MS-DEFCON 3: Time to take your Microsoft update medicine

Topic

New Reply

We’ve had a veritable blizzard of patches so far this month, with several that caused problems, one that was pulled after crashing Office 2013 systems
[See the full post at: MS-DEFCON 3: Time to take your Microsoft update medicine]

Reply | Quote

Replies

But why not NEVER check for updates?

Reply | Quote

Woody –

I think you are missing a digit on the 313 security/non-security update

Reply | Quote

@Woody

“Yes, you should check KB 313424, if it appears in your list, even though it’s a combined security and non-security patch.”

Did you mean to write KB 3134214?

On another note, heard anything about the .NET Security updates?

Reply | Quote

OOOOPS. I’ll change it right now. Thanks!

Reply | Quote

Woody,

Under your step 3: “Yes, you should check KB313424, if it appears in your list, even though it’s a combined security and non-security patch.”

That is not a valid KB number, as it has only six digits. Did you perhaps mean the one I mentioned the other day: kb3134814? That is the IE cumulative patch that includes the non-security kb3141092. Installed on three Win 7 x64 machines, I have experienced no “interference”.

Regardless, those who are happy with their pre-X setups and wish to remain that way, are assuredly performing complete system backups to a USB device. Right? And have created boot media/CD. Right?

I go back to that question about the bundling of “security update” and the plain “update” in a single checkbox. Unless you can find a corresponding KB article, there is little hope that you can discern just what it is you are installing. The recent re-shove of kb3035583 verifies that.

Reply | Quote

So it’s both kb3134214 and kb3134814.

How nice!

Reply | Quote

Helps to keep a scorecard.

Reply | Quote

I do like that with my W7. It is of patch standard November 2015, cleaned of several patches already that reverse-installed W10 spyware into my W7 (or tried to do so). I got tired of investing hours and hours every month to keep updated on the news status for this and that KB-numbered patch. I am not the slave of this system, I expect the system to be mine.

>>>However, the point is that I do not use W7 for anything else than just launching several sims and games. I do not surf under W7, I do not email under W7, I do no text- or picture-edit under W7. For that, I use a second HD with Linux. I do NOTHING under W7 – except getting FSX launched. Wherever possible, I run sims offline. I do not play MP.

Even when you keep a payware security suite and scanners updated under W7, use Spybot and software like that, a certain amount of risk remains that you catch an infection from a new security exploit. So you want to minimise that window of opportunity – by not using W7 for anything more than just launching some software you depend on – and this only while also locking down several other background tasks under W7 that automatically connect to the internet. >>>You want your W7 as internet-dead as possible if not updating it any longer.<<<

Not updating W7 is a valid option. But one should know that there is a certain risk involved. You need to adapt your way of using your computer to it. Question is how the individual user rates these remaining risks if comparing them to the risk you accept when deciding to trust Microsoft that they correctly label and identify their patches – instead of selling you unwanted stuff while labelling it as something harmless and unsuspicious. They already do it like that right now. And every day they catch many unsuspicious users who do not have the background knowledge or do not read blogs like this one.

Do not trust MS, they do not play fair, but they play foul. To me, allowing them to connect to my system is the greatest concern of all risks there are.

So, not updating W7 any more, definitely is an option. But you should be sure you know what you are doing – and what yiou better do not do any longer under W7 then. If you do not update it any longer, you need a second system with a different OS, or a dual boot system with an alternative OS.

If you intend to use W7 in full as before, not updating it probbaly is no good advise, and you need to bite the bitter apple and invest the hours ever ymonth again to keep yourself informed on what KB's to install and which ones better to avoid. As I said, to me it wasn't worth it anymore, in the end. I kicked MS, and went Linux.

Reply | Quote

So are you actually implying that we “should” install 3134214, 3134814 and 3141092 on W7?

Reply | Quote

Woody, a question for your experts…

If we look at how the GWX campaign was implemented, MS had a W10 advisory tool that you could run to determine if your system was compatible with W10. If not, you were advised not to reserve the upgrade. Now that the reserve campaign has ended, is there a compat tool that is run by MS on every W7/8 system before the W10 upgrade is sent to them? Or is Microsoft sending the upgrade to any and every W7/8 customer regardless of their hardware compatibility ?

There has always been a level of trust that many users have always had with the windows update process . MS scans their system and determines what updates that the particular system should receive. I was wondering if is actually still happening, especially with the push to W10.
I ask because I have read that OEMs have advised users that their systems are not W10 compatible and they have received the W10 upgrade via windows update anyway.

Reply | Quote

Woody.
“I don’t recommend that you use IE. (Hey, Microsoft’s already put it out to pasture; that’s what Edge is all about.) But you need to update it, and keep it patched, because Windows still uses bits and pieces of IE in various places.”

Is this true even if IE is turned off in Programs and Features? I’m still on the original install of IE8 and haven’t ever used it.

Can windows use any of it if its turned off? I’d rather not put IE11 on if I don’t have to.
Thanks!

Reply | Quote

Yes, it’s true, even if IE’s turned off. Certain portions of IE are used, even if you’ve uninstalled IE.

Reply | Quote

Excellent question – and I don’t know the answer. I do know that you can manually install Win10 even if your machine is determined by the scanner to be incompatible – I’ve seen people do that. Whether it’s downloaded and installed via Windows Update, I don’t know.

Reply | Quote

Yes.

Reply | Quote

If you have KB2976978 then you got a compatibility check. I don’t know if it periodically checks or not.

Reply | Quote

Perhaps I was not clear. I meant: Set the settings to NEVER, then update manually–preferably on some sort of schedule. I don’t see why this isn’t the optimal solution. I do so at or near the beginning of each month, which allows about three weeks since Update Tuesday for defects in the updates to sort themselves out.

The key point being to take control and allow updates to occur only under your direct observation and after you have chosen which ones to allow.

As for what updates to install, this Win7 user agrees with Woody’s recommendation to allow only Security updates. If M$ ever starts lying about what they include, then I’ll start looking for the exits.

Reply | Quote

Does your recommendation to only install Security Updates apply to *Office* updates, or just Windows Updates? (I’m Office 2010 and Win7.)

