Blue screens, bungled releases, stealthy NET upgrades, CRM blocks and complex manual fixes. It’s shaping up to be one hell of a patch-encumbered month
[See the full post at: MS-DEFCON 1: Patches failing at a phenomenal rate]
![]() |
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
MS-DEFCON 1: Patches failing at a phenomenal rate
Home » Forums » Newsletter and Homepage topics » MS-DEFCON 1: Patches failing at a phenomenal rate
- This topic has 118 replies, 42 voices, and was last updated 7 years, 6 months ago.
AuthorTopicViewing 45 reply threadsAuthorReplies-
anonymous
Guest -
anonymous
Guest -
woody
Manager
-
JNP
AskWoody LoungerOctober 12, 2017 at 10:28 am #136889Well, I’m a life-long Cubs fan, so I am a certified masochist. Still, I haven’t applied the patches. More to the point, it seems very clear that, in particular, Win 10 is actually a Rube Goldberg machine, which MS seems to then apply a new Rube Goldberg machine to when the previous Rube Goldberg machine doesn’t work. I think it was either Ch100 or Noel, who once commented that, in the past, it has taken a while for a new MS OS to stabilize. I think that observation is true, although I didn’t have the problems with Vista others did and I found Win 7 stable from the get-go. In any event, we’re deep enough into this to see there is likely no way out for MS and Win 10 now. Again, Ch100 and Noel know more about this stuff than I, but with this track record of not fixing things, and often times making matters worse, to ultimately really fix this seems to me to be nearly impossible.
What’s next for MS is unclear, but they’d be completely shortsighted, at this point, to end support for Win 7 in 2020.
8 users thanked author for this post.
Geo
AskWoody PlusCraigS26
AskWoody PlusOctober 12, 2017 at 10:48 am #136895Group A Win 7X64, Home Prenium, Office 10. I installed the following. KB4043766,KB404681,MSRTx64: Kb890830,Office 10: KB2553338. So far no problems.
Almost the same – Grp A W7-64 – as Geo: (6) Importants: KB4041681 Rollup; MSRT; (2) ’10 OFCE; ’10 Outlook (Not Inst’d); (1) ’10 WORD; (1) ’10 EXCEL;
(1) Recommended: KB4043766 Net Framewk
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0
-
Bill C.
AskWoody PlusOctober 13, 2017 at 1:23 pm #137230Group B, win7Pro-64_SP1. I installed all of the MSOffice 2010 patches, the MSRT, and the October .NET rollup. No issues on either the Lenovo laptop or the Intel i7 desktop. All went well and no issues after testing. In my WU, the Outlook 2010 patch was checked this month, unlike the past months.
I did NOT try importing an XLS file into another document. That was forbidden at work and I never did it at home either (have no need). I will try it after I do the group B patches. I have not yet installed the October Group B Security only IE or Security Only Win7-64 patches.
I have said never Win10, but this month has solidified it unlike any past months. I was going to update the organizational Win10 laptop, but I will just create my own LTSC (LTSB) by never connecting to the web. There is no need for that device to connect, and it is still working well. Maybe that strategy will be Long Term Servicing Celibacy… 🙂 No catching any patch sicknesses.
b
AskWoody_MVP-
BobbyB
AskWoody Lounger
Cybertooth
AskWoody PlusOctober 12, 2017 at 11:42 am #136908Add one more problem patch (possibly).
I have Office 2007 and the final patches for it came out this week. They installed fine on my Vista computer, but KB3213648 is failing on my Windows 7 machine with a Code 57E. Some sort of permissions-related issue; this had never happened before with any Office updates on that PC. Nice parting present for Office 2007. Thanks, MS experts!
-
anonymous
Guest -
Cybertooth
AskWoody PlusOctober 13, 2017 at 10:59 pm #137342I had to resort to rebooting the computer, and then the patch installed properly. Good thing I have some experience with this kind of situation; I can only wonder what sorts of contortions I would have gone into (fiddling with permissions, etc.) if I didn’t.
“When in doubt, first reboot and see what happens.” [grin]
-
EyesOnWindows
AskWoody LoungerOctober 12, 2017 at 12:35 pm #136930So there we have it, Microsoft tells the world about six critical security vulnerabilities in Windows then promptly bungles the patch release that is supposed to fix them. Oh how very nice indeed! Another parachute jump with a moth ridden patched parachute. I guess I’ll just stick with the known bug set for now. Perhaps it’ll make more sense to jump to FCU a few weeks after it comes out rather than staying with the leaky CU ship.
HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GBBobbyB
AskWoody Loungeranonymous
GuestOctober 12, 2017 at 12:48 pm #136924There are strange occurrences. We installed Office 2013 security patches and MSRT on a Windows 8.1 computer and the “Home Group” icon appeared on the desktop. This is not a new problem but is mentioned that it did happen today. A google search of the problem lead to an answer (from the windowsclub). Going to control panel, folder options, view, and uncheck and apply sharing Wizard, then re-checking Sharing Wizard and apply, made it go away.
http://www.thewindowsclub.com/remove-homegroup-icon-windows-8-desktop
_Reassigned Account
AskWoody Lounger-
anonymous
Guest -
AJNorth
AskWoody Plus
-
ryegrass
AskWoody LoungerOctober 12, 2017 at 1:38 pm #136961I have KB4041678 and KB4040685 (security only and IE11) patches installed on one Windows 7 Pro x64 machine for the past 3 days with no problems so far. Group B: P8P67 Pro, I7-2600K, Radeon HD 6850.
Edit to remove HTML
Please convert to plain text (.txt) before copy/pasteAnonymous
InactiveOctober 12, 2017 at 1:39 pm #136962This is not directly related to this topic but I think it is important.
Equifax has announced that due to another hack, tyeir web site has put onto visitors computers a bogus Adobe Flash update download screen. I can verify this. I have encountered this repeatedly. Anyone know how to delete this?
= Ax Kramer
-
Geo
AskWoody PlusOctober 12, 2017 at 5:48 pm #137056I don’t trust it either when a adobe update pop’s up on my screen. I don’t click on it, I go direct to adobe and check to see if it’s real. I got the pop up screen yesterday the 12th. Went to Adobe and they had an update.
3 users thanked author for this post.
-
ryegrass
AskWoody LoungerOctober 13, 2017 at 1:45 am #137113It appears that TransUnion is also redirecting visitors to fake Adobe Flash updates (though in Central America).
Ars Technica Article: https://arstechnica.com/information-technology/2017/10/equifax-rival-transunion-also-sends-site-visitors-to-malicious-pages/
3 users thanked author for this post.
-
Kirsty
ManagerOctober 13, 2017 at 2:28 am #137119Even the app stores aren’t immune from fake issues, such as the Edge app found in Google Play recently:
WARNING!!! There's a fake/scam Edge app in the Google Play Store. This is NOT from Microsoft.
