MS-DEFCON 3: Get patched, but watch out for Outlook

Topic

New Reply

With the first non-security Office patches due out on Tuesday, July 4, we’re kinda backed up against a wall. The simple problem: Some of the patches d
[See the full post at: MS-DEFCON 3: Get patched, but watch out for Outlook]

8 users thanked author for this post.

samak, JDeC, AJNorth, MrBrian, SueW, wdburt1, ch100, HiFlyer

Reply | Quote

Replies

I don’t know if this was posted anywhere here.
.NET Framework Preview patches released in May 2017 (latest for all versions other than 4.7) have been pulled due to conflict with the .NET Framework 4.7 installer.
https://blogs.msdn.microsoft.com/dotnet/2017/05/17/net-framework-may-2017-preview-of-quality-rollup/

4 users thanked author for this post.

Lori, woody, HiFlyer, MrBrian

Reply | Quote

Fixed in catalog-only updates

S 2012
https://support.microsoft.com/en-us/help/4035508

W 8.1 – S2012 R2
https://support.microsoft.com/en-us/help/4035509

W 7 – S 2008 R2
https://support.microsoft.com/en-us/help/4035510

3 users thanked author for this post.

HiFlyer, PKCano, MrBrian

Reply | Quote

These three updates have been reissued.

Reply | Quote

So is the W 7-S 2008 R2 .Net Framework update safe to install manually? Or will it be shipped over to Windows Update?

Reply | Quote

Microsoft’s advice (“It is recommended on machines that have installed the July 2017 Preview of Quality Rollup or the May 2017 Preview of Quality Rollup.”) is at https://blogs.msdn.microsoft.com/dotnet/2017/07/25/net-framework-july-2017-quality-update/. If you don’t install these manual updates, they’ll probably be included anyway in a future .NET monthly rollup.

Reply | Quote

Better safe than sorry I suppose. Thanks.

Reply | Quote

It’s me again. I use Windows 7 x64 version so I don’t see any update for it yet.

Reply | Quote

If I getting this right (group b): I install this months security only patches but I won’t install anything related to outlook 2010? so no office patch for june, if I’m correct?

Reply | Quote

Thanks for the thumbs up, Woody….. Just wanted to confirm that I’ve got it right!
KB4022722 is the Security Only update for Win7 64bit ……..and
KB4022717 is the Security Only update for Win8.1 64bit.
I couldn’t find the page where PKCano has very kindly given us the relevant #’s to
download from the MSUpdate catalog in the past………… so went looking…. and wanted to verify
I had it right.
As for the Office updates………. think I will give them a miss for the moment (2007) LT

If opportunity doesn’t knock, build a door.
– Milton Berle

Reply | Quote

lizzytish wrote:

I couldn’t find the page where PKCano has very kindly given us the relevant #’s to download from the MSUpdate catalog

Check out AKB2000003 🙂

7 users thanked author for this post.

Noel Carboni, JDeC, Elly, SueW, wdburt1, woody, lizzytish

Reply | Quote

Suggestion: Save the page for AKB2000003 in your bookmarks.

Comment: So long as I can find AKB2000003, this non-expert member of Group B does not find the Security-only update process too difficult.

11 users thanked author for this post.

Steve, samak, Noel Carboni, JDeC, Elly, Psylii, HiFlyer, grayslady, SueW, Jan K., lizzytish

Reply | Quote

Good idea………. actually have already…. after Kirsty pointed me to it!!!
Makes life so much easier for us lesser mortals doesn’t it !!! lol!! So a big vote of thanks
to PKCano and Woody and others for all the help you all provide us! LT

Statistics are no substitute for judgment.
– Henry Clay

Reply | Quote

…and you can also click Favorite at the top of any topic page wanted for future reference. To access saved favorite pages, click on your username, which gives the link to your saved Favorites list. 🙂

3 users thanked author for this post.

SueW, JDeC, HiFlyer

Reply | Quote

Woody, you may want to change this for clarity

Group A – automated installation of Monthly Rollups

It should be made obvious that you and almost everyone else here do not recommend Automatic Updates, but the updates which come on Windows Update installed via one of the “controlled” methods, current recommendation being the setting Never check for updates and scan manually and install according to requirements, in this case Monthly Rollups for Windows and for .NET Framework and in general all Office patches after they are proven to be reliable for those using Office.
In this particular case of June 2017, at least the Outlook 2007 and Outlook 2010 are not reliable and Outlook 2013 and Outlook 2016 patches can hardly be called reliable – I recommend installing them though, for lack of better security options.
Outlook 2007 June 2017 update is provided as Important but more recently unticked, which has the meaning that Microsoft has not decided if to keep or withdraw – please hold, install all other current Office patches
Outlook 2010 June 2017 update has already been retired, those who installed it should uninstall now, this is an easy decision.

3 users thanked author for this post.

Elly, HiFlyer, woody

Reply | Quote

This morning Outlook 2010 June 2017 update KB3203467 was (still) offered as an important update on my Windows 7 system, but unticked. It is not retired.

2 users thanked author for this post.

HiFlyer, ch100

Reply | Quote

Pim wrote:

This morning Outlook 2010 June 2017 update KB3203467 was (still) offered as an important update on my Windows 7 system, but unticked. It is not retired.

Confirmed that it is in the Catalog which means it is not retired.
In that case it is like the Outlook 2007 update, Important unticked, treat as Optional until further information is provided.

