MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching

Topic

New Reply

Full details — and there are many — coming in Computerworld.
[See the full post at: MS-DEFCON 3: Win10 customers should install March updates, but Win7 victims have some soul searching]

Total of 29 users thanked author for this post. Here are last 20 listed.

Lori, Morty, flackcatcher, Nibbled To Death By Ducks, fk5353, OscarCP, zeuswoz, Geo, Laptop Boy, grayslady, SueW, HiFlyer, Pepsiboy, David F, AlphaCharlie, Cascadian, dononline, abbodi86, geekdom, GoneToPlaid

Reply | Quote

Replies

Oh-oh. “Victims” sounds especially ominous. I have a sinking feeling and don’t want to screw-up my machine as it’s performing fine now. Awaiting further details on Computerworld. Win 7 Pro x 64 i7-Haswell Core

1 user thanked author for this post.

JDeC

Reply | Quote

That ‘sinking feeling’ as you put it, was my instinct with the news and introduction of Meltdown/ Spectre patches in January. Since then, neither of our W7 systems have been online or patched. My W8.1 system however has since been re-imaged to December 2017 and ALL the systems work well.

‘Bliss’ was the name of the default WinXP wallpaper, defaults nowadays are FAR from bliss!

If debian is good enough for NASA...

Reply | Quote

“Fasten your seatbelts. It’s going to be a bumpy night!”

Or,

“Don’t open that closet door, McGee!”

3 users thanked author for this post.

WildBill, HiFlyer, Cascadian

Reply | Quote

I am now officially as “old as dirt” as I “get” both of your references. Which explains why I stubbornly declined the multiple offers by Microsoft to “upgrade” me to Win 10 when it was a freebie.

7 users thanked author for this post.

WildBill, SueW, HiFlyer, Cascadian, GoneToPlaid, Tom in Az, AJNorth

Reply | Quote

Same here. And the never-ending months of increasingly botched updates, plus the need to avoid installing telemetry updates, has given me a lot more white hair. The only upside to all of this is that everyone at the office thinks that I look more distinguished.

10 users thanked author for this post.

flackcatcher, HiFlyer, SueW, johnf, The Surfing Pensioner, Myst, Cascadian, Cybertooth, AJNorth, MrJimPhelps

Reply | Quote

which one is telemetry update? i usually only install monthly rollup, i should be fine right? kinda new at this updating windows 🙁

Reply | Quote

Telemetry: Win7 KB 2952664, Win8.1 KB 2976978

1 user thanked author for this post.

heybengbeng

Reply | Quote

i read this https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

and woody said that the total meltdown fix bring bug from march updates. is it better to uninstall it? or should i be okay? and about IE patches, do i need to install it too if i never use IE myself?

btw my update sequence installed so far is January rollup update and KB4100480. (is this okay?)

i didnt install february/march rollup so far

Reply | Quote

Hello heybengbeng,

Welcome to the Lounge. It sounds like you are doing Group A updating, on Windows 7, last having updated with January patches. The January patch had the Total Meltdown bug included.

The usual pattern of updating here is to wait for the Defcon level to change… and Woody writes a post like this one, and it always includes a link to a ComputerWorld article. You only need to follow Woody’s instructions for Windows 7, Group A. This month is a little different because he points out there are potential problems for Windows 7, and that users need to make a choice about what option they want to follow, in addition to being Group A or B. Woody has done an awesome job figuring out what the problems are, and what the different options are. You need to make a decision about what path to take… and then follow the instructions for that path.

In #182158 I isolated out what Woody was saying for Windows 7, Group A people, in his ComputerWorld article. It also has links to information on telemetry in Windows 7, and the Knowledge Base article on Group A updating.

The March Rollup will include February’s updates, so you don’t have to go back and patch that separately, if you decide to install March’s Rollup.

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

walker

Reply | Quote

Elly wrote:

Hello heybengbeng, Welcome to the Lounge. It sounds like you are doing Group A updating, on Windows 7, last having updated with January patches. .

Hello Elly, i dont know if im doing Group A or not since im just recently join and starting updating my windows. before i never update it XD. when i update so far i only update security rollup update ( every a few months or so), ignoring other important update or optional one. dont know if thats okay or not tho since thats what i always do and never had problem before 🙂

Reply | Quote

@heybengbeng,

Group A is the updating recommended by Woody for most people. It uses the Monthly Quality and Security Rollups that are offered through Windows Update. These are cumulative, and if you apply the most recent one, you are up to date.

Group B uses Security Only patches that must be individually applied. They are not offered through Windows Update. There is a Security Only patch issued for every month, since the Rollups started, and each month’s patch must be applied for your OS to be fully patched.

I assumed, since you said rollup, that you are doing Group A updating.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Have the telemetry patches made it into any of the Monthly roll-ups to date?  It seems like that is a separate course on the WU menu so far.

1 user thanked author for this post.

Microfix

Reply | Quote

Datapoint:

On our W8.1 yesterday, I had noticed checking SDAntibeacon that it is now blocking 1 of 5 where the day previous 4 of 5 CEIP Scheduled tasks were being blocked. I’m now thinking that MS are not honouring switches in W8.1

Having checked settings for appropriate areas within the OS, everything was as it should be for our system.!?

NOTE: NO patches were installed for Jan/Feb/March (not even MSRT, licence declined) other than Flash Critical updates.

If debian is good enough for NASA...

Reply | Quote

“Have the telemetry patches made it into any of the Monthly roll-ups to date?  It seems like that is a separate course on the WU menu so far.”

See my post “What evidence exists that Group B gets less telemetry than Group A?”

1 user thanked author for this post.

Microfix

Reply | Quote

ok – this is probably a stupid question – but how do you know if you have  Windows 7/server 2008 R2?

When I click on computer and properties mine says – windows 7 home premium,  service pack 1 but nothing else.  It is a 64 bit machine with an intel core i7 processor if that matters.

2 users thanked author for this post.

HiFlyer, JDeC

Reply | Quote

You have Win7. The “/” means “or.” Server 2008 R2 is a different kind of computer.

1 user thanked author for this post.

HiFlyer

Reply | Quote

@anonymous:  When I click on Computer, there is no line item which refers to “properties”  – – – – I wonder why.  I’m not computer literate, however normally I would have expected to see something referring to properties.    ????

Reply | Quote

Right click…

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

walker

Reply | Quote

@Elly:  Thank you SO much for the help!   Mine says the same as “anonymous”, so guess I’m just the WIN7, Home Premium, Service Pack 1.     Your help is very much appreciated!    🙂

1 user thanked author for this post.

Elly

Reply | Quote

on windows 8.1 notebook i’m installing march security only (group b) patches right now, then i go for office 2010, defender, flash patches as every month.

on windows 7 machine i do nothing. i won’t install buggy march patches and i also won’t rollback to december. i’m gonna rely on askwoody and on noscript for some time.
what about office 2010 patches on windows 7? can i install these without having windows security only patches installed?

Reply | Quote

The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.

1 user thanked author for this post.

WildBill

Reply | Quote

after reading that article i’m still not sure if i can install office 2010 patches without having installed any march windows security only windows patches.

if i decide to install security only patches on windows 7 64bit some day (not today) following article 2000003:

Mar 2018 KB 4088878
Mar 2018 (IE11) KB 4089187
Mar 2018 (IE11) KB 4096040 (released 3/23/2018, replaces KB 4089187, fixes “IE11 doesn’t start after installing KB4089187)

if kb4096040 replaces kb4089187: can i skip kb4089187 and only install 4096040?

and on windows 8.1 there is one curiosity:
after applying security only march patches for windows 8.1 (kb4088879 and kb4089187) snooping patch kb2976978 appears BOTH as checked important AND as unchecked optional… that’s weird…

Reply | Quote

You only need KB 4096040 for IE – it’s cumulative.
Read the requirements for KB 4088878 – You need to install KB 4099950 FIRST.
You will also need the fix for Total Meltdown KB 4100480

3 users thanked author for this post.

Charlie, SueW, Elly

Reply | Quote

now i’m totally confused. if i have to install kb4099950 and kb4100480 first, why aren’t these listed in article 2000003? if i just would have followed that, i would have done everything wrong… what a mess!

is this order/sequence correct?
1. kb4099950
2. kb4100480
3. kb4088878
4. kb4096040

for now i stay group w. i’m not going to install any of march updates, i also won’t install kb4099950 and kb4100480. i also won’t rollback to december, so i’m staying on february patch level for a while, relying on panda endpoint protection and noscript (firefox), ublock (chrome)…

1 user thanked author for this post.

JDeC

Reply | Quote

Follow this order
1. kb4099950
2. kb4088878
3. kb4100480
4. kb4096040

now i’m totally confused. if i have to install kb4099950 and kb4100480 first, why aren’t these listed in article 2000003? if i just would have followed that, i would have done everything wrong… what a mess!

The instructions in AKB2000003 are for Group B. Group B does not include the things like hotfixes Microsoft has issued this month.
Group B is getting almost impossible to follow unless you are extremely computer literate. That is why we have been recommending people choose otherwise.

4 users thanked author for this post.

walker, OldBiddy, woody, EricEWV

Reply | Quote

i will decide monday at the earliest if i patch windows 7. i also wait with office 2010 patches.

anyway, patching on windows 8.1 notebook is finished. groub b security only windows patches and office, flash, defender and msrt patches installed. 10 in total. after another reboot this curiosity i mentioned earlier remains: snooping patch kb2976978 appears BOTH as checked important AND as unchecked optional… that’s weird…

Reply | Quote

Hide both of the snooping patches

3 users thanked author for this post.

Lori, walker, WildBill

Reply | Quote

Would it be a good idea to install KB4099467 as well to mitigate the possible BSOD on logging out issue?  I assume it’d be best to install it last if so?

Reply | Quote

“Would it be a good idea to install KB4099467 as well to mitigate the possible BSOD on logging out issue?  I assume it’d be best to install it last if so?”

I consider whether to install KB4099467 a close call. I chose not to; I haven’t experienced the issue that KB4099467 fixes yet. For those that install KB4099467, I think it’s best to do so in this order:

1. Install KB 4088875 or KB 4088878. Do not reboot.

2. Install KB 4099467. Reboot.

6 users thanked author for this post.

jburk07, Bill C., walker, HiFlyer, woody, EricEWV

Reply | Quote

so if installing kb4099467 would make this sequence:

Follow this order
1. kb4099950
2. kb4088878
2.a. kb4099467
reboot
3. kb4100480
4. kb4096040
reboot
office 2010, msrt, …
reboot

right?

Reply | Quote

“so if installing kb4099467 would make this sequence:”

Looks good to me.

1 user thanked author for this post.

HiFlyer

Reply | Quote

i just recently installed KB4100480 to my pc win 7 64bit. my last security rollup is January rollup. i didnt install february or march rollup yet. is it okay?

my update sequence

1. January rollup

2. KB4100480 (checked, important)

after install that KB4100480, only february rollup that showup in my windows update

i read this https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

and woody said that the total meltdown fix bring bug from march updates. is it better to uninstall it? or should i be okay? and about IE patches, do i need to install it too if i never use IE myself?

Reply | Quote

@heybengbeng:

That update sequence is ok.

“woody said that the total meltdown fix bring bug from march updates”

Here is my analysis of KB4100480.

“about IE patches, do i need to install it too if i never use IE myself?”

Yes you should.

“after install that KB4100480, only february rollup that showup in my windows update”

Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

Reply | Quote

@MrBrian

“Here is my analysis of KB4100480.”

so from what i read from your analysis :
IE, NIC and SESSION_HAS_VALID_POOL_ON_EXIT (ab)” stop error is not included in KB4100480. well so far i didnt use IE(my IE still IE8 i think), and no bsod so far so i think its good.
and since my pc is win 7 64bit i5 3470 i think i should be okay from PAE and SSE2 known issue right? well at least with your analysis i now know my pc should be okay 🙂

“about IE patches, do i need to install it too if i never use IE myself?”

“Yes you should.”

any reason why i should update IE if i never use it? i think my IE still IE8 tho. this is my first time updating windows. so far i only update security rollup(May 2017,January 2018) ignoring other important and optional update

so i guess its better for me now to wait till good patch rollup come out right? since based on your analysis January rollup + KB4100480 should be okay(at least Total Meltdown got patched) and shouldnt give me known issue from March update. so i guess i will wait and see if April or May rollup is good or not.

Reply | Quote

Internet Explorer (IE) was integrated into the Windows Operating System, by Microsoft. Even if you don’t use it, since it is part of your OS, you need to keep it updated.

There are problems that we are dealing with, the last three months, that are related to bugs in the patches that Microsoft has issued. Those are the ones related to NIC, causing network connection problems you refer to. They are potential side-effects of patching.

There are other problems that you might not be aware of, but are vulnerabilites to malware or viruses, that are patched by the Security Only, or security part of the Rollup patches. You wouldn’t be aware of them, until after your system is compromised, but the patches help avoid getting them in the first place. Actually, some are so sneaky, you could be compromised, and not be aware of it, and be spreading bad stuff to others. You could go years and not get any (depending on your browsing and downloading habits) even if these openings to malware exist on your system… but it is probably better not to be vulnerable.

It would be wise to review how you are patching, and make sure your system is up to date.

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

Lori

Reply | Quote

Hi Elly,

if its for security then isnt installing security monthly rollup is enough ( thats what i did so far since it said it will include every security update on monthly rollup), thats what makes me confused

if i read this article : https://support.microsoft.com/en-us/help/4096040/cumulative-security-update-for-internet-explorer-march-23-2018

it said those IE cumulative fixes already included in monthly security rollup, so i assume that cumulative IE update should include security and non security update. while security update for IE etc will be included in monthly security rollup, the non security update wont be included right?

correct me if im wrong since im new at this updating windows thing :(, this is just me assuming from what i read

so installing monthly security update should be enough or not if the user never use IE anyway to get any benefit like new feature or improvement from IE non security update(which included in cumulative security for IE), since the security update for IE included in monthly rollup

 

Reply | Quote

The Monthly Rollup contains three parts: non-security updates, security updates, and the IE11 Cumulative.

Those who do not install the Rollup need to install the Security-only update and the IE11 Cumulative. So they get two of the three parts on the Rollup.

1 user thanked author for this post.

Lori

Reply | Quote

Thanks PkCano, this is very helpful. I’m afraid though, that I installed kb4088878 before installing kb4099950, which was optional for me so I didn’t notice it. I did install kb4100480 after installing kb4088878, but was never offered kb4096040. Have to say this must be the busiest forum thread I’ve seen in a long time!

Reply | Quote

Susan Bradley says of kb 4096040. “Only install if you have installed the March Windows 7 updates”. As I have no intention of installing the March Windows 7 updates, I assume that means I don’t need kb 4096040 either. Is that right? Many thanks.

Reply | Quote

@The Surfing Pensioner: Do you want to install a March 2018 cumulative update for Internet Explorer or not?

Reply | Quote

Strange question. As I said in my previous post, Susan Bradley advises not to instal kb 4096040 unless you are installing the March 2018 Windows 7 updates – presumably the March roll-up or security patch. I intend to install neither, at least not at the present time. If her advice holds, therefore, I should not install the March 2018 IE cumulative update either. I am simply asking whether we have consensus on that point. Please let me know if I’m not being clear.

Reply | Quote

@The Surfing Pensioner: There is more than one March 2018 cumulative update for Internet Explorer; there is also KB4089187. I’m not sure if you’re trying to avoid just the Windows 7 March 2018 update, or all of Microsoft’s March 2018 updates.

Reply | Quote

As I have said, I do not intend to install the Win 7 March 2018 update at the moment. Neither have I installed kb 4089187, due to reported bugs. However, I would normally update my IE provided the latest cumulative update appears bug-free. In my circumstances, Susan Bradley would seem to advise against this. Do you agree?

Reply | Quote

@The Surfing Pensioner: KB4096040 has the fix for an issue in KB4089187. You probably wouldn’t experience this issue. It’s your call as to which to install.

Reply | Quote

What the information on kb4096040 actually says is that: ” This security update resolves several reported vulnerabilities in IE 11 running on Win. 7 SP 1. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in IE. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures. This security update also includes improvements and fixes for IE 11 that resolve the following issues: IE 11 does not start after you install the March 13th 2018  IE cumulative  update for IE.” – Which sounds to me as if kb4096040 potentially includes security fixes that might well be an asset. Kb 4089187 on the other hand, as stated here, is a buggy update which kb 4096040 was issued (amongst other things) to fix. I’m (thankfully) not stupid enough to install it and I’m very surprised to read you encouraging any Win. 7 user to do so, since it cripples the browser. I was unsure whether Susan Bradley’s advice against installing kb 4096040 unless one is also installing the Win. 7 March 2018 update (roll-up or security) was to be taken unequivocally but, since you appear not to know the answer, I shall err on the side of caution and follow it. Come the April 2018 IE cumulative update I shall be up-to-date, anyway.

Reply | Quote

“Does the IE Cumulative security update KB4096040 address additional security vulnerabilities from KB4089187, or is it simply a patch that addresses internet explorer not opening?”

1 user thanked author for this post.

Elly

Reply | Quote

What order should Windows 7 Group B install these updates?  That is if it’s safe to, seeing as the Master Patch List still advises holding off installing the security-only update.  I’m pretty certain the NIC script goes first, but I see fixes for BSODs and such.  Considering I already have the Total Meltdown fix installed, I don’t think I’ll have to reinstall it since Windows Update, from what I read on here, should be smart enough to not overwrite it.

 

I also apologize if this is a double post, had a connection error trying to send this.

Reply | Quote

The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.

1 user thanked author for this post.

Myst

Reply | Quote

I see many of you asking for the order of updates to install and right now my recommendation is:

If you have any January through March update installed, make sure KB4100480 is installed.

Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.

I did install KB4100480 as per Patch Lady’s March 31 post. (Above) I didn’t roll back to Dec.2017. Should I have rolled back? I have just read the Computerworld Article. Now I’m confused. Win 7 Pro x 64 i7 Haswell

Reply | Quote

From Woody’s Computer World Article:

“As of this moment, EVERY Windows 7 / Server 2008 R2 64-bit patch released this year opens a gaping security hole commonly called “Total Meltdown.” In addition, recent patches have a healthy collection of bugs that range from blue screens (STOP messages), to blocking Internet Explorer 11, to a particularly debilitating bug for folks running servers that leads to lockups due to SMB leaks.”

That is EVERY Windows 7 64 bit patch… which means using any of those patches will open up an easily exploitable hole in your system… although they will ‘patch’ regular Meltdown and Spector vulnerabilities, that do not, as yet, exist in the wild…

Hmmm… big, easily exploited hole that even novices can code for, or patches for relatively difficult exploits not in circulation…

or, phrased differently…

Huge risk (install patches)… vs. almost no risk (don’t install patches)…

I’m not confused… I’ll go the almost no risk route…

And I didn’t even address the other risks (BSOD) the patches have…

The evidence for not patching gets stronger…

But, as always, back up your data!

Non-techy Win 10 Pro and Linux Mint experimenter

7 users thanked author for this post.

Lori, HiFlyer, SueW, walker, Charlie, JDeC, wdburt1

Reply | Quote

But, as always, back up your data!

And not least your system drive/partition.

Have never been more important in all the time of using computers.

The irony is that it’s not in fear of virus, highjacks, malware etc. but… Microsoft.

Sigh.

4 users thanked author for this post.

Lori, Elly, HiFlyer, SueW

Reply | Quote

Should those of us in Group B (Win 7 Pro x64) with both Jan & Feb security only patches installed, just install KB4100480, then IE Security update for March, and then any Office 2010 patches from March and hold off installing March Security Win7 only update?

Reply | Quote

The answers to your questions will be in the ComputerWorld article linked on the main blog page once it gets published.

Reply | Quote

Woody’s Computerworld article doesn’t mention KB4100480.  As I understand the situation, there are two basic choices:  (1) Forget about KB4100480 and roll your machine back to the December patches; (2) Keep January/February patches and install KB4100480.

2 users thanked author for this post.

HiFlyer, SueW

Reply | Quote

I did this one:

(3) Install March 2018 updates and KB4100480.

3 users thanked author for this post.

Elly, walker, HiFlyer

Reply | Quote

Mr. Brian:   It was the KB4100480 that I was trying to find the number on.   I installed this one as soon as we were told to, which is one reason my “list”  is not matching yours exactly.  I will try to begin learning to do the “setting restore point”, or “back-up” before I attempt to install anything.   It may not be possible for me to do this.   If I can just get the knowledge to have deal with these kind of security issues.   Once false move and I’m “shot down”.     Thank you once again.    🙁

Reply | Quote

Windows 7 normally sets a restore point automatically before installing updates from Windows Update.

Reply | Quote

Windows system restore is very useful. However, don’t always presume it’s turned on! Check to make sure…

https://www.online-tech-tips.com/windows-vista/enable-disable-system-restore-vista/

 

 

Reply | Quote

Woody’s article in Computerworld went online a little while ago:

Get the March patches for your Windows machines installed, but watch out for Win7

https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

4 users thanked author for this post.

WildBill, Charlie, MrBrian, Microfix

Reply | Quote

I am not feeling lucky, and am choosing to hold tight, Group B updating current to December 2017.

Microsoft hasn’t been able to manage patching, and I can’t help hope that they realize that, and return to individual updates… three months of unsafe patching havoc, and soon we will be face to face with month four… and for me, the safest thing is to sit (temporarily, I hope) on the Group W bench.

Non-techy Win 10 Pro and Linux Mint experimenter

10 users thanked author for this post.

HiFlyer, SueW, Northwest Rick, grayslady, walker, Charlie, GoneToPlaid, Myst, wdburt1, Microfix

Reply | Quote

Elly, I am feeling lucky and still holding on Dec 2017 updates, to see what April brings.

Probably more showers!

If debian is good enough for NASA...

5 users thanked author for this post.

HiFlyer, SueW, GoneToPlaid, Myst, Elly

Reply | Quote

I’m with Elly.  My Win7 64b now restored to Dec 2017.  I suspect IE updates are a separate track not needing roll-back (guidance did not address), but I zapped those as well.  Don’t use IE anyway.  At this point, I am not willing to ass-you-me ANYTHING.  Like a 3rd or 4th  remarriage, waiting for M$ to miraculously set everything right in April seems to me the triumph of hope over experience.

So I too now sit on the Group W bench.  And I’m not leaving until there is compelling reason to do so.

Whoever came up with “When the going gets tough, the tough get going!” did not anticipate being Group B in 2018!  If she had, she would have written “When the going gets tough, the tough remain determined but follow a rational plan, and the reckless plunge into the unknown!”  I have to admit, though, the original phrasing is more catchy!

May The Force be with us!

 

2 users thanked author for this post.

Elly, HiFlyer

Reply | Quote

I’m on Win 7 x64 and I installed the March patch that should fix the whole exploit that Microsoft caused and wow… THAT was a mistake! That update made my machine glitch out and run extremely slowly, it took about 2 seconds just to open explorer, folders, files etc which made me crazy. I uninstalled the update and now things are running normally.

7 users thanked author for this post.

jburk07, HiFlyer, SueW, GoneToPlaid, JDeC, MrBrian, Elly

Reply | Quote

Hmmmm………………………….Who said ‘Group W’ was dead? I’d love to hear Canadian Tech on this little scenario!

5 users thanked author for this post.

JDeC, HiFlyer, wdburt1, Elly, Microfix

Reply | Quote

Which updates are safe for people on 1709 to install?

Reply | Quote

Read Woody’w article in ComputerWorld (linked on the main blog page)

Reply | Quote

According to Woody’s Article he released today it says:
Windows 10
Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.

Yet I am wondering about this found in the march 28th article regarding 1709 re-releases:

https://www.computerworld.com/article/3216425/microsoft-windows/microsoft-patch-alert-windows-7-takes-the-brunt-of-march-patching-problems.html

Version 1709 – the Fall Creators Update — saw an emergency fix, KB 4090913, on March 5, which fixed a bug introduced in the February round of patches (and rendered some machines unbootable); a “regular” Patch Tuesday patch, KB 4088776 on March 13; and a big out-of-out-of-band patch KB 4089848 on Thursday, March 22. The biggest complaints involve the usual chorus of patches that refuse to install, and driver problems. Reports of INACCESSIBLE_BOOT_DEVICE bluescreens are tapering off.

So can you please tell me what updates are safe-Here is the ones I’ve hidden and deciding which ones to install tomorrow or sunday night.

cumualtive update: KB4088776

Update for win 10 1709 x64 based systems: KB401994 and KB4058043

Update windows antivirus platform: KB4052623

The other is adobe player and malicious software tool which I know are safe-i just need to know if the ones I’ve listed are safe to install.

Reply | Quote

All I can do is requote Woody

anonymous wrote:

Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.

Reply | Quote

Follow the steps in the article and you’ll be OK.

There are lots of patches floating around. For 1709, run Windows Update and let it sift out which ones need installing.