Reply | Quote

“There has always been a level of trust that many users have always had with the windows update process.”

You must have a long memory…

Reply | Quote

Woody, I’ve been keeping score since PC-DOS 1.1 and Windows 1.03. The manual states v1.03, the three 3.5″ disks (720s) state v1.04. Even then you had to keep score.

Lots of barriers were breached by some very interesting things. Nobody burps on the 8.3 filenaming convention any longer. NTFS endures. That’s very old stuff. Once thought E-VGA was a leap.

I, like you and certainly many others in the Windows world, care about the quality of e-life and want to be in control (as best we might) of that element of our being. It’s an increasingly invasive element, as well. I am not inclined to program my phone to open the garage door.

I am inclined, as I feel most contributors here are, to control WTH is going on with my computers.

What is going on in the bunker in Redmond? At least the government is on board.

“According to the Office of the DoD CIO the Secretary of Defense has directed all U.S. DoD agencies to begin the rapid deployment of the Microsoft Windows 10 throughout their respective organizations for information systems currently utilizing Microsoft Operating Systems. From laptops to desktops to mobile devices, including Surface devices, the DoD is targeting its Windows 10 upgrade for completion in a year, an unprecedented move for a customer with the size and complexity of the DoD.”

https://blogs.windows.com/windowsexperience/2016/02/17/us-department-of-defense-commits-to-upgrade-4-million-seats-to-windows-10/

Reply | Quote

I have two ten year-old Dell Vista machines with 2MB of RAM that were not upgradeable to Windows 10 according to the upgrade advisor, as there was no specific video driver written for Windows 8 or Windows 10. I was able to install both Windows 8 and Windows 10 on both machines, but I had to use the latest video driver for Windows Vista/Windows 7 that Dell provided.

What this means is that all of my non-Modern UI programs that ran on Windows Vista and Windows 7 run well; most Windows Store / Modern UI apps do not run at all or run slowly, even with the Microsoft Basic Display Adapter.

Even so, Windows 10 runs better on both machines than Vista or Windows 7 ever did. Windows 10 uses less system resources than Windows Vista or Windows 7, and I have pared down the running services do that Windows 10 itself uses only about 600K or RAM. Your mileage may vary.

Reply | Quote

Also, I had to turn off Fast Boot (a hidden option), or Windows 10 booted into a blank screen after upgrading to the 2015 Fall Update (FUD). I would have to use a recovery disc in repair mode to get Windows 10 to boot to a usable display on these old Vista machines.

The Microsoft Upgrade Advisor was mostly correct in saying that my machine could not be upgraded to Windows 10 or Windows 8, but I looked around for video drivers that worked with Windows 10. I will not be rolling back to Windows 7 on either of these machines.

Reply | Quote

Should those with Windows 10 keep KB3135173 hidden? You advised users earlier to hide it, and because you said to get caught up on the backlog, one in our household with a new Win 10 pc is worried about installing it or keeping it hidden.

Please advise.

Reply | Quote

Not sure ho9w to hide it in Windows 10 but, yes, you should apply all Win10 patches, before Microsoft sends us a messy one.

Reply | Quote

For me with W7, using Microsoft Works 9.0, after installing the latest .NET Framework Updates this month, I have been getting lots of crashes when doing copy from internet and paste to Microsoft Works 9.0. I think the Updates are NFG if you have had no previous problems with the word processor you have been using.

Reply | Quote

IE cannot be completely uninstalled, only hidden from view. The reason goes back to IE4 when Microsoft made a design decision to integrate Windows with IE and although there has been some decoupling since then, it has never been completed as I assume this would require a complete redesign of Windows. The core of Windows is still the same, regardless of the version.
This is what Woody has been trying to convince everyone for a long time and this is still questioned and for good reason as Microsoft does not make it clear for everyone. However there are old statements from Microsoft claiming exactly this, that IE cannot be completely uninstalled without them going further into details.
I am aware of people doing all sort of hacks to completely uninstall IE which is unsupported and I would not recommend such a procedure as it would certainly cause negative side effects, sometimes not immediately visible.
Bottom line, IE must be patched like the rest of Windows which require installing IE11 on Windows 7 and the latest CU available.

Reply | Quote

Woody… One of my test systems was deemed good to go for Win 10 and after letting the upgrade take place through Windows Update it continually locked up shortly after the Win 10 Desktop loaded. I never did get to use it and the “roll-back” failed.

The constant crashes were caused by incompatible drivers which were related to the motherboard, and the manufacturer has no drivers available beyond Win 7.

So although MS advises you that a system is “capable” of upgrading to Win 10 I wouldn’t store any faith in that. I believe practically any system would pass the upgrade test, simply for the benefit of MS to show another one upgraded… even if it didn’t survive the trip.

By the way, I did image that system before upgrading and Win 7 Pro is alive & well again with Windows updates totally disabled.

Reply | Quote

It’d be worthwhile if you could post a list of the incompatible drivers on the Microsoft Answers forum. (Or on Reddit.) Microsoft seems to be genuinely interested in improving the scan.

Reply | Quote

Yep, and the DoD said the same thing about Windows 8.

I never did figure out what those guys are smokin’…

Reply | Quote

Both. All Microsoft updates. I rarely see a good reason these days to install ANY non-security updates.

Reply | Quote

Why would anyone want all those bugs to be fixed?

Reply | Quote

Woody, My “updates” are set so that anything that is “optional” is shown in a separate list.

I also use ESET to verify what’s new on the list, so therefore I don’t feel comfortable making the changes referenced in step 3. I like ESET’s list because they DO use the term “optional” for those that are.

No problems having it all listed in this manner in the “Updates”, since the “optional” updates (listed as “recommended” I think) are in a separate list. It hasn’t been a problem having it set up like this (so far).

Using Win7 Home Premium. Thank you again for all of your wonderful guidance with so many, many issues! 🙂

Reply | Quote

I was referring to the not-so-knowledgeable user. Over several decades users have been advised to set updates to automatic. Those who have taken responsibility for their systems maintenance have obviously done otherwise. I do not know what the majority of users on W7/8 systems do today, but I would guess that most are totally unaware or still chose to go with the default setting.