As generic recommendations (everyone should decide for themselves though, according to their own circumstances):
If really Security Critical and cannot wait (which, unlike the Windows patch, is not likely to be the case for Office anyway), then install even if it causes functional trouble or annoyance.
If not, hold until it is revised in place, under the same KB number or replaced, or superseded next month and install only its replacement.
If already installed, treat it as per the generic recommendations above, uninstall if not critical and if it causes problems, leave it otherwise.

2 users thanked author for this post.

HiFlyer, Pim

Reply | Quote

For those of you interested in the nuances, @ch100 has a good synopsis here.

I have no objections any longer to KB3021917
I don’t understand what is does, although @abbodi86 explained it on the forum.
It is totally benign and I don’t have any opinion about that patch, which I think it should be treated as potentially introducing telemetry, although this is not clear and was not determined to be the case in the comprehensive tests conducted by @MrBrian

As a curiosity about KB3021917
When scanning as Never check for updates, with Recommended as Important it comes as unticked by default
When scanning as Download but do not install, with Recommended as Important it comes as ticked by default
There are not many updates behaving in this way and it is the only one which I know.

There are other updates coming now and then as unticked by default, but this happens in all scanning configurations and when configured as Download but do not install, the WindowsUpdate.log would indicate throttling (regulation). It is not the case for KB3021917.
Current examples of throttled updates are .NET Framework 4.7 for Windows 7, Outlook 2007 Security Update June 2017 and very likely the Office updates which will be released on July 4 for Windows 7 for the first few days.
Throttling seems to be intended to have 2 meanings:
– Large updates are staged to avoid overloading of Windows Update servers
– Some updates are released as Preview but also almost entirely QA-ed, so the final decision is left to the users. They are in general large downloads, fitting in the previous category and almost never Security Updates which Microsoft intends to be installed immediately by everyone, including enterprises. The most secure enterprises indeed install in less than 48 hours, otherwise they are in breach of compliance regulations. For them the Security risks far outweigh minor issues for end users like not printing iFrames in IE, breaking Outlook Search and so on which are corrected in due time by Microsoft via other patches or re-releases. BSOD following Security Updates are other type of issues and fortunately they are rare. I am sure Woody would be able to provide few historical examples though 🙂

I maintain my previous advice about KB971033 which should be avoided because it is known to provide false positives

It can be recovered from that situation, however it is difficult and not everyone has the knowledge to do so. See the reference later to the post in another thread for some ideas if you encounter issues.

https://support.microsoft.com/en-us/help/971033/description-of-the-update-for-windows-activation-technologies

If you missed this post from @abbodi86 few days ago, it is extremely useful, not only in the context of Enterprise activation. @abbodi86 provides me with a reference to a recent Microsoft KB article to an enquiry 6 months old for which there was no clear answer from Microsoft until now.

https://www.askwoody.com/forums/topic/win10-server-2016-kms-servers-start-rejecting-win7-client-activation/#post-122582
https://support.microsoft.com/en-US/help/4032981/powershell-script-for-windows-7-non-genuine-issue-is-available

2 users thanked author for this post.

abbodi86, woody

Reply | Quote

Woody, can you please clarify something regarding the forementioned Internet Explorer printing issue?

According to this post, it is mentioned in the W10 updates section, so does it only apply to that OS or it does extend to other products?

Also, Group A users should be, despite that bug, installing the updates, is that correct?

Reply | Quote

The printing issue has been resolved by the updates pushed on June 27.
For Windows 10 1703, 8.1 and 7 can be installed via Windows Update.
For Windows 10 1607 it can be downloaded from the Catalog.

For Windows 8.1 and Windows 7, the updates which resolve the issue are the Preview Updates and in fact those updates for Windows 10 are also Preview updates.
If the issue is urgent for you install the update available for your OS, including the Preview update if it helps you.

Reply | Quote

Those Internet Explorer fixes have an issue.

Reply | Quote

Thanks a lot ch100 and MrBrian!

I wasn’t aware of KB4032782 as a workaround for the bug, and also didn’t know it was part of the July preview patch…

But as this patch actually removes one security component from June’s rollup I guess it is better to live with this bug and wait for a better fix, than leaving this door opened… What is your opinion regarding this issue?

Reply | Quote

My opinion? That’s easy. Don’t use IE and wait until Microsoft fixes the furshlinger thing before installing any IE-specific patches.

Reply | Quote

Although this post is related to an enterprise product which is WSUS and the Preview update KB4022720, I link it here and suggest keeping an eye for possible issues when the next mainstream update is released.
https://www.askwoody.com/forums/topic/massive-batch-of-bug-fixes-for-windows-office-kb-4022716-4022723-with-known-problems/#post-123024
https://social.technet.microsoft.com/Forums/en-US/fbf4912e-5d1f-4168-832d-31102c2b0d16/clients-failing-to-connect-to-wsus-80244008?forum=winserverwsus

Reply | Quote

For what it’s worth I endorse the current set of patches.

I did not detect any problems with the current Windows 8.1 updates in my virtual machine test environment, which led to my installing the updates on my hardware systems several weeks ago, ahead of Woody’s recommendation.

I’ve had my critical Win 8.1 “Group A” hardware system up 24/7 and I’ve used it hard interactively every day. It’s been fully stable and functional, including Office 2010 and Outlook 2010 (notably I don’t use indexing).

