The times are a-changin’. Last October, Microsoft started lumping together all of its Windows 7 and 8.1 patches. Before October, we had separate patch
[See the full post at: MS-DEFCON 3: Get patched and brace yourself for a Malware-as-a-Service future]
|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
MS-DEFCON 3: Get patched and brace yourself for a Malware-as-a-Service future
- This topic has 136 replies, 38 voices, and was last updated 7 years, 11 months ago.
AuthorViewing 53 reply threadsAuthor-
A Win 8.1 data point:
We appear well-synchronized in our judgment, Woody… I completed testing on my Win 8.1 virtual machine and chose to move my critical Win 8.1 workstation up to the May “Group A” patches today.
The Important updates listed as available follow. I hid the driver update (I no longer even have an ATI card) but chose to install all the others:
The optional updates that were offered are shown here. I did not install these.
After the updates went in I tested and benchmarked the hardware system and have found Win 8.1 is still apparently stable, with performance unaffected.
Miscellaneous observations after the installation:
- Several previously disabled scheduled jobs in the Microsoft Windows > NET Framework and Microsoft Windows > Windows Update areas were re-enabled by the updates and had to be disabled again.
- Service BITS was changed from DEMAND_START to AUTO_START and had to be set back to “Manual” again.
- The updates shown as installed in the output of a WMI QFE LIST command after completion didn’t precisely match the list of updates proposed to be installed by Windows Update prior to the installation. These are the ones listed as having been freshly installed:
- KB4014505
- KB4014510
- KB4019215
- KB4020821
- KB4015550 is no longer listed as installed by WMI QFE LIST. Apparently it was superseded.
- Several Office Document Cache Handler BHOs that had been removed were re-installed.
This machine, though Group A, does not send telemetry in. However, to accomplish a “Group A” Windows Update check it necessarily contacted the following servers:
- ctldl.windowsupdate.com
- sls.update.microsoft.com
- fe2.update.microsoft.com
- download.windowsupdate.com
-Noel
- Several previously disabled scheduled jobs in the Microsoft Windows > NET Framework and Microsoft Windows > Windows Update areas were re-enabled by the updates and had to be disabled again.
-
-
For those in Group A who also wish to have lesser amounts of telemetry, I recommend doing step 1 (Turn off the Customer Experience Improvement Program) of 2000007: Turning off the worst Windows 7 and 8.1 snooping before you install any Windows updates.
4 users thanked author for this post.
-
For those who are in Group B due to wanting to reduce telemetry, I recommend also doing step 1 (Turn off the Customer Experience Improvement Program) of 2000007: Turning off the worst Windows 7 and 8.1 snooping.
-
-
None have been specifically marked by Microsoft as being ones you should be aware of.
Sorry, couldn’t resist.
In all seriousness Woody wouldn’t be moving the MS-DEFCON level up there were big problems, and he’d likely be mentioning them if there were significant lesser problems.
He DOES mention the “unsupported hardware” issue (if you have a new processor), and he DOES mention snooping. He also mentions the positives (patches for recently abused vulnerabilities).
-Noel
4 users thanked author for this post.
-
-
I looked hard and didn’t see any problems, other than the continuing question of what MS is knocking off Windows Update this month….
6 users thanked author for this post.
-
-
Win 7, Group B –
What about the Office Updates? There were two “newer” ones that came out after I finished the April updates. One of them appears to still be there. Are they okay now?
Also, I’ve got a Cumulative Security Update for Internet Explorer 11 which is dated 10/14/14!
Being 20 something in the 70's was far more fun than being 70 something in the insane 20's -
If the Office updates are checked, go ahead and install them.
The old update for IE is there because the supersedence chain for it was broken when MS retired a mass of old updates recently. It will eventually disappear if you leave it alone, but if it gets installed it won’t hurt anything.
1 user thanked author for this post.
-
-
-
-
-
-
-
-
Microsoft retired a mass of old updates recently. In doing so, the supersedence chain waa broken for some of them. For that reason KB2987107 showed up. It will eventually disappear as MS cleans up the rest of the old updates. You can install it, or not. There are no adverse effects either way.
-
-
I see that there is not enough interest in your issue which is actually more interesting than most people realise and there is nothing occult about it. It is only an inoffensive bug.
Few weeks ago, Microsoft did maintenance and removed a large number of superseded (obsolete) updates for IE 11. They did not do it carefully enough and broke a certain supersedence chain. In fact they removed the most recent (11 in total if I remember well, but the exact number does not really matter) cumulative updates, while the oldest 3 have been neglected. After the fact, they removed the most recent 2 of those neglected, but still left one outstanding which is KB2987107.
