MS-DEFCON 3: Get your September patches installed — but stick to the mainstream patches

Topic

New Reply

Lots of people will tell you that you need to install strange (very strange!) patches to protect yourself from the “Exploited: Yes” zero day patch for
[See the full post at: MS-DEFCON 3: Get your September patches installed — but stick to the mainstream patches]

12 users thanked author for this post.

AlphaCharlie, jburk07, Alex5723, Morty, Fred, Lori, SueW, OldBiddy, Microfix, abbodi86, fernlady, Myst

Reply | Quote

Replies

which “services” and so should be disabled this time as september “security only” (NOT) patches for both win7 and win8.1 have spy-/malware included?

Reply | Quote

Woody’s ComputerWorld article will be out shortly with patching instructions. Watch fot the link in the main blog article.

Reply | Quote

More good news on the reliably boring Win8.1 Pro x64 patch front again this month on 3 devices. Initially installed on one device 11th Sept, the others followed a few days later.

kb4516115 – September Adobe Flash Security update.
kb4516067 – September SQMR for x64 systems; reboot req’d.
kb4512938 – September SSU; revealed itself once update queue was empty; rebooted anyway.

SFC /verifyonly displayed no integrity violations on any device.
Fully WU (Group A) patched and ready for the next onslaught 😉

Win 7 Pro x64 and x86 installs have shown no issues this month either (Group A) WU SMQR patching.

note: I’ve not installed the IE zeroday patch from the catalog on ANY device and if it’s THAT important, it should be rolled up within Octobers SMQR.
These are all hardware installs, not virtual m/c’s

If debian is good enough for NASA...

3 users thanked author for this post.

jburk07, Myst, PKCano

Reply | Quote

Checking in on additional Win 8.1 Pro x64 SMQR kb4524156 released Oct 3rd.
Installed via WU; reboot required.
Usual checks for telemetry, none activated 🙂
SFC /verifyonly displayed below:

Checked USB canon pixma printer (test page) and pdf documents.
Still good here, might just leave the rest ’till the 8th.

If debian is good enough for NASA...

1 user thanked author for this post.

PKCano

Reply | Quote

Regarding SSU KB4516655 metadata revision

they corrected the situation and removed SSU KB4490628 supersedence

meaning, SSU KB4490628 is still the active primary SSU, and needed to install sha2-only updates (along with KB4474419)

5 users thanked author for this post.

Lori, jburk07, Microfix, woody, PKCano

Reply | Quote

And I was so hoping this month was going to be easier than last month.

So in addition to “all the regular” SO updates and the 2nd ver. of KB4474419, it looks like now I also need KB4516655 and maybe KB4490628 in addition?

After last month’s nail biter, I was under the impression that all I would need for the SHA-2 updating this month would be KB4474419.  I thought I was keeping up with things, but I guess not.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

You should already have SSU KB4490628 from before. But you always need the latest Servicing Stack, which is KB4516655.

3 users thanked author for this post.

Lori, jburk07, woody

Reply | Quote

Okay thanks, looks like I’m okay except for KB4516655 which by the way is dated 9/30/19 in the Microsoft Update Catalog.  That must explain why I didn’t know about it.  I’m assuming that I need these to do all the Sept. updating, and not just the “chicken little” updates right?

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

KB4516655 is not needed for anything currently, unless you are business customer and want to test and install Extended Security Updates MAK key

3 users thanked author for this post.

Microfix, PKCano, Charlie

Reply | Quote

No I’m not a business customer, just a regular bloke.  Thanks very much.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

On September 23rd, Installed kb4474419 (V3) restart required, kb4516655 restart not required but did it anyway.

Today Installed kb4516065 restart required, installed kb4514602 restart not required but did it anyway.

As far as I can tell everything is okay.

Windows 11 Pro
Version 23H2
OS build 22631.4890

5 users thanked author for this post.

MrToad28, Microfix, jburk07, bassmanzam, PKCano

Reply | Quote

i installed so patch kb4516033 (win7), so patch kb4516064 (win8.1) and mainstream ie patch kb4516046 (NOT kb4522007) on both win7 computer and win8.1 notebook.

after reboot i installed september office 2010 patches, .net, msrt, flash (win8.1) and another (3rd?) incarnation of kb4474419 (win7).

i skipped outlook 2010 patch kb4475604, as it’s not part of september updates, this one belongs to october. and this one is not titled “security update”, it’s only called “update”. on win8.1 notebook it was “important” and checked, so i had to uncheck it.

on win7 computer “application experience” and “customer experience improvement program” remained deactivated after installation of NOT “security only” kb4516033.
on win8.1, after installing NOT so kb4516064, i also deactivated everything within “application experience” and “customer experience improvement program”.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

4 users thanked author for this post.

Microfix, jburk07, SueW, PKCano

Reply | Quote

When Woody says:-

“And in the middle you have a billion or two Windows customers who really don’t care. They just want their computers to work and not suddenly get whopped by a WannaCry wannabe.”

I would add:-

“or an unnecessary or inadequately tested update.”

Thanks as always to Woody and the Team for watching over us!

Reply | Quote

So, not sure what to install.

I have 1903 – 18362.267, and SSU KB4515530.

I usually download the latest (approved by Woody) from the Microsoft Update Catalogue. – I don’t quite trust Windows Update.

So exactly which updates do I need now?

Dell Inspiron 16 Plus 7640 Core Ultra 7 155H 32GB Win 11 Pro 23H2 (22631.4890)
Dell Inspiron 15 7580 i7 16GB Win 11 pro 24H2 (26100.3194),
Microsoft 365 Version 2502 (18526.20118)
Location: UK

Reply | Quote

I think the intention is to install the Patch Tuesday update and not the two previews KB4515216 or KB4517211 that have caused problems. You will need the Servicing Stack KB4515383 also. Plus IE11 Flash snd .NET Rollup.

1 user thanked author for this post.

John

Reply | Quote

@pkcano, Help .

No problem installing the SSU – KB 4515383.

But, once I had installed KB4515384, I lost my start menu, and search box in the task bar.

(I also noticed I was one settings icon short too – sorry didn’t work out which one.)

An uninstall of KB4515384 restored start menu, search and a full set of Settings icons.

So, still on 18362.267.

Any ideas ?  Should I carry on and try to install:

IE11 – KB4516115

.NET – 10 Sept – KB4514359 or

26 Sept – KB4522738?

Dell Inspiron 16 Plus 7640 Core Ultra 7 155H 32GB Win 11 Pro 23H2 (22631.4890)
Dell Inspiron 15 7580 i7 16GB Win 11 pro 24H2 (26100.3194),
Microsoft 365 Version 2502 (18526.20118)
Location: UK

Reply | Quote

Hold on – Thursday was crazy. We should hear from Woody/Susan today (10/4) about the updates that were released out-of-band yesterday. They will provide guidance.

1 user thanked author for this post.

John

Reply | Quote

OK @pkcano, wait and see it is.

Dell Inspiron 16 Plus 7640 Core Ultra 7 155H 32GB Win 11 Pro 23H2 (22631.4890)
Dell Inspiron 15 7580 i7 16GB Win 11 pro 24H2 (26100.3194),
Microsoft 365 Version 2502 (18526.20118)
Location: UK

Reply | Quote

Heads-up (in case you haven’t noticed yet): Windows Defender also got a new Antimalware Client (Version 4.18.1909.6) yesterday. Same engine (1.1.16400.2), Quick and Full scans seem to be working fine with current anti malware definitions (1.303.728.0 as I write this – more help about this specific subject in my previous post).

Reply | Quote

Last weekend in a what the heck moment (no disrespect to Woody’s Defcon system) I installed on one Win 7 starter 32 bit and two Win 7 Pro SP1 64 bit the following in the order given with a restart after each:

The latest version of KB4474419 (SHA-2), KB4516655 (SHA-2), KB4522007 (the out of band IE 11 patch – I skipped over the in band IE 11 patch, KB4516046), and KB4516033 (Security Only). All were down loaded from the catalog. I’m in the habit of restarting after every patch even if it’s not required.