Reply | Quote

She is referring to your article telling us it knocks out defaults of the PC and any others that are set up, along with file associations. It is: http://www.infoworld.com/article/3032751/microsoft-windows/windows-10-forced-update-kb-3135173-changes-browser-and-other-defaults.html saying it changes defaults.

You can hide windows updates by using the Windows 10 show/hide tool KB3073932. You can download it it to your desktop or a flash drive. You’d be surprised what she found in the list of updates there–many updates for drivers,Intel stuff, keyboards, etc. She thought the installer who got her Christmas computer ready should have installed them, but I think they are just there for optional installs.

You work it just hiding updates in Windows 7. You check a box and hide it. Later you can un-hide it if you so desire.

This tool is mentioned in the same article: “Others have found respite by uninstalling KB 3135173 and blocking it from running again using the wushowhide utility buried in KB 3073930.”

Thanks

Reply | Quote

Hi Woody,

A question about this part of your article: “…click the gear icon in the upper right corner, choose About Internet Explorer, and verify that you’re on IE 11. If you aren’t yet on IE 11, check the box marked Install new versions automatically, then click Close.”

You didn’t say whether the box should have a check in it, or not, when one is done making the change you suggested. Some people will already have that box checked, so taking your step will un-check it. Other people, like me, will have that box un-checked already, and if they took your step, that would make the box have a check in it.

I am assuming that if I do Windows Update manually once a month (3 weeks after Patch Tuesday, and after researching what folks like you, Susan Bradley, and the various other sites I mentioned on your site a couple of months ago have to say about the latest patches), and if I make sure to install new versions of IE when they pop up there, that I do not need to give MS permission through that IE checkbox to do who-knows-what to my set-up.

I think that, about a year ago, my having that innocent little box checked allowed them to change something else on my computer (that I didn’t want changed), and it took me time and effort to figure out what had happened, but after I learned it was due to having that IE box checked, I unchecked it. That was a little bit before I learned about the GWX malarkey and how careful one must be now with giving them carte blanche.

Reply | Quote

@ wdburt1,

I indeed misunderstood your suggestion, sorry.

When Microsoft has started to label GWX pushing infestations as “recommended” updates, I do not see why one would want to trust in their honesty of hiding same GWX-pushi8ng stuff in “security” updates.

Obviously without letting people know, else the trick would be spoiled. Its a very tempting trick. It must be very hard for them to resist to it forever.

Think of it. This whole Blog is about arguments Woody collects and others comment on that show why you should not trust MS. But when it gets to GWX not being smuggled into your digital realm by labelling it “security update” – then you suddenly start to trust them again? Why, oh Lord, oh why…???

Gentlemen, you are contradicting yourself if you would.

We have a saying in German, translated it would be: “Trust is good. Control is better.”

Reply | Quote

I installed only the security updates and now I can’t stop webRTC and VPN is leaking on chrome.

Did a system restore back 3 days but weirdly the updates are still showing as installed ?????

Now going to check if the telemetry I’d turned off has been switched back on.

Reply | Quote

woody: The KB3037639 for Vista is already obsolete and replaced by the KB3134214 win32k.sys MS16-018 security update for Windows Vista. No need to do anything from MS support KB article 3037639 anymore.

Reply | Quote

Ooops. I’ll re-word it. My bad, and thanks for the notice.

Reply | Quote

AHA! Yes, wushowhide. I miss-spoke. You’re absolutely right.

Reply | Quote

What bugs? Specifics, please…

Reply | Quote

Some day I’ll have to write about Optional and Recommended in Microsoft’s listings, vs Optional and Important in Windows Update, vs checked and unchecked in Windows Update, and the italicized patches to boot. There’s no strict one-to-one correspondence: The terms mean different things in different situations.

Reply | Quote

What about the hidden update, or my daughter’s hidden update, KB3135173? Did Microsoft take care of the problems with it knocking out people’s default settings, and changing file associations?

Reply | Quote

> If M$ ever starts lying about what they include, then I’ll start looking for the exits.

Are you certain that they have not done so already? Isn’t underdocumenting the patches about the same thing?

Are these the same programmers who can’t even see the logic in maintaining a cohesive desktop theme. Are you sure you want them updating your system?

Let us not forget this is the Microsoft that is pushing testing on the users. Has a few days been enough time for us to know what the latest patches will do?

Has anyone seen documented test results showing the latest patches – even if they are sound – don’t trash performance?

Personally, if I were setting the DEFCON levels they’d be bouncing between 1 and 2, not 2 and 3.

-Noel

Reply | Quote

It’s possible that the military runs a very different, very austere version of Windows.

I have a Win 8.1 setup that’s dead silent online, has no Apps, and is extremely stable (34 days running 24/7 without any hiccups as of right now).

The KERNEL of Win 8 was good, if you cleared away the garbage hung all over it.

I have also a test Win 10 setup that’s about the same (Win 10 responds to most of the same tweaks Win 8.1 does).

It’s not hard to imagine that an austere, no-nonsense, App-free, silenced system could be a reasonable choice for the DoD. But this is a VERY different system than what users are getting out of the box. Just keep in mind that many of the tweaks I’ve done to achieve such systems have no overt settings – you have to edit the registry, change scheduled task configurations, muck about with the service settings…

THEIR Win 10 is not the same as OUR Win 10.

-Noel

Reply | Quote

Bugs?

I’ve got a Win 8.1 setup that’s not had so much as a glitch in 34 days of hard use doing engineering work, running 24/7.

I’ve also got a Win 7 setup that’s not had a lick of trouble in 74 days of 24/7 operation.

“If it works, don’t fix it.”

Please tell us why you believe a brand new patch will clear up more bugs than it adds? Is it because of all the testing Microsoft does (hint, the amount of that’s changed lately).

We’ve only just gone from DEFCON 2 to 3 because the world didn’t actually come down in flames en masse, but that doesn’t mean the patches are perfect!

-Noel

Reply | Quote

Woody, do you do – or track – performance changes due to Windows Updates?

I benchmark after every series of updates, and I’ve seen things like the Direct 2D performance suddenly go down, and also changes in file system performance (neither of these happened lately).