You are not required to know all those details and in fact none of it would affect you or anyone else if you just run Windows Update and install everything that comes up there as it is the recommendation. I can explain it to you and everyone else, but for most of us outside of Microsoft it takes many years of experience and tests performed at night, outside the regular business hours to be able to understand all those issues. Telemetry is not one of those issues and you can safely ignore it. Just use your own judgement about it. If the law enforcement agencies are interested in monitoring anyone, they can do it regardless.
If you decide to “install” KB2987107, it would actually not install, but flag WU as being installed. It is harmless in fact, but useless at the same time. It is your option what to do with it. Both ways are correct. If it is annoying to you, “install” it, if not, leave it alone. At some stage, Microsoft people will figure out and remove it from the picture.
I am more on the practical side and a professional and not quite a hobbyist and I actually recommend to follow the manufacturer’s instructions and install everything that comes on Windows Update EXCEPT what is obviously not intended to be installed by end-users and named as “Preview”.
If one does not like Windows or corporations or believe they are sold to the dark side, then the same one should mind their own business and not use Windows. Nuff said. -
Telemetry is not one of those issues and you can safely ignore it. Just use your own judgement about it. If the law enforcement agencies are interested in monitoring anyone, they can do it regardless.
Peoples’ sensitivity to privacy, telemetry, and snooping, varies. That’s as it should be – what’s right for me may not be right for the guy down the street.
I have two big concerns:
> Companies that collect and use data about me should (a) tell me what data they’re collecting, (b) let me look at it and (c) give me a chance to either delete or at least challenge anything on file. That’s exactly how things stand with credit data in the US. I don’t like the credit laws, but they’re better than nothing.
> Law enforcement and other governmental organizations should have a high bar to clear before collecting any information.
Neither of those appear to be in the cards.
Microsoft’s Security-Only “Group B” approach is turning into something that requires near-full-time diligence to implement. That may be intentional, maybe not, but for most people it just doesn’t work.
You’re absolutely right about the “use it or change to something else” approach to Windows. In the past we didn’t have much choice. In the future we’ll have lots and lots of choices, each with its own benefits and drawbacks.
I keep coming back to Dr Watson and how it would ask, politely, before sending information to Microsoft. Times have certainly changed!
-
-
-
-
-
-
-
-
Since the “Get Windows 10” campaign, people have come to challenge what Microsoft’s doing to their machines. I think they have a right to ask – and get answers. Now that we’ve seen what MS can and will do to customers’ computers, it’s right to be inquisitive and skeptical.
-
-
When you first bought Windows and installed it, did you question what came with it?
Why do you question it now?Thank you for asking a GREAT leading question!
I have to start out by saying that they seem to be making a pretty good effort to keep updates of high quality so far. Assuming they haven’t built time bombs into them, that is. And yes, that used to be unthinkable!
Since you asked, I for one actually DID question it. Since the time of XP I have been following a 100+ page guide with every new system to tweak and augment Windows into a state where it’s reasonable and powerful to use. But beyond that…
Microsoft has in the past few years crossed a line of trust that’s not possible to uncross.
They pushed what was a few short years ago considered adware (malware?) through Windows Update. Windows Defender was once “anti-spyware”, and now they spy and it can’t be turned off without hacking. They’re undoing people’s choices during updates, and removing key choices in new systems, all the while claiming: It’s the best ever!
If they had failed at doing it the way they did it before (supporting user choice) maybe I could be a bit sympathetic to their changing their approach. But no, they took over the world by providing an OS that people could control!
They’re changing their business model now to be more predatory and it is clearly not motivated by a desire to make things better for we users.
At this point we could ask: How many years (decades) would it take for people to love Microsoft again, if they were to start respecting their users again now, and stop trying to act like a company they’re not?
-Noel
-
-
Group B – I installed the october security only update followed by the march update – I know I can only catch up in order, should i go back and install november, december, jan, feb, march (again) april, may? Thanks guys
Persisting with group B -
-
-
So, what will happen if I only patch the latest May 9, 2017—KB4019264 (Monthly Rollup)?
KB4019264 is the May cumulative Monthly Rollup. It contains three parts: security patches, non-security patches and the cumulative patch for IE11 since Oct 2016. The patches listed in AKB2000003 are security-only patches only for the month of issue. If you install the cumulative Monthly Rollup, the security patches are included, so you don’t need both.