My critical Win 7 “Group B” system has had Security Only KB4022722 and IE KB4021558 patches in since June 15, installed individually from the catalog. It’s also been running 24/7 with no noted problems. Notably this system does NOT run Office/Outlook.

-Noel

7 users thanked author for this post.

Karlston, lizzytish, samak, AJNorth, JDeC, Elly, SueW

Reply | Quote

I installed 2017-06 Security Monthly Quality for Windows 7 for x64-based systems (KB4022719) today. I had the same problems that occurred when my employer pushed out the security only version to my work computer.

The update undid my disabling of libraries, and hit me with the Folder Rename error.

I had backed up my folder registry keys in anticipation of the Folder Rename error. However, restoring the keys didn’t resolve the issue. So, I did what my employer’s Help Desk told me to do – run a repair of Microsoft Office. That did (mostly) resolve the issue. It still tells me “Folder Not Found”, but if I click “Try Again” the rename then works.

I have no idea what users who don’t have Microsoft Office installed are supposed to do.

Reply | Quote

How do you disable Libraries? I don’t believe I’ve seen that get undone. Are you talking about hiding them in Explorer, or something more?

-Noel

Reply | Quote

For some reason the nesting did not work correctly, but I did answer your libraries question here:

https://www.askwoody.com/forums/topic/ms-defcon-3-get-patched-but-watch-out-for-outlook/#post-123075

2 users thanked author for this post.

woody, Noel Carboni

Reply | Quote

Noel Carboni wrote:

How do you disable Libraries? I don’t believe I’ve seen that get undone. Are you talking about hiding them in Explorer, or something more?

-Noel

The following article has downloadable registry patches that will enable you to either disable the libraries or simply hide them in Windows Explorer:

http://www.askvg.com/how-to-disable-libraries-feature-in-windows-7/

I use the disable patch, but I have found that some Windows Updates undo that setting. The tell-tale sign is a new “Libraries” icon on the desktop. Reapplying the disable patch, and then right-clicking on the desktop, and choosing “Refresh”, will then make that icon disappear.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Thanks for the info. Like you I prefer to choose what shows and what doesn’t. Having what you need and none of the chaff to navigate around most certainly improves productivity.

The difference is that I’m on Win 8.1. The approach I’ve taken with Win 8.1 is just to uncheck “Show Libraries” in the Navigation pane. I guess someone at Microsoft must have seen the light and added it as an overt setting. I wonder if disabling the feature via the AskVG patches saves more resources… I’ll have to look into it.

It’s been a while since I worried over what’s shown in Win 7 since I’m no longer actively using it (it’s the OS on my server but I don’t use the UI actively). I do know WinAero Tweaker offers to configure all of the abstractions shown over there in the Navigation pane… I don’t know if that tool works on Win 7.

-Noel

Reply | Quote

Oddly enough, I don’t even have a Libraries pane in any window nor is there an option in the “Organize” menu to switch it on or off. Never seen it, never needed it and glad it’s nowhere to be found.

What advantages are there to removing it completely as opposed to simply toggling the pane off in the “Organize”menu under the “Layout” option? You shouldn’t need to do anything to the registry to achieve this end. I only have panes for Details, Navigation and Preview all three of which I get use out of and don’t bother me at all. If you have libraries, that option should appear in this list as well.

Edit to add: You could also right click in the Navigation Pane and check “Show All Folders” which also gets rid of all entries (Libraries, Homegroup etc..) in the N-Pane except Favorites and Desktop. You could put any folders you need quick access to in the Favorites section and just minimize everything else so all that’s left is a completely minimized Desktop and your Favorites above it. Works great for me. No need to edit the registry.

Reply | Quote

It’s not really a Libraries “pane” per se, but a root namespace in the Navigation pane:

Personally I’ve never liked using Libraries both because they’ve never quite worked right (failures to update after file operations, etc.) and geek that I am, I ever really felt a need for anything different than folders on the hard disk for organizing things.

I will try to find out if there’s a possibility resources could be saved by disabling Libraries at a fundamental level.

FYI, I did get a chance to check: WinAero Tweaker will nicely eliminate Libraries from the Navigation pane on Win 7 as well as later OSs. I don’t know if this is equivalent to the registry hacks at AskVG but it’s certainly easier.

-Noel

Reply | Quote

I did a quick web search on it and it can appear as a “pane” just like the N-Pane appears only the Library pane appears across the top and can be disabled in the Organize -> Layout menu. That program you suggested works great, too. I never used or cared about that side pane much as far as the unnecessary stuff goes, but it’s nice not having it there now. It gave me an excuse to reboot so I could do a couple other things anyway.

Anyways, if disabling Libraries any further than that is going to interfere with Windows Updates, I’ll pass. They cause enough problems on their own without creating more. I’ve never used them or considered using them, but they aren’t causing problems so no need to mess with it to that extent.

Reply | Quote

Noel,

I discovered that my disabling of libraries was contributing to the “Folder Not Found” error when I tried to rename folders. This is what I did to fix the problem:

1. Re-enabled Libraries.
2. Re-merged my folder description registry backups
3. Disabled Libraries again.

Now I can rename folders without the error occurring.

Reply | Quote

Is Internet Explorer 11 Required For Other Windows 7 Applications?

Hi Woody, PK & The Crew!

I don’t use IE11 as a browser as you advise.
I keep it in case it is required for other Win7 applications like Windows Explorer and Windows Update.
Is this true or can I remove IE11 completely without affecting any other Win7 applications?

Thanks
sainty??⛵️??