Seems to me patches could wreck performance, and few folks would know about it. Hardly anyone talks about this aspect.

-Noel

Reply | Quote

@woody You need to hurry up, Windows 7 is quickly being made obsolete by Microsoft and they have already changed how things work in Windows 10. Seriously, I would be interested to read a good explanation, as you have already replied to me in a previous thread that things are not as black and white as they look at first sight. Just mentioning here that things are made even more confusing in WSUS where every approved update is considered Important in History while the same updates installed from the Microsoft Update site are flagged as they normally are classified.

Reply | Quote

Not sure that I understand you. Win7 is here to stay. Microsoft is messing around with it in ways that are unconscionable, but it’s still solid, and it will remain that way for many years.

Win10 hasn’t changed much in the past year. Redstone should help, but it’s a few months off.

Reply | Quote

I only watch major performance changes. Lately, the big one has been Windows Update itself taking a huge performance hit.

Reply | Quote

KB 3135173 resets file associations on some machines. It hasn’t been fixed. But the fact that you know the file associations may be wonky should be sufficient to recover from significant problems.

Reply | Quote

The answer is that I am NOT sure that M$ is not already abusing Security updates. I must rely upon other, more technically advanced people–starting with this blog–to spot evidence of that, when and if it happens.

That said, experience teaches that the descent into moral turpitude does not happen all at once, that some standards are upheld longer than others. Somewhere in the future, perhaps the forseeable future, the day may come when M$, frustrated that it still hasn’t eradicated Win7-8-8.1, crosses the line of misrepresenting a non-Security Update as a Security Update. I haven’t seen any evidence that they have done so yet, and to base my actions on nothing more than the fact that they could do so–well, hand me my tinfoil hat.

To mislead customers about Security Updates exposes M$ to a somewhat higher risk of being sued for material fraud, I think, and that perhaps is why that they may hesitate to cross that line.

Reply | Quote

Woody,

Well, it looks like for the first time this past month there is no longer a security update for IE 9 like I was telling you there has always been, so I guess I finally need to update to IE 11? (I don’t use it, of course.)

Is it okay to just install IE 11 from Windows Update (it is always listed as part of the Important Windows Updates along with the other monthly security updates in Windows Update with the box check marked) instead of telling IE to always install the latest versions? I just don’t like the idea of letting IE do stuff without my knowing. Please let me know the scoop on that.

Thanks, Woody.

Reply | Quote

Microsoft discontinued support for IE 9 on Win7 and later on Jan 12.

http://www.infoworld.com/article/3020534/security/microsoft-will-end-support-for-internet-explorer8-9-and-10.html

Vista is still supported with IE 9.

Yes, install IE 11 from Windows Update. It’s important that you keep up with security updates for IE 11, thus I recommend that you check the box. If there’s an IE 12 (highly unlikely), you want it, too – even if you don’t use IE. Checking the box won’t hurt and it may help.

Reply | Quote

Except for very unusual cases (such as the recent kernel patch, which combined both security and non-security elements), I’ve seen no evidence that security patches monkey with anything else. If I ever do, I’ll scream blue murder.

Windows 10, of course, doesn’t draw a distinction between security, non-security, and lets-stick-it-to-em updates.

Reply | Quote

You are right, they have started to mislabel and misleadingly describe unwanted “patches” already, it has been documented, last but not least in this blog. And also true is that certain GWX-related things have been moved already from “optional” to recommended” patches – just some weeks ago.

They always claim that it would help their oh so grateful customers to enjoy their Microsoft martyrdom more pleasantly. And when they have done something nasty, of course they claim it was just a mishap, a minor accident, and of course they excuse. The damage remains to be there, and their excuses echo on only until the next mishap or minor technical accident happens.

That is as close as it can get to sell GWX-patches as security updates. Based on the argument that running W7 at a given time in the future is then considered to be unsecure and any method to make people move to W10 thus qualifies as a “security update” indeed. Don’T they mean it so well with us…?

There is nothing tinfoil-behooded about this. ITS JUST THE LOGICAL NEXT STEP, and is in consistency with their record of previous steps. Take me by my word – sooner or later it will happen.

“I do not beleive in the good of man. I believe in some good in some men.”

Reply | Quote

@Woody,

I’m going to run IE9 for as long as I can even though MS is no longer supporting it.
I understand that IE is integrated into the OS and that there are 3rd party software that relies on IE to function ( i.e. McAfee AV, etc. ) but I am going to see where this takes me and how long I can go before I am literally forced to upgrade.

I’m just tired of being forced into actions under disguised threats from MS. I’ll report back as I move along. I’d be interested to hear from anyone else who is going to make a stand on IE9 or 10.

Reply | Quote

My Windows Update appears to have taken a HUGE hit. Most times I try it just stays stuck at 0KB, 0% complete. I’m able to get it going again by running the Windows Update Diagnostic, but I seem able to apply only one update at a time before it gets stuck again, and I have to run the diagnostic again. Each time I do it resets the data store, and I have to check for updates again, which can take several minutes. It’ll take forever to get updated at this rate.

What’s more, sometimes Windows Update fails on larger downloads. KB3126593 keeps failing with error 80072EFE. And getting updates directly from Microsoft’s website doesn’t seem to help, either. The standalone installer gets stuck at “Searching for updates on this computer.” Arrrgh! How in the name of sense am I supposed to get my computer updated if the tools to do that won’t do what they’re supposed to? Talk about bad design!

I had similar problems last month, but not this severe. And I’d never had problems with the standalone installer before.

Never mind Windows 10. Right now Windows 7 is driving me toward Linux, not to mention the funny farm!

Reply | Quote

There is a version of Windows 10 which out of the box is very close to what you describe and meant to be used ONLY by organisations that don’t change often and have somehow special requirements. That version is called Windows 10 LTSB (Long Term Servicing Branch). There are no Universal Apps other than those required by the OS found under the SystemApps folder and as negative side-effect there is no Microsoft Edge coming with this version. The forced Automatic Updates still apply unless the IT Administrators configure the OS differently which they are meant to do if they use that version. Another side effect is that major updates like 1511 do not apply, instead the LTSB version will be updated to a new version less often than the mainstream versions.
I find LTSB as a step backwards from the mainstream Windows 10 Enterprise or Pro, but there are legitimate uses for it.