Yes I have KB4012212 separatly
If you have been offline and installed KB4012212, the March Security Only Update, that protected you from the WannaCry exploit. That was the least you could install for protection. If you had installed the March Monthly Rollup, KB4012215, you would have also had the security-only part.
People in Group A, who install the “Security Monthly Quality Rollup for Windows” through Windows Update, do not need to download and manually install the patches listed in AKB2000003 because those patches are included in the Monthly Rollup.
People in Group B do not install the Monthly Rollup. But they still need the security-only and the IE11 updates. Those are not available through Windows Update, so the people in Group B have to download and install them separately.he .net quality rollup(kb4019112) failed installing because I only have Framework 4.6.1 installed on my computer. But somehow i got kb4014504 and kb4014511 from the rollup?
KB4019112 is the Rollup for all the different versions of .NET. It contains four different patches, one for each version. KB4014504 and KB4014511 are the patches for the versions of .NET you have installed on your computer. Say “thank you” to Windows Update for picking the right ones for your computer (so you didn’t have to figure out which ones you needed).
-
Thank you @PKCano for the kind response
and I am sorry for the bad words. My mind seems to anger up on so little things today. I think i try the links on akb2000003, there is only 7 of them i think.And I have never updated my IE from IE8, because i use firefox for everything. Does that matter at all when i never use IE?
-
-
-
-
-
-
-
-
-
-
KB2987107 (from 2014)
You can skip this one. It shows up because the supersedence chain was broken when MS retired the mass of patches recently.
KB2813347 (from 2013)
This fixes MS13-029. Go ahead and install. If it’s there because of broken supersedence, it won’t hurt anything.
KB3212642 is the January 2017 security only update
If it shows already installed, don’t worry about this one.
KB4019108 is the May 2017 DotNet security only update
You can try to install this if you want to. But it probably won’t install since you have the May Rollup already installed. It may be showing up because of incomplete supersedence.
-
-
-
Group B – just updated without any issues. Probably worth mentioning that the .NET patch took about 10 minutes to install, so be patient and don’t worry if it seems to be taking a while longer than usual.
Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie
-
Some of us consider Windows10 to be “Malware-as-a-service” so the future is inevitable either way
Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code1 user thanked author for this post.
-
Group B here – at least until this month, but in the light of the very helpful discussions on here, and the probable impending proliferation of malware, I am now considering swallowing hard, holding my breath, shutting my eyes and jumping to Group A, at least on one laptop.
Currently I’m up to date with Group B processes and patches to April 2017, all router ports are stealthed, antivirus is up to date and I’m running Malwarebytes premium. I can’t do anything about SMB1 as it appears to be necessary for accessing my NAS box.
No problems with processor as the machine is at least five years old. It’s an HP, running Win7 Home Premium x64. Currently WinUpdate is set to ‘never check’ and both ‘give me recommended updates in the same way’ and ‘software notifications’ are unticked, so I’ve got the old KB’s (2952664, 3021917, 3068708 and 3080149) all sitting as ‘Optional’ and uninstalled.
My question is, if I decide to move to Group A, should I leave settings as is and not install the old KB’s, or should I tick both ‘recommended’ and ‘software’ and install all Important updates if they are checked?
Many thanks to Woody and the usual trusty (and trusted) contributors.
Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF.1 user thanked author for this post.
-
Instructions for Group A are in AKB2000004
To make it short:
Check the box “give me recommended like I get Important”
Check “Give me updates for other MS products”
Search for updates, do not check anything that is unchecked by default in the important updates.Please read the full instructions in AKB2000004.
-
-
-
Thank you! That’s just what I thought. But best to make sure
Win10 22H2 Pro, MBAM Premium, Firefox, OpenOffice, Sumatra PDF. -
-
-
-
-
-
-
-
Excellent question. Best I can tell, the EternalBlue code was meant to infect Win XP and 8.1, in addition to 7, but somehow the code in WannaCry didn’t hook into either. The Metasploit version, I hear, did infect XP and 8.1, but WannaCry (which is based on the Metasploit implementation) did not.
I think.
-
@abbodi86
That one is easy to answer.
Who else other than you and NC use Windows 8.1?
-
-
-
-
-
See the instructions for Group A patching in AKB2000004
Group A has “Give me Recommended updates the same way I get Important Updates” checked. Therefore the recommended updates appear under the “Important Update” list.