Reply | Quote

PKCano wrote:

Yes, it is important to keep IE up to date even if you are not using it because it is an integral part of the operating system and other processes use it.

Reply | Quote

Well, Windows Update does not show up KB4022716 on any Win 10 CU box (different brands, different OS editions, different environments [bare metal/virtual machines]) here. Maybe it’s an out-of-band guinea pig release or they pulled the plug…

1 user thanked author for this post.

Psylii

Reply | Quote

Hey all,

Has anyone had issues with KB4022716 where it causes the lock screen to (heh) lock up? A user of mine went ahead and installed it and encountered this issue. Uninstalling it fixed the problem; I was just wondering if this was an isolated incident or not.

Reply | Quote

Looks like MS may have pulled it.

1 user thanked author for this post.

Psylii

Reply | Quote

I’m hoping that’s the case; seems like there’s always a hitch when it comes to updates lately…

Silver lining: At least it taught my user a valuable lesson about installing patches that aren’t distributed through the IT department. I believe he’s operating the only 1703 machine on the network due to this. Blocking Windows 10 updates from Windows Update seems like something to double check on my end as well.

Thanks, Woody!

Reply | Quote

?: says

June bug patches in like butter! win 7 pro
KB4022722
KB4021558
MSRT

on the office 2010 KB3203467 left unchecked for another day?
thanks guys

Reply | Quote

? says:

When I hosed everything down after patch Monday the DISM on win7 32bit spit out MS15-109 KB3080446 10/13/2017, “Security Update for Windows Shell (RCE)… toolbar object (use after free) explorerframe.dll and shell32.dll.

if interested

Reply | Quote

alpha128 wrote:

I installed 2017-06 Security Monthly Quality for Windows 7 for x64-based systems (KB4022719) today.

alpha128, KB4022719 is the 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based systems (KB4022722 is the 2017-06 Security Monthly Quality for Windows 7 for x64-based systems).

Might you have installed the wrong update?

 

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

alpha128, KB4022719 is the 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based systems (KB4022722 is the 2017-06 Security Monthly Quality for Windows 7 for x64-based systems).

Might you have installed the wrong update?

I installed KB4022719 through Windows Update. If I got the description wrong, it’s because I can’t copy and paste from Windows Update. 😉

1 user thanked author for this post.

SueW

Reply | Quote

All appropriate updates installed today on my two Windows 7 machines.

My gaming machine had the monthly quality rollup installed along with the MSRT and I assume it was without any problems at the time although coincidentally the machine was serviced today by my local workshop and they did the update installation.

My “work” machine (I’m retired but continue to use Office 2010 for voluntary work documentation) was updated by me to include the same updates as the other machine plus 8 Office 2010 updates but excluding KB3203467 based on the advice here and it being unchecked as well as my not having Outlook installed.

All seemingly ok thus far *fingers crossed* but will provide an update here if any complications arise over the next few days.

Meanwhile, thanks as always to Woody and the team for all the invaluable advice together with the research that leads to it!

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Just installed KB4023307 (security update for Silverlight)
KB4032722 (security update for Windows 7)
KB4021558 (cumulative security update for IE11)

in that order with the required reboot after the 2nd and 3rd update.

I don’t have Office installed and I don’t have a printer installed on this computer so I can’t address any Outlook or IE11 printing issues, but everything else seems fine – no problems with the installs and no apparent loss of any functionality.

System details: Win7 Pro SP1 x64, 5th gen core i3.

Hope to do my desktop with Office and a printer later tonight or tomorrow.

Bonzo

Reply | Quote

Just installed the same 3 updates on my desktop with the same results – no problems with the installs and no apparent loss of functionality.

This computer does have Office 2010 on it and is connected to a printer. I never use Outlook, so I didn’t check it but the rest of Office seems fine. Never print from IE11, so didn’t check that either. Haven’t installed any Office/Word/Outlook updates since the May release.

System details: Win7 Pro SP1 x64, 3rd gen core i5

Bonzo

Reply | Quote

To KB4022722 Or Not…

Is KB4022722 (Security-only update June 13 2017) Safe To Download And Install Yet?

Or does it have issues yet to be resolved – especially with Outlook!

(Microsoft Office 2007 Win7 Home Premium).

Microsoft’s contradictory view:

KB4022722 (Security-only update June 13 2017)

“Microsoft is not currently aware of any issues with this update”.

Outlook known issues in the June 2017 security updates

The issues documented in this article have been reported after installing the recent updates listed below:
KB4022722 Listed!
Thanks again for your noble minds against this sea of troubles!sainty??⛵️??

Edit html to text may have accidentally changed intention of post

Reply | Quote

“Is KB4022722 (Security-only update June 13 2017) Safe To Download And Install Yet?”

Yes, that’s why Defcon is now at 3. KB4022722 has nothing to do with Outlook.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

If KB4022722 has nothing to do with Outlook
why is it listed under
“Outlook known issues in June 2017 security updates”?
“Issues documented in this article have been reported after installing the recent updates listed below”
including a listing for KB4022722

Any further clarification much appreciated!

Thanks
sainty??⛵️??

Reply | Quote

Hmmm. I haven’t heard of the security-only patch causing problems. In fact, the support page says “no known issues.”

The Monthly Rollup has problems with IE11 printing because it contains the cumulative IE11 update, but the security-only patch does not.

If you are not using Outlook, you should have nothing to worry about if you install KB4022722. I am not using Outlook and I have installed it with no other problems.