Reply | Quote

@Anonymous I would guess that most are totally unaware or still chose to go with the default setting

Absolutely right. And it is probably safer for us all Internet users if it is so. This is why Microsoft is able to push forced updates and get away with it without much opposition.

Reply | Quote

From my testing, Windows 10 64-bit does not run efficiently with less than 6 GB RAM. Even 4 GB RAM tends to be limiting in most instances. Maybe Windows 10 32-bit version to be less resources intensive?

Reply | Quote

Noel: “Are these the same programmers who can’t even see the logic in maintaining a cohesive desktop theme. Are you sure you want them updating your system?”

Great statement. Maybe not the same programmers, but the same outfit that gave us “Bob”, the OS.

Woody: “… If I ever do, I’ll scream blue murder.” Woody, you might have to get in line.

I know that I will be reading all the KB articles related to security updates in the future, before I allow installation. This is how I happened across the IE “cumulative security update” which also included a non-securtiy update that affected 29 files. And, I knew nothing about it until later checking my installed updates. The KB article detailed it. Hey, I didn’t install that update. MS: “Oh, you did.”

Reply | Quote

A weapon unused is a useless weapon… MS is putting the machinery into Windows to spy on users in order to line their pockets with silver… Apparently the DoD must think like the FBI in that Win X can have a backdoor that only they control… But as history shows, eventually hackers will find a way in and utilize that machinery against them.

and so the lemmings march in lock-step to their death chanting… Ohwww.. It’ll be great your computer will talk to your car, your car will talk to your phone, your phone will unlock your doors and make toast… blah, blah… Genesys IS Skynet 😉

Reply | Quote

Oh… That would probably be the bandwidth being sucked up by Windows telemetry uploading the details of your life…

Reply | Quote

Can’t download any of the MS updates. I’ve only tried two thus far. Started with the IE Update (KB 3134814).

Have it set (as always) to “check for updates but let me choose whether to install them.

The block for “No recommended updates” is checked.

The Second update I tried was KB 3115858. I had to stop both downloads because they were not doing anything. Only the last one shows up on the “list” of “installed updates” as “cancelled”. NOTHING is showing on that list for the IE Update (KB 3134814). It is still also showing as an update in the “list”.

The computer is acting as it “something” has been changed on it. I’ve seen this before, however it usually clears up after a while. Now I’m not able to get anything. I thought previously it was because the MS Website was too busy (as when the Black Tuesday rolls around).

Anyone else with this problem, or is it possible that the large DL for the IE is still “in the chute partially loaded?

I can only wait and try later or tomorrow. In the interim I don’t know where to begin next.

Only time I’ve seen this is when MS website is too busy, and if there is a large DL. Hope no one else is experiencing this.

🙁

Reply | Quote

As I understand it you’ll be able to keep running IE9 ok, and won’t be forced to upgrade it by MS although other applications may end their compatibility with it. From now on, however, you will not receive any security updates for it and your system will therefore be at increased risk. Is there any particular reason not to upgrade to IE11 from IE9? I made that specific upgrade recently and haven’t noticed any difference although I very rarely actually use IE.

Reply | Quote

I think this is where I posted my problem with the MS Updates that wouldn’t download (KB 3134814 (the IE Update) and KB 3115858),

It FINALLY must have finished its download because it was almost finished (first time I had even seen anything showing the progress, although it was checked). So apparently patience must be utilized when dealing with these problems. At any rate the IE Update is now installed. I need to take a break before I attempt anymore.

I hope that most of us don’t have to endure many more problems such as this with these MS Updates. Woody’s wonderful moral support and all of his other help keeps us all on the “right track”. Thanks for all you do, Woody!! 🙂

Reply | Quote

@Woody

Just an observation.
I found the installation of the Feb batch of .NET updates to be a bit more cranky than usual.

Reply | Quote

I didn’t have any problems, but it wouldn’t hurt to just leave your machine on overnight.

Reply | Quote

Nope. If it were, I’d be seeing activity on the modem and the resource monitor. As it is, I’m seeing doodly squat.

Reply | Quote

Hi Woody,
I have a problem after following all the above instructions you listed for updating W7, including installing the GWX Control panel, I then proceeded to uncheck everything you told us to uncheck, and make sure all patches labeled security were checked. I did this procedure on 2 W7 PCs, both running W7 Pro, one is 64 bit, the other is 32 bit. Now when I click OK, followed by install updates, nothing happens. The progress bar appears, bit nothing happens, both pcs stay on 0%. I’ve restarted them both numerous times, cleared the Update Cache using the GWX Control Panel, and I’m stuck. Neither PC will update.
Now what do I do? Neither of these pcs have ever done this before. I installed Windows Defender update just before coming to your site to check your Def Con rating, as usual, and that update installed fine on both PCs. Have you seen anything like this, and do you have any idea what I can try to do to fix this?

Thanks for your help.

Reply | Quote

Maybe you should try IE10 which is at the same quality level with IE11 without so many compatibility problems, although I think most of them have been sorted by now even for IE11.
IE9 is not a very good version of the browser, just a transitional version between the very stable IE8 and the very good IE10.

Reply | Quote

I found KB3135445 – Windows Update Client for Windows 7 and Windows Server 2008 R2: February 2016 to be a good update and Susan Bradley seems to have the same point of view. It may fix slow Windows Update and it doesn’t look like installing Windows 10 adware.

Reply | Quote

Bill, if you visit the Microsoft Community website and various other forums you’ll read numerous threads about this irksome problem. I have been a long suffering W7 user for at least 6 months now. There is no need to try and fix your computer there is nothing wrong with it, the blame is purely pointing toward MS.

A couple of months ago (this is how bad it has been for me) I selected an update -a mere 256kb- and after an hour and a half when nothing eventuated I cancelled it, all the while muttering a few choice words. I was so angry with MS as this was now becoming a second job and such a time waster, not only the reading of all the various KB’s (to keep Win10 at bay) but waiting for the updates to download and eventually install. To say I’m over it, is an understatement.