-
-
-
-
-
-
Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.
I have Windows 7-64. My technical knowledge and decades of IT experience makes me fully capable of sticking with Group B. However, I switched to Group A a few months ago, because I got a huge headache just thinking about what I had to do to keep up with Group B, and in fact, I wasn’t keeping up with it for that reason.
I have a Haswell CPU, and so I am unlikely to get bit with the “update bug”.
So far, no problems whatsoever that I am aware of.
Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server1 user thanked author for this post.
-
I am in Group B, running Windows 7 SP1 on two Bookcamped Macs, 64 bit on one machine, 32 on the other. I just finished manually applying KB4019263 (the Security Only update) and KB4018271 (the IE11 Security update).
I then went to Windows Update where I installed KB4019112 the Security and Quality update for .NET, as well as the May version of the MSRT (KB890830).
When I rebooted my system and checked the Installed Updates, there is no trace of KP4019112, but instead I’m shown that KB4014511 and KB4014504 were just installed. I’m assuming that the former installed the two latter – am I correct?
A second question, for my own edification: The latest instructions for Group B recommends that the Windows Update Service be Stopped prior to applying the two Manual Updates mentioned at the top of this post. Is this simply to avoid any possible interference from any background update scanning which may be taking place, and could interfere with the smooth manual installations?
Thirdly, when all the dust had settled, I noticed that in Windows Update > Optional updates, KB 3181988 is listed, which purports to fix an error where a consistent error is shown whenever the UFC scans USBHUB.sys. I run software that requires the use of a USB dongle, so I’ve been reluctant to install this, in case it interferes with my otherwise functioning USB ports. Is this safe to install, or should I continue to ignore it?
Last of all, I’m guessing that if I was meticulous during all the GWX debacle, and have none of the telemetry patches listed in topic AK2000003, that I do not need to install and run KB3184143, which is supposed to remove all the GWX stuff from last year. Can I continue to ignore this one as well?
Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater2 users thanked author for this post.
-
-
-
-
KB4019112 is the .NET Rollup. It contains 4 patches for the four versions of .NET.
kb4014504 is the component for the version of .NET installed on your computer.1 user thanked author for this post.
-
-
-
I’ve been in Group B since October.
* WU/AU (automatic updates) disabled – don’t even check automatically. Completely disabled.
* My “method” was, use WU to check for updates, then find the security-only varieties and install (once the DEFCON was at 3 or better). Win and IE at least; the .NET, I grab the rollup because I don’t have any fear there of something being snuck in.
* “Give me recommended updates the same way I receive important updates” unchecked.
* CEIP disabled/opted-out.I’m starting to consider changing things…starting to consider switching to more of an “AB”…using WU to install the rollups, with CEIP disabled, but, only after the typical “incubation” period and DEFCON 3 or better rating. However, that has me thinking: what about that method is any different than what is baked in to Win10 – assuming you do something to defer your updates in 10?
I’m starting to think that I’m fighting a battle that I’ll never win, for nothing. I’m starting to wonder if I’m just “wasting my time”.
I want a secure system, but I also want a reliable system.
The lines in the sand are so blurred now, I don’t even know where they are anymore.
If CEIP is disabled anyway, Mr.Brian mentions that you’re not transmitting much telemetry anyway. So why am I banging my head against the wall several times a month every month to be in group B? On top of that, why not just go ahead and upgrade my machines to 10 using the ‘assistive technologies’ upgrade?Am I the only one?
-
“Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.”
I just finished downloading the April and May Security-only updates on two Win 7 computers and ran Windows Update and installed the .NET update as well. Total time invested: less than a hour.
It seems to me that you have identified an opportunity for someone. It’s inconvenient to have to manually download and install updates, but not a killer. The hard part is identifying what to install, the pitfalls, and how the game keeps changing. Right now you and PKCano are addressing the need. But so are those IT consultants (both for-pay and volunteer) who follow the subject. People pay for convenience, especially when it is provided by someone offering specialized knowledge.
How about updates-as-a-service? At its simplest, a monthly email that contains the links, advises when (and when not to) install them, etc.
Even better: A little piece of software that would do the job automatically, replacing Windows Update. Perhaps one or more of the antivirus products could take on this task.
Better yet, but won’t happen: Somebody other than M$ comes up with a way to provide security-only patches for Win 7 and/or other versions.
