MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE

Topic

New Reply

We have confirmed reports of six bad patches this month – Monthly Rollups and Security-only patches for Win7, 8.1, Server 2008 R2, 2012, 2012 R2 – and
[See the full post at: MS-DEFCON 1: There’s no reason to stick your finger in the pencil sharpener – DON’T UPDATE]

19 users thanked author for this post.

gngerlou, Elly, Nibbled To Death By Ducks, deuce120, Pepsiboy, CADesertRat, KarenS, GoneToPlaid, lurks about, PhotM, Lars220, johnf, fk5353, abbodi86, Myst, Mr. Natural, GreatAndPowerfulTech, doriel, columbia2011

Reply | Quote

Replies

Are they really that bad in programming? I know OS is a complex thing, but issues seems to grow in numbers. Maybe they should do fewer updates. There is nothing worse than CTRL+C and CTRL+V your buggy source code… Office 365 is a new holy grail for hackers, security patches are freezing servers How convinient, good job, Micro$oft. I bet M$ will earn more money this year, than ever before. This is so unfair.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

2 users thanked author for this post.

Cybertooth, PhotM

Reply | Quote

First, this is what happens when you add what should b application software (features) as part of the OS, and then try to do it every 6 months. Second, no Windows 7/2008R2 updates after January, sounds like a positive feature to me. The only time my computer system (6 servers and 10 workstations) has ever been brought down it has been at the hands of Microsoft; never by a virus or other bad actor.

12 users thanked author for this post.

wavy, Elly, Curlew, Cybertooth, OscarCP, Seff, Charlie, Microfix, seamonkey420, johnf, Myst, PKCano

Reply | Quote

Well now, this is interesting. Speaking of Defcon levels…..

Credit The Enquirer for an article they posted in which Microsoft is introducing a “security configuration framework” featuring SECCON levels which will “mimic the DEFCON levels used by the US Army”.

US Army?……yeah right. I think perhaps the idea came from elsewhere……

https://www.theinquirer.net/inquirer/news/3074092/windows-10-seccon-securituy-framework

https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/

Red Ruffnsore

5 users thanked author for this post.

HiFlyer, Seff, Myst, Lars220, johnf

Reply | Quote

I came up with the original terminology – including the WOPR Word add-on – after seeing War Games. Great movie.

2 users thanked author for this post.

DriftyDonN, Elly

Reply | Quote

If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon.  If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

Reply | Quote

anonymous wrote:

If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon. If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

“Pure speculation” like this should remain unwritten. I could just easily and irresponsibly suggest that you’re a Russian-controlled Apple-powered bot posting from a Chinese-hosted IP address.

I would be just as wrong to do so.

Boeing writes its own control software; many of their software engineers work in DC, CA, AL, OK, and MO. This is easily verified.

2 users thanked author for this post.

HiFlyer, b

Reply | Quote

While I fully understand why some commenters here prefer – or even need – to remain anonymous, it is undoubtedly the case that comments made anonymously lose a lot of their credibility. I would strongly urge those who are not required to comment anonymously to sign up and acquire greater credibility for their views through establishing a known track record over time.

10 users thanked author for this post.

wavy, HiFlyer, jburk07, Elly, LH, Myst, SueW, OscarCP, Chris B, woody

Reply | Quote

Couldn’t have said it better m’self.

We have registered users in countries where open interaction like this is frowned upon – they use VPNs. We have employees of companies with skin in the game – they use throwaway email addresses (which is just fine by me). There are lots of reasons to want to post anonymously, but if you’re going to post more than once or twice, figure out a way to get an account. It makes life easier for everybody.

4 users thanked author for this post.

wavy, HiFlyer, jburk07, Elly

Reply | Quote

Tip of the hat to Mr. Natural, #351413,  Congratulations Woody, it appears that Microsoft might be reviewing your informative website here, and has decided after much due diligence and quarrelsome discussion, to actually imitate your excellent DEFCON system with their Security SECCON framework for securing Windows 10. Thank you Woody for doing a Mighty Fine job. And before anyone gets upset, realize that this is tongue in cheek happy humour

https://www.zdnet.com/article/microsoft-publishes-seccon-framework-for-securing-windows-10/

P.S. Do Not use Internet Explorer, new Zero Day attack:

https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

14 users thanked author for this post.

jburk07, Elly, The Surfing Pensioner, LH, Cybertooth, Bluetrix, hyppolyte, CADesertRat, Microfix, woody, Paul T, seamonkey420, PhotM, Myst

Reply | Quote

From the zdnet “zero-day exploit” article Lars220 gave a link to:

“We determined that a fix for this issue will be considered in a future version of this product or service,” Microsoft said, according to Page. “At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

Following Microsoft’s firm response, the researcher released details about the zero-day.”

This is a problem when  IE11 processes MHT files. What are these files and where one is likely to encounter one of them?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

You can save a webpage two ways in IE.
As HTML – saves in two parts: a file and a folder that contains the graphics.
A MHT – saves the webpage as a single file.
If you choose “Save” there is a pulldown below the name of the file that gives you the choice of format in which to save the webpage.

Reply | Quote

Thanks, PKCano. So, is there a hazard in saving a Web page in this single-file format? Or in opening an MHT file one got from someone else?

I have tried to save Web pages as MHT many times, although in a good percentage of those trials, IE11 could not read the very MHT file it was used to create, so the file was useless to me and had to delete it.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I believe your answer can be found in the ZDNet IE zero-day article linked here.

Reply | Quote

anonymous wrote:

If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care..

Yet no one dare to sue Microsoft for $BB in damages and test Microsoft’s EULA in court.

1 user thanked author for this post.

Cybertooth

Reply | Quote

The recent 1803 cumulative update was causing similar problems to the 1809 update on one of my machines. Had to roll it back.

Reply | Quote

Is all of this DEFCON-1 nonsense only about the slowdown in Windows 10 Version 1809 because third party antivirus vendors are using undocumented APIs? Is this still a continuation of the bogus complaint that Microsoft is somehow to blame for this?

Yeah, for older versions of Windows and Server editions, there are other, unrelated bugs in the current updates crop. But DEFCON-1?

For Windows 10 1809 users, the solution is obvious — remove and do not use third party security software and browser security apps and security add-ons. Then watch your system performance magically return to normal or better than before.

-- rc primak

1 user thanked author for this post.

Barry

Reply | Quote

MS is to blame for this. Since the days of Vista, MS made undisclosed agreements with several AV vendors to keep the undocumented hooks available to them. It was either that, or all of the major AV vendors were going to sue MS. It is only recently that MS has had issues with updates causing problems with AV products. Meltdown and Spectre forced MS to rework all kernel code. This required most AV vendors to rework how their products interact with the kernel. Yet this latest issue, pure and simple, is Microsoft’s fault.

How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product? In the past and prior to the OS patches for Meltdown and Spectre, we never had updates cause serious issues for multiple AV products. This latest snafu is another good example of why Nadella should have never fired the windows update quality control team. Updates have pretty much been in the gutter ever since.

10 users thanked author for this post.

wavy, HiFlyer, gngerlou, Spiral, lurks about, Myst, SueW, Cybertooth, Seff, rc primak

Reply | Quote

How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

Apparently, it’s harder than we may be thinking. Though to be fair, I don’t know all the details.

-- rc primak

1 user thanked author for this post.

Myst

Reply | Quote

I don’t either.

Haven’t yet seen a common denominator for the 1809 cumulative update slowdowns. And I doubt that they’re related to the Win7/8.1 antivirus inanities. Most likely just a coincidence that they shipped on the same day.

I’m also surprised that we haven’t seen slowdowns on some 1803 machines.

Reply | Quote

GoneToPlaid, a few variations on this theme of yours:

” How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product? ”

Or maybe have several AV installed in the same computer, and turn them on one at the time for testing?

Or several computers, each with several AV?

Or…

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

If Microsoft has formal agreements with vendors for these APIs to perform in a certain way and that is broken it is indeed Microsoft’s blame. If there were formal agreements they were most likely time limited. Perhaps the time ran out and Microsoft made changes that were known to the AV vendors to be coming. Since we do not know for sure what, if any, agreements exist it is pure speculation to say that Mirosoft is completely at fault.

It is probably not as simplistic as keeping several bare bones machiens with various AV products to test. It may be a combination of installed software and/or running software and/or motherboard and/or anything that can change how a PC is working. The combinations quickly multiply to something that is unable to be tested.

--Joe

1 user thanked author for this post.

woody

Reply | Quote

Yep. Ultimately it boils down to a question of whether the APIs are being used as documented.

Having, uh, smooshed a few APIs in my day, I can sympathize.

Reply | Quote

To keep a competent QA group in-house costs money on product that MS does feel is important to its future. I would say this penny-wise and pound-foolish as keeping your current customers moderately happy will keep them using your products and services. A salesman once told me it is much cheaper to keep a regular, if small account, happy than to pound the pavement to get a new customer. All companies rely on repeat business so keeping your existing customers happy is money well spent. So Windows users who have been burned by any of the various update foul-ups are not exactly happy customers. Irritate them enough and they will leave. The worst customer to win is the ex-customer as they have a bad history with you.

Moral of the story, spend real money on a competent QA staff, listen to users who do not see the point of very frequent updates that degrade stability, and realize your best potential customers for a new product are you current customers.

3 users thanked author for this post.

HiFlyer, gngerlou, Elly

Reply | Quote

anonymous wrote:

If I owned a Company with the track record that M$ has, I would be out of business in no time. this Company will never get it right,because they simply don’t care. I read online that M$ and Boeing, are both based in Washington State and that I find it quite odd that the “software manufacturer” for Boeing has never been named ??? If the current software upgrade is indeed being supplies by M$, and this is pure speculation, I won’t be flying anytime soon. If the software that runs a 737 is running the plane you’re flying in is indeed connected to M$, then heaven help us all. Just food for thought. As stated, this is pure speculation as no specific facts that I’m aware of, have been released.

The software for the Boeing 737 MAX was not written by Microsoft.

2 users thanked author for this post.

Myst, rc primak

Reply | Quote

Thanks for the clarification, a simple statement on who it does come from on the national news would have helped. Sorry if I ruffled feathers. I apologize, I’m sure I’m not the only one that thought has crossed the mind of.

Reply | Quote

Hey, we had a fairly good batch of Win 7 & Win 8.1 updates in March.  There were some problems a few months previous to that.  Now we’re having problems again which may take MS a month or more to fix.

It seems to me that it would be better if MS waited until they got the updates done right, and then released them.  If that meant every 2 or 3 months, then so be it.  Urgent, emergency updates & patches could be released quickly if a dire situation arose.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

2 users thanked author for this post.

gngerlou, woody

Reply | Quote

Looks like MS have updated the catalog yesterday:
String of patches 04/11/2019
https://www.catalog.update.microsoft.com/Search.aspx?q=2019-4

Windows - commercial by definition and now function...

3 users thanked author for this post.

jburk07, Myst, woody

Reply | Quote

Looks like those changes represent the block for Sophos and Avira AV products.

Opinion: with any kind of testing at all, this could have been done ahead of time and saved a lot of customers a lot of headaches.

8 users thanked author for this post.

jburk07, gngerlou, Elly, CADesertRat, Myst, GoneToPlaid, Charlie, woody

Reply | Quote

Heck, they could have caught these AV product issues by testing in virtual machines!

1 user thanked author for this post.

HiFlyer

Reply | Quote

Imagine not being able to update an AV on Win7 after EOL..have we just witnessed it?
Welcome to the Matrix

Windows - commercial by definition and now function...

1 user thanked author for this post.

Myst

Reply | Quote

Hi everyone,

My computers are Win7 Group B. Earlier this week, I installed the April 9, 2019 KB4493448 Security-only update on one of my computers. I had no issues since all of my computers run Panda antivirus.

Here is the thing. When I installed KB4493448 earlier this week, I was pretty sure that I saw my computer reboot twice — first after installing KB4493448 in Windows (ye old required reboot after installing updates), and then a second time while starting up and configuring my computer. I wasn’t entirely sure about this since I was grabbing another cup of morning coffee.

I figure that KB4493448 is going to either get pulled or get re-released. So a little while ago I decided to uninstall it. Sure enough, after uninstalling and rebooting, I watched Windows start, do some stuff, and then reboot again. I don’t recall ever seeing this kind of behavior when installing updates. On the other hand, I have seen similar behavior when installing device drivers when Windows detects new hardware on startup. At least I was able to cleanly uninstall KB4493448. I didn’t have to temporarily disable Panda AV or go into Safe Mode to do so.

I figure that the double-reboot thing indicates that Microsoft changed something really deep within the kernel — perhaps enough to cause issues with at least a few AV products. Did any of you all Win7 or Win8 users notice the same double-reboot thing when installing the April rollup or the April security-only update?

1 user thanked author for this post.

jburk07

Reply | Quote

GoneToPlaid wrote:

Hi everyone, My computers are Win7 Group B. Earlier this week, I installed the April 9, 2019 KB4493448 Security-only update on one of my computers. I had no issues since all of my computers run Panda antivirus. Here is the thing. When I installed KB4493448 earlier this week, I was pretty sure that I saw my computer reboot twice — first after installing KB4493448 in Windows (ye old required reboot after installing updates), and then a second time while starting up and configuring my computer. I wasn’t entirely sure about this since I was grabbing another cup of morning coffee. I figure that KB4493448 is going to either get pulled or get re-released. So a little while ago I decided to uninstall it. Sure enough, after uninstalling and rebooting, I watched Windows start, do some stuff, and then reboot again. I don’t recall ever seeing this kind of behavior when installing updates. On the other hand, I have seen similar behavior when installing device drivers when Windows detects new hardware on startup. At least I was able to cleanly uninstall KB4493448. I didn’t have to temporarily disable Panda AV or go into Safe Mode to do so. I figure that the double-reboot thing indicates that Microsoft changed something really deep within the kernel — perhaps enough to cause issues with at least a few AV products. Did any of you all Win7 or Win8 users notice the same double-reboot thing when installing the April rollup or the April security-only update?

My employer pushed the Windows 7 Roll-up to my system today and I most definitely saw the double reboot. It booted up, starting configuring updates, and then shut down and restarted again.

1 user thanked author for this post.

jburk07

Reply | Quote

anonymous wrote:

Thanks for the clarification, a simple statement on who it does come from on the national news would have helped. Sorry if I ruffled feathers. I apologize, I’m sure I’m not the only one that thought has crossed the mind of.

No worries, and no feathers were ruffled. And I am sure that you are far from the only one who has wondered about who creates the flight computer software. The short answer is in-house, and in the case of MCAS, a Boeing subcontractor which is not Microsoft.

Hey, be a gem and register here at AskWoody! It would be nice to have you here.

3 users thanked author for this post.

jburk07, Myst, SueW

Reply | Quote

rc primak wrote:

How hard is it to keep a couple of dozen bare bones Windows computers on hand, each with a different major AV product installed, to simply test whether or not a new rollup is going to cause issues with the AV product?

Apparently, it’s harder than we may be thinking. Though to be fair, I don’t know all the details.

Here are the details, of course it’s VERY hard when they don’t even have THAT many testers anymore:

Microsoft Bug Testers Unionized. Then They Were Dismissed

BTW, aren’t we missing the whole point here? They’ve gotta be laughing all the way to the bank since they’re essentially “outsourcing” their own bug testing to paying (NOT paid) consumers:

Microsoft to business: Don’t worry about Windows 10, consumers will test it

Reply | Quote

rc primak wrote:

For Windows 10 1809 users, the solution is obvious — remove and do not use third party security software and browser security apps and security add-ons. Then watch your system performance magically return to normal or better than before.

And run an unprotected Windows PC as Defender is, always has been and always will be, just c**p.

1 user thanked author for this post.

DriftyDonN

Reply | Quote

Defender in Windows 10 is much better than prior versions. Plus, it is where Microsoft keeps extending security with new protections.

--Joe

1 user thanked author for this post.

rc primak

Reply | Quote

I think I have some weird bug with Defender in Win7, though.
Every once in a while, after an update, my starting programs in the registry kinda “break”.
I manage to fix this only by restoring to a previous date.  ¯\_(O_o)_/¯

1 user thanked author for this post.

gngerlou

Reply | Quote

According to recent independent testing, Windows Defender is far better than [garbage]. And very far better than a truly unprotected Windows installation, as if such a thing were even possible these days. (Windows Defender will switch on automatically if nothing else is present.)

I’m not saying WD is the greatest AV product out there. Far from it. But WD is “good enough” for most users, myself included. And it won’t interfere with updating or upgrading my PC.

-- rc primak

Reply | Quote

Hello to all

Seen Woody’s earlier Ok to install KB4493435 and KB4493448 which I did the other day (4/10/2019) after his post, and before this “DON’T UPDATE” warning.  So far I have not  experienced any problems, so should I continue on and leave well enough alone, or should I uninstall both of them, and wait on another release / re-release ??

 

Win 7, Home, Group “B” , Norton Security

Reply | Quote

You have already installed April updates. If you are not having any problems, leave well enough alone this time.

But the idea of the DEFCON system is NOT to patch on Patch Tuesday or immediately thereafter, but to wait until the DEFCON number is at 3 or above. This will usually be three or four weeks later. That gives the Guinea pigs out there time to test the patches before you apply them so you don’t experience the issues that may arise.

5 users thanked author for this post.

DriftyDonN, gngerlou, Elly, MyAussie, woody

Reply | Quote

Oh, those adrenalin junkies who like to update at the earliest possible moment! My WU is only turned on for an hour a month, so every patch Tuesday I can sit back in curious wonderment and watch the melee .

4 users thanked author for this post.

rc primak, HiFlyer, Demeter, woody

Reply | Quote

Ditto. Win 7 Pro, x64 SP1, i7-core Haswell, Grp. A, HP ZBook

Reply | Quote

I keep wanting to update at the earliest possible moment as I seem to be trapped in a update vicious circle. I currently have some issues in 1809 which have been fixed in a recent release. I can’t install the recent release because that has even worse issues that I don’t want to take onboard. Then there is a newer release which fixes both issues but then creates yet another issue that I don’t want to take onboard. So I always end up looking at the horizon in hope that that magic fix will be here soon!

Reply | Quote

I sympathise. That’s why I’m still running Windows 7.

Reply | Quote

Get out of the rut.

My rule of thumb is wait three weeks after patch release before installing then on your own update day, search online for the KB. Websites like this one of Reddit generally carry discussion about problems associated with individual patches.  Here you can access Patch Lady’s Master list.

In summary, don’t even think about installing released updates for three weeks then do your research. Install any clean at-least-three-week-old updates then. You may be able to make a decision about other updates. For example, current AV issues do not affect my installation (but I am still in a wait period so won’t install yet).

1 user thanked author for this post.

rc primak

Reply | Quote

My employer pushed the Windows 7 roll-up to my workstation today.  I discovered that, if you disabled libraries on your computer (https://www.askvg.com/how-to-disable-libraries-feature-in-windows-7/), this is another patch where you will want to re-enable libraries before installing.

Otherwise, you get a variation of the can’t rename folders in Windows Explorer bug.  You can rename the folder, but you will then get an “Item Not Found” error.

I haven’t installed the roll-up on my home computer. And since I’m running Avast!, I don’t plan to anytime soon.

2 users thanked author for this post.

Curlew, woody

Reply | Quote

Interesting. I haven’t heard of that one. By any chance do you know of any other people who are having the same problem?

Reply | Quote

Noticed my PC checked for updates on 10 apr- didnt do anything…yay!!!

Here we are chewing our nails and checking what microsoft has screwed up on our systems now and some think it’s a good idea to let M$oft in charge of antivitus/malware / security? Not me!!!

Reply | Quote

It was a weird update for sure. Besides the cumulative update I got a vague kb 4023057 update that seems to re-appear every month now. On one system it crashed some sedsvc.exe process. On another system this specific update failed first and after an automatic retry it also crashed everything sedsvc-related. And on yet another system it crashed some other sedsvc processes. All in all it took much longer than usual to update. As a bonus, after restarting another update was found regarding microcode. Which required yet another restart. Sigh, using Windowd 10 requires a day off to update …

Reply | Quote

On April 1st (April Fool’s?), Woody wrote:

“In general, March’s patches seem quite tame. Let’s hope that’s the new normal.”

Never, ever, ever say, “Gosh , things are possibly looking good.”

As the old Spanish saying goes, “The Devil seldom lies dead in a ditch.”

Or, more to the point, to quote Ambrose Bierce, “Speak of the Devil and he’ll hear about it.”

Sinister forces are at work, and the smell of Brimstone reeks from Redmond.

O Tempora! O Mores! Back into the fallout shelter! (“Honey, where’s that tin of beets? I sure am getting sick of dried Venison…”)

[Just thought some humor, even black, would bring some relief…it’s either that or it’s pitchforks and torches time…]

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

woody

Reply | Quote

Just had KB4493509 forced on my 1809 Home install ignoring metred connection.

1 user thanked author for this post.

Latka

Reply | Quote

anonymous wrote:

KB4493509 forced on my 1809 Home install ignoring metred connection

Happened to me this morning.

I thought maybe it was just me being stupid.  Apparently not.

https://www.askwoody.com/forums/topic/windows-update-overriding-metered-connection/

Reply | Quote

Ok, enough.
I’ve updated Win7 till February plus the Servicing Stack and SHA2 patches.
Seeing the quality of the next ones, I’ll postpone this pain for a good while.
At this point, I just hope that MS won’t leave Win7 in a broken status at the end of its support..

Reply | Quote

I have done the same but I haven’t installed the “Servicing Stack and SHA2 patches” either.

There might be worse coming in a “Sleeper” update. Time to be a spectator until after EOL.

 

Reply | Quote

As of July, the Servicing Stack and SHA-2 patches will become mandatory if you want to continue receiving updates through Windows Update. Microsoft is changing the way they deliver updates from using SHA-1 to SHA-2, which is more secure.

Reply | Quote

Ah PKCano, is there a non-buggy IE cumulative update after december 2018? (the last one I installed was KB4470199)

Reply | Quote

Check the Master Patch Lost (button in top menubar) for the past months.

Reply | Quote

Thanks but that just seems to lists the patches, buggy or not.
Oh well, I’ll check the various patch articles.

EDIT: I’ll probably install kb4486474

Reply | Quote

I did the MSRT update.  Never had a problem with them.

Reply | Quote

Great and here I was planning on doing the update for April

Reply | Quote

Where can I find a list of 2019 updates to Windows 7 Pro which are safe to apply?

Reply | Quote

The April updates are still up in the air. We are still collecting the casualties. So hold off patching any of April’s mess.

For past months, there is Susan Bradley’s (Patch Lady) Master Patch List accessed by the button at the top of the blog in the gray bar. It’s sorted by months.

You might read about out DEFCON System (currently DEFCON-1 designated by the big numbers at the top of the blog). You can read about it by clicking on the button in the top bar also. Basically, it says, don’t patch early after Patch Tuesday. Let others be the cannon fodder. When the DEFCON level is 3 or above, Woody publishes a guide in ComputerWorld with instructions for safe patching.

1 user thanked author for this post.

Myst

Reply | Quote

I’m helping someone update a Group A laptop (Win 7, 64-bit) that hasn’t been updated since October 2017.

This individual can’t handle any of the hiding/unhiding necessary in Windows Update to get the March 2019 monthly rollup to re-appear (because PciClearStaleCache.exe isn’t available in the April 2019 rollup).

They can’t handle the Microsoft Update Catalog either.

I’m going to send them the following files (downloaded from the Catalog) and get them to install as follows:

• KB4490628 – Mar 2019 – servicing stack update – wait 15 minutes after install – REBOOT
• KB4489878 – Mar 2019 – monthly rollup – REBOOT
• KB4474419 – Mar 2019 – SHA-2 code signing support update – REBOOT

I’ve read that it’s better to install the monthly rollups via windows update because the updates will be installed in the correct order, but if the rollups are cumulative, won’t they be installed in the correct order from the Microsoft Update Catalog also?

Reply | Quote

That is a start. They should set Windows Update to “Check for Updates but let me decide whether to download ans install” before they start.

After installing the Rollup, wait 20 minutes after the reboot before installing the SHA-2 patch, or install both the Rollup and the SHA-2 without rebooting in between.

Don’t install any of the April updates yet – there are too many problems with them.

Reply | Quote

I will get them to install the Mar 2019 monthly rollup then SHA-2 update then reboot, as you suggest.

Thanks

Reply | Quote

Three update questions:

I have set my connection to metered and have hidden updates, don’t see April updates yet.  Hidden: MSRT , Flash and 4023057.  I am concerned that MSRT will conflict with my security software – but I want to run it, I think it’s a good tool  – can’t find anything about MSRT potentially causing a conflict, any comments on if anyone knows if it will? I am running ESET NOD32.

I don’t have Flash installed, don’t use it, ergo it’s hidden.  In general, is there any harm/issue with installing an update for something you don’t have installed?  I know Flash is a security risk, haven’t had/used it for a while.

4023057 – I am waiting until I am ready to install 1903, am currently on 1803.  I read that Microsoft will allow 1803 users to choose what updates to install with an update to 1803 in May. So I plan to get that update (and will do April stuff too, once it’s ok), then will get 1903 in July, prior to expiration of 1803 support.  Putting it out here to the community to see if that sounds like a reasonable plan going forward for updates in the near future. thanks.

Reply | Quote

By default, Flash is included in IE11 in Win8.1 and Win10. It is on your machine and you do need to update it.

MSRT should not cause a conflict, but it is you choice whether you run it or not. It runs once a month during the install in Windows Update.

You don’t need KB4023057 to be able to upgrade Win10. For sure you do not want to install it if you do not intend to upgrade in the near future.

1 user thanked author for this post.

dmt_3904

Reply | Quote