Lefty.

 

Reply | Quote

These 3 Office-updates require the release version of Service Pack 2 for Office 2010 installed on the computer. https://support.microsoft.com/en-us/help/2687455/description-of-office-2010-service-pack-2. Maybe you do not have that SP?

Reply | Quote

Thanks Nony. Although I do not have SP1 or SP2 for Office 2010, all three of these patches installed successfully. I have tried to install both service packs, but they won’t install. Apparently I don’t need the SPs.

Still looking for tips and tricks to keep Windows 7 running until my rig gives out. Anyone have any ideas? Thanks, Lefty.

 

Reply | Quote

We have a Forum specifically for that:
Win7 beyond end-of-life.

Reply | Quote

Its Friday after Patch Tuesday and I don’t see any warning posts! Does this mean Microsoft actually got it right this month?

Reply | Quote

What it means is there has not been enough time to tell yet. And it all depends on which version of Windows you are referring to. There have been some black screen hangs reported on v1903. And there has been telemetry added to Win7 Security-only updates. These among others.

We are on DEFCON 2, which means wait and let someone else be the Guinea pig.

1 user thanked author for this post.

walker

Reply | Quote

note to woody and Susan: Microsoft now says that the external USB device or memory card (SD) problems for 1903 are fixed as noted on these pages:

https://docs.microsoft.com/en-us/windows/release-information/resolved-issues-windows-10-1903

https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903

3 users thanked author for this post.

John, Microfix, b

Reply | Quote

EP wrote:

note to woody and Susan: Microsoft now says that the external USB device or memory card (SD) problems for 1903 are fixed as noted on these pages:

https://docs.microsoft.com/en-us/windows/release-information/resolved-issues-windows-10-1903

https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903

Microsoft has lifted 3 blocks in 1903 :

Systems with external USB devices and memory cards are no longer blocked from installing Windows 10 version 1903.
The Dolby Atmos and Dolby Access issue is resolved.
The Dynabook Smartphone link app issue is resolved.

But added new bugs :

Constant loop of ‘restart’ notice after installing KB4507453
Back screen in Remote Desktop Protocol windows.

Reply | Quote

Alex5723 wrote:

But added new bugs :

Constant loop of ‘restart’ notice after installing KB4507453
Back screen in Remote Desktop Protocol windows.

Where are those two documented please?

I don’t see either at https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903 or https://support.microsoft.com/en-us/help/4507453

Reply | Quote

I see the RDP black screen now at https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903#534msgdesc

Where’s the restart loop?

Reply | Quote

b wrote:

I see the RDP black screen now at https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903#534msgdesc

Where’s the restart loop?

Microsoft has not acknowledged the issue yet :

https://borncity.com/win/2019/07/11/windows-10-v1903-update-kb4507453-causes-reboot-notification-loop/

1 user thanked author for this post.

b

Reply | Quote

Guenni over at borncity reports :

A brief warning for administrators using Windows Server 2012 to deploy via SCCM. The June 2019 update KB4503276 causes trouble because it prevents PXE booting (WDS). Microsoft has now confirmed the problem…

Windows - commercial by definition and now function...

Reply | Quote

KB4504418 bug:  Causes Windows 8.1 computer to no longer be able to print to Word or Outlook.  This problem occurred in our case with Office 2016, but it may affect other versions, and other Office programs.  After MUCH troubleshooting, the fix was to remove and hide that patch.  Printing then started working immediately.

1 user thanked author for this post.

Microfix

Reply | Quote

Welcome to askwoody!
interesting..thanks for the feedback and glad you got the issue sorted.

Windows - commercial by definition and now function...

Reply | Quote

Windows 7 x64 Pro, “Group B” (I guess), with security-only Windows updates, on an old ThinkPad T510 with integrated graphics and Internet Explorer “turned off” in Programs and Features.

I stopped using Windows Update around October 2016 and have been using WSUS Offline Update since January 2017 to install security-only Windows updates (along with updates to C++, .NET, Silverlight, Remote Desktop, and Defender). It’s been working pretty well. Belarc Advisor routinely gives me a clean bill of health afterwards, and WPD [Windows Privacy Dashboard] catches and disables any telemetry Microsoft sneaks in (which, if you’ve read earlier comments and other posts on this site, you’ll know they in fact did this month — the second time I’ve caught them at it).

Anyway, this month I updated a bit earlier than I normally do, because I’d read reports that at least one vulnerability was already being exploited in the wild. (Ditto for last month or the month before, because of the new WannCry/Petya/NotPetya-type worm scare.) Normally I wait several days to a week after each Patch Tuesday for major bugs to shake out and get reported on the Net, but I shorten that to two or three days when something scary is out there. I’m a little more cautious about security vulnerabilities and a little less cautious about buggy updates than Woody seems to be, maybe because I always have a fresh pre-update clone drive to fall back on, but I still never update immediately.

All seemed to be well after I installed this month’s updates, at least initially, but later in the day, I got a BSOD — something I think has happened only once, possibly twice before on this particular computer. I ran Startup Repair and for good measure threw in a system file check (no integrity violations found), a disk check (no file system problems found), and a memory diagnostic (no memory problems found). Anyway, the computer rebooted okay more than once and has been running okay for several hours since then … knock on wood.

I pulled up the minidump file for the BSOD in Nirsoft’s BlueScreenView utility (because who wants to wade through Windows 7’s Event Viewer?). Apparently, the blue screen was the result of a DRIVER_IRQL_NOT_LESS_OR_EQUAL error caused by NETw5s64.sys (the Intel® Wireless WiFi Link Driver). Intel’s Driver & Support Assistant says all of my Intel software/drivers are up to date, and … that just about exhausts my computer-diagnostics-and-repair-fu. Was the blue screen a random fluke? Should I manually reinstall my Intel WiFi drivers? Or is one of the new Windows updates doing something … “untoward”?