All this presumes that Group B is a viable strategy if the right updates are regularly installed. The theory that all updates must be accepted because Windows is a completely integrated, cohesive piece of engineering, and as such the instructions from the wizards who tend it must be obeyed at all times, is, well, a theory–and one contradicted by the patching screwups of the last year.
1 user thanked author for this post.
-
I also have updated my two Windows 7 machines Group B-style in less than an hour this afternoon. I was sorting paperwork at the same time, and intermittently answering the phone. Where’s the problem? Falling off a log would have been harder – in reality, I imagine falling off a log on purpose is quite difficult.
-
-
Woody, in your post you wrote that
That neat (if controversial and not really so neat) version of the world changed forever when, earlier this month, Shadow Brokers not only released the NSA’s trove which gave rise to the WannaCry worm, it also set up an auction for the “Shadow Brokers Monthly Data Dump” — what I’ve called Malware as a Service. You can bet that there are some very nasty malware surprises coming, all lovingly crafted by the US National Security Agency, stolen, then spread by Shadow Brokers.
Is it possible that the threat posed by these things has been (way, way) overstated? Three points on the example of WannaCry:
- I read that the total estimated ransom paid by victims is about $60K. (The amount could have grown since I read that.) At $300 per paying victim, that comes out to 200 who paid. Even if the real or current number is two orders of magnitude greater, that’s 20,000 paying “customers” out of the hundreds of millions of PCs in operation.
- Somewhere along the line, I also read estimates of the number of affected PCs (as opposed to people who paid the ransom) which were at around 200,000. That’s out of how many Windows PCs out there — 1.5 billion? Even if we stipulate that only Windows 7 computers are threatened, that’s still less than 1 in 3500 computers worldwide.
- I also read that most if not all AV vendors came up with protection against WannaCry within days or even hours of the initial attack. The developer of the anti-ransomware program HitmanPro.Alert says that even a 3-year-old version of their software stops WannaCry.
I dunno, sounds to me that in order to get this infection you almost have to want to get attacked. Bottom line: if we’re not in Group A, we don’t need to rush headlong into it. Keep an up-to-date AV and set up a multi-layered defense (e.g. anti-virus + anti-exploit). I’m not Group W (I’m in Group B), but I don’t think I’d be losing any sleep over this one if I were in W.
I could look up the figures given above. And updated stats are welcome.
Constructive comments also welcome.
1 user thanked author for this post.
-
-
-
I have been following Askwoody.com for a while when I researched GWX and found a discussion about the control panel and other discussions about patches to avoid. I installed the panel and stayed because here was a one-stop-shop for info on Windows 7. I didn’t have to search the net for info on bad patches.
When the group a, b, etc, system was implemented I joined Group B and had no problems with it. In the last few months I have found it more of a pain to sort out all of the extras like net patches and so on. I keep aware of my system but I am not an IT type so I decided to the Group A route.
—
Before I make the full transition to A can anyone give a definitive answer on:
Update for Windows 7 for x64-based Systems (KB3177467)
This pops up after WU is finished and several people have asked about it in the past but the only answer from the group at the time was “hold off installing it”. So… hide it or install it?
-firemind
Btw, thanks to everyone for helping out with computer stuff.
1 user thanked author for this post.
-
KB3177467 is the Servicing Stack. It shows up after the other updates are finished because it has to be installed by itself. The answer: yes, you should install it.
1 user thanked author for this post.
-
-
-
-
-
LogiLDA.dll is part of the Logitech software – maybe mouse/keyboard? speaker?
Win7 drivers do not always work on Win8.1
Go to the Logitech website and download the Win8.1 driver for the Logitech hardware.1 user thanked author for this post.
-
-
So Win 7 Group B patching will be like it was for patching Win XP x64 (remember that?) during the year after Win XP patches stopped being released, but Server 2003 x64 patches (valid for XP x64) could be downloaded and installed manually.
Been there, done that, lost the T-shirt, more of the same.
1 user thanked author for this post.
-
-
After installing the updates today, after a search it was offered me a May MSRT again, probably a rerun, since it had the date of publishing of today… Which I’m installing right now… Did it happen to anyone?
1 user thanked author for this post.
-
It’s not just you… I’ve had this happen as well. Installed all but the old IE11 patch, rebooted, and after checking for updates again, it was there. The May MSRT shows as installed as well, and I did a check for updates right before installing, yet this one shows a publish date of today.
1 user thanked author for this post.
-
During the morning of May 22 I checked for updates and successfully installed the MSRT, the May monthly security rollup, and other updates. In the afternoon I checked for updates again and the MSRT (now dated May 22) reappeared.