Have you already worked out that it is because of Win10 being spewed out to all and sundry through the normal update channels? MS Servers don’t seem to be able to cope with all the traffic they have self imposed, and worse, foisted upon the unwary public (those who just want to use their computers and not become IT professionals).

Funnily (or scarily) enough the last batch of updates downloaded and installed like the days of old, much to my amusement! I won’t be holding my breath next month though but I’m hoping I’ve turned the corner and I wonder if the days of yore will return.

Reply | Quote

Good point. For those who are reporting slow Windows Update times, they should definitely try installing this one.

Reply | Quote

Try running the Fixit here.

Keep me posted!

Reply | Quote

@Quick,

As I had previously mentioned, the .NET updates this month were rather “cranky”. (And I install the .NET updates first, before I do the Security updates.)

Once the update bar appeared it took a while before any progress showed. It seemed to be “stuck”, but it wasn’t. Then, once it got to .NET update 2, the progress bar stayed there a while, again.
Usually, .NET updates install pretty smoothly, but not this month. Maybe you should give the update process some time before going to the MS Fixit page.

Reply | Quote

KB3135445 has done absolutely nothing to fix unconscionable wait times of several hours and major svchost spiking on Win7. I’m not the only person that continues to experience these problems.

Reply | Quote

That may be why checking for updates today is failing with error 80072EE2. The first Google search result indicates the MS servers may be receiving a high number of requests for updates. Which raises the question of whether anyone else has been experiencing unusual problems with Windows Update today.

Reply | Quote

Good Grief! I am getting beyond dizzy. We only have two different systems in our house and my head is spinning. I can’t imagine being an IT person for a company or computer testing.

To many of us this is very anxiety causing because we need functioning computers for work our; and MS has caused us to lose income many different ways.

Much is confusing, so I am trying to stay with advice from this site.

For the little box in IE I am not following the discussion very well, or I am just confused. I read in your basic boiler plate directions to check the box after making sure we were on IE 11.

Then on Feb. 28 at 12:06 pm D questions what that means because it could be telling us to have a check mark or no check mark depending on what we had previously–good point. Later in his post he says: “I think that, about a year ago, my having that innocent little box checked allowed them to change something else on my computer (that I didn’t want changed), and it took me time and effort to figure out what had happened, but after I learned it was due to having that IE box checked, I unchecked it.” — to me this point seemed smart to uncheck (no check mark) it in case an automatic update could do something we didn’t want done, or we could wait until MS straightened out a possible problem.

From your response to D I thought you were confirming it should be unchecked and the separate windows update service for black Tuesdays would have us updating our IE 11 if necessary.

From this post just above in response to Jack, are you saying we should have it checked?

I would like to know for certain, and for safety’s sake, if the box in “About Internet Explorer” should have a visible check mark requesting that MS update our version of IE automatically. So, should that box contain a visible check mark?

Thanks so much for coping with all of this and our questions Woody!

Also thank you for the tip to find and download KB3135445. I will have to see if it is in my optional list. If it speeds up downloads it will be a blessing. I have had to check updates, go to bed and then find 6 hours later it is just installing the updates. I hope this helps!

Reply | Quote

Woody,

I love ya brotha’ but how can you use the words “unconscionable” and “solid” in the same sentence? You mean spying is OK as long as it doesn’t crash?

Like the “Boiling Frog” I think it’s naive to believe Win X data collection will ONLY be used for advertising and product improvement. What would a list of search terms like, unemployment or bankruptcy be worth to say financial institutions? Become unemployed AND have your credit shutoff all in the same day? Try getting affordable insurance after you’ve added a doctor who specializes in a certain expensive disease to your address book. And then there’s “Third Party Doctrine”. I encourage readers not familiar with these terms or concepts to “Take the Red Pill” and do a search for them. There’s far more bubbling under the surface than the cool features you see.

Reply | Quote

Yes, I think it makes sense to check the box in “About Internet Explorer” that says it should be updated automatically.

I also, emphatically, say you shouldn’t use IE. I’ve been recommending that people avoid IE for something like a decade now.

Reply | Quote

Yep, I’m still seeing lots of problems with long wait times.

Reply | Quote

Thank you for the clarification.

No, I do not use IE, but I will go back and recheck that box.

I may take what I said about KB3135445 back. I found your Feb. 3 article on it since writing the above and you wrote: “Unfortunately, it contains many of the same files that were in KB 2990214, and it may well be tarred by the same brush that I mentioned back in April 2015.”
MS corrupted my Windows 7 computer with the evil KB 3035583 and with some of the other early ones. Even though I reinstalled 7 it just seems slow. I don’t want to deal with wiping it again and carefully reinstalling all the updates again. I have chosen to avoid what I can of Win 10 on my Windows 7 computer with its tiny 2GB Ram. I do use GWX Control Panel, but still . . .

Reply | Quote

It sounds exactly like what I encountered! The update bar appeared, and no progress showed. Haven’t had time to get to others yet. Hoping there are not more like that!!

Reply | Quote

Just got home to a notice that two “new” updates are available. Both were optional, unchecked, unitalicized.

KB2952664 and KB3138612. That’s got to be the fourth (maybe more) time for the first and more than once for the second. Both rejected (hidden). Good old 2952664, back for another try. Sorry!

(Win7 Ultimate x64)

Reply | Quote

Woody,

I thought I’d let you know that my daughter went to unhide KB3135173 for Windows 10 after hiding KB3139907 and KB3140753 (waiting for your word on them for this month) and her KB3135173 is no where to be found. It is not in her installed updates either. We wonder what it will be superseded by.

Reply | Quote

@Eric, KB3102810 (in MS’s documentation) was also ‘supposed’ to have fixed “Installing and searching for updates is slow and high CPU usage occurs in Windows 7”.
After I installed it …did it fix it for me? No way.

In my previous reply I forgot to mention the svchost spiking as high as it was. I’m not going to install anything they say might fix this issue as I have lost all faith in MS. I’ll keep monitoring what happens on a month to month basis. As I stated earlier, the last batch of patches performed flawlessly and I’m hoping to replicate that with this months offerings early next month (after the all clear).

Call me pessimistic but I still won’t be holding my breath!

Reply | Quote

I’d highly suggest for everybody to find the time to read the User Guide for this M$ malware weapon called GWX Control Panel before pulling the individual triggers. ESPECIALLY the “Clear Windows Update Cache” function. It suggests you to “see User Guide for details” right on the button!

It states this process is irreversible along with telling you that it WILL cause the next check for updates to take a long time if you use it. It also recommends that you DO NOT use this function unless it’s absolutely necessary and explains when it should be used.

The GWX Control Panel is a fantastic weapon in this battle with M$ but like any other weapon you should know what’s going to happen when you pull the trigger BEFORE pulling it.

Reply | Quote

Woody… the box states “Install new versions automatically”. VERSIONS, not updates.

I’ve had that box unchecked since upgrading from IE-9 to IE-11 a long time ago and I get the IE patches through Windows Update all the time. I may be wrong but I think that’s only for installing a new VERSION automatically… as in IE-12.

Reply | Quote

That’s likely the correct interpretation. Seeing as how there’s about a zero percent chance of an IE 12 hitting the waves, I feel secure in recommending it be checked.

Reply | Quote

I have one update, that I had notes on showing there were problems. I can’t locate anything when I do a search here. It was referenced on this forum, however I can’t locate it.

Does anyone have the information on KB 3124280 (MS 16-016). I show a note that it was hidden about Feb. 16 (and that I got the information from here).

It’s on the update list now, and I’ve noted that there are several comments about problems with this one. Does anyone know if it’s “safe” or not?? I’ve tried everything I can to find information on this showing that it’s “safe”.

Hope someone has the skinny on this one.

Still having problems with the updates – – – a very small one (KB 3126446) I’ve been trying for 2 days now to get it to download. It’s only 1.3 MB!! It only seems to get worse!!

Reply | Quote

If I was a believer in conspiracy theory I would surmise that this is part of the Evil Empire’s plan to push us all to Win10. 🙂

Reply | Quote

Hi, I’m a newbie and I need some advice and reassurance.
My Windows Update has been set to Never Check for Updates since Feb 15 and I have GWX Control Panel running in the background at all times. Today I thought it was probably time I checked for updates, so I followed your nice clear instructions above. Windows Update digested for a while and then gave me a list of updates that were ready to install. I am actually a bit concerned about how SHORT this list was — only 1 “important” update (KB3140527), NOT a security update so I unchecked it, and some 15-20 optional updates which were already unchecked. I hid some of these because they were supposed to be telemetry-related and stuff like that. I ended up installing no updates at all.
My questions:
-Is it normal for the list to be so short after several weeks?
-When you say “uncheck”, do you mean “hide”? Every time I open Windows Update, of course it has been re-checked.
-Do I really need to set WU to check for updates? I set it as you recommended (check automatically but don’t download or install), but I would feel more comfortable with it turned off completely and checking manually at set intervals, after reading the information you are so kindly providing.
-If I do turn it off, how often should I be checking manually?
Thanks a lot!

Reply | Quote

The update I referenced (KB 3124280) was listed as “important”, 422 kb. This one was discussed in the same posting as KB 3127233 “important”, 1.7 MB.

My notes show that this KB 3127233 was definitely supposed to be hidden, and it doesn’t even show up in the hidden list,and is not listed on updates either.

I think both of these were discussed relevant to the Net Framework (4.6.1 and 4.5.2 ???).

Any and all help would be most appreciated.

Reply | Quote

I don’t know the details of those patches, but if they aren’t showing up in Windows Update, don’t sweat it.

Reply | Quote

Yes, it’s normal for the list to be quite short.

You can hide an update if you want, but Microsoft will unhide it if they want to. Easier to not worry about it and just check the security patches, and uncheck the rest.

I recommend “check but don’t download” because Windows will notify you if any new patches show up, with a balloon in the system area. As long as you remember to check for updates pretty regularly, there’s nothing wrong with going to “don’t check.”

To check manually, in Win7, click Start, Control Panel, System and Security, and under Windows Update click Check for updates.

Reply | Quote

Woody, it’s ONLY the KB 3124280 that is showing up at all, and it is checked and in the update list which is the reason I’m concerned about it.

Thought someone may have information on its safety. MS has so many problems with bad updates I think most of us feel very insecure about them (paranoid may be a better description).

Thank you so much for replying to my question. I sincerely appreciate your help. 🙂

Reply | Quote

It’s a security patch. I haven’t seen any bad reports. I’d go ahead and install it.

Reply | Quote

Woody, thank you so much for your help!

I have now found that BOTH of these updates are in the update list (KB 3124280 is marked as a “security update”), and both are checked.

AND the other one I had marked as
hidden is now in the update list (KB 3127233)and references Net Framework.

So it appears that the one I had marked as hidden is now in the update list (KB 3127233).

I will install the KB 3124280 as you recommended, and try to get more information on the Net Framework one (KB 3127233).

Thank you once again, as always, for your wonderful help! You are a REAL “lifesaver”. 🙂

Reply | Quote

KB 3127233 is another security patch, albeit for .NET. Go ahead and, if it’s offered, install it, too.

Reply | Quote

Regarding italicized updates-
In Windows Update, when I click on an italicized item in Optional, the panel on the right that gives info about the item says “Recommended update.” The ones that are not italicized do not state that they are recommended.

Reply | Quote

Hey Woody what in the Heck is Wrong with Windows update!!!!

I went to update my 18 or so Feb. Updates and Windows isn’t having any of it, it wants me to update Windows 10 instead which I’m at this time not really Thrilled with plus I have not Set up A Recovery Disk which I’ve heard some Say you need to do, but when your money short it’s kind of hard to do..

Is there anyway to get around updating to Windows 10 and just getting my monthly updates or do i need to just swallow the Smelly Cheese and go ahead and do it with out making a Recovery Disk..

This Forcing stuff on People kind of Turns my Stomach I can just Imagine what your Real Thoughts are on this but we’ll keep it Clean for Now 🙂 if you can respond soon I’d really Appreciate it Hopefully someway I can get these updates Done..