Reply | Quote

Woody, you may recall that I’m the guy on 1607 that, whenever Windows Update Service sniffs out that any of my three computers have the service turned on, up pops the Windows Upgrade Assistant and the upgrade to 1709 begins immediately, no questions asked. At least that’s what happened when I turned it on to check for and hide the March Updates with WUMT. I quickly unplugged my router and went through the process of removing all vestiges of what the Upgrade Assistant had done, and then used all the suggested ways I could find to block it from running again. Still, every time I turned on the Update Service, it immediately installed KB 4023057. I didn’t wait to see if the upgrade to 1709 still begins with no warning. I just went through the process of cleaning up after it again and haven’t turned on the Update Service since.

As a result, I installed all the March updates manually by downloading them from the Update Catalog. Since this was my first time doing that, it took quite a while and much frustration getting everything figured out. Anyhow, I’m just wondering if MS is still force feeding us KB4023057 if the Update Service is turned on, and if it’s still forcing the upgrade to 1709? Have you, or anyone, heard anything about whether this is still happening?

Reply | Quote

I can’t remember offhand what version of Win10 locked down staff PCs (that automatically reimage when rebooted) at work are, since I’m off today, but we’re still getting the forced upgrade attempted, necessitating shutdowns on those (the upgrade will fail anyway because of the blocks, and a reboot will reset the PC). They’ll get bumped up next month, and I did pass on the image file execution options debugger registry method to IT to block upgrades, as it is working for me (although I am biting the bullet and upgrading now).

2 users thanked author for this post.

dononline, MrBrian

Reply | Quote

“I did pass on the image file execution options debugger registry method to IT to block upgrades, as it is working for me (although I am biting the bullet and upgrading now).”

I’m glad to hear that the image file execution options debugger registry method is working for you :). Which exe’s are you blocking with it?

Reply | Quote

See my comments in the thread about blocking updates: I ran the script from pastebin by AveYo that was linked, without any modifications, although it was a recent version of the script as I download it over a week ago, when I started on the slow process of updating two computers that hadn’t been run in about a year, one with a bunch of programs on it and heavily modified that therefore took a while to prep (mine 😀 ). However, since my PC took a while to get ready and has been rebooted multiple times and has been online with the exception of the actual installation of the 1709 .iso, it was a good test of the script since MS did start sneaking on the prep patches before I yanked out my wifi adapter, uninstalled the one that snuck on, and ran the script. Interestingly, MS doesn’t wipe the registry settings when actually upgrading Win10, so you do have to remember to rerun the script to toggle updates back on to get fully updated after upgrading.

1 user thanked author for this post.

MrBrian

Reply | Quote

As per woody’s article, all windows 10 patches are ok see here

For further specific versions of Windows 10 see Woody’s linked article see there

If debian is good enough for NASA...

Reply | Quote

Just read the Computer World article.  I’m taking the advice I liked the most…if you don’t feel lucky, don’t do anything and hope MS fixes this mess in April with better patches.  It’s not worth the risk to take a chance and update.  The only checked patch I have is KB4100480.  I think I can live without it.  My backup plan is this…I have an appt at the Apple store this Sunday for a new iPhone battery.  While there, I’m going to start shopping for and considering an iMac.

iPhone 13, 2019 iMac(SSD)

Reply | Quote

If you don’t have an overwhelming need for Windows – that is, if you don’t need to run a program that only runs on Windows – seriously look at Chromebooks, too.

Google mines all your data. Apple doesn’t. That’s a dealbreaker for some. But if you’re using Chrome and Google Search anyway, the Chromebook is fine.

3 users thanked author for this post.

HiFlyer, WildBill, Cascadian

Reply | Quote

Women and children only!  Men go down with the ship.  The Carpathian is on its way.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

2 users thanked author for this post.

Cybertooth, OldBiddy

Reply | Quote

It does seem like we’re on the Titanic sometimes ?. But it doesn’t bode well for the future of Windows…

Reply | Quote

Here`s a suggestion.  You might want to move the deck chairs around the Titanic.  Will help for awhile.

Reply | Quote

…or consider running Linux Mint on your current computer.

Get a good backup of the whole thing, create a Linux Live DVD, and run it for a while, to see what you think. If you like it, click the Install icon.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

2 users thanked author for this post.

Bill C., JohnW

Reply | Quote

That’s the best Windows patch, EVER!!!  😉

Windows 10 Pro 22H2

Reply | Quote

Isn’t Linux OFF-TOPIC here?

Reply | Quote

What about ChromeOS?

Windows 10 Pro 22H2

Reply | Quote

Woody has a blank check – the rest, well…..
Stay on topic. Not every thread is about Linux!

1 user thanked author for this post.

JohnW

Reply | Quote

🙂

Windows 10 Pro 22H2

Reply | Quote

If I’m in Group B (Win 7 Pro x64) with both Jan & Feb security only patches installed, should I in this order…> (1) install KB4100480, –>(2) then install IE Security update for March, and —>(3) then install any Office 2010 patches from March and—> (4) for now hold off installing March Security Win7 only update? Thanks in adv.

Reply | Quote

Windows 7 Pro ( 1703 )…March updates went well and my Window 7 is staying right where it is. It’s running really well after rolling back to Dec.

Reply | Quote

For those with 1709, is it safe to install the march monthly updates?

Reply | Quote

Woody’s main blog article says that is the case.

Reply | Quote

Woody has an opinion and that’s fine. However, since Windows 10 updates include all previous updates, it’s safe to wait until Patch Tuesday next week and let Windows Update take care of, especially for Windows 10 1709. If you hit the ‘Check for updates’ button now, you’ll only get the latest preview release of the patches (KB4089848 (OS Build 16299.334))! ‘Stable’ updates are shipped on Patch Tuesday only! All other updates are previews and you shouldn’t touch. So, don’t touch the switch, don’t touch the button, don’t touch nuttin.

Reply | Quote

I doubt seriously that waiting four more days will hurt anything as far as the computer is concerned. But you might want to wait even a little longer to be sure there is no gotcha in the upcoming CU either.

Reply | Quote

… and that’s precisely the gotcha. What if Tuesday’s patches are worse than the current ones?

5 users thanked author for this post.

walker, WildBill, Elly, Cascadian, AJNorth

Reply | Quote

You’re right! That’s why the best time to install Patch Tuesday updates is the day before previews get shipped (3rd Tuesday of the month). As soon as previews are out, it’s too late again..

Reply | Quote

No, as of this time I still won’t patch my Windows 7 x64 systems as I consider this mess still not resolved to my satisfaction. They will stay at the December 2017 patch level for as long as necessary.

I will, however, patch my Windows 8.1 x64 systems with the March Security-only updates soon.

Hope for the best. Prepare for the worst.

4 users thanked author for this post.

HiFlyer, Cousinjack, GoneToPlaid, Myst

Reply | Quote

This is exactly the way I plan to handle this mess now that I’ve uninstalled the January and February patches from my Windows 7 x64 desktop PC. Staying in Group B is getting more difficult by the month, but not impossible thanks to Woody and all the other knowledgeable contributors on this site. A big thank you to everyone.

6 users thanked author for this post.

grayslady, HiFlyer, Microfix, AJNorth, GoneToPlaid, Myst

Reply | Quote

We still have to patch the Win7 boxes at work for obvious reasons, but I’ve thrown in the towel on my home Win7 systems.

Whether by sheer incompetence or malicious intent, Microsoft is dismantling (brick by brick) the previously-reliable, stable, and hassle-free experience that Windows 7 provided for so long. And I don’t believe it’s just Spectre/Meltdown related.

I’ve upgraded all but two Win7 boxes at home to 8.1. The last couple are Group W effective immediately. Rolling back to December 2017, with no more ‘net access for those guys.

My other tinfoil hat wonders how long it’ll be until Microsoft does the same to Win8.1.

3 users thanked author for this post.

wdburt1, HiFlyer, Microfix

Reply | Quote

My sentiments and thoughts exactly. How coincidental and opportunistic for an ailing PC market over the last few years.

 

If debian is good enough for NASA...

3 users thanked author for this post.

MikeFromMarkham, HiFlyer, WildBill

Reply | Quote

anonymous wrote:

My other tinfoil hat wonders how long it’ll be until Microsoft does the same to Win8.1.

I’m wondering, too. Win 7 has less than 2 years of extended support left. Win 8.1 dropped out of mainstream support in January & has less than 5 years of extended left. Sadly, when Microsoft can convince (or force) most of the remaining Win 7 users to upgrade to Win 10 Whatever, then Win 8.1 is the next target.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

3 users thanked author for this post.

MikeFromMarkham, HiFlyer, Charlie

Reply | Quote

I don’t think that MS will ever get around to attacking Windows 8.1 like they have Windows 7.  Windows 8.x is in use by such a small cadre of users (on par with the number of users that are still using XP four years after it stopped getting regular security updates) that it seems to be below the radar.  Windows 7 is the big target.   Windows 8, as far as most are concerned, is already dead.

The tech press has repeatedly told us (during the days when the “should I take the free upgrade to Windows 10” articles were all the rage) that while Windows 7 users may well want to avoid the upgrade, it’s a no brainer for Win 8 users to move to 10.  The message appears to have gotten through, as I’ve seen so many comments on various sites where people have written that as bad as 10 is, 8.x is worse.

Naturally, I will always take that opportunity to point out why I think 8.1 is far better than 10, but it is shoveling sand against the tide.  It is obvious that the idea that 8.x is even worse than 10 is pretty widespread, almost considered common knowledge.  It’s just a small group of tech-savvy people who use 8.1 now; it’s kind of an open secret of sorts among people who know how to de-silly it and get the extra three years of support out of it as well as avoiding at least this one latest Microsoft “Oops!”

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

SueW, Elly, AJNorth

Reply | Quote

I hope you’re right about Microsoft not being too concerned with 8.1. It does make sense considering 8.1 never had significant market share.

When Windows 8 first arrived, it did have serious issues. The 8.1 update made things better. I use Classic Shell to revive the full Start Menu, and I also disable all the Charms. Desktop Mode is the only mode in use.

I’ve found Windows 8.1 to be faster and more responsive than Windows 7, especially on SSDs. Yes, there are still a few things I’d prefer were more like Windows 7, but Classic Shell helps a lot. It seems to be just as stable as Windows 7 now that it’s been out for a while. Compatibility seems to be similar to 7, with a few exceptions. As much as I love Windows 7, I am keeping it as a legacy system (and not connected to the Internet). It will be a sad day when 8.1 is end of life.

I have five physical computers and four virtual machines. Only one physical system runs Windows 10, and that is used for gaming and for watching movies. This system matters the least to me when it comes to forced updates and telemetry grabs. There’s no real importance to any of the data stored on the gaming system. I’ve already moved to a Mac for my daily system, so I feel prepared for whatever Nadella throws my way.

I believe that Windows 10’s personality will shift over the next 10 years into a pure SaaS. Think Office 365, but for a Windows OS. Enterprises will be the only folks who will have a higher level of control of their systems (as much as MS will allow). The rest of us will be on Windows Cloud or whatever.

Reply | Quote

So far all the Win7x64 OS patches with a 2018 date have been poison. I’m standing pat at December 2017, maybe going to group W.

3 users thanked author for this post.

HiFlyer, Cousinjack, Myst

Reply | Quote

I am happy that march patch for those using 1709 is finally stable, but in my opinion for those like me, that are in 1703, we should skip 1709.

there’s no guarantee that 1709 will be more stable after Windows shift its focus to 1803.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

Sooo Zaphyrus all the patches are safe to install for 1709 for march even the double Update for win 10 x64 system and cumulative update?

Reply | Quote

According to Miss.Susan and Mr.Woody, indeed they are finally safe to install. I have 1703, so I can’t really confirm that to you since I hate 1709.

For those that want to convice me how good is 1709, I already gave up in 1709. so even if Mr.Woody and Ms.Susan says that it contain the secret of the holy grail I wont update to it, I will wait for 1803.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

Well @Zaphyrus I still ponder about installing 1803, I’m gonna hide the feature update 1 min after 12pm on the 10th along with the other updates and debate when to install it. I have WUHide to hide updates and at least that gives me control over what I install on my computer. And also once any bugs or glitches that are in 1803 are fixed, I’ll wait until Woody gives the OK GO to install it. HOPEFULLY WINDOWS/MICROSOFT will not force people ot upgrade like they did a few weeks ago-Believe me I WAS A VICTIM OF forced upgrading. At least my computer installed 1709 perfectly (It’s only almost a year old come this june :3 and it’s a Lenovo Ideapad 320-WHICH I believe is a more sensitive, friendlier and durable computer brand than the others out there-It even has it’s own unique typing-like button on the keyboard than the usual stand alone press one. AND IT HAS A built in battery-almost like how 3DS and tablets have built in batteries.)

But anyway if everything goes as smoothly on tuesday for me then I don’t have to worry and even in 4-5 months should windows force to upgrade me at least I know that it’ll be safe since they worked the kinks out. Hopefully during the 4-5 month while hiding the update, I’ll be accomplishing a lot in my real life time-including finishing my long-awaited poetry book and planning an open mic poetry night program (which got approved by my boss at the library :3 )

As a woman with autism-for me I have a daily routine on how I care for my computer: Wake up, use a dust cloth to clean exterior (full detail on sundays), dust off mouse, lint clean the mousepad, plug in power charger, sign in, use ccleaner, advanced system care, disk cleanup, check for any updates using WUHide, sign into my sites and go about my day with either watching anime, writing and other stuff. For Patch tuesdays, I make sure to HIDE updates 1-2 mins after 12pm (My WU is disabled at the time since it only activates at 7pm at night which is convenient for me) and double check to make sure it’s all hidden even before work. Then I come home to check if WU is still disabled otherwise I disable and stop it if it switched itself back on.

So you see I kinda take my computer routine quite seriously and special care for me, though I shouldn’t worry very much but again as an aspiring writer soon to publish her poetry book and doing other stuff on it, I can’t allow windows/microsoft to keep pestering or bugging me each time when they release new versions of their product. As long as I have this site, Patch Lady, Woody, PK and all of you users with all the 411 on the 911, then I have nothing to worry about.

Reply | Quote

Since you have 1709, and  if its stable and everything works fine for you,   I advice to remain in 1709 as long as possible and wait until 1803 is stable. (I have 1703, therefore I only have the rest of this month, May, June, July,August and September to wait for it to be stable enough to upgrade)

I thought I was the only one that checked updates with Wushowhide. instead of Windows Update.lol.

As long as you do that and set your connection to metered, Windows Update won’t surprise you, at least in my computer it doesn’t run unless I ask for it.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

This is something not mentioned in Woody’s Computerworld article, so I am asking here in case anyone knows:

In order to close the “Total Meltdown” hole while keeping the Security Only updates of January and February I’ve already installed, is it advisable to do the following?

Now (to fix another bug and to close the hole):

Install (1) KB4099950 ; (2) KB400480.

When it looks like the Security Only update for March finally is OK:

(1) De-install KB400480 ; (2) install KB088878 (or whatever the Sec.Only KB number is then); (3) install again KB400480.

Thanks in advance.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

In your case, assuming that you are using a x64 operating system, if you want to fix the Total Meltdown vulnerability, I would install KB4100480 now. There should be no need to uninstall KB4100480 later when you’re ready to install KB4088878. Before you install KB4088878, you should install KB4099950. You may wish to consider whether to install KB4099467. If you do decide to install KB4099467, it’s probably best to install KB4099467 after KB4088878 but without a reboot in between.

5 users thanked author for this post.

Elly, SueW, AJNorth, woody, OscarCP

Reply | Quote

MrBrian & PKCano,

Thanks, and yes, my PC’s OS is Windows 7 x64.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I’m under the impression that you can leave KB4100480 installed and it’s newer files will not be overwritten but remain in place due to Smart features. I installed KB4088878 tonight after installing KB4100480 last wkend. I think MrBrian tested this and the files weren’t overwritten. So I’m hoping that’s the case and I’m protected from Total Meltdown.

Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit

1 user thanked author for this post.

MrBrian

Reply | Quote

Yeah, you are good to go.

Reply | Quote

Win7 x64 on Zbook 17 workstation. Strictly Group B. Had on-board all security only updates since the last Defcon 3 but had done nothing whatever since. (All roll-ups had been hidden as usual.)

Decided to give it a whirl and crossed my fingers and toes. Did the revised March IE 11 update first. Then turned on Windows Update. Updated Defender first and installed that update individually.

As Important and checked, had KB4099950 and KB4100480 offered along with the MSRT and various Office 2010 updates, some of which were checked. Each of the above were installed individually. A couple of unchecked Office patches were ignored but not hidden.

Was NOT offered KB4088875, so assume that March roll-up has been pulled. Just hoping KB4100480 was a fix and not a Group A roll-up! Nothing in the documentation indicated to me that it was. Hmmm…

As of yet have noticed no difference in function, fingers crossed… Such fun…, NOT. Turned Windows Update off until the next Defcon 3 or better, (fat chance). 🙁

Reply | Quote

“Was NOT offered KB4088875, so assume that March roll-up has been pulled”

KB4088875 has not been pulled. See https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182023.

1 user thanked author for this post.

Elly

Reply | Quote

Thanks. Hid the previews, however as Group B have no desire to install a roll-up. Just hiding previews, KB4088875 still doesn’t show. While installing only Security Only updates prior, I’ve still been offered the monthly roll-up every time…, except in this case. If KB4088875 isn’t being offered now, did KB4100480 supplant it??? Or do I still need KB4088878 at all?

Reply | Quote

Group B still needs to install KB4088878 sooner or later.

Reply | Quote

Perhaps hoping foolishly that MS will revise this update to correct the BSOD/Stop Error bug, et al. before taking this plunge or installing WITH the mysterious BSOD patch. Not a fan of BSOD’s especially on weekends or uninstalling updates. 🙁

Related question, can you confirm whether the patch witch fixes the smart card error does ONLY that, or is a “roll-up” which triggers Group A, and whether or not this patch is even needed for my on-board smart card reader as I’ve strictly followed Group B, i.e. did only the roll-ups introduce that issue? I’ve read conflicting info and am confused. Thanks!

Reply | Quote

The only fix for the Smart Card I’ve seen was issued as the 2018-1 Preview KB 4091290 – that is essentially a Rollup with the Feb non-security patches added on. @MrBrian might be able to say if the Feb or March Security-only updates fixed the bug.

Reply | Quote

KB4074587 no longer is listed as having the smart card issue.

Reply | Quote

Took the plunge on Win 7.
Had already installed KB4100480 last wkend. Tonight, installed KB4088878, infer that KB4099950 was bundled with it, KB4096040, all from the catalog. Installed 3 Office security patches via WU. WU was offering KB2952664 as a checked important update. That is now hidden.
So far so good. PC is functional, posting from it.
Thanks to everyone here guiding this very difficult path.

Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit

1 user thanked author for this post.

Chessie

Reply | Quote

KB4099950 was NOT bundled with the Security-only update and it should have bee installed BEFORE KB4088878.

4 users thanked author for this post.

walker, Charlie, planet, OscarCP

Reply | Quote

Thanks for that. I just finished using a powershell command search and as you say, it’s not there. Oh well, doubt I’ll uninstall 4088878 to then install 4099950. I don’t use static IPs nor have a NIC issue so I’m hoping I’m good. I’m wondering, will this effect static IPs hereafter in the event I decided I wanted to use them at some point???

Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit

Reply | Quote

“I’m wondering, will this effect static IPs hereafter in the event I decided I wanted to use them at some point???”

I doubt it.

Reply | Quote

KB4099950 apparently isn’t being bundled with KB4088878. Group B users should install KB4099950 before installing KB4088878.

2 users thanked author for this post.

Elly, OscarCP

Reply | Quote

Probably a dumb question:

I was thinking 4099950 was irrelevant to me because I’m not on a network. But on second thought, does the fact that I have a Spectrum internet connection mean I’m “on a network” to the extent of making 4099950 advisable (before I install 4088878, which I’m holding off on for the moment)?

Reply | Quote

I’m not sure but I think it’s better to be safe than sorry, and install KB4099950 before.

1 user thanked author for this post.

byteme

Reply | Quote

If  you have an Internet connection, you have a Network card in your PC. 4099950 corrects problems with network cards (NIC). So yes, it needs to be installed first.

3 users thanked author for this post.

Elly, HiFlyer, byteme

Reply | Quote

So just to be sure the monthly roll up for win7 32bit is clean right? No memory leaks or bsod? As for my 64 bit machine I will hold off patching as I use it mostly for storage, I will install if indeed an exploit arises

Reply | Quote

“So just to be sure the monthly roll up for win7 32bit is clean right?”

I disagree. Of the issues listed at https://support.microsoft.com/en-us/help/4088875, there is nothing there that is noted to be specific to 32 bit or 64 bit except for issue “A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled.”

2 users thanked author for this post.

Elly, woody

Reply | Quote

It says there that the update is only made available if the machine has PAE enable, is this true or false? And does this mean the bugs apply to both versions of 7 ? Because from woody’s post on computerworld it makes it appear as if the 32bit version is less problematic than the 64 one

Reply | Quote

“It says there that the update is only made available if the machine has PAE enable, is this true or false?”

Good catch :). I didn’t notice that before. I don’t have any independent info if that’s true or not. That issue should only apply to those who use a 32-bit processor with the 32-bit version of Windows. 64-bit Windows users have the Total Meltdown vulnerability issue though.

2 users thanked author for this post.

Elly, TheSuffering

Reply | Quote

I still wanna know tough, can I expect the same bugs on my 32bit machine as the ones popping up in  the 64bit update?

Reply | Quote

Unless otherwise noted, in my opinion it’s best to assume that any given issue may affect either Windows x86 or Windows x64.

1 user thanked author for this post.

TheSuffering

Reply | Quote

Ok thanks, I will wait till Monday to see if anything pops up then I will update

1 user thanked author for this post.

JDeC

Reply | Quote

? says:

i must be the only operator of windows 7 32 bit with PAE disabled. after enabling PAE, KB4088875 appeared in microsoft updates on 32 bit win7 rescan. i previously had two blue screens on two intel powered machines trying to apply KB4088878. see post #176939 on 03/19/2018. i made the false assumption that since DEP was on i had PAE enabled. to enable it if needed:

https://msdn.microsoft.com/en-us/library/aa366796(VS.85).aspx

for PKCano, long live Linux!!!

 

2 users thanked author for this post.

TheSuffering, MrBrian

Reply | Quote

Thanks for the info, a friend of mine also got a bluescreen on his 32 bit machine. I’ll hold off patching both my 32 and 64 bit machines unless of course some exploit gets released

Reply | Quote

Big decision for some Windows 7 users either roll back to December or patch up for March.

If you decide not to patch then go to Group W permanently IMO.

I have patched up on 2 Windows 7 64 bit machines and my dual core laptop actually seems lighter as if it is not running as many background tasks and I am fighting the decision now to move this machine from group B to W.

Can we trust MS on Windows 7 ever again? Is Windows 7 important to MS now?

1 user thanked author for this post.

JDeC

Reply | Quote

Anonymous:

The way forward, as I see it, is not trusting MS, but going along while taking precautions such as: back up, back up, back up. And make a restore point before every install.

And, at least for people still with Windows 7 and 8.1, wait a few more months while doing that, to see what happens.

It the situation does not improve enough by July or August, then I think it would be advisable to get as back up a non-Windows COMPUTER (or make a dual-boot install of a second OS in the now Win 7 machine). The second computer/OS could be either Mac or  Linux. Then start practicing with it, if not familiar enough already.

And if one has Win 7, once we get to January and its end of life for support (o earlier, if things get much worse before that), I would say: it’s time to take the jump.

 

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

David F, Cascadian

Reply | Quote

Windows 1607, question about KB4091461. Haven’t patched since December 2017. This update failed to install on the first try tonight, so I searched it up before trying again. KB4091461 seems to be an end of servicing notification. Does this mean that I don’t need it install it?

Reply | Quote

Ah, it’s good to see another 1607 holdout in the Lounge! It seems like there are few of us left.

I skipped KB4091461. All it is, as you say, is an end of servicing notification page that pops up every time you boot up your computer. Imagine how irritating THAT would get! There are no ill effects in just hiding it and forgetting about it.

Just wondering … what are your plans for after April’s updates, the last for 1607? I haven’t decided yet, except to ride it out for a while and see how the unpaid beta testers fare who upgrade to 1803 when it’s released, which looks like will be around mid-April. I’m doing my best to work out a plan for upgrading every 18 months or so. Even that’s too often for me, but it’s much better than every six months, which is crazy.

Reply | Quote

I haven’t decided either…I downloaded a copy of 1709 on a USB just in case, but I’m going to, as you said, ride it out for a while and see how 1803 will be. I would also like to maintain the once every 18 months upgrade frequency, whenever possible, don’t want Windows to take over my life at an upgrade every 6 months.

1 user thanked author for this post.

dononline

Reply | Quote

The information about KB4099467 (Stop Error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 Session) seems to be pretty minimal both on the MS support page and elsewhere. This error apparently can be caused by either the March Rollup (KB4088875) or Security Only (KB4088878) patches.

Does any one out there have any insight as to whether or not it should be installed? If I don’t install it but get the blue screen will I be able to boot up and install this update (KB 4099467) to fix the problem?

Thanks.