1 user thanked author for this post.
-
-
I’m confused. Doesn’t Microsoft have a copyright on the phrase “malware-as-a-service”?
1 user thanked author for this post.
-
-
-
-
-
More information:
1. About the telemetry related patches, please see AKB2000007
2. I don’t find KB313397 listed in the Catalog. Typo(?)
3. AKB2000004 suggests not installing known problematic patches (see Step A3)My Personal experience:
>I don’t want telemetry. The ONLY patches I have hidden are KB2952664, KB3021917,KB3068708, and KB3080149.
>I have ALWAYS had “Give me Recommended” and “Give me updates for other products” checked. I have had no major problems because of it.
>I DO NOT check anything that is not checked by default.
>I have followed Group B type patching since Nov 2016 (avoiding Monthly Rollups). Basically the only thing I uncheck from WU is the Rollup.
>Under present circumstances, and except for the telemetry patches which will remain uninstalled, I am very much considering moving to Group A. I don’t want Win10 EVER, although I have three VMs with AU1607 and an Insider VM with CU1703. I want to be able to continue to feel (somewhat) safe with my Win7/8.1 computers until EOL. And I think that Group A may be the best way to do it. -
I am not avoiding KB3068708 and KB3080149 anymore (for Group A).
-
-
@PKCano: I answered at https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/#post-118281.
“Is there a possibility the later versions give MS more avenues for data collection than the ones you found in your earlier tests with the earlier versions?”
I tested the same versions of KB3068708 and KB3080149 for Windows 7 x64 in a number of tests at https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/. Since KB3068708 and KB3080149 are related to Diagnostics Tracking Service, which is also installed by most of the Windows monthly rollups, I believe that your question reduces to whether Diagnostics Tracking Service can ever gather telemetry (other than telemetry related to the functioning of the Diagnostics Tracking Service itself). I believe that the answer to this question is “no” but I would welcome any further evidence on this.
-
-
Finally!
Hope those with less understanding of the OS take note. -
-
-
-
-
-
-
-
A data point:
I have updated a critical Win 7 system Group B style successfully:
Updates applied by direct download of .msu files from the catalog:
- KB4019263 – Security Only Update
- KB4018271 – Internet Explorer Rollup
I rebooted after each.
Unlike with my Win 8.1 system, which I updated “Group A” style, comparisons of detailed reports before and after revealed no disabled services or scheduled tasks that had been re-enabled.
-Noel
-
-
-
-
Have just received this in an e-mail today:-
“Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global Wanna Cry ransomware attack.
One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.
The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool,which is actually free, and took £320 as payment.
It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number. Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support.
Any communication they have with you must be initiated by you.PROTECTION / PREVENTION ADVICE
How to protect yourself:
• Don’t call numbers from pop-up messages.
• Never allow remote access to your computer.
• Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
• Never divulge passwords or pin numbers.
• Microsoft or someone on their behalf will never call you.
If you believe you have already been a victim• Get your computer checked for any additional programmes or software that may have been installed.
• Contact your bank to stop any further payments being taken
If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.ukThank you for subscribing to our alerts, to see a list of previously sent messages please visit Essex Community Messaging.”
– Looks like there’s a whole industry springing up around WannaCry!
-
-
Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.
In my opinion, the difficult part of staying with B is that you need to find, and then download yourself, the necessary updates each month from the Catalog. Installing them is easy once you got them.
I can understand why many people can find it difficult, especially compared to A. I don’t find it difficult at all personally, and I believe I have the “full time diligence” necessary to deal with it. In fact, I don’t really need to spend much time to search and download the updates myself as I know where to look for the necessary KB numbers.
Actually, I go further to “Full B”, which means that besides the IE and Security Only updates, I don’t get the .NET Rollup but instead get the necessary .NET security only updates (if they are available) from the Catalog and install them myself. For example for this month I get and install KB4014579 and KB4014599, the .NET 3.5 and 4.5.2 security only updates from the Catalog instead of getting the Rollup KB4019112 from Windows Update.
I have had no problems with this approach so far, and I am going to stay with it as long as possible.
This is just my preferred way of updating going forward. I am fine if any of you don’t agree with me. Let’s agree to disagree in that case.
Hope for the best. Prepare for the worst.
1 user thanked author for this post.
-
-
I’m very grateful for any helpful information, though.
I think that helpful information will keep coming
1 user thanked author for this post.