Use this direct link: https://t.co/pYecSTdzyj pic.twitter.com/hKqcHQgaiM— Nick Landry (@ActiveNick) 12 October 2017
And on the subject of fake Flash Player installations:
Equifax rival TransUnion also sends site visitors to malicious pages
People visiting TransUnion’s Central American site redirected to potpourri of badness.
Dan Goodin | October 13, 2017Equifax isn’t the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, is also sending visitors to the fraudulent updates and other types of malicious pages.
Read the full article here4 users thanked author for this post.
-
GoneToPlaid
AskWoody LoungerOctober 13, 2017 at 10:56 am #137205
-
AJNorth
AskWoody PlusOctober 13, 2017 at 10:19 pm #137339Hello @ax kramer,
For those who may have inadvertently been infected with the adware contained in that hijack (known as Adware.EoRezo) the easiest approach for the non-technical would be to install, update and run a scan with Malwarebytes (installing it as the free version); links for the application’s download and a tutorial at site (from BLEEPINGCOMPUTER).
If that does not thoroughly clean the system, then try the Norton Power Eraser (read through the page fully before starting, and keep in mind that this utility tends to be rather aggressive; that is, it may generate false positives).
(For a more technical and detailed set of procedures, please see Remove “Update Flash Player” or “Update Java” fake alerts (Help Guide) (from MALWARETIPS); again, several of the other applications mentioned can be quite aggressive.)
Hope this is useful.
AJN
-
JohnW
AskWoody LoungerOctober 14, 2017 at 8:37 am #137420It’s probably worth mentioning that if you are just seeing the popup, you are most likely not infected. Just don’t click on it. That is just the Javascript from the 3rd party connection working as it should. Unless you disable Javascript completely (not recommended), or use a script blocking plugin, you are at the mercy of the website.
But if you have already clicked on it… yup, follow the advice given above…
Windows 10 Pro 22H2
1 user thanked author for this post.
zero2dash
AskWoody LoungerOctober 12, 2017 at 1:48 pm #136975Patch Tuesday needs a new baby brother… 3 1/2 weeks later, “Safe patch Monday” has a nice ring to it.
12 users thanked author for this post.
-
anonymous
GuestOctober 12, 2017 at 4:48 pm #137044Hello 02-. Good point! We all look to Woody for help and it is great to have Him and many here to help. My rule is to wait a week minimum. If Woody thinks it is OK then I will update. Usually it is longer. If several are yelling, and Woody still says wait, then I will wait another few days. It is hard to go 3 1/2 weeks before updating because it or we may become a target.
-
JohnW
AskWoody LoungerOctober 13, 2017 at 12:40 pm #137224Patching early is always an option, but…
Recommended process:
Take a current system disk image first, to a secondary drive location.
Patch.
Test.
If problems with patches, restore image, wait 3.5 more weeks.
Else keep on running and wait for the fun to begin again the following month.
Repeat.
Windows 10 Pro 22H2
-
anonymous
GuestOctober 12, 2017 at 1:58 pm #136976I’m Win7 Group B. With all the .Net information this month, I finally verified that I have version .Net 4.6 Per your Computerworld Woody on Windows article, you recommend either installing version 4.7 itself or installing .Net 4.5.2 Could you please give instructions (Novice version) on how to do this & which version might be best? I think I recall reading that different versions can co-exist , so would I need to delete .Net 4.6 only if I choose to install 4.5.2? Thx
-
The Surfing Pensioner
AskWoody Plus -
anonymous
Guest -
The Surfing Pensioner
AskWoody PlusOctober 13, 2017 at 4:23 am #137130Because Woody explains in his Computerworld article that if you install the rollup, you will be effectively upgrading to .Net 4.7, and .Net 4.7 causes problems on Windows 7 machines – or so we have been advised on this site. That’s the point.
-
Microfix
AskWoody MVPOctober 12, 2017 at 2:23 pm #136998-
anonymous
GuestOctober 12, 2017 at 4:58 pm #137047I have a friend that lives linux and hates MS. I ALWAYS hear him (actually there were 2 linux users) complain about having a problems with their computers. One said more than once, a linux (mint) update ruined his Home Directory and he had to reinstall. I feel there are bugs and problems with all OSs. Whatever OS you use, keep it updated to stay safe, or use a very good 3rd party firewall that show OUTBOUND connections.
-
anonymous
GuestOctober 13, 2017 at 4:07 am #137129Reply:
Linux Mint Update has 5 Levels, ie Level 1 to 5. The default setting only installs Level 1 to 3 updates.
Smart users will choose to only install Level 1 & 2 updates and then peruse Level 3 updates before installing them because a certain few Level 3 updates may be problematic.
… Some Level 4 & 5 updates will often bork the Linux system, especially Linux kernel updates on older computers.I have been updating my LM 17.3 Cinnamon computer for more than a year without any problem. If done properly, updating LM is like drinking Cinnamon Tea = calming effects, unlike Windows Update post-Oct 2016 = difficult, confusing and stressful.
-
johnf
AskWoody LoungerOctober 13, 2017 at 12:47 pm #137225The good thing about Linux Mint is that they don’t automatically force updates. They also rank the updates from 1 (safe) to 5 (do at your own risk), unlike Ubuntu, which wants you to install all their updates.
What’s not mentioned here is if the affected computers above were running dual boot (which may or may not be stable, based on what MS does), or if they were running PPA’s (software installed outside of the repositories). Usually, the software in the repositories are vetted by the developers, while PPA’s tend to be less stable.
As always, backups are vital, and good sense (turning on firewalls, doing updates) is good practice. Even in Linux, though, it’s always good to wait a bit to see if the updates are stable.
1 user thanked author for this post.
-
JohnW
AskWoody LoungerOctober 13, 2017 at 12:53 pm #137226I used to think a firewall with outbound connection control was important. I still use one, but I realize it is not really going to stop smart malware. Just use it to keep a few things from phoning home.
Too much stuff can just hop onto Windows Service Host today, and you can’t block that in your firewall that without breaking a lot.
It’s better to know every executable that you have running on your PC is signed and trusted. If not, why are you running it? If it’s trusted, is it really going to matter if it uses the network?
Windows 10 Pro 22H2
1 user thanked author for this post.
-
anonymous
GuestOctober 13, 2017 at 4:49 pm #137270It is going to matter if you just don’t want it to call home. Or you want to monitor active connections, no matter how trusted.
And firewalls are seriously lacking on Linux. (Going the way of the dodo on Windows too, sadly.)
But yep, liked Mint’s updating system when I used it for a couple of weeks last year.
-
-
anonymous
GuestOctober 14, 2017 at 1:09 pm #137473Hello, JohnW has a good point. I have seen adobe reader updated via the SVhost when the abobe updater was blocked in the firewall. So yes it can happen. But so can getting a virus even though one has an antivirus. Should one stop using the AV? No. The 3rd party firewall will show outbound connections for far more things that most people do not know about. I have seen “signed approved products” try to go out, even though “check for updates” was not checked. So it is a good idea to have a 3rd party firewall as an added protection. We have “Little Snitch” on our MAC as well as our Windows PCs. It works very well and is an eye opener for outbound connections. People here at woody’s are a little more technical, and I assure you that the average user does not even know what a signed exe file is. We must do the best we can to protect ourselves and others (clients, relatives, etc) with the tools out there and with Woody’s (and other vetted peoples here) advice.