Reply | Quote

“If I don’t install it but get the blue screen will I be able to boot up and install this update (KB 4099467) to fix the problem?”

I’m not sure. There are some other posts about KB 4099467 in this topic.

2 users thanked author for this post.

woody, DrBonzo

Reply | Quote

Well, based on your link below and the post immediately below the post you linked to, I’d be inclined to install KB4099950 as it seems to either do nothing or perhaps in some cases actually fix the BSOD. Might wait a day or two, though, to see if anything comes up.

Reply | Quote

I think you meant KB 4099467, not KB 4099950?

Reply | Quote

Yes, I did mean KB4099467. Thanks for catching that.

Reply | Quote

Technical info about KB4100480:

https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179854

https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179396

https://www.askwoody.com/forums/topic/patch-lady-more-updates-released-to-fix-march-patches/#post-179329

 

Technical info about KB4099467:

https://www.askwoody.com/forums/topic/patch-lady-more-updates-released-to-fix-march-patches/#post-179329

5 users thanked author for this post.

Elly, SueW, AJNorth, woody, DrBonzo

Reply | Quote

I decided to roll back all of my Windows 7 Group B computers to December 2017. Why? Because even though the March updates fix the Total Meltdown vulnerability which allows any program to read any other program’s memory and the kernel memory, the 2018 patches for Meltdown and the March 2018 patch (which introduces Intel’s new CPU microcode to fix Spectre), do NOT fix the BranchScope vulnerability which is similar to Spectre. In other words, it is back to the drawing board for Intel in terms of having to create yet another round of new CPU microcode which will prevent BranchScope. Do you all think that Intel will decide to do something about BranchScope? I don’t think so. I think that they will leave that up to the antivirus manufacturers since Intel can now claim that their solutions for both Meltdown and Spectre are done.

It is worth noting that it probably is best to rely on Microsoft to bake Intel’s CPU microcode into Windows. Why? Because if you install a BIOS update from your computer’s motherboard manufacturer which prevents Meltdown and Spectre, most likely you will NOT be able to undo the installed BIOS update. It all depends on the motherboard manufacturer in terms of whether or not they will let you reinstall an older BIOS update. Some do, yet many don’t.

If you all Windows 7 users decide to roll back to December 2017 for the time being, then here are some things to consider:

1. Make sure that you only use the latest versions of the Crome and Firefox web browsers. The latest versions incorporate fixes which prevent Meltdown.

2. Make sure that you get IE updated with the March 2018 Cumulative Update for IE. This is especially important for laptop owners who have activated LoJack for Laptops in the laptop’s BIOS. LoJack is a product of Absolute Software. LoJack is tracking software which is used by law enforcement to recover stolen laptop computers. The reason for making absolutely sure that laptop owners, and any desktop owners who have purchased LoJack, is that LoJack launches hidden instances of IE in order to use IE to communicate with Absolute Software servers. Several security specialists consider LoJack to be malware. I agree with them.

3. Be really careful about whatever new software you decide to install on your computer. Why? It is not clear if antivirus manufacturers can detect software which tries to exploit Spectre or BranchScope before the software is actually installed. Detection of software which exploits these vulnerabilities might have to be done in real time, after the software is already installed and running.

9 users thanked author for this post.

Lori, Demeter, HiFlyer, johnf, David F, AlphaCharlie, mulletback, AJNorth, Myst

Reply | Quote

Nice Computerworld article. You laid out all of the bones neatly on the ground for all to see.

3 users thanked author for this post.

HiFlyer, AJNorth, woody

Reply | Quote

Woody staff, pls stop all this chatter, and once and for all tell us what KB’s we should have as provided by MS and then what to do!!!

Woody says “dont install anything not checked, and dont go looking for updates not downloaded by the Windows updater”.  Many seem to be seeking KB’s on their own.

I’m in Group A and I previously installed January and February downloaded and checked updates. I have done nothing since. All that Windows is currently providing is one checked file KB4100480.  KB4099950 is unchecked and optional at this point.

Earlier in the month I received KB4088875 (March) and then KB4088881(Preview) they were both withdrawn over one week ago and no longer appear on the updater. So as of this minute, I have only one checked update pending KB4100480.

Anybody else?

1 user thanked author for this post.

pkoryn

Reply | Quote

You have already installed the January and February monthly rollups, and as such, are vulnerable to the Total Meltdown hole that they include. There is no one good, safe choice at this point… you are going to have to weigh the risks and decide what path to follow.

Woody gives the following choices for Windows 7:

   – If you’re willing to wade through the hassles — blue screens, leaky memory, and a cornucopia of additional bugs — go ahead and install all of the CHECKED Windows updates. Realize that your machine may slow down, even if it’s still going strong after the January and February patches.

      -If you don’t need the headache, and you’re reasonably sure nobody’s going to attack you with a Total Meltdown push*, don’t do anything. Don’t install any of the March patches.

      -Otherwise, take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. You’ll lose some worthwhile fixes, but at least you won’t be wide open to Total Meltdown.

I’m not being offered KB 4088875, the March monthly rollup, through Windows Update, either. It was there on patch Tuesday, but disappeared shortly afterward.

Woody warns:
“Realize that some or all of the expected patches for March may not show up or, if they do show up, may not be checked. DON’T CHECK any unchecked patches. Unless you’re very sure of yourself, DON’T GO LOOKING for additional patches. That way thar be tygers. If you’re going to install the March patches, accept your lot in life, and don’t mess with Mother Microsoft.”

If you are not going to uninstall the January and February updates, you should probably install KB4100480, which mitigates the Total Meltdown vulnerability that is present in all Windows 7 patches so far in 2018… which puts you on track to follow  How to Apply the Win 7 and 8.1 Monthly Rollups. If you are going to follow the usual Group A updating, remember to install, reboot, recheck… and repeat until there are no new checked updates offered.

Which ever choice you make… step forward, freeze in place, or go back to December… back up… make a restore point… be prepared to deal with any bugs… You should be prepared, anyways… we just aren’t used to patches being the problem we have to worry about.

We all want to be in that lucky group that has no problems… Without a clearly safe alternative, every option has its risks… Come back and join the ‘chatter’ and help some other frustrated and confused person, by reporting what your choice was and what the results are, good or bad… You are not alone.

 

Non-techy Win 10 Pro and Linux Mint experimenter

8 users thanked author for this post.

JDeC, jburk07, Cascadian, HiFlyer, SueW, Demeter, pkoryn, woody

Reply | Quote

I only have KB4099950 in WU checked and a NET 4.7.1 installer checked. No other updates are being offered at this time. I don’t use static IP addresses so I’m not sure why that update is there. What would you suggest I do?

Win 10 Pro v.20h2

Reply | Quote

Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

Reply | Quote

For the time being I am freezing myself at: Installed KB405689 & KB407458, Jan. & Feb. Security Monthly Roll-ups respectively. KB4100480 installed 1 week ago. No issues, machine performing fine. I am not willing to wade through the morass as I am definitely on the “low to fair” end of the techie scale.  Win 7 Pro  x 64 i7 Haswell

PS What a long, strange trip this is compared to the days when I had MS Update settings at “Automatically download & install (recommended)” & never gave them a second thought.

1 user thanked author for this post.

Elly

Reply | Quote

@Anonymous, that is precisely the situation I am in with my Windows 7 x64 home desktop machines – only KB4100480 showing as important and checked (apart from the usual MSRT), with KB4099950 showing as unchecked and optional.

Both KB4088875 (monthly rollup) and KB4088881 (preview monthly rollup) have vanished.

The machine with Office 2010 installed also has 5 Office 2010 updates listed as important, including KB2965324 which is unchecked and a new offering since Patch Tuesday’s initial offerings, and KB4018314 which used to be unchecked but is now checked. I also received KB2952664 on both machines as an optional update and have hidden it for the umpteenth time.

I’ve only resurfaced today after Miss Seff’s wedding so will keep an eye on things and mull them over, but my immediate inclination is to leave both working machines well alone until the April updates arrive in a few days time and then see how things pan out. There are other options clearly, including just installing KB4100480 to provide current fixes to the Jan/Feb rollups which I have installed, or uninstalling those rollups. PKCano’s advice here to install KB4099950 before anything else is countered by the fact that it is unchecked (and optional) on both my machines.

Reply | Quote

Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

1 user thanked author for this post.

Seff

Reply | Quote

I am Group B. W7/64. AMD chips

EDITED (please keep on topic)

I have JAN and FEB security-only updates plus KB4074587 (AMD specific FEB fix) installed. KB4088878 is an IED, not a patch. I have decided not to install it, possibly ever.

In what patch was Total Meltdown introduced (in error) by Microsoft? I have read reports that it went undiscovered by Microsoft for several months and that they did not get around to addressing it until after the March patch was released. KB4100480 addresses total meltdown. So, JAN and FEB and MAR patches had the vulnerability? If that is so, KB4100480 should be installed after the JAN patch (or FEB or MAR).

Reply | Quote

Maybe these questions are totally off-topic but since I read about them I’ve been wondering whether they might be important clues to the root causes of the ongoing Windows 7 / Server 2008 R2 mess that started January this year? Just saying…

1. Spectre mitigations

Windows kernel modules are being recompiled with a new Visual C++ directive (the /Qspectre flag) which inserts special assembly instructions acting as a “speculation barrier” by serializing execution on critical pieces of the OS core (identified as being “at-risk code”). Could these extra assembly instructions (LFENCE on AMD/Intel, CSEL/MOVS and CSDB on ARM) be in direct relationship with many of the freezes, hang-ups and BSODs that have been reported on buggy patches?

Source:
https://blogs.technet.microsoft.com/srd/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/

2. Meltdown mitigations

Kernel Virtual Address Shadow (KVA Shadow) represents a major change in the way the kernel isolates its memory contents from user mode. Could the “Total Meltdown” bug be a direct consequence of failing to properly implement the “shadowing” (mapping) into user address space of the selected minimal subset of privileged kernel code and data? Quoting Microsoft:

“Mitigating hardware vulnerabilities in software is an extremely challenging proposition (…) In the case of rogue data cache load and KVA shadow, the Windows kernel is able to provide a transparent and strong mitigation for drivers and applications, albeit at the cost of additional operating system complexity, and especially on older hardware, at some potential performance cost depending on the characteristics of a given workload. The breadth of changes required to implement KVA shadowing was substantial, and KVA shadow support easily represents one of the most intricate, complex, and wide-ranging security updates that Microsoft has ever shipped.“

Source:
https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/

1 user thanked author for this post.

Elly

Reply | Quote

Without any technical detail at all, it’s clear that big changes to the Windows Kernel, which has been stable for a long, long time, could destabilize something somewhere for someone.

It’s just the nature of risk w/regard to complex systems. And make no mistake, Windows is the kind of insanely complex system that could only get as solid as it has gotten by having the entire world use it and Microsoft fix the bugs found in it for decades.

To give a bit of perspective… By most measures, computers are at least 1,000 times faster than they were back in the early days. If your computer would typically crash once a day back then, a computer system of today running an OS at the same quality level would crash after only one minute. But they don’t, even considering that today’s systems are also much more complex than those back then. Frankly, it’s kind of amazing they got it working as well as it does for as long as it does (before January at least).

-Noel

4 users thanked author for this post.

OscarCP, Cascadian, AJNorth, Elly

Reply | Quote

It’s just the nature of risk w/regard to complex systems. … By most measures, computers are at least 1,000 times faster than they were back in the early days.

The story “Fail-Safe” originally appeared in three installments in The Saturday Evening Post on 13, 20 & 27 October 1962 (during the Cuban Missile Crisis), quickly followed by its publication as a novel; it was released as a film in 1964 (and the original screenplay performed live on CBS in 2000). This exchange comes early in the story:

KNAPP: “The more complex an electronic system gets, the more accident-prone it is. Sooner or later, it breaks down… A transistor blows, a condenser burns out. Sometimes they just get tired, like people…”

GROETESCHELE: “But Mr. Knapp overlooks one thing. The machines? are supervised by humans. Even if the machine fails, the human being can always correct the mistake.”

KNAPP: “I wish you were right. The fact is the machines work so fast; they are so intricate; the mistakes they make are so subtle that very often a human being can’t know if a machine is lying or telling the truth.”

And that was in 1962… .

6 users thanked author for this post.

johnf, Noel Carboni, OscarCP, Cascadian, HiFlyer, WildBill

Reply | Quote

“The more complex an electronic system gets, the more accident-prone it is…”

A spade surely must be said to be a non-complex, non-electronic simple system and yet it’s definitely an accident-prone system!

My big toe still has a scar from when I once tried to chop it off….

The scars from using PCs and Microsoft are of a different nature and though I’ve been brought to tears from time to time, it’s never made me bleed. Thank you, Microsoft.

Of course I’ll discount the little blood once lost due to trying to stop a fan with a finger… not my brightest idea.

1 user thanked author for this post.

Cascadian

Reply | Quote

A Windows 7  x64, group A non-techie user who has TRIED to stay up on all the mess with March patches but is still totally confused….YES…..even after reading Woody’s CW article.

I have both Jan & Feb monthly quality/security rollups installed. March’s rollup came with the usual updates but I did NOT install it as I wait for the Defcon rating to go to 3 or higher. Before the all clear came the rollup DISAPPEARED never to return. Then a few days ago KB4100480 showed up and by the advice of the “Patch Lady” I installed it. She said that if we  DID NOT want to uninstall the Jan & Feb rollups that we “SHOULD” install the KB. Then shortly after I read that we had to install KB4099950 BEFORE KB4100480. Well KB4099950 didn’t show up in my updates until this morning long after I installed KB4100480, so how was I supposed to install that one first?

My questions are did I do the right thing by installing KB4100480? Do I  install KB4099950 now? Or do I uninstall 0480, install 9950 and then reinstall 0480 or do I leave 0480 installed and just ignore 9950 for now?

What about the March’s MSRT is that safe to install?

Thanks in advance for any help with this confusing matter?

2 users thanked author for this post.

jburk07, pkoryn

Reply | Quote

I think you’re OK. You do NOT need to uninstall 0480. When you’re ready to install KB4088878(the March Rollup), install it AFTER you install the 9950 update. At that point, you’re done, unless…

…you also decide to install KB4099467. If you do decide to install it, do it right after you install the Rollup with no restart in between.

What I’ve just described is exactly what I’m going to do. I haven’t yet decided whether to install 9467 because there is so little information about it. I’m waiting a day or 2 to see if any problems with it surface. At the moment, I’m inclined to install it since it seems to either do nothing or else perhaps prevent a BSOD. On the other hand, MrBrian decided to not install it (see his post above) and has experienced no issues because he didn’t.

5 users thanked author for this post.

jburk07, KarenS, HiFlyer, Demeter, MrBrian

Reply | Quote

Right after Woody started this thread today, I started my March catchup for a Group B W7 x64 Home system standalone. First off, I ran KB4099950, did restart, no problem. Next ran most recent IE 11, KB4096040, did restart, no problem. Then I ran the OS KB4088878, did a shutdown, no problem and restarted. Finally I finished with KB4100480, did a restart, no problem. Thanks again to Da Boss and the ensemble cast of gals and guys that maintain Group B viability. Break a leg!

5 users thanked author for this post.

HiFlyer, SueW, planet, AJNorth, Charlie

Reply | Quote

Well done ??

Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit

Reply | Quote

Where was your starting point – Dec. 2017 or Feb. 2018?

Had you already installed 4100480?

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

I was current thru Feb; never rolled back.

Reply | Quote

Something else to throw into this sorry mess:  https://betanews.com/2018/04/05/no-meltdown-spectre-patches-for-some-intel-cpus/

In a document entitled Microcode Revision Guidelines, the chip-maker says that a wide range of processor families — equating to over 200 CPUs — will not receive any more updates. While the majority of the affected chips were on sale between 2007 and 2011, it’s safe to assume that a large proportion of them are still in use, meaning that a lot of systems will remain unprotected.

So I am wondering (OK, asking) if or how this news affects what a Group B member running one of those Intel CPUs should do…

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Note to Windows 7 users: KB4088875 (Windows 7 2018-03 Monthly Rollup) is available on Windows Update, but there are unusual steps needed to see it. See https://www.askwoody.com/forums/topic/windows-update-not-offering-kb4074598/#post-182019 for more details.

3 users thanked author for this post.

walker, Cascadian, Elly

Reply | Quote

Does the March Windows 7 64 bit Security update install a Microcode update?

If that is a yes do we then need BIOS updates?

After this mess I am losing the appetite for Bios updates.

Reply | Quote

I was mistaken when I thought that the March update bundled CPU microcode since I thought that this would be how Microsoft eventually fixed Spectre. I was wrong. Instead, Microsoft rewrote the kernel and associated stuff by compiling new code using techniques which are supposed to mitigate against Meltdown and Spectre. Now I understand why the March update doesn’t prevent BranchScope which is a newly discovered vulnerability that is similar to Spectre.

Reply | Quote

Otherwise, take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. You’ll lose some worthwhile fixes, but at least you won’t be wide open to Total Meltdown.

Susan isn’t the only one thinking this way.

I’ve had ZERO problems with my little Win 7 server that runs 24/7 since 9 days ago dropping back to pre-January patch level.

When I did so I saw my I/O speed go back up from a bit over 900 MB/second to where it was before the debacle, now over 1800 MB/second.

There comes a time when, even ignoring risk entirely, demonstrated problems outweigh the potential reward of patching.

How do you get out from under all the work it takes to keep providing “extended support”? You change the definition of “support”… I imagine that once a large majority of Windows 7 people start avoiding patches, they’ll just decide to shut down the servers, claiming that people don’t want their “support” any more.

-Noel

6 users thanked author for this post.

Cascadian, HiFlyer, grayslady, AJNorth, bobcat5536, Microfix

Reply | Quote

Group B Win7 x64 Haswell-E (5th gen) chip

I was very much in two minds whether to rollback to December or not but as I keep weekly disk images I thought I’d chance my arm and apply the March patches.

So far, all seems well but I’ll be watching closely. One thing as well, there wasn’t a microcode update but looking at the KB it looks like they’ve abandoned anything before Skylake (though iirc Intel have produced Haswell code)

One question, how reliable is the uninstall option?

The reason I ask is that if this goes bang I can easily restore today’s disk image but that would still have Jan/Feb patches. I can of course use a disk image from December but that would mean having to update various software which has changed over the last three months so just uninstalling KB4074587 and KB4056897 would be much more convenient.

Reply | Quote

It’s probably impossible to be sure everything you want and nothing you don’t want has been reverted, but I had no problem uninstalling the updates from my system. It’s not something I ever did before on any system, so I’m not sure whether a sample size of 1 even begins to answer your question, but it’s pertinent anecdotal evidence.

-Noel

4 users thanked author for this post.

HiFlyer, SueW, AJNorth, David F

Reply | Quote

I uninstalled the Jan and Feb updates on all three of my Win7 computers without any issues. I don’t think you will encounter any issues if you have to go that route.

4 users thanked author for this post.

HiFlyer, SueW, AJNorth, David F

Reply | Quote

I did the uninstall option back to December a couple of days ago and so far everything is looking good with no problems. Because I used Disk Clean to cleanup system, I was missing some of the updates in my Add/Remove. I had to use Windows Update Mini Tool to locate and uninstall the Jan. and Feb. updates. After uninstalling each one I ran windows update and hid the updates I didn’t want until I was back to December. After I was back to December, WU offered about a half dozen updates and I had to research each one to decide if I wanted it or not. I installed the ones I wanted and hid the ones I didn’t. So far so good. WU is locked down and will be until this mess is sorted out, and if not it’s locked down for good. I did an image before doing this just in case things went wrong. My computer is now open to the Meltdown/Spectre joke, but I have my performance back. Installed new router for security and made sure firewall and virus protection was up to date.

4 users thanked author for this post.

HiFlyer, AJNorth, David F, Elly

Reply | Quote

First, major thank youS to Woody, Susan, and the many contributors to this fantastic forum!

I have decided to face the music today on my “Group A” lowly Win7Pro SP1 32-bit machine (Intel Core2Duo E8400 3Ghz) after having successfully last updated it on 3/9/18 (Guess that puts me at Feb Group A level?).

After reading through the many posts and Woody’s current CW article, I feel out of my depths despite having successfully kept this old machine alive and kicking through many adventures with you all.  I’m suddenly gun-shy to touch what appears to be a happy machine at the moment, but I’m aware the machine could be in some undesirable Jan-Feb state tho I gather this may be more of a 64-bit concern?  Could use a bit of hand-holding/reassurance of path forward (or backwards?) as a Group A groupie.

Upon running WU from control panel this morning, the checked/Important category shows these 4 items:

2018-03 Update for Windows 7 for x86-based Systems (KB4099950)

MS.Net Framework 4..7.1 for Windows 7 (KB4033342)

KB2952664 Update for Windows 7

and MSRT (KB890830)

Any guidance on whether or not to press INSTALL or perhaps backdate something and sit on sidelines?  Of course, I’ll pre-backup, set restore points and all that first…TIA!!

Reply | Quote

Upon running WU from control panel this morning, the checked/Important category shows these 4 items:

2018-03 Update for Windows 7 for x86-based Systems (KB4099950)

MS.Net Framework 4..7.1 for Windows 7 (KB4033342)

KB2952664 Update for Windows 7

and MSRT (KB890830)

Based on my reading of things and the recommendations I have seen from the patching gurus, I would proceed as follows:

1. INSTALL KB4099950
2. IGNORE KB4033342
3. HIDE KB2952664. If possible, shred it to a fine confetti, bury it and spread salt over that ground so that it doesn’t grow back.
4. INSTALL KB890830

Good luck, whatever you decide to do.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

Reply | Quote

Thank you, Cybertooth!  I will take the approach you suggest.  It does match what I’ve gleaned from all the recent commentary.  Grateful for your time:-)

1 user thanked author for this post.

Cybertooth

Reply | Quote

You are right that 32 bit Win 7 isn’t subject to the Total Meltdown Security hole that is found in all the 2018 patches for Win 7, so you don’t have a need to mitigate for it, like 64 bit systems do… so no need to consider removing the January and February patches. That leaves you with the choice of waiting… or moving forward.

There was a problem with NIC settings being replaced or static IP address settings being lost after you install KB4088875, that affects 32 bit as well as 64 bit systems, which would cause you to lose internet connectivity. By installing KB4099950 first, you would avoid that particular danger. You may find that after installing KB4099950, rebooting, and then rechecking Windows Update, that you are offered KB4088875 (March Monthly Rollup). Install, reboot, recheck… and keep doing that as long as you are getting checked updates.

It would be important to install KB4100480 to mitigate the Total Meltdown, if you had a 64 bit system, but it doesn’t apply to you.

KB2952664 Update for Windows 7 is a known telemetry patch that has been offered over and over again. If you have only recently come to AskWoody, and were using automatic updates, it is likely that it is already on your system (you can check under installed updates). For people that kept it off… and that started before the GWX push… it is a no-no… It is like a weed that you have to remove over and over and over, if you decide to get it off your system. Not everyone cares about telemetry, or wants to be vigilant. KB2952664 keeps coming back, sometimes unchecked, sometimes checked… It is, again, a decision that you have to make about your own system. You can take a look at Turning off the Worst Windows 7 and 8.1 Snooping, if you want to know more.

As always, following How to Apply the Win 7 and 8.1 Monthly Rollups will give you step by step guidance to refer back to, if you get lost while updating. Woody refers you to it from his ComputerWorld article, when giving you the updating steps… it works…

Sometimes you can be told to just apply certain patches… and it will be okay. I can understand needing a little hand-holding when there is a risk, no matter which way you choose to go. Perhaps the details here will help you make a good decision for your situation… but if it gets more confusing for you, follow Cybertooth’s do or don’t guidance for the patches you’ve been presented with… and may your patching be successful and uneventful!

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

Cascadian

Reply | Quote

Elly and Cybertooth,

Thank you both for your very helpful guidance and thoughts to ponder.  Appreciate you both taking the time from your day to respond on my queries.  I’m all backed up, Disk cleaned up, System Restore point made and also un-installed that miscreant KB2952664 which I realized I had installed previously.  So, I think I’ve searched soul enough and am going to take the plunge with your suggestions in mind.  Will report results on “the other side” of the abyss…

Hope all is well and that you both have weathered your “choices” favorably…

1 user thanked author for this post.

Elly

Reply | Quote

What a confusing time. I’m in Group A W7 x64 Home, Kb4088875, Kb408881 both disappeared last week, all that was checked was  Kb4100480 so I installed it today rebooted and so far ok. Last time I checked Kb409950 it was unchecked, today it’s checked. Do I uninstall Kb4100480 and then install Kb409950 or leave it as is and install Kb409950? and what about Kb890830?

Reply | Quote

Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

There’s no need to uninstall KB4100480. You can install KB4099950.

Reply | Quote

Thank you Mr Brian. I checked for updates again and  KB4088875 and KB4088881 are back in hidden and that’s where they will stay. I figure the computer is running fine so why upset the apple cart. Thanks again.