-
-
-
Woody, I just observe something interesting in the description of KB4019217, the Preview Rollup for Windows 8.1 and Windows Server 2012 R2, just released:
https://support.microsoft.com/en-sg/help/4019217/windows-8-update-kb4019217
If a Server 2012 R2 system uses an Intel Xeon (E3 v6) family of processors, installing this update will block downloading and installing future Windows updates.
In my understanding, the Xeon E3 v6 family of processors (e.g. Xeon E3 1230 v6) is based on the Kaby Lake family of processors. And yet, Microsoft considers that “A Windows Server 2012 R2 system using such a processor will have Windows Update blocked after installing this update” as an “issue” that needs to be fixed.
I wonder why that is. Microsoft’s policy, it seems to me, is to block Windows Update for all people attempting to run Windows 7 or Windows 8.1 on Kaby Lake and Ryzen systems (and Windows Server 2008 R2 and Windows Server 2012 R2 are apparently also included in the block according to my tests on the VMware spoofed Kaby Lake virtual machine).
So why does Microsoft consider this “issue” to be a problem that needs to be fixed? Does this mean that if I get a system with a Xeon E3 1230 v6 CPU, say, and then install Windows Server 2012 R2 on it, then Windows Update should not be blocked and further updates should be available?
And by the way, the AMD Carrizo DDR4 “wrongly blocked” problem is still not fixed in this Preview Rollup, according to the description.
Hope for the best. Prepare for the worst.
1 user thanked author for this post.
-
-
If one of the old patches is KB3177467 dated in 2016, that is the latest servicing stack. It has to be installed by itself and won’t show up in Windows Update until all other updates are installed. When/if it shows up, you need to install it.
Otherwise, the old patches (there was one for IE11 from 2014, may be more today but I haven’t looked, are the result of Microsoft’s retirement of a mass of old updates not too long ago. The supersedence chain for them was broken, hence they show up again. You can ignore them and eventually they will go away, but it does no harm if they get installed.MSRT was re-released a few days ago with the ability to remove WannaCry, so you will need to go ahead and install it.
The May Security Monthly Quality Rollup – did you look in the Update History to see if it failed. If so, it will keep showing up until it’s successful.
1 user thanked author for this post.
-
-
-
You can try to install the May Rollup again. It may give you a message that it’s already installed. I wouldn’t try a third time – it will disappear at the latest when the June Rollup comes out.
I think MS is still working on retiring the old updates, so they may break more supersedence chains in the process before they’re done.
-
-
You can try to install the May Rollup again. It may give you a message that it’s already installed. I wouldn’t try a third time – it will disappear at the latest when the June Rollup comes out. I think MS is still working on retiring the old updates, so they may break more supersedence chains in the process before they’re done.
The Rollup Installed and the MSRT Failed but Neither Returned on the next Check for Updates. (4) of the (6) new files from ’14 – ’16 disappeared on their own, so I’m posting this Only to show anyone reading here that WU remains a moving target and don’t panic when WU gets creative. Persevere………….
W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0
3 users thanked author for this post.
-
LOL
-
WU remains a moving target and don’t panic when WU gets creative.
That’s one of the legitimate reasons some folks go “Group B” and take over control of what updates are installed directly from the catalog.
It’s all about wanting the outcome of updating activities to be that the system “just works” afterward.
-Noel
-
-
To PKCano – PK, when I do May Security only for NET – kb4019108 – it only shows one option – Windows Server 2008 R2 . So I click on the title – then more information – and then it comes up with 4 options.
The one I want is – 4014579 Description of the Security Only update for the .NET Framework 3.5.1 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 9, 2017
However when I put kb4014579 into the Update Catalog – it says ‘we did not find any result for 4014579’
Has that update been pulled or whatever ????? …… what do I do ???
THANKS, Rick in Oz
-
You can’t search the Catalog for the four parts of KB4019108 separately. You can only search for the Rollup
If you go to more information and click on KB4014579 link, it takes you to this pageI don’t see a download specific for Win7 .NET 3.5.1, only a warning and some Registry or gpedit edits.
My advice would be to install the .NET Rollup through Windows Update and let it install whatever is necessary for v3.5.1 instead of trying to outguess MS..
I use the Rollup myself.