1 user thanked author for this post.
-
anonymous
GuestOctober 13, 2017 at 7:39 pm #137304I want to confirm johnf’s points.
And as long as we’re being anecdotal <g>, I switched an XP system to Ubuntu in Oct 2010, decided I didn’t like the direction Canonical was going and switched to (and have stayed with) Linux Mint since Oct 2010. There is an emphasis on usability and stability that is refreshing. When a new version is released, they will caution against upgrading (if it ain’t broke…) and that the previous version is still supported. I have found the patching system rock solid; so much so that I will install updates the day they are released and — real shocker — not bother to back up first (as long as I have backed up in the past 2 weeks).
(versus waiting 3-4 weeks on MS patches and never, ever, installing a MS patch unless I have created a system image first)
as always YMMV,
anon
3 users thanked author for this post.
Seff
AskWoody Plus-
woody
Manager -
Seff
AskWoody PlusOctober 12, 2017 at 5:11 pm #137049Oh I know, I was just dreaming. Meanwhile the threat from MS is very likely much greater in practice than from anyone else, but so be it!
As for what to do come 2020, there’s still no indication that upgrading to Windows 10 will be any wiser than continuing with Windows 7 beyond that point given the present mess with that system’s vulnerabilities and updates. Unfortunately, Linux isn’t a viable alternative for many of us. All we can hope is that somehow against all the odds MS get their house in order over the next couple of years.
-
anonymous
GuestOctober 13, 2017 at 7:33 am #137147Hopefully Linux distro developers are aware that they could easily gain massive marketshare in the coming years if they take advantage of the upcoming opportunity when the coming Windows exodus occurs (Looking at you Mint and Ubuntu).
3 users thanked author for this post.
-
AJNorth
AskWoody PlusOctober 13, 2017 at 1:21 pm #137229To echo — and build upon — your hope (which, it should be safe to say, is shared by countless millions around the world), let us also hope that the software vendors are paying attention, and have the forward thinking to create Linux versions their products, both popular home (such as for multimedia) and professional applications (accounting, law and medicine, to mention but three areas).
To quote [what is often cited as] an ancient Chinese curse, May you live in interesting times. (Not to digress, but it is neither ancient nor Chinese: https://quoteinvestigator.com/2015/12/18/live/ .)
As I have muttered before, on more than one occasion, Who’s on first? (http://www.baseball-almanac.com/humor4.shtml).
3 users thanked author for this post.
-
anonymous
Guest -
JohnW
AskWoody LoungerOctober 13, 2017 at 1:48 pm #137235Your hopes are good ones, but as AJ’s comments reflect, it is really up to the application developers to make this happen. Lately I have become aware of a few small multimedia companies releasing cross platform versions of their applications. Here is one example: https://www.tracktion.com/products/t6-daw and the latest version even runs on a Raspberry Pi!
The Linux distro creators do not control what applications are written as cross platform. They have merely provided the OS and tools to enable it.
Anyway, there is not really any revenue to be made in releasing a Linux distro, since it is free and open source. There are a few commercial companies that have been successful with monetizing Linux, by packaging a free OS with some value adds, and selling support contracts to businesses.
Windows 10 Pro 22H2
1 user thanked author for this post.
-
-
-
Canadian Tech
AskWoody_MVPanonymous
GuestOctober 12, 2017 at 4:02 pm #137019I can’t begin to describe how happy I am since I put Windows in the rear-view mirror and installed Linux.
I no longer have to wend my way through a minefield of defective updates every month while hoping that MS will eventually get it right.
Clearly the inmates are running the asylum in Redmond.
-
JohnW
AskWoody LoungerOctober 13, 2017 at 1:03 pm #137227I’m glad that is an option for some. I use both, because I need Windows applications that only run on real Windows.
If I could run everything on Linux, I would, but that is not possible or practical for me yet. I would like to see the day that everything runs native on Linux. I have tried Wine, but have only had luck with a few apps, and that is always with a lot of fiddling and crashes. Not wasting my time with that stuff anymore. Native Linux only!
If I only used web, email, office, and development apps, the solution would be easy. Linux has great replacement apps for those use cases.
But commercial applications for content creators seem to only support Windows and/or Mac. I use Photoshop, so don’t even get me started on Gimp, LOL!
Windows 10 Pro 22H2
lurks about
AskWoody Lounger-
AJNorth
AskWoody Plus
dph853
AskWoody PlusOctober 12, 2017 at 4:28 pm #137040I’ve read extensively on this site and the articles on Computerworld about holding off on patching.
On Win 1703 here. Both feature and quality updates are deferred for at least 30 days. Group Policy set to advise of available downloads but not to download them and certainly not install them automatically.
I know about and have used wushowhide
With quality/feature updates turned off in settings wushowhide returns no results for pending updates so I can’t hide them. I have to enable updates in settings before running wushowhide.
Not that long ago after enabling updates but before running wushowhide to hide an update for office, I hit “check for updates”. Once you do this, your goose is cooked as any pending updates will be downloaded and then installed with no further user action required. I tried to stop this from happening by rebooting…didn’t work, just kept coming, by turning off the update service, fine but windows eventually turns it back on and the updates keep coming. There seems to be no way to tell Windows to “just stop and forget I ever asked.”
I have seen reference in some articles of being able to select the wanted updates to be installed from some sort of a displayed list of available updates, I haven’t seen that since like windows 7 I think.
I’m pretty on the ball if I choose to accept nothing, or the reverse, if I choose to get everything, but I am still confused and struggling to manage installing selective patches.
Another issue, at some point in the past I turned off getting drivers automatically from update. Now I can’t remember how I turned that off in case I want to turn it on again. wushowhide shows several available drivers that do not show in windows update.
I’ve played with Linux and I don’t like it. But I may just give up on the dream of a familiar environment that I delude myself into thinking I understand and just jump ship altogether.
Would some kind soul offer some assistance in clarifying where I am going wrong when trying to manage windows updates? Specifically, how to I select only one of several pending updates to be installed and the rest ignored. Every time I toggle updates back on prior to running wushowhide, I swear windows picks up on the change and it is race against the clock to see whether I or the computer will finish searching for updates first. Once windows identifies and available update and queues it, it seems d***** near impossible to get it ignored again
Thx.
-
MrBrian
AskWoody_MVPOctober 12, 2017 at 5:32 pm #137053“wushowhide shows several available drivers that do not show in windows update.”
Windows 10 doesn’t show updates of type Recommended or Optional
1 user thanked author for this post.
-
anonymous
Guest -
MrBrian
AskWoody_MVP
-
-
NetDef
AskWoody_MVPOctober 12, 2017 at 5:40 pm #137054I’ve mentioned this before here, but this is why my clients use modified WSUS settings and sync schedules. Not sure what group this places us in though . . .