Edit to remove HTML

Reply | Quote

@MrBrian-

In order to clarify for everyone, if we (Win 7 x64 users) have the January and February rollups installed AND we have already installed KB4100480 to prevent Total Melltdown, then we DON’T need to:

1. Uninstall KB4100480

2. Install KB4099950

3. Install KB4088875

4. Reinstall KB4100480

in that order, correct?

To me, it sounds like we should only have to steps 2 and 3 in that order, and that’s it, right?

1 user thanked author for this post.

Demeter

Reply | Quote

“To me, it sounds like we should only have to steps 2 and 3 in that order, and that’s it, right?”

Correct indeed. I did a test of this with one of the rollups, and posted about it somewhere on this site previously.

1 user thanked author for this post.

Demeter

Reply | Quote

Anonymous #182300 here:

@MrBrian, TYVM for the clarification. 🙂

Reply | Quote

Is it safe for me to install all of the patches for Win10 v1703? Will Microsoft quietly reenable the Windows Update service and install stuff without my approval? Haven’t patched since October and I know I really need to patch… but at the same time I am not in the mood to be feature upgraded anymore.

Reply | Quote

Per Woody’s ComputerWorld article:

“Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.”

90% of people have been moved to 1709, and for some of them, it happened forceably, as Microsoft ignored their settings. Be prepared to deal with that, one way or another.

Strategically, this is the time to go ahead and update to 1709, because after Tuesday, 1803 will be what is available through Windows Updates. You could download a copy of 1709 now, even if you don’t install it, in case 1803 is full of bugs, and Microsoft won’t stop pushing you off 1703. Woody says he is staying on 1703.

I’m just restating what Woody has already said… as it applies to your situation. There are no assurances that updating will go smoothly and that Microsoft won’t try and force an upgrade on you… in fact, the opposite might be true. But… this is the best we are going to get… for this month.

 

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

May be useful: 2000009: Getting out of a no-boot situation after installing Windows updates.

1 user thanked author for this post.

Cascadian

Reply | Quote

OK in Group A and  I have not uninstalled Jan or Feb updates.

My Win Update showed only KB4099950 as Optional and unchecked, and KB4100480 as Important and checked.

Early in the month Win Update showed KB4088875 and then as Optional KB4088881. About one week ago both were pulled or went missing.

Per MrBrian’s advice that KB4088875 was not pulled, I followed the referrenced link but starting at step 5 since I already had the Feb rollup KB4074598 installed.

Disregarding Woody’s advise to not check an unchecked item, I checked KB4099950 under Optional and installed (Step 5).  No problem

Upon update recheck, KB4088881 re-appeared which I hid (Step 7)

Upon update recheck, KB4075211 appeared which I hid (Step 9)

Upon update recheck, KB4088875 re-appeared as Important but unchecked (interestingly at this point I reviewed my Hidden items which still shows KB4088881, but not KB4075211 it disappeared).  I also received KB4091290 a large Optional unchecked update?

So I am sitting on KB4088875 (unchecked), KB4100480 (checked), KB4091290 (unchecked),  and no sign of KB4099467 (Stop error fix I have read about – where do I get this KB?)

Should I proceed to install all the above, some of the above, or just KB4100480 and sit tight till April update?

And what happens to KB4088881 that is hidden?

 

Reply | Quote

KB4099467 is a Catalog-only update available at https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099467.

Reply | Quote

Regarding my post today at 11:07am

Was hoping for more direction to bottom line questions, please.

Thx

Reply | Quote

Being in Group A and not having uninstalled Jan or Feb updates, you have a big, gaping hole in your security, called Total Meltdown… where the cure is potentially worse than the ill it was supposed to fix. KB4100480 is to patch those patches (and also the March Rollup, which carries the same problem forward)… and it is sitting there checked, and ready to go in your Windows Update.

No one can make the decision to roll-back, stay put, or move forward, for you. What do you want to do?

If you aren’t going to roll back to December (and there is no guarantee that the bad patches will get fixed, we are only hoping they will), you probably still need to install KB4100480 to fix the Total Meltdown vulnerability. I’m repeating this, because some people are freezing in place before this is done: Total Meltdown is a great big gaping hole that allows any program easy access to your system, no special expert black hat skills needed. Not having those patches (rolling back) is better than having them and not fixing them with KB4100480.

Then you must decide whether to sit and hope and wait… or install March’s Monthly Rollup, KB4088875, proceeding with the normal Group A updating. If you are following the full Group A updating this month, you aren’t done until you have installed the checked updates, rebooted, rechecked Windows Update, installed andy checked updates, rebooted, and repeat until there are no more checked updates.

There is a good chance that once KB4100480 is installed, KB4088875 will show up as checked. If you are satisfied that the major bugs have been addressed (and having read through things, you have as much information as the rest of us), you may decide to go ahead with Group A updating. You may want to add KB4099467 from the catalogue, just in case your system is vulnerable to the “Stop error”. As far as I have heard, there is no way to test for this ahead of time, and the “Stop error” is a BSOD issue… so it might be worth the extra step to avoid.

Believe me, there has been a lot of testing going on, and if there was one good, clear, safe choice, Woody would have presented that, instead of telling us what the pitfalls are. There isn’t a better time to back up your data, as that should give you some sense of security if the choice you make ends up with a serious consequence. Microsoft isn’t giving, or doesn’t have a safe way forward. Their best efforts have thrown a fair amount of chaos our way. I am giving them the benefit of the doubt on that… at this time…

And as to your last question… if Microsoft reissues an update that has been hidden, it will show up again if you run Windows Update… and if you decide to install it, and it hasn’t shown up again, you can unhide it… unless it gets pulled (and that is for reasons that mean you wouldn’t want it anyways). KB4088881 is the April preview… The April Monthly Rollup, will have those fixes, hopefully with any bugs ironed out… and it will probably (I say probably, because March’s Monthly Rollup didn’t show up for everyone) show up in your regular Windows Update, on next Tuesday. Woody, and most of us here, will wait and see what happens to the unpaid beta-testers, before he makes a recommendation regarding what to do with it. It does get a little confusing, because we are in April, and only just now deciding what to do with the March updates.

Hope you feel that this more thoroughly addresses your bottom line questions… and do know that none of us are happy with these answers… just doing the best we can with what Microsoft throws at us.

Non-techy Win 10 Pro and Linux Mint experimenter

3 users thanked author for this post.

jburk07, SueW, walker

Reply | Quote

@MrBrian I installed KB4099950 and KB4088875 (and then restarted) with no issues would that mean I don’t need KB409967? Or should I get it form the update catalog and install it?

Reply | Quote

I don’t know for sure. I installed KB4088875 on March 25, and I haven’t experienced the issue that KB4099467 supposedly fixes. I didn’t install KB4099467.

Reply | Quote

Trying to make sense of it all and follow all the good suggestions here has left me shaking my head and not sure which way to go.  I’m Group A Windows 7 64 bit with both the Jan & Feb rolls-ups installed.  Today in WU I have offered (and all are checked) 4100480, 4099950 and MSRT.

If I decide to install these – does it matter which order I do them in, i.e., should 9950 be installed before 0480?  I always do MSRT last and assume this would still be the case here.

If I don’t install them today or tomorrow, what happens on Tuesday when the April updates come out?  Do the 2 that I’ve mentioned disappear and will I have lost my chance to install them?

Gosh- I wish this was easier.  I feel like I’m making a monumental decision here!

1 user thanked author for this post.

jburk07

Reply | Quote

It shouldn’t matter what order KB4100480 and KB4099950 are installed in.

If you don’t install the March 2018 updates before next Tuesday, by next Tuesday the March 2018 updates will be metadata-superseded by the April 2018 updates, but you can still install them via Windows Update by hiding the April 2018 updates. Don’t forget that you hid the April 2018 updates though.

1 user thanked author for this post.

jburk07

Reply | Quote

Thanks MrBrian. Could you clarify if the 2 updates I’ve referred to are considered “March” updates? These aren’t the monthly roll up so I’m just wondering if they will in fact disappear on Tuesday?

Reply | Quote

I’m not sure if either of those two updates will disappear from Windows Update on next Tuesday without resorting to hiding other updates.

1 user thanked author for this post.

jburk07

Reply | Quote

My 7’s are patched, monitoring for issues.  I have a few Server 2008 R2 and I’m still holding back on those due to the SMB memory leaks.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

jburk07, WildBill

Reply | Quote

I’m curious whether you installed KB4099467 on your Win 7 machines and the reasoning you used in making your decision. This seems to be a largely overlooked update.

I’m leaning towards installing it because one other poster has and it either didn’t do anything or perhaps prevented a BSOD. On the other hand MrBrian decided to not install it, and his expertise is absolutely not something to be ignored.

Reply | Quote

I have more of a “safety net” than some of you because I make an image (using Macrium Reflect free version) immediately before installing Windows updates, and I am fairly confident that I will be able to restore an image because once a month as a test I do a restore immediately after making an image.

4 users thanked author for this post.

jburk07, DrBonzo, JohnW, Elly

Reply | Quote

I run scheduled weekly Macrium Reflect images on my Win 7 box, and daily on my Win 10 box.  I image Win 10 more frequently because that is my daily driver at this point.

Imaging should be a consideration before risking any updates, IMHO.  Knowing that you can roll a system back to it’s last known working state is a big anxiety reliever.  🙂

The peace of mind is priceless.  Macrium Reflect is free, and a decent 1TB external USB3 drive can be had for around $50 USD.

So if I hold off on updates, it’s just because I don’t wish to go through the hassle of a full restore, which usually takes me less than an hour…

Windows 10 Pro 22H2

4 users thanked author for this post.

jburk07, SueW, wdburt1, MrBrian

Reply | Quote

Macrium Reflect: Once a month, instead of once a week. Simple, reliable, easy to use, does not intrude itself, unlike a lot of other crapware these days.  Maybe it’s because it’s from the U.K.

I love Seagate Dashboard almost as much as Macrium; each morning, if I don’t sleep late, it backs up just the files that have changed since yesterday, and more importantly, they can be accessed without “mounting” an image.

These, plus an online backup once every 30 days–the so-called “rule of three.”  As you say, the peace of mind is worth it.

1 user thanked author for this post.

JohnW

Reply | Quote

@MrBrian – Sounds to me that you’re suggesting folks who don’t have a great deal of confidence in restoring an image should go ahead and install KB4099467. That would be fine with me because while I have an image, what I don’t have is a great deal of confidence or experience recovering from BSODs.

Reply | Quote

I’m not sure because I don’t know if KB4099467 introduces issues.

This may be helpful for those experiencing BSODs: 2000009: Getting out of a no-boot situation after installing Windows updates.

Reply | Quote

I opted to install KB4099467 last night on my Win 7 Starter 32 bit test machine. Did the following:

4099950 from Windows Update, no restart required or requested.

4088878 from the Update Catalog, restart required but I didn’t because I immediately installed

4099467 from the Update Catalog, restart required, and I did restart.

Everything seems to be working fine, although I would note that the install of 4099467 was VERY slow and the restart took a long time even for an Atom chip.

Another interesting thing is that after all of this Windows Update showed only 4099950 and 4088878 in the ‘view update history’ tab. 4099467 didn’t show up at all. I had no indication that anything went wrong during the above procedure, so I’m not too worried about it since I’m not having any issues. Also, I’ve noticed in the past that Windows Update doesn’t always show the latest Security Essentials definition update.

2 users thanked author for this post.

SueW, MrBrian

Reply | Quote

@MrBrian – One for you:

Win7 Pro SP1 32-bit (in a VM)
Was patched through Feb Rollup (4054518 Dec RU, 4056894 Jan RU, 4057400 18-1 Preview, 4074598 Feb RU)
Optional list unchecked – Silverlight, HP-Image, KB3102429 (Azer/Menat currency)
ALLOW Regkey in place (Bitdefender Free)
I have monthly copies of VM up to 18.03/06, latest includes Feb RU

Windows Update offers NOTHING (no Rollup, no Preview, no hotfix, not MSRT, not .NET – Nada, zilch)

Manual download/install KB 4099950, reboot, search – NOTHING (nothing to hide to make Mar Rollup appear)

Roll back – uninstall 4074598 (others not shown in installed updates), reboot, search. WU offers 4054518 (Dec Rollup and several older updates latest of which is 2016). No later Rollups, no Previews, no hotfixes.

Installed Dec Rollup and older patches, reboot. Search produces nothing – no recent RU, no Preview, no hotfixes. It is now stuck at Dec 2017.

Explanation? Suggestions?

Reply | Quote

After you rolled back, did you check that the QualityCompat registry item is still present?

Reply | Quote

Yes, still there

Reply | Quote

Did you try resetting Windows Update?

The old stop Windows Update service, rename SoftwareDistribution, restart Windows Update service and check for updates?

Cheers!!
Willie McClure
“We are trying to build a gentler, kinder society, and if we all pitch in just a little bit, we are going to get there.” Alex Trebek

Reply | Quote

Saving grace?

Reply | Quote

Unless Windows Update is behaving fluky at the moment on the server-side, I would guess that your computer is having Windows servicing issues. I’ve lately been referring people to post at https://www.sysnative.com/forums/windows-update/ regarding such issues.

Reply | Quote

Thanks, will pursue

Reply | Quote

As a test, I just checked for updates on my Windows 7 virtual machine. Windows Update found 172 updates. No server-side problems in my case.

Reply | Quote

@pkcano I would suggest having a look with WUMT, in particular with “include superseded” checked. You may be able to see a lot more with that setting done. This is useful for analysis and I do not necessary suggest to install the superseded patches, although sometimes this is the only way forward especially for computers which are behind with patching for a longer period and this is due to the known supersedence mess.

Reply | Quote

EEErrrr….
I’m embarrassed.
I use paid av on the installations with which I access the Internet, but I have so many others that I can’t afford all, so I use Bitdefender Free on most of the test stuff.
I had to shift av’s between conputers, uninstalled TMIS on the Win7 (which removed the key) and in the interim I manually added it back.
So it was there all the time.

Key = QualityCompat
DWORD = cad ca5fe-87d3-4b96-b7fb-a231484277cc
value = 0

Computers are dumb – they do exactly what you tell them to do….
Sometimes you just have to figure out what you told ’em.

1 user thanked author for this post.

Elly

Reply | Quote

Trying to get info on 2018-03 Update for Windows 10 Version 1607 for x64-based Systems (KB4089510) released on 3/21/2018. Windows Support says, “This update makes stability improvements for the Windows 10 Version 1607 servicing stack.” Doing a search, I see where there are reports of this update hosing Windows Server 2016. I’d very much appreciate any help as to what’s going on with this update. I don’t see it listed on Miss Susan’s nor Martin Brinkmann’s Patch Lists. Maybe I’m just missing the obvious. It wouldn’t be the first time! 🙂

Reply | Quote

From https://support.microsoft.com/en-us/help/4088889: “Important When installing both the SSU (KB4089510) and the LCU updates from the Microsoft Update Catalog, install the SSU before installing the LCU”. Perhaps KB4089510 addresses the same issue mentioned in this post.

Reply | Quote

Thanks, MrBrian. Since KB4088889 was the second CU issued on March 22 (I think KB4077525 was the first), and KB4096309 was the third one issued on March 29, I installed KB4096309. KB4088889 was never installed. However, since the update in question, KB4089510, is a SSU, should it be installed anyhow? In fact, since MS seems to be saying install SSUs before LCUs, I should have installed KB4089510 before KB4096309 … but I didn’t know it even existed until today.

So, bottom line: Should I install KB4089510? If so, when?

Thanks again for your time and help.

Reply | Quote

Those reports are wrong, SSU never harm or hose the system
on the contrary, skipping installing SSU is what cause other updates to fail or cause issues

3 users thanked author for this post.

dononline, MrBrian, Elly

Reply | Quote

Searched soul and installed March updates B style – arghh getting harder and harder to stay in group B.

As others reported, my March rollup disappeared. When I checked for updates on 4-6, I was offered kb4099950 and kb4100480 and yes they were both checked.  I installed one update at a time, made a restore point prior to each install, rebooted after each install whether I was prompted to or not, and out of curiosity checked for updates after each reboot to see if the March rollup would be offered again. It was not offered. Below is the order I installed the updates which I know is not the same order recommended by others. Computer seems to be running fine.

1. KB 4096040 (IE 11 dated March 23rd from catalog)

2. KB 4099950 (I was offered windows update, but used catalog)

3. KB 4100480 (I was offered windows update, but used catalog)

4. KB 4088878 (March Security only for Win 7 x64 from catalog)

Group B Win 7 x64 – Thanks Woody and others for your valuable research and advice.

 

 

1 user thanked author for this post.

Elly

Reply | Quote

Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

Reply | Quote

Thanks @MrBrian. Yes, I read your article and followed every step (to get the March rollup to re-appear) except for installing KB4074598 (2018-02 Monthly Rollup) because I am in group B. I installed the group B style IE 11, Jan and Feb 2018  Security Only updates on March 5th.  I also ran disk cleanup on March 5th cleaning up about 2.6 gigs of system files. KB4088875 never to appear again.  Really don’t know why I tried so hard to get it to re-appear, since I was not going to install it anyway (smiles). Appreciate you sharing your research and helping others.

1 user thanked author for this post.

Elly

Reply | Quote

You’re welcome :).

In that particular sequence, installing KB4074598 is a necessary step.

Reply | Quote

Why would you be interested in the March Rollup when you’re in Group B?  Sounds like you’ve installed all the necessary updates (for Group B).  Congrats!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

Thanks @SueW you are absolutely right. I was being obsessive and overthinking things. It bothered me that if  the the March roll-up was not being re-offered, I might be missing a prerequisite that also applies to the March Security only patch.

2 users thanked author for this post.

Elly, SueW

Reply | Quote

Being a  person who’s running 64-bit Windows 7, and being in Group B, I read Woody’s Computerworld article regarding DEFCON 3 very carefully. Like many others I was looking for guidance as to how to proceed or deal with the March Widows 7 Security Only, and IE 11 Cumulative Security updates. In the past I’ve always followed two basic commonsense rules that I’ve learned from following the advice given here on Askwoody. First, never install preview updates, and second never install unchecked windows updates. Up to this point that way of thinking has worked out very well.

The problem is, at least for me, is that between Woody’s Defcon 3 Computerworld article and the various Askwoody threads pertaining to the March updates, I’ve been unable to determine the best way to deal with this issue. Between the various Hot Fixes and the randomly updated versions of certain March updates, there doesn’t seem to be clear direction on how to proceed. At this point there are 2 updates that I’m unsure of.  The first is KB4010048 which was first talked about here back on March, 29, Microsoft Patch Alert: Suddenly, Windows 7 patching is an unholy mess and here, Patch Lady – new update for Windows 7 KB 4100480. Having read both of those threads more than once, I went ahead and downloaded it from the Microsoft Catalog (was not offered in WU) and installed it on April, 1. It installed without issue… Since then I’ve viewed more recent posts suggesting that it would be better to roll back the window updates prior to January 2018 rather than install KB4010048 at all. Then I started seeing other posts indicating that KB4010048 was now being being offered in windows update. Then yesterday I discovered there’s a newer version of this update that’s dated April, 5, and is now a prerequisite for installing either KB4088875 or KB4088878, along with another prerequisite, KB4099950, which is the second update I’m unsure of.

On April, 1 WU offered me KB4099950 as optional and unchecked update. Because it was unchecked I went ahead and hid it…  Yesterday I decided to unhide it to see if it was still unchecked. It was, and as such was re-hidden. This morning WU offered me KB4099950 once again… This one is dated April, 5, optional, written in italic, and still unchecked. Also the hidden copy of the update is no longer there.

So here’s my conundrum… Does the never install an unchecked update still apply in this case, which means I can’t or shouldn’t install KB4088878, and is the fact that the installed version the KB4010048 update is an older version mean I have replace it with the newer version?

As always any advice or input would be greatly appreciated…

Reply | Quote

KB4100480 isn’t a prerequisite for installing KB4088875 or KB4088878. KB4099950 is a prerequisite for installing KB4088875 or KB4088878.

Microsoft now categorizes KB4099950 as a Recommended update. The “Give me recommended” Windows Update setting that Group B uses causes all Recommended updates to be put in the Optional tab in Windows Update, and be unticked by default. The “Give me recommended” Windows Update setting that Group A uses causes all Recommended updates to be put in the Important tab in Windows Update, and usually (but not always) be ticked by default. In my opinion, KB4099950 would be a good occasion to violate the “never install an unticked update” rule.

KB4100480 has not been reissued.

4 users thanked author for this post.

Cascadian, Elly, twbartender, Seff

Reply | Quote

Whilst I’m grateful for this post, @MrBrian, I think it raises two important points.

First, we shouldn’t assume that only Group B users set recommended updates in the way that you indicate. I’m a Group A user and my settings result in KB4099950 appearing as both optional and unchecked, and I’m pretty certain I’m not the only one.

Second, your comment that “In my opinion, KB4099950 would be a good occasion to violate the “never install an unticked update” rule”  underlines the point I made in another topic recently to the effect that it’s crucial that all members of the team are seen to be playing the same tune. If some argue that unchecked updates should never be installed, while others argue that a particular case is an exception to that then we mere mortals won’t have a clue what to do for the best.

I fully understand that these are difficult times, but if different members of the team give us different recommendations, how are we supposed to reach an informed decision on which recommendation to follow?

1 user thanked author for this post.

twbartender

Reply | Quote

@seff

Seff wrote:

I’m a Group A user and my settings result in KB4099950 appearing as both optional and unchecked, and I’m pretty certain I’m not the only one.

I’d like to point out to you that you are not following Group A. From AKB2000004, the guidelines for Group A read:

Step A1: Get your settings right.

In Win7, click Start > Control Panel. In Win 8.1, press Win-X and choose Control Panel. Click System and Security. Under Windows Update, click the link marked “Turn automatic updating on or off.” Make sure Windows Update is set to “Never check for updates (not recommended),” then check the boxes marked “Give me recommended updates the same way I receive important updates” and “Give me updates for Microsoft products and check for new optional Microsoft software when I update Windows.” Click OK.

If you were following Group A, KB4099950 would be important and CHECKED.

3 users thanked author for this post.

walker, Elly, MrBrian

Reply | Quote

The problem is that there are always going to be lots of different ways of defining the different approaches, and while you’re clearly right in theory, in practice I regard Group A users as installing the monthly rollups through Windows Updates while Group B users install the security-only updates from the MS Catalog. Whilst that may not tick all the appropriate boxes in the correct way, it seems to me to summarise the basic difference between the two approaches. However, I fully accept that under the strict definition of the different groups I am somewhere between Groups A and B, albeit very much closer to A than B.

In any event, if you follow the advice to set Windows Updates to “Never check for updates” then all the time you maintain that setting you are effectively Group W and are in complete ignorance as to what is being offered. I prefer at all times to know what is being offered to me, and only then can I contribute such information to this site.

I always have my main setting on “Check and notify but let me decide when to download and install” because that way I can follow what’s happening, without ever having had an update automatically install unlike when people report having it set to “Notify and download but let me decide when to install”, while I have always followed the original GXW Control Panel advice to have “Give me recommended updates the way I receive important updates” unchecked. Maybe I need to change that particular setting if it’s generally felt that there are compelling reasons to do so.

In any event, it’s useful to know that it’s that setting that determines why KB4099950 is checked or not, so thanks for that. It helps when considering the further response below from MrBrian.

Reply | Quote

The reason I am Group B (Win 7 x64) is that, when one installs some updates by hand from the MS Catalogue, if later it turns out that there is something wrong with one of those updates, one can de-install it leaving the rest in place.
When there is a problem with a rollup, one can only de-install everything, good and bad together.
The main problem with being in Group B is that there may be updates fixing previous updates that are only available in the rollup. So far, nothing evil has happen to me because of that, at least that I can tell… So, still in Group B.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I can fully appreciate that it’s confusing that different people here sometimes give differing advice about what to do. You could decide to always follow one particular person’s advice (if available), or you could ask the reasons why a given person gave particular advice, and decide for yourself which advice to follow. The “never install an unticked-by-default update” rule is not a rule that I personally agree with, and KB4099950 provides an excellent example of why.

4 users thanked author for this post.

OscarCP, Elly, Seff, twbartender

Reply | Quote

@twbartender –

To shed some further light on your confusing situation (and that of MANY others, I’m sure) regarding KB4100480, here’s the wording of an explanatory note that’s in the KB article about this update:

• This security update was updated on April 5, 2018 to address applicability issues in the original release of the update.
• Applicability rules have been expanded for this update. Therefore, this update will be offered via Windows Update and Windows Server Update Service (WSUS) if any of the Security Only (SO) updates that are listed in the table above are applied.
• No specific functional changes have been made to this security update. Therefore, no additional action is needed if this update has already been applied.

Notice the last sentence in the last bullet point above. If it’s already installed prior to April 5th, you’re still good to go, no action is needed.

In other words, they updated it, as you noticed, on April 5th, but only to expand the field of applicable Windows 7 SP1 and Windows Server 2008 R2 SP1 installations to include those folks who have installed the Security Only updates for any one of the months of January, February or March as well as the folks (already included) who have installed the rollups for those months.