O before I go Since I have a Toshiba Laptop I have what is called (Toshiba Service Station) and it’s been popping up some Updates possibly Critical about Battery Updates Vulnerabilities.. I’ve had the Blue Toshiba Service Station Icon since Getting the Computer New but I guess its to just call Toshiba and ask about how safe these updates are, you know so many things Lurking out there..

Thanks so much for your Time..
Ron 🙂

Reply | Quote

Yes, absolutely, run GWX Control Panel. It’ll zap out all of the Get Windows 10 crap.

http://www.infoworld.com/article/3000299/microsoft-windows/a-better-blocker-is-available-to-shield-you-from-coerced-get-windows-10-updates.html

If you want Windows 10 – I use it all day, every day, and have for a year – there are plenty of ways to install it when you feel comfortable installing it.

No idea about Toshiba updates. Personally, I’d re-install Windows and get rid of all the Toshiba stuff.

Reply | Quote

Hey Woody thanks again for pointing out that stuff but I guess because I’m an ole Fart one that is kind of wise on things but might Look n wonder sometimes and Ask am I doing the Right thing or not..

SO I ate the Stinky Cheese and Downloaded Win 10 things Don’t look so bad but I have not it’s going to be a While to find everything out as slow as I am but I will tell this ole Toshiba took on that update Like and Indy Car Maybe it’s because it has a Intel Core i7 under its Hood or maybe it just thinks it sexy race Car but anyhoo 🙂 it Downloaded the update just slightly past and Hour that was pulling the update from Microsoft and putting it into its Drawer I’ll call it..

Now my Question and Believe me I hope I don’t talk your Leg off on here but is Windows Defender GOOD” enough to keep my Baby Safe or do I need one of those fancy Deals Like Kapurski or Norton or one Like that.. I’ve used Defender since Getting this Computer and I use Window I can’t remember the Name With XP but if you think one of the one’s listed is needed.. I’ll surly look into it and I can get a Disk @ the the local Office Depot..

And what do think about Windows Edge I think it’s called and Miss Cortona is she worth the Sign up..

Right now I’m still using the ole Trusty you Told me about some Years ago Now.. Fire Fox..

I guess I need to get your Windows 10 Book wished ya could just send me one but I understand it takes some a Dollars n some Change.. so I might get me a Copy in month or So..

Thanks again for putting up with this ole Fart 😉

Hopefully I did the Right thing.. Later & Take Care

Ron….

Reply | Quote

Congratulations, and welcome to the world of Windows 10! As long as you understand the limitations of Win10 – primarily the enhanced snooping and lack of control over updates – I bet you’ll like it. I do.

Defender is just fine. You’ll see occasional test results that say other AV programs are better, but for most people, most of the time, Defender works great. And it won’t nag you for more money.

Microsoft Edge is another story. It’s basically unusable as it stands. Some day it’ll be ready for prime time, but that day hasn’t arrived. Firefox and Chrome both work much better – and IE is still to be avoided.

Cortana’s great, if you understand that “she” will keep track of everything you do. That gives some people the creeps, but I don’t mind. I use Cortana and Siri and “OK Google” every day. Hands down, Google’s the best of the bunch.

Reply | Quote

Hey Woody I wanted to pass on TO ya that what that was from Toshiba.! It was A Voluntary Recall from them on there Batteries it was a Utility update to check and see if said battery mine was part of the Recall I went to the Website instead and click & Read what it was about and Entered my PC’s Part Number.. It came that it was not part of the Recall.. and thanked me for Doing the Check..

But there Maybe some Readers on here that should Check there Computers and see if there Battery is part of the Recall..

Here is the Link to the Toshiba Battery Recall Site if ones are interested..

You can check it out too.. I used my Search Bar to go there Woody once there it showed the Site as being secured but as I mentioned if you want to check it out first that is Totally Ok I just don’t want to see anyone get hurt from a Battery gone Bad..

Here again is the Site..

http://go.toshiba.com/battery

Thanks Ron 🙂

Reply | Quote

Woody,

I just allowed WU to do the Feb. updates on my Win 7 HP, 64 bit. I have it set to only show Important and Optional updates. All went okay except that KB3126593 Failed. It’s described as an Important Security update that I should have.

Should I let it go or try to download and install it again? It’s still there in the Important list.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Ooops, I forgot to mention that it’s box IS checked.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Re-run Windows Update. Chances are good it’ll get picked up the next time.

Reply | Quote

It’s seem that When I patch SilverLight that’s modify my sounds parameter. This month, I touch Wood, no problem. What March’s patch will do with Vista. Who knows, but 11 months before it’s over. My computer have 10 years now and function like yesterday. I had a big virus that I correct manualy (I recreate Keys in Regedit manualy with a sane Base). God, I don’t know how much time my computer will go, 1 year, 5 years, 10 years, but I’m afraid when April 2017 will come, I will be vulnerable. It’s stupid, but it’s Micro$oft

Reply | Quote

If you’re running Vista, yes, you’ll be exposed after April 2017.

Unless you specifically need Windows (perhaps for a program that you must have), it would be worthwhile looking at the alternatives. iPads, Google tablets, Chromebooks all have advantages. They’re cheap (except the iPad anyway), getting cheaper, don’t have a tenth of the problems of a Windows machine, and for most people, they do everything you need.

Reply | Quote

Woody,

KB3126593 and KB3126587 seem to be very similar patches. They lead to the same “More information” page and the same MS16-014 security page…Are these duplicate patches? And @Charlie’s failed install could lead me to believe they are duplicates. Any thoughts?

Thx.

Reply | Quote

They don’t appear to be duplicates, but I do see reports of crashes in Corel VideoStudio X8 and X9, and a whole bunch of weird errors, documented in both KB 3126593 and KB 3126587.

No idea what’s happening.

Reply | Quote

@Woody,

So, should we install or avoid KB3126593 and KB3126587??

Reply | Quote

They’re both security patches and, aside from failure to install problems (which are terribly common), they seem pretty stable. I’d say go ahead.

Reply | Quote

@Woody,

Just an FYI…no crashes or install errors with KB 3126593 and KB 3126587 tonight.

Thanks.

Reply | Quote