After WSUS has been configured via the Wizards (recommended) we go in and turn off the nightly sync. We set automatic rules to approve only critical patches.
A scheduled sync is set for Friday night at 9 PM. This way Critical patches get installed typically 3 days after patches are posted by MS to WSUS. We find that problematic patches almost always get pulled by MS from WSUS within this time frame – and this has saved us much grief.
The following week after the next Friday sync (10 days after patches are published) we review the remaining patches requiring acceptance – the non-critical Important and Rollup plus optional etc. By now some will have been pulled by MS, some have been re-released/superseded, the rest we review for approval at that time, or we may wait based on what others have been sharing about the patch quality that month . . . (thanks Woody!)
Keep in mind that WSUS allows you to UNinstall and block a patch across your organization – which happens a couple of times a year for us.
My stance with all this remains: I would rather take the pain of removing/revoking an installed patch, than skipping them all and getting ransomed.
~ Group "Weekend" ~
-
derzeitgeist
AskWoody LoungerOctober 13, 2017 at 9:53 am #137188We auto-release to our alpha group. Our Alpha group is comprised of half VM’s and the other half is random people in IT, in this building, where the users can easily receive help. A week later we release to beta, which is a cross section of random people from different departments, although it’s still weighted heavily on IT. Then we have a Level 1, Level 2, Level 3, and Level 4 group. Depending on how alpha and beta went we may released to 1-4 on alternating business days or it could be 1 level per week.
Servers are handled by a different WSUS and they also auto-release to an alpha group. General deployment doesn’t take place until about a month after Microsoft releases patches, unless there is an active threat like WannaCry. Each server is put in a AD security group that determines the patching cycle. The requirements vary so much from server to server that we have about 20 different schedules.
Now we are also on migrating away from WSUS and towards an SCCM SUP, which still utilizes WSUS on the back-end. The goal is eventually to get to the point where we do montly patching of 3rd party products and get to the point where we have automated patch compliance reporting. Unfortunately we’re not quite at the same level of sophistication as we were at my last job, but there is a lot of support for the direction we are going in.
2 users thanked author for this post.
bobcat5536
AskWoody LoungerOctober 12, 2017 at 8:03 pm #137073It is becoming more and more evident as time goes by, that the biggest security threat to your operating system is Micro$oft. I worry more about what they’re going to do my system month to month more than any other threat out there. That’s a sad state of affairs. Just my opinion.
8 users thanked author for this post.
-
JohnW
AskWoody Lounger
Geoff King
AskWoody LoungerOctober 12, 2017 at 8:44 pm #137079-
anonymous
Guest
Philomene123
AskWoody LoungerOctober 12, 2017 at 11:43 pm #137103Well, I was a bit terrified when 2 machines were updated today, one w10 pro (desktop) and the other MSI gamer laptop, w10 family. Via MS update. Everything went quickly, no problem. I was so relieved!
Those 2 machines, owned by my daughter, are essential to work, 3d artist course, all loaded with fancy 3d softwares. No backup for now… she lives dangerously… Still need to update 2 w7 laptop but I don’t use them so much, so I don’t bother about any crash. My personal computer is a iMac… I started to hate w10 when the fury began on w7… It was so agressive. I had nightmares for week LOL. But this site gave me the strength and the tools to avoid w10…
Thanks Woody for the good work! Good luck all for your updates!
Fingers crossed as well!!!
-
Geoff King
AskWoody LoungerOctober 14, 2017 at 8:29 pm #137575Hello Geoff King. What OS was it your updated and is it still performing OK?
Hi, anon. Win 10 Home 64 bit, and working fine on 15063.674
radosuaf
AskWoody LoungerOctober 13, 2017 at 2:28 am #137118That’s the first time in months I haven’t touched my personal PC (too busy at work) for a week or so , so didn’t patch it. Lucky me :).
Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insideranonymous
Guestderzeitgeist
AskWoody LoungerOctober 13, 2017 at 7:46 am #137152The “Inaccessible boot device” (blue screen) issue was bad enough. Thankfully our testing process worked as intended and it didn’t make it into the full production environment.
However, I must say that I’m SUPER UPSET about this CRM thing. The bug they caused a couple of months ago affected over 3,000 systems here and it was just after Microsoft [mess]ed up the previous month of patching (in a year where basically every month has been filled with missteps). Now I’m reluctant to push any patches this month.
Our main response to the lack of a proper Microsoft QA process has been to drastically extend our roll-out cycle. It’s a fine line though because you don’t want the next WannaCry malware to be the one that finally takes down the entire environment.
Even when Microsoft had a proper QA process, bugs would slip through. Yet generally if you followed best practices you wouldn’t be burned too badly. Unfortunately, since they disposed of their QA team and especially since they’ve started transitioning to this cumulative approach to patching, the act of patching has become more like a game of Russian roulette.
What I’m most afraid of is that Microsoft doesn’t understand that business and government only moves so quick. All the wishing, pushing, and prodding that Microsoft can do will NOT change that. A lot of organizations have spent serious amounts of money to get their software capabilities and business processes to align – therefore it becomes extremely frustrating for their largest customers when they break things without understanding the real world ramifications of their decision making process.
It’s fine and dandy that they want to evolve. What they have is a failure to communicate.
Using the example of their last CRM fiasco:
If there are serious problems in CRM and the fixes that they want to do to CSS in IE will break customization’s that organizations have made then the solution shouldn’t be to break everything and ask for forgiveness latter. They should offer the patch as optional instead of critical or a security update. Then communicate about the types of things that will need to be addressed before the patch can be rolled out everywhere. Even if they don’t want to do it exactly that way, there is some variation that could work.
When Microsoft becomes more of a problem than a solution, that’s when people start to look for other solutions. Maybe they can’t be replaced on the desktop OS level yet, but there are plenty of areas where we can kick Microsoft out the door and adjust (down) our licensing with them.
-
AlexEiffel
AskWoody_MVPOctober 13, 2017 at 8:51 am #137165In the words of David das Neve, the WaaS evangelist “We are the last ones to move onto this kind of model”.
The assumption here is that this kind of model is suitable for every scenario. Microsoft doesn’t compete on innovation on the OS level, at least not anymore. They need rock solid stability, support, good performance, not VR and ads for businesses. One could argue they add more security, but the OS itself hasn’t been built for security from the start so great to have tools to catch up to a less risky OS. Anyone would dare say Windows is more secure than IOS or MacOS, built on one of the most secure Unix, BSD?
And for people at home, although Windows can be tweaked pretty good, most do not know how to do it and they end up with a horrible user experience with unwanted software on their system, things they don’t know if they should remove or not, productivity hindering things all over the place, viruses. So, guess what, when faced with other options, it might suit them better and it is fine. Some might buy the marketing gimmicks. I know people who wants the latest OS because they can talk about having it, but they don’t have a clue about the differences. It is getting less common today, but it still exists, this inflatable neighbor syndrome with computers, although they are getting so common it is less palpable.