I hope that this post, along with the post above from @MrBrian, help clear things up for you and anyone else with the same question as you about KB4100480.

R/

Bob99

2 users thanked author for this post.

MrBrian, twbartender

Reply | Quote

Win 7 x64, AMD processor, Group B, Rolled back to December.

After reading through all this I’m trying to put together some instructions for myself if I ever want to start patching again and this is what I’ve come up with.

Install order

KB4073578 (assuming this replaced KB4056897)

Restart

KB4074587

Restart

KB4099950

Restart

KB4088878

KB4099467

Restart

KB4100480

Does this look correct?

Reply | Quote

That order looks right, except the intermediate reboots aren’t needed. Don’t forget to install a March 2018 cumulative update for Internet Explorer also.

1 user thanked author for this post.

woody

Reply | Quote

Strangely, KB4088875 has disappeared from my list of recommended updates for  Win 7 HP 64 bit.  It has been gone for at least 2 days now and maybe longer as I do not check WU everyday.  I did not install or hide, just not listed anymore.  I do see KB 4100480 and KB4099950 listed and checked.  Anyone else have this issue.  I have not installed any MS updates since the Feb updates.

Reply | Quote

Note to Windows 7 users: KB4088875 (Windows 7 2018-03 Monthly Rollup) is available on Windows Update, but there are unusual steps needed to see it. See https://www.askwoody.com/forums/topic/windows-update-not-offering-kb4074598/#post-182019 for more details.

2 users thanked author for this post.

GoneToPlaid, Elly

Reply | Quote

Indeed, but it appears from the various links that for the March monthly rollup to reappear requires the prior installation of an update – KB4099950 – that for some at least remains unchecked, and therefore according to Woody’s 1st Rule of Patching – if it isn’t checked, don’t check it – we won’t get to see the March monthly rollup!

The more I read on this topic, the more I’m inclined to sit back and do nothing. Whether that is only until the feedback on next Tuesday’s April updates or beyond January 2020 into infinity remains to be seen.

Microsoft have been making our patching decisions increasingly difficult for some time, yet perversely those decisions are finally beginning to be increasingly easy!

Reply | Quote

See my post at 11:07 today – had the same situation, you need to check it and follow the trail is you want to get KB4088875.

Still trying to decide what to do with now!

Reply | Quote

anonymous wrote:

And what happens to KB4088881 that is hidden?

When it is reissued as the regular Monthly Rollup it will appear back in Windows Update…

Oops… edited to correct my misunderstanding…

KB4088881 stays hidden, unless you unhide it, or it gets pulled. Per PKCano, “It contains the current month’s Rollup PLUS the non-security package for the coming month (not the security package). So it’s basically a “preview of what’s to come.” Microsoft then adds the security package to it, and that becomes the next month’s Rollup.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Thanks for that info

Reply | Quote

The preview rollups aren’t reissued later as monthly rollups. KB4088881 will remain marked as hidden.

1 user thanked author for this post.

Elly

Reply | Quote

Oops, I blew that one…

That means that when April’s Monthly Rollup is issued, it doesn’t matter that the preview is hidden… because the patches that are in it, are forwarded to the April Rollup?

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

They’re different updates, with different update IDs, and different contents.

1 user thanked author for this post.

Elly

Reply | Quote

After installing KB4099950,  KB4088881 reappeared in optional updates unchecked.

Win 10 Pro v.20h2

Reply | Quote

Hi, I’m Windows 7 64-bit, i7-3770, with Jan and Feb patches installed.

I’ve decided to follow, as I’ve always done, Woody’s recommandation, that is … do nothing; no March patching and no rollback.

I’ll wait for new instructions from Woody.

2 users thanked author for this post.

JDeC, Joulia.S

Reply | Quote

Hi,

i too am on Windows 7 64 bit and decided to dive right – in with the March Updates TODAY,after reading Woody’s post and thankfully everything went just fine.Still several hours later,No blue screens,No system slowdowns,Nada…A big thank you to Woody for his regular invaluable advice.

 

Windows 7,Home Premium 64 bit - Lenovo laptop
Group A - Intel (R)Core i7 Processors -

ASUS Chromebook C213 12.5 inch
64GB memory .

iphone 6,need to upgrade soon,bugger !

Reeder M7 Go 2019 Tablet !

2 users thanked author for this post.

Elly, SueW

Reply | Quote

Win 10 Pro 1703 – updated today, no issues so far.  🙂

Hid KB4023057 and the feature update to version 1709, everything else for March has been updated.

I believe I will follow advice and leave my Win 7 Pro box alone …

Windows 10 Pro 22H2

Reply | Quote

I did search AskWoody.com (site, forums; Google search, on-site search) but did not find an answer to this question. My apologies if this has been A&A (asked and answered).

How do I determine which Windows 10 Pro update I have, e.g., 1703, 1709, 1803?

System Info says:
Windows 10 Pro
Version 10.0.16299
Build 16299

Thanks!

Mark

 

Edit to remove unnecessary system information

Reply | Quote

You have Windows 10 v 1709, BUILD 16299. The 16299 indicates the Build which is indicative of the version 1709.

2 users thanked author for this post.

Elly, mdwpsyd

Reply | Quote

Thank you PKCano!

Is there a conversion formula or table somewhere? I can’t figure out how 16299 ==> 1709

Mark

P.S. Also thanks for editing out my system info which wasn’t needed. :o)

Reply | Quote

You asked for it. Here’s the big one from Microsoft.

2 users thanked author for this post.

Elly, mdwpsyd

Reply | Quote

I have read Woody’s Computer World article and all the forum comments.

If we choose Woody’s second option

“If you don’t need the headache, and you’re reasonably sure nobody’s going to attack you with a Total Meltdown push*, don’t do anything. Don’t install any of the March patches”

what do we do going forward?  Do we just wait for the April patches and a subsequent DEFCON 3 announcement?

Thanks.

2 users thanked author for this post.

JDeC

Reply | Quote

280park wrote:

what do we do going forward? Do we just wait for the April patches and a subsequent DEFCON 3 announcement?

Yep… if you are choosing the wait and see option… you get to wait… and see…

Non-techy Win 10 Pro and Linux Mint experimenter

6 users thanked author for this post.

David F, SueW, JohnW, JDeC, woody, 280park

Reply | Quote

Group A Win 7 Pro x64…I did not install any of the Mar. updates and rolled back to Dec. using Windows Update Mini Tool. Everything is working smoothly. At this point I’m being offered via WU KB4091290 ( unchecked ) and KB4099950 ( checked ). Unless I’m missing something here, it appears that everyone is being offered something different even though their configurations are similar or the same. That would lead me to believe that there is no one answer that fits all to the many questions ( including mine ) that everyone has. I’m seeing others that rolled back as I did being offered completely different updates than me. This leads to the mass confusion that’s being seen here. Please correct me if I’m looking at this wrong   🙂

Reply | Quote

I have  two win 7 64 bit computers.  Both of them had the following on them under windows update when I checked windows update today:  KB4018317 Outlook update, KB2965234Powerpoint update, (both of these were unchecked), KB4100480 2018-03 Security Update for Win 7 64 bit, Checked,  KB4091290 2018-03 Updated for Win 7 64 bit, Unchecked and KB4099950 2018-03 update for Win 7 64 bit.  This list was off the laptop which had been turned off for 9 days since I did not need to use it.  When I when turned on the laptop today it had the KB4088875 update but when I hit check for updates, it disappeared.  The resulting list was as stated above.  I checked the list on the laptop to the list on the desktop and they were the same.  After installing the checked updates including the updates for Outlook and Powerpoint, rebooted the computer and the only update available was the unchecked KB4091290.  I then read about the KB4091290 and found it was for the smart card issue that arose in February.  I’d like to thank Mr. Brian for his comment that you do not need to install this especially since I do not use smart cards on either of the computers.  Unless something else pops up between now and Tuesday,  I am going to sit tight until the craziness that starts again on Tuesday settles down and I get the directions and advice from Ask Woody–Thanks Woody and everyone else.

Reply | Quote

You’re welcome :).

Regarding KB4088875, see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

Reply | Quote

FWIW,  I’ll add my experience

Win7 Pro 64bit

I installed in this order

-KB4096040 (the initial March Win 7 IE Cumulative Security Update)… IE launched fine after update, so i skipped the replacemnt patch that was issued on 3/23

-KB4100480

-the March MSRT

No problems encountered.  No detectable slow down, although not a power user.

I assume the consensus is to hold on the “full” March Win7 Security only update until further notice, even though it is listed on the Group B page?

Edit to remove HTML. Please use the “text” tab in the entry box when you copy/paste.

Reply | Quote

I thought I’d put this info here if it helps anyone like it did for me.

On my Main PC I have Windows 7 64 Ultimate Group B Pre January patches and things work great. My laptop came with Windows 10 so I am running 1703 and I will stay here for awhile until the dust settles with 1803, for now.

I have not had any issues with being forced to 1709 so I thought I would explain how. I too have windows update set to CBB, 365 days and 30 days. I also use wushowhide to manage the monthly cumulative updates, but I also use WPD, you can get it here https://getwpd.com/ .

I find this program does just about everything I want it to do to Windows 10. It disables telemetry (I know there is no way to completely shut it off) it makes it super easy to remove built in apps. I have Cortana disabled and I can still search. It allowed me to remove the useless Lock screen and helps me to tame windows update. Every time I install a monthly update I have to go back into WPD to shut off 4x telemetry settings.

I have been thinking of installing Windows 7 on my laptop as a proof of concept that I can but if time doesn’t allow me to I am currently ‘content’ with how WPD helps me manage my Windows 10.

I hope this helps someone like it did for me.

 

Rock

Reply | Quote

Don’t install the WIN 10 cumulative for 1709-When it was installed and needed restart, windows has to sign you otu due to a problem. I uninstalled the cumulative for march and now everything is back to normal. I hid the cumulative update so it doesn’t bug me or harm my baby again. I also did a defragment, advanced systemcare, ccleaner AND AN ERROR check afterwards.

All other updates for 1709 has installed normally and my computer is taking time to digest and adapt to new updates, but everything is normal again.

Reply | Quote

Well, I went through the most turgid rigmarole of patching, rebooting, and running WU several times now, and seem to have all the prerequisite patches, and I’m safe from IP address wipeout; now just the Big Bad KB 4088875 leers at me now, _unchecked_, and it’s a genuine standoff as we glare at each other.

What gives me pause before downloading and installing that morass are two things:

1. MS’s latest info on the March roll-up (4088875) has the warning, “A Stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).”  I have NO idea what this means, nor any idea on how to ascertain if I have this function.  Can anyone tell me a method to determine if my system supports SSE2??

2. KB4088875 is still unchecked, though “important”.  I have always wondered what determines an item in WU to be “checked” or “unchecked”; does it mean, “Kosher-no issues” if checked, and “look out, you still might hit the wall” if unchecked”?  As Groucho used to say, “Any questions?  Any answers?”

3. If “unchecked” means “Not Yet Kosher”, I’m going to ignore the thing IF April’s rollup will contain everything OK in 408875, plus other things, good or bad.

Any light thrown on the above deeply appreciated.   This is my only machine, and I simply can’t take a chance of BSOD’ing it.

Thanks to all, again, who are slogging through this morass. (!)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Hello Nibbled To Death By Ducks,

It seems that you have been nibbled to death by updates! Your computer’s CPU supports SSE2 unless your CPU is rather old. One of my favorite handy dandy utilities which I use on my computers, and which I use on all of the office computers, is Piriform’s Speccy. Basically, Speccy shows you details about all of your computer’s hardware along with a lot of other useful stuff. Get the free version of Speccy directly from Piriform at the following link:

http://web.piriform.com/speccy

After installing and running Speccy, Speccy could take up to around 30 seconds to analyze the details of your computer’s hardware. When the analysis is done, then suddenly the main details will appear all at once on the main screen. When you see that, click on CPU. Doing so will take you to a details page which tells you everything about your computer’s CPU. Attached are two screenshots of Speccy’s results for my computer. One screenshot is the Speccy Summary page, and the other screenshot is the Speccy CPU details page. In the CPU details page in my screenshot, you can see which instructions my CPU supports. SSE2 is one of them.

4 users thanked author for this post.

Nibbled To Death By Ducks, DrBonzo, SueW, KarenS

Reply | Quote

KB4088875 is the March Monthly Rollup. It is unchecked since it still has several issues. You should leave it unchecked for now. My next question is, what is the latest monthly rollup which you presently have installed on your computer? The only way to be sure is to go to Control Panel, launch Programs and Features, and then click on “View installed updates”. Sort the resulting list by Name, such that next to Name you see a small arrow pointing up. If the arrow is pointing down, then click on Name again to reverse the sort order. Now scroll down to the section which is labeled Microsoft Windows. Scroll down some more, and you will see a lot of entries labeled “Security Update for Microsoft Windows”. Each entry is followed by a KB number which is in parentheses. Scroll down the last “Security Update for Microsoft Windows” which you see, and tell us the KB number.

Reply | Quote

MrBrian has advised to consider installing KB4099467 after doing so with the other March updates for Windows 7, x64. It fixes some strange problem that, so far, I don’t  believe to have had; touch on wood.

When I went to get it from the MS Catalogue, found something unexpectedly confusing there:

There was an update labelled for “Windows 7, x64”, but the information pop-up on that update said that it was for “AMD64 x86” machines.

Now, we’ve already had the Patch Lady explaining the believe-it-or-not fact that “AMD64” = “x64”, regardless of who made the CPU chips in our PCs. But this is something else:

As far as I know, “x86” is another way of saying “x32”, which is definitely not the same as “x64”.

So, is there a contradiction between the update label in the Catalogue and the information on the update itself?

Or, to put it somewhat differently: Will Patch wonders ever cease?

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

There was an update labelled for “Windows 7, x64”, but the information pop-up on that update said that it was for “AMD64 x86” machines.

Screenshot from the MS Catalogue:

There is a comma, not a connector, between the two listings for Architeture.

But… I really enjoyed, “Will Patch wonders never cease?” as it sums up my jaw dropping amazement when contemplating the mess I have to wade through to get family and friends updated every month this year.

Non-techy Win 10 Pro and Linux Mint experimenter

2 users thanked author for this post.

OscarCP, Cybertooth

Reply | Quote

Elly,

I’ll take your word for it — and also Anonymous’, in the next comment down.

But if my machine gets anything after I install the ambiguous KB4099467, from halitosis to shingles, to cardiac arrest, it will be on you. It will be totally on you.

That said and until then:

Thanks.

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

But if my machine gets anything after I install the ambiguous KB4099467, from halitosis to shingles, to cardiac arrest, it will be on you. It will be totally on you.

Given the choices that Woody summarized for us, I have rolled back to December, so installing KB4099467 isn’t on my agenda at all. I’m not recommending others follow my example… it just doesn’t appear to me that Microsoft and Intel have their act together regarding Meltdown and Spector vulnerabilites… and it is my style of managing risk to step back and watch it all work out. I’m hoping to go forward with updating, someday, but just not right now. I’m wishing those making other choices, all the best. I get triggered and anxious over all sorts of things, and the AMD64 terminology seems to bother you… I am hoping you are reassured that it doesn’t seem to be something you really need to be worried about, being unrelated to the AMD processor problems in January patches. I was simply addressing AMD64, x86 being listed, and trying to clarify that. There are enough things to worry about…

Halitosis to shingles, to cardiac arrest… just don’t blame me if you don’t install KB4099467 and get a StopError BSOD after installing KB4088875… I trust MrBrian on this one. LOL.

Non-techy Win 10 Pro and Linux Mint experimenter

4 users thanked author for this post.

Demeter, OscarCP, Microfix, SueW

Reply | Quote

@OscarCP –

<span id=”ScopedViewHandler_labelArchitecture_Separator” class=”labelTitle”>Architecture:</span> AMD64 , X86

The above is directly from the “Overview” tab of the Microsoft Update Catalog entry for KB4099467. This simply means that the patch applies to BOTH 32 bit ( i.e. X86) and 64bit (i.e. AMD64) processor architectures, with each architecture (x86 and x64) having its OWN, SEPARATE version.

In your case, simply click on the download button for the version that’s listed as “2018-03 Update for Windows 7 for x64-based Systems (KB4099467)” and you’ll get the version meant for 64 bit systems. You’ll notice that the file name of what you’re downloading begins with “windows6.1-kb4099467-x64” and then goes on with a long trail of characters after that, ending with the .msu suffix.

The same holds true for ANY Microsoft patch listed that way in the catalog. If it says “Architecture: AMD64 , X86” it simply means that the patch you’re being shown, or told about, is meant for 32 bit and 64 bit systems. It also means that there is a separate patch for 32 bit systems and a separate patch for 64 bit systems, but they share the same KB number.

This is simply Microsoft’s version of “shorthand” notation, in that they’re trying not to be too wordy. They’re trying to get the information out by being as brief as possible. At one time (within the last two or two and a half years), the Microsoft Update Catalog was meant only for IT professionals, not for the rest of us. That has since changed under Satya Nadella, as have many other things you’ve probably noticed coming from Microsoft.

Any or all AskWoody MVP’s please feel free to correct the previous statement about the Update Catalog if it’s not completely accurate!

@OscarCP , I hope this helps to stop your head from spinning now and in the future due to Microsoft’s apparently excessive brevity in describing the applicable processor architectures for patches in the Update Catalog. 🙂

 

Edited for HTML.

4 users thanked author for this post.

Microfix, MrBrian, Elly, OscarCP

Reply | Quote

Thank you for your much better explanation.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

This simply means that the patch applies to BOTH 32 bit ( i.e. X86) and 64bit (i.e. AMD64) processor architectures, with each architecture (x86 and x64) having its OWN, SEPARATE version.

MS make software, not CPUs, better to say:
“This simply means that the patch applies to BOTH 32 bit ( i.e. X86) and 64bit (i.e. AMD64) Operating System architectures, with each architecture (x86 and x64) having its OWN, SEPARATE version.

1 user thanked author for this post.

Elly

Reply | Quote

That’s right, because the processor is hardware (could be with Intel or AMD branding).

The operating system is software, and the 32 bit (x86) and 64 bit (AMD64) architecture is part of the operating system.

Even the ‘answer’ was getting it confused…

Thank you!

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

satrow

Reply | Quote

GoneToPlaid, thanks so much for getting back to me!

Downloaded the program, and it indicates support for SSE2. (Handy little thing, better than many seen in the past.)

Last Security Update for Windows was KB 3185349 April 7 2018.

Also, there’s another warning on 4088875 I missed the first time:

“After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:

SESSION_HAS_VALID_POOL_ON_EXIT (ab)”

Should I apply KB4099467 before applying KB4088875, if I should apply 4088875 at all?

Many Thanks!

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

I am in Group B Windows 7 64 bit and I am wondering what I should do with NET Framework Quality Rollup  to 4.7.1 dated 2018-02 ?

I am going to install up to March security only including  KB4100480 and KB4099950.

I assume then I won’t need April Security only even when Woody gives the Defcon go ahead.

Thanks Woody and guys

 

Edited for HTML. Please use the text tab when doing copy/paste in a reply.

 

 

Reply | Quote

anonymous wrote:

I assume then I won’t need April Security only even when Woody gives the Defcon go ahead.

Why is that?

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

I think he/she means that he/she doesn’t need to install them right away, and that like everyone here, will pay attention to the MS-DEFCON level changes.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

As I write these words, this thread on the March updates contains 240 replies (and this one will make it 241). Could there be a more telling commentary on the current state of Windows patching?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

4 users thanked author for this post.

SueW, Elly, HiFlyer, BobbyB

Reply | Quote

actually its more like we are making sure rocks aren’t falling from the sky  and we are correctly protected in case rocks will fall in the future.

Just someone who don't want Windows to mess with its computer.

Reply | Quote

Help please!  I have W7 32 bit, ran WU and only got MSRT and the snooper kb2952664 as important. For recommended I got – kb4076492, kb4033342, kb3184143 and kb4099950. Also kb4075211 as optional, which I think is preview for Feb rollup? But I have all rollups successfully installed upto and including Feb. I hid kb4075211 and ran WU again and was offered kb4091290 as a recommended update it’s 137.7MB! Which is about the usual size of my rollups. This is the first time I haven’t been offered the monthly rollup, the last couple of months I’ve held my breath and took the plunge and installed what I thought I should, but this time I don’t know what to do for the best.

Should I install, if so in what order or just leave March well alone, and wait till the end of April for (fingers crossed, prayers said) an improvement. I can’t afford to lose this netbook . All words of wisdom welcome at this point.
Many thanks,  –   Watson.

Reply | Quote

**kb4076492 is a .NET Rollup – safe to install if checked
kb3184143 is a patch to remove GWX components (old) – no needed
kb4033342 is the installer for .NET 4.7.1 – you can hold off on this one for now, install later when there is not all this chaos. Hide or uncheck.
**kb4099950 is a required hotfix – install it FIRST before any Rollup
kb4091290 is a fix for a Smart Card bug issued in Feb – if you are not using Smart Card ID it is not required.

Hide any Previews that show up in the optional updates list (like you did kb4075211). See @MrBrian ‘s instructions here about getting the current Rollup to appear.

So far.KB 4088875 (Mar Rollup) may appear as an unchecked important update.

2 users thanked author for this post.

Elly, The Surfing Pensioner

Reply | Quote

PKCano – Thanks for the timely sage advice earlier! On my W7 32 bit i installed March MSRT, kb4076492 and kb4099950. Hid kb2952664, kb3184143 and kb3102429??? (forgot to mention that one). Reboots inbetween , ran WU again and am offered kb4033342 (checked) and kb4091290 (unchecked) – not installing either. I still have not been offered March rollup…??? Don’t know why, all previous rollups successfully installed. So i guess i wait until Defcon 3 for April as I’m Group A, that rollup will supersede the March one, yes? Will i be offered that one…? I hope April’s updates are easier (sigh) as I’m starting to swim out of my depth. Many thanks again,   –    Watson.

Reply | Quote

Hide any Previews in the oprionals, search again – until there are no Previews left. March Rollup may show up unchecked.

Reply | Quote

PKCano – I only had one preview appear, which i hid yesterday, kb4075211, today it’s not there anymore, in fact it’s no where to be seen. In hidden updates i have kb2952664, kb3184143 and kb3102429. In important updates i have  kb4033342 checked, kb4091290 unchecked. There are no updates in optionals, and still no March rollup….. Aah well.   –   Watson.

 

Reply | Quote

Check @mrbrian ‘s post immediately below this. Cleck on the link and be sure you have done everything in his instructions.

Reply | Quote

Regarding KB4088875, see my post https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

2 users thanked author for this post.

Nibbled To Death By Ducks, walker

Reply | Quote

Couldn’t do all the steps in mr.brians post as i have never been offered March rollup preview kb4088881, so i couldn’t hide it. Only preview i have seen is kb4075211 Feb rollup preview, which i did hide.  The other steps i have done, i cant hide what doesn’t appear – why does MS have to make things so difficult…..   (Tired) Watson.

Reply | Quote

re: **kb4076492 is a .NET Rollup – safe to install if checked

what if it is NOT checked?? it is listed under “important”, but no check.

thanks

Reply | Quote

Rule of thumb: DO NOT check anything that is UNCHECKED by default.

Reply | Quote

About why it is so crucial to update, maybe.

248 comments here, it seems like a lot is wondering about what to do, in what order and how to be safe agains this mess, some people(in January) even said that we should download a new bios update even before they where made to be safe against Spectre/Meltdown.

In January i followed this page https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

First downloaded Windows Management Framework 5.0 and that was the first time I ever used that program, pretty scary to mess things up. And with help from an youtube video in a language i dont understand https://youtu.be/46a1bcmjUyI

Now with this Total Meltdown things got even worse https://blog.frizk.net/2018/03/total-meltdown.html

I guess an informative video or a program to help us check if our computers have these vulnerabilities would be the best way for information about our security.

Are we really safe if we have an certain kb file installed?

I noticed that the IE security patches was not cumulative or is it, that is really stupid to have to install every patch since one year back, does it matter what order. With firefox i just download the latest update.

And I never know if my firewall is safe either but that is an another question…

Is our computer ok just because we dont see any problem?

And big thanks for all the help and information here!

Reply | Quote

The IE11 security patches ARE cumulative. The Win7/8.1 security-only patches ARE NOT cumulative, so each one has to be installed separately.

Reply | Quote

If IE11 security patches ARE cumulative, then it makes things more confusing. I installed december 2017 patch first, rebooted, then installed every patch from may to november without any word that IE it was updated.

So this means that I can Uninstall every IE security patch i installed and then install the latest one?? This would clean up my installed kb files.

Reply | Quote

You do not have to uninstall anything. Just install the latest IE11 patch and you will be fine.

1 user thanked author for this post.

walker

Reply | Quote

Win 7 Pro x64, Group B.
Installed patches as follows in two sessions (this afternoon and evening, Sunday):
1. 4099950, 4100480 (from Windows Update – had to tick 4099950)
Forgot to Check for Updates afterwards.
2. 4088878 (reboot – OK; Checked for Updates – no new ones found)
3. 4099467 (temp. hitch as wouldn’t download from Catalog via Pale Moon browser – don’t know why; switched to Chrome, all OK)
4. 4096040 (reboot – OK; Checked for Updates – no new ones found)
5. Office 2010 patches x 4 (ticked ones only; no reboot called for; checked for updates: found 4018317 for MS Outlook, unticked)

So far (late Sunday evening), all still OK.

