MS-DEFCON 3: Time to get the August 2019 patches installed

Topic

New Reply

There are still some lingering bugs. Make sure you understand them before you take the August patching leap. Details coming in Computerworld Woody on
[See the full post at: MS-DEFCON 3: Time to get the August 2019 patches installed]

14 users thanked author for this post.

Lori, Blizzard, John782, Elly, Morty, deuce120, Geo, abbodi86, Moonbear, SueW, geekdom, Myst, AJNorth, jburk07

Reply | Quote

Replies

can i install august patch for windows 7 after i skipped spyware infested july patch?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Wait for Woody’s instructions in the ComputerWorld article when it is published/linked.

2 users thanked author for this post.

Morty, Fred

Reply | Quote

Honx, PKCano is right you should wait for what Woody has to say, there were a few “gotch-yas” this August patches.

Honx, I understand your skipping July Group B patching, as I was considering it too. But I feel there are too many items patched to ignore, and since the patch is there waiting to be downloaded, you might re-consider.

I feel that AJNorth and Abbodi86 had a handle on the situation and the telemetry “spyware infested july patch” as you say can be mitigated.

Abbodi86’s suggestions from Askwoody
https://www.askwoody.com/forums/topic/how-much-telemetry-is-going-out-with-this-months-security-only-win7-patch/#post-1901665

AJNorth’s suggestions from Askwoody
https://www.askwoody.com/forums/topic/ms-defcon-4-time-to-get-the-july-2019-patches-installed/#post-1902567

Look into those and see if it changes your mind.

1 user thanked author for this post.

woody

Reply | Quote

Use @abbodi86 ‘s Method to Neutralize Telemetry AKB2000012.

3 users thanked author for this post.

Lori, TaskForce141, woody

Reply | Quote

PKCano wrote:

Use @abbodi86 ‘s Method to Neutralize Telemetry AKB2000012.

as my english is not very good and i’m using german windows 7 ultimate where everything has other names (german names) i don’t dare following this article. my english is simply not good enough and i don’t want to brick my system.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

[TaskForce141]

I now check Task Scheduler after each monthly patch installation.

Twice now, I’ve found that MS re-enabled telemetry tasks that I had disabled per this askwoody post (much thanks for it, it saved me from CPU overhead, pointless SSD writes, and upload traffic).
No issues with the Diagnostics Tracking service; that hasn’t been re-enabled.

• This reply was modified 5 years, 7 months ago by TaskForce141.

3 users thanked author for this post.

Morty, Myst, SueW

Reply | Quote

Those July 2019 Windows 7 “Security Only” patches are on the always avoid list and who knows about any telemetry software that’s installed staying off even with the settings to disable that turned on. Maybe MS has some ways of surreptitiously turning those things on  and piping that telemetry out via some “innocuous” service’s channel back to the mothership.

It’s September and time for that month’s security patches to be vetted for telemetry as well and every month after until windows 7 goes EOL.

Reply | Quote

Why not wait until the September patch? It it only 4 days away. Hopefully, Microsoft will have fixed the August bugs by then. We can hope that the September update won’t be as bad. 🙂

Reply | Quote

Good question. I struggled with it.

In the end… next Tuesday’s patches won’t be ready for general consumption until late September (or maybe not until October, if they’re as bad as this month’s). There’s no indication that the next Win10 1903 patch will be any better than the last one. And we have DejaBlue staring at us.

8 users thanked author for this post.

Blizzard, walker, Elly, geekdom, AlphaCharlie, SueW, netuser, NetDef

Reply | Quote

It’s here.

https://twitter.com/GossiTheDog/status/1170014744176148481

~ Group "Weekend" ~

3 users thanked author for this post.

Elly, woody, Microfix

Reply | Quote

[netuser]

Thanks Woody, I just installed the August security patch for Windows 10 version 1903.

I noticed in the Microsoft Update Catalog, that there is an August Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 for x64 (KB4511555); however, the August .NET CU has not been offered via Windows Update. The last CU installed for .NET is the July CU. Should I download and install the August CU for .NET?

• This reply was modified 5 years, 7 months ago by netuser.

Reply | Quote

You should wait for the .NET patch to be offered to your PC through Windows Update.

1 user thanked author for this post.

netuser

Reply | Quote

For those in Win 7 Group B:  If we’re already patched with July security only update, for August security patch should we only be downloading/installing KB4517297 as it already contains the contents of initial security only update KB4512486?  Asking because it seems that to be safe to apply (only) the KB4517297 patch even if you don’t know if any programs on your PCs run VB scripts etc?  Thanks for any insight and advice.

Reply | Quote

The MS pages for KB4517297 say:

Note This update contains all the quality and security changes in KB4512486 (released August 16, 2019). While it does not replace KB4512486 on Windows Update, if you install this update you do not need to install KB4512486

1 user thanked author for this post.

SueW

Reply | Quote

anonymous wrote:

Honx, PKCano is right you should wait for what Woody has to say, there were a few “gotch-yas” this August patches.

Honx, I understand your skipping July Group B patching, as I was considering it too. But I feel there are too many items patched to ignore, and since the patch is there waiting to be downloaded, you might re-consider.

I feel that AJNorth and Abbodi86 had a handle on the situation and the telemetry “spyware infested july patch” as you say can be mitigated.

Abbodi86’s suggestions from Askwoody
https://www.askwoody.com/forums/topic/how-much-telemetry-is-going-out-with-this-months-security-only-win7-patch/#post-1901665

AJNorth’s suggestions from Askwoody
https://www.askwoody.com/forums/topic/ms-defcon-4-time-to-get-the-july-2019-patches-installed/#post-1902567

Look into those and see if it changes your mind.

unfortunately this article does not say anything about windows 7 gotchas or i can’t find them…

discussion behind first link is too long to read…

link 2 says following (among others):

Fortunately, there are ways to circumvent the telemetry, or at least minimize it. Details following.

unfortunately details never followed. at least i never found them.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Honx, I am sorry. The items posted by me are not what I typed. I had exact locations of the askwoody articles for you to read.

The “gotch-yas” refers to a bitLocker issue that caused some people a bad time. Windows 7 for x64-based Systems (KB3133977) may have to be installed.

I will read Woody’s article and see what he said after I post this to you.

Thank you.

Reply | Quote

HONX, According to Woody (from his just published ComputerWorld article), the July patches were not that critical. “You can install the August Security-only patch without bringing in the snooping routines. But unless you install the telemetry-laden July Security-only patch, you’re missing a month of (not really all that important) patches.” He also said, “If you see KB 4493132, the “Get Windows 10” nag patch, make sure it’s unchecked.”

There are ways of turning off the July telemetry. I have done so according to Abbodi86 and AJNorth and it seems “non-existent”.

There were some BitLocker UEFI problems with people and it was mentioned maybe KB3133977 needed to be installed (I did not see this mentioned in his article). At Askwoody’s it was discussed here: https://www.askwoody.com/forums/topic/caution-windows-7-august-monthly-patch-might-cause-bsod/

I will wait a few days to let the dust settle, stand by and watch, as everyone else patches.

Hope this helps you.

Reply | Quote

anonymous wrote:

HONX, According to Woody (from his just published ComputerWorld article), the July patches were not that critical. “You can install the August Security-only patch without bringing in the snooping routines. But unless you install the telemetry-laden July Security-only patch, you’re missing a month of (not really all that important) patches.” He also said, “If you see KB 4493132, the “Get Windows 10” nag patch, make sure it’s unchecked.”

There are ways of turning off the July telemetry. I have done so according to Abbodi86 and AJNorth and it seems “non-existent”.

There were some BitLocker UEFI problems with people and it was mentioned maybe KB3133977 needed to be installed (I did not see this mentioned in his article). At Askwoody’s it was discussed here: https://www.askwoody.com/forums/topic/caution-windows-7-august-monthly-patch-might-cause-bsod/

I will wait a few days to let the dust settle, stand by and watch, as everyone else patches.

Hope this helps you.

thx, kb3133977 is installed already, since 3/24/2016, according to command: wmic qfe | find “3133977”.

my problem with these instructions: they are english, applying to english language os. my os is german so i assume many things have other names in german language and i’m not very good in english and translating from english to german… so my problem is: there is no german instractions about removing telemetry from july patch. 🙁

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

PKCano wrote:

Wait for Woody’s instructions in the ComputerWorld article when it is published/linked.

article is published, i can’t find instructions regarding installing august security only patches without having july NOT security only patch installed.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Just install the August Security-only Update and the IE11 Cumulative update as usual.
See instructions for the Security-only patch in #1940688 above.

2 users thanked author for this post.

AJNorth, woody

Reply | Quote

@PKCano:  Due to illness, I have not been able to locate the latest WOODY’S “Computer World for the MOST RECENT Information.    I hope and pray and I can find it – – – – THANK YOU again for all of your invaluable help, as always.

Reply | Quote

Woody’s ComputerWorld Article is here.

Reply | Quote

@PKCano:  Thank you, thank you, thank you for your wonderful help in locating this information.  No matter how many times I say “thank you”, it can never be enough to reflect my admiration, gratitude, and happiness from all of the help you provide to us all.  THANK YOU, THANK YOU, THANK YOU !!!!

2 users thanked author for this post.

Blizzard, Morty

Reply | Quote

Oh boy, just updated from like 18xx, already had to re-select sorting options, theme settings, withd settings on columns, Restore point had been set to ‘Off’ for some reason…I wonder what more “fun” stuff it has in store for me, surely there must be something more vile than just things that are a pain in the ***? //TiredOfThisC***

Reply | Quote

on windows 8.1 notebook, after installing security only update kb4517298 (in windows update history only called “update”, not “security update” and ie update kb4511872 windows update history says “failed”. but i can’t install it again because “is installed already”…

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

kb4517298 is OK.
If you installed KB4512488 (2019-08 Security Quality Monthly Rollup) in Win8.1, you will not be able to install kb4511872. If you are trying to install the wrong bitedness (32-bit or 64-bit not right), kb4511872 will not install.

Reply | Quote

PKCano wrote:

kb4517298 is OK.
If you installed KB4512488 (2019-08 Security Quality Monthly Rollup) in Win8.1, you will not be able to install kb4511872. If you are trying to install the wrong bitedness (32-bit or 64-bit not right), kb4511872 will not install.

of course i did not install security quality rollup. 😀
and i got 64bit version, as all my systems run 64bit.

anyway, after uninstalling kb4411872 and installing it again, it seems to be installed correctly this time. windows update history doesn’t show “failed” (in german “fehlgeschlagen”) anymore, this second attempt shows “successful” (i think, english people call it “successful”, in german language it’s called “erfolgreich”)…

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Woody’s article suggests that most Win7 users should have two patches, one dated 13th August and the other dated 17th August.

For information, I have two updates  – KB4512506 Quality Rollup and KB4474419  Security Update – and both are dated 13th August and checked. Of course, I also have the usual MSRT which I don’t install these days as it has proved troublesome in the past. Optional updates comprising a couple of previews plus .Net Framework 4.8 have already been hidden.

I propose to follow my usual procedure and leave well alone overnight while some kind souls update this site with their experiences, and then tomorrow I’ll install these updates on my main machine with both of them plus the Office 2010 patches being installed on the other machine a day or two later if all is well.

Thanks as always to Woody and the team plus fellow commenters.