So, when you still own 90%+ of the desktop market and everybody supposedly have moved to a different development model, you think you are wrong and should do like others? Then, you better be sure what you want to do won’t break what has worked and still works for you to have that much exceptional presence in the market. If you don’t understand that, and you insist on pushing valueless upgrades with added costs to own, you are just opening the door for a smart company to step in and kick you out of the business market.
Who in their right mind would use Microsoft everywhere to manage server farms of web sites instead of Linux ? Microsoft have shown its incompetence with their IIS solution a long time ago. I guess they really try hard to convince businesses that they can’t be trusted for business no more too by blaming the users for not wanting their unwanted product, regardless of how they develop it. Basic strategic mistake: if you have the wrong product-market fit, it doens’t matter how you execute it. When you fail, I already hear you saying it is all your clients fault for not doing what you wanted them to do.
4 users thanked author for this post.
-
anonymous
GuestOctober 14, 2017 at 4:30 pm #137539Hello, derzeitgeist. Well put. Businesses must have stability to keep their computers running. When computers go down, money is lost. This is a fine line to patching. There is a responsibility to the customer and even world that patches be applied, or a business could be hacked. But technicians also need to slowly push patches out after they have been tested on a few computers to see if anything breaks. It sounds like you have a handle on the situation. These common sense posts, and Woody’s advice are much needed and welcomed.
_Reassigned Account
AskWoody LoungerOctober 13, 2017 at 9:33 am #137176I’ve noticed Wifi losing internet connection but still connected locally. Never had issues until update. Checked my network and is still connected to internet every time. Also noticed after my wife’s laptop updated she lost IPv6 internet but not Ipv4. Reboot always fixed it though. My Ubuntu desktop never loses any connection and neither does my iPhone’s or iPad.
-
anonymous
Guest
AlexEiffel
AskWoody_MVPOctober 13, 2017 at 10:56 am #137204Ok, now I have another Win Server that behaves badly since the automatic patching. Same version, Windows Server 2012 R2.
Now what happens is we can’t remote desktop on it no more, nor can we ping it. However, when I look at it, I can ping the stations that can’t ping it from it just fine. It looks like a Windows Firewall issue, like if the network was assigned to Public instead of Domain, similar to the other issue I had with the other server. Unfortunately, disabling then reenabling the network card doesn’t fix it this time. Plus, it is written the network card is assigned to the domain, not like the other issue where it had become public. I tried rebooting, doing the diagnose option on the network card. Nothing works.
Those servers do not do anything on the Internet except patching. I renewed them last year. Prior to that, I had the accounting package and Windows server completely off the grid for 6 years with no issue at all. This time, I thought, well, I will let them patch only, because there’s a lot of more scary things out there like the SMB vulnerability. Well, now I loose time managing uselessly those things that should just provide access to the accounting package and do backups. I’m about to pull the plug on the patches. I wouldn’t have expected that on a static Windows Server 2012 like that. We are not talking about an OS that keeps changing like Windows 10 here!
dgreen
AskWoody LoungerOctober 13, 2017 at 1:48 pm #137236Group C, Anyone?? It sure looks like a safer place.
Canadian Tech
I just posted in the Windows 7 forum what happened with me.
2 weeks after I applied the Sept. patches (group b), my computer had huge problems.
After a lot of attempts at everything, (read my post in Windows 7 forum) I deceided to try one more thing. I removed Sept. IE11 patch kb4036586. That’s when the computer turned the corner.
So, almost 2 weeks before it was a problem.
The security patch was not removed.anonymous
GuestOctober 13, 2017 at 2:24 pm #137250anonymous
GuestOctober 13, 2017 at 4:56 pm #137273First take, it appears many of the issues are related to W7 and W10 although I am aware of known bugs in the October W8.1 Cumulative Update. We all know that the MS pre-release QA testing for updates is less than robust but this monthly fusillade of update issues is exacting reputational damage to MS and its products. I view W10 as little more than a slow moving train wreck and will resists using that OS until all viable options become exhausted. That’s a pity as I had high hopes for W10 until MS ingested all of the crazy pills.
1 user thanked author for this post.
Sandman
AskWoody LoungerJames Bond 007
AskWoody LoungerOctober 14, 2017 at 6:51 am #137391Woody, it is interesting to learn that installing the .Net Rollups starting from July 2017 will “transform” .Net 4.6.x to 4.7 under the hood.
I don’t install any of these rollups. Instead I adopt the “Full” Group B approach by installing only the Security Only .Net Updates, the last of which was in May 2017. I am aware that there is a Security Only .Net Update released in September, but I have not installed it yet on my systems running Windows 7 and 8.1. I have .Net 4.6.2 installed on Windows 8.1.
Will installing only these Security Only Updates now and in the future still “convert” .Net 4.6.x into 4.7?
Hope for the best. Prepare for the worst.
-
SueW
AskWoody PlusOctober 14, 2017 at 12:45 pm #137474“I don’t install any of these rollups. Instead I adopt the “Full” Group B approach by installing only the Security Only .Net Updates…”
I also employ the Group B approach. And though “rollup” is a dirty word for us, it has an entirely different meaning in .Net Framework, as explained here:
https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/
Security and Quality Rollup
The Security and Quality Rollup is recommended for consumer and developer machines. It includes both security and quality improvements and is cumulative, meaning that it contains all of the updates from previous rollups. This makes it easy to catch up if you have missed any of the previous updates. The Security and Quality Rollup update will be made available on Windows Update and Windows Update Catalog.Security Only Update
The Security Only Update is recommended for production machines. It contains only the security updates that are new for that month. This enables you to fine-tune the security updates that are applied. If you have installed the Security and Quality Rollup for the month, then you are up to date and do not need to install the Security Only Update. The Security Only Update will be made available on Windows Server Update Services and Microsoft Update Catalog.So although I wasn’t initially sure which mode of .Net Framework to install, I’ve been installing the cumulative ‘Security and Quality Rollup’ mode (I have both 3.5.1 and 4.6.1 on my system). So far, so good . . .
Now, as far as “transforming” .Net 4.6.x to 4.7 under the hood, I’ll also be interested in knowing the answer.
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'1 user thanked author for this post.
MrBrian
AskWoody_MVPOctober 14, 2017 at 9:52 am #137433anonymous
GuestOctober 14, 2017 at 2:50 pm #137506I have installed, same as others posting here, this month’s Windows 7 Security only and IE11 Cumulative updates, so far with nothing going amiss (that I have noticed). If something nasty turns up, I shall post a note describing the problem.
On the other hand, I am, for now, holding off on installing the MS Office patches in both my Windows PC and my Mac, as well as the .Net one in the former, until some time goes by, in case several users, somewhere online, e.g. in “Ask Woody”, start reporting, consistently, on some awful things that happened to them as a result of doing that.
Since I’ve never have used, nor I see any reason why I’ll ever use, Outlook, I am excluding that piece of MS Office from this comment.