-
-
Hi again PKCano – I am transferring a whole portion from the knowledge base as it was from another contributor asking about the SAME question I had asked you previously today – related to SECURITY ONLY NET patches : …… and my experience in earlier in the week downloading INDIVIDUAL patches from kb4019108 …… so I thought I would elaborate to you that they now appear to have been removed from the Windows Update Catalogue
anonymous wrote:
Has MS dropped the security only patches for .net framework 4.6.1 for win7 sp1 x64? as I’m only seeing the security and quality ones in their ms catalogue there was an April security only patch
Says that it’s for Win7 sp1 but the catalogue says it’s for 2008 server ???
THANKS Anonymous – I did write to PKCano earler today about the EXACT same issue – from kb4019108 earlier this week I was able to download NET Security Only patches 4014599 ( Net 4.5.2 ) and also 4014579 ( Net 3.5.1 ) and install them on my 3 computers – I then deleted them from downloads as I no longer needed them. Then a friend wanted me to install them on his machines but when I went to the Windows Update Catalogue they were NO LONGER THERE as individual downloads…… so I asked PKCano – if those individual patches had been pulled ????? …… something has happened ….
He advised to then use the Security ROUNDUP version …. something I was trying to avoid ….preferring the Group B Security ONLY versions
Rick in Oz
-
Says that it’s for Win7 sp1 but the catalogue says it’s for 2008 server ???
It does say it applies to Win7 SP1, but it does not want to download the proper file from the MS catalog. I wonder if this is a temporary glitch? The catalog downloads for some of this month’s security .net rollups are quite large (170+mb).
1 user thanked author for this post.
-
-
-
That shouldn’t be a problem.
In fact, for those aspiring to be in Group B, You will find the instructions advise installing the “Security and Quality Rollup for .NET Framework.” See step B4 in AKB20000031 user thanked author for this post.
-
Definitely OK, but it may not be enough. Always add the .msu offering. It’s an update to the .NET Framework version that shipped with Windows and always applies. Applicability of the .exe files depends on optional versions installed. If in doubt, just try.
Regards, VZ
1 user thanked author for this post.
-
-
-
-
There appears to even be issues with the NET Security and Quality Rollup version – kb 4019112 – as over in Seven Help forum – quite a few complaints about problems downloading – as well as installing it ( taking ages , if at all )
Yesterday, from Windows Update Catalog, I was able to download 1 of the individual files from it – kb4014504 ( NET 3.5.1 ) – this morning it says ” We did not find any results for “kb4014504” – so it looks like that has been pulled as well
Something is up with it …… anyone else had problems with it ?????
Rick in Oz
-
Different queries, different results.
-
Viewing 53 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
The local account tax
by 15 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 58 minutes ago
-
Digital TV Antenna Recommendation
by 33 minutes ago
-
Server 2019 Domain Controllers broken by updates
by 12 hours, 50 minutes ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 14 hours, 29 minutes ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 17 hours, 41 minutes ago
-
Outlook (NEW) Getting really Pushy
by 6 hours, 59 minutes ago
-
Steps to take before updating to 24H2
by 5 hours, 31 minutes ago
-
Which Web browser is the most secure for 2025?
by 33 minutes ago
-
Replacing Skype
by 8 hours, 3 minutes ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 11 hours, 33 minutes ago
-
Excel Macro — ask for filename to be saved
by 20 hours ago
-
Trying to backup Win 10 computer to iCloud
by 12 hours, 28 minutes ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 2 days, 17 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 2 days, 19 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 2 days, 19 hours ago
-
No April cumulative update for Win 11 23H2?
by 1 day, 7 hours ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 2 days, 19 hours ago
-
Boot Sequence for Dell Optiplex 7070 Tower
by 3 days, 11 hours ago
-
OTT Upgrade Windows 11 to 24H2 on Unsupported Hardware
by 3 days, 14 hours ago
-
Inetpub can be tricked
by 1 day, 22 hours ago
-
How merge Outlook 2016 .pst file w/into newly created Outlook 2024 install .pst?
by 2 days, 8 hours ago
-
FBI 2024 Internet Crime Report
by 3 days, 18 hours ago
-
Perplexity CEO says its browser will track everything users do online
by 1 day, 3 hours ago
-
Login issues with Windows Hello
by 4 days, 5 hours ago
-
How to get into a manual setup screen in 2024 Outlook classic?
by 3 days, 17 hours ago
-
Linux : ARMO rootkit “Curing”
by 4 days, 17 hours ago
-
Employee monitoring app leaks 21 million screenshots in real time
by 4 days, 17 hours ago
-
Google AI is now hallucinating idioms
by 4 days, 17 hours ago
-
april update
by 2 days, 21 hours ago
Remembering Woody
