MS-DEFCON 2: Time to temporarily block Windows Update – and ignore KB 3008923

Topic

New Reply

Check to make sure you have automatic update turned off. Post coming in InfoWorld — including new details for the Creators Update.
[See the full post at: MS-DEFCON 2: Time to temporarily block Windows Update – and ignore KB 3008923]

2 users thanked author for this post.

JDeC, Spiff

Reply | Quote

Replies

Oh its that time of the month again isn’t it. Well I have one PC that won’t be worried about them. Because its hard drive had a failure yesterday. Funny, 6 months old and a HDD failure, so much for WD drives from OEM’s. Second one I have done in the HP’s I have owned. Don’t even last a year. Like to blame Windows 10 for all its probably doing in the background but its probably just lousy drives.

Reply | Quote

I understand the price considerations, but the only electromechanical (spinning) hard drive I’d ever consider buying any more is an external backup drive.

Solid state is the present and future, and in fact (considering the rise of M.2 NVMe tech) “traditional” SSD drives are pretty much already becoming obsolete.

My advice: Save pennies and buy only SSD drives / flash storage from here on. Look for “pro” / high reliability models (e.g., 2 million hour MTBF and with a well-defined lifetime write load) if preservation of your data is important to you.

A friend of mine just this week built a Xeon-based workstation class machine with a Samsung Pro 1 TB M.2 NVMe flash card. He literally sees well over 3 GB/second I/O speeds, but possibly more importantly about half a gigabyte per second speed with small (e.g., 4 kbyte) I/O requests, which are common in real-world use. These are not just an incremental improvement over prior tech; NVMe is proving to be a real leap.

FYI I’ve been running all my systems off arrays of SSDs for quite a few years now (I bought in when they were VERY expen$ive). So far zero failures, zero problems.

-Noel

1 user thanked author for this post.

HiFlyer

Reply | Quote

PLUS the energy (wattage) required to run an SSD compared to a HDD is far less which also has the benefit of less stress on your system components. I’ve also used SSD’s for years and would highly recommend them and only use HDD’s for external backup.

Windows - commercial by definition and now function...

Reply | Quote

I just found the “old snoopy” update on my Win 7 PC. When I got my new PC last August, it of course downloaded tons of updates. One of those was 3150513. They no longer give us the option of uninstalling updates! Is there any way to do it?  Help!

Reply | Quote

To uninstall updates:
Control Panel\Windows Updaates
In the lower left corner, select “Installed Updates”
If you click once on the “title” on the bar at the top of the list, it will sort the updates by name (KB number)
Highlight the one you want to remove, right click and choose “Uninstall.

If you have KB3150513 on your computer, you will also find KB2952664, another snooping update.

Reply | Quote

All hard drives have a pretty significant “infant mortality” rate, and it appears you just got unlucky.  For the first year, the failure rate is relatively high (from manufacturing defects or careless handling prior to installation), but it drops quickly, and stays fairly low for several years.  It comes back up after that, as the drive wears out.

From what little data there is about drive reliability (like the imperfect but informative articles by that cloud backup company, whatever their name was), WD drives appear to be in the middle of the pack.  HGST are on top (though they are now a division of WD), and Seagate on the bottom, though individual models within each manufacturer’s range can vary.

I wouldn’t let it put you off WD.  Hard drives seem to have gotten less reliable in recent memory; it used to be common to see them with 5 year warranties, where now 2-3 is typical.

Reply | Quote

Aw nuts…me again.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

This a post with very good (quite exceptional I would say) and useful content.
If you don’t mind, why do you post as anonymous?

Reply | Quote

Just a guess (especially with the “Aw nuts” comment)… I’d say he was accidentally logged out and didn’t realize he was posting anonymously.

-Noel

Reply | Quote

I have 2952664 installed in my Win7 system and wonder if I should uninstall it.

Reply | Quote

bymar wrote:

wonder if I should uninstall it

See here and here.

If you choose to uninstall, check here for information.

1 user thanked author for this post.

abbodi86

Reply | Quote

No, do not uninstall.
For best experience, install everything that comes on Windows Update.

Reply | Quote

You shouldn’t put “Block Windows Update” in the title. It’ll only give Microsoft more ideas.

Reply | Quote

HA!

I’m getting better. This time I included the word “temporarily”…

Reply | Quote

Unable to write in the “Your information” box; this is Carol.

My WU was set to “check but ask me before downloading” until I saw this post on Facebook this morning; I don’t see any signs that it installed anything recently though. I turned WU off completely when I saw this. When I saw the recommendation about the Windows Defender fix I was unable to follow the instructions because my WD is disactivated and I thought it might be because I had WU off so I turned it back to “check but ask”. I do not see the KB number you reference at the top of the post. Under Important I see a monthly quality rollup (KB4019264) that says it will fix a security problem. Should I download and install it? I looked at the writeup and it says nothing about WD. The other things I see under Important are a rollup for .NET Framework and the malware suppression tool. Do I take them? Now or later?
Basically, I haven’t understood what my strategy should be for a while now. I used to try to be in Group B but I got behind on the security rollups. I think I moved into Group A and just started taking everything, but I’m not sure. But when I see instructions to ignore KBxxxxxxx they make me nostalgic for simpler days: as things are now I simply don’t understand how I’m supposed to do that. I thought the whole problem was that it is no longer possible to ignore or refuse particular updates because everything is in the rollups now. Group B was supposed to get the security rollups and ignore the quality ones (I thought). But then they started putting security stuff into quality rollups (as in today’s case) and so I am curious about detailed instructions like ignore such-and-such an update. Ideally I would like to avoid spyware as much as possible but I don’t have very much computer knowledge. Is there still a way to pick and choose, if one learns not to use WU at all but go to the Microsoft site and download things individually? Is there any other way?
So two questions, really: what do I do about KB4019264 and what should my general approach be now? Thank you for any help you can give!

Reply | Quote

anonymous wrote:

When I saw the recommendation about the Windows Defender fix I was unable to follow the instructions because my WD is disactivated and I thought it might be because I had WU off so I turned it back to “check but ask”.

If you Disable the Windows Update Service you cannot install updates. The way to prevent Automatic update installation is to set Windows Update to “Never check for updates.” That means the searching for updates will only happen when you click on “Check for updates”

anonymous wrote:

Under Important I see a monthly quality rollup (KB4019264) that says it will fix a security problem.

The Security Monthly Quality Rollup does not fix the Windows Defender problem. And it is much to soon to install any of the May updates. WAIT until the DEFCON number goes to 3 or above and Woody will publish the instructions for installing May updates.

anonymous wrote:

Group B was supposed to get the security rollups and ignore the quality ones (I thought). But then they started putting security stuff into quality rollups (as in today’s case) and so I am curious about detailed instructions like ignore such-and-such an update.

The Monthly Rollups have always been three-part non-security fixes, security patches, and cumulative updates for IE11. If you have been following Group B, the Security Only Quality Updates and the IE11 Updates can be downloaded from AKB2000003 WAIT for Woody’s instructions when the DEFCON number is 3 or above.

2 users thanked author for this post.

Elly, carol

Reply | Quote

Okay, I’ve just turned it off again. I already let it check what’s available, but haven’t authorized it to download anything, so unless it did it without asking, nothing should have been installed, and I just unchecked all the boxes to make sure.
But here’s a fundamental thing I don’t understand: if WU follows instructions, wouldn’t “check but ask before downloading or  installing” be the best option? Why does it have to be completely off today? what’s different? we expect it to disobey and install things without asking, and the consequences could be particularly severe this time, is that it?

Reply | Quote

When I manually searched for updates this morning, KB3008923 was not listed.

One thing I noticed was after running this month’s updates, I re-scanned and KB3003057 came up. Then KB2997107 after that.

If I didn’t see KB3008923, how are older IE cumulative updates showing up? Which update from this month is messing with the supersedence?

Reply | Quote

Two articles
KB3008923 is back
and
Microsoft retires patches

Reply | Quote

Uh, no, do not ignore KB3008293 and its subsequent patch KB3038314. The subsequent patch KB3038314 for update KB3008293 is superseded by the April release of the Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4014661). Both the April and May Cumulative Updates for IE11 DO NOT supersede the IE security update KB3008293. Only the subsequent patch for the IE security update KB3008293, patch KB3038314, is superseded by the April IE update.

The documentation for the May release of the Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4018271) either incorrectly states a smaller list of patches which are superseded by the May release and which were superseded by the April release, or perhaps the May release actually fixes issues with the April release.

I don’t know and I don’t care since clearly KB3008293 has not yet been superseded.

 

Reply | Quote