P.S.: I am posting anonymously here because, once upon a time, I subscribed to “Woody”, and got instantly flooded with emails with postings that I can just as well read online by visiting this site, so I cancelled my subscription.
If there were a way to post here without that (to me) undesirable side effect, I’d love then to subscribe and post as a user (and be able, among other things, to “thank” others for postings that I see as particularly useful and informative.)
1 user thanked author for this post.
-
PKCano
ManagerOctober 14, 2017 at 3:00 pm #137509There is a difference between “Register” and “Subscribe.”
You can register – create an ID and password, receive a confirmation email, and you’re in.
If you “Subscribe” to a topic by clicking the link on the right side of the gray bar at the top of the topic, or checking the box ” Notify me of follow-up replies via email” at the bottom of a post/reply, you are requesting emails when people reply to the topic or post. So if you stay away from those two things, you should be fine as a registered member.
GoneToPlaid
AskWoody LoungerOctober 15, 2017 at 2:05 am #137628Patching early is always an option, but… Recommended process: Take a current system disk image first, to a secondary drive location. Patch. Test. If problems with patches, restore image, wait 3.5 more weeks. Else keep on running and wait for the fun to begin again the following month. Repeat.
Yep, that pretty much sums up my pre-patch procedure. Nearly a year ago, I learned to quickly perform an incremental backup of the Windows OS partitions on my computers before installing Windows Updates. Why? Because I have encountered a couple of them which either can not be uninstalled, or which do not properly uninstall — no matter what.
1 user thanked author for this post.
GoneToPlaid
AskWoody LoungerOctober 15, 2017 at 4:22 am #137649Hello to everyone,
Piriform’s Speccy utility does correctly show what versions of .Net are installed on your computer, including the latest installed service pack for the given installed .Net version.
Yes, .Net 4.6.2 and above does indeed remove the 260 character path limit under Windows 7, and this is indeed a nice feature to have on your Windows 7 computers. On the other hand and with only .Net 4.5.X installed, I have occasionally encountered issues with path limits which have more than 240 characters. Why is that? Because it depends on how long your computer name is, when syncing files across your local network.
Note that since .Net 4.6.2 and above must inherently have direct low level access to the NTFS on every hard drive within your computer via the Windows kernel, in order to implement the removal of the 260 character path limit, all versions of .Net higher than 4.5.X represent an obvious additional direct attack vector on your computer.
One has to ask, why did Microsoft decide to “fix” the 260 character path limit issue via .Net, instead of fixing Windows itself?
All .Net Framework versions above .Net 4.5.X also include baked in telemetry capabilities for installed programs which are written to explicitly gather such telemetry, and also may be required to be installed if you want to run programs which were designed to run under Win8 or Win10.
Rule 1: If a program, which you install on your Windows 7 computer, also installs a .Net version which is greater than .Net 4.5.X, then most likely the program author desires to gather telemetry regarding the use of said program, and more.
Rule 2: All versions of .Net above 4.5.X, for Windows 7 computers, include baked in telemetry capabilities.
Rule 3: If you want to uninstall, on your Windows 7 computer, versions of .Net which are greater than 4.5.X, then the uninstall utility will show you a list of what installed programs “could” potentially be affected, since there is a difference between “desired” and “required”.
Rule 4: If you uninstall .Net Framework versions on your Windows 7 computers which are greater than .Net version 4.5.X, and if you subsequently encounter an issue with an installed program which does not start correctly, then the installed program, upon startup, will show an error message which indicates that you must install a later version of .Net Framework.
The upshot is that .Net version 4.5.X is the last baseline requirement for programs which were designed to inherently run on Windows 7 computers, and I might add — without gathering any telemetry.
All versions of .Net above 4.5.X have baked in capabilities, should the program author with to use such capabilities, to gather telemetry with regards to their program, and more.
So, hopefully now you all will now see WHY the latest .Net updates specifically split out how the update is applied. Yes, this is related to CONSENT. The latest .Net updates, if only .Net 4.5.X and no higher is installed, will merely update .Net 4.5.X. The latest .Net updates, if .Net versions are installed which are greater than .Net 4.5.X, WILL upgrade the .Net 4.6.X branch to the latest .Net 4.7.X branch.
Oh, did you expect to get any sort of popup message about the revised .Net EULAs which could and should inform you about the gathering of telemetry? Uh, no, because you unknowingly CONSENTED to the .Net update when you ALLOWED Windows Update to download and install it. You can imagine how it would take YEARS for this to wrangle through the US court system — and Microsoft knows this. Microsoft has its legal bean counters, just like pharmaceutical companies.
Similar issues apply to the VisualC++ redistributables as well, but that would be an entirely separate topic. For example, the VisualC++ 2013 and above redistributables install telemetry. The VisualC++ 2015 also installs KB2999226 which is a known update that installs deep telemetry.
Microsoft = NSA
Many years ago, Microsoft jumped onto the bandwagon, in cahoots with the NSA, to gather all possible telemetry. It started with PRISM. The NSA wins since this is what the NSA wants. Microsoft perceives that it will also win since Microsoft had, and still has, the delusional idea of overthrowing Google’s reign of being the most powerful advertiser on the Internet. Ask yourself, has Microsoft ever published a “canary” on any of its web domains? Of course not. Windows 8 and Windows 10 are in fact based on Microsoft’s delusional idea that Microsoft could, years late, force their way into the mobile marketplace. It is what it is.
Do you ever check to see what goes out of your computer, and to what IP addresses? Most likely, you do not. Backdoors. IP connections which, under Windows and using various utilities, you might not know about. Yet your home router’s logs will show you what actually went out, and to where.
Best regards to all,
GoneToPlaid
-
MrBrian
AskWoody_MVPOctober 15, 2017 at 4:45 am #137659From What we’ve learned from .NET Core SDK Telemetry: “.NET Core has two primary distributions: the .NET Core SDK for development and build scenarios and the .NET Core Runtime for running apps in production. The .NET Core SDK collects usage data while the .NET Core Runtime does not.”
-
ryegrass
AskWoody Lounger -
alpha128
AskWoody PlusOctober 15, 2017 at 9:59 am #137721KB2999226 had indeed insidiously snuck on to several of my computers. I guess I’ll have to check my entire list of telemetry/tracking updates once again to see if any others got by. – ryegrass.
I checked and KB2999226 was installed on my Win 7 x64 computer on 9/24/2016. So it’s been on my computer for over a year now. Should I uninstall it? And if so, will any issues/problems be created in the process?
-
ryegrass
AskWoody LoungerOctober 15, 2017 at 1:55 pm #137806Each system is different, but I uninstalled KB2999226 last night (along with Microsoft Visual C++ 2013 and Microsoft Visual C++ 2015) and have had no problems so far. Be sure and make a backup before proceeding, if for some reason things don’t go well.
1 user thanked author for this post.