Dell Precision 3630 w/32 GB RAM, 500 GB (C:), 1 TB (D:)
Window 10 Pro x64
Internet: FTTC (Fibre to the Kerb)

2 users thanked author for this post.

MrBrian, SueW

Reply | Quote

HTH:

Win7 Pro x64 SP1, AMD Phenom II X4, Group B

wuauserv Disabled until searching and manually downloading

Up to date through February.

Dates and March updates:

0401 KB4100480 from catalog

0406 all four checked Office 2010 updates from WU

(Soul search: not found)

0407 imaged disk w/ Macrium Reflect

KB4099950 from catalog (unchecked at WU, BTW)
KB4088878 from catalog
KB4096040 from catalog
KB4099467 from catalog
AOK after restart

0408 first boot morning after — AOK.

3 users thanked author for this post.

Charlie, MrBrian, SueW

Reply | Quote

Thank you so much!  You’re the first person to mention that you installed the four checked Office 2010 updates!  I’ve been waiting and waiting for some news about this, and you also confirmed that all seems to be AOK.  Thanks again!

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Updated my Win 7 Pro box today (Intel Core i3 – Sandy Bridge).  Only one important update was available, KB4100480, 2018-03 Security Update for Windows 7 x64.

Was previously current with updates through 2018-02, except for the .NET 4.7.1 update, which I left unchecked.

Security Update install went fine, but after the restart the desktop was very slow to appear, then was not responsive at all.  Let it run for a few minutes, then did a hard shutdown.  Was half expecting to need to reboot to safe mode, but everything was fine when the system booted up again.  Weird!

Except for that initial hiccup, everything is functional and stable now.  🙂

 

Windows 10 Pro 22H2

2 users thanked author for this post.

MrBrian, SueW

Reply | Quote

I feel like I am going back to AskWoody School. I switched to Group A because patching was becoming a right pain. I’m a Windows 7 Home Premium 64-bit user with no network to worry about.

I toned down telemetry and install the monthly rollups but left my settings as “check for updates but let me choose to download/install”, and unchecked the”give me recommended…” option.

I always wait until Defcon 3 and/or advised by you to patch. So far things have worked out.

I had KB4074598 and KB4056894 installed and added KB4100480 and the end of March after checking the forums. I haven’t had any problems.

KB4099950 and KB4091290 were offered as recommended and unchecked. After
reading the discussions about settings and those patches – and rereading AKB 2000004 – I changed my settings.

KB4099950 shows up as important and checked while KB4091290 is important and unchecked.

I will install the first and wait on the second. Does it “activate” once KB4099950 is installed?
-firemind

Reply | Quote

Hide any Previews that show up in the optional updates, then search again, until there are no other Previews. When you do this, some other updates may show up.

1 user thanked author for this post.

walker

Reply | Quote

Hello, I want to ask some question

I just recently updated my windows

1. January rollup update KB4056894 (installed since january )

2. KB4100480 (installed recently)

I dont know if this sequence okay or not?

and I read this article by woody https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

As of this moment, EVERY Windows 7 / Server 2008 R2 64-bit patch released this year opens a gaping security hole commonly called “Total Meltdown.” In addition, recent patches have a healthy collection of bugs that range from blue screens (STOP messages), to blocking Internet Explorer 11, to a particularly debilitating bug for folks running servers that leads to lockups due to SMB leaks.

Microsoft has released a fix for the Total Meltdown hole, but installing it brings along many of those creepy bugs.

from what I know KB4100480 is for total meltdown right? so is it really bring bugs from march? since the statement on the article said “EVERY” and the 2nd statement said total meltdown fixes. and is KB4100480 already full patch for total meltdown? I read that march rollup supposed to partially fix it but KB4100480 added later or KB4100480 enough for total meltdown fixes?

Edit to remove HTML: Use the ‘text’ tab in the post entry box when you copy/paste.

Reply | Quote

If you have installed any of the Jan, Feb, and/or Mar Rollups or security-only patches, you need to apply KB4100480. Those patches opened another vulnerability called Total Meltdown that KB4100480 fixes. This is not the original Meltdown/Spectre vulnerability, but an ADDITIONAL one.

Reply | Quote

“so is it really bring bugs from march?”

Here is my analysis of KB4100480.

Reply | Quote

Hi MrBrian

“so is it really bring bugs from march?”

“Here is my analysis of KB4100480.”

so based on this analysis KB4100480 should be okay for win 7 64bit. i checked my procie and it have SSE2 and PAE issue only for 32bit so it shouldnt affect me i guess.

and IE, NIC, and SESSION_HAS_VALID_POOL_ON_EXIT (ab)” file not included in KB4100480, so i guess i should be okay since my rollup is January. well i use my pc and so far now bsod, try to log off and its log on fine but im admin tho dont know if its another user log off since its home pc, and my IE not updated so its still IE8, never using it anyway but it wont matter if the file not included anyway xD

and SMB and antivirus registry is already known since January rollup so i guess im just gonna wait till another good security rollup out i guess? rather than installing so many confusing things to fix March update bugs 🙁

 

 

Reply | Quote

Question ? I just finished updating Win 10 Pro x64 ( 1703 ) and it updated the March updates and brought my version up to 15063.994 with KB4088891. Is this the right version ?? I’m showing that KB4088891 should be version 15063.997 on the MS update history page.

https://support.microsoft.com/en-us/help/4018124/windows-10-update-history?ocid=update_setting_client

Reply | Quote

I believe that is a typo on the pulldown. If you open up the link it says .994 (nad that’s what I got too)

1 user thanked author for this post.

bobcat5536

Reply | Quote

I am Group A.  I have kept Jan and Feb installed and installed KB4099950 and KB4100480.

I did all the gyrations and have March KB4088875 back as an Important update but MS has it unchecked.

KB4099467 (catalogue update for Stop Error) reads to be not an option but a must, yet it is a manual procedure. So do I download and have it available in case I need it – in which case how do you install it on a Stopped Error computer (is this BSOD)?  Or install it before installing KB4088875?

Anyone know what it does?  Can it hurt to install it whether or not it is necessary?

Reply | Quote

If you install KB4088875 and decied to install KB4099467, then install it immediately afterward WITHOUT/BEFORE a reboot in between.

Reply | Quote

Hmmm, but ususally one has to reboot to have an update complete installation.  So do the two of them sort it out during the install process and hopefully come back up with no Stop screen?

Reply | Quote

If you reboot before  KB40999467, then KB4088875 will cause the BSOD. So you install KB40999467 beforehand to prevent it.

1 user thanked author for this post.

walker

Reply | Quote

The upshot from PKCano is that you should ignore the reboot requirement by clicking cancel. And then you proceed to install the subsequent update as he recommended in order to prevent any potential BSOD after reboot.

Reply | Quote

Understand the concept, but if I “install” KB4088875 and select cancel for no reboot – is KB4088875 “really fully installed”?  But then I am going to “install” KB4099467, then actually reboot.

How do the two “not fully installed” KB’s sort it out in time. If enough of KB4088875 gets installed before KB4099467 gets installed; won’t KB4088875 throw a Stop Screen anyway?

Are we sure this will work?

Reply | Quote

They both get installed before the reboot, during the reboot and while the computer is restarting. So both are in place to prevent the BSOD.

1 user thanked author for this post.

walker

Reply | Quote

“Are we sure this will work?”

See the part of Mark Phaedrus’ answer from “As it happens” to the end at https://www.quora.com/What-would-happen-if-Windows-10-suddenly-decided-to-reboot-because-of-update-during-defragmentation.

Reply | Quote

I went back to read the latest 3/17 MS KB4088875 wherein it referenced at the end the Stop problem and the need for KB4099467 so surprizing it is not listed as Important on WU.

However, I also looked at KB4088881 the April Preview and the issues read identical EXCEPT the Stop problem is no longer listed as is the need to apply KB4099467!

Did they include the “fix” in the April Preview?

Reply | Quote

‘However, I also looked at KB4088881 the April Preview and the issues read identical EXCEPT the Stop problem is no longer listed as is the need to apply KB4099467!

Did they include the “fix” in the April Preview?’

I think that KB4088881 probably doesn’t fix that particular stop error because according to KB4088881’s file list, it doesn’t include the updated version of file win32k.sys that is in KB4099467. KB4088881 does however fix the Internet Explorer issue that is also fixed in KB4096040.

Reply | Quote

I installed KB4088875 on March 25, and I haven’t experienced the issue that KB4099467 supposedly fixes. I didn’t install KB4099467.

If you want to install KB4099467, I think the best way to do it is install KB4099467 right after installing KB4088875, without a reboot in between. The reason for not rebooting in between is so that when the next reboot happens, the faulty parts of KB4088875 never become active because they’ve been replaced with the fixed parts from KB4099467.

As with any update, the question is whether KB4099467 introduces any issues.

1 user thanked author for this post.

walker

Reply | Quote

Hello all fellow sufferers!  Please be kind as this is my first time here!  I’m learning as I go with notebooks of instructions.  I am Group A.  I have installed  Jan – KB4056894, Feb – KB4074598, KB4100480.

 

I redid the instructions to show “Give me recommended updates the same way I receive important updates” and that brought up KB99950 in the important updates which I have not installed.

Previously, I had installed the March monthly rollup including KB4099467 which did not keep the computer from the BSOD so I uninstalled the March rollup and presently have installed what I have in the first paragraph.

The March rollup KB4088875 does not show up.

I would greatly appreciate your advice as to what, if anything, I should install now — and if so in what order.  Also, it has been suggested that after installing KB99950 and KB4088875 not to reboot and then after installing KB40999467 to reboot — am I wrong to believe that in Group A we don’t have the option to not reboot after each installation?  Thanks in advance — I am extremely security minded and not knowing what to do is stressful.

 

Reply | Quote

In this case you should choose “reboot later” between KB4088875 and KB40999467.

Reply | Quote

Much obliged — I was not aware of the “reboot later” option as I did not use it in the past.  I also want to add that I am windows 7 a five year old Lenovo desktop.

Reply | Quote

Peacelady, welcome to AskWoody! It is nice to have you here. Feel free to fire away with any questions which you have about Windows Updates. After all, this is what AskWoody is all about.

Reply | Quote

Thank you so much Gone to Plaid — this group is a blessing to me.  So, not to be repetitive (lol) but here is what I am understanding:  Install KB99950.  reboot.

Install KB4088875 but click “cancel”

Install KB4099467 and reboot.

Maybe KB4099467 did not work for me the first time because I rebooted after KB4088875?

And then the big question — should I do this or just leave what I have and wait for April?

Thanks again for your welcome and your help.

Reply | Quote

Regarding KB4088875, please see https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

Reply | Quote

Peacelady: What version of Windows are you running? Windows 7-64? Windows 7-32? Something else?

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

Mr. JimPhelps – I have Windows 7 Professional, Service Pack 1, Intel (R) Core  64bit, Lenovo desktop.  Let me know if you need anything else.  BTW – I’m new here and need advice how to quote parts of someone’s post in my answer.  I see the quotes on the top here but I’m at a loss.  Also, if anyone can help me – the blog site keeps freezing up on me and I’m not able to use the refresh button — is this a common problem because of the increased volume lately?  I do have the posts sent to my email where it’s more handy for me to read them.  Any tricks of the trade are deeply appreciated!  And I have been logging on and off and have not had any BSOD issues this morning.  Yeah!!!!

1 user thanked author for this post.

Individualist

Reply | Quote

@Peacelady

I am having issues logging in, then once in having problems logging out as well as problems with refreshing..I suspect it is a traffic issue. Well, I am taking the plunge today on the desktop as well as the laptop…I am somewhat reassured by your experience however my fingers shall remain crossed until my knuckles turn white! I am isolated in the country and somewhat disabled and rely heavily upon my machine to keep me in touch with the outside world. Wish me well, and thank you for all of your input.

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

Reply | Quote

Individualist – I certainly do wish you well.  You will be fine!  Also, I never had a problem with uninstalling the updates when I had the BSOD issue — it never totally crashed the computer.  Knowing that you can probably use the “uninstall” should give you more peace of mind.  Maybe you can help me — when you answer someone’s post how to you put their name on the top?  And do you know how to quote a part of someone’s post that you are answering?  The mechanics of posting is unsettling until I get the hang of it.  Also, do you get the error message that I frequently do: “Error established a data base connection”?

Reply | Quote

In the post you want to reply to, click on the reply button.
That will drop you down to a reply box.
Scroll back up to what you want to quote and highlight the text you want.
Then click on the “Quote” button at the bottom of that post (next to the “Thanks” button.
That will drop your quote into your reply box at the bottom.
The person’s name will be there too.

4 users thanked author for this post.

walker, Elly, SueW

Reply | Quote

My Win 10 Home 1607 usually has Win Update turned off in services and WiFi connection set to metered so I don’t get any updates unless I want them.

With 1607 at end of support, and patch Tues coming up, I thought I’d update to 1709 before 1803 comes around with probable issues and spent nearly 24 hours nursing it along, restart after restart, download after download.

What a rigamarole Win 10 is when you try take some control of it.

Have to sat though, my cheap newish Dell lappy is feeling good for it, much faster for some reason – no stats, and no issues so far. Except Acronis wouldn’t let it start up again after cloning, then froze it on second attempt. Got rid of Acronis and installed free EaseUS Todo Backup – working good now.

1 user thanked author for this post.

MrBrian

Reply | Quote

Win 7 64bit sp1. Wound back to Dec ’17 updates, stopped updates and sitting tight until Meltdown is fixed for good. Or I’ll just sit on that until I figure out Linux.

Reply | Quote

PKCano wrote:

You have Win7. The “/” means “or.” Server 2008 R2 is a different kind of computer.

PKCano
This is what I found when I checked my computer properties.
I always thought  I had Windows 7 SP1 Server 2008 R2x64 bit..
now I’m confused, do I have server 2008 R2x64?

Reply | Quote

You have Windows 7 Home Premium 64-bit and not Windows 7 Server 2008.

2 users thanked author for this post.

Microfix, dgreen

Reply | Quote

You have Win7 SP1. But if you look at patch descriptions that are offered they say Win7 SP1/Server 2008 R2 meaning they are for both Win7 based systems.

I can’t find it right now, but wasn’t the question from an anon poster who didn’t seem to know there was a difference between Win7 SP1 (like home or pro) and Server 2008 R2? That is why I gave that answer.

Reply | Quote

Out of curiosity I just turned Updates back on to have a look. Here is what I have checked as important: KB4099950, 03-2018 Update for Win 7 x 64, Published 05/04/2018

KB2952664, Update for Win7 x64 13-03-2018

MSRT 03-2018.

I’ve got the Jan. & Feb. Security Monthly Roll Ups installed, ( KB4056894 & KB407458, didn’t roll them back), and installed KB4100480 last week. Have been following the Group A protocol,  but now I’m not so certain what group I fall into. Need advice, proceed with patches? Stand pat? Win 7 Pro i7 Haswell 4700 Core

Reply | Quote

I took the plunge today and decided to patch my Windows 7 64-bit system (still Group B). Everything appears to be fine, although there was one “hiccup” during the process (see later).

Following advice in this thread, my installation procedure was KB4099950, reboot, KB4088878, KB4099467, reboot, KB4100480, reboot, KB4096040, reboot. (And, yes, I know that some of the reboots were not necessary. It is just the way that I like to work.) All the patches were downloaded from the Microsoft Update Catalog.

Then, for Windows Update, I followed MrBrian’s “unofficial” procedure, but the only important update offered that I installed was MSRT (Malicious Software Removal Tool).

The “hiccup” occurred when I came to reboot after installing the IE11 cumulative security update, KB4096040. My system got stuck at the message “Preparing to configure Windows. Do not turn off your computer.”. I waited about 20-25 minutes, and then I decided to hit the “big red button”. When I restarted my PC, I chose a normal start (i.e. not safe made, etc.). Some diagnostic messages flashed across the screen for a number of seconds but, happily, my PC then appeared to finish off the installation and I was presented with the logon screen. I have never encountered this problem before.

Anyway, KB4096040 appears in Installed Updates, Update History, and IE11 itself believes it is at the KB4096040 level (11.0.57). So I assume everything is OK.

2 users thanked author for this post.

The Surfing Pensioner, MrBrian

Reply | Quote

This is with respect to KB4088875 2018-03 Monthly roll-up.  I installed KB4100480 win 7 2018-03 security and KB4099950 win7 64 bit 2018-03 update since they were the only checked updates when I looked at Windows Update.   KB4088875  was not on Windows Update at this time.  After installing these two updates and the ones for Outlook, KB4018317, and KB2965234, PowerPoint, KB4088875 showed up in Windows Update after restarting the computer.  However it is unchecked.  So my question is do I install this one?  It seems to have a lot of issues listed in the Knowledge Base article.  Should I follow Woody’s rule of not installing anything that is not checked?  Do I need to install KB4099467 since it does not show up in Windows update for either my desktop or my laptop?  Thanks very much for the assistance and advice on this forum.

Reply | Quote

KB4088875 is unchecked on my computers too, and I have not installed it.

1 user thanked author for this post.

Individualist

Reply | Quote

Win 7 x64, AMD.  I uninstalled 480 which really slowed my computer down.  Since I’m a light used I never installed any of the Preview’s.

1 user thanked author for this post.

MrBrian

Reply | Quote

Is the general consensus amongst the tech gurus helping us here (thanks!) to download and install in this order (if you’re Win 7 Pro x64 Group B with already installed  Jan & Feb security only & IE patches):   KB4099950, KB4088878 (don’t reboot and then install KB4099467 right after and then reboot), KB4100480, and KB4096040?   Or do the above in same order except avoid KB4099467 for now?  Appreciate the help.

Reply | Quote

That order looks right. Whether to install KB4099467 is your decision. I just tested in a Windows 7 x64 virtual machine the installation of KB4088878 followed by KB4099467 with no reboot in between. After a reboot, the Windows booted normally. An updated version of win32k.sys was indeed present, consistent with abbodi86’s analysis of KB4099467. You don’t need to reboot immediately after installing KB4099467.

Reply | Quote

@Anonymous – Aside from the fact that I had already installed 4100480, I did last night what you just described. It was on a Win 7 Starter (32 bit) Intel Atom chip, but it all worked well. The 4099467 install and reboot was very slow but no issues so far.

I’m about to do the same on my ‘daily driver’ Win 7 Pro x64 SP1 laptop now.

Reply | Quote

To anyone out there for whom this may apply…

I am running Windows7x64 SP1-Group A. I have been tracking this posted Topic since day one and have watched it grow from an anthill to a Matterhorn, soon to become Mt. Everest it appears! What I have been watching for are comments/replies from those with similar machines who have taken the plunge into the depths of the unknown and have updated to the “March Era” of Life With Windows. While all of the comments and questions and replies are valuable, in one way or another, I would really be interested in the experiences and consequential outcomes of those whom HAVE, in real-time or by testing in Virtual Machine, ventured into the unknown…this would be very helpful in making a better informed decision in whether one might jump forward at this point or not relative to W-7 Group A. I am current up to Feb 2018…did not roll back…but have downloaded the stand-alone KB4100480.

Thank You.

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

1 user thanked author for this post.

Demeter

Reply | Quote

My experiences:

I’m in Group A using Windows 7 x64. I installed all updates except for KB4088875 on March 18. On March 25, I ran the fix script (which has since been replaced by KB4099950), and then installed KB4088875. I did not install KB4099467. I’ve had no issues so far.

2 users thanked author for this post.

walker, Individualist

Reply | Quote

I forgot to mention that I installed KB4100480 on March 29.

1 user thanked author for this post.

Individualist

Reply | Quote

Ditto Individualist — I’m right here with you eagerly awaiting actual results from folks who installed the March updates in our category.  I’m the same as you except I have KB4100480 installed.  It did not upset anything for me.

1 user thanked author for this post.

Individualist

Reply | Quote

Ditto to both of you. I’m in the same boat, have KB4100480 installed since last week. No March updates. Several of the Updates talked about in the conversation aren’t in my MS Update. Where are they finding them? I’m standing pat, I guess, for now as this is my only machine and I can’t afford to have a major mess up. Would someone please post a simple straightforward answer for Win 7 Group A?  My eyes are crossing & my head is aching from reading all of this. I’m beginning to lose the thread.

1 user thanked author for this post.

Individualist

Reply | Quote

I wanted to contribute that when I got the BSOD when I was logging off it was a black screen that immediately returned me back to normal.  It was not a complete “crash”.  I didn’t have to do anything to restore the computer.

1 user thanked author for this post.

Individualist

Reply | Quote

“Several of the Updates talked about in the conversation aren’t in my MS Update.”

Which ones?

Reply | Quote

KB4099467, KB4088878, KB4096040. The only one I have ticked in MS Updates that is in this conversation thread is KB4099950. Ialso have KB2952664 & March MSRT.

Reply | Quote

Those are Catalog-only updates. The last two are listed at https://www.askwoody.com/forums/topic/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1/.

Reply | Quote

Win7x64.  AMD  Lucky Me.  Didn’t know about the 894 install causing the black screen.  Didn’t back up my system.  Installed 894 and got the black screen.  Here’s what happened after 5 minutes or so of the black screen the computer started to function and my system came back on it’s own with out having to take any of the measure’s suggested for the black screen. Uninstalled 894.

1 user thanked author for this post.

MrBrian

Reply | Quote

Troubles with updating attempt, after seeing the MS-Defcon change and trying to now  update with deferred March updates.

Win 10 1709 x64, WU autoupdate reg setting disabled, WU service disabled, Update Asst/Orchestrator tasks disabled and app uninstalled, feature days 365/quality days 30.

Turned on WU service, ran “Check for Updates.”  Got Office updates successfully, and did restart to complete their installation.  Ran “Check for Updates” again to go ahead to the delayed March Windows core updates.  No updates found.  Went to MS Update Catalog, and tried the various Win 10 1709 cumulative update packages released during March — all stopped with an error saying the package did not apply.  (Downloaded monthly delta updates have worked OK for a number of months previously.)   Went back to Settings/Windows Update, turned feature and quality days to 0, ran “Check for Updates” — again “no updates found” message.  What gives?  Has MS paused Win 10 core updating until this week’s April round commences on Tuesday?

Reply | Quote

I’m Win 7 32 bit, group B. Is it safe for me to install March’s Security Updates? The topic seems to be concentrating on advice for Win 7 64  bit users, with no help for 32 bit users…

Reply | Quote

@Anonymous – I have a Win7 Starter 32 bit Atom chip. I installed 4100480 a few days ago. (I was current with Group B patches through February.

Last night I installed 4099950, 4088878, 4099467, restart, 4096040, restart.

All is well! 4099467 was VERY slow on my Atom chip so you might need to just give it time, but no issues so far.

Reply | Quote

Sorry everyone. I did NOT apply KB 4100480 to my Atom chip machine as I stated above. Got my computers mixed up. KB4100480 is only applicable to 64 bit machines, not 32 bit.

Sorry for contributing to the already confusing state of affairs.

Reply | Quote

I have KB4088881 in WU>optional >unchecked. This appears to be the March Quality Rollup, but haven’t seen anyone else post this number here. Is this correct or something to be concerned about? I’m running Win7 sp1 x64.   Thanks!

Win 10 Pro v.20h2

Reply | Quote

KB4088881 is a Preview. It should be unchecked in the optional updates. You should not install it, instead HIDE it.

2 users thanked author for this post.

walker, rhp52

Reply | Quote

My PC is running Win 7 Pro, SP1, x64.
Last week, as the situation was still very confused, I installed the E11 patch, KB4096040, hoping to improve my chances of browsing without being ambushed and killed. So far, E11 seems working normally, with no other apparently unrelated problems that I have noticed.
Then I started finding postings from PKCano, MrBrian, etc. to install it as pretty much the last patch, after the security only (still waiting to do that, “Hold for now” still being advised in the Master Patch) and those that follow it in the recommended order.

So my question is:
Once I decide to install security only kb4088878 et seq., should I first de-install the E11 patch, and then re-install it last, after those others have been installed?

Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

You do not need to uninstall it. The Windows installer will take care of the other installations if you do them in the recommended order when the time comes.

1 user thanked author for this post.

OscarCP

Reply | Quote

One can install the updates in any order, with the exceptions that have been noted already in this topic.

Reply | Quote

As many have done, and it was a huge help to me, I am posting my results in the hopes that others might benefit:

– My computer was up-to-date through February, and I installed KB4100480 last week as I did not want to uninstall January & February Security Only updates.

– Imaged my disk with Macrium Reflect earlier today.

– Downloaded KB4099950, KB4099467, KB4088878 (W7x64 SO), and KB4096040 (IE) from the Windows Update Catalog (see Note below) and PKCano’s list for Group B.

– Installed, in order, KB4099950, KB4088878, and KB4099467 and then rebooted.