Everything is fine/normal (not even Windows Media Player was affected).

4 users thanked author for this post.

Microfix, jburk07, Lori, SueW

Reply | Quote

It seems like a lot of business customers frequent this site, everyone is getting and installing  KB4516655.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

In my Windows Important Updates, I only see the September Security rollup KB4516065, September Security Update KB4474419, and the September Security rollup for .NET. It’s ok to only install these important updates then?

Win 7 Home x64 Group A

Reply | Quote

Yes, those can be installed.

2 users thanked author for this post.

LHiggins, OldBiddy

Reply | Quote

I’m on W10 Pro 1809 and from Woody’s article on Computer World, I guess I’ll go with option 2 which is WU. I did go ahead and get the SSU from the catalog though, KB 4512577 and installed it. It seems a bit odd to me that it’s a lower # than the last SSU I installed which was KB 4512937 on 9/6/19.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Cloned my NVME and updated (with WU) 1 of my W10 Pro 1809 computers this morning which brought me to 17763.737. So far all is well on this updated computer.

KB 4516550 .net cum. 3.5/4.8, KB 4514601 .net cum. 3.5/4.8, KB 4516115 Flash Player, KB 4512578 cum. update 1809.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Interesting, out of 3 computers this morning  (all started as W10 Pro 1809 17763.678) I have gotten different updates on each computer, normally I get the same updates.

Computer 1- KB 4516550 .net, KB 4514601 .net, KB 4516115 Flash, KB 4512578 cum. 1809.

Computer 2- KB 4514601 .net, KB 4516115 Flash, KB 4512578 cum. 1809 (no KB 4516550)

Computer 3- HP laptop about an hour after other computers, KB 4524148 cum. 1809 (no .net or Flash)

Computer 4- Hasn’t gotten any updates yet.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

I just tried my HP Deskjet Pro 8100 printer on computers 1 & 3 and it still prints (at least so far).

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Update: Computer 2 got KB 4524148 last night and computer 1 got KB 4524148 this morning and so far, computer 1 still prints to an HP Deskjet Pro 8100 Wireless, My girlfriends computer 2 still prints to an HP Deskjet Pro 8600 AIO wireless.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

? says:

so, if i have KB4474419-v2, and KB4490628 can i install KB4516046-IE or do i need KB4474419-v3, and KB4516655 before the September IE patch? or do i need to just give it up….

Reply | Quote

@abbodi86 says you don’t need KB4516655 right now, KB4490628 is sufficient. You may not need KB4474419-v3, but I would go ahead and install it anyway.

See this discussion (several replies there too).

1 user thanked author for this post.

jburk07

Reply | Quote

So, should I uninstall KB4516655 or leave it?

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

No, leave it. It is not a problem.
It is just not required right now according to @abboei86.

2 users thanked author for this post.

jburk07, fernlady

Reply | Quote

? says:

otay! thank you PK, and please wake me when this bad dream is finally over…

Reply | Quote

servicing stack 4516655 has not come in with the Windows update service for September.  should it have?

Reply | Quote

KB4516655 is a Servicing Stack update. Because Servicing Stacks have to be installed exclusively (by themselves), thee will not show up in the Windows Update Important update queue until/unless there are no other pending updates (checked or unchecked). That means you have to install all the other pending updates in the Important queue or hide them. The queue has to be otherwise empty.

1 user thanked author for this post.

Lori

Reply | Quote

Thank you.  The only thing holding me.up is The .NET 4.8 offering.  But it arrived via Windows update unchecked.  Any word on if there are any problems with it?

Reply | Quote

We do not recommend installing .NET 4.8 on Win7 or Win8.1 at this time unless you are using an application that absolutely needs it.

2 users thanked author for this post.

Lori, Linda2019

Reply | Quote

Thanks so much.  Sorry to trouble you,   the .NET Rollup KB4514602 for 4.7.2 would be okay then?

Reply | Quote

The update is OK if you have .NET 4.7.2 installed on the computer.

Reply | Quote

A real struggle with these last patches even with a 7 day delay on a stock machine. Had problems printing to my Canon MX series printers both wireless and USB. MS Troubleshooting found no problems. Finally I realized it had to be the newer .net framework versions messing with the printers. I eventually reset the printers by deleting and adding back the drivers and then restarting and that cured the issue. Why this happened and wasn’t caught before rollout caused an unwelcome 3 hour trouble shooting delay in three computers work.

2 users thanked author for this post.

jburk07, Myst

Reply | Quote

Nice to be at defcon 3 for a little while.

Reply | Quote

… that came and went real quick

Reply | Quote

Read the article.  As usual, Woody mentions to not check any unchecked patches.  NET Framework 4.8 (KB4503548) is unchecked.  Has there been any problems with it?

Reply | Quote

Win7 x64 Group B(W). Did the IE early update after installing the two servicing stack updates required. No intention of installing the SO with telemetry after the networking probs I had after the earlier SO with telemetry. Checked the Ghacks site and couldn’t find a .Net SO for Win 7 listed there although available for 8.1. Can anyone confirm none exists? My machine runs 4.6.1. Only do SO’s after a .Net rollup messed up graphics programs ~ 18 months ago and this box runs DxO for RAW image development. Thanks.

Reply | Quote

There was no .NET SO for Win7. Only the .NET Rollup.

Reply | Quote

Much obliged! Thought I was going blind! 😉

Reply | Quote

Hi. I haven’t updated my Windows 7×64 and Windows 8.1×64 computers since the May Security patches, (installed early as recommended here). I do the monthly security only updates, and am trying to catch up.

On my W7 pc, I did the Service Stack update (KB4499175), the May 2019 pciclearstalecache and the first SHA-2 KB4474419 update, and the August IE 11 Cumulative update (KB4511872). I turned off remote access.

To catch up on my W7 pc, do I:
1. install the June Security update
2. skip the July one
3. install SSU KB4490628 from the MS catalog
4. install SHA-2 KB4474419 (the most recent updated version?)
5. install KB3133977 (2016 Bitlocker patch), from MS Catalog
5. install August security update
6. Wait on the September Security update with telemetry?
7. OK to wait on Sept. IE 11 update, even though Norton sent a notice about the out-of-band patch?

The only .NET update I’m offered thru Windows Update is KB4514602, which has version 4.8. Some here said not to install v4.8. I wasn’t sure what’s best?

Sorry for the long request. Thanks to anyone who can help!

Reply | Quote

Install KB3133977 (2016 Bitlocker patch), from MS Catalog. Please see the note here if you have an ASUS motherboard.
Install SHA-2 KB4474419 (the most recent updated version)
Install SSU KB4490628 from the MS catalog

Install the Security-only updates you want from AKB2000003. Seen notes which contain telemetry. September patches are at DEFCON-3.

Install IE11 Cumulative Update KB4516046

1 user thanked author for this post.

Lori

Reply | Quote

PKCano, No ASUS motherboard. So sorry you repeated earlier post I’d read. Wanted to double-check I’d not missed something else. Will install Sept WU then, IE 11 KB4516046, and follow notes on telemetry. And move from .NET v4.7 to v.4.8, as it’s the only one offered by Windows update? Were so many opinions on that. You have the patience of a saint! Thanks kindly, Lori

Reply | Quote

.NET 4.8 is not recommended for Win7/8.1 at this time unless you have/use a program that absolutely needs it.

1 user thanked author for this post.

Lori

Reply | Quote

Lori, I let Windows Update find and install all the patches rated important – except the GWX ones. I don’t fret about which ones I need because I have a regular image backup so I can restore if it goes pear shaped – hasn’t been necessary.

cheers, Paul

1 user thanked author for this post.