-
alpha128
AskWoody PlusOctober 15, 2017 at 8:01 pm #137916Each system is different, but I uninstalled KB2999226 last night (along with Microsoft Visual C++ 2013 and Microsoft Visual C++ 2015) and have had no problems so far. Be sure and make a backup before proceeding, if for some reason things don’t go well. – ryegrass
I don’t have the comfort level to start uninstalling things indiscriminately without a better understanding of the benefits and risks. I did install and run TCPView – for some reason I had downloaded it years ago, but never installed it on this computer until now.
I see that a connection is established from Avast service which doesn’t surprise me. I also see that Dell’s Backup and Recovery Toaster has a connection established which does surprise me. But I don’t see any other surprises going on.
-
ryegrass
AskWoody LoungerOctober 16, 2017 at 2:29 am #138000Hi alpha128,
I may have made it seem as though I’m a bit cavalier in removing updates, but I rarely change any software on this Windows 7 Professional installation so it is essentially the same system as it has been over the past several years with the exception of Windows security updates and I felt quite confident that in my case at least that since it worked well prior to KB999226 , it would work equally as well once the update was removed. On the outside chance that there were unforeseen interactions, I had a current system backup ready. Of course in the case of your installation, I can see having an abundance of caution so as to not unnecessarily change a working installation.
-
-
-
GoneToPlaid
AskWoody LoungerOctober 15, 2017 at 11:39 pm #137950Hi everyone,
Note that you can not get rid of KB2999226 if you also have Office 365 installed. It also depends on how KB2999226 got installed in the first place — either via Windows Update or via Office 365.
I am knee deep in alligators at work. Thus I won’t be able to provide the full details until this weekend. For the time being, people should not uninstall KB2999226 since it could result, for virtually program which you launch and including Office 365, the following error message:
“The program can’t start because api-ms-win-crt-runtime-l1-1-0.dll is missing from your computer.”
Yet there is a way to rip KB299226 from monitoring every program which you run on your computer. I will post this weekend about how to deal with this nasty update.
-
alpha128
AskWoody PlusOctober 16, 2017 at 7:09 am #138077Note that you can not get rid of KB2999226 if you also have Office 365 installed. It also depends on how KB2999226 got installed in the first place — either via Windows Update or via Office 365.
I am knee deep in alligators at work. Thus I won’t be able to provide the full details until this weekend. For the time being, people should not uninstall KB2999226 since it could result, for virtually program which you launch and including Office 365, the following error message:
“The program can’t start because api-ms-win-crt-runtime-l1-1-0.dll is missing from your computer.”
Yet there is a way to rip KB299226 from monitoring every program which you run on your computer. I will post this weekend about how to deal with this nasty update. – GoneToPlaid
I’m glad I wasn’t hasty about removing KB2999226. When I read your post, I remembered how KB2999226 got on my system – I installed it myself!
I remember now there was a time when that exact error message was being displayed by Paint.NET, and there was a post by Rick Brewster to install KB2999226 to fix the issue. The KB2999226 standalone installer is still sitting in my Downloads folder.
So I will be very interested in reading your instructions on how to stop the monitoring.
Thanks!
-
-
anonymous
GuestOctober 15, 2017 at 2:52 pm #137822Yes, it is true that NET has “telemetry”, but not in the way depicted here. NET 4.6+ has a telemetry API that programmers can choose to use in their applications. The framework by itself does not collect telemetry, nor does it send stuff to Microsoft.
I’m a real tin-foil guy and the presence of the telemetry API doesn’t concern me. Even if the API didn’t exist, it’s trivial to collect anyway. Of course, before installing a 3rd party NET application, I check the privacy statement and EULA. After install, I monitor the system in real time for awhile to make sure their are no hidden surprises.
AJNorth
AskWoody PlusOctober 16, 2017 at 5:51 am #138053Adobe have issued another update for their Flash Player, version 27.0.0.170. As they have not yet released a changelog nor Security Bulletin, it is unclear whether this is a security update; however, since this follows so closely on the heel of 27.0.0.159, it is not unlikely.
For those who manually update it, here are the direct download links for the off-line (full) installers for version 27.0.0.170, as well as the Uninstaller, all “clean” — (right-click; select Save Link As):
NPAPI for Firefox, Safari, Opera: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe | 19.8 MB
AX for Internet Explorer: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe | 19.3 MB
PPAPI for Opera and Chromium-based browsers: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe | 19.7 MB
Adobe Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe | 1.25 MB1 user thanked author for this post.
-
AJNorth
AskWoody PlusOctober 16, 2017 at 12:07 pm #138154Adobe have released the Security Bulletin for their out-of-band patch for Flash Player (see post above):
APSB17-32 Security updates available for Adobe Flash Player – 10/16/2017
Vulnerability: Remote Code Execution
Severity: Critical
CVE Number: CVE-2017-11292
-
JohnW
AskWoody Lounger -
anonymous
Guest -
JohnW
AskWoody LoungerOctober 17, 2017 at 5:50 pm #138544Totally agree!!! I have banished web plugins or extensions for Flash (except for the Chrome browser), Java, Silverlight, Quicktime, etc.
Chrome is not my default browser, so I only use Chrome to open Flash based sites if absolutely necessary, and only if Chrome is up to date (with Flash).
HTML5 is the future, and if site admins are too lazy to update, then sorry… 🙁
Windows 10 Pro 22H2
-
-
-
MrBrian
AskWoody_MVPOctober 17, 2017 at 1:48 pm #138469Today Microsoft added issues to many Windows knowledge base articles. Here are some involving recent Windows updates:
https://support.microsoft.com/en-us/help/4041681/windows-7-update-kb4041681
https://support.microsoft.com/en-us/help/4041678/windows-7-update-kb4041678
https://support.microsoft.com/en-us/help/4041693/windows-81-update-kb4041693
https://support.microsoft.com/en-us/help/4041687/windows-81-update-kb4041687
https://support.microsoft.com/en-us/help/4042895
https://support.microsoft.com/en-us/help/4041689/windows-10-update-kb4041689
https://support.microsoft.com/en-us/help/4041691/windows-10-update-kb4041691
https://support.microsoft.com/en-us/help/4041676/windows-10-update-kb4041676
4 users thanked author for this post.
-
Woody posting as an MVP
AskWoody MVP
AJNorth
AskWoody PlusOctober 18, 2017 at 3:29 am #138625For those who still require the Jave Runtime Environment (JRE), Oracle have issued an update, version 8u151: “This Critical Patch Update contains 22 new security fixes for Oracle Java SE. 20 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.”
The full 2017.10 Critical Patch Update Advisory is at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html . Java can be manually updated through its Control Panel (if not set to do so automatically) or the off-line (full) installer may be downloaded at http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html (enterprise version; clean).
-
JohnW
AskWoody LoungerOctober 18, 2017 at 8:27 am #138699I have noticed that Java is a topic that confuses many casual users. Many think that just having the JRE installed leaves them open to security issues. But that issue is actually all about the browser plugin. There is no good reason to still be running the Java browser plugin in 2017. Oracle has deprecated that with Java JDK and JRE v9.
The plugin is what exposes you to exploits in the wild.