1 user thanked author for this post.

jburk07

Reply | Quote

If you have problems with a program that uses VB6, VBA, of VBSctipt (some macros in Office use this), you can install the Security-only Update KB4517297 (Win7) or KB4517298 (Win8.1) to fix the problem.

If you do not have the problem, you DO NOT need the Security-only patches because the fix will be in the September Rollup.

2 users thanked author for this post.

geekdom, jburk07

Reply | Quote

[Seff]

Just to clarify, KB4474419 isn’t a security-only patch from MS Catalog, it’s a SHA-2 code signing support update that is being offered as an important update within the usual Windows Updating. As such it appears to offer additional improvements to the original patch of that number which I installed in March but is stated not to be a replacement for it, despite having the same number.

• This reply was modified 5 years, 7 months ago by Seff.

1 user thanked author for this post.

jburk07

Reply | Quote

[Seff]

Seff wrote:

Just to clarify, KB4474419 isn’t a security-only patch from MS Catalog, it’s a SHA-2 code signing support update that is being offered as an important update within the usual Windows Updating. As such it appears to offer additional improvements to the original patch of that number which I installed in March but is stated not to be a replacement for it, despite having the same number.

• This reply was modified 5 years, 7 months ago by Seff.

From https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update

“This security update was updated August 13, 2019 to include the bootmgfw.efi file to avoid startup failures on IA64 versions Windows 7 SP1 and Windows Server 2008 R2 SP1.”

The update probably isn’t needed on x64 systems.

• This reply was modified 5 years, 7 months ago by davinci953.
• This reply was modified 5 years, 7 months ago by davinci953.

4 users thanked author for this post.

Lori, Blizzard, jburk07, Seff

Reply | Quote

KB4512506 Quality Rollup and KB4474419 Security Update are both dated August 13 for me as well.  I wonder if the Computerworld article reference to August 17 for one of them was an error?  Or does it somehow vary among Win 7 users?

1 user thanked author for this post.

jburk07

Reply | Quote

[Geo]

W7  Group A,   Home premium. Home users. Take the quality roll-up patches no problems.

• This reply was modified 5 years, 7 months ago by Geo.
• This reply was modified 5 years, 7 months ago by Geo.

3 users thanked author for this post.

geekdom, dgreen, jburk07

Reply | Quote

[PKCano]

For Win7, before you install the August updates you must have these updates installed on your computer:

KB3133977 Bitlocker patch from 2016. (If you have the Convenience Rollup KB3125574 installed it is included in the Rollup).
UPDATE: If you have an ASUS motherboard, please read this before installing this patch.

KB4490628 The latest Servicing Stack

KB4474419 v.2 dated 8/12 the SHA-2 coding update.

• This reply was modified 5 years, 7 months ago by PKCano.

14 users thanked author for this post.

Lori, Blizzard, Spiral, John782, walker, Charlie, bassmanzam, geekdom, deuce120, samak, abbodi86, Lars220, SueW, jburk07

Reply | Quote

I don’t have KB3133977 installed. According to Belarc Advisor:
Main Circuit Board : ASUSTeK Computer INC. P7H55-M LX X.0x
BIOS: American Megatrends Inc. 0402 10/29/2010
I assume this means I have to follow the instructions in https://www.asus.com/support/FAQ/1016356/ before installing this KB to avoid a possible “Secure Boot Violation” on reboot.
This is making me very nervous; are my assumptions correct and is there anything else I should be thinking about?
Thanks in advance.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

PKCano wrote:

For Win7, before you install the August updates you must have these updates installed on your computer: KB3133977 Bitlocker patch from 2016. (If you have the Convenience Rollup KB3125574 installed it is included in the Rollup)

Is it correct that you only need the KB3133977 Bitlocker update if you use an EFI Boot or Virtual Machine?

Because I use old computers and old installations. The motherboards do not have an UEFI Bios.

This quote is from Microsoft:

If you are using EFI Boot on your device or virtual machine (VM), you must also install KB3133977. Currently, KB3133977 is required as a workaround for a known issue when using EFI Boot and should be applied even if you are not using BitLocker.

I read that as only needed if you have an EFI boot or a VM even if Bitlocker is not in use on such systems.

Also

PKCano wrote:

KB4474419 v.2 dated 8/12 the SHA-2 coding update.

I can only find the when installed dates for KB files and not the dates on the KB updates themselves. Is there a direct way to see if KB4474419 is v.2?

W10&11 x64 Pro&Home

2 users thanked author for this post.

AlphaCharlie, LHiggins

Reply | Quote

Sinclair wrote:

I read that as only needed if you have an EFI boot or a VM even if Bitlocker is not in use on such systems.

Whether or not you install KB3133977 is strictly up to you.
Should you choose not to install it, and you run into problems, there are suggested solutions in KB4472027.

Sinclair wrote:

I can only find the when installed dates for KB files and not the dates on the KB updates themselves. Is there a direct way to see if KB4474419 is v.2?

The MS pages for KB4474419 (Catalog date 8/12, support page dated 8/13) mention bootmgfw.efi which was added.

• This security update was released March 12, 2019 for Windows 7 SP1 and Windows Server 2008 R2 SP1.

• This security update was updated May 14, 2019 to add support for Windows Server 2008 SP2.

• This security update was updated June 11, 2019 for Windows Server 2008 SP2 to correct an issue with the SHA-2 support for MSI files.

• This security update was updated August 13, 2019 to include the bootmgfw.efi file to avoid startup failures on IA64 versions Windows 7 SP1 and Windows Server 2008 R2 SP1.

2 users thanked author for this post.

LHiggins, Sinclair

Reply | Quote

PKCano wrote:

The MS pages for KB4474419 (Catalog date 8/12, support page dated 8/13) mention bootmgfw.efi which was added.

Beware the bootmgfw.efi file located in:

Windows\Boot\EFI\bootmgfw.efi

Is ONLY replaced by a new version if you have a 64 bit Itanium Server CPU. That is what this version of KB4474419 addresses. If you have the March 12 update of KB4474419 then you should be fine if your not on such an Itanium CPU as that version addresses the SHA-2 support for MSI files.

PKCano wrote:

This security update was updated August 13, 2019 to include the bootmgfw.efi file to avoid startup failures on IA64 versions Windows 7 SP1 and Windows Server 2008 R2 SP1.

I installed the new KB4474419 on both an AMD A6-5400K and an AMD Athlon X2 270 CPU just so I have the latest version even if it only adds a 64 bit Itanium Server CPU fix. The update was offered through Windows Update.

The update was done in minutes on the X2 270. On the A6-5400K it took 1.5 hours to get back to the desktop. The system only rebooted after 1.5 hours of patch preparation. Both systems use fast SSD so beware it may take a while if you apply this patch.

After the patch both systems still had a bootmgfw.efi file dated to 20-11-2010.

Quote from Microsoft:

Required: Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March (KB4474419 and KB4490628) will be required in order to continue to receive updates on these versions of Windows. If you have a device or VM using EFI boot, please see the FAQ section for additional steps to prevent an issue in which your device may not start.

Legacy Windows updates signatures changed from dual signed (SHA-1/SHA-2) to SHA-2 only at this time.

2019-sha-2-code-signing-support-requirement

I shall not install this months rollup. I might install the September one if it adds anything meaningful security wise. If so I will do so without applying the KB3133977 Bitlocker patch. I will report back on how that went if there is a need for it come end September.

W10&11 x64 Pro&Home

Reply | Quote

Installed kb4474419 first and did a restart, waited 30 minutes then installed kb4512506 and kb890830 computer restarted twice. Everything is okay so far.

Windows 11 Pro
Version 23H2
OS build 22631.5189

5 users thanked author for this post.

Geo, bassmanzam, Lars220, dgreen, jburk07

Reply | Quote

[PKCano]

PKCano wrote:

For Win7, before you install the August updates you must have these updates installed on your computer:

KB3133977 Bitlocker patch from 2016. (If you have the Convenience Rollup KB3125574 installed it is included in the Rollup).
UPDATE: If you have an ASUS motherboard, please read this before installing this patch.

KB4490628 The latest Servicing Stack

KB4474419 v.2 dated 8/12 the SHA-2 coding update.

• This reply was modified 5 years, 7 months ago by PKCano.

in my case all installed already: kb3133977 on 3/24/2016 and both kb4490628, kb4474419 on 4/2/2019, according to this command: wmic qfe | find “3133977”, wmic qfe | find “4490628”, wmic qfe | find “4474419”.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

1 user thanked author for this post.

Sinclair

Reply | Quote

well, after reading that bluekeep has arrived, i went ahead and also updated windows 7 computer. installed the missing july NOT security only patch kb4507456, rebooted and installed august security only patch kb4517927, ie patch kb4511872, rebooted twice and now i’m installing office 2010 updates, msrt and kb4474419 (this one is installed already, but i got it offered again…)

i followed an advice in german language for disabling spyware from july patch and deactivated:

Aufgabenplanungsbibliothek/Microsoft/Windows/Application Experience:
AitAgent
Microsoft Compatibility Appraiser
ProgramDataUpdater

Aufgabenplanungsbibliothek/Microsoft/Windows/Customer Experience Improvement Program:
Consolidator
KernelCeipTask
UsbCeip

it also says:

In Verwaltung/Dienste “Diagnostics Tracking Service” deaktivieren.

but i can’t find “Diagnostics Tracking Service”… does it have another name?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

The telemetry contained in the Security-only patch installed the Compatibility Appraiser, but did not install the Unified Telemetry Client (Diagnostics Tracking Service).

See this post and other information in this thread.

Reply | Quote

PKCano wrote:

The telemetry contained in the Security-only patch installed the Compatibility Appraiser, but did not install the Unified Telemetry Client (Diagnostics Tracking Service).

See this post and other information in this thread.

so if i get this right, did i deactivate enough?

Application Experience:
AitAgent, Microsoft Compatibility Appraiser, ProgramDataUpdater
Customer Experience Improvement Program:
Consolidator, KernelCeipTask, UsbCeip
all deactivated.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

HONX, my last post did not make it here. So …

As per AJNORTH, post #1902567, “All tasks under: Application Experience, Autochk, Customer Experience Improvement Program, Under DiskDiagnostic: DiskDiagnosticDataCollector, Under Maintenance: WinSat, Each task within (and under) Media Center. [then] Close Task Scheduler…)”

Sounds like you are getting it done. Good work! (gute Arbeit!)

Reply | Quote

Was on 1809 17763.615, Set a restore point and then cloned my drive and then changed deferral to 0 from 30 days, then restarted and clicked check for updates.

MSRT, KB 4486153 (.net 4.8), KB 4511517 (.net sec. updt for 3.5/4.8), KB 4511553 (Cum. Updt for 1809). Brought me to 1809 17763.678. BTW since I used WU, it installed the latest SSU at the same time KB 4512937.

I haven’t looked around a whole lot yet to see if anything was changed but will do that shortly. Just reporting in.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

Lars220

Reply | Quote

So far, all looks well 🙂

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

Lars220

Reply | Quote

I am newly subscribed to AskWoody and a novice with computers. I currently have Windows 10 Home  Version 1803  17134.885. I am quite confused and if possible would appreciate an answer to the following: Should I install the update that my computer received to Windows 10 1903?

 

Thank you very much.

Reply | Quote

[PKCano]

Win10 1803 is good until November. If you can put off the upgrade for another month (end of Oct), it would be better. Win10 1903 has had some problems with the update this month.

• This reply was modified 5 years, 7 months ago by PKCano.

3 users thanked author for this post.

Elly, woody, HE48AEEXX77WEN4Edbtm

Reply | Quote

How do I un-pause updates.  I had used the pause option to prevent updates from installing, however, now I cannot un-pause the updates.  There is no button showing yes/no for the pause option that would let me turn the option off.  The drop down menu only lets you select future pause dates.
Chuck

Reply | Quote

Windows Update should have a “Resume updates” button:

(Just above the Pause option, but not under Advanced options)

How to Pause Updates or Resume Updates for Windows Update in Windows 10

2 users thanked author for this post.

Elly, woody

Reply | Quote

[dgreen]

reporting in………..
Windows August updates
Installed
kb4512506  (rollup)
kb4474419
Installation went smoothly.

Hid
kb4503548 (.Net 4.8)
KB890830 (MSRT)

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1 GROUP A
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller
MSE antivirus (has new name now)
Chrome browser
DSL via ethernet (landline)

• This reply was modified 5 years, 7 months ago by dgreen.

2 users thanked author for this post.

SueW, jburk07

Reply | Quote

I think I may have messed up while completing my update/cleanup cycle. I installed KB4474419 and rebooted with no issue. I walked away from the computer during the reboot for KB4512506 and when I came back I saw the Windows preparing to update your computer message with no completion percentage but then it finished booting like normal. When I rebooted after running Windows Update cleanup in disk cleanup, the message appeared during shutdown again with 30% completion then during startup it ran from 30 to 100% like normal. It did sit at 100% for a couple minutes but that seems to be a nonissue. KB4474419 and KB4512506 are both listed in Installed Updates. My system is running fine, I just want to make sure I didn’t break anything that I haven’t noticed yet.

Reply | Quote

Windows 10 1809 pro.
Just installed Aug. updates : CU KB4511553, Other Updates :.NET 4.8 KB4486153, MSRT KB890830.

PC still ticking.

1 user thanked author for this post.

CADesertRat

Reply | Quote

**Win 7 System Partition WIPED OUT following August Updates**

Let me apologize upfront here if the info I’m providing isn’t complete.   Unfortunately I haven’t yet been able to get the computer in question here back to a working state yet.   But here’s the info that I can provide.

I have a Win 7 Home Premium HP Desktop that’s been going along fine for years.  I’ve kept it up-to-date with all the Monthly Rollups once Susan and Woody give the OK.   Today (per the move to Defcon 3) I made a system backup of the boot drive, and created a System Restore point.  All OK.  No issues.

Went to Windows Update and did a check.  Found three updates listed: KB4512506, KB4474419, and the MSRT (KB890830).  All three downloaded and installed successfully, after which Windows Update prompted for a Restart.  I clicked the Restart button, and the screen showed Window Update was working on updates.  At 30% progress I walked away to let the system finish on its own.

Several minutes later when I returned, the following text based error from Windows Boot Manager was on the screen:

Windows failed to start.  A recent hardware or software change might be the cause.
Status:  0xc0000225
Info:  The boot selection failed because a required device is inaccessible.

I powered down and tried rebooting; but got the same error.  Running a disk diag confirmed that the disk drive hardware was fine.  So I booted from my EaseUS Boot flash drive to try to do a Restore from the System Backup that I had just done earlier.  But when I selected my system drive as the destination for the recovery I got the following error:

There is no enough space on the target to do sector by sector
recovery.  Do you want to recover without sector by sector option?

And when I answered Yes to the sector-by-sector option, I got this error:

Not enough unallocated space on the target disk.  To make sure
the boot ability of target disk, please delete partitions on there first.

That’s when I took a closer look at the destination disk seen by the EaseUS backup program.  And it’s at that point where I noticed that the destination drive was showing a 915 GB chunk of Unallocated free space where my system C drive partition used to reside.   The system partition was gone!

Since the only change made to the system in the past couple hours was installing these Windows Updates, I pretty much have to assume that either KB4512506 or KB4474419 (or the combination of the two) is responsible for this.

I guess I’ll be spending the rest of today trying to get the system back to where it was this morning.  But I just wanted to give a heads up to everyone here that maybe (just maybe) these updates still aren’t quite ready or safe to install.  If you do decide to go ahead, be absolutely certain you have a good current backup (always good advice).  I’ll update my posting here if I discover any new details about what or how this happened.

4 users thanked author for this post.

SueW, jburk07, Chessie, Moonbear

Reply | Quote

? says;

Tom-R, so sorry about your patching experience today. “going along fine for years,” and now “after a recent software change,” because of an inaccessable device aka missing operating system, et al. wow

i’m sure you had the “bit locker patch.” KB3133977 or it’s equivelent replacement in place before you began patching and KB4474419-v2 (8/12/2019) along with it’s first iteration from 3/11/2019 plus KB4490628 onboard? anyway, if you figure out what made your os disappear please let us know. hopefully, it will reappear as magically as it left…

Reply | Quote

? says:

Tom-R,

this article has the error code you describe:

https://borncity.com/win/2019/08/24/windows-7-sp1-update-kb4512506-causes-error-0xc0000225/

i guess the jist is to make sure to install KB3133977 before moving on. the easeus link to reappear your ghost partition looks hopeful, as well. good luck and please let us know the outcome

3 users thanked author for this post.

jburk07, TaskForce141, Tom-R

Reply | Quote

TOM-R this is a different Anonymous.

Take a look at Easeus Partition Recovery. How to Rebuild and Repair Partition Table
https://www.easeus.com/partition-recovery-software/rebuild-partition-table.html

They have a file to download too. See, “Solution 1. Recover Partition Table – Restore Partition from Unallocated Space” on that same site.

Hope this helps.

Keep us posted.

1 user thanked author for this post.

jburk07

Reply | Quote

Thanks for the suggestion, “anonymous#2”.   I actually decided on doing that myself a couple hours ago.   In order to create a bootable flash drive though I had to spring for buying a license to Partition Master.   (The free/trial version won’t allow you to create a WinPE boot device or ISO file.)   In any event, I bought it, created the bootable flash drive, and I’m currently using it on that hosed system right now.

As soon as Partition Master came up it saw all the partitions (there are several of them).  It also saw the “unallocated” 915 GB that was formerly my C drive.  I had an option to just directly select it and try to “undelete” it.  But I’m taking what I hope is the safer route.  I’m letting Partition Master run a “quick scan” to look for lost partitions.  However, that “quick scan” is taking well over an hour to run on this 3 TB drive.  It’s around 80% complete now; so I’m going to allow it to run all the way to completion.   I’ll update my post later tonight after I see what happens with the Partition Recovery operation.

1 user thanked author for this post.

jburk07

Reply | Quote

Could it be that the partition is not gone just hidden behind the SHA-2 encryption?

Any SHA-1 attempt to read it would end up with weird meaningless errors. Since it can not possible know what is going on. It might conclude there is no drive at all.

If you take out the drive and add it to a Windows 7 system as an extra drive that has been updated with the Bitlocker patch can it than see the partition? If you have access to such a system off course.

If you have an extra drive you could install Windows 7 on it. Patch it up this time with the bitlocker patch and then add the drive as an extra to see if your data is still there.

Does your system have an UEFI Bios?

W10&11 x64 Pro&Home

Reply | Quote

[Tom-R]

Unfortunately, the partition somehow actually got deleted.   Apparently it happened during (or as a result of) the Windows Update process — although I have no clue how or why.   When I booted from USB with EaseUS Partition Master, it showed the 915 GB space formerly occupied by the C drive partition; however it was now showing up as unallocated free space.  But I was able to use Partition Master to “undelete” the partition.

After “undeleting” the partition, I went and booted from USB with EaseUS Todo Backup, which could also see the partition again.  I was then able to try to do a recovery operation from my last system backup taken yesterday (9/6/2019).  However when I tried to do a normal restore operation I got this error from EaseUS:

Error is found on the file system, please tick sector by sector recovery (or clone) and try again.
0x3160E095 [?]

So I then retried the Recovery operation with EaseUS using the sector-by-sector option.  And that seemed to work OK.  The recovery operation took about 1.5 hours; but eventually it came back and said that the Recovery completed successfully.

And when I restarted the system following this Recovery, the system got further than it did previously.  I got the “Starting Windows” message with the animated Windows logo coming together on the screen.  But immediately after that animated logo, the system crashes with the following BSOD:

A problem has been detected and windows has been shut down …
PROCESS1_INITIALIZATION_FAILED
Technical information:
*** STOP: 0x0000006B (0xFFFFFFFFC000012F, 0x0000000000000003, 0x0000000000000000, 0x0000000000000000)

And note that this BSOD is happening after restoring the partition with the backup that was made before installing the August updates.  So the partition has now (at least theoretically) been restored to the normal working condition that it was in yesterday before this all started.  But something is clearly still messed up.

As far as the BIOS, yes this system has a UEFI BIOS.   And the Boot Order is configured with the first priority boot device being Windows Boot Manager (under UEFI Boot Sources).   So I believe that’s all normal.

If you’ve got any advice on how or where to go from here, please let me know.  I’m open to any suggestions.

*** One additional update ***

When I restart the system now, instead of trying to boot directly into Windows, I get the Windows Error Recovery screen, with options to either “Start Windows Normally” or “Launch Startup Repair (recommended)”.  If I select “Launch Startup Repair” Windows Boot Manager immediately aborts with the same error as noted previously:

Windows failed to start.  A recent hardware or software change might be the cause.
Status:  0xc0000225
Info:  The boot selection failed because a required device is inaccessible.

So I can’t even attempt a Startup Repair.

• This reply was modified 5 years, 7 months ago by Tom-R.

1 user thanked author for this post.

jburk07

Reply | Quote

? says:

maybe look at this:

https://neosmart.net/wiki/0x0000006b/

Reply | Quote

? says:

or this?:

https://neosmart.net/wiki/0xc0000225/

Reply | Quote

Thank’s for AskWoody.com.  I was just about to sit down and update my Win7 Home Premium on my XPS when I read of Tom’s unfortunate issue.  Now, I’ll take a pass until Woody brings us up to Defcom 4 before I apply August patches.  I don’t want to have to deal with what Tom is dealing with. Those are Defcom 2 issues there.

Reply | Quote

Woody has issued DEFCON-3. He will not change that to “4” so you need to choose to install or not.

Reply | Quote

If I install the August Group A Win7 patch, will it eliminate the telemetry that was contained in the July Win7 patch?

Reply | Quote

Marty, Group A patches will have the telemetry. Installing August won’t remove anything from July. Secondly, it was Group B Security Only patch that had the “new” telemetry added in July.

You need to look at @AJNorth August 3, 2019 at 10:31 pm post #1902567 and @Microfix August 7, 2019 at 8:10 am post #1904639 to get some good information on stopping telemetry.

Also see post #1941096 above.

1 user thanked author for this post.

Marty

Reply | Quote

While no where near as extreme as Tom-R’s issue, I’ve also discovered a problem with uninstalling at least KB4474419. In my earlier post (#1941142) I wondered if I had messed up the updates, so I decided to uninstall and reinstall them to make sure everything was done right.

I created a restore point before uninstalling KB4474419 from the Installed Updates menu. As the system was shutting down to reboot when the standard “preparing to configure, don’t turn off computer” message came up, again with no completion percentage.

Now I knew this might take some time, so I decided to check back every few minutes and see if it was done. The system set on that screen for almost an hour. At that point, I forced a power off via the power button then after starting again, booted into Safe Mode.

When the the Welcome screen came up in Safe Mode, it changed to the “preparing to configure” message after about 5 seconds. At that point I was at my wits end. But, after about 2 minutes the message changed to “reverting changes” (that’s all I got a chance to read before it changed back to “Welcome” and opened Same Mode as normal.) After that I was able to use System Restore with the pre uninstall restore point to put everything right.

One last thing, anyone who has to do this should be aware that after the system restarts the “preparing to configure” message will appear at the “Welcome” screen again but don’t panic, since your using the System Restore to take the system back to an earlier point, leave the computer alone for around 5 – 10 minutes and your system should hopefully be back to normal.

1 user thanked author for this post.

jburk07

Reply | Quote

Kind of similar situation on one of the three Win 7 pc’s where I attempted to use Windows Update to install KB4512506 Quality Rollup, KB4474419 Security Update and MSRT all at once.  While everything went fine on two of the computers, the third was stuck for ~15 minutes at 58% of “Configuing Windows.”  I had had a couple of past instances where I would have to wait as long as an hour for one of my computers to complete “configuring,” so I just let it continue chugging.

But instead of eventually progressing past 58%, it  gave the “Failure Configuring Windows Updates – Reverting Changes message” and rebooted.  Then the exact same thing happened all over again — stuck  at 58%.  Then it happened yet again.  But the fourth time, instead of a configuring countdown it gave me the “reverting” message immediately upon reboot.  Then THAT behavior repeated again.  But after the second no-configure-attempt reboot and immediate “reverting message”, on the next reboot my desktop came up, with a system tray balloon message that some updates had installed, but some had failed.  Turns out only the MSRT had installed, while KB4512506 and KB4474419 had both failed.

I haven’t yet made any further attempts on the affected computer, but I’m glad I just patiently “let it run its course”, and was happy it gave me the “privilege” of seeing my desktop again, without having to deal with any possible forced-shutdown/safe mode machinations (not that having done so would have necessarily been a problem…and besides, who knows what the next attempt will bring…).  I’m leaning against doing a System Restore before the next attempt.  But regardless, I will do (“try”?) one update at a time the next time.

Maybe this is all related to incompatibility with some program or driver that is on the third computer, that isn’t on the other two??

1 user thanked author for this post.

jburk07

Reply | Quote

Apparently the edit window has passed.  But I meant to point out that the first stuck-at-58%-configuring message I refer to was *after* the first reboot and welcome screen, i.e. things seemed to be going normally before the first reboot.  Same goes for all the other stuck-at-58% and “reverting” screens, although it all became kind of a blur…

Reply | Quote

Just to follow up, today I installed the two Win 7 updates that had eventually failed on one of my computers.  I did them one at a time (KB4474419 first, and then KB4512506), and everything went fine.  The only slight oddity (although I think I’ve seen this before) is that it took 4-5 minutes before KB4512506 started downloading.

1 user thanked author for this post.

jburk07

Reply | Quote

Good to see they worked this time, I wonder why going one by one makes a difference if you’re supposed to be able to install both updates at the same time?

Reply | Quote

[TaskForce141]

For what its worth, I installed the Win 7 August quality roll-up on 8/28/2019 with no issues so far. Win update offered the roll-up KB4512506, version 2 of the SHA-2 encryption KB4474419, and the MSRT (KB890830) as important,  plus the usual optional junk.

System 1: Win 7 Home Premium, 32-bit (old Dell pentium 4 server).  This was a clean Win 7  installation with a System builder disk bought from Amazon.

System 2: Win 7 Home Premium, 64-bit (2015 Dell Inspiron laptop, i3-4030U).  Dell factory Win 7 installation with plenty of Dell software/drivers, except for Intel GPU driver.

I use MS Security Essentials as the anti-virus, and MS EMET as the only “unusual” security software. Both already had the Servicing Stack Update from March 2019, as well the earlier version of the SHA-2 encryption update KB4474419.  I turn off MS telemetry per the advice here, and for performance reasons, I’ve disabled the Spectre/Meltdown updates in the registry.  I did not have the KB 3133977 update before I patched (neither machine is UEFI boot, no virtual machine)

• This reply was modified 5 years, 7 months ago by TaskForce141. Reason: Added 'Home Premium", don't have KB3133977

3 users thanked author for this post.

geekdom, jburk07, Chessie

Reply | Quote

Windows 10 1803 Home here.

Just installed all the various August Patches for Office 2013 through WU, skipped the annoying 2019-08 KB4023057 and for the time being also the .NET 4.8 update KB4486153 which I was also offered through WU, and manually installed the 2019-08 CU KB4512501 (this did not show up at all in WU).

Computer still working correctly as far as I can tell and after installing KB4512501 I didn’t get that “Procedure call error,” message that Woody warned about in ComputerWorld, so for the time being I didn’t install KB4512509 (issues with broken VB shouldn’t be a problem on my machine).

Question:
Ever since July (around when WU tried to push me to 1903), WU stopped offering me the monthly CUs, so I resorted to install them manually. Turns out that back in August when the July patches were green-lighted I manually installed the 2nd July CU for 1803, i.e. KB4507466, rather than the 1st July CU, i.e KB4507435.

Should I manually install KB4507435 at this point?

1 user thanked author for this post.

biga

Reply | Quote

Berserker, you might want to look into KB4512509. There are several fixes, especially if you are Group A.
https://support.microsoft.com/en-us/help/4512509

Also you do have KB4509094 the latest servicing stack update (SSU)?

Reply | Quote

Thanks for your reply Anonymous 🙂

I did take a look at KB4512509, but usually I don’t install the second monthly CUs since I understand that they are basically “previews” of the following month’s first CU. At present it seems that I don’t need to get any of the fixes of KB4512509 installed right away, so I’ll probably wait a little more before installing this one.

And yes, I did install the latest SSU (KB4509094)  right before installing KB4507466 some weeks ago. I still have no clue what caused WU to stop showing CUs, but as long I can install them manually that’s still ok. BTW, would you recommend installing KB4507435 that I accidentally missed even if I installed KB4507466?

Reply | Quote

You are correct not to install the Previews.
For the answer to why you are not receiving Patch Tues. updates, look for what you changed in the month before you stopped receiving them.
Did you make any Settings or Registry settings that might have stopped you getting them? Turn off Services, alter Scheduled Tasks?
Did you try a third-party update blocker that may have changed something that did not get reverted?
Most of all, keep an eye out for MS’s forced upgrade to 1903.

1 user thanked author for this post.

Berserker79

Reply | Quote

As far as I can tell, I didn’t apply any changes in the month before I stopped receiving those updates and I didn’t install anything that may have tweaked my settings, the registry or anything else. The only “update blocker” (sort of) I’m using is wushowhide and I didn’t try any third-party tools so far.

When the 2019-07 CU KB4507435 was released I was initially offered the update, but I hid it with wushowhide. The update was visible in the list of hidden updates. However, when it came time to install the July patches, KB4507435 simply disappeared, i.e. it was no longer shown as a hidden, nor as an available update. That happened around when MS first tried to force the upgrade to 1903. Since then, I’ve not being offered the Patch Tuesday updates, but I’m regularly offered Office updates as well as other updates, e.g. Windows Malicious Software Removal Tool updates, the (stupid) KB4023057 updates or the .NET 4.8 update.

There were two attempts to force the upgrade to 1903 on my PC and both times I hid the update with wushowhide. In both cases, WU initially gave me a yellow warning sign that the 1903 update was ready for download, but could not be downloaded since my connection was set to metered. At some point, that warning disappeared on its own and WU got back to the green sign saying the system is up to date without me taking any steps for that to happen.  Could it be that my system is somehow “flagged” as ready for 1903 and for that reason I’m not receiving the Patch Tuesday updates?

Reply | Quote

The July CU would have disappeared from the hidden updates when the August CU was released because the August CU superceded it.
There was a new July SSU KB4509094 released with CU KB4507435.
If you did not install KB4507435 (July), and you manually installed KB4512501 (Aug) only, you may have missed the SSU.
If this is the case, you need to download and install that SSU.
You can verify in the Installed Updates whether you have the SSU or not.

Reply | Quote

That may explain whythe July CU disappeared from the hidden updates: I had not realized that upon release of the a new CU the previous month’s CU disappears. Still, that does not explain why I have not been offered the August CU.

I confirm that the July SSU KB4509094 update has been manually installed (before installing KB4512501) and shows up among the Installed Updates.

Think I’m going to wait and see whether I’m offered the September CU next week. If not, I can try to run the WU Troubleshooter to “repair” WU. In the worst case scenario, I’ll continue to manually install the monthly CUs, then at some point I will have to move from 1803 to a newer version and I suspect that will probably solve this problem.

Reply | Quote

Hello Berserker, I am re-posting this since I did not see it appear and it has more information.

I am not a Windows 10 expert, but to me it looks like the 4507466 overrides the other since it is a slightly higher version number (.915). The Group B people with the Security Only (SO) patches, do not cover each another so each month must be installed if one wants to follow along. Cumulative updates do cover each other and keep growing larger with time.

July 9, 2019—KB4507435 (OS Build 17134.885)
Applies to: Windows 10, version 1803

July 16, 2019—KB4507466 (OS Build 17134.915)
Applies to: Windows 10, version 1803

PKcano has good questions. Are your setting still allowing updates? Was any group Policy done by you on restricting updates?

If not, see this about clearing out old update data and trying to repair Windows Update.

Windows Update Troubleshooter BuildOrBuy Published on Jan 28, 2018
https://www.youtube.com/watch?v=XmH5mDpXj-U

Let us know what you find or what happens if you do the suggestions in the video.

1 user thanked author for this post.

Berserker79

Reply | Quote

Thanks for taking the time to re-post your message, it is very helpful.

It does sound very reasonable that KB4507466 overrides the earlier KB4507435, so I will not install ‘435 manually. Thanks for sharing that bit of info!

BTW, I did answer PKcano’s questions above. I did not apply any changes that may have interfered with the updates. Since I’m on Win10 1803 Home, I don’t have any Policy restricting updates. All I do is simply setting my connection to metered and use wushowhide to hide the updates until Woody brings the defcon to 4 every month.

The only relevant “change” is that back in July MS tried to force the 1903 update on my PC, but I hid that update with wushowhide. It seems that since that attempt to force the 1903 update I was no longer offered the monthly CU updates.

I already tried to clear out old update data before installing the August patches, but that did not seem to help. I’ll try to repair Windows Update with the Windows Update Troubleshooter and see what happens.

Reply | Quote

anonymous wrote:

Now, I’ll take a pass until Woody brings us up to Defcom 4 before I apply August patches.

I don’t think that there will be Defcom 4.

Reply | Quote

I moved from 1803 to 1903 on my pc recently with no problems and after Defcon 3 successfully installed the August ~508 and ~555 patches yesterday. My Home version, now ~295, has all the latest pause settings and I’ve clicked twice to resume on 21 September. So far I’ve gotten the daily definition updates, sometimes two a day, but no CU’s until I hit Resume updates. In other words, the new delay settings seem to be working as advertised.

Aside from ancient hardware, given the hassles described above, why are you guys sticking with Win7? My pc startup loads to the desktop so I never see the “horrible” Start page until I want to load one of my tiled programs or type in “winver” and I’ve been quite happy with the way I can arrange the page. I confess I went from Vista to Win8 and Win8.1 when I bought a new computer several years ago (and since then the free Home upgrades to 1903), so I don’t know why Win7 was or is so popular.

Is it mainly resentment of MS’s strong-arm update tactics or are there real advantages to keeping Win7? Just curious . . .

Reply | Quote

Windows 7 Still Used in Almost 50% of Surveyed Businesses
https://www.bleepingcomputer.com/news/microsoft/windows-7-still-used-in-almost-50-percent-of-surveyed-businesses/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Wayne

Reply | Quote

So it’s probably the economics of upgrading computers and possibly of buying the newer software that keep very small businesses and SMB’s from upgrading, which makes sense, but other comments in the article are just rants about big bad MS spying and forcing updates. In spite of their complaints, mostly it appears from non-business Win7 owners, few seem willing to give up Win7 for the Linux alternatives while at the same time complaining about how hard it is to deal with protecting their Win7 systems. Is it really that much harder to switch to Linux than to stay with Win7 on a personal pc? Or is it more fun to [EDITED – re Lounge rules: no swearing] than to switch? (Sorry, the alliteration was too good to resist.)

Reply | Quote

Perhaps best opened as a separate topic, since your query is a different issue.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

SueW

Reply | Quote

Maybe so, but on the other hand the topic was generally about installing the updates after the Defcon 3 status was awarded. And, as usual it seems, the thread is immediately occupied by Win7 folks describing their problems with said updates and minimal contributions regarding other versions. Could it be that higher-number versions aren’t having any serious problems so no one bothers to say so?

Reply | Quote

Wayne wrote:

And, as usual it seems, the thread is immediately occupied by Win7 folks describing their problems with said updates and minimal contributions regarding other versions. Could it be that higher-number versions aren’t having any serious problems so no one bothers to say so?

Yes. Windows 10 issues are obscure, not common.

1 user thanked author for this post.

Wayne

Reply | Quote

Wayne wrote:

So it’s probably the economics of upgrading computers and possibly of buying the newer software that keep very small businesses and SMB’s from upgrading, which makes sense, but other comments in the article are just rants about big bad MS spying and forcing updates. In spite of their complaints, mostly it appears from non-business Win7 owners, few seem willing to give up Win7 for the Linux alternatives while at the same time complaining about how hard it is to deal with protecting their Win7 systems. Is it really that much harder to switch to Linux than to stay with Win7 on a personal pc? Or is it more fun to [EDITED – re Lounge rules: no swearing] than to switch? (Sorry, the alliteration was too good to resist.)

https://www.askwoody.com/forums/topic/windows-10-avoiders-what-would-change-your-mind/

2 users thanked author for this post.

Wayne, jburk07

Reply | Quote

See my 11:56 comment. Post changed from general discussion of  Defcon 3 to Win7 discussion with first response at 7:49.

Reply | Quote

Wayne, I understand your observations and your question, “Is it really that much harder to switch to Linux than to stay with Win7 on a personal pc?” but that really is a can of worms and Geekdom is right that it would be another topic.

I feel there are so many people still on Windows 7, as I am, because it works very well. I have never crashed. I have hung from an update though. With Windows 8 driving people away as it did many stayed with 7. We have tested Windows 10 from the first version out years ago, and it was a great idea, then subsequent versions took away everything people asked for and made it go back to looking like Windows 8, with even less user options and more behind the scenes data transfers.

There are people here with all different versions of Windows commenting on the success or failures with Windows August updates.

Thank you for being here.

Reply | Quote

For Win 7  Group B:  If you use (have set up) mail rules (Rules) within Outlook 2010 and Outlook 2013, does that functionality use VBA/VBScript?  If so, seems you would need to install KB4517297 instead of KB4512486? Is that correct?  Thanks for any insight.

Reply | Quote

anonymous wrote:

For those in Win 7 Group B: If we’re already patched with July security only update, for August security patch should we only be downloading/installing KB4517297 as it already contains the contents of initial security only update KB4512486?

Correct. You only need to install KB4517297. If you try to install KB4512486 after KB4517297 is installed, then Windows will report that KB4512486 is already installed on your computer.

Reply | Quote

Hi GoneToPlaid:  My question was more specific.  “If you use (have set up) mail rules (Rules) within Outlook 2010 and Outlook 2013, does that functionality use VBA/VBScript?  If so, seems you would need to install KB4517297 instead of KB4512486? Is that correct?  Thanks for any insight.”  Thanks very much for any assistance.

Reply | Quote

Installed August 2019 patches on 2 Windows 7 x64 systems (one Home Premium, one Ultimate) and haven’t had any problems:

1. KB3133977, the old bitlocker patch, was already installed on both systems in 2016.
2. Installed KB4474419 v2 of the SHA-2 update, rebooted, and waited until cpu consumption calmed down.
3. Installed KB4512506 August 2019 rollup, rebooted, and waited for cpu consumption to calm down.

A pleasant surprise is that I checked all of the anti-telemetry settings (@abbodi86’s settings) and they’re all still intact; none had been re-enabled by the rollup.

There was just one hiccup: the first attempt to install the rollup on the Home Premium system failed with an unknown code, 800F083F. I had stepped away from the computer (naturally, I don’t usually do that) so I don’t know at what point it failed. I couldn’t find anything about the error so I tried again using the administrator account and everything worked fine that time. I’m hoping it was just some fluke or interruption in the connection, maybe.

I sympathize with those who are experiencing problems with updates this month, and I hope you can get things back on track soon with the help of the good folks on AskWoody. Many thanks once again to Woody, the MVP’s, and everyone else who contributes here.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

3 users thanked author for this post.

Charlie, Lars220, geekdom

Reply | Quote

Update to my earlier comment #1940889:-

Both KB4474419 and KB4512506 installed separately and in that order (with restarts and a wait between them for activity to settle down as usual) on my main Win7 x64 desktop. No apparent problems as yet.

3 users thanked author for this post.

jburk07, Lars220, geekdom

Reply | Quote

I’ve now updated my other machine, same approach as before but with the 3 Office 2010 updates also installed after the others. No apparent problems as yet.

1 user thanked author for this post.

jburk07

Reply | Quote

I was all set to go ahead with the August Updates when I read about this apparent problem that KB3133977 has with ASUS motherboards, and that stopped me dead in my tracks!  I have an ASUS P8H61-MLE CSM, H61 B3 chipset motherboard of around 2012 vintage and it has an EFI BIOS, but not UEFI.  I do not already have KB3133977 and according to what I see will need to install it (maybe).

So, is there anyone out there that can give me some advice as to how to proceed? I’ve read all of Microsoft’s and ASUS’es information about KB3133977.  Also, has anyone done a successful August Win 7 update (group A or group B) on a computer with an ASUS motherboard?

Maybe I’m over reacting but this is really upsetting not knowing whether I’ll mess up my perfectly good computer to do these updates.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

3 users thanked author for this post.

Chessie, Sinclair, samak

Reply | Quote

For those with ASUS motherboards considering KB3133977:
It would seem that ASUS implemented “Safe Boot” on some Win7 machines, when Win7 doesn’t support Safe Boot, by altering the BIOS.

There are instructions on the ASUS website (thank you, @samak ) here to deal with the situation:
https://www.asus.com/support/FAQ/1016356/

If you have an ASUS motherboard, and Safe Boot is implemented, it looks there are three options:
Either
Make the modification in the BIOS so you can install KB3133977
OR
Not install KB3133977 and just install the August patch.
OR
Do not install either patch and wait for further instructions.

7 users thanked author for this post.

Chessie, columbia2011, Elly, Charlie, woody, Sinclair, samak

Reply | Quote

ASRock the budget Brand of Asus might also have some EFI Safe Boot motherboards.

W10&11 x64 Pro&Home

2 users thanked author for this post.

woody, PKCano

Reply | Quote

If anyone does either of the first 2 options, please let us know how it went.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

3 users thanked author for this post.

Charlie, Sinclair, woody

Reply | Quote

For a bit of history, see this article from May, 2016.

6 users thanked author for this post.

Elly, Charlie, geekdom, samak, PKCano, Sinclair

Reply | Quote

Okay this may sound stupid but…

Could it be that the bitlocker update is not offered because Windows 7 HOME and HOME PREMIUM do not have Bitlocker at all?

I just checked a Windows 7 PRO system and that has Bitlocker…

W10&11 x64 Pro&Home

Reply | Quote

No, it’s not stupid.  For what it’s worth, I have Windows 7 x64 Home Premium and was offered KB3133977 back in 2016. I hid it then, but will unhide and install it this time around.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

I have an Asus X55A-BCL092 bought 09/06/2012.  I only use it when I visit relatives and want to have a computer with me.  I always plug it into the wall and I rarely use the batteries. They go down and then recharge when I get it out every few months to update it.  It runs Windows 7 sp1 64bit.

This site has gotten much more technical and I have a hard time following what you all are talking about now.  Before any mention of “secure boot” and UEFI or EFI BIOS about the Asus motherboard (none of which do I understand), I followed instructions at the time. I found KB3133977 in my hidden updates and installed it.  I found I already had KB4490628 installed on 04/02/2019.

I then installed the August updates KB4474419 and KB4512506 and the MSRT KB890830 one at a time.  All went well.  While I did this, as usual, my laptop charged from 0-100%.  Next day I see on this site I was supposed to have problems so I got my Asus out again, plugged it in and turned it on.  All is well and it is working fine.  My battery is now 94% available (plugged in, charging)

I guess I had no problems because my lap top is so old.  I don’t know but thought I would post here to let folks know I had no trouble updating an old Asus X55A-BCL092 running Windows7 sp1 64bit.

2 users thanked author for this post.

Charlie, Chessie

Reply | Quote

Just ran Belarc Advisor after the AUG. updates for 1809 and the software flagged KB4507419 (July update, installed on AUG. 2) as missing.
KB4507419 doesn’t appear on the list of available to uninstall updates.

Reply | Quote

The latest version of KB4507419 was released on 8/12. Perhaps that is the one Belarc Advisor is looking for. It has been appearing as a checked important update in WU with the Aug patches.

Reply | Quote

PKCano wrote:

The latest version of KB4507419 was released on 8/12. Perhaps that is the one Belarc Advisor is looking for. It has been appearing as a checked important update in WU with the Aug patches.

Yes. Got KB4507419 again with KB4087642. No restart needed.

 

Reply | Quote

Please tell me if I’ve got this wrong but my understanding was that on Win 7 you had to have KB3133977 first in order to install KB4474419.  You had to have KB4474419 installed in order to install any new updates from August on.

I’d be glad to do the Aug. updates, it’s that KB3133977 that’s throwing a monkey wrench into the whole thing.  At least for computers with ASUS motherboards.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

1 user thanked author for this post.

geekdom

Reply | Quote

[opti1]

For what it’s worth . . .

We have three PCs – a Dell XPS 8100 desktop, a Gateway something or other desktop, and a ThinkPad X230 laptop, all Win7 HP SP1. Both desktops are from 2010, the laptop is from 2012. All three have old, legacy BIOS.

All three PCs had the previously installed KB4490628 and the earlier version of KB4474419. The Dell and the Gateway also had KB3133977 but the ThinkPad did not.

For August Updates all three PCs got KB4474419, KB4512506, and KB4503548 in addition to Windows Defender definitions and MSRT.

These updates installed on all three PCs without issues except for KB4503548 which I hid.

• This reply was modified 5 years, 7 months ago by opti1.

2 users thanked author for this post.

jburk07, Sinclair

Reply | Quote

Charlie wrote:

Please tell me if I’ve got this wrong but my understanding was that on Win 7 you had to have KB3133977 first in order to install KB4474419. You had to have KB4474419 installed in order to install any new updates from August on.

I can not tell you if your right or wrong but this is what I did.

The AMD A6-5400K turned out to be an UEFI system after all. On an ASRock motherboard that had the Safe Boot option in the Bios but I had never enabled that.

The AMD X2 270 is a NON UEFI system on an ASRock motherboard.

As far as I can find out both systems do not have KB3133977 installed. Both systems installed the new KB4474419 as offered through Windows Update with an earlier version of that already in place. They both rebooted to the desktop and seem to work fine. With the update on the AMD A6-5400K UEFI taking very long 1.5 hours before rebooting. It is my understanding that as long as you have at least the March version of KB4474419 then you are good to go SHA-2 wise for Windows Update. I have not installed the August Rollup Patch.

Both systems use Windows 7 x64 Home Premium

W10&11 x64 Pro&Home

Reply | Quote

OK, Win 7 64-bit, Group B here. I am up to date through this June. I have yet to install July updates, though assume I can deactivate the telemetry when I install them using advice in this thread above.

After I install July, I want to install August Group B.

My question:

I do not have KB 3133977 and I have an Asus board, but I already have the bios settings of “other OS” and “unloaded” as per https://www.asus.com/support/FAQ/1016356/.

I do have KB4490628. I have what I think is version 1 of KB4474419 (installed 7/25/2019), not v.2 (8/12/2019).

So, what do I install, and what sequence?

Thanks, everyone here is so helpful!

Reply | Quote

Since you’ve already verified your motherboard is good to go per Asus’ instructions: First install KB3133977 by itself and reboot, waiting for 15 minutes or so after rebooting for all idle tasks to be processed.

Next, install KB4474419 v2 from August 13th by itself and reboot just as you did for KB3133977, including waiting 15 minutes after rebooting.

Now, since you’re group B, install the security-only patch for August, KB4512486, by itself and reboot as before.

This process should keep the installation hassles at bay and allow you to successfully get fully updated for the month of August.

Reply | Quote

Install KB3133977 and reboot

I have what I think is version 1 of KB4474419 (installed 7/25/2019), not v.2 (8/12/2019).

KB4474419 v2 is delivered as a checked important update through Windows Update. You can install it that way or download it and do a manual install.

For the August Updates, you will need KB4517297 Security-only Update (contains everything in KB4512486 plus the fix for the VB issues) and KB4511872 IE11 CU. You don’t need to reboot between the installation.

Reply | Quote

Win 7 group A here.

Is the ASUS problem for all ASUS motherboards? Mine is ASUS P7H55-M PRO LGA 1156, but I don’t know if it has that safe boot stuff. I also noticed I didn’t have KB3133977 installed either. Gonna hold off on installing the Aug. roll up since people are saying it’s necessary to have KB3133977.

Reply | Quote

The instructions for turning off the safe boot are on the ASUS website, linked in post #1941971.
Use the instructions to look at your BIOS and see whether or not it is enabled.

Reply | Quote

Are we looking to change EFI or UEFI to “Other OS” in the BIOS?  Seems like what I’m seeing, that will solve the problem.  Thanks for all the help guys.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Heya PKCano. I just checked my bios and I don’t think I have this UEFI stuff the help link was talking about. My bios looks like MS-Dos type stuff and when I went to the boot category I couldn’t find anything that said secure boot. For what it’s worth I successfully installed KB4474419 but I am hesitant on installing KB3133977 and the monthly roll up.

Reply | Quote

How to identify your motherboard:
https://www.wikihow.com/Identify-the-Motherboard

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

SueW

Reply | Quote

Woody,

I am having a new patching phenomenon (for me) with Windows 10 Pro 1809.  I tried to go through the existing thread and I do not believe that anyone else is reporting what I am experiencing.

About a month ago, I decided to get somewhat more aggressive with the Advanced Options in Windows Update, but not as aggressive as your recommendations.

I know that you are saying we can reduce the delay on Quality (security) Updates from 30 days to 15 days, but I set it to 20 days to be less aggressive after all that I have seen over these months and years with Windows 10 Pro.  IIRC, I also reduced the delay for my Feature Updates from 360 days to 300 days.

A week or two later, I noticed that the delays for Quality Updates and Feature Updates had disappeared from my Advanced Options screen and I still cannot find them.  On Patch Tuesday, August 13 the August Quality Update appeared but I did not install it.  On September 1, the August Quality Update was ready to be installed and I installed it on September 2, which was Labor Day, and 20 days after it had become available.  According to the Update History page, not only was the August Quality Update installed on September 2, but so was the August Windows MSRT and a couple of Security Intelligence Updates for Windows Defender.

All of this happened before Ask Woody went to Defcon 3.

In conclusion, my preference for delaying the monthly Quality Update is being respected (20 days), and the monthly Windows MSRT installed without any previous visibility on the Windows Update page.  Also, at least one Security Intelligence Update has been pushed onto this system every day from August 4 through today, September 7.  This is a much higher update frequency than I have ever previously seen on Windows 10.

Woody, have you or the other MVPs since this behavior on any other Windows 10 systems?

Reply | Quote

Please read:

https://www.askwoody.com/forums/topic/win10-version-1903-disappearing-update-settings-described-but-not-explained/

In that Topic this URL:

https://borncity.com/win/2019/05/27/windows-10-v1903-the-broken-defer-update-options/

 

1 user thanked author for this post.

Elly

Reply | Quote

I am the original anonymous, and I am replying to Bluetrix.  I need to fix something with my account so that my name shows up again (see below), but that will wait until I have finished contributing what I can to this situation.

There may be an element of administrative user compared to standard user also.

When I first set up this computer five years ago, I created the first account with my firstname lastname and it was an administrative account.

Also, within the past month, I set up a separate administrative account and converted the firstname lastname account to standard user.  I triggered this update while logged in as the firstname lastname standard user.  I thought that I would not be allowed to run the August quality update as the standard user.  Am I wrong, or did I just hit a bug in Windows 10?

Very truly yours,

Jonathan Handler

 

Reply | Quote

To create a user name on AskWoody you must register it’s easy.

On your computer, admin account settings control updates for the computer, for what that’s worth.

As a standard account you would not be able to download and install an update (manually).

Creating a standard account is a security function for a single user computer, and a good one!

We are getting off topic for this thread. To continue this discussion please start a Topic here Question Windows 10 Clicking link will open a new TAB. 🙂

Reply | Quote

This is a test of my AskWoody account

Jonathan Handler

Reply | Quote

Reporting, not a techie but Group B, ASUS Z87-PLUS Socket H3 ATX Motherboard, Intel Z87 Chipset. Before installing KB3133977 I had followed the instructions given by ASUS, namely to first, enter the UEFI and navigate to Advanced Mode Menu>Boot>Secure Boot. Then change “OS type” to “Other OS”. Then press F10 to Save the changes and reboot. Next check the UEFI Advanced Menu>Boot>Secure Boot and confirm the “Platform Key (PK) State” is switched to be “Unloaded”.  Next, I installed KB3133977, followed by KB4474419, then KB4511872, and KB4517297, last was KB890830. Installed one at a time, reboot after every update. No issue so far. Thanks y’all.

3 users thanked author for this post.

jburk07, Charlie, samak

Reply | Quote

I think I’m going to skip those updates.

I miss Windows XP...

Reply | Quote

Apologies i have not kept up. So the KB4474419 is a New updated version of the one offered in March, is that right?

KB3133977 -2019-03 was Optional & I kept on Hold and left it (It is now needed)
KB4490628 -2019-03 Servicing Stack Update for Windows 7 (Installed in April)
*KB4474419 -March 12, 2019, SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7 (Installed in April)
Thanks

Reply | Quote

[PKCano]

KB4474419 v2 was released Aug. 12 – is needed, It is offered as a checked important update through Windows Update. It installs in addition to the earlier patch with the same KB number.

KB3133977 is needed – but if you have an ASUS motherboard, read this information first.

• This reply was modified 5 years, 7 months ago by PKCano.

1 user thanked author for this post.

walker

Reply | Quote

KB4474419 v2 was released Sept. 12…

You mean the patch that was released on August 13??? 😉

Feel free to delete this post upon successfully editing your prior post above. 🙂

 

Reply | Quote

Yes, August 12th (Catalog date) or 13th (MS Support page date).
Corrected now. Thanks

1 user thanked author for this post.

Blizzard

Reply | Quote

Thank you so much, that simply clears it up.
version 2 – v2   It makes sense when you’ve referred to it as KB4474419 v2 🙂

Reply | Quote

KB3133977 is not needed if you use mbr partition uefi/legacy boot but if you use uefi with gpt partition boot you will need it.You also may need it if you use a  virtual machine with uefi boot.Installed KB 4517297 without KB3133977 worked fine on first computer with just old hard drives with uefi/legacy boot mbr.Computer 2 with uefi gpt ssd with legacy boot off failed to boot eroor code 0xc0000225 used system restore to revert back before i installed KB4517297.Then i installed KB3133977 and KB451297 computer 2 worked fine.Also compouter 2 has a asus motherboard had to disable
Secure Boot.So it’s better to just install KB3133977 may save you some headaches.

3 users thanked author for this post.

Charlie, jburk07, Sinclair

Reply | Quote

Please pardon me again, I can usually keep up with most of this technical talk but I’m having difficulty with the acronyms and terms being used here such as UEFI, UEFI/Legacy, UEFI with GPT partition boot, and Secure Boot.  What is Secure Boot?

My computer was built in 2012 and my ASUS motherboard has an EFI BIOS.  Does that make it Legacy?  Before I go into my BIOS and start fooling around I want to know exactly what I’m doing.  If I don’t find these things that are being talked about am I in the clear?

I’ve been through a few complicated updating months before but this one takes the cake!

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Hi Charlie, yes it gets tough.

Legacy is basically the BIOS. Basic Input Output System. A chip originally a Read Only Memory (ROM) chip, but now they are Electronically Programmable EPROM.

Unified Extensible Firmware Interface (UEFI)
“UEFI is packed with other features. It supports Secure Boot, which means the operating system can be checked for validity to ensure no malware has tampered with the boot process. ”
See: https://www.howtogeek.com/56958/htg-explains-how-uefi-will-replace-the-bios/

Also see what PKCano said above and the site recommended in post #1941971.

1 user thanked author for this post.

Charlie

Reply | Quote

I just installed these:

2019-08 Security Update for Windows 7 for x64-based Systems (KB4474419)
Windows Malicious Software Removal Tool x64 – August 2019 (KB890830)
2019-08 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4512506)

Thank Heaven (and Woody and the gang), my network didn’t break this time. No other problems I can see.

 

3 users thanked author for this post.

Myst, jburk07, geekdom

Reply | Quote

Here’s my feedback after updating this afternoon:

1 – double-checked Task Scheduler — Application Experience, CEIP, and PerfTrack — all sub-tasks are still disabled

2 – imaged my disk with Macrium Reflect Free

3 – downloaded KB3133977 (the Bitlocker patch from 2016) from the Catalog & installed it; rebooted & waited 15 min.

4 – downloaded KB4474419 (latest SHA-2 patch, dated 8/12/19) from the Catalog & installed it; rebooted & waited 15 min.

5 – downloaded Updates KB4517297 (includes August SO KB4512486) and KB4511872 (IE11 August Cumulative)

6 – installed both Updates and then restarted. Note: my computer restarted a second time, after which I waited 15 minutes

7 – re-checked Task Scheduler — Application Experience, CEIP, and PerfTrack — all sub-tasks are still disabled

8 – updated MS Security Essentials’ Virus & Spyware Definitions manually to eliminate Windows Update’s “Optional” ‘Definition Update for Microsoft Security Essentials – KB2310138’

9 – checked “Windows Update” => 5 Important (all checked): 3 Office 2010 and 2 Win 7; 3 Optional: all unchecked

10 – unchecked and hid “Important” Update KB4512506 (August Rollup)

11 – hid the unchecked Optional update KB4512514 (August Preview Rollup)

12 – hid the unchecked Optional update KB4512193 (Preview for .NET Framework)

13 – hid the unchecked Optional update KB4503548 (.NET Framework 4.8)

14 – checked “Windows Update” again => 4 Important: 3 Office 2010 and 1 Win 7: all checked; 0 Optional

15 – unhid 0 hidden updates to install

16 – installed 4 Updates: 3 Office 2010 (KB4475506, KB4475573, KB4475533) and MSRT (KB890830). Note: no restart was required

17 – restarted anyway 😉

Notes: double-checking the Task Scheduler periodically is now part of my routine. And, Windows Media Player did not need to be reconfigured!

Many thanks again to PKCano, Woody and everyone else who continue to contribute their time and expertise, or who post their own results!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

7 users thanked author for this post.

Blizzard, Chessie, Lars220, jburk07, Myst, Charlie, Elly

Reply | Quote

Thank you SueW. As usual your posts are precise and well thought out, step 1, step 2, etc.

1 user thanked author for this post.

SueW

Reply | Quote

Well, I just went all through my 2012 uefi BIOS using the Asus guide supplied by samak, and I could not find any mention anywhere of Secure Boot.  I apparently don’t have it.  I’ve done a complete backup of the hard drive and made a fresh restore point.  Now I have to get up the nerve to start the updates.  I assume I won’t need to install the KB3133977.

I think I’ll wait until tomorrow (Monday) to do it.  Maybe by then someone with an Asus mobo will have reported a successful update.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Charlie, Poster #1942670 above has an ASUS (ASUS Z87-PLUS Socket H3 ATX Motherboard) and the BIOS steps navigated to “secure boot”. You also mentioned samak gave you instructions. If you do not have Secure Boot in your bios, you may be OK as is.

You are wise to have backups and a system registry restore point made.

Hope you have good luck.

1 user thanked author for this post.

Charlie

Reply | Quote

Can you explain what you mean by “as is”?  I’m still not certain whether or not I need the KB3133977, but I think it may not hurt to get it to be on the safe (if there is such a thing anymore) side.  If I update, and something goes wrong, I won’t be able to fix it.  Sorry, I’m sounding like Nibbled below.  Thanks for your reply.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Hi Charlie, You said, “Can you explain what you mean by “as is”? I’m still not certain whether or not I need the KB3133977, but I think it may not hurt to get it to be on the safe (if there is such a thing anymore) side. ”

Well my As-is phrase was an assumption that you may have an older ASUS board and it does not have the “Secure Boot”. If you do not have the same BIOS pathways like poster #1942670 above had, then you are *probably OK*. All you can do it prepare, then install the updates.

I too am wrestling with the KB3133977 install. I do not have an ASUS board, and waiver on install or not install. Woody did not say anything about it in the ComputerWorld Article (or I did not see it) so I keep leaning away, but then think what would it hurt?

Opinions on KB3133977 welcome.

1 user thanked author for this post.

Charlie

Reply | Quote

I didn’t mention it before but I found an old KB3133977 dated 4-12-16 in my WU Optional updates.  I haven’t done any optional updates for a long time.  The fact that I have it in WU may be a good sign.  Wow, what a nail biter this month is!

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

[Nibbled To Death By Ducks]

Reporting in:

I was REALLY hesitant this time, seeing all the horror stories…but went ahead this PM and installed KB4474419 first, rebooted, no issues.

Then I installed the Rollup, KB4512506, and a weird thing happened:

The machine booted, got to the desktop, and then spontaneously rebooted.

It has NEVER done this on an update/rollup, or any other time I can remember.

After that, things quieted down. Checked the local Task Manager, nothing there as usual, blank. There’s 39 items down in the “Active Tasks Box” (including RAC), but as I checked out of the Customer Experience” thing, all should be good, right?

I kept hunting round in different dark corners of the machine, But it seems to be running “hot, straight, and normal” (as the old submariners used to say).

But I am a bit nervous right now (Subconscious: “Now? I thought your Amerindian name was ‘Nervous Elk?'”), and I have the feeling I might be treading on thin ice.

Or the tail of the tiger.

Or both.

Will advise again in 24-48 hrs or sooner if something breaks.

“It’s all happening here!” (It sure is, you *&^%$##!!!)

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

• This reply was modified 5 years, 7 months ago by Nibbled To Death By Ducks. Reason: Typo

2 users thanked author for this post.

Charlie, jburk07

Reply | Quote

Reporting in…

Win8.1 Home x64

Malware for Aug 2019 – done – OK

SMQR for Aug 19 (KB4512488) – done – reboot – OK

NET Framework (KB4486105) – done – reboot – OK

Then this important update re-appeared:  NET Framework SQR (KB4507422) – done – OK

Note:  that was previously installed on 06 Aug 19!

Optional Samsung USB driver – done – OK but not tested yet.

2 * previews – not installed.

Thanks for all the advice.

Reply | Quote

KB4507422 is a Rollup for versions of .NET from 3.5 to 4.8. It contains individual updates (separate KB numbers) for each of the versions.
When you installed it on 06 Aug, it updated whatever versions of .NET were currently installed at the time.
But then you installed a new version, NET Framework (KB4486105) which is the installer for .NET 4.8. Since this version had not been previously updated, the Rollup ran again to install the update for the new version.

For the concept, think bag of oranges (Rollup) filled with individual oranges (an update with a separate KB for each version). When the bag passes, you get only the oranges corresponding to your situation. If you add something new, the bag has to pass again so you get the appropriate orange to match the change.

1 user thanked author for this post.

walker

Reply | Quote

I have looked in the Win7 System Configuration to see that I have BitLocker Drive Encryption Service disabled.
I just wondered if most people have this enabled. Recommend?

Reply | Quote

FWIW, mine is marked as “stopped” under services and in manual mode, but says nothing about being disabled.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

1 user thanked author for this post.

pinwheel.galaxy

Reply | Quote

Hey all,

Windows 7 starter 32 bit report,

Already had kb3133977, kb4474419 (v1) and kb4490628. So ran updater and got kb4474419 (v2) – installed/restarted and let sit idle for 30 – 45 minutes, then installed kb4512506 restarted and left it 45 minutes. Didn’t install MSRT this month and ignored previews and .Net 4.8.

So far all o.k. – Exhale…..

Many thanks Woody and all who contribute to this site’s wealth of information.

1 user thanked author for this post.

jburk07

Reply | Quote

After, I had installed all the prerequisites to KB4512506, I finally got it installed, with assistance from a Norton tech. I let the tech remotely access my computer and he checked my computer, and then changed some of the Norton firewall settings, but told me that Norton was not blocking the update. He went through the update procedure, and it was still initializing after about an hour or so after it had been started (I have 125 Mbps internet speed) . He then told me that this was a Microsoft issue and I needed to contact Microsoft, and that Norton had expertise in Norton products only, but that he was glad in doing what he could to assist me. Right after that conversation, and I was fixing to disconnect and contact Microsoft, the update began to show that it was searching for a restore point, and then the update finally successfully installed. I believe that Microsoft just wants to make me purchase a Windows 10 device, which I plan to do prior to January, but I’m not ready yet to do that.

1 user thanked author for this post.

jburk07

Reply | Quote

I am still in Group B and follow this site as best I can for guidance.

Being DefCon 3 yesterday I installed the two August Security Only patches  on my elderly folks two older Win 7 pc’s  – KB 4517297 and  KB 4511872 (IE11). I saw kb4474419 listed on both machines under windows update but I ignored it and did not install. Everything seemed to go well.

When I got home I updated all three of my Win 8.1 pc’s with the security only KB 4517298 and  KB 4511872 (IE11). Everything went smoothly and fast. No problems.

Right now I am in the process of installing the Security Only patches on my one Win 7 desktop.   kb4474419 showed up but I didn’t install it, only the two listed here on askwoody just as I had for my parents pc’s.

My brother built this computer for me a long time ago. I have Speccy installed on it and it says I have an Asus MB EVO  and also says Southbridge dated 2010.

I just rebooted after waiting about 10 minutes and so far so good……..

kb447419 is still showing up, since I  installed the other two  security updates can I simply ignore this one?

Reply | Quote

You should install KB4474419.

Reply | Quote

Thanks PK. Just installed KB4474419. So far everything is ok. It actually installed quickly and the reboot was fast as well. I let it sit for awhile before signing in.

Reply | Quote

Checking in with my report on the August updates.  I have Win7 Pro 32bit on an old HP dc7900 with Intel Core2 Duo E8400 (Wolfdale processor Fam6 Model 7), Southbridge.

I did full image using Acronis, then created a restore point.  I also verified status on prerequisites suggested by this fine forum.  I had KB3133977 previously installed (~10/30/16), plus had KB4490628 previously installed (~5/6/19) and a version of KB4474419 previously installed (~5/5/19).  I felt this was in line with the recommendations, so I proceeded.

1. Installed KB 4474419 first.  It installed very quickly, then I restarted machine and after it settled down from restart, I monitored TrustedInstaller.exe until it disappeared from Task Manager view.  I then rebooted again for good measure and let it all sit for a half hour or so.
2. Installed KB 4512506 next.  Same approach as above with restart and wait period and a second restart.
3. I elected to finally install the MSRT.  At conclusion, it reported success.  I restarted machine and let it sit idle for a half hour.  Rebooted one more time and have been using it without issue now for a few hours with no noticeable issues.

I did note that KB 4503548 was listed but unchecked, so I ignored it (.net)

Grateful for the sundry inputs by the many experts represented in AskWoody on this topic.  I appreciate the chance to read all the experiences and gain courage each month to take this update plunge.  Phew!!

1 user thanked author for this post.

jburk07

Reply | Quote

[Blizzard]

Failed to mention in #1945422, that I am Group A and non-ASUS.

 

• This reply was modified 5 years, 7 months ago by Blizzard.

Reply | Quote

Done!  Hallelujah!  Successfully completed the August Bitlocker, SHA-2, S.O. Win 7, IE, and Office 2010 updates with no problems.  Bitlocker encryption now showing up in Services and is Stopped.  I guess that’s okay, not gonna argue at this point.  Thanks to all who helped me, now I have to re-grow my fingernails.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

7 users thanked author for this post.

Microfix, SueW, Lars220, samak, jburk07, Myst, geekdom

Reply | Quote

You’re relieved? How about the rest of us!!!! LOL  🙂 🙂

9 users thanked author for this post.

Microfix, SueW, walker, Lars220, samak, Bluetrix, jburk07, Charlie, Myst

Reply | Quote

You are a very patient person PK.  Sorry if I was such a worry wart.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Charlie, We chatted above #1944105. I am very happy to hear your installs worked well. Mine went fine. I left off the KB3133977. It was a smooth set of install(s) for me too.

1 user thanked author for this post.

Charlie

Reply | Quote

Applied updates KB4512506 August Monthly Rollup, KB4474419 August SHA-2 update, KB890830 MSRT yesterday, and all is well. Have Norton, the Symantec fix came through August 20 and it played in sync with MS updates. I don’t have the ASUS motherboard, no worries there. Had all the current updates for the Win7 before applying the August Rollup, etc. then did a system image before and another to stay current with that part of the monthly routine. Not sure where I’ll be come January 2020, taking one month at a time and using caution by eliminating Adobe Flash, Adobe Reader, going with Chrome, Norton AV. Living on a wing and prayer, or maybe just won’t worry about the PC until 2020 hits. Thanks to all who contribute and post results.

MacOS iPadOS and sometimes SOS

4 users thanked author for this post.

Blizzard, SueW, Lars220, jburk07

Reply | Quote

Windows 7 SP1 64bit, with Broadcom network card. Group B.

Installed all August’s updates; KB3133977 was not and is not installed, IE KB4511872, KB4474419 SHA2, “SO” < note the quotes KB4517297 and MSRT today.

From the catalog; Installed IE KB4511872 1st, KB4474419 2nd, “SO” KB4517297 3rd, and MSRT (from WU) last.

Installed one at a time. Rebooted in between each update letting it sit 1 or 2 minutes after update was installed (when hard drive light settled down).

As per SUEW’s excellent post, I did the same. I went through Scheduled Tasks after installing the August patches. All remained “disabled”.
See the below: (for those wanting to turn off Telemetry Scheduled Tasks).

Application Experience
AitAgent was set to run at 2:30am -presumed altered from last months patch- but it did honor the set disabled state and didn’t run.

ProgramDataUpdater – was “ready”, set to disabled.

Autochk Proxy- Disabled (deals with CEIP).

CEIP did honor the set disabled state.

DiskDiagonostic Data Collector & Resolver – Disabled (disk & system info for CEIP). It did honor the set disabled state.

Media Center has: ActivateWindows Search, ConfigureInternet Time Service, DispatchRecoveryTasks, ehDRMInit, InstallPlayReady, mcupdate, MediaCenterRecoveryTask, ObjectStorRecoveryTask, OCURActivate, OCURDiscovery, PBDADiscovery, PBDADiscoveryW1,PBDADiscoveryW2, PeriodicScanRetry(disabled, an old trigger of 2006), PvrRceoveryTask, PvrScheduleTask, RecordingRestart (disabled), RegisterSearch, ReindexSearchRoot, SqlRecoveryTask, UpdateRecordPath. ALL had “last time run never”. After install of JULY patch all appeared the same “ready” except for 2 of them mentioned as “disabled”. No new run times, no new triggers (I do not use Windows Media Player).

PerfTrack – disabled

“WindowsErrorReporting” (WindowsError Queued files)? I already have Windows Error Reporting Service disabled, so I did disable the Scheduled Task weeks ago.

Control Panel > Administrative Tools > Services, find Diagnostics Tracking Service. I did NOT have that service. I never installed KB2952664 nor any get win10 patches (Group B).

From the JULY patch, it was mentioned to add a registry key of: HKLM\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable\0. I did not have that key and I did not create the key. If Abbodi86 or other askwoody MVPs say, “yes, you should”, then I will. (Is this registry key definitely needed?)

No network issues. No oddities. This was a fast and simple monthly patch!

Rebooted 3 times and let it sit for several minutes.

I would recommend people on the last reboot to go to the desktop and let it sit 45 to 60 minutes to Process Idle Tasks, let the trusted installer (as per PKCano) do its thing.

You can also force Processing of Idle Tasks if you want by the administrative command prompt: rundll32 advapi32.dll,ProcessIdleTasks

You can enter that then walk away for 15 to 20 minutes. If the drive light is still on, it is still running, walk away again. Do not allow the computer to go to sleep. Reset the Power Options to 1 hour sleep if needed. Laptops make sure you are on AC power not battery!

Thanks to all here.

Windows 7 Group B

3 users thanked author for this post.

SueW, Lars220, jburk07

Reply | Quote

I’ve did the August updates, including the updated updates that were supposed to fix the problems, and my VBA is still messed up in a very subtle, but annoying way.

My system is 1903 build 18362.329, Office 365 64 bit version 1908 build 11929.20254, HP Omen, brand new last week.

I have some large macros that I run in multiple workbooks.  In one of the workbooks, the macro ran fine all day, but when the workbook was saved, the VBAProject reference (the default project name, which I never change) was removed.  All the modules and forms are there, but when I open the workbook, I get a dialog that says “Can’t find project or library”, and none of the macros, etc., work.  Help says to go into Tools, References and add the missing reference, but References won’t open because what’s missing is VBAProject itself.

If I click on a module, I get the vague outline of a window with the right and bottom edges showing, but the module source is not visible.  Nothing but the right and bottom edges of the window show.

I had saved the macro-enabled workbook a few minutes before and archived it before running end-of-day, and that copy still has VBAProject, no problem, but I need the updated worksheets, which are in the bad workbook.  I thought I could save the worksheets by converting to an xlsx (to remove the modules, etc) and then restore them from the other copy, and then re-save as an xlsm.  But if I try to save as an xlsx, the save crashes.

I am not a happy camper.  I’m working on seeing if I can get the updated data to the workbook with VBProject intact, and save that with the updated data.  Then I have to see if I have to back out some updates, and try to determine if it is a problem with the Office Update versus the Windows Updates, etc.

Reply | Quote

[brian1248]

To add to the story, I was able to get the updated worksheet data copied to the workbook that still had VBAProject intact.  Everything looked good, I tested that various macros were running as expected, VBA compiled OK (as it should).  However, when I saved the workbooks, closed them and opened them again, it blew up with a VBA 400 error, which is one of those vague errors that could be anything.

My solution, which appears to have worked was to give each macro-enabled workbook a different project name.  I left one as VBAProject, made another VBAProject2, and a third, VBAProject3.  I have never had to rename VBAProject before.  I just left them as they were.  But apparently, something in the new update does not like it if you have 2 or more macro-enabled workbooks open at the same time with the default VBAProject name.

• This reply was modified 5 years, 7 months ago by brian1248. Reason: spelling
• This reply was modified 5 years, 7 months ago by brian1248. Reason: more spelling, clarification

Reply | Quote

[brian1248]

As a further follow up on this, VBA is still very unstable.  I have macros that, in the past, would run all day, doing various web queries and calculations, saving the workbooks at various checkpoints, log data, send messages, etc., no problem.

The macros were first developed on Win7 Office 2010, migrated to 2013, then Windows 10 1709/1803 with Office 365 32-bit then to Windows 10 1903 with Office 365 64-bit and never had a problem.  After the latest updates to 1903 and Office (even with the fixes that were supposed to correct the bugs in the initial updates) it is very unstable and ends up frequently in a “Not Responding” state.

The only option then is to kill it, and run a recovery process (which works), but then it might lock up again a couple of hours later.  Hopefully, Microsoft will make this stable again at some point.  I can’t be the only one still having problems.   I reported the problems to Microsoft multiple times.

• This reply was modified 5 years, 7 months ago by brian1248. Reason: fix typo, add paragraph breaks
• This reply was modified 5 years, 7 months ago by brian1248. Reason: change wording second paragraph

Reply | Quote

Win7 Group B

I installed the Aug 2019 IE11 update then rebooted.

Then I tied to install kb4517297 downloaded from “2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1, but installer came back with a “Some updates were not installed” error.

I downloaded from the Microsoft Catalog as well, but same issue.

I even tried to install kb4512486, and same error message.

Never had this happen before.

Am I missing something??

Reply | Quote

You need probably need to install KB3133977 and KB4474419 (in that order) before installing KB4517297. @PKCano please correct me if I’m wrong. Google “KB4517297” and click on the result that comes from “support.microsoft.com”. That will give you the bulletin for the patch. That bulletin includes a statement strongly recommending the installation of the other patches I mentioned above prior to installing  4517297. That statement can be found under the heading “How to get and install the update”.<!–more–>

Reply | Quote

if someone can verify this, much appreciated.

kinda wish the “2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1” page at least had an asterisk next to the August listing of Win7 security only patches as a heads up to this, so I didn’t need to bother everybody… 😳

Reply | Quote

See #1940976 above. It applies to Win7.
The Win7/8.1 updates for Aug 2019 are listed at the bottom of each list respectively in AKB2000003 .

Reply | Quote

After reading all the angst filled posts about BSOD problems and advice on how to prevent them, I thought my best option was to install the August updates one at a time. So I installed KB3133977, KB4474419, KB4512506, KB890830 separately and rebooted each time after an interval of time. So far all seems ok. I have a 10 year old HP Compaq laptop Win 7 SP1 Home Premium 64-bit (group A) that I’d like to keep running for at least until next January.
Thanks to everyone here for all the helpful advice and sharing!

2 users thanked author for this post.

Charlie, jburk07

Reply | Quote

Checking in after 24 hours….

No apparent ill effects. (Everything else in life went south today, but the machine, no.)

Again, thanks to all; this board is golden. I hereby dub it “Guardian Angel of PC’s!”

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

jburk07

Reply | Quote

I just installed the August patches, but it was the worst experience of my life as a Windows 7 patcher. Truth to tell, it has never been nearly as bad as today.

First, I installed the latest SHA-2 update, to be able to receive more updates.
These showed up in Windows Update’s list, waiting to be installed. One, the .NET update was unchecked, so I left it alone and installed the others: three Office 1200 and the MSRT. Success!

Then I got the security only and the IE11 cumulative from the MS Catalogue and that was the start of my troubles.

Tried to install both, after creating a restore point. However, the Security Only went through, the other got stuck after the reboot, in the “Preparing to install…” screen. After almost three hours  of this, Windows sort of quit trying and the “Preparing…” legend disappeared, replaced by the little white arrow pointer. But nothing else was happening so after a while I gave the three finger salute and this brought me to the login screen. I entered my password, hit return and… it would never stopped twirling the little ring thing in the “Welcome!” screen. After ten minutes of this, I crashed the system with the power button, restarted it in safe mode and, while there, took the system back to before the restore point I had created after the updates for Office10 and the MSRT and previous to trying to install the SO and IE 11 updates, one, or both of which had caused the system to get stuck for hours.

I restarted the machine and everything was fine, if still unpatched. I took a deep breath and started the installation of the Security Only patch for the second time, after creating a new recovery point, just in case. It went through the usual sequence, but before the 70% installed… etc., it rebooted itself and started another round of % installed, stopping at 30%. Then it gave me the usual login screen. I logged it, etc. And found that that the SO  install had worked!  Things seemed quite normal and in working order. Great rejoicing ensued.

So now my PC is patched with the very important August Security Only patch!

This might mean that the fatal patch was really the IE 11 one. So, to play it safe, I have not tried to install it again. When  the September patches are OK to install, nearly a month from now, I’ll install the IE 11 patch for September. It is cumulative, after all, so all the things in the never installed IE 11 August patch will still be there, and I might get lucky installing it then.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Charlie, jburk07

Reply | Quote