– Then installed KB4096040 and rebooted.

– Checked for updates (and hid as necessary):

Important:
– 3 March Office 2010 Security Updates (Access, Excel, Word) – all checked
– 2 April Office 2010 Updates (Outlook, PowerPoint) – all unchecked; did not hide these
– 2018-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088875) <= was unchecked; hid
– Update for Windows 7 for x64-based Systems (KB2952664) <= was checked; unchecked & hid
– Windows Malicious Software Removal Tool x64 – March 2018 (KB890830) – was checked
Optional:
2018-03 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088881) <= was unchecked; hid

– Checked for updates again, and then installed the same above checked updates (4)

– My computer seems to run the same as it’s been running (Phew!)

Note: The link to the Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Home.aspx.  Just type your KB number into the search box.  From the results, make sure to select your ‘bittedness’ (x86 or x64).

“Many thanks” once again to Woody, MrBrian, PKCano, and everyone else who continues to contribute their time and expertise to AskWoody!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

6 users thanked author for this post.

Ed, KWGuy, HiFlyer, jburk07, MrBrian, OscarCP

Reply | Quote

@SueW… Thanks for your precise installation breakdown, I followed your routine and everything appears to be fine! So far, anyhow.

Reply | Quote

Thanks to MrBrian, GoneToPlaid, and others who have helped me slog through this “Slough of Despond” patching nightmare.  Update:

Applied (in order) KB 4099950, KB 4091290, KB 3185319, KB 4099467, and the dreaded KB 4088875 (“Aaaaargh!), THEN rebooted, ran around the block widdershins three times, touched an object made of wood, (just kidding, that’s not from Redmond) and came back to the PC.  Here’s what happened:

Upon reboot, the “trusted installer” ran it’s head off for several minutes; I didn’t start ringing things out until the CPU was quiet, and the “trusted installer” turned itself off.  Much to my horror, the internet connection was gone.  As I had already applied the patch that was supposed to fix the wiping of IP addresses, I surmised that it hadn’t taken properly.  Ran every diagnostic, couldn’t find the issue. Did the next best thing: rebooted.

It worked. (Put down the chaser, and let out a breath.) Interestingly enough, the “trusted installer” (trusted by who? Not me…) was still running for another few minutes on this boot, THEN the internet connection kicked in.  Still can’t figure this part out.

Notes that may be useful:

1. When manually installing KB 4099467, the manual installer took 5 minutes to rummage around the system looking for updates-very slow.

2. The whole process took 1.5 hours today to run and ring out, far less than what I imagined, thanks to all the wonderful people on this site!

3. Patches were applied over a period of 3 days.

4. “Speccy” is a great little tool; thanks to GoneToPlaid for steering me to it.

5. Steve Gibson’s InSpectre” still shows my CPU vulnerable to Spectre,

I’m going to have a little lie-down now, and let y’all know if anything weird happens after this, if anything. (We all live in Hope.)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

3 users thanked author for this post.

GoneToPlaid, SueW, MrBrian

Reply | Quote

On a whim I decided to install KB99950

(I’m windows 7 Group A and have already installed Jan and Feb rollups and KB4100480).).

And guess what — miraculously when I checked for updates KB4088875 appeared unchecked.  I keep putting my toe further in the water.  Should I go ahead and now install KB4088875 (no reboot) and then KB40999457 (reboot).  Be still my beating heart!!!  Or should I stand still at this point since KB4088875 is unchecked.

1 user thanked author for this post.

Individualist

Reply | Quote

@Peacelady

I followed your ‘whim’ and just installed KB4099950…also went ahead and did the MSRT while I was at it and had the same results as you stated…KB4088875 miraculously appeared, also unchecked. My heart still be beating though!! At least I know that I am not alone in some paddleless boat up some scary creek! Keep sharing, as your boat looks eerily similar to mine at this point…however you seem to be a tad braver than me. 🙂

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

1 user thanked author for this post.

Reply | Quote

Hi Individualist,

It does appear that we are in the same boat.  My dilemma is twofold:  1) KB4088875 is unchecked and Woody said don’t install unchecked stuff.  2)  I’m nervous when it comes to performing the “secret handshake” between installing KB4088875 and then ticking “cancel” in order to reboot after installing KB4099467.  Truth be told, in preparation, I went to the Update Catalog to download KB4099467 to put it on my desktop to have it available instantly after KB4088875 and by mistake it installed — so I had to remove it.  Any detailed instructions on how to initiate this “delicate dance” would be greatly appreciated.  Let’s hope this gets resolved soon!

 

 

1 user thanked author for this post.

Individualist

Reply | Quote

From:YP

DrBonzo you said that you had installed KB4100480 on the 32bit Atom.  I thought this update is available for 64bit only.  Is this a mistype  or was the available via update?

Reply | Quote

KB4100480 is supposed to be for 64-bit systems only. 32-bit are not vulnerable.

1 user thanked author for this post.

JDeC

Reply | Quote

@YP – Sorry, my mistake. When I wrote that I had just finished updating my 64 bit core i3 to which I had applied 4100480.

For what its worth, I just reread my post about the Atom and everything else is correct. But PKCano is correct: KB 4100480 is not applicable to 32 bit systems.

Reply | Quote

I have a Win 7 x64 SP1 installation with an Intel i5-750 (1st generation Core) CPU,  an Intel motherboard and nVIDIA-based graphics card.

Installed Jan and Feb rollups with no issues when Woody gave the go-ahead each time.

Installed KB4100480 on April 1st with no issues, rebooting afterwards. Installed it via its listing in Windows Update.

Yesterday, I successfully installed KB4099950 and rebooted afterwards. As with KB4100480, installed via its listing in Windows Update.

Today, I bit the bullet and successfully installed KB4088875, March’s rollup, from within Windows Update and rebooted afterwards. No issues upon reboot nor during a subsequent logoff and login (letting someone else use the booted up computer) nor during a subsequent shutdown and restart. I looked in the Event Log to see if there were any entries in there for shutdown problems, and there were none.

All of the above updates were installed in the sequence listed and were installed alone, one at a time, without installing any other updates at that time.

I have not installed KB4099467, but I did download it from the Catalog in case it would have been needed. My plan was to install it if I’d had any problems during shutdown as, from what I’ve read from others here, it didn’t stop others from being able to shut down and reboot back to the desktop, it just slowed down the shutdown with a black screen for a few minutes.

I also checked for the proper installation of KB4100480, and when I ran it as if to install it from the file I downloaded from the Catalog, it reported it had already been installed on my machine, so there was no need to reinstall it.

Bottom line: If you’ve already installed KB4100480, then install KB4099950 FIRST and then install KB4088875. It will leave KB4100480’s updated files alone while it installs the rest of itself. Whether or not you’ll need to install KB4099467 afterwards is anyone’s guess, unfortunately. YMMV.

BTW, I haven’t noticed any performance slowdowns at all, so maybe the Intel microcode update for my processor isn’t included in KB4088875. I’ll see how things go performance-wise after installing either the April or May rollups. As before, My MMV.

5 users thanked author for this post.

JDeC, jburk07, Bill C., Individualist, DrBonzo

Reply | Quote

@Bob99
Thank you…this is the comment I have been waiting for after reading what now appears to be up to 345+ replies to this topic…I am down to just the remaining KB4088875!! Tomorrow will be the big day…off to try and get a good nights sleep now and pray nothing changes between now and then. 🙂

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

Reply | Quote

OK kids:  here goes.  I have KB4099467 on my desktop and I am going to bite the bullet and install KB4088875 and KB4099467.  I’ll report back.

1 user thanked author for this post.

Individualist

Reply | Quote

I hope I won’t have to eat these words but I installed KB4088875 and KB4099467 and all is well!  I tried a few times to log off and did not get the BSOD.  I did get both the updates from the Microsoft Catalog — don’t ask me how I finally did the “kabuki dance” trying to install at first without reboot — but down loading them both first to the desktop was my route.  If I subsequently get the BSOD upon logging off I will let you all know and in that case I’ll uninstall the two updates and probably wait for April.  This has been a nightmare but I am so grateful to all on this blog for your expertise, generosity and support.  I couldn’t have done it without you.

4 users thanked author for this post.

jburk07, GoneToPlaid, Individualist, Elly

Reply | Quote

If it was going to BSOD, it would have done so the first time.

1 user thanked author for this post.

jburk07

Reply | Quote

I am terribly sorry to have to tell you all that I got the BSOD once yesterday (which I thought was unrelated) but just now got it again and it’s the pool_exit thing.

I just uninstalled KB4088875 and KB4099467.  I have the January & February patches installed and I have KB4100480 and KB4099950 still installed.

In your expert opinions, should I leave KB4099950 installed?  Should I roll back everything to December?  I’m nervous and disgusted. 🙁

Reply | Quote

Are you still having the problem?

If you are not still having the problem, you should just sit tight and do nothing for the moment. KB 4088875 was not checked for most people and probably should not have been installed for that reason anyway.

Reply | Quote

@PKCano
Thank you – that’s exactly what I will do. I’m staying put and will follow the threads on the April updates until we get the go-ahead on them.

Reply | Quote

Win 7 x64 SP1, group A. Up to date through February. Like others I installed kb4100480 and subsequently kb4099950, but I’m getting neither KB4088875 nor KB4099467, even after rebooting, when I re-check for updates. Don’t know if its absence is an issue since I didn’t plan to install KB4088875 (especially if it’s unchecked), had planned to see what sugars out in April. My question is whether my NOT getting KB4088875 warrants my further attention and, if so, what more I can do to “bring it on” (e.g., should I hide the unchecked preview rollup that is listed in the “optional” section?).

Reply | Quote

Regarding KB4088875, see post https://www.askwoody.com/forums/topic/ms-defcon-3-win10-customers-should-install-march-updates-but-win7-victims-have-some-soul-searching/#post-182184.

Reply | Quote

Mea culpa, I’d previously printed out #182019, completed through step 6 by memory, then the brain cramped and I forgot I was supposed to hide the “optional” March and February previews. Once done, kb4088875 and kb4091290 showed up unchecked as “important”.

Huge thanks mrbrian for your generous patience in responding repeatedly to the same question/s as they come up in the discussion, I would be lost without this community. Thanks to Woody first and foremost, plus all the MVPs and others who contribute so mightily to benefit the rest of us.

1 user thanked author for this post.

MrBrian

Reply | Quote

Glad to hear you updating went well.

Bob99 wrote:

I have a Win 7 x64 SP1 installation with an Intel i5-750 (1st generation Core) CPU, an Intel motherboard and nVIDIA-based graphics card.

<<<<Snip>>>>

BTW, I haven’t noticed any performance slowdowns at all, so maybe the Intel microcode update for my processor isn’t included in KB4088875. I’ll see how things go performance-wise after installing either the April or May rollups. As before, My MMV.

I hate to be the bearer of bad (but maybe good) news, that CPU is an Intel Lynnfield (2009), an bit newer than my Win7-64Pro Intel Bloomfield i7-960 on an Intel DX58SO2 MB. While initially the Intel website did show firmware in a “being studied” category for my CPU, the master status list is now unavailable (or behind a log-in) and I read on the site that first gen i5 and i7 CPUs were not going to get a firmware update as the data on the original BIOS for my board was no longer available.

I too saw minimal slowdown on that machine, but on my Win7-64Pro laptop with a 4th gen i5 was fairly significantly slower, but only after the Lenovo UEFI/Firmware update.

Reply | Quote

While initially the Intel website did show firmware in a “being studied” category for my CPU, the master status list is now unavailable (or behind a log-in) and I read on the site that first gen i5 and i7 CPUs were not going to get a firmware update as the data on the original BIOS for my board was no longer available.

@Bill-C

Well, I have dug up some news for you. As of the April 2nd. release of their microcode update guidance, microcode development/production for your generation of processors, Bloomfield, has indeed been discontinued. The production for all Lynnfield processors is in full swing for now. However, I doubt Intel is going to release a BIOS update for my board at all, so I’m completely at Microsoft’s mercy as far as receiving any microcode update.

I found the April update from Intel at this link. It shows your processor family in red, indicating that Intel has decided to stop production of microcode updates for that family. Please read the very last bullet point under the “LEGEND” heading; it’s for the “Stopped” production status. That is a very good explanation of exactly why Intel decided to stop production of microcode updates for certain entire families of processors, not just your family.

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

Anonymous #182243 here–with an update on MY “Group A” results on Win7Pro 32bit, based on the wonderful help obtained here.  Particularly, thank youS to CyberTooth and Elly, plus the sundry excellent guiding thoughts from PKCano, MrBrian and so many others.  What a community!

Firstly, I happened to notice I’d errantly installed evil KB2952664 back in Nov 2017, so I uninstalled it (that took over 1/2 hour to complete even after WU said 100% complete…)

Started with a machine updated with Jan/Feb stuff, Group A-style.  Taking a look at WU, I was, today, offered up (all checked) KB4099950, KB4033342, evil KB2952664 and MSRT KB890830.  Per advice of CyberTooth and Elly, I unchecked and hid 3342 and 2664.  Next, I allowed install on 9950 without issue.  WU then showed KB4088875 (unchecked), KB4033342 (which I unchecked and re-hid), plus MSRT 830 and Smart Card KB4091290 (which I unchecked and hid).  I also hid any Preview stuff on Optional category.

I then allowed MSRT without issue.  Only weird thing was an alert, upon reboot, that “C++ application development framework has stopped working.”  I re-rebooted and this alert did not reappear, so, I’m hoping all is OK.  Otherwise, PC seems to be working fine.

For now, since unchecked, I’m taking no action on KB4088875.  I’ll keep watching commentary to decide if/when to do anything about that roll-up.

Anyone think this is unreasonable place to “Stop” for this round of mayhem as Patch Tuesday approacheth?

3 users thanked author for this post.

jburk07, Elly

Reply | Quote

Anonymous #182243: After spending more time than I wanted to trying to find a path through this mess I hid the following: KB4091290, KB4033342, KB2952664, installed KB4099950; rebooted, checked updates again and KB4088875 showed up unchecked. I had KB4100480 installed last week. Like you I’m leaving well enough alone for now, not doing anything about the unchecked KB4088875. Update setting back to “never check” for now. I’m Win7 Pro x 64; I just noticed you are x 32, but I’m still standing pat.

Reply | Quote

Thank you for your status, Demeter.  I’m holding pat at this point, too.  Let’s grab our untasty popcorn, sit back and see what the next month has in store.  Sheesh!!!

Reply | Quote

Group B, Win 7, SP1, x64.
I have installed all March patches for my OS except kb4099467, as I have read here that it has caused some problems in at least one case. So I’ll do that later, maybe.
While installing, over a period of several days, those updates in batches of one or two at the time, I also created a restore point before each batch, just in case, to restore the system to its condition before any updates that might be causing trouble, a procedure that also automatically uninstalls the probably offending update(s)… and also anything installed after that.
Also, after installing each patch batch, I tested the system by performing a number of tasks to see if those things important to me were still functioning normally and at the usual speed.
So far, everything looks fine. But, if there are any unpleasant after effects, I’ll be back with the corresponding lamentations.

Installed March updates are, so far: all the ones for Office and the MSMRT offered by Windows Update, followed by kb409950, kb4096040, kb4100480, and kb4088878. In that order. I know, I know. But, in each case where I had to step outside the recommended order (long, but amazingly uninteresting stories) I asked about it and got the OK from PCKano or MrBrian.
So now: Good luck to everyone, me included. I’ll be in touch.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

SueW, Elly, MrBrian

Reply | Quote

Hi, I have a question, Patching is up to date yet I have not been offered the March rollup, so does that mean I will not be offered the April rollup or subsequent rollups either? I have installed the prerequisite update kb4099950 and hidden all previews in optionals.
Thank you.

PS I should also add that I have read MrBrians instructions on how to get the March rollup to show itself, so far it remains illusive for me. Thank you.

Reply | Quote

Two other questions:
Have you installed kb4100480? It should have been a checked important update if you have a 64-bit system.

Has your antivitue set the ALLOW Regkey? If you don’t know the answer, the instructions for checking are here.

Reply | Quote

Its 32 bit windows 7, and yes my antivirus did set the Allow regkey. But my question really is with the March rollup not presenting itself, does that preclude the April rollup from appearing in windows updates or not?

Reply | Quote

Hi, I’m really worried by this turn of events, being in Group A and facing the possiblity that i won’t be able to keep up with patching if no future rollups appear in windows updates. My ability to deal with this is dissapating and i feel i may have been uncerimoniously pushed into Group W.  If possible could someone please tell me the likelihood of any more rollups appearing when i check for updates at next defcon 3, taking into account that the March one would not show up no matter what i did. I fear Microsoft may have won and evicted me from W7.  I suffer from anxiety and this is playing on my mind a great deal.  Thank you.

Reply | Quote

We don’t have any way to know what will or won’t show up on your computer. But April patches are due out today at 10:00am PDT US (Redmond time). You can search for April updates later, and if they don’t show up by 4/11/18, then check back and someone will help you solve the problem.

1 user thanked author for this post.

Elly

Reply | Quote

I’d also like to suggest an intermediate step: that you run Windows Update again to see if KB4088875 finally appears.  If it does appear and is unchecked, I’d sit tight, as others in this thread have reported the same thing; if it is checked, install it.

If KB4088875 is either unchecked, or does not appear, then following PKCano’s advice is best.  Good luck ~

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

I was offered March’s Monthly Rollup last Patch Tuesday, but it disappeared a few days later, and was never offered to me again. I just checked, and April’s Monthly Rollup has shown up in Windows update… so it is an issue only with March, not April.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Thank you PKCano, SueW and Elly for your replies it’s nice to know there is help out there if and when it’s needed. I have checked for updates and the April rollup is there! Sorry for panic stricken post, worry is sometimes my middle name.   I did install kb4099950 when it was defcon 3, should i just leave that where it is, is i something i need?  Thanks again.   (By the way, sorry for the long delay in answering but comments weren’t updating for me, so i didn’t know you had replied, seems ok now.)

1 user thanked author for this post.

Elly

Reply | Quote

anonymous wrote:

I did install kb4099950 when it was defcon 3, should i just leave that where it is, is i something i need?

Yes to both your questions. You should hold tight on the April updates for a while. There are already some problems with them being reported.

1 user thanked author for this post.

JDeC

Reply | Quote

mmmm, this time is going to be fun.
I see people with 7 biting the bullet, and others fence sitting.
I’m tempted to fence sitting unless enough people have no issues with the whole gig… I’ll apply only office and .net 4.7.1 for now.

I would be tempted to also add just the IE update for march, but that would leave it out of order bigtime, if deciding to install the rest.

How many people have actually experienced a slowdown due to kb4100480, aka the totalmeltdown fix ?

Reply | Quote

It seems to me there are actually 3 states…

• “Biting the bullet” (updating to the latest)
  
• “Fence sitting” (waiting at the March patch level)
  
• “GREETINGS PROFESSOR FALKEN. HELLO. A STRANGE GAME. THE ONLY WINNING MOVE IS NOT TO PLAY.”* (dropping back to the December patch level and enjoying a bowl of popcorn).
  

-Noel

* Reference the 1983 film War Games

4 users thanked author for this post.

mulletback, SueW, Elly, Microfix

Reply | Quote

I’m in group 3, enjoying the view :).

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

The popcorn is tasteless and the view is somewhat obscured by mistrust.

Definitely not playing the game!

If debian is good enough for NASA...

Reply | Quote

Well… i already went jan and feb ( B ), each time with fingers crossed, chicken sacrificed to murphy, etc… by some weird cosmic alignment the overall speed, i/o included, got not affected for my poor win7 x64 installation.

I could revert to december, but at this point I can as well wait to see what happens with april. Reverting takes some reboots and the time will not change, being it now or later… meanwhile as mentioned, there are not yet malwares taking advantage.

Tbh if I was a malware maker, I’m not sure I would even care to make an exploit for it… majority of the sheeps.. i mean masses are group A > they got the wannabe fix to the mess > they are not a target anymore.
Group B userland is, I think, sort of niche… too much effort just for mainly “home” users like us.
Naive thinking maybe, I know

Moreover majority of malware doesn’t even need a lot of effort.. it’s full of dumb users clicking things and giving the keys away while surfing. There’s no security patch for that, unless you lobotomize the users…

Edited for content: Please follow Lounge Rules

Reply | Quote

@mazzinia, since you’ve already installed January & February’s Security Only updates (Group B style), and wish to wait a while, please consider installing KB4100480 as soon as possible.  At least you will fix the TotalMeltdown vulnerability that was introduced as a result of installing these Jan. & Feb. updates.

To get the KB4100480 update, use this link to the Microsoft Update Catalog: https://www.catalog.update.microsoft.com/Home.aspx.  Just type the KB number into the search box and, from the results, make sure to select x64.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

JDeC, jburk07

Reply | Quote

There is also the peaceful state of those who (after much soul-searching) decided against installing either the January, February or March Win. 7 updates, whether roll-ups or security, and are now bemused spectators of the frenzied hysteria those patches have occasioned.

Reply | Quote

I just wish I knew why my posts keep coming up as quotes. This is not intentional!

Reply | Quote

I’ve installed the B patches for my 8.1 machine, but I also noted that WU was offering me kb4055266, a security and quality update for various NET Frameworks. On checking my update history I found that I had already installed this in February, so why has it turned up again? Was the February one a pre release version, and if I install it again, will the latest one just overwrite the February one?

Reply | Quote

“I’ve seen several reports from users that did [my steps], but yet still don’t see KB4074598. Here is an alternate sequence of actions:”

 

Reply | Quote

Group A, Win7Pro SP1, 32bit x86 older machine with Intel Core2Duo

So, after reading the myriad commentary and experiences, I’m still left pondering what, if anything, to do with March roll-up KB4088875, now that I’ve finally finessed things such that it shows up when I run WU query.  In my particular machine’s state, that KB is coming up in the Important section, but is UNCHECKED.  In keeping with Woody’s CW article, I’ve NOT installed that KB since unchecked.  So, even tho this is the “March Madness” cycle of updates before Patch Tuesday lock-down, is KB4088875 one to let “age” and grab some popcorn?

Reply | Quote

I’m in Group B and I’m running 64-bit Windows 7. After receiving answers to a question I posted on Saturday about my concerns with KB4100480, which I’d previously installed (answer), and KB4099950, which was in italic, unchecked and optional in WU (answer), I decided to go ahead and install the March Group B Security Only updates… The steps I took to install them are as follows:

1) In my case KB4100480 had already been installed on 4/1 using a catalog download.

2) After putting a check mark next to KB4099950, I installed it using WU.

3) Directly after installing KB4099950 I went and changed my WU update settings from, “Check for updates but let me choose whether to download and install them” to, “Never check for updates”, and then I rebooted the computer. The reason for changing the WU settings to, Never check for updates, and then rebooting is that it prevents WU from searching for updates when installing updates from the catalog.

4) Next I installed KB4088878, But Did Not Reboot When Asked. Previously downloaded and saved. Windows 7 Security Update

5) Installed KB4099467, previously downloaded from the catalog, and then rebooted the computer. Stops error 0xAB when you log off a Windows 7 SP1

6) After reboot I installed KB4096040, previously downloaded from the catalog, and then rebooted the computer. IE11 Cumulative Security Update

7) After reboot I went back to WU and changed the update setting back to, “Check for updates but let me choose whether to download and install them.”

For me this method of installing this months security updates went without a hitch, and I haven’t noticed any problems or slowdowns thus far.

3 users thanked author for this post.

MrBrian, JDeC, SueW

Reply | Quote

Nibbled To Death By Ducks wrote:

…Last Security Update for Windows was KB 3185349 April 7 2018.

Are you sure? In Control Panel >> Programs and Features >> View installed updates, you have to click on the Name column in the update list in order to sort by update name. The default sorting of the update list is by date.

Nibbled To Death By Ducks wrote:

Also, there’s another warning on 4088875 I missed the first time: “After you install this update, you may receive a Stop error message that resembles the following when you log off the computer: SESSION_HAS_VALID_POOL_ON_EXIT (ab)” Should I apply KB4099467 before applying KB4088875, if I should apply 4088875 at all? Many Thanks!

Before you do the following, please double-check what I mentioned above.

You would install KB4099467 immediately after installing KB4088875. To do so, do not reboot after installing KB4088875. When asked to reboot, click on Cancel. Then install KB4099467. However, note that KB4099950 (fix for network card settings) must be installed before installing KB4088875. Thus:

1. Install KB4099950 and reboot.

2. Install KB4088875 but do not reboot.

3. Install KB4099467.

The above order is what MS said to do.

 

Reply | Quote

I think I’ve done all I’m doing until we get to see the new updates for April, on both my Windows 7 x64 home desktop PCs, one of which is for gaming and the other for more administrative use with Office 2010 installed.

I’ve now run MSRT on both machines, and installed 4 of the 5 important Office 2010 updates on the work machine, the remaining one having been left as it’s important but unchecked (KB296254). Following the installation of the Office updates, an additional Office one appeared as both important and unchecked, and this has also been ignored (KB4018317). Both machines appear to be running normally.