I use a couple of local applications that require Java (JRE) to be installed. That just enables the runtime that allows Java programs (that you trust) to execute on the local PC. It really has nothing specifically to do with the web. It would be recommended to run the latest patched JRE if you can. Browser plugins are another story entirely, and I got rid of mine a long time ago… So your best bet is to remove it from your browsers, if you still have it.
See this article: Oracle’s finally killing its terrible Java browser plugin
https://www.theverge.com/2016/1/28/10858250/oracle-java-plugin-deprecation-jdk-9
And this from Krebs: Good Riddance to Oracle’s Java Plugin
https://krebsonsecurity.com/2016/02/good-riddance-to-oracles-java-plugin/
Windows 10 Pro 22H2
-
MrBrian
AskWoody_MVPOctober 18, 2017 at 10:50 am #138729I think it’s a good idea to update Java even if one has disabled it in browsers. Example: Researchers: Serious flaw in Java Runtime Environment for desktops, servers.
-
JohnW
AskWoody LoungerOctober 18, 2017 at 11:34 am #138741I agree regarding Java updates, and even said so in my post.
That said, JRE is probably not normally an issue for the end user if you only run signed code from a trusted vendor. Such as with a commercial or enterprise application.
But running random stuff you downloaded from the web is always risky, Java or not.
Windows 10 Pro 22H2
-
MrBrian
AskWoody_MVP
-
-
-
CraigS26
AskWoody PlusOctober 18, 2017 at 9:12 am #138705“I don’t install any of these rollups. Instead I adopt the “Full” Group B approach by installing only the Security Only .Net Updates…” . So although
I wasn’t initially sure which mode of .Net Framework to install, I’ve been installing the cumulative ‘Security and Quality Rollup’ mode (I have both 3.5.1 and 4.6.1 on my system). So far, so good . . .
Now, as far as “transforming” .Net 4.6.x to 4.7 under the hood, I’ll also be interested in knowing the answer.
https://www.ghacks.net/2017/10/18/microsoft-releases-net-framework-4-7-1/
ghacks.net has revealed Net Frmwk 4.7.1 Released TODAY (10/18)
Woody (PKC, etc.)…… when able please address (here OR separate Thread) the Logic of going from 4.6 to 4.7.1 ( for Sue W ) – AND – to continue the trend IF you updated to 4.7 ALREADY without Issues.
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0
-
The Surfing Pensioner
AskWoody PlusOctober 18, 2017 at 10:22 am #138717Yes, this is my quandary too, running a Windows 7 SP1 PC – I have to date avoided upgrading from .Net 4.6.1 to 4.7 for fear of issues, but it is clearly becoming more difficult to duck the step. Does anyone know whether it is likely to be safe to for Win. 7 users to upgrade to .Net 4.7.1 and (the key question) how long should one wait to find out? With many thanks for any advice.
-
PKCano
Manager -
The Surfing Pensioner
AskWoody Plus
-
-
JohnW
AskWoody LoungerOctober 18, 2017 at 10:45 am #138727It seems that a Microsoft patch for the WPA-2 WiFi KRACK vulnerability is buried in the October updates…
CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
Windows 10 Pro 22H2
CraigS26
AskWoody PlusOctober 18, 2017 at 10:49 am #138728I have installed .NET4.7 on my Win7 without any problems. You will need the D3D Compiler KB4019990 first. I you are in Group A, you already have it. If you are in Group B, you will have to download and install it manually.
4.7.1 NOW a separate Thread per …….
https://askwoody.com/forums/topic/now-available-net-4-7-1/
I think I will Install it today (after lengthy prayer, meditation, and 4 yoga positions) and Report Back here & There since 4.7 for me has produced No Issue.
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0
-
PKCano
Manager
CraigS26
AskWoody PlusOctober 18, 2017 at 12:47 pm #138759I know nothing of .NET4.7.1 – would avoid it until it has time to shake out.
PKC, Always appreciate your guidance – BUT – with nothing but time and multi-Macrium Images I just Installed 4.7.1 with no issues yet via Browsing & Office use.
Being Win7-64 does limit the magnitude of this experience, but it’s a start for other W7 users.
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0
Viewing 45 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
USB webcam / microphone missing after KB5050009 update
by
WSlloydkuhnle
2 hours, 7 minutes ago -
TeleMessage, a modified Signal clone used by US government has been hacked
by
Alex5723
3 hours, 24 minutes ago -
The story of Windows Longhorn
by
Cybertooth
3 hours, 53 minutes ago -
Red x next to folder on OneDrive iPadOS
by
dmt_3904
5 hours, 22 minutes ago -
Are manuals extinct?
by
Susan Bradley
28 minutes ago -
Canonical ditching Sudo for Rust Sudo -rs starting with Ubuntu
by
Alex5723
14 hours, 30 minutes ago -
Network Issue
by
Casey H
1 hour, 35 minutes ago -
Fedora Linux is now an official WSL distro
by
Alex5723
1 day, 2 hours ago -
May 2025 Office non-Security updates
by
PKCano
1 day, 2 hours ago -
Windows 10 filehistory including onedrive folder
by
Steve Bondy
1 day, 4 hours ago -
pages print on restart (Win 11 23H2)
by
cyraxote
5 hours, 44 minutes ago -
Windows 11 Insider Preview build 26200.5581 released to DEV
by
joep517
1 day, 7 hours ago -
Windows 11 Insider Preview build 26120.3950 (24H2) released to BETA
by
joep517
1 day, 7 hours ago -
Proton to drop prices after ruling against “Apple tax”
by
Cybertooth
1 day, 14 hours ago -
24H2 Installer – don’t see Option for non destructive install
by
JP
6 hours, 49 minutes ago -
Asking Again here (New User and Fast change only backups)
by
thymej
2 days, 1 hour ago -
How much I spent on the Mac mini
by
Will Fastie
1 day, 1 hour ago -
How to get rid of Copilot in Microsoft 365
by
Lance Whitney
4 hours, 50 minutes ago -
Spring cleanup — 2025
by
Deanna McElveen
2 days, 7 hours ago -
Setting up Windows 11
by
Susan Bradley
1 day, 2 hours ago -
VLC Introduces Cutting-Edge AI Subtitling and Translation Capabilities
by
Alex5723
2 days, 3 hours ago -
Powershell version?
by
CWBillow
2 days, 3 hours ago -
SendTom Toys
by
CWBillow
14 hours, 51 minutes ago -
Add shortcut to taskbar?
by
CWBillow
2 days, 7 hours ago -
Sycophancy in GPT-4o: What happened
by
Alex5723
3 days ago -
How can I install Skype on Windows 7?
by
Help
2 days, 23 hours ago -
Logitech MK850 Keyboard issues
by
Rush2112
2 days, 5 hours ago -
We live in a simulation
by
Alex5723
3 days, 14 hours ago -
Netplwiz not working
by
RetiredGeek
3 days, 1 hour ago -
Windows 11 24H2 is broadly available
by
Alex5723
4 days, 2 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.