Time will tell, and if one of the updates does turn out to be problematic, I can just swap in a pre-update clone of my system drive. I’ve been maintaining pre-update clones of my system drive (and syncing my data files and select configuration files to them in close to real time) since the early days of Windows XP. With XP, I was more concerned about catastrophic hard-drive failures — and with good reason, having experienced the IBM “DeathStar” and WD “Click of Death” debacles first-hand, more than once. (Hey! They were highly rated drives, and I got a bunch of them before anyone knew of the risk!) With 7, it’s borkogenic updates I’m worried about, especially since roughly spring of 2015. Nothing beats being able to swap in an unborked system drive that’s mostly up to date (apart from Windows and applications) and being able to continue computing on your merry way.

Anyway, I’ll be curious to see whether any other reports of post-update blue screens make their way to the Web … and, of course, curious to see whether I blue-screen again.

1 user thanked author for this post.

jburk07

Reply | Quote

I installed KB4507453 on Tuesday successfully, but now Windows Update wants to install it again for some reason.

 

Reply | Quote

There have been several reports of this. Go ahead and let it install again.

Reply | Quote

KB4507453 installed on 7/13, after having been installed on 7/9.  Windows 10.  No issues.

1 user thanked author for this post.

woody

Reply | Quote

Can confirm BSOD on restart with AVG free and Win 7 Pro. Installed the two or three updates seconds after they appeared two days ago. Lenovo W541. Also BSOD on startup in Safe Mode. Also fail in “last known good configuration”. ALL restore points missing! Had to reinstall Windows. Two days lost reinstalling all programs, files and settings from backup.

2 users thanked author for this post.

jburk07, woody

Reply | Quote

Did you install security-only updates, or “quality and security” updates?

Reply | Quote

Windows 10 1809 with metered connection and WD here. I chose to install July updates before they were foisted on me 🙂 All went well except that cumulative update KB4507469 downloaded very slowly and then failed to install. Windows automatically retried it; it took about 20 min. to install that time but was successful. After two reboots, no problems observed so far.

Windows 10 Home 64-bit

Reply | Quote

For those of you using @abbodi86 ‘s script to manage telemetry in Win7/8.1, please note that the script has been modified. Please download a fresh copy from AKB2000012.

2 users thanked author for this post.

AJNorth, Microfix

Reply | Quote

@PKCano:   When I click on the “latest update”, I cannot locate the latest version.   I hope you can direct me to the correct website so I can access it.   This is the what I am seeing, however unable to access it.    It says “Please download a fresh copy from AKB2000012

I don’t know where to locate it.   My apologies for being unable to find it.Your help would be very much appreciated, as always.    Thank you.

Reply | Quote

In AKB2000012, the script can be downloaded from the indicated link.

Reply | Quote

@PKCano:  I am way over my head with what this action involves.  I only have the updates which are indicated for Win 7, x64, (Win Premium) Group A.  I don’t have most or none, of the other items which are referenced in the dialogue so it appears that this is something which I may not need.   Thank you for the information you have provided, although I am unable to use it.   You are such an advanced expert with computers, it is amazing, as well as admirable.    Thank you for taking the time to send the information.   I sincerely appreciate all of the work, and assistance you provide for all of the members of Woody’s.    Thank you once again for all of the help you have provided for us.

Reply | Quote

Help……In my Win 7 64 “Windows Update History” KB4507420 shows as installed 21 times since Tuesday….however in the “Uninstall an Update” window it is not present. And now my laptop….an Acer 7750G-9823….a pretty ballsy machine despite it’s age with dual SSD and 4 RAM slots with 8g good memory in each slot…..now in 2 days this laptop is running like it’s feet are stuck in a tar pit.

Any reports of problems with this past Tuesday’s July NET Framework roll up? How do I remove those 21 reported instances of successful install of KB4507420 if in fact it isn’t appearing in the “Uninstall an Update” feature designed to remove whacked out updates?

Reply | Quote

Does the History say “Succeeded” or “Failed”? It the latter, nothing will show up in the installed updates as installed.

+ Set Windows Update to “Never check for updates”
+ If KB4507420 is in the queue, right click on it and choose “Hide”
+ If it is not in the queue, click “Check for updates” and then hide it.
+ Look again under “View installed updates” (lower left in Windows Update) to see if the individual updates in the Rollup bundle are installed (KB4507004 for .Net 3.5.1, KB4507001 for .Net 4.5.2, KB4506997 for .Net 4.6, KB4506994 for .Net 4.8). You won’t find the Rollup’s KB number in the installed updates.
+ Reset Windows Update to check for updates at whatever setting it was originally.

1 user thanked author for this post.

walker

Reply | Quote

after this update my photoshop 7 dont want to start!!

 

it install even in my update is set to no update!@!#@!#$!#@

Reply | Quote

Win 10 1803 64 bit.  Applied July cumulative update KB4507435, stable for 3 days.

Reply | Quote

KB4507435 update for 1803 has been superseded by KB4507466 in late July

and it looks like the .223 flash updates will not be issued for Win8/8.1 & Win10 as MS will completely skip that version

Reply | Quote

Reporting in:

Dell XPS15 with Win 10 Home v1809 and a metered connection.

I have been away, so switched on and allowed Update to work.

8 various updates came down the pipe along with a large Office 2016 update.

That took just over an hour.

All seemed well until I ran DISM //scanhealth which tells me that the corruption is repairable, and then SFC which reports corruption.

Oh well!

Reply | Quote

There is a recent known MS issue affecting SFC /SCANNOW, look elsewhere on Askwoody site for details.  No target date for MS to fix this.

Reply | Quote