Reply | Quote

It is not clear which component of the Monthly Rollup causes certain issues with Outlook Search functionality. This is not enough reason to avoid the June 2017 security patches though, preferably the rollup.

1 user thanked author for this post.

PKCano

Reply | Quote

Given that the June Windows preview rollups fix Outlook issue(s), and June Windows rollups are listed as problematic on that Outlook issues page, I think it’s best to assume that the June Windows rollups indeed cause issue(s) with Outlook.

Reply | Quote

But KB4022722 is not the Rollup, it is the security-only patch. Supposedly the Preview is the non-security part, so it could very well fix the Rollup.

1 user thanked author for this post.

ch100

Reply | Quote

That’s true. KB4022722 is listed though as being problematic on the Outlook issues page.

Reply | Quote

The file list for KB4022722 (and KB4022717 as well) includes files that would seem to be search-related such as Searchindexer.exe, so I think it’s plausible that KB4022722 causes search-related problems for Outlook. Hopefully for Group B’ers the July security-only update will include the fix.

Reply | Quote

I think it’s highly likely that Outlook Issue #5 is caused at least partially because of June 2017 updates changes to Windows Search indexer. Interestingly, SearchIndexer.exe was changed in the Windows 7 June preview monthly rollup on June 16, 2017, which is 3 days after June’s Patch Tuesday. The Windows 7 preview monthly rollup has documented fix “Addressed a reliability issue in Windows Search.”

Reply | Quote

Hmmmm…..
It would be interesting to see if the changes in the Searchindexer is in any way related to the Cortana/Bing search engine in Win10. If you kill Cortana/Bing in Win10, the searchindexer takes over (if I’m not mistaken, from research I did a year ago). It would be interesting to find (or not find) a correlation.

Reply | Quote

I checked the file list of the Windows 7 May 2017 preview monthly rollup for the presence of SearchIndexer.exe. It is not present. I found at http://blog.talosintelligence.com/2017/06/ms-tuesday.html that two vulnerabilities (CVE-2017-8543 and CVE-2017-8544) related to the Windows Search service were fixed in the June 2017 updates. These security fixes are likely at least part of, and possibly the only, cause of Outlook Issue #5.

Reply | Quote

CVE-2017-8543 is one of two vulnerabilities that Microsoft listed as already being exploited as of June 13, 2017.

Reply | Quote

I installed KB4022722 in the blissful conviction that it was issue-free. I use Outlook all the time and have encountered no problems. Mercifully.

1 user thanked author for this post.

SueW

Reply | Quote

I installed the June Security only update on June 21th, but no others. I have had no problem with Outlook 2010 search. I tried it after the IE rollup install a few days later, and again after the Office 2010 patches (NOT the Outlook one) a few days later, and no problems so far.

After reviewing the issues reported here and on other sites, I stagger the Group B patches to minimize the guesswork as to which patch is at fault if there are reported issues. It is a bit more work, but not the pain that finding the culprit is if you install all at once.

Reply | Quote

Just a doubt, just installed all patches and the roll up except the outlook 2007 patch which I dont use and is unticked but import, and when I finished rebooting my machine a new patch appeared from 27/6, apparently it is the 4.7 net framework, it is important but also unticked, should I install it or just let it pass?

Reply | Quote

.NET 4.7 has caused problems with Win7. Read this information and also the rest of that thread. I would avoid it until the problems are worked out.

3 users thanked author for this post.

HiFlyer, AJNorth, ch100

Reply | Quote

But can I just skip it? I’m fine with my current framework so do I really have to update further down the line or can I just keep running as I always have?

Reply | Quote

You don’t need to upgrade unless MS retires the version you are using, as long as it meets your needs.

1 user thanked author for this post.

TheSuffering

Reply | Quote

You have to use 4.5.2 or 4.6.1 or 4.6.2 with all .NET Framework Monthly Rollups offered (not the Preview) if not installing 4.7.
To be clear, you do not have to install 4.7, but installing it will eventually reduce the number of updates required and installed as it supersedes in place all the previous 4.x releases (like a Service Pack specific to .NET Framework 4.x).

2 users thanked author for this post.

HiFlyer, TheSuffering

Reply | Quote

I’m pretty sure I have the latest 4.6 with eberything up to date. I’m gonna go with what PKCano says and hold back on it until they retire the one im using, I dont want to fix what isnt broken

1 user thanked author for this post.

ch100

Reply | Quote

.NET Framework 4.7 is unticked because is “regulated”, which means throttled at Microsoft. You can see this behaviour in the WindowsUpdate.log if your configuration is set to one of the settings Download but do not install or Automatic Updates. Not advising you to use any of those 2, although I normally use the first one mentioned knowing exactly the downsides, but useful for testing.
.NET Framework 4.7 is not faulty, but give it some time because being new, there are few known issues.
See this issue in addition to what was already mentioned by @PKCano which has good advice.
https://blogs.msdn.microsoft.com/dotnet/2017/05/17/net-framework-may-2017-preview-of-quality-rollup/

You need to install Office patches if you have the suite installed. If you don’t use Outlook, then you can safely install the patch for added security. The functional bugs do not affect you. But considering that we are close to tomorrow and the next week releases, you can skip that patch if you have reservations about it and install July 2017 patches when Woody says it is OK or using your own schedule if you feel more adventurous and wish to be one of the early testers. 🙂

3 users thanked author for this post.

HiFlyer, TheSuffering, PKCano

Reply | Quote

Few more issues with .NET Framework 4.7 for reference
https://support.microsoft.com/en-us/help/4015088/known-issues-in-the-net-framework-4-7

The issues in that list are unlikely to affect most of the readers here.

5 users thanked author for this post.

HiFlyer, AJNorth, MrBrian, TheSuffering, PKCano

Reply | Quote

You most certainly have a relaxed attitude towards the “preview of quality improvements”… not faulty, but a few issues.

And then some more issues…

Now it’s no longer recommended by microSoft and not available either.

Let’s just call it a piece of lousy software then! 😀

1 user thanked author for this post.

HiFlyer

Reply | Quote

Good Day @ch100,

With respect to “issues in that list are unlikely to affect most of the readers here,” it appears that there is one that could affect the installation of .NET 4.7 on three particular platforms:

The .NET Framework 4.7 installation blocks on Windows 7, Windows Server 2008 R2, or Windows Server 2012 due to missing d3dcompiler update

(The solution is to first install the appropriate version of KB4019990.)

Cheers,

AJN

1 user thanked author for this post.

HiFlyer

Reply | Quote

There are other problems too. Also read https://www.askwoody.com/forums/topic/our-net-framework-4-7-upgrade-intentions/#post-120261

1 user thanked author for this post.

HiFlyer

Reply | Quote

The solution is of course to follow microSoft’s recommendation “This release is no longer recommended/available”…

https://blogs.msdn.microsoft.com/dotnet/2017/05/17/net-framework-may-2017-preview-of-quality-rollup/

 

Reply | Quote

AJNorth wrote:

Good Day @ch100,

With respect to “issues in that list are unlikely to affect most of the readers here,” it appears that there is one that could affect the installation of .NET 4.7 on three particular platforms:

The .NET Framework 4.7 installation blocks on Windows 7, Windows Server 2008 R2, or Windows Server 2012 due to missing d3dcompiler update

(The solution is to first install the appropriate version of KB4019990.)

Cheers,

AJN

The rollup for June 2017 contains KB4019990 which is only a hotfix not released on Windows Update and as such not released for home users who should follow Windows Update.
The home users not following Windows Update, use custom solutions suitable only for IT professionals (documented on Technet or Microsoft MSDN blogs) and as such should know what to do, without asking others, but rather advising others 🙂

Reply | Quote

Isn’t July 4 a national holiday in the US? we might not see any Office patches this week 🙂

2 users thanked author for this post.

ch100, HiFlyer

Reply | Quote

True. But you never know with Microsoft……

Reply | Quote

It looks like this was the case and not the ongoing issues with Outlook… 🙂

Reply | Quote

We’re over 4 hours out of the normal release time and still nothing on the Office Updates page.

Reply | Quote

Hi,

I have a Win7 64 machine.  I installed all the updates except the monthly roll-up (KB4022719) and and the outlook update (KB320346).  It appears that KB4022719 has caused the outlook search  function not to work properly.  Also it appears that the monthly preview (KB4022168) fixes this issue.  Has anyone installed  KB4022168.  Any issues?   Install KB4022719 than KB4022168 then reboot?

Reply | Quote

If you are in Group A (installs everything), installing KB4022719 is OK (with known issues).
Installing KB4022168 (the Preview for July Rollup) you become a Guinea Pig. It may fix the Outlook search function, but we haven’t heard what else may be lurking. MS’s track record has not been good of late.

But if you do install, please come back and let us know the results.

Reply | Quote

I want to thank PKCano again for the easy links to the security-only patches. Greatly appreciated by those of us in Group B!

4 users thanked author for this post.

Jan K., Sessh, SueW, HiFlyer

Reply | Quote

You are certainly welcome.
Updates to  AKB2000003 next week on Tuesday as soon as they clear MS documentation. Of course, you are going to hold off till DEFCON 3, right?

5 users thanked author for this post.

AJNorth, abbodi86, HiFlyer, Sessh, SueW

Reply | Quote

Just installed the patches in my W7 Pro x64 notebook here: KB4023307, MS Silverlight; June’s MSRT; and KB4022719, June’s monthly rollup.

After the installation, the first scan found KB3186497, an important recommended update, but unchecked by default, for .NET 4.7… Should that one be installed as well?

Reply | Quote

.NET 4.7 has caused problems with Win7. Read this information and also the rest of that thread. I would avoid it until the problems are worked out.

Reply | Quote

Thanks a lot PK!

In the meanwhile should I perhaps hide that update to avoid a nasty misclicking accident? Or hiding it may somehow affect/break the supersedence chain?

Reply | Quote

Don’t hide it.
Just be careful!

1 user thanked author for this post.

ch100

Reply | Quote

Thanks once again mate!

Reply | Quote

It took a couple of months but the GUI lag monster has been clobbered, and this only took two hours for downloading and to installation of the patch wads.

Reply | Quote

Yesterday, after installing the updates, I had an issue which was not present in the system prior the new updates, my Intel graphics driver crashed, freezing, causing a black screen for a couple seconds, and then recovered, showing a display popup regarding the video error. I have seen this exact same issue on other PCs, but never knew what caused it though… In my notebook it was the first time it happened.

Reliabily monitor registered a Kernel level event regarding the crash, and reported it as “video hardware” failure.

My Intel graphics are the most recent version, released mid 2015, for 2nd Gen i5 and HD3000 GPU, so I can’t update, since it is the latest release for my hardware.

Did anyone else getting something like this? Or perhaps it is an unrelated issue?

I’m running Windows 7 Pro x64 by the way.

Reply | Quote

There was an Intel 3000 driver released by MS in March. Check your device manager and see if the driver has changed.

See this topic

Reply | Quote

It only happens that I run an older laptop with Intel HD Graphics 3000.
The latest and very good driver is 9.17.10.4459 dated May, 19, 2016.
I remember someone on this forum (@PCCobbler) saying many months ago that this driver does not support OpenCL, but I would say that this is old hardware which can hardly if at all support new technologies.
The point is that this hardware works very well for regular activities, but not for extreme acceleration the kind of which is normally employed only by gamers (this is the case only on Windows 10 and possible on its close relative Windows 8.1).

Reply | Quote

@PKCano I get offered this kind of update often but I always hide them, so any could not be installed, device manager states 9.17.10.4229, which was the last one I manually installed ages ago… Nothing changed recently in my PC regarding drivers. Just the regular rollup updates, aka Group A approach…

@ch100 On Intel’s download center the latest release I can find is the one that I have, 9.17.10.4229 dated June, 5, 2015… Where can I find newer versions?

Reply | Quote

Greetings,

Have you looked into the Intel Driver Update utility? (It is regularly updated; current version: 2.8.0.7, digitally signed on 2017.05.18: https://www.intel.com/content/www/us/en/support/detect.html .)

(If you have not already done so, you might first check the computer OEM’s site, per Intel’s notice:

“Intel provides generic versions of drivers for general purposes. Your computer manufacturer may have altered the features, incorporated customizations, or made other changes to your driver. Intel recommends you contact your computer manufacturer for the latest system specific updates and technical support information.”)

Hope this is useful.

Cheers,

AJN

Reply | Quote

@AJN
Intel HD Graphics 3000 is old hardware and it is unlikely that any manufacturer for computers with this video card supports Windows 10 for that product. Intel also ended support for this piece of hardware.
In such a situation, only Microsoft would support that hardware with only basic functionality.

Reply | Quote

@ch100

If I read the post to which I responded correctly, then that person is running Windows 7 Pro x64. In any case (and as I’m sure you’ll agree), others who are not aware of it may benefit from knowing about the Intel Driver Update utility (again, paying attention to Intel’s admonition about preferably using drivers from their OEM).

Regards,

AJN

1 user thanked author for this post.

ch100

Reply | Quote

I don’t remember, but I think it is on Windows Update.
Try the Catalog, but if you want to install drivers from the Catalog manually, you would have to know how to extract them from .cab files.
Use Windows Update and install from there if it is offered.

EDIT: I use Windows 10 1703 and my driver is for Windows 10 released for that version.

Reply | Quote

@ch100

So the version available on the catalog should be picked over the one offered directly by Intel Download Center?

Reply | Quote

In my opinion yes, the version in the Catalog and on Windows Update (if it is offered correctly and this is the only reason to question Catalog and Windows Update drivers) is superior to the one from Intel, at least in theory.
The reason is the HardwareID which is specific to OEM manufacturers. There is a generic part and a custom part which makes the difference sometimes.
Windows Update offers proper drivers only, specific to the hardware, although I believe it also offers generic drivers when there is no driver installed at all, while the device manufacturers offer only generic drivers. Some even put a disclaimer for this purpose.
It is a complex area and there is no single answer for all situations.
The idea is to install drivers for devices for which they were designed and fallback on manufacturer’s driver only if there is no other way.

With Intel in particular, but not NVIDIA, Broadcom or others, there may not be a significant difference between the OEM drivers and those downloaded directly from Intel. Intel is “special” because they own the CPU, GPU built-in, the chipset etc and for that reason there is close design integration between Intel and Microsoft.

Please be aware that not all drivers in the catalog are suitable for all operating systems, even if the HardwareID matches.

1 user thanked author for this post.

Bill C.

Reply | Quote

@ch100

Alas, as you doubtless know, drivers can often be a thorny matter. You may recall the brouhaha that occurred over many laptops running Windows 7 that had one of several Intel Centrino Wireless cards for which a MS critical update disabled Bluetooth. MS and Intel spent several weeks pointing their fingers at each other as to whose “fault” it was; Intel finally blinked first, releasing new drivers that restored Bluetooth functionality — but neither their update utility, nor the OEMs, listed it: one had to track the appropriate driver down, then follow the specific procedure to properly install it.

In another case, a few months ago following installation of the Windows 7 “Group B” updates, one of my clients began having issues with connectivity of his desktop to his wireless router (including the occasional BSOD). Neither Windows Update nor the OEM (HP) showed an update to the driver for the factory Broadcom wireless NIC. Fortunately, Broadcom did — and that solved the problem.

Finally, as has been discussed in other threads here at AskWoody, MS has, from time-to-time, offered inappropriate drivers through Windows Update which, if an unsuspecting user installed, caused havoc.

2 users thanked author for this post.

Bill C., ch100

Reply | Quote

I had the Intel Bluetooth problems on my Lenovo Thinkpad and my problem was solved by the Intel Driver Update Utility. It pointed me to the correct driver file(S). Note the “S” in files.

Only one was necessary for fixing my issue, as I had to do a system restore to fix it after using the wrong one. Plus they had to be installed in a specific order over the originally installed driver. Not doing that resulted in blue screens and system restores.

Fortunately for folks doing later installs, Intel did release a detailed instruction sheet after the driver release, which would have prevented my error, as the original instructions said to remove the old driver. Doing that led to an install error about being unable to find a config file, and threw a blue screen. Lenovo did eventually release a patch, but it was months later and I did not use it as I did not want to break what was fixed by the Intel release. I would have preferred the OEM (Lenovo) fix for long-term compatibility as ch100 recommends.

Reply | Quote

so, just downloaded security only patches for windows7/8.1 and ie patches. have not installed anything yet. so windows patches will get installed. should i leave patches for ie and outlook alone because they are buggy? should i leave all office 2010 related patches alone? just to be sure?

Reply | Quote

I would avoid the patch for Outlook.

If you are not using Outlook, installing the other patches for Windows and Office 2010 should be OK.

If you are using Outlook, the patches may cause an indexing problem with it. But I would go ahead and install the patches for security reasons and see if you can live with that. It may or may not cause a problem for you. If it does cause a problem, you can uninstall them and the problem should go away.

I do not recommend installing .NET 4.7 at this time.

2 users thanked author for this post.

Bill C., AJNorth

Reply | Quote

thanks.

on my windows 7/8.1 machines i installed both windows and internet explorer security only patches and all office 2010 related patches except outlook. further i installed malware removal tool and on windows 8.1 i installed security update for flash and definition update for windows defender. as recommend i did not install .net 4.7 (which was only offered on win8.1 machine, not on windows 7 for whatever reason).

Reply | Quote

I know this issue has been posted about before, but I just discovered errors in what appeared to be successful June patching. I am using Windows 7-64 Pro SP1 on a desktop. I did the June updates (Group B) for the Security Only, the IE Rollup, and the Office 2010 patches (except Outlook 2010 due to multiple issues) with no adverse issues at first glance.

What I later found this weekend was the following in the Computer Management application under Windows Logs, Applications:

“Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\xxxxxxx\Documents\Outlook Files\xxxx@xxx.net.pst (error=0x81404005). If this error continues, contact Microsoft Support.”

My PST file is not huge at 1.9 GB, and my Outlook 2010 is an individual client (not a network client) but I have found no difference in the search function in Outlook 2010 even after doing some very specific searches of minor emails as well as major threads. This error started the day after I patched in late June. It is a once a day error not dependent on how many searches I do, as it appears even when I do not search Outlook (no searches are the norm).

According to MS this is fixed in the June 27 KB4022168 (Preview of Monthly Rollup). I do not do the previews or rollups. As it has not caused any detectible issues with searching, so unless the fix in in the July Security Only patch, I will have to let it go unless there is a more substantial Outlook specific patch for the bad June Outlook 2010 patches.

Reply | Quote

It probably was fixed in the July Windows 7 security-only update because it contains file SearchIndexer.exe from late June 2017 if I recall correctly.

Reply | Quote

Hi: I am at a loss as how to find the security only update for each month.  I have read each item of this thread and updated and of how to update 8.1 up to June, but cannot figure out where to look for the security only update for last month and this month.  The microsoft catalog only list the security only update  for May as the last one.  What am I doing wrong, or where can I find the security only update each month?  Thank you.

Reply | Quote

The security-only patch and the cumulative update for IE11 (you need both) are in AKB2000003 in the Knowledge Base. Put the link in your favorites so you can find it again.

Reply | Quote

Previous post – thought I was on the updating win 8.1 thread. Sorry about that.

Reply | Quote

Thank you very much PKCano.

Reply | Quote

Windows 10 Pro 1607 patched yesterday to 14393.1358 with the rest of the June updates.  So far so good!

https://support.microsoft.com/en-us/help/4022715/windows-10-update-kb4022715

Windows 10 Pro 22H2

Reply | Quote

Just as an FYI.

When I checked WU today, I noticed in my Optional Updates the 2 instances of “old friend” KB2952664 were no longer present. I used to hide the updates I did not install, but decided to leave them unhidden after reading pros and cons here. I check them after every update to see if they have changed. I re-re-re-checked to make sure it was not in any of the installed updates or update histories. All was still clean.

I was surprised the 2 versions were shown for as long as they were. I expected the older version to be dropped.

@PKCano: Thanks for all the work you do for us!

1 user thanked author for this post.

dgreen

Reply | Quote

Watch for KB2952664 on Patch Tues. Many times the older one will disappear the day before a new version comes out. You never know with MS.

1 user thanked author for this post.

dgreen

Reply | Quote

PKCano wrote:

Watch for KB2952664 on Patch Tues. Many times the older one will disappear the day before a new version comes out. You never know with MS.

PKCano

Like Bill C I also noticed a few days ago that the two kb2952664 from my optional list disappeared.
Thanks for the heads up to keep a watch out for the “reappearance”.

Reply | Quote

Just checked on 7/11/2017 @ 3:45pm EDT and its Baaaack! KB2952664 returned with a new publishing date. PKCano got it dead on.

Here is the description (my bold): “This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

I believe the last iteration also had the bolded line.

Reply | Quote

Yea, don’t worry this doesn’t have anything to do with the program that is already over. We just want to track you.

“diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program” = no thanks.
“evaluate the compatibility status of the Windows ecosystem” = no thanks.
“help microsoft” = no thanks.

“help microsoft to ensure application and device compatibility for all updates to windows” = “Do stuff on your non windows 10 computer so we can help windows 10”
No thanks.

1 user thanked author for this post.

HiFlyer

Reply | Quote