Lori

Reply | Quote

Thanks Paul! Health problems, got behind. So many issues to catch up on before patching. Wanted to double-check first. Backup done. Guess I “fret” as I’ve only done/needed pc restores, not installs. Here’s to no pear shapes.

So do the July/Sept patches; but with the anti-telemetry recommendations? Hid GWX in May. Not reappeared.

And, move up from .NET Frame v.4.7 to v.4.8, as it’s in the only .NET update offered thru Windows update? Read many opinions on both sides, didn’t need v 4.8; so asked. Can I uninstall it if problems? Getting to work now. Cheers back, Lori

Reply | Quote

If the NET update is only optional I wouldn’t install it. And as PKCano said, it’s not recommended yet.

cheers, Paul

1 user thanked author for this post.

Lori

Reply | Quote

OK, Boss–

I ran a backup, said a prayer, and I’m installing these and going to sleep. With Heaven’s help and yours, my computer and I will wake up in the morning.

2019-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 and Server 2008 R2 for x64 (KB4514602)
2019-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4516065)
2019-09 Security Update for Windows 7 for x64-based Systems (KB4474419)

Thank you. All the best,

Morty

2 users thanked author for this post.

jburk07, Myst

Reply | Quote

Thank Heaven (and you) I’m back!

But now they want me to install this:

2019-09 Servicing Stack Update for Windows 7 for x64-based Systems (KB4516655)

Do I want to?

 

Reply | Quote

Yes. The SSU only shows up once all other updates are in, so it’s an indication that all is well.

cheers, Paul

7 users thanked author for this post.

Lori, The Surfing Pensioner, jburk07, Morty, Charlie, Microfix, woody

Reply | Quote

Oh, bless its little cotton socks! I wondered why it popped out the rabbit hole just when I thought I’d done.

Reply | Quote

after applying the September 23 patch for IE, that we would be unable to install .net 3.5.

You have to install the .net 3.5 before installing the IE patch.

4 users thanked author for this post.

Lori, jburk07, columbia2011, woody

Reply | Quote

I don’t see anyone applying Martin Brinkmann’s workaround for MS Emergency IE update (CVE-2019-1367) on https://www.ghacks.net/2019/09/24/microsoft-releases-emergency-internet-explorer-security-update/

Why’s that?

Reply | Quote

Because there is no emergency.
Please see “What do we know about the big scary exploited emergency patched Internet Explorer security hole CVE-2019-1367”
AND
“Patch Lady – the optional 1903 that includes the IE patch is out”

And there are several other threads that deal with the topic also.

1 user thanked author for this post.

Lori

Reply | Quote

Woody’s Computerworld article comments that Window 10 1903 patching schedule is as clear as mud. Can I add my own experiences with the mud, in this case commissioning a brand new Dell XPS desktop.

23/9     Activated PC. Preinstalled OS is Windows 10 Pro 1903 build 18362.295. Set Quality delay to 28 days and Feature delay to 250 days. Windows installed a few patches, including 2019-08 cumulative update

24/9     Installed Office 2010 without licence

25/9     I noticed that the deferral options above had disappeared favour the Pause option, consistent with Woody’s comment that this change in behaviour came in with the Aug Cumulative patch.

27/9     Installed licence on Office 2010. A few patches came down for Office, including Office 2010 SP2

3/10     Set Resume Updates. 49 Office patches came down, plus the August .NET update (4511555), but none of the September patches. The Office patches I understand; the .NET patch I would have expected to come down earlier, but it is down now. The lack of any of the September patches, particularly 4515384, is most unexpected.

I will await the picture to clarify, but I am not holding my breath.

 

Chris
Win 10 Pro x64 Group A

Reply | Quote

You set Quality update deferral at 28 days (from release). That was Sept 10th.
Unless my count is off, today (Oct 3rd) is only 23 days out. You have 5 more days before the Sept updates show up. But that will put you close to Oct Patch Tuesday!!!!

Reply | Quote

@Pkcano Yes I know – I made a mistake on that one. The only problem is, with the current 1903 setup, I may not be able to correct it!

Chris
Win 10 Pro x64 Group A

Reply | Quote

Depending on the status of yesterday’s update (when Woody and Susan have processed the implications) you may be able to terminate the Pause and install an update. You can still HIDE the ones you don’t want with wushowhide first, then clear the WU Cache to install the one(s) you want.

Wait – there are still 3 1/2 days before panic. 🙂 🙂

1 user thanked author for this post.

Chris B

Reply | Quote

Thanks. I’ll watch!

Chris
Win 10 Pro x64 Group A

Reply | Quote

[EP]

check this out woody:

NEW out-of-band updates on MS Update Catalog:
https://www.catalog.update.microsoft.com/Search.aspx?q=2019-10

KB4524135 IE update for IE9/IE10/IE11
KB4524147 CU for 1903 (build 18362.388)
KB4524148 CU for 1809 (build 17763.775)
KB4524149 CU for 1803 (build 17134.1040)
KB4524150 CU for 1709
KB4524151 CU for 1703
KB4524152 CU for 1607

edit: these updates will also be available thru WU and WSUS

ooooh information overload 4 me on these new updates 🙁

• This reply was modified 5 years, 5 months ago by EP.
• This reply was modified 5 years, 5 months ago by EP.

5 users thanked author for this post.

cmptrgy, jburk07, woody, ltorres, Berserker79

Reply | Quote

Yeah, just noticed this update through wushowhide and decided to hide it for the moment. Looks like more MS sillyness regarding this IE patch?

As far as I understand, this is the same IE patch as the previous out-of-band patch of September 23 and also included in the following optional update of September 24, but according to MS the new update also corrects a printing issue.

I’m assuming the same caveats (as per Woody’s CW article) of the previous versions of the IE patch apply also to this new version.

Reply | Quote

Win 7 Pro x64, Group A

Just went to download and install Sept KB4516065 but it is no longer being offered.

Instead I have 2019-10  KB4524157 as checked?  What’s with that?

Should I install, or go to MS Catalog for KB4516065?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

3 users thanked author for this post.

jburk07, LHiggins, Marty

Reply | Quote

I was just offered KB4524157 and it was checked but I hid it for now.

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

jburk07

Reply | Quote

Did you previously receive the original Sept CU KB4516065?
And install?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

yes, installed it yesterday

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

[EP]

EP wrote:

check this out woody:

NEW out-of-band updates on MS Update Catalog:
https://www.catalog.update.microsoft.com/Search.aspx?q=2019-10

KB4524135 IE update for IE9/IE10/IE11
KB4524147 CU for 1903 (build 18362.388)
KB4524148 CU for 1809 (build 17763.775)
KB4524149 CU for 1803 (build 17134.1040)
KB4524150 CU for 1709
KB4524151 CU for 1703
KB4524152 CU for 1607

edit: these updates will also be available thru WU and WSUS

ooooh information overload 4 me on these new updates 🙁

• This reply was modified 5 years, 5 months ago by EP.
• This reply was modified 5 years, 5 months ago by EP.

They just  came down via WSUS…

I am a bit torn abt this… to deploy or not deploy to my org (prior testing of course)?

Also in the notes: “mitigation and corrects a recent printing issue some users have experienced.

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.”

 

Reply | Quote

There is also this bit of interesting info:

Addresses an issue that may result in an error when you install Features On Demand (FOD), such as .Net 3.5. The error is, “The changes couldn’t be complete. Please reboot your computer and try again. Error code: 0x800f0950.”

Did Microsoft fix the issue that prevented installing .NET 3.5 on those machines that had received the IE patch?

Reply | Quote

WARNING! MS have just released October Patches Early via WU! !

Defcon Change Woody?

If debian is good enough for NASA...

3 users thanked author for this post.

jburk07, Marty, Tom-R

Reply | Quote

Microfix, I just saw this also when I did a Check for Updates on a Win 8.1 system a few minutes ago.  Woody, I think you really need to update the DEFCON level back to 1 or 2 until we know what’s going on here.  I’m not about to install KB4524156.

3 users thanked author for this post.

jburk07, Marty, Microfix

Reply | Quote

Same issue on my Win7 machine.  We haven’t gotten to Patch Tuesday yet, but the September rollout has already been replaced with the October version — KB4524157.  What’s going on here?

3 users thanked author for this post.

Microfix, jburk07, LHiggins

Reply | Quote

This is an out-of-band “hotfix.”
This is NOT the October update released early. The normal Patch Tuesday complement will be released Oct. 8th as usual.

3 users thanked author for this post.

Lori, Tom-R, jburk07

Reply | Quote

[LHiggins]

PKCano wrote:

This is an out-of-band “hotfix.” This is NOT the October update released early. The normal Patch Tuesday complement will be released Oct. 8th as usual.

So should KB4524157  be installed instead of KB4516065? Checked as “Important” in my Windows Update along with KB4514602 and KB4503548 .NET not checked.

Thanks!

• This reply was modified 5 years, 5 months ago by LHiggins.
• This reply was modified 5 years, 5 months ago by LHiggins.

1 user thanked author for this post.

Marty

Reply | Quote

Wait for Woody’s evaluation. He’s mulling over what to do.

5 users thanked author for this post.

Tom-R, jburk07, AJNorth, LHiggins, Marty

Reply | Quote

Ok – will do. Should I go ahead and just do the one – KB4514602? Or wait on them both?

Reply | Quote

PKC,

Do we know yet whether their is (or will be ) a SO version of this out-of-band Hotfix?

Tnx,

AJN

Reply | Quote

It is in the IE11 patch. AKB2000003 has already been updated for Group B.

The Rollup contains the IE11 patch, but Group A doesn’t do separate patches. So they get a Rollup.

3 users thanked author for this post.

jburk07, LHiggins, AJNorth

Reply | Quote

Thanks, PK!

Had found KB4524135 in the MS Catalog at 53 MB, and the SMQR at 307 MB; this explains their differences.

Cheers,

AJN

Reply | Quote

[Marty]

But the September Security Rollup is gone.  Is it included in this “out-of-band” hotfix?

• This reply was modified 5 years, 5 months ago by Marty.

Reply | Quote

What a mess.  One last question (hopefully):  Are all of the S.O. updates and others listed in the Topic 2000003 Group B Win 7 section considered “Mainstream” updates including the Oct 2019 (IE11) KB 4524135?

I do understand about KB4516655 and even though I don’t have it now in WU it may pop up sometime in the future, or I can get it from the MS Update Catalog.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

There are notes in AKB2000003 about the patches.

You will probably need KB4516655 in the future even if not for Sept updates.
It won’t hurt anything to install it, though.

3 users thanked author for this post.

Alan_uk, Lori, Charlie

Reply | Quote

Well this is odd. I’m on Win 7 64bit, the only update from September I’m getting is the .NET one, KB4514602. No September security updates at all, not even hidden ones. In fact it’s only showing me the single October security update which I hid now.

Reply | Quote

Do you have KB3133977, KB4474419, and KB4490628 installed on your PC?

Reply | Quote

Hi PKCano

Today after the september updates quided by the Master patchlist PDF i decided to run
sfc  /verifyonly on my w10 1809 PRO 32bit just to see..the system ran fine as far as i can tell… i am hardly using it, because i’m mainly on windows 7 ultimate…….BUT!  i got about 32 errors!!!

 windows resource protection found integrity violations
for offline repairs, details are incuded in the LOG file provided by the  /OFFLOGFILE flag

i saved the CBS LOG file. Here are 3 of them:

CSI    00002b96 [SR] Cannot repair member file [l:19]’MusNotification.exe’ of Microsoft-Windows-Update-MusNotificationBroker, version 10.0.17763.719, arch x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, file cannot be checked

CSI    000033fc [SR] Cannot repair member file [l:28]’MSFT_MpThreatDetection.cdxml’ of Windows-Defender-Management-Powershell, version 10.0.17763.1, arch x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch

2019-10-03 19:41:32, Info                  CSI    00003474 [SR] Could not reproject corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpComputerStatus.cdxml; source file in store is also corrupted

something tells me a lot of these errors could have someting to do with the sledgehammer script… While   scf / verifyonly was running windows update services were halted by the script..  its easy to uninstall the script and running the windows related services. Should i do that and then run these checks s below?

should i first run  sfc / scannow  or  PowerShell DISM.exe /Online /Cleanup-image /Restorehealt  ???

Any idea if running “Restorehealt” will bring back Onedrive which i removed and other Metroapps?  or are only broken files being replaced? I made a backup after the september updates 🙂

please move post if posted wrong and notify me ok.

thanks

Reply | Quote

Run DISM restorehealth first then sfc. You also have the Windows troubleshooter available.

Reply | Quote

Ok ..i presume its best to uninstall the sledgehammer script (WUMT WUB WUMGR)  first to see if that makes a difference….

DISM restorehealth doesnt bring back features?

thanks

Reply | Quote

For Win 7, 64 Bit, S.O. IE Updates listed are KB4516046, KB4522007, and now KB4524135.  I was going to do KB4522007 assuming it overrode the previous one, but now I have yet another choice.  So which one do I install or do I do all of them (doubtful).  This is maddening.

Sorry, thought I was good to go.  No such luck.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Try KB4516046. The last one hasn’t been blessed by Woody yet.

1 user thanked author for this post.

Charlie

Reply | Quote

Hi all, all 2019-09 CUs for Win10 have been rereleased to fix the printer bug. If someone could double check if this is also the case for the older OSes and Servers, that would be great news and we can go fully patched without the IE / printer caveats.

Reply | Quote

We’re still getting reports that these latest patches have not fixed the printer problem. Stand by – reports v1903 now has start button problems.

Reply | Quote

[Jones55]

PKCano,

like u said, ran DISM.exe /Online /Cleanup-image /Restorehealt   (PowerShell right click, choose More\Run as Administrator) but get this error..

Image Version: 10.0.17763.737

Error: 87

The restorehealt option is not recognized in this context.
For more information, refer to the help.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
PS C:\Windows\system32>
got dism log file..but not allowed to send  what next to do?

i uninstalled sledgehammer first…i will restart computer and try again first…be back in a few minutes

 

• This reply was modified 5 years, 5 months ago by Jones55.

Reply | Quote

just finished DISM…looks ok

DISM.exe /Online /Cleanup-image /Restorehealt   had to be

DISM /Online /Cleanup-Image /RestoreHealth 

will run sfc /verifyonly again to see whats up

will post back if there are problems or unwanted modifications  i took note of the C:\Windows\SoftwareDistribution\Download as it was running  “someting like “Hello Face”popped up” but now dissapeared from folder

THANKS

Reply | Quote

Well, what a circus. Here’s my report:

Like Tex265 and others, I was about to install the September rollup KB4516065 and updated SHA-2 KB4474419 on one of our Win7 laptops when I discovered those patches had suddenly been replaced by the out-of-band KB4524157.

After I hid KB4524157 and re-checked for updates, the 2 September patches (rollup and SHA-2) reappeared. (The .NET update hadn’t been offered on that machine.) I installed those 2 September updates, rebooted, installed the September Office updates, and unhid the out-of-band KB4524157 as we await further information and advice.

Our other Win7 laptop worked about the same, except that the two September updates (rollup and updated SHA-2) were still in Windows Update, along with the .NET update. I installed just those two. After the restart, the new out-of-band update showed up in Windows Update, and .NET KB4514602 was still there. So I installed just the .NET, rebooted, and then installed the Office updates.

I haven’t seen any problems so far.
My anti-telemetry settings are still intact after the updates.

I was tempted to hide KB4524157 again, along with the unchecked October Outlook update, just to see if the Servicing Stack Update KB4516655 would appear, but I decided that would be a bridge too far. I’ll wait until after we see how things shake out.

Thanks to everyone here for all the information and advice, as always. Good luck to those who are still wading through the mess.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

5 users thanked author for this post.

Spiral, Microfix, Charlie, Myst, Lars220

Reply | Quote

even more errors after sfc /verifyonly so  run sfc /scannow

sfc /verifyonly.…..most errors were Windows Defender related..

00003513 [SR] Repairing corrupted file \??\C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender\\MSFT_MpThreatCatalog.cdxml from storeVerify and Repair Transaction completed.

CSI    00000b3f Warning: Overlap: Duplicate ownership for directory \??\C:\Windows\bcastdvr in component Microsoft-Media-Capture-Internal-BroadcastDVR, version 10.0.17763.737, arch x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

CSI    0000302a Warning: Overlap: Duplicate ownership for directory \??\C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy in component Microsoft-Xbox-GameCallableUI.toolkit, version 10.0.17763.1, arch x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}

 

sfc /scannow

All files and registry keys listed in this transaction  have been successfully repaired

now its time to get rid off Xbox and other garbage that sneeked in….

1 user thanked author for this post.

Fred

Reply | Quote

Security update KB4474419 (the SHA-2 thingummy that is constantly updated but is not an updated update according to MS) has disappeared tonight from the offerings on my main Windows 7 x64 machine, I haven’t had the other machine on to check but it’s usually the same updates on both machines so it’s probably gone on that one too. That leaves just the “quality” rollup and the .net framework update (which I’d normally install separately after the SHA-2 one).

1 user thanked author for this post.

Myst

Reply | Quote

[Fred]

Here some pc’s were pushed unwillingly installed with some (not all) updates.

It is quite a mess.

* _ ... _ *

• This reply was modified 5 years, 5 months ago by Fred.
• This reply was modified 5 years, 5 months ago by Fred.
• This reply was modified 5 years, 5 months ago by Fred.

Reply | Quote

Mass confusion. Went straight to my check for updates without hopping on the check in at Woody’s place. I usually look closely at all available Important Updates but instead just glanced at them and started with the first, KB4524157, (2019-10 Monthly Quality Rollup for Win7 x64). Walked away for awhile and not sure if it automatically rebooted, but it came back saying “No Important Updates” that everything had been installed. Did a Check for Updates again, KB4514602 showed up, (2019-09 Security and Quality Rollup for .net 3.5.1 etc …). Reboot, and the Office 2010 – 3 of those were marked Important, installed them. Reboot, checked for updates again and there were no more updates available.

So what happened with KB4516065 (September 2019 SMQR), and the September SHA-2 KB4474419?
PLUS, I was expecting the SSU KB4516655 for Win7 to show up after the Important Updates were installed. Nothing came through for the SSU. And the last SHA-2 version was installed with the August updates on September 8.

Heck of a mess trying to figure out whether I should go to the MS Catalog to install the SSU? And what about KB4516065 (SMQR for September), and the September SHA-2 4419?

Any advice is much appreciated.

Everything seems to be working fine. I’ve had the machine on for quite awhile since updating, sitting idle initially after the process was complete, then did some work on a few things.

MacOS iPadOS and sometimes SOS

2 users thanked author for this post.

Microfix, jburk07

Reply | Quote

KB4516065 won’t show up after installing KB4524157 becasue the latter is a Rollup and is cumulative, therefore contains the former.

2 users thanked author for this post.

Myst, jburk07

Reply | Quote

Makes perfect sense didn’t think of that while leaping into the fire. So the SSU may come through in the next round of cumulative updates? That’s what really concerns me at this point. Guess we’ll have to wait and see what the next round of craziness offers.

MacOS iPadOS and sometimes SOS

Reply | Quote

The SSU showed up as it should, after installing one last Important Update for Office 2010 Outlook that was unchecked. In the habit of ignoring unchecked updates. Just needed a nudge but it hit me after thinking it through. The Win7 machine is working good, no problems to report since the initial installation of the above noted Important Updates Oct 3.

MacOS iPadOS and sometimes SOS

Reply | Quote

[Seff]

So in addition to KB4474419 disappearing, I now have KB4524157 which appears to be an extra update in advance of the October monthly rollup and in place of the KB4516065 which was the September rollup.

How does that affect the DefCon rating? It was only released yesterday.

Perhaps I’ll just install KB4514602, the .net framework one, as the only September update still on offer through WU, plus whatever Office 2010 updates are still important and checked (last time I looked at that machine I had KB4475604 as important but unchecked together with three others that were important and checked). Then again, it’s tempting to forget the whole lot and see what Patch Tuesday brings.

This is increasingly absurd, and coupled with the similarly absurd nonsense going on with Windows 10 can only lead to more users sticking with Windows 7 and breathing a huge sigh of relief when these shenanigans come to an end in January, no matter how unwise on one level that may be.

• This reply was modified 5 years, 5 months ago by Seff.
• This reply was modified 5 years, 5 months ago by Seff.

3 users thanked author for this post.

Charlie, Myst, jburk07

Reply | Quote

KB4524157 is an out-of-band update. We should hear from Woody and Susan shortly concerning the Oct 3rd flood of patches.

1 user thanked author for this post.

Myst

Reply | Quote

Thanks PK, but as it replaces the September rollup for which we’re at DefCon 3, would it make sense to roll back to DefCon 2 pending further consideration and advice?

I think some people only look at the DefCon rating and will therefore be surprised when they hit the “install updates” button and find they’re not installing what they thought they were, or what was covered by the DefCon 3 rating.

Reply | Quote

That’s entirely up to Woody and Susan. (I’m just the reporter here) 🙂

2 users thanked author for this post.

Microfix, woody

Reply | Quote

Point well taken. I’m still struggling with the decision, as noted in the Computerworld article an hour ago.

1 user thanked author for this post.

Seff

Reply | Quote

So I just wanted to send an update.  In our corp. environment, we have about 50/50 Server 2012 R2 and Server 2016 LTSB (1607).  As our Cyber dept insists, we patched last weekend (9/29) and we’ve had a slew of weird issues since, Primarily on the 2012 side.

MS SQL ODBC errors up the wazoo, any App server jobs making calls to/from SQL blowing up, sometimes reproducible sometimes random.  We’ve also had a couple reports of console black screens.  Our back-up environment (Veritas NetBackup) has experienced many backup failures as well.

Removing .NET updates – KB4514599, Security Only KB4516064, IE KB4516046 fixes all of the issues.  Of course the SSU isn’t removable so KB4512938 is still in place.   I was a little surprised of the move to DEFCON 3.

Note, our homogeneous 2016 platforms seem fine (both App & Database on OS 2016).  Anyone else seeing these types of issues?

Reply | Quote

Windows 7 SP1 x64 Group B.

I did my monthly updates this morning (4 October 2019) while still at MS-DEFCON 3.

I installed the latest SSU (KB4516655), the latest SHA-2 support (KB4474419v3), the 2019-09 Windows 7 SO update (KB4516033), and the 2019-09 IE11 CU (KB4516046). No problems subsequently.

However, I had three surprises when I searched for updates in WU.

The first has already been commented on in this thread. I was offered the 2019-10 SMQR for Windows 7 when I was expecting the 2019-09 SMQR. But, like others discovered, when I hid this update and searched again, I was offered the 2019-09 SMQR (which I hid anyway, being in Group B).

The second surprise was that I was not offered the September MSRT in either search. Can anyone account for this? Has this happened to anyone else? In the past, I have always been offered the monthly MSRT, which I install and run.

The third surprise was that I was offered KB2310138, Security Intelligence Update for MSE (Version 1.303.837.0) as an optional update. I’ve never been offered such an update for MSE before, and I have been using MSE a long time. Did this happen to anyone else? And is it worth installing?

1 user thanked author for this post.

SueW

Reply | Quote

@TonyC, I may be able to address your third surprise. I recently started using MSE, and the first time I updated my computer after a “good” DEFCON, the only Optional update that was checked was KB2310138, the MSE update.

In order to eliminate this [additional update] going forward, I make it a point to manually update MSE just prior to updating my computer.

Perhaps your version wasn’t up-to-date, or was in the process of updating itself when you were checking for updates. As to whether it’s worth installing: it is if your MSE definitions aren’t current.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

TonyC, DrBonzo

Reply | Quote

[DrBonzo]

There is no September MSRT: https://support.microsoft.com/en-us/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo Scroll down more than halfway for the announcement

As far as definition updates, you want to install them either through Windows Update or the MSE interface itself. It’s conceivable that if you update frequently through MSE you may not have seen updates through Windows Update.

Edit: the 2019-10 SMQR supercedes the previous months SMQRs so you’re only seeing the latest, which is now october’s

• This reply was modified 5 years, 5 months ago by DrBonzo.

2 users thanked author for this post.

TonyC, SueW

Reply | Quote

Re September MSRT. Thank you. It never occurred to me that there might be a month without an MSRT. I thought that something had gone wrong somewhere.

Re MSE. Thanks to you and SueW. Your replies appear to suggest that a “Security Intelligence Update for MSE” is really just a virus and spyware definitions update. Is that correct? I’ve just noticed that they use the same version numbering system (e.g. 1.303.837.0). I have been offered virus and spyware definitions by WU many times in the past but they have never been called security intelligence updates!

1 user thanked author for this post.

SueW

Reply | Quote

Re MSE: the answer to your question is Yes, that is correct. When I scroll through my Update History, the name for virus definition updates changes from Definition Update for Microsoft Security Essentials to Security Intelligence Update for Microsoft Security Essentials on July 30, 2019. Regardless of the name, though they all have the same KB number: 2310138. And, as you noticed the same version numbering system continued after the name change.

Do make sure you keep the definitions up to date (sounds like you probably do)!

Reply | Quote

[alQamar]

And now it is getting seriously odd. Seeking WU on Server 2008R2 gives you a non optional 2019-10 Security Cumulative Update it is not even patchday week 1.

 

• This reply was modified 5 years, 5 months ago by alQamar.

Reply | Quote

[dgreen]

Reporting in on Sept updates installed this morning.
at that time MS-Defcon was 3

Installed KB4474419 (SHA2 ) did this first
Installed KB4516065 (roll up)
Installed KB4514602 (.net roll up)
did not install KB4516655 (service stack)
did not install MSRT (hid)
Hid KB4524157 (out of band update)

All installed without issue.

so now MS Defcon is back to 1!!
Should I be worried now that I installed the updates?

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1 GROUP A
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller
MSE antivirus (has new name now)
Chrome browser
DSL via ethernet (landline)

• This reply was modified 5 years, 5 months ago by dgreen.

1 user thanked author for this post.

Microfix

Reply | Quote

Not to worry if you are not having problems. Don’t uninstall patches. Just sit tight.

2 users thanked author for this post.

dgreen, Microfix

Reply | Quote

PKCano wrote:

Not to worry if you are not having problems. Don’t uninstall patches. Just sit tight.

What happened to my post????

Reply | Quote

It got caught tin the spambucket on edit. Slow down with edit/submei/edit sequence (plus the site is kinda flaky at times now0

1 user thanked author for this post.

dgreen

Reply | Quote

Woody’s move to Defcon 1 (for good reasons) is a classic example of why the 1903 update controls do not work, at least as I understand what I can do. I made a mistake in setting the deferral at 28 days when I set up my PCs, and the August cumulative update whipped the controls away from me so I can’t respond to a set of buggy patches. On top of that, Microsoft have not made clear what the effect of the pause etc controls really are.

Clarity and control please Microsoft. Clarity and control.

Chris
Win 10 Pro x64 Group A

Reply | Quote

Pause works like this:
You won’t get updates tor the designated Pause time period.
When the Pause time expires, you will not have another opportunity to Pause updates until you install the pending updates. In other words, Pause just puts off the inevitable.
But you can turn off Pause at any time, and that has the same effect as if the Pause time expired – you have to install whatever is pending before you can pause again.

In a case like this, Pause kept you from getting thre buggy updates.

1 user thanked author for this post.

Chris B

Reply | Quote

@PKCano Thanks. In my case, it is the interaction between the Pause function and the earlier referral functions that I am uncertain about. I set defer at 28 days when I installed the PC on 23 Sept and never hit the Pause button. My best understanding is that the 10 Sept patch will hit on 8 Oct; yesterday’s patches on 31 October and so on, and that I have no way now to change that schedule. However, my confidence in that interpretation is extremely low!

Chris
Win 10 Pro x64 Group A

Reply | Quote

There is a Registry Setting that represents whatever was set in the GUI for Quality deferral  when the Settings switches disappeared. I have mentined if frequently in posts. I do not have time to search for it now, but you can try to find the posts by searching for using “deferral” and “GUI” and “disappear.”

1 user thanked author for this post.

Chris B

Reply | Quote

@PKCano  Thanks. I’ll search it out.

Chris
Win 10 Pro x64 Group A

Reply | Quote

Try this Topic – there is information there.

1 user thanked author for this post.

Chris B

Reply | Quote

In the end I have disabled Windows Update in Group Policies on both of my computers and am sitting out the storm in a bunker until thins get clearer!

Chris
Win 10 Pro x64 Group A

Reply | Quote

Win 7 Pro x64, AMD Phenom II X4 920, Group B

Downloaded and installed SO update KB4516033 and restarted.

Downloaded and installed IE11 update KB4516046 (w/o fix) and restarted.

WU listed 3 checked “Important” updates:

Security Update for Microsoft Excel 2010 (KB4475574) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4464566) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4475599) 32-Bit Edition

Downloaded/Installed and restarted.

WU then listed checked “Important” update KB4474419 (SHA-2 code-signing support)

Downloaded/Installed and restarted.

All telemetry settings remain Disabled.

If the order of installation was incorrect, what problems should I expect?

2 users thanked author for this post.

Microfix, SueW

Reply | Quote

I know this is an older article and this subject has probably been talked about but I don’t know where to look for the answer. I have tried searching but all I get are issues with this involving Windows 10.

Windows 7 64 home premium Group A and NOT computer savvy at all!!

Thanks to Hurricane Dorian I had lost power for 7 days when the all clear came for August’s patches and by the time it was restored they were replaced (mostly) by September’s patches, so I waited and didn’t install anything. I waited for the all clear for September patches and installed them (can’t remember now what they all were). The day after installing them the defcon level went to one.  Well apparently some update broke my ability to print!! Does anyone know which update it was and how to fix the problem?? Would uninstalling whichever update caused the problem fix the problem???  PLEASE I am desperate because I need to print off some medical information that I need for a doctor’s appointment tomorrow!!  HELP!!!

Reply | Quote

In Control Panel\Windows Update click on “Change settings” and set Windows Update to “Never check for Updates”
Click on “view update history”.
KB4516065 is the 2019-09 Security Quality Monthly Rollup (released Patch Tues 10/8)
KB4524157 is called 2019-10 Security Quality Monthly Rollup (released in Oct)

If you see either one of these listed:
In Windows Update at the bottom left, click on “View Installed Updates”
Scroll down to the section on Windows.
Highlight the one of those you see installed, right click and choose “Uninstall”

After the reboot, go back to Windows Update.
Click on “Check for updates”
If you see the update you just uninstalled listed in the Important updates, right click on it and choose HIDE.
Go back to “Change Update settings” and set Windows Update back to where it was originally.

1 user thanked author for this post.

KarenS

Reply | Quote

Thanks PKCano for your reply. I don’t have KB 4524157 installed but I do have KB4516065 but ONLY on my PC NOT my husband’s and I am having the same issue with the printer with his PC also, so I doubt that is the problem. I think I have figured it out and I don’t think it was a Windows update at all. After the hurricane our internet provided came and installed a new wireless router (ours was 10 yrs old and out of date) and apparently the router was not connecting to the printer and it have to be done manually. I am in the process of testing that theory now……..

Reply | Quote

That sounds like a better fix in this case.

1 user thanked author for this post.

KarenS

Reply | Quote

Sure was!!  Well apparently the router was the main culprit but not all programs seem to want to print (my One Note program for example) but I was able to get printed off what I need for now.  Thanks!!!

Reply | Quote

So I was still having issues with my printer, I was getting an error code 0x00000709 when I tried to set my one and only printer as the default printer. So I decided to go ahead and uninstall KB4516065, rebooted when promoted and NOW my pc seems to be stuck on “preparing to configure Windows……Do Not Turn Off Your Computer”. The fan is not going and the HD light is just slowly blinking like it is sitting idle….nothing seems to be happening, it has been 20 minutes.  WHAT SHOULD I DO???? HELP!!!

Reply | Quote

Karen,

Keep calm. You’ve been there already, remember? 🙂
If you’re still stuck with the same message after a couple of hours or so, re-read and follow GTP’s advice on that thread to get you back in control. 😉

Now, if you’re still having issues afterwards, a list of the latest (2019) Windows / .NET Framework updates that have been installed on your system could help us here to figure out if you need to (un)install anything: open Control Panel > Programs and Features, follow the ‘View Installed Updates‘ link, click on the ‘Installed On‘ column to sort down the items (most recent ones at the top) and take a screenshot -or-, alternatively, open a command line window (Windows key+R, type ‘cmd’ and press Enter) and type

wmic qfe list brief|findstr 2019>%USERPROFILE%\Desktop\wu.txt

Press Enter and wait a few seconds while a ‘wu.txt‘ text file is being created on your desktop. Once you see the blinking cursor again, type

reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Updates /s /f InstalledDate|findstr /c:KB /c:2019>>%USERPROFILE%\Desktop\wu.txt

and press Enter again. Once the blinking cursor is back, type

exit

and press Enter one last time to close the command line window. Reply back with the attached ‘wu.txt‘ file or copy&paste its contents back here.

2 users thanked author for this post.

KarenS, PKCano

Reply | Quote

Yes, I know I have been in the position before but this time seemed different as nothing seemed to be happening. After almost an hour and a half it finally configured (did that 3 times) and my computer rebooted. Now after all this effort to uninstall the update (per PKCano’s instructions) and waiting forever for the reboot it didn’t solve the problem with the printer throwing the error code when I try to set it as the default printer. Not sure what to do with that! Any suggestions??

Reply | Quote

Since the problem doesn’t appear to be caused by the Sept Rollup, look for the printer problem elsewhere. Look in the printer setup on the computer. Possibly uninstall, reboot, and then reinstall the printer software.

The October Windows update will replace the Rollup you uninstalled. So wait for the go-ahead on that.

1 user thanked author for this post.

KarenS

Reply | Quote

Windows 7 SP1 64bit, with Broadcom network card. Group B.

Installed September’s updates; KB4474419 SHA2, KB4516655, IE KB4516046, SO KB4516033 today, KB4522007 and KB4524135 were not installed.

From the catalog; Installed KB4474419 1st, KB4516655 2nd, IE KB4516046 3rd and SO KB4516033 last.

Installed one at a time. Rebooted in between each update letting it sit 1 or 2 minutes after update was installed (when hard drive light settled down).

As per SUEW’s always excellent posts, did the same as before. I went through Scheduled Tasks after installing the September patches. All remained “disabled”. See the below (for those wanting to turn off Telemetry Scheduled Tasks):

Application Experience
AitAgent was set to run at 2:30am -presumed altered from July’s patch- but it did honor the set disabled state and didn’t run.

ProgramDataUpdater – was still set to disabled.

Autochk Proxy- Disabled (deals with CEIP).

CEIP did honor the set disabled state.

DiskDiagonostic Data Collector & Resolver – Disabled (disk & system info for CEIP). It did honor the set disabled state.

Media Center has: ActivateWindows Search, ConfigureInternet Time Service, DispatchRecoveryTasks, ehDRMInit, InstallPlayReady, mcupdate, MediaCenterRecoveryTask, ObjectStorRecoveryTask, OCURActivate, OCURDiscovery, PBDADiscovery, PBDADiscoveryW1,PBDADiscoveryW2, PeriodicScanRetry(disabled, an old trigger of 2006), PvrRceoveryTask, PvrScheduleTask, RecordingRestart (disabled), RegisterSearch,
ReindexSearchRoot, SqlRecoveryTask, UpdateRecordPath. ALL had “last time run never”. After install of JULY patch all appeared the same “ready” except for 2 of them mentioned as “disabled”. No new run times, no new triggers (I do not use Windows Media Player).

PerfTrack – disabled

“WindowsErrorReporting” (WindowsError Queued files)? I already have Windows Error Reporting Service disabled, so I did disable the Scheduled Task a month ago.

Control Panel > Administrative Tools > Services, find Diagnostics Tracking Service. I did NOT have that service. I never installed KB2952664 nor any get win10 patches (Group B).

No network issues. No oddities. This was a fairly simple monthly patch! The IE and SO patch were slow to install but went fine.

Rebooted 3 times and let it sit for several minutes.

I would recommend people on the last reboot to go to the desktop and let it sit 45 to 60 minutes to Process Idle Tasks and let the trusted installer (as per PKCano) do its thing.

You can also force Processing of Idle Tasks as I do if you want by the administrative command prompt: rundll32 (space) advapi32.dll,ProcessIdleTasks

You can enter that then walk away for 15 to 20 minutes. If the drive light is still on, it is still running, walk away again. Do not allow the computer to go to sleep. Reset the Power Options to 1 hour sleep if needed. Laptops make sure you are on AC power not battery!

Thanks to all here.

Windows 7 Group B

2 users thanked author for this post.

SueW, Charlie

Reply | Quote

[Charlie]

This is good to hear, but you took a risk especially with the IE update.

Edit:  Did you check to see if your printer still works?

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

• This reply was modified 5 years, 5 months ago by Charlie.

1 user thanked author for this post.

SueW

Reply | Quote

Hi Charlie and SueW.

Charlie this PC does not have a printer so it does not matter.

SueW, I agree with you but then later was convinced bu other here that the Defcon 1 was for the newest patches out and not the older Sept 9 or 10th ones. That is why I post here it to let others know of success or failure and the exact order. Some people have a different order of installs or KB’s they do install. I think you should be OK SueW just make a System Restore Point manually before you start (or back up) just in case.

Thanks again.

1 user thanked author for this post.

SueW

Reply | Quote

Actually, Woody’s post said:

We’re still at MS-DEFCON 1, folks. There’s absolutely no good reason to install ANY September patches.

See post #1975252.

1 user thanked author for this post.

SueW

Reply | Quote

@anonymous, it’s my turn to thank YOU for your very detailed post (and I appreciate your ‘shout-out’).  I have held off installing September’s updates as my timing fell after DEFCON 3 became DEFCON 1. 🙁  I’ve been very tempted, though, especially after reading your results.

I do agree with @Charlie though about updating IE.  I’d be inclined to wait until October’s IE update (and the go-ahead DEFCON to install): it’s always a Cumulative Update, and hopefully will include the necessary corrections/updates.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

SueW, let me just say that I had installed the KB4474419 that came with WU for Sept. and I installed all of the Sept. Office 2010 security updates (but not the unchecked Oct. one).  I had done this while we were still at Defcon 3 and I have not had any problems.

Be your own judge as to what to do, but I think the Sept. Office 2010 updates are safe.  Susan the Patch Lady had approved them too.  Just my 2 cents.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

1 user thanked author for this post.

SueW

Reply | Quote

? says:

i’m now getting random reboots on win7 pro (3 in the last couple of days). Nir bluescreenview tells me it is the Cisco\Linksys AE2500 N600 wifi dongle (driver). i have the “latest” driver available (from 2015). so. if anyone is having a similar problem…

Reply | Quote

[fernlady]

fernlady wrote:

On September 23rd, Installed kb4474419 (V3) restart required, kb4516655 restart not required but did it anyway.

Today Installed kb4516065 restart required, installed kb4514602 restart not required but did it anyway.

As far as I can tell everything is okay.

I was checking out installed updates just now and discovered kb4514602 is not in the installed updates that was installed October 2 only shows in history. Where did it go? Guess I really didn’t need it.

Windows 11 Pro
Version 23H2
OS build 22631.4890

• This reply was modified 5 years, 5 months ago by fernlady.

Reply | Quote

kb4514602 is the .NET Rollup. It is a bundle of updates, one for each individual version of .NET. The individual updates each have a unique KB number that is different from the Rollup. Although the Rollup shows up in the history, it is the individual KBs that show up as installed updates. See the support page for the individual KBs.

1 user thanked author for this post.

fernlady

Reply | Quote

ah, dummy me didn’t look at the

whole

screen. .Net is there.

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

OK…I’m the one who, through having a cold-flu-foggy head, went and installed patches between Defcon 3 and the gear-grinding pullback to Defcon 1. ( #1974660)

Opened my laptop tonight and got “Windows has unexpectedly come out of sleep mode. To help you with the problem, here is some information:”

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 1000009f
BCP1: 0000000000000004
BCP2: 0000000000000258
BCP3: FFFFFA8003690660
BCP4: FFFFF80000B9E420
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\100719-36660-01.dmp
C:\Users\user\AppData\Local\Temp\WER-18593790-0.sysdata.xml

—–

At first, nothing seemed off. Then I got a blinking cursor BSOD on a reboot the next day, which seemed to resolve; have not seen it again, and I can print with my USB printer (I only have one).

Ran a full disk drive diagnostic from Dell’s toolkit in the UEFI/BIOS on the HDD (took an hour) and it passed. Now tonight, upon flipping open the laptop, I got this, never seen it before:

“Windows has unexpectedly come out of a sleep state, here is some information to help you find the trouble:”

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 1000009f
BCP1: 0000000000000004
BCP2: 0000000000000258
BCP3: FFFFFA8003690660
BCP4: FFFFF80000B9E420
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\100719-36660-01.dmp
C:\Users\user\AppData\Local\Temp\WER-18593790-0.sysdata.xml

Don’t know if this is patch-related, just grist for the mill. Oh, man.

Oh, and went in search of the files it mentioned; the minidump said “access denied”, the other one was not found!

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Nibbled, this is anon #1929430. It looks like a power driver (power state) problem.

Windows 7: BSOD BCCode: 1000009f by Poster cansat66
https://www.sevenforums.com/bsod-help-support/265161-bsod-bccode-1000009f.html

DRIVER_POWER_STATE_FAILURE (9f)

Poster cansat66 uninstalled McAfee and VirtualClone Drive. BSODs went away. Another poster in a forum uninstalled Norton Antivirus and said they would post again if the BSODs were still present. They did not. So one assumes Norton caused their BSODs. Any recent change in your antivirus or did this happen immediately after the MS patches?

Nibbled, other than the patches have you installed anything? If not, then I would uninstall the patches one by one, starting with the IE11 patch first (my opinion). Others may have ideas too.

Hope you get it fixed. Keep us informed.

1 user thanked author for this post.

OscarCP

Reply | Quote

? #1929430:

Am using MSE, nothing exotic re AV.

No recent changes in  hardware at all…can’t afford it.  :/

Appreciate the advice on the patches, but as the machine has behaved itself for nearly 24 hours, for the immediate present I’m going to “keep it under observation”. If it has another psychotic episode, I’m going to start pulling patches. Don’t want to do that just yet, as THAT can cause issues; sometimes running Windows is like flying an large airplane: you don’t want to change anything fast! (Save dire emergencies.)

(Maybe the Moon is in the wrong sign or something.  :p )

And thanks for the Windows Seven Forum link; hadn’t heard of it, looks neat. One cannot have too many help sources these days. If the instincts of my “Better Angels” didn’t say otherwise, I’d swear MSFT is trying to blow the Win 7 ship up before January.  I am SO tired of being a beta tester.

(BTW, anything McAfee is, IMHO and experience, as deluded and kludge-ridden as the founder of the company is.)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

? says:

is this MSRT dated 10/3 for september?

https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=58429daa-53b6-4d60-8a72-8f85035351e5

from:

https://www.catalog.update.microsoft.com/Search.aspx?q=890830

or does it matter since it is high noon on patch day somewhere?

Reply | Quote

Today my W7 Prof 64bit got corrupted so I recovered to a post July updates with an image backup. Then via Windows Update (after hidding Octobers) I was offered and installed:

2019-09 Security Update KB4474419
2019-09 Security Monthly Quality Rollup KB4516065
2019-09 Servicing Stack Update KB4516655

But I’ve not been offered
2019-09 Security and Quality Rollup for .NET Framework 3.5.1, ………. (KB4514602) [Im on 4.7.2] that I was offered and installed previously in September.

My last .NET F/W update in now July 19 with KB4507420

Suggestions on how I install the missing KB4514602 please.

Also, previously I applied the IE patch KB4522007. Is that now incorporated in the normal Sept patches?

Thanks

Alan

 

Reply | Quote

Also, previously I applied the IE patch KB4522007. Is that now incorporated in the normal Sept patches?

KB4522007 is not in the Sept patches. It was issued after Sept Patch Tues. But it is incorporated into the Oct Updates.

2 users thanked author for this post.

AJNorth, Alan_uk

Reply | Quote

Alan, the missing .net update is in the MS Catalog: KB4514602

If debian is good enough for NASA...

1 user thanked author for this post.

Alan_uk

Reply | Quote

Many thanks Microfix. I’ve always been a bit wary of using the catalogue when there are multiple files, especially when lots. This NF update is 6 files, some msu and some exe. Can I run those in any order? And if one fails how do I reverse – go back to a Restore Point or will they be in Installed Programmes to uninstall?

Thanks, Alan

Reply | Quote

.NET Rollup KB4514602 is a “bundle” of updates. Look at the MS support page for KB4514602.
Each one of those files is for a different version of .NET and each has it’s own KB number.
You only need the one(s) for the version(s) of .NET that is installed on your machine.

IMHO it is best to install the .NET Rollup through Windows Update because WU “knows” which versions are installed and installs the individual updates accordingly. It’s more difficult if you try to handle the job yourself.

If you use WU, be sure the update says “Rollup” and is not the installer for another version of .NET (v4.8 installer has been offered through WU lately).

1 user thanked author for this post.

Alan_uk

Reply | Quote

Alan_uk wrote:

Many thanks Microfix. I’ve always been a bit wary of using the catalogue when there are multiple files, especially when lots. This NF update is 6 files, some msu and some exe. Can I run those in any order? And if one fails how do I reverse – go back to a Restore Point or will they be in Installed Programmes to uninstall?

Thanks, Alan

WU now offering optional 2019-10 Security and Quality Rollup for .NET Framework ….. for x64 (KB4524102) 41MB, so I hid this and checked again for updates.

Now offered 2019-09 Security and Quality Rollup for .NET Framework 3.5.1, ………. (KB4514602) so I installed.

Thanks to those that helped.

Alan

Reply | Quote