I’d already got the January and February monthly rollups installed, and haven’t reverted back to the December setup because I don’t particularly want to lose the benefits those updates offer. I also don’t want to risk installing KB4099950 and KB4100480 if they’re problematic and only lead to the March rollup KB4088875 being unchecked.

The April monthly preview KB4088881 was, of course, hidden as soon as it appeared – along with a Nvidia display driver update and my old favorite KB2952664.

I realise that leaves a potential threat from the “Total Meltdown” issue, but at the moment the threat is only potential and not actual, the threat is no different to how it’s been since the end of January anyway, and in a situation where my machines are running normally and there’s an element of “damned if you do, damned if you don’t” about any more patching, I prefer to sit back for a few more days and see what the April updates are about – especially if the April monthly rollup fixes the “Total Meltdown” vulnerability without the need for additional prerequisite patches being applied in a particular sequence etc.

Sadly we are in a situation these days where the threat to our machines is greater from Microsoft than it is from other third parties, and that is bound to be a heavy influence on how we approach these dilemmas. It’s certainly a major factor in my own thinking these days.

Thanks as always to Woody and the team for their invaluable advice, as well as for the feedback and observations from my fellow commenters.

Reply | Quote

I installed the latest nVidia driver version 390.65, which I got directly from nVidia, on all three of my Win7 computers which have nVidia graphics. No issues. The reason why I updated the drivers is because nVidia recoded their drivers to prevent Meltdown through their graphics drivers and GPUs.

Not dealing with the Total Meltdown issue one way or the other could be risky since no malware is required to exploit it. Indeed, any legitimate script in a web browser can make memory read requests in which your CPU will merrily return the requested memory contents. Now, how is any antivirus software supposed to detect this since no malware techniques whatsoever are required?

1 user thanked author for this post.

JDeC

Reply | Quote

Greetings GTP,

The latest NVIDIA driver that I’ve installed for Windows 7 & 8.1 is 391.35 (WHQL), dated 2018.03.27 (from their site, of course).

Cheers,

AJN

2 users thanked author for this post.

JDeC, GoneToPlaid

Reply | Quote

I agree that the Total Meltdown issue has to be addressed at some point, I’m simply happy to give it a few extra days to see whether the April monthly rollup does just that as the simplest way of dealing with it.

My problem with using Nvidia drivers to fix general security issues is that I only have a Nvidia card on my gaming machine which currently runs all my games flawlessly, so that I am most reluctant to switch drivers – where driver updates are concerned I work on the “if it ain’t broke, don’t fix it!” approach. While security is important, so too is performance, and the balance has to be struck somewhere.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

Gonetoplaid, I thought Firefox and Chrome specifically fixed that. Am I mistaken?

Reply | Quote

“any legitimate script in a web browser can make memory read requests in which your CPU will merrily return the requested memory contents”

This question was never addressed. I thought Firefox and Chrome had mitigations on meltdown and spectre and this was done months ago. Weren’t these requests made more restrictive? Am I wrong? Thanks.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/

https://gadgets.ndtv.com/apps/news/mozilla-firefox-57-0-4-meltdown-spectre-javascript-fixes-release-download-android-windows-macos-linu-1796323

https://developers.google.com/web/updates/2018/02/meltdown-spectre

Reply | Quote

From: YP

Many Thanks to everyone on this site for comments and suggestion regarding this March updates. Especially, MrBrian & SueyW , your listing of steps are the most helpful!. I’m pretty computer and software literate but still found it took me awhile to sort thru the comments. Yours was like a recipe, and helped to confirm my own understanding. I just imaged and updated my Acer netbook, and it went amazingly well. I plan to do my Dell laptop/Window Pro and desktop/Home Premium later. For those on the fence, I understand because you are your own IT person. However, I believe there are enough positive feedback from people that it is reasonably safe to update your system.

2 users thanked author for this post.

MrBrian, SueW

Reply | Quote

GoneToPlaid wrote:

If it was going to BSOD, it would have done so the first time.

The reason I was so nervous was it did not happen immediately and was a little bit intermittent.

Note to All:  I found the “quote” route!  And concerning the crashing and  the “Error established a data base connection” I am now using Firefox on this site instead of Chrome and it seems better.  Is this possible?  With deep appreciation and thanks for all your help and expertise.

Reply | Quote

PKCano – Thanks!  It’s always good to have written directions!

Reply | Quote

I’ve got a Win7 SP1 VM (Group A) that is current through the February 2018 patches.  I decided to not roll back to December 2017 but to wait and see what drama would unfold.  As of today, WU is offering nothing for March 2018 except for the MRT and super snooper KB2952664!  No monthly roll-up is offered at all for March or April.   I guess I got lucky!

Reply | Quote

I followed Mr. Brian’s guidance and after several wash, rinse and repeat cycles the March 2018 rollup patch reluctantly appeared in Windows Update but was unchecked.  So I’m still fence sitting while waiting for the dust to settle and the smoke to clear.  I guess my luck is holding for now.

1 user thanked author for this post.

MrBrian

Reply | Quote

@Peacelady
Well, I am done with both machines…no issues and very fast and clean reboots. I only installed KB4088875 and the Net roll-up after having installed KB4099950 and MSRT yesterday, and see no problems in performance at all. And YES…I have been getting the Data Base Error for the last two and a half hours hence I could not reply sooner. As for placing one’s username at the beginning of a reply…I first click on the “text” tab at the top right of commenting box next to “visual”, then I hit the @ button and then type the name exactly as it is spelled and then hit enter to take me to a new line just below. As for the quote function…I have never used it. And…welcome to the site, I have been here for about 3 years although I mostly stayed in the background and read and read and learned…remembering when the biggest issue was the so called “Speed-up Patch”!!! Things are just so complicated and uncertain now, I find it hard to remain silently in the shadows anymore…to many questions just to sort through everything that has become this spiderweb of maintenance. There are many fine people here who devote so much of their time and knowledge…I respect them all and Woody with all of my heart. (and my machines)!! Glad to have ‘met’ you. 🙂

1 user thanked author for this post.

Reply | Quote

Group A, Win 7 64-bit SP1, Intel Ivy Bridge processor:

First, thanks a million to all of those who posted their results here, and special thanks to Woody and all the MVPs and other Loungers who helped us wade through this quagmire with the clearest instructions for making the tough decisions. I was patched through February and decided to straddle the fence, since I was more comfortable installing the KB4100480 Total Meltdown patch and KB4099950 than trying to roll back to December. I successfully installed those two using Windows Updates as explained below, and I have image backups from before the January update and from yesterday if anything goes wrong.

As of yesterday, only KB4099950 and KB4100480 were showing up as checked in Windows Updates, along with 4 Office 2010 updates and the MSRT. The March rollup KB4088875 had disappeared earlier this month and hadn’t reappeared in my list. In the Optionals, I found an old Preview of Monthly Rollup from February, KB4075211, and after I hid that, KB4091290 showed up in Important but unchecked. I hid that one too since I don’t use a Smart Card.

So, I installed KB4099950 and KB4100480 (one at a time) and rebooted with my fingers crossed. Everything seemed to go well.

After I checked for updates, the March rollup KB4088875 showed up, unchecked. I don’t know why I was relieved to see it show up since I don’t plan to install it, but it made me happy.

I installed the 4 Office updates (ignoring an unchecked Power Point update from April 3), and then an Outlook 2010 update appeared unchecked, also from April 3. I am ignoring those 2 for now since I count them as part of the April updates.

After I installed the MSRT and rebooted, the 2018-03 Preview KB4088881 showed up in Optionals, so I hid it. Checked for Updates again and nothing new showed up, so I’m stopping here for now. Since the March rollup KB4088875 is unchecked, I don’t want to press my luck so I’ll just keep checking back here to see what happens after tomorrow.

I hope all who were helped by this discussion will send a donation to this wonderful site! Thanks again, everyone, and good luck to us all.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

2 users thanked author for this post.

Elly, MrBrian

Reply | Quote

Win7Pro-64_SP1 on i7-960 Bloomfield and DX58SO2 MB using group B.

I was fully updated except for the March Security Only from the catalog. I did the KB4099950 from WU last night, no issues.

Today I did the following as a Windows 7 x64 user who was current through February, and wanted to move forward.

I installed the original KB4088878 – Security Only from the Catalog (since I already did the KB4099950) and did NOT reboot. I then installed KB4099467 from the Catalog even though it was in WU just in case I had the lost IP issue, and rebooted. The configuration and restart was relatively slow, but no issues. I finished with the Total Meltdown fix KB4100480, rebooted and no issues. No increased slowness detected.

Thanks to MrBrian, PKCano, Susan Bradley, plus Woody and all the MVPs for their advice and also the “victims” for sharing their experiences, especially those with similar ‘legacy’ (old as dirt) first generation i5 and i7 CPUs. Everything is battened down and the Tums are put away until the next month.

3 users thanked author for this post.

SueW, Elly, MrBrian

Reply | Quote

Some people have expressed here that they feel that updating by hand, as we do in Group B, is too much of a hassle.
Actually, at least for those using Win 7 or, I believe, also 8.1, most of the time there are only two things one needs to install by hand, because they are not offered through Widows Update, as they are both included in the monthly rollup, and being in Group B means “never install rollups” (or “previews”).
These two things most commonly installed this way are: the E11 cumulative update and the Windows security only update.

What helps those willing to go the Group B route, is to have a check list.
Below I am copying mine. There are other ways to do this, perhaps a bit more user friendly, but the one I use works, so it is as good as any for getting things done. It is phrased to cover also cases where more than those two updates need to be installed by hand (e.g., patches to other patches).
(Any MVPs that finds something here that needs correcting, please, edit it.)

First:

(1) Once you get from Woody’s, ghacks.net, etc. a list of released patches and, with that, the KB numbers of those updates to be installed by hand, and know which are already safe to install by following the discussion at Woody’s:

Paste or type the KB number of each one as you are about to download in the search field in Google and hit return. The site of the first link that appears in the list of “hits” has an explanation of what that particular update is for, lists known issues with it and, further down has a link to the Catalogue. Click on it. It will take you to a Catalogue page where you’ll see links to all versions of the update in question, specifying in their names which one is for x86 (actually, that means x32), x64 or each of those server types. Click in the “download” button to the right of the name of the update for your type of OS. It will download a “.msu” file with the KB number and type of computer OS: x32, x64… in the name.

(2) Go back to (1) and proceed to find and download the next Critical
Update in the list, until the very last one has been taken care of.

Second:

When you are ready, finally, safe(r) to install all those updates you have downloaded from the Catalogue and kept somewhere, waiting for the occasion:

(3) In “Control” Panel, click “System”, then “System protection”,
and in the dialog box that opens, type “CREATE” to create a restore point (following the instructions you’ll see there).

(4) You might have created already a shortcut on the desktop to cmd.exe (in my Win 7 machine it is in c:\windows\system32\cmd.exe) If not, you can type “cmd.exe” in the “Search” field in the “Start” button menu to find it, then right click on it and choose “create a shortcut”.
Either way, now that the link is on the desktop, *right-click* on this link and choose “Run as an Administrator”. Then left-click on the icon to launch this application.
In the black window that opens:
Type “net stop wuauserv” in that window and hit return. This stops Windows Update, otherwise, it will get in the way of what you are trying to do.
After several seconds, it will display the message that “the service” has been stopped.
(5) Double-click on one of the saved “.msu” update files, and when the dialog box to either install or skip comes up, hit “INSTALL.” For this, is best to follow the order of updates installation recommended here at Woody’s.
(6) Once the Install is complete, go back to (5) and keep repeating this loop until all downloaded updates have been installed.
(You need to keep on stopping Windows Update before installing another patch, except the very last one, because it will restart automatically after the installation of every single patch.)

Third:

(7) Click “restart now” whenever asked, along the way, by the operating system.
And also choose and press “restart” with the “Start” button after the very last one, and let the whole cycle of shutting down and restarting take place, while the “do not turn off your
computer” messages show on the screen. (This may not happen, so the restart will be a plain vanilla one, if no updates still require a restart.) Some people will restart the system after installing every single patch. I haven’t found this to be necessary.

(8) Then, with some luck, of course, you are all done, and your updates are now living happily in the system.
Otherwise, you can either uninstall the updates causing the trouble, if you know which ones, or take back the system to its state before creating the restore point, and get rid, in this way, of the whole lot just installed. And no, doing this does nothing to your data. Some people might prefer to back it up, as an extra precaution, before starting the whole procedure. I’ve never bothered and, seven years on, I’m still going.
>>>Here and in (9) below, it is the same story whether one is Group A or B.<<<

(9) Once sure this is, indeed, the case of a successful installation, it might be a good idea to create a new restore point, to be able to get back to the present situation if something bad happens with the system later on, without uninstalling all the updates just made. Each restore point will have a name given to it by you, when creating it, saying what it is for, and a date of its creation, upended to this name by the system.
Victory is to the bold — or, well, that’s the proper spirit.
Best of luck, whatever you do, and thank Mr. Nadella for needing to ask yourself, every month, just how lucky do you feel, punk?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

4 users thanked author for this post.

GoneToPlaid, Cybertooth, Elly, MrBrian

Reply | Quote

Related: Turn off Windows Update if you want to force-feed individual patches.

2 users thanked author for this post.

jburk07, Elly

Reply | Quote

Group A, Win7Pro-64_SP1, Intel Ivy Bridge (dual core) processor.

April 6, Friday night. After years of successfully keeping this legacy system in good shape, by following some very simple ground rules (no telemetry, WU configured right, install only the safe stuff – typically MRT [with the DontReportInfectionInformation DWORD set to 1] and .NET Framework [sticking with v4.6.2 on Win7, avoiding v4.7.x for as long as I can] – and create an image backup; wait a few days after Patch Tuesday while the dust settles in and carefully proceed with the varying monthly updating tasks – monthly rollups, security-only updates, IE 11 cumulative security updates, etc – as safely and well-informed as possible), for the past three months I had went through a painful path of patching and re-patching, install and uninstall trial and error moves just to be able to use and work with this system in a less than reliable state with plenty of hiccups and glitches – which weren’t minimally acceptable anymore.

April 7: Saturday night fever. 😉 Followed Susan Bradley’s advice (yes, backups are priceless) and rolled back to late October, 2017 (updated with KB4041681, using .NET Framework 4.6.2).

Installed KB4054518 (2017-12 Monthly Rollup), KB890830 (MRT v5.58, Mar 2018), set the QualityCompat flag, updated the anti-virus and all relevant installed third-party software (Chrome, etc) and did an image backup [“20171231+MRT201803”].

Installed KB4076492 (KB4054998+KB4054981), KB4099950, KB4096040. Hid what WU was “offering” then (“important” KB4088875, “optional” KB4091290) and did another image backup [“20180407_201712+2018upd”].

So far, so good. Waiting to see what April brings up (and update from the most suitable image backup)…

Thanks to Woody, PKCano, MrBrian, Noel Carboni, Susan Bradley, Canadian Tech and all the other MVPs and other people contributing with their experience, knowledge and insightful comments.

2 users thanked author for this post.

Elly, MrBrian

Reply | Quote

Since this thread is still pretty active, I ask for some thoughts on using the Windows Disk Cleanup.

There have been some comments on not seeing older patches when rolling back due to the disk cleanup being run.  Given the potential for this happening again, or MS inventing another reason to do a rollback, is doing the Disk Cleanup advantageous or not.  I am not concerned about saving disk space, my interest is for patch maintenance issues.

Any Pros or Cons for Group B?  I do not see it as an issue for Group A, since the next month’s rollup puts it back, however if there is an issue, I would be interested.

Reply | Quote

I think you’re asking if using Disk Cleanup can cause any Windows security-only updates to disappear from the Installed Updates list? I did one such test here. At the time of that post, I wasn’t distinguishing between different types of supersedence.

1 user thanked author for this post.

Elly

Reply | Quote

I’m Windows 7 x64, Group B. Updated through February, never had a huge problem following the instructions. I’m grateful for Woody and several others on this site for explaining this month’s general situation and presenting reasonable choices. Early on I decided not to install the March patches yet, wishing to avoid the hassle.

I would gladly have gone the route of “rolling back” to December, if only anyone had explained exactly (and I mean EXACTLY) how that procedure should go. Evidently it was obvious to everyone but me, and I accept that it’s my fault for waiting until it was too late to ask.

So, the only choice left is to install KB4100480 and wait. I just wish I knew whether it would have been OK to install the MSRT and the Office 2007 security patches along with it. Again, I should have asked earlier…

Overall I feel okay, but next month I’ll be sure to ask “obvious” question after “obvious” question until I know exactly how to do what I need to do. I thank all of you now and in the future. 🙂

Reply | Quote

For what it’s worth, I’ve installed the MSRT on my Windows 7 systems without a hitch. I’ve also installed the Office 2007 patches on two Windows 7 and two Vista systems, experiencing no problems with any of them.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I’m lucky and haven’t had to roll back, but I imagine it’s simply a case of uninstalling everything that you have installed between now and December 2017, one patch at a time, unless of course you happen to have a December 2017 restore point you can “roll back” to in one fell swoop. I have just installed MSRT with no problems and the Office 2010 security updates. That was about it for March!

1 user thanked author for this post.

Lori

Reply | Quote

I believe it’s generally considered better to uninstall unwanted updates rather than simply running System Restore, as restoring your system to a previous date can leave some updates partially removed and partially in place still. In short, it can cause corruption issues.  Uninstalling an update is much cleaner. Also, if we’re talking about restoring the system to a point several months earlier then the likelihood is that it could impact on a lot of other things that you’ve installed or altered over that time. System Restore is great for recovering from a crisis – when it works! – but shouldn’t as I understand it be used for more routine system management.

5 users thanked author for this post.

jburk07, Lori, SueW, GoneToPlaid, satrow

Reply | Quote

I agree. On several occasions over the years, I have found that System Restore is not always successful unless System Restore is run from Safe Mode.

3 users thanked author for this post.

jburk07, Lori, SueW

Reply | Quote

Seff & GonetoPlaid, Agreed. On many occasions we have been saved by doing a system restore. Beware that Windows 10 wants to turn that off. And on occasion we had to use system restore from safe mode in stubborn cases.

Reply | Quote

Windows 7 x64 Home Premium, Group B

I did the ‘rollback to December’ option, removing the Jan & Feb security and IE11 updates. There are a couple of other installed updates from that period, such as a .NET update and probably an Office 2007 update or two.

I got the impression that the Total Meltdown issue was in the security patches. Should I remove all updates installed during Jan & Feb?

Thanks for any guidance. 🙂

Reply | Quote

The only patches you need to uninstall are the security-only patches. The problems have been with the Rollups and SOs. The IE11 Cumulative updates should be OK. And the rest should be OK as well.

3 users thanked author for this post.

walker, Lori, Seattle27

Reply | Quote

@PKCano:  Question:    Aren’t the Security Only updates for Group B only.   I didn’t quite understand the reference:

The only patches you need to uninstall are the security-only patches. The problems have been with the Rollups and SOs. The IE11 Cumulative updates should be OK. And the rest should be OK as well.

Could you please  clarify.  I am Group A.  I hope I did the “quote” thing so that it went through.   It is a copy of your message.   Thank you for any enlightenment you may be able to provide, and all of the valuable advice you always provide for all of us.    It is marvelous!    🙂

Reply | Quote

@Seattle27 is in Group B and only installs the security-only updates and the IE11 Cumulative update.
You are in Group A and the answer to the questions do not apply to you since you install the Rollup instead.

Reply | Quote

Win7 sp1 x64 GroupA

Just got the new updates. Gone is the March Kb 4088875 replaced by April KB4093118 checked, a MSRT update checked, KB 4091290 unchecked (was there before current updates)

and a .net 4.7.1. checked I’ve had for at least a month.

In addition, I have some Office 2007 updates including 2 Compatibility Pack Service Pack updates.

Win 10 Pro v.20h2

Reply | Quote

OK here we are – I couldnt get myself to install the unchecked March KB4088875 and iffy catalog KB4099467.

Today 4/10 KB4088875 is gone and replaced by a checked KB4093118 April Quality Rollup.

Also the Preview KB4088881 which I hid is gone/missing.

Guess I will wait out the April feedback and also see if KB4099467 (stop error fix) will still be necessary.

K

Reply | Quote

Just for clarification, I have been doing Group A ( until the March fiasco ) and I have Jan/Feb rollups installed and then I installed KB 4100480 on my W7 Pro x64.

My question is, should I go to the catalogue and D/L KB 4096040 ( the IE cum. update ) since it seems to be safe from what I read?

Thanks

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

I installed KB 4096040 on all my Windows 7 machines, and there have been no problems. This matches what I’ve read, that there are no problems with that patch (no problems widespread enough to have heard about, anyway).

I would go ahead and install that patch with confidence. But first make a system backup and set a restore point, otherwise you’ll be unprotected against Murphy’s Law.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

jburk07, Lori

Reply | Quote

See my comments above from 4/06 – 7:18 PM. Decided to install KB4088878 last and without the stop error patch. No smoke and no impact noted although I haven’t used any heavy lifting program since. Fingers crossed…

Reply | Quote

Sorry to ask so late; but if going back to Dec. 2017 state on Windows 7 64-bit Home pc, I don’t need to install KB4100480? (No March updates installed.) As per PKCano’s post #183346, it’s ok to leave KB4074880 (.Net Frame) and IE updates. Should I install March IE update KB 4096040?

Per Woody’s article, this is a Windows 7 issue; so I should install March updates on Windows 8.1, 64-bit Home pc? (I’m one of the above mentioned few who do have Win. 8.1 pc, too.)

Reply | Quote

You need KB KB4100480 If you have Jan, Feb, Mar Rollup OR Security-only. It will be included in the April Rollup, so if yu move forward to April, you will NOT need the individual ;atch.

I have installed Updates through March on my Win8.1 machines without a problem.

3 users thanked author for this post.

walker, JDeC, Lori

Reply | Quote

So, if I roll back Windows 7 to Dec. 2017, I don’t need KB4100480? Thanks for W8.1 info!
PS: (as per Patch Lady’s 3/31 post.) If I do still need KB4100480, do I roll back first, and then install it, along with March IE update?

Reply | Quote

Lori wrote:

So, if I roll back Windows 7 to Dec. 2017, I don’t need KB4100480?

That is correct — you do not need KB4100480 if you roll back.  That update only applies to those who have installed Jan., Feb., and Mar. Security Only or Monthly Rollup updates.  It has nothing to do with IE.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

Lori

Reply | Quote

Thanks SueW! I realize it has nothing to do with IE. I wanted to know if I needed KB4100480 as I currently have Jan/Feb updates, which I’m going to roll back. What a mess this is! 🙂
Reason I asked, too, was post #182586 in Patch Lady’s 3/31 article called it a “fix” for any issues caused by having had those updates installed.

1 user thanked author for this post.

SueW

Reply | Quote

I registered today to this great site and I should of made my username myheadhurts. LOL  I installed KB 4100480 and KB 4099950 April 7, 2018. I just checked KB4088875 and it’s still unchecked. Does that mean I really don’t need it and wait for the April KB4093118 when it’s safe to install (maybe).

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

Elly

Reply | Quote

Help please… Was rolling back my Jan./Feb. Security only updates. Created restore point. Uninstalled Feb. update. Restarted pc. All fine. Uninstalled Jan. update. After restart, pc is stuck in “preparing to configure Windows” for 30+ minutes. Should I keep waiting, giving Windows a chance to resolve things? How long to wait, and what to do if continues to be stuck? Any help greatly appreciated!

Windows 7, 64-bit Home edition.

Reply | Quote

Don’t know whether this may help:-

http://www.lifewire.com/when-windows-update-gets-stuck-or-frozen-2624439

The advice there is to wait 3 hours before taking further action!

1 user thanked author for this post.

Lori

Reply | Quote

Thanks, The Surfing Pensioner! System re-booted suddenly and finished configuring. All is well. (Sigh of relief!) Next time I’ll wait 3 hours before asking for help. And hang on to your link!

Reply | Quote

Posting here as relates back to March and forward to April:

I’m Group A, Win7 x64 and did not remove Jan or Feb updates.

For March installed KB4099950 and KB4100480, but NOT KB4088875 or KB4099467.

Based on what I read so far, April KB4093118 seems very stable and includes KB4100480, KB4099467, and KB4099950.  Susan lists KB4093118 as Safe to Install.

Is the above correct?  What are we waiting on?

K

Reply | Quote

We are waiting on Woody to raise the DEFCON number to 3 or above.

As late as yesterday (Apr 17) Microsoft is still making changes to the Updates. So  WAIT a while longer.

3 users thanked author for this post.

walker, dgreen, jburk07

Reply | Quote

HA!!!!!

Reply | Quote

18 users thanked author for this post.

Lori, zeuswoz, JDeC, LH, amraybt, Karlston, HiFlyer, SueW, WildBill, johnf, grayslady, Jan K., Mele20, woody, AJNorth, BobbyB, Cybertooth, Myst

Reply | Quote

I hope am not sounding too much like a Mac fanboy here, but I have got already several updates in my new Mac laptop, both of the operating system and the application software and, after nearly a year since I got it, they all have been for free.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote