MS-DEFCON 4: Watch out for .NET and Office patches, but get caught up

Topic

New Reply

Details coming in Computerworld.[See the full post at: MS-DEFCON 4: Watch out for .NET and Office patches, but get caught up]

9 users thanked author for this post.

HiFlyer, grams, SueW, Pepsiboy, JDeC, AJNorth, alpha128, walker, Elly

Reply | Quote

Replies

? says:

wooeee! geta load of the beautiful GREEN light

group “B” win 7 went in like greased lightening, only snafu was KB4043766 went x2…

now off to Martin for the reg. tweeks on office and get the punkins ready

many more thanks Mr. Woody & friends!

2 users thanked author for this post.

SueW, JDeC

Reply | Quote

Thanks Woody.

I installed without incident:

Windows Malicious Software Removal Tool – October 2017 (KB890830)
2017-10 Security Monthly Quality Rollup for Windows 7 (KB4041681)

I did NOT install the optional .NET rollup, which did not include any security updates this month.

In addition, in a recent blog post about paint.net 4.0.20 and .NET 4.7 developer Rick Brewster notes:

Just a quick heads up: the next update, version 4.0.20, will start using and requiring the .NET Framework 4.7 (previously, .NET 4.6 was required). If you’re using a supported version of Windows then the Paint.NET updater will automatically install .NET 4.7.1 if you don’t yet have .NET 4.7 or .NET 4.7.1 installed already.

Since I currently have .NET 4.6.1 installed, I’m just going sit tight for now and let paint.net take care of this upgrade. Rick says 4.0.20 will be available, “within the next few weeks.”

3 users thanked author for this post.

walker, SueW, AJNorth

Reply | Quote

Woody, can’t bring myself to mezzo-grade from 1511 to 1709. Have to admit I’m tempted, but will definitely wait at least a month. Still conducting my experiment – will MS force an upgrade on me? Then it occurred that there are two sides to that coin – they force me to change versions – and/or they prohibit me from changing versions later, effectively stranding me. All I want is stability – predictability. I want the machine to fade away and my work to remain – read Noel (October 27, 2017 at 10:37 am) – he says it so elegantly and passionately. Thanks for bringing some sanity to the WINX world.

1 user thanked author for this post.

AElMassry

Reply | Quote

See this post for a method that might prevent Windows 10 feature updates.

2 users thanked author for this post.

walker, woody

Reply | Quote

“this post” says:

modifi\y the registry as follows:

1/ using regedit Navigate to KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\

2/ If it does not exist, add New Key and label it OSUpgrade

3/ Add New > DWORD (32-bit) Value. Name it DisableOSUpgrade. Value=0

Restart.

This is the same Registry change Josh Mayfield used in GWX Control Panel to prevent Win10 forced upgrade.

2 users thanked author for this post.

walker, woody

Reply | Quote

DisableOSUpgrade has no affect on Windows 10

4 users thanked author for this post.

walker, woody, MrBrian, PKCano

Reply | Quote

That is because the value 0 means  no/do not execute. The value of 1 will tell system to execute command “DisableOSUpdate”

1 user thanked author for this post.

MrBrian

Reply | Quote

@anonymous: Is this from first-hand experience? If so, for what version(s) of Windows 10 did you test it on?

Reply | Quote

am sticking to 1511 as well for the moment at least the viruse called WU wont kill my pc with 1511

Reply | Quote

I won’t be surprised if there are new security updates for Win10 v1511 released this November, hee hee!

Reply | Quote

So I have to clarify something……

Windows 7 home premium 64 bit and in Group A

Last month I was advised to hide and ignore KB3186497 Microsoft .NET Framework 4.7 for Windows 7 and Windows Server 2008 R2 for x64. My PC has NET 4.6.1 installed…..so am I now being advised to install that update? If so should I install that one before installing this month’s 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766)?

Reply | Quote

Use Windows Update to do the install. Things will install in the correct order. After you reboot, check for updates again and install everything till there is nothing left in WU.

5 users thanked author for this post.

walker, JDeC, SueW, KarenS, woody

Reply | Quote

Thank you PCKano but I am still confused, your answer did not really answer my questions…..sorry no disrespect intended!

The thing is I have KB3186497 (Microsoft .NET Framework 4.7 for Windows 7 and Windows Server 2008 R2 for x64) HIDDEN. Should I unhide it?Should I in fact install it after being advised not to? And if I should then do I install that first (where it was released first) and then install KB4043766 (this month’s 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64)?

When installing updates I usually do it in a certain order and in groups or one update at time as not to overload the process and it take forever. I usually do all the office ones in a group first. Then the MRT update second, the NET rollup third and save the Monthly Quality Rollup (the biggest one) for last. So I just need to know what order to install the NET updates.

Reply | Quote

KB 4043766 is a cumulative update. If you install it, there’s no reason to install (or hide) any previous .NET update.

3 users thanked author for this post.

cesmart4125, JDeC, walker

Reply | Quote

Thanks for informing us about kb 4043766.  I just installed it on my Win 7 SP 1 32 bit Dell Latitude.  So far everything looks good.

Charles

Reply | Quote

Last month I was advised to hide and ignore KB3186497 Microsoft .NET Framework 4.7 for Windows 7 and Windows Server 2008 R2 for x64. My PC has NET 4.6.1 installed…..so am I now being advised to install that update? If so should I install that one before installing this month’s 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766)?

I’m in the same boat as you. I’m running Windows 7 x64 and .NET 4.6.1. I did not install the .NET rollup this month because it’s optional (no security fixes). I plan to install .NET 4.7.1 in few weeks when I upgrade my paint.net program. If you check the comments on this blog entry, you’ll see that there is a dependency issue when installing .NET 4.7 on Windows 7 that is fixed in .NET 4.7.1. Apparently .NET 4.7.1. will be pushed out to Windows Update in a few weeks. You may want to wait until that’s available from Windows Update, which should also be in a few weeks.

Reply | Quote

alpha128 I am not sure why you have an “optional” (no security update) for NET according to my WU I have KB4043766 (2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64) which says it is a “security” update and my box is checked! The only “optional” updates that I have are: KB4041686 (Preview of the Monthly Quality update for windows 7 for 64 bit) and KB4042076 (Preview for the Quality Rollup for NET Framework).

I have a Paint program on my PC (it was there when I purchased it) so I have no idea if it is Paint.net.

Reply | Quote

alpha128 I am not sure why you have an “optional” (no security update) for NET according to my WU I have KB4043766 (2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64) which says it is a “security” update and my box is checked! The only “optional” updates that I have are: KB4041686 (Preview of the Monthly Quality update for windows 7 for 64 bit) and KB4042076 (Preview for the Quality Rollup for NET Framework).

On my computer KB4043766 is shown as an optional, unchecked, update despite the “Security” in its name. If it truly included security updates, it would have been checked and appeared with the other “Important” updates. The treatment in Windows Update might have something to do with what version of .NET you have installed. I’ve read that the only new fixes in the October rollup are for 4.7, and I’m still on 4.6.1.

I have a Paint program on my PC (it was there when I purchased it) so I have no idea if it is Paint.net.

My guess is you have the Windows Paint program provided by Microsoft. Paint.NET is a more elaborate program that is free, but you have to download it. Paint.NET is the only program I have that makes extensive use of the .NET framework, so I let it drive which version of .NET I install.

1 user thanked author for this post.

KarenS

Reply | Quote

KB3186497 is a Recommended update.  If you think you need this update, and it shows up in your Windows Update then go ahead and get it.  I personally have not gone past the .Net Framework 3.5.1 and all is fine on my 2013 Win 7, x64 computer.  I apply the cumulative .Net updates which include Framework 3.5.1 along with all the others and I still stay at 3.5.1.

This is just my personal experience and your computer system/software may need it.

Hope this helps.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

First time seeing DEFCON 4.  Read about it, just never saw it in action, sweet.  Kinda makes me wonder if that’s a good sign that things are improving.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

1 user thanked author for this post.

Bill C.

Reply | Quote

Improving? Dream on…

7 users thanked author for this post.

JDeC, HiFlyer, walker, SueW, AJNorth, Kirsty, woody

Reply | Quote

Several years ago, DEFCON 4’s were pretty much common.  Then came Win 10.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Is this KB4043766 normal update or security update? I don’t see this update today when using windows update. Is it only available to download manually via microsoft site?

Reply | Quote

KB4043766 is the Rollup for .NET and should be offered through Windows Update if it is required.

1 user thanked author for this post.

walker

Reply | Quote

Just 2 quick questions.

My Win7-64Pro SP1 desktop has the following installed:

.NET Framework 2.0 Service Pack 2   ver: 2.0.50727.5420
.NET Framework 3.0 Service Pack 2   ver: 3.0.30729.5420
.NET Framework 3.5 Service Pack 1   ver: 3.5.30729.5420
.NET Framework 4.6.1   ver: 4.6.01055

Only the 4.6.1 appears in the Add/Remove Programs applet in Control Panel.

While I am Group B, I have been using WU for the .NET rollups.  I know that .NET 4.7.1 is now available for web-based and standalone installs and was going to upgrade either that way or via WU.  Is there any advantage to one over the WU?

When WU (or downloadable versions) installs the .NET 4.7.x, will it remove the .NET 4.6.1?

Thanks.

Reply | Quote

I would wait until the later version of .NET is offered through WU. By it’s presence in WU, Microsoft is saying it is ready for your version of Windows. Supposedly at that point it doesn’t cause problems (but with MS, Who knows?).

2 users thanked author for this post.

Bill C., walker

Reply | Quote

Yes, all .NET 4.x.x are one family, any higher version will replace lower version

3 users thanked author for this post.

Bill C., walker, SueW

Reply | Quote

@PKCano:   Does this mean that KB4043766 is “safe” to install and that it will cause all of the older “pending” .NET Framework updates to be included?  There are so “many” of the .NET Framework updates pending it’s mind-boggling.   I thought I had seen “somewhere” that some users intended to WAIT before installing any .NET Framework updates.

I just noted a newer message you posted that stated that this update does not “fix” any other ones (or did I misread that?).   More confused than ever now.   🙁

Thank you for your opinion about this one, and all of the other expert advice you have provided.   🙂

Reply | Quote

but it is not a security update according to the info from this site
https://forum.bigfix.com/t/where-is-ms17-oct-for-net-framework-kb4043766/23136

Reply | Quote

.NET 4.7 is the only .NET that had an update. But it is a Rollup, and as such includes no fixes for the others versions. See this article for What’s happening with .NET

1 user thanked author for this post.

walker

Reply | Quote

W7 64bit. I don’t know why you keep saying group B is so difficult. I’ve been doing it since it started, 10 minutes and I’m done. I think many of us prefer it, please don’t give up on us .

thom r

7 users thanked author for this post.

HiFlyer, Charlie, JDeC, SueW, wdburt1, samak, Elly

Reply | Quote

We’re not giving up on Group B. But we have found that the procedure we have been following no longer works as previously laid out. So we are working on a revision. These topics explain it if you want to wade through the discussions:
https://askwoody.com/forums/topic/group-b-win78-1-missing-updates-hiding-rollups-security-only-patches/
https://askwoody.com/forums/topic/what-issues-can-result-from-hiding-a-windows-update/
It will not be as easy as it has in the past.

8 users thanked author for this post.

JDeC, SueW, AJNorth, The Surfing Pensioner, samak, Bill C., woody, Elly

Reply | Quote

PKCano wrote:

We’re not giving up on Group B.

Good to hear, since Woody’s Computerworld article says

The old “Group B” – security patches only – isn’t dead, but it’s no longer within the grasp of typical Windows customers. We’re actively discussing whether it’s worthwhile continuing to post information about the security-only patching path.

3 users thanked author for this post.

Charlie, wdburt1, The Surfing Pensioner

Reply | Quote

Win7 Pro x64 on Zbook 17 Workstation. Office 2010. Group B since the beginning.

Downloaded and installed the Security Only update off this site. The IE 11 update wasn’t for my machine. Got the correct Oct., 2017 from the Update Catalog. Maybe I clicked on the wrong link or the x64 IE 11 msu on the link was wrong…

Turned on WU “check and let me choose”, hid the Security Rollup and .Net Rollup. Installed the Office 2010 security stuff and MSR.  Re-checked for updates; no important updates found. Have been doing it this way from the get-go.

After the fiasco last month with the .Net Rollup, installed the .Net Security Only update last month so as NOT to compromise my photo-editing software.

At this point am ONLY interested in vetted Security Only updates, no MS “enhancements” required/desired. Touch wood, my machine is stable!

Would be nice if in future any Security Only .Net links were added to Group B so that I don’t have to go digging for them.

2 users thanked author for this post.

JDeC, The Surfing Pensioner

Reply | Quote

anonymous wrote:

Would be nice if in future any Security Only .Net links were added to Group B so that I don’t have to go digging for them.

According to Description of Software Update Services and Windows Server Update Services changes in content for 2017, the last security-only .NET updates were issued on 12 September.

PS There is a topic for .NET updates, but with recent site issues, the security-only updates were posted elsewhere. It is in the Developers Lounge, as .NET security-only updates have been considered as suitable mainly for more technical users.

3 users thanked author for this post.

SueW, AJNorth, woody

Reply | Quote

I was surprised to read that our host is considering ending support for Group B.  Every time he has suggested that Group B is too difficult for most people to handle, he gets a chorus of replies that it’s not.  I am not especially sophisticated but I can do the drill once a month without difficulty so long as someone points me to the correct KB’s.  (And before that, I learned how to find them.)  Thirty minutes tops for two machines, while I’m doing other things.

This includes running Windows Update.  It usually presents me with one or two recommended updates and a short list of optional, unchecked updates.  The recommended updates are usually the ones I expect, like MSRT, and the optional updates typically consist of a short list of known malefactors like KB2952664.  I accept what I need and ignore the others.  I quit hiding anything after  Microsoft turned that into a game of whack-a-mole.

As for whether we should agonize over supersedence and bug fixes that are included in rollups rather than delivered down the security-only chute, I’ll be more impressed with that when someone demonstrates that Microsoft has its act together–when this site no longer brings almost daily revelations of [mess]ed-up patches.  The notion that Windows is some elegant, integrated, flawless system is a crock.

The alternative to Group B is Group W.

4 users thanked author for this post.

JDeC, HiFlyer, Charlie, Elly

Reply | Quote

wdburt1 wrote:

Every time he has suggested that Group B is too difficult for most people to handle, he gets a chorus of replies that it’s not.

We are not giving up on Group B. But you are talking about the EXISTING method for Group B which we have found no longer works.

We are looking at revising the Group B method. And the REVISED method will not be as easy.

wdburt1 wrote:

As for whether we should agonize over supersedence

This is the whole crux of the problem. You can read the discussion at:
https://askwoody.com/forums/topic/group-b-win78-1-missing-updates-hiding-rollups-security-only-patches/
and
https://askwoody.com/forums/topic/what-issues-can-result-from-hiding-a-windows-update/

5 users thanked author for this post.

JDeC, Elly, AJNorth, SueW, wdburt1

Reply | Quote

I have read that thread and believe that I understand the problem in principle.  If supersedence is the “crux” of the problem, then my comment above about assuming M$ infallibility is on point.

Anyone else remember the concept of false precision from their engineering classes?

 

Reply | Quote

There are two issues. The second issue – exclusivity of some updates – affects both Group A and Group B. The first issue – update supersedence – is known to affect those who install either Windows security-only updates or .NET security-only updates. There may be other scenarios in which the first issue affects either Group A or Group B.

My unofficial modifications to Group A and B instructions that hopefully address both of these issues are at https://askwoody.com/forums/topic/new-directions-for-win-7-and-8-1-patching/#post-138998. Alteration to above algorithms for those who want to hide fewer updates: https://askwoody.com/forums/topic/new-directions-for-win-7-and-8-1-patching/#post-140373.

5 users thanked author for this post.

JDeC, Elly, The Surfing Pensioner, walker, wdburt1

Reply | Quote

Have just followed MrBrian’s excellent instructions for updating Group B-style and I cannot say I found the procedure particularly time-consuming or arduous. Had a laugh examining and hiding all the optional updates I am never, ever going to want to install. Subsequent WU searches only revealed further previews……………..and further previews………………… which I am defintely never, ever going to want to install. Unhid and installed kb4041083 because, although unchecked, it was marked Important and unhid and left the .Net 4.7 installer, just in case I want to go there one day.

Now everything is wonderfully neat and tidy and I’m up-to-date. Managed to alter a pair of trousers at the same time – but then I like multi-tasking. This is supposed to be difficult?

3 users thanked author for this post.

JDeC, Elly, MrBrian

Reply | Quote

wdburt1 wrote:

I am not especially sophisticated but I can do the drill once a month without difficulty so long as someone points me to the correct KB’s.

When I was doing the security-only updates, I had Windows Update set to check for updates but let me decide whether to install them.  When one of the security and quality rollups would appear in the list, I would click the “more information” link on the right side of the Windows Update window.  That launches a web page, and in the first few paragraphs was always a description that described the security-only version of that particular rollup and provided a link.  Follow that link, download your update, and away you go.

After that, I would hide the rollup for that month, and wait for the next one to arrive in a month.

 

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

HiFlyer, Charlie, wdburt1

Reply | Quote

PKCano wrote:

Improving? Dream on…

Sorry kitty kat, was a lame attempt at humor.  Thanks for playing, heh heh.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

Hail Woody.  Just updated Windows 7 and Windows 10 machines as per your invaluable directions.  Windows 7 quick and never a problem.  Windows 10 slow and takes forever. Today surprise surprise!  The quickest Windows 10 update I have experienced about 15 minutes! So far no problems or surprises.  I have to say that MS are on a very slippery slope with me; even to the point of hanging on by their toe nails.  I am seriously looking for an alternative.  MS Update is a laborious pain in the nether region.  Why?  I suggest the Chief Chapatti Wallah look up the meaning of service and customer satisfaction before it’s all gone – remember Kodak?

In Woody we trust.  MS never no more.

Reply | Quote

I installed the 2 Group B security only patches (IE Rollup and the October Security Only, no issues.

I installed all the Office 2010 patches served up by WU, no issues.  I did the October .NET rollup and no issues.

Nothing hidden except hardware drivers and that single errent MSE definitions update that kept trying to re-install.  Belarc Advisor reports A-OK for security.

I give a big thank you to Woody, PKCano, and others for their patience and dedication.

1 user thanked author for this post.

SueW

Reply | Quote

have september patches already been fixed? i’m not that versed being able to all these repairs necessary after september patches. this is the reason why i still haven’t installed any september patch… and as i’m not up to date: which (isolated) problems await with october patches?

Reply | Quote

Woody advised to patch carefully on September 29th – you can find the ComputerWorld article here:
https://www.computerworld.com/article/3229748/microsoft-windows/its-time-to-install-the-september-patches-for-windows-and-office.html

For details about the October patches, the ComputerWorld article is here:
https://www.computerworld.com/article/3235289/microsoft-windows/get-windows-and-office-patched-but-watch-out-for-creepy-crawlies.html

1 user thanked author for this post.

walker

Reply | Quote

My problem is: this involves repairing damage caused by september patches. I’m not versed enough to do any repair actions. and as english is not my native english i don’t dare trying to follow this article and repair anything by my self. I just want to install patches without having to repair anything. This is why i asked if september patches have been fixed already, so there should be no need for any further repair action after applying patches…

Reply | Quote

This is getting more and more way too complicated. Can’t await end of life of win7/8.1, after that date I don’t have to mess with patches anymore because there aren’t any patches anymore. 😀

Reply | Quote

Hi anon, from your first post (#141225), you said that you “still haven’t installed any september patch…”  So right now, I am assuming that your system is up-to-date (patched) through August.

If that’s the case, then carefully follow the instructions in the first link that Kirsty posted for you and you’ll be up-to-date (patched) through September.  Many of us (Windows 7 Group B) had already done this in late September and did not need to make any repairs.

Once you have updated your computer with September’s patches and have used it for a few days, follow the instructions in Kirsty’s second link to update your computer with October’s patches.

If you encounter any problem with any update, uninstalling it from your computer will usually solve the problem.

Good luck ~

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

following any repair tutorials is not as easy as english is not my native language. i hope i don’t need repair actions as i expect me to [mess] this up.

do i have to wait days between september and october patches? if i start messing with windows updates, then i want to get this bs out of the way all at once. because i HATE updating windows, there is always f***** fear involved with windows updates! and do i have to reboot after installing botched september patches already or is it enough to reboot after installing both september and october patches?

Reply | Quote

Give yourself more credit 🙂  If your computer has been running okay, then you’ve been updating it correctly.

No, you do not have to wait days in between installing patches.  I just suggested that in order to make sure your computer is running okay.

You do need to do all the reboots for each month’s patches before moving on to installing the next month’s patches.  So yes, you have to reboot after first installing September’s [unbotched] patches.  After the [final] reboot, you can then install October’s patches and reboot when asked.  Always reboot your computer when asked to do so.

 

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

i’ll try that tomorrow morning. i’ll do following:

september patches windows and ie
reboot
october patches windows and ie
reboot
search for additional patches using windows update.
(office 2010, .net, msrt and whatever else to be found).
then i’ll post the findings here and ask what to install…

Reply | Quote

as groub b i’ll install following patches:

windows 7:
Sep 2017 KB 4038779 – 64-bit
Sep 2017 (IE11) KB 4036586 – 64-bit
Oct 2017 KB 4041678 – 64-bit
Oct 2017 (IE11) KB 4040685 – 64-bit

windows 8.1:
Sep 2017 KB 4038793 – 64-bit
Sep 2017 (IE11) KB 4036586 – 64-bit
Oct 2017 KB 4041687 – 64-bit
Oct 2017 (IE11) KB 4040685 – 64-bit

already downloaded them all so i don’t have to wait for download tomorrow.

 

Reply | Quote

Warning — please only update one month at a time — only install September’s patches first, before installing October’s patches.  This also includes searching for any additional patches using Windows Update (Office 2010, etc.) for September first, and then for October.  In other words, install all checked September patches first, rebooting when asked.  Then, and only then, install all checked patches for October.

By the way, the patches you have downloaded for Windows 7 Group B are the correct ones.

 

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

so in this order:

september patches windows and ie
reboot
search additional patches september
(office, .net, etc.)
list findings here, install what is safe
reboot
october patches windows and ie
reboot
search additional patches october
list here, install safe patches
reboot

regarding windows and ie patches of one month:
reboot between windows and ie patches necessary?
or can i install windows and ie patches at once?
never did a seperate reboot  between these until now.
always installed windows AND ie and then rebooted.

are downloaded 8.1 patches the correct ones, too?
notebook is running windows 8.1, also group b.

Reply | Quote

Win8.1 patches are correct.

It is not necessary to reboot between the security-only patch and the IE11 update.

2 users thanked author for this post.

walker, SueW

Reply | Quote

Yes, your order is correct.

Thank you, PKCano, for answering the other questions (I only use Windows 7).

 

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

after installing september updates for windows and IE, following updates available:

windows 7, important (all checked by default):
excel 2010 (kb4011061)
office 2010 (kb2553338)
office 2010 (kb2837599)
office 2010 (kb3213626)
office 2010 (kb3213631)
office 2010 (kb4011055)
outlook 2010 (kb4011196)
powerpoint 2010 (kb3128027)
publisher 2010 (kb3141537)
word 2010 (kb3213630)
2017-09 security-/quality-rollup .net 3.5.1, 4.5.2, 4.6, 4.6.1, 4.7 (kb4041083)
2017-10 monthly security-/quality-rollup windows 7 (kb4041681) – i will uncheck this of course.
msrt october 2017 (kb890830) – where is the september one?

windows 7, optional (all unchecked by default):
most of them i leave unchecked, don’t need.
there are two previews (windows and .net), snooping patch kb2952664, nvidia drivers, 31 language packs, one currency update azerbeidschan i don’t need (kb3102429) and ie11 language pack without kb-number.
there is also security-/quality-rollup for .net 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 (kb4043766) – what do i do with that?

windows 8.1, important (all checked by default):
excel 2010 (kb4011061)
office 2010 (kb2553338)
office 2010 (kb2837599)
office 2010 (kb3213626)
office 2010 (kb3213631)
office 2010 (kb4011055)
outlook 2010 (kb4011196)
powerpoint 2010 (kb3128027)
publisher 2010 (kb3141537)
word 2010 (kb3213630)
windows defender (kb2267602)
2017-09 security-/quality-rollup .net 3.5.1, 4.5.2, 4.6, 4.6.1, 4.7 (kb4041085)
2017-10 monthly security-/quality-rollup windows 8.1 (kb4041693) – i will uncheck this of course.
2017-10 security update adobe flash player (kb4049179)
msrt october 2017 (kb890830) – also here september one is missing…

windows 8.1, optional (all unchecked by default):
on this machine also most of them i leave unchecked, don’t need.
there are two previews (windows and .net), snooping patch kb2976978, nvidia drivers, currency update azerbeidschan i don’t need (kb3102429).
on this machine also security-/quality-rollup for .net 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 (kb4043767) and .net framework for windows 8.1 (kb 3186539)- what do i do with these two?

which of currently checked important updates should i uncheck, before proceeding to install the rest and before installing october patches for windows and ie11?

Reply | Quote

In response to your query about MSRT, the latest update includes previous threats, so you only require the latest version, not a previous months’.

1 user thanked author for this post.

walker

Reply | Quote

Thanks for your list!  The Windows 7 Important (all checked by default): the Office updates are from both September (6) and October (4).  Since they all appear, I would install all of them.

KB4041083 – I installed this in September without issues.

Kirsty answered your question about MSRT.

KB4043766 – since it’s unchecked, I would leave it unchecked.

Optional: updates: As for the language packs, you might want to hide them so that they don’t appear each time you check Windows Update.  Same with snooping patch KB2952664!

I can’t speak to 8.1 . . .

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

JDeC

Reply | Quote

thx, so on win 7 i install all checked important updates (not the security/quality rollup) and then i install october patches for windows and ie.

about hiding language packs and snooping patch, until a few months ago i had them hidden. but someone here on askwoody.com recommend to unhide all hidden updates to avoid problems with windows update. and as for snooping patch, this one appeared again and again and again and again although it has been hidden, so in this case hiding it was totally senseless…

Reply | Quote

What issues can result from hiding a Windows update?

For some updates, such as KB2952664, there are often newer versions. That’s why such updates appear to become unhidden by themselves.

1 user thanked author for this post.

walker

Reply | Quote

When is it safe to install multiple standalone Windows updates without a reboot?

2 users thanked author for this post.

walker, SueW

Reply | Quote

thx. i installed all important patches except security/quality rollup. then reboot. then i installed october security only patch for windows and october ie patch. reboot again. a new search for updates doesn’t show any new important patches anymore. only security/quality rollup shows up which i’m not going to touch as i’m group b.

in optional tab i have two patches for .net which might be interesting or not: security/quality rollup (kb4043766), .net framework 4.7 (kb3186487). all optionals still are unchecked…

.net framework 4.7 is new in optionals list, it didn’t show up before i installed october updates for windows and ie…

i did the same on windows 8.1 notebook as especially office updates seem to be the same. installed all important updates including flash and defender. to stay in group b i did NOT install security/quality rollup. after reboot i installed october windows and ie updates.

new search on windows 8.1 shows another update for windows defender, which i install along with security/quality rollup which i don’t want.

windows 8.1 optionals:  preview (windows) still there preview (.net) not showing up anymore, snooping patch kb2976978, nvidia drivers, currency update (kb3102429) and .net framework for windows 8.1 (kb 3186539) are still there. also disappeared from optionals (not showing anymore): security-/quality-rollup for .net 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 (kb4043767)

Reply | Quote

Great — glad to hear that updating your Windows 7 computer went well!  In your Optional tab with the 3 unchecked patches — I would just leave them unchecked for now.

As for Windows 8.1, looks like you are following the same process that you did on your Windows 7 computer.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

thx. how can i check if .net really went without problems? where can i check for black boxes and such problem discribed in september? (-> resulting in another question: do i really want to know? :D)

Reply | Quote

I’m not sure there’s anything you can check regarding potential .net issues.  I can only tell you that I have not encountered any issues after I installed KB4041083 a month ago.

Good question — do you really want to know 😉

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

JDeC

Reply | Quote

Which Windows version are you using, and are you using the Group A rollups update method?

(in the meantime, backing up your computer before any update is a first step to minimising disruptions that may be caused by updates)

Reply | Quote

I’m using windows 7 ultimate on main pc and win 8.1 on notebook. I’m patching group b as i don’t want microsoft snooping on me. And backup is a problem at the moment as I’m not able to afford any backup media (harddisk or similar).

Reply | Quote

I’m with the Windows 7 Home Premium 64bit Group B survivors. This is the perfect season for us. All huddled together in front of our computers, waiting for the zombie horde to come and devour us. In fact, my logon screen is the dreaded ‘Walking Dead’, “Don’t Open Dead Inside” logo with bony fingers coming out of the screen to get me. Luckily, the October updates KB4040685, KB4041678 & the Security Monthly Quality Rollup KB 4041681 installed without a peep. Though, I have to admit, I kept my eyes closed while rebooting each update. That BSOD already caught me once a couple of months back. But I remain constantly vigilant for that bony finger.

Reply | Quote

If you installed the Security Monthly Quality “ROLLUP” you are in group A, you’re not in group B. Group B does not install Security Monthly Quality “ROLLUPS”… Group B installs Security Only Monthly UPDATES.

1 user thanked author for this post.

SueW

Reply | Quote

Well, what a stupid person I am! Guess that “bony finger” caught up to me after all. However, I am going to continue the ‘Group B’ monthly update routine anyhow, no matter how useless it my become.

 

Reply | Quote

Group A user here, with 2 Windows 7 desktop machines used at home.

KB4041681 (Quality Monthly Rollup) just installed on the first machine ok, along with four Office 2010 updates (installed as a separate batch). No apparent problems, and if all is well in a day or two then the Quality Monthly Rollup will be installed on the second machine (which doesn’t have Office installed).

MSRT was installed on both machines ok a few days ago, I tend to get that one out of the way early on as it has never been problematic.

KB4043766 (.Net Framework) has been hidden on both machines as it is optional and unchecked. Likewise KB 4041686 (Quality Monthly Rollup Preview) and KB4042076 (.Net Framework Preview) as they are previews being optional and unchecked. This month I have also hidden a Nvidia Display update as I don’t touch them under WU (and only update my drivers anyway if there is a compelling reason to do so – if it ain’t broke, I don’t fix it)!

Thanks as always to Woody and the other experts for their advice.

Reply | Quote

With a NVidia vulnerability mentioned in last week’s NCAS Weekly Vulnerability Summary, I would suggest you check their website for your update, as it is probably security related.

2 users thanked author for this post.

Bill C., Seff

Reply | Quote

Thanks Kirsty, but it looks like the latest Nvidia security alert was in fact to do with Linux vulnerabilities, and the latest drivers relate solely to enhanced performance in a couple of games I don’t play.

I find that security vulnerabilities in graphics drivers tend to be (a) constant and (b) extremely theoretical. Important tho’ they may be, it’s impossible in practice to put such considerations above the need with graphics drivers for effective performance and temperature control especially for gaming. Does anyone have any recollection of actual security problems arising in practice from graphics drivers as opposed to theoretical vulnerabilities being reported?

I appreciate the heads up, tho’!

2 users thanked author for this post.

Kirsty, AJNorth

Reply | Quote

Moreover, for the fourth time in the last twelve months or so, the new NVIDIA driver (388.00 WHQL released on 23.10.2017) again contains an out-of-date version of Node.js (this month apparently because Node.js was updated a few days after the driver was built, tested and released).

The current version is 8.8.1 (x32 & x64), and can be downloaded from https://nodejs.org/en/ (full changelog: http://www.softpedia.com/progChangelog/Node-Changelog-192241.html).

Do be aware that for the NVIDIA driver, it must be installed to the appropriate location (on my Windows 7 machines for example, it is installed to C:\NVIDIA\DisplayDriver\388.00\Win8_Win7_64\International\nodejs).

2 users thanked author for this post.

Kirsty, Seff

Reply | Quote

I have found that many of nVidia’s vulnerabilities relate to features of their driver package which I have never installed, such as G-Force Experience, Shield Controller software, etc.

I always install an nVidia driver downloaded directly from their site (always a week or two after issue) and I never allow the “Express install”, but choose manual and only installed or updated the video driver itself and sometimes physx (if a newer version).

That said, even doing it that way, the installer does install ALL of the components to the C:/NVIDIA folder.  I have read a number of articles on how to remove certain components pre-install, but have not had success.  I also manually delete all older drivers in the C:/NVIDIA folder about a week after testing.

I have also found that many of the newer nVidia drivers version do create frame rate lag at times during play in some games.  Their driver packages have been developing a serious bloat issue, growing from an average of under 300MB to 400MB.

3 users thanked author for this post.

satrow, JDeC, AJNorth

Reply | Quote

In addition to following this excellent approach, one may also wish to disable the “NVIDIA Telemetry Container” in Windows Services (see https://www.ghacks.net/2016/11/07/nvidia-telemetry-tracking/).

2 users thanked author for this post.

satrow, Kirsty

Reply | Quote

Update to my original post – second computer now has KB4041681 installed ok.  No other updates are required.

Reply | Quote

I don’t understand one thing: I have decided to not install the Windows Updates for now because of bugs. Those bugs/errors in the Updates prevented me from installing those. Microsoft did not fix anything of them.

So why should I install them now if the state of the Update is unchanged (no re-release since Microsoft is just jumping to the next monthly update to [maybe] fix errors [same procedure with the Windows 10 Versions by the way])?

Regards Markus

Reply | Quote

well since I’m sticking with having just the September 2017 security quality rollups installed on my Win7 & Win8.1 systems, I may skip the October 2017 security rollups since they seemed to be more problematic than the September 2017 updates. I’ll wait for the November 2017 security updates to be released.

also when a new version of .NET Framework 4.x comes out (such as v4.7.1), I uninstall the existing 4.x version on my Win7 PCs and install the latest version using the FULL .NET Framework “offline” installer from MS download center rather than downloading the latest .NET framework version from either MS Update Catalog or Windows Update. that way I have a “clean” or fresh install of the latest .NET Framework 4.x components for Win7.

Reply | Quote

Having just patched W8.1 group A and two W8.1 group B devices, all went smoothly.

Group A test device (no VM) certainly seems less hassle with no adverse effects with subtle OS quality and visual improvements. (device manager icons, defender integration)

Group A is now becoming my favoured choice as life is too short..GWX campaign is over so no need to fret and telemetry can be reduced via 3rd party apps and firewall rules.

Also, no more washing, rinse and repeat of windows update to reveal further patches which is time-consuming. Group B to Group A conversion may soon be on the cards for the remainder of our devices.

Windows - commercial by definition and now function...

Reply | Quote

If you decide to move from Group B to Group A, I have posted a suggested method here. This is basically what I used recently to move my machines to Group A. Group B is getting more and more difficult, even for tech-savvy people. There are other ways to control telemetry while being sure your computer is correctly patched.

2 users thanked author for this post.

walker, Microfix

Reply | Quote

Yeah PKCano, I done my existing group A device via this thread and also AKB2000004  within the last couple of months, worked a treat then.

Thanks again for your valuable info.

Windows - commercial by definition and now function...

Reply | Quote

Woody,

Did your recommended updates last night on both computers. So far, so good. Just the usual problem with IE11 being slow to respond. Fingers, toes, arms, and legs CROSSED in hope that all will be well.

Many thanks, again, for all you and the others here have done.

Dave

Reply | Quote

MS-Defcon 4?!

*faints*

3 users thanked author for this post.

AJNorth, Seff, SueW

Reply | Quote

Agreed!

I think if we ever see MS-Defcon 5 I shall do more than faint, I shall wipe my computers and switch them off for good – life just won’t be fun any more!

Reply | Quote

The two known issues listed in .NET Framework September 2017 Security and Quality Rollup were fixed in the .NET Framework October 2017 Security and Quality Rollup according to https://support.microsoft.com/en-us/help/4043564/certain-net-framework-4-5-2-updates-contain-pseudo-non-english-charact and https://support.microsoft.com/en-us/help/4043601/rendering-issues-after-the-september-12-2017-net-security-and-quality.

2 users thanked author for this post.

walker, SueW

Reply | Quote

“If you really want to stay with .NET 4.5.2, you have to manually install updates.”

I believe that is incorrect. From https://support.microsoft.com/en-us/help/17455/lifecycle-faq-net-framework: “Support for .NET Framework 4.5.2 will follow the Lifecycle Policy of the Windows operating system, and will be supported as a component on the latest required operating system update.”

1 user thanked author for this post.

walker

Reply | Quote

Due to some reported problems last month, I did not install KB4041083 (September 12).  My WU is still showing that update, not KB4043766 which I thought was the latest .NET update.  Any idea why KB4043766 isn’t there?

Thanks.

Marty

Reply | Quote

Due to some reported problems last month, I did not install KB4041083 (September 12).  My WU is still showing that update, not KB4043766 which I thought was the latest .NET update.  Any idea why KB4043766 isn’t there?  – Marty

The 2017-09 Security and Quality Rollup for .NET (KB4041083) is labelled “Important” because it includes security updates.

2017-10 Security and Quality Rollup for .NET (KB4043766) is “Optional” but “Recommended” because it contains no new security fixes, only bug fixes, and only for .NET 4.7.

If, like me, you are running .NET 4.6, you’ll want to install KB4041083 and can safely skip KB4043766.

3 users thanked author for this post.

JDeC, SueW, Marty

Reply | Quote

Group B.  Win 7 64-bit.  Installed both Win 7 security only and IE 11 patches for October.  Is it ok to also install the Office 2010 32-bit security patches for October.  If so, it’s ok to install the October patch for Outlook 2010 too?  Was wondering if should just do patches for Office 2010, Excel 2010, Word 2010 except for Outlook 2010, which I hear causes problems?  Any advice is very appreciated.

Reply | Quote

Take Woody’s advice on the Office patches. See the ComputerWorld article.

https://www.computerworld.com/article/3235289/microsoft-windows/get-windows-and-office-patched-but-watch-out-for-creepy-crawlies.html

1 user thanked author for this post.

walker

Reply | Quote

I’m somewhat troubled by this statement regarding DDEAUTO:  tattoo inside your eyelids “Do NOT Enable Editing.”

4012213 was installed when it came out in March of this year.  And I unchecked the “update automatic links at open” setting in Word & Excel.

If I can’t enable editing after the aforementioned adjustments, how do I go about editing word docs & excel spreadsheets?

Please advise, am I missing something or am I good to go?

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

About that setting:

https://www.stigviewer.com/stig/microsoft_word_2007/2014-04-03/finding/V-17811

https://wordribbon.tips.net/T006115_Updating_Automatic_Links.html

1 user thanked author for this post.

Purg2

Reply | Quote

alpha128 wrote:

Due to some reported problems last month, I did not install KB4041083 (September 12). My WU is still showing that update, not KB4043766 which I thought was the latest .NET update. Any idea why KB4043766 isn’t there? – Marty

The 2017-09 Security and Quality Rollup for .NET (KB4041083) is labelled “Important” because it includes security updates. 2017-10 Security and Quality Rollup for .NET (KB4043766) is “Optional” but “Recommended” because it contains no new security fixes, only bug fixes, and only for .NET 4.7. If, like me, you are running .NET 4.6, you’ll want to install KB4041083 and can safely skip KB4043766.

I thought that KB4041083 had a problem and not to install it and to install just the security  update that applied to what version of .Net framework that is installed on your computer.
So that is what I did. Now your saying KB4041083 is safe to install, is this correct.?
I’m showing both KB4041083 and KB4043766 in hidden updates.

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

The October 2017 .NET Framework updates fix those issues. See https://askwoody.com/forums/topic/ms-defcon-4-watch-out-for-net-and-office-patches-but-get-caught-up/#post-141333 for more details.

1 user thanked author for this post.

walker

Reply | Quote

I’m not sure what you are referring to (your link appears to be self-referential).  KB4041083 on my machine showed a September date, not an October date.

Regards,

Marty

Reply | Quote

“The two known issues listed in .NET Framework September 2017 Security and Quality Rollup were fixed in the .NET Framework October 2017 Security and Quality Rollup according to https://support.microsoft.com/en-us/help/4043564/certain-net-framework-4-5-2-updates-contain-pseudo-non-english-charact and https://support.microsoft.com/en-us/help/4043601/rendering-issues-after-the-september-12-2017-net-security-and-quality.”

1 user thanked author for this post.

walker

Reply | Quote

@Mr.Brian:  Thank you very much for all of this information.   With so many of these.NET updates, it becomes very confusing, and your advice is invaluable in being able to understand and sort things out.    Thank you very much.   🙂

Reply | Quote

MrBrian,

Thanks for the info on KB4041083 being fixed.

Just to clarify to see if I’m doing this correctly. I always have WU set on “Never check for updates (not recommended)”. When Woody says its time to get patched, I have WU check for updates. When WU is done checking, I hide everything unless its a MSE definition. Then I go to askwoody.com to figure out what patches are safe to install. After installing, I have WU keep checking until there are no more patches to install.

This month I’ve concluded that these patches need to be installed; 2017-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4041681), 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083), 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766). Is this correct?

This one I’m not to sure of: Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition. The only MS Office I have is MS Office Starter 2010, Click-to-Run. It is set to auto update. That is why I’m not sure if (KB2553338) should be installed.

Any help appreciated.

The real reason I put up with this mumbo jumbo is because one time WU installed a driver update which [mess]ed up everything and Microsoft tried to force feed me W10.

OS W7 Home Premium SP1 64-bit, Group A groupie

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

I recommend installing all of the updates that you mentioned, and you’re welcome :).

1 user thanked author for this post.

walker

Reply | Quote

This might not apply to everyone when installing the below patches. I kinda have a Franken computer (more here). Nothing the less it keeps rebounding after I think it is ready to fail.

Patches were install in this order, one at a time.
1. Installed Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition. Installed successful. No restart required. Shows in update history but not in installed updates.

2. Installed 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083). Restart required. Black screen after restart, hear w7 boot up sound. Shutdown via alt+f4, Pushed power button, splash screen then black screen again. Shutdown via power button, pushed power button, Windows Error Recovery Screen appears  “Start Windows normally” highlighted, pushed enter, booted normal. KB4041083 shows in update history and Under .NET framework 4.6.1 in installed updates. Under MS windows in installed updates Kb4040980 & KB4019990 were installed, both don’t show in update history.

3. Installed 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766). Restart required. Booted normal. KB4043766 shows in update history not in installed updates. Under .NET framework 4.6.1 in installed updates KB4041083 is now gone and replaced with KB4043764 & KB4040973, both don’t show in update history.

4. Installed 2017-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4041681). Restart required. Booted normal. Shows in update history and under Under MS windows in installed updates.

Computer seems to be functioning correctly. It might be time to give this computer the boot if  this black screen boot problem persists. This is the 2nd time this happened when patching in the last three months. I’m batting 2 out of 3.

Thanks for the help MrBrian,

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

? says:

on my last  of 5 win 7 pro’s, it went like this:

Latest MSE definition update , then Flash 27.0.0.183, then manually installed KB4041678, KB4040685, reboot, then seek fresh updates, 2 Important KB4041681 Oct. roll-up (hid), KB890830 Oct. MSRT (installed), 4 Optional, all unchecked KB4041686 Oct. preview roll-up (hid), KB4042076 Oct. .Net (all) preview roll-up (hid), KB4043766 Oct. .Net roll-up (all), left it for after I installed KB3186797 .Net 4.7 (no reboot necessary), then checked for more updates, KB4041083 September .Net Security and Quality roll-up appeared, installed KB4041083 and KB4043766 at the same time, three minutes later with no reboot i finished updating with a final check, nothing else was offered, so off went windows update until a more opportune time (next month) and i’m writing this while the .Net mscorsvw.exe finishes it’s procedure, oh, looks like it is done and now time to clean up the mess Bill’s ghost left behind. Happy Halloween!

1 user thanked author for this post.

SueW

Reply | Quote

Having read the 81 posts (so far) in this thread while trying to keep the information all sorted out, I am now going to take a couple of aspirins.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

JDeC, SueW

Reply | Quote

I needed a good laugh. Thanks!

Reply | Quote

Sure hope that Microsoft did a better job this month than last month.

Reply | Quote

Data points indicating success:

Win 8.1 x64 Pro/MCE on my workstation: Patched Friday evening, running perfectly.

Win 7 X64 Ultimate on my small business server: Patched Saturday morning, running fine.

Win 10 v1709 x64 Pro in a VM. Patched today, only a VS 2005 runtime patch was received. Build number shows 16299.19.

All patches done “Group A” style, with the exception that I did NOT install KB4041686 (Preview of Monthly Rollup) on my Win 7 system, since it’s known to cause a new SFC /SCANNOW error.

-Noel

3 users thanked author for this post.

AJNorth, JDeC, SueW

Reply | Quote

Purg2 wrote:

I’m somewhat troubled by this statement regarding DDEAUTO: tattoo inside your eyelids “Do NOT Enable Editing.” 4012213 was installed when it came out in March of this year. And I unchecked the “update automatic links at open” setting in Word & Excel. If I can’t enable editing after the aforementioned adjustments, how do I go about editing word docs & excel spreadsheets? Please advise, am I missing something or am I good to go?

Anybody?  Bueller?  Maybe it’s so painfully obvious it doesn’t require a response.  Dang, sure would be nice to know for sure.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

MrBrian wrote:

About that setting: https://www.stigviewer.com/stig/microsoft_word_2007/2014-04-03/finding/V-17811 https://wordribbon.tips.net/T006115_Updating_Automatic_Links.html

Thanks Mr.Brian.  I suspect that I’m probably safe.

It seems rather vague for those that may have a need to view the updated version of the links they need to see or use.

Perhaps on the enterprise level it’s handled internally to protect production machines.  While us home PC people will simply have to be satisfied that it takes a certain amount of care as this unchecking option is all there is to date.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

So nice to see the green Defcon 4. But Arghh… now I have an error I have never seen before:

Windows could not search for new updates
An error occurred while checking for new updates for your computer
Code 80072EE2 Windows Update encountered an unknown error.

Clicking on the Microsoft help link has not been helpful.
Some important file must be corrupted, perhaps.
I hope someone here can suggest where to attack this problem. Thank you!

Reply | Quote

When you boot your computer, if you have anything but “Never check” set, Win Update will periodically check for updates. If you try to search while WU is searching, sometimes you get an error.
Try waiting a while and check again.

Here is a link to Windows Update Error Codes.

And another link that may be helpful.

1 user thanked author for this post.

walker

Reply | Quote

To fix the error code in Win 7  click on START, then Control panel.  In control panel at the upper right hand side it says,   view by: Category.  Click the drop down. Click on large icons.  On the page that comes up click on  Notification Area Icons.  At the bottom left check mark “Always show all icons and notifications on the task bar.”  Click the OK .  Go back to Windows update and try again .  Might take a minute or two to start.

Reply | Quote

I do not think it is a file corruption. Nor did I have to change any Control Panel – Task Bar – Notification Area – Icons settings. I cannot definately verify if there was a background process happening. But I can confirm seeing this error code.

It was surprising to me, the ‘Check for updates’ was taking longer than the usual too long a time for modern communications. I see very few errors thrown, and both the boldface print and capital letter Es startled me.

I did have a passing thought to start a troubleshoot. but I simply closed the current WU window, paused a moment, then relaunched the window. This time the ‘Check for updates’ took a more usual amount of too long for modern communications time. And returned the requested information without error.

I advise to try again in a new window. Obviously, if you have already retried in a new window, then your condition is different than mine. And I have not been helpful.

Reply | Quote

Go to http://www.repairwin.com/windows-update-80072ee2-error-solved/. It is specifically for the Error Code 80072EE2 which is received whenever Windows tries to search for Updates via Windows Update. It details 3 methods that might help you solve this error. Method 2 really seems to have solved the problem for a good number of people on this and several other sites. Good luck!

Reply | Quote

i am windows 7 ultimate, group b. but in planned tasks there is a task entry: consolidator (/microsoft/windows/customer experience improvemant program).
what’s the point of this? why do i have this bs? i always only installed group b security patches!!! so where does this come from and how do i get rid of it?

Reply | Quote

CEIP is on all Win7

Turn off CEIP:

Action Center\Change Action Center Settings\Customer Experience Improvement Program settings – Set “No”

Control Panel\Administrative Tools\Task Scheduler\Library\Microsoft\Windows\CEIP –
Disable all tasks
Under Application Experience – Disable all tasks

5 users thanked author for this post.

walker, Noel Carboni, JDeC, fl, Purg2

Reply | Quote

there are also programdataupdater, aitagent (application experience), usbceip, kernelciptask (customer experience improvement program). so which patch did infect my system with group a snooping things and how can i fix it?

Reply | Quote

thx, do you know what “action center” in german windows 7 is? can’t find it.

Reply | Quote

White Flag in right part of taskbar.

Reply | Quote

CEIP in built-in Windows since Vista, so those tasks exist inbox

1 user thanked author for this post.

walker

Reply | Quote

thx!

Reply | Quote

PKCano wrote:

CEIP is on all Win7 Turn off CEIP: Action Center\Change Action Center Settings\Customer Experience Improvement Program settings – Set “No” Control Panel\Administrative Tools\Task Scheduler\Library\Microsoft\Windows\CEIP – Disable all tasks, Under Application Experience – Disable all tasks

Based on our previous talk about this.  I took another look at these settings & discovered the following.

Application Experience tasks
AitAgent-Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.
StartupAppTask-Scans startup entries and raises notification to the user if there are too many startup entries.

CEIP tasks
BthSQM, Consolidator, KernelCEIPTask, USBCEIP
All four tasks say in the description: If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.

This research indicates to me that I’m probably good to go at the moment.  Fascinating nonetheless.  Thanks for the inspiration.

 

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

I have two Boot-Camped Macs running Windows 7, one as 64 bit, the other, 32. I don’t have any other Microsoft software, such as Office, on either machine, but I have installed IE11, which I never use. I’ve been a Group B updater since all the GWX nonsense started way back when.

This last weekend, I followed the “new” Group B rules, and used the Windows Update Mini-Tool (WUMT) to adjust all the revealing/hiding.

NOTE: New users of this program should be aware that upon its first start-up, it will change your Update preference to “Automatic”, and if you leave it there, when you go to the regular Windows Update, the option for “Never check…” will not be available. This freaked me out, until I realized what had happened, and quickly went back to WUMT and changed the selection box in the lower left corner, back to “Never” – Bullet dodged.

After that was done, I looked over all uninstalled and hidden updates, and found that I had not installed two from last year which Woody recommends – KB3177467 (the Servicing Stack for Win7 SP1 which supersedes KB3020369) and KB3172605 (the July 2016 Roll-up). I have not been experiencing any slow response to use of Windows Update, probably because I had installed KB3161647 instead of the July 2016 Roll-up, but I decided that moving forward, I should be on the same page as the advice given here, so I can persevere with Group B updating. I un-hid those two, and then hid everything else up to the end of Sept. of this year. Then I quit WUMT.

I manually installed both of this month’s Security Updates (KB4041678 and KB4040685 for IE11), and then started Windows Update, which showed this month’s Quality and Security Roll-up, the MSRT (KB890830) for October, and KB1377467. It also showed this month’s .NET Quality and Security update as Optional, so I left it unchecked, and then hid it. Back to the “Recommended” page, I hid the Roll-up, then applied the MSRT by itself, and waited for it to finish, at which point I installed KB1377467.

Following the re-boot, I ran WU once again, where I found KB3172605 shown as an Optional Update, which I went ahead and installed, then re-booted yet again.

After that, Windows Update showed that there were “No Available Updates”.

There is still a long list of hidden updates on my machines, mostly with “Quality”, “Roll-up” or “Preview” in the title, but there are quite a few which are just labeled as updates for Win7. Most of them are from last year, and since my machines have been running fine since then, I’ll just pick through the list of hidden items at my leisure, to establish what each does and whether or not I need it.

Meanwhile, both machines are rock solid for now. I’m considering whether or not to uninstall KB3172605 – other than fixing the WU slowdown (which I was not experiencing), is there any compelling reason to keep it?

Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

3 users thanked author for this post.

Elly, SueW, MrBrian

Reply | Quote

Thank you for noting the issue with Windows Update MiniTool :). I will change the modified instructions soon. Note that those instructions are unofficial and not officially endorsed by this site.

2 users thanked author for this post.

walker, fl

Reply | Quote

I did some testing with Windows Update MiniTool. “Automatically” seems to be the “Automatic Updates” setting that most people would want. In this context, “Automatically” actually seems to mean “This setting is managed by me, not group policy.”

2 users thanked author for this post.

SueW, walker

Reply | Quote

I’m really glad you did some testing with WUMT, MrBrian, as I’ve been reluctant to try it.  And thank you to @ fl for his/her feedback on using this tool.  I have a Home version of Windows 7 and also have “Never check for Updates” selected in MS’ Windows Update.

‘Group Policy’ is irrelevant in Home versions and, as I understand it, that’s what the options within the “Automatic Updates” drop-down menu in WUMT modify.  I was concerned that the ‘Automatically’ option in WUMT might change my intended setting in MS’ Windows Update.

I did not see a ‘Never’ option in WUMT that fl referenced, only these options:

Automatically
Disabled
Notification mode
Download only
Scheduled
Managed by Administrator

Many thanks for clearing this up!

 

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

MrBrian

Reply | Quote

Did I say “Never”? I must have meant “Disabled”…

Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

1 user thanked author for this post.

SueW

Reply | Quote

This “unclear” translation can be fixed with wumt_lang.ini placed next to the executable

http://www.host-a.net/u/abbodi86/wumt_lang.zip

you can edit it to suit you 🙂

1 user thanked author for this post.

SueW

Reply | Quote

@ abbodi86, thanks!  Unfortunately, I wasn’t able to download the file.  I had tried 2-3 times, and I also signed up as a member.  The File Info indicates “Downloads: 3” and “File size: 0 MB” . . .

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

@SueW
https://drop.me/oj2Kje

1 user thanked author for this post.

SueW

Reply | Quote

Thank you, anonymous — that worked!  For those who are interested in what the new, more meaningful, descriptions under the “Automatic Updates Policy” drop-down menu are, I’ve included a screenshot of the left panel.  Note: I had to add the last two options due to the original screenshot.  As abbodi86 noted, you can edit the descriptions to suit yourself.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

From Woody’s Oct. 27 Computerworld column:

There was a big patch for the Anniversary Update, version 1607, on Patch Tuesday, and another huge patch a week later. If you install the latest patch, you’ll be up to build 14393.1794. That patch also has the acknowledged bugs with “Unexpected error from external database driver” and borked UWP apps.

I haven’t seen where Microsoft has seen fit, as of yet, to fix the “Unexpected error from external database driver” and borked UWP apps bugs. Can someone please confirm or correct me on this? If, in fact, these bugs are still present, I’m assuming they’re in the Cumulative Update KB4041691. At any rate, because of this, I haven yet applied any October updates, but plan to do so later this week.

However, just wondering … since I already have enough “bugs” in my three 1607 rigs from previous updates 🙁 … I’d really appreciate anyone’s input on the possibility of simply not applying KB4041691 this time around and waiting for the November Cumulative update, in hopes that by then MS will have SURELY fixed these two bugs. 🙂

Many thanks for your input, one and all.

Reply | Quote

I wanted to wait until DEFCON 3 (or higher) before I used MrBrian’s new instructions to update my Group B computer.  I’m pleased to report that all went well!  I am one of the many who did not hide any updates in the past, other than Windows 10-related updates.  So I wanted to make sure my computer was totally update-to-date prior to installing October’s updates.  Before I started, I decided to “unhide” any hidden updates.  To my surprise, there were none, even though I had hidden many over the past couple of years (and have the list).

Not 100% sure of using the Windows Update MiniTool (yet), I decided to go through the process of “checking for updates & then hiding unwanted updates” and did so repeatedly 11 times, including the initial check.  Each of the subsequent 10 checks took 1 minute each (and hiding took even less time), making the entire process very manageable and not time-consuming.

As a result, I installed the following 5 Important updates and then rebooted:
– Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition
– Security Update for Microsoft Office 2010 (KB2837599) 32-Bit Edition
– Security Update for Microsoft Outlook 2010 (KB4011196) 32-Bit Edition
– Security Update for Microsoft Word 2010 (KB3213630) 32-Bit Edition
– Windows Malicious Software Removal Tool x64 – October 2017 (KB890830)

After checking for updates again, I installed the following 1 Important update (no need to reboot):
– Update for Windows 7 for x64-based Systems (KB3177467) from 10/11/16
[Note: Servicing stack update for Windows 7 SP1 SP1]

Interestingly, this is the same “missing” update that both Elly and fl also found after going through this process.

Afterwards, I compiled a list of all Hidden updates (1 Office 2010 and 47 Windows 7), and then unhid the following:
Optional:
– 2017-10 Security and Quality Rollup for .NET Framework 4.6.1, 4.6.2, 4.7 on Windows 7 (KB4043766)
– Microsoft .NET Framework 4.7 for Windows 7 for x64 (KB3186497)

Note: I get Recommended Updates as Optional Updates

I bet next month’s process will be quicker, now that all past Previews and Windows Rollups are now hidden . . .

Group B — and the beat [still] goes on 🙂

“Thank you” once again to MrBrian, Woody, PKCano, and everyone else who contributes their time and expertise to AskWoody!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

5 users thanked author for this post.

JDeC, AJNorth, Elly, walker, MrBrian

Reply | Quote

Thanks for providing the detailed feedback, and I’m glad it worked for you :). You’re probably the fourth or fifth person who recently mentioned that they were missing KB3177467.

3 users thanked author for this post.

walker, Elly, SueW

Reply | Quote

Hi @SueW , I only wanted to add an explanation for this early part of your comment:

” Before I started, I decided to “unhide” any hidden updates. To my surprise, there were none, even though I had hidden many over the past couple of years (and have the list). ”

I do not remember when I first saw this, but I do think it is a change from long ago. I believe your hidden list is now kept on the Microsoft servers in Redmond, or wherever. If you request to ‘Restore hidden updates’ before requesting the first ‘Check for updates’; then you will see a blank list with the message something like, You have no hidden updates.

It is after your system has compared notes with Microsoft servers by an inquiry and response that is performed during the ‘Check for updates’, that both lists are populated. That is to say both your Hidden Updates and your Current Offerings lists are generated from those servers instead of being kept on your local machine.

I am not sure if this is only for systems set for ‘Never Check for Updates (not recommended)’ like mine. Which I do recommend.

I hope this helps explain what you will see again next time.

2 users thanked author for this post.

SueW, MrBrian

Reply | Quote

Paul has good advice about what to do if no hidden updates are shown but yet you’re pretty sure you’ve hidden updates. One correction though: the list of hidden updates is stored locally in a file called datastore.edb.

4 users thanked author for this post.

Elly, walker, Cascadian, SueW

Reply | Quote

Thank you for the correction. I do not understand the change in behavior during use. Or if my memory is serving me correctly, that there was a change at all. Perhaps my use is what changed instead.

It is good to know the truth, so that I do not make bad assumptions.

Reply | Quote

Hi @ Paul — thank you very much for your explanation!  That would explain why I was seeing what I was seeing, and when 😉  Indeed, my current “Hidden” list does include my original list + those updates I hid today.

And @ MrBrian — I will check out the local “hideout” on my computer.  The idea that Microsoft might be keeping a list of my formerly hidden updates is downright scary!!

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

Cascadian

Reply | Quote

I always have WU set on “Never check for updates (not recommended)”. I found out, in a round about way, that every time I shut down my computer and boot it back-up, I would lose my hidden update list. I figured out that if I “Checked for updates” in WU the hidden update list would repopulate. I think the “Never check for updates (not recommended)” setting is the the only setting that erases your hidden update list after shutting down your computer. (At least in the “Restore hidden updates” control panel window). Now according to MrBrian they are stored in a file called DataStore.edb. I found the file but I’m not smart enough to know how to open it.

 

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

2 users thanked author for this post.

SueW, Cascadian

Reply | Quote

The reason that Windows checks for updates before populating the hidden updates list is probably because Windows doesn’t list hidden updates that are no longer applicable, or have been expired by Microsoft.

3 users thanked author for this post.

Elly, walker, SueW

Reply | Quote

Windows 7×64, Group B. Thought I’d share my experience. After installing the two October security-only patches like usual, I followed MrBrian’s instructions of checking and hiding and rechecking for updates. This was a little repetitive, but each check took only about 30 seconds (sometimes fewer) and the whole thing was over before I knew it. Most importantly, zero Security Updates popped up; only 8 of the normal “Updates” appeared in the Important tab—the kind I was never installing anyway. I unhid them after the whole thing was over, but I’m not going to worry about them. In the end I only had the MSRT and two Office Security Updates to install, and didn’t even have to reboot.

Needless to say I’m quite relieved and plan to stay in Group B, even if I have to do this hide-and-recheck business every month. (Not sure if that’s what we’re meant to do.) Thanks to everyone for their input.

4 users thanked author for this post.

JDeC, Elly, SueW, MrBrian

Reply | Quote

If you are in Group B and have no intention of installing the Windows monthly rollups, I recommend to keep them hidden.

3 users thanked author for this post.

JDeC, Elly, walker

Reply | Quote

Correction to my earlier post:

“The two known issues listed in .NET Framework September 2017 Security and Quality Rollup were fixed in the .NET Framework October 2017 Security and Quality Rollup according to https://support.microsoft.com/en-us/help/4043564/certain-net-framework-4-5-2-updates-contain-pseudo-non-english-charact and https://support.microsoft.com/en-us/help/4043601/rendering-issues-after-the-september-12-2017-net-security-and-quality.”

It now appears that these fixes are not included in the .NET Framework October 2017 monthly rollups but instead might be included in the October 2017 .NET Framework preview monthly rollups.

 

1 user thanked author for this post.

walker

Reply | Quote

@MrBrian

I don’t if you saw this Reply it describes a black screen problem after I installed, 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4041083). Could the known issues in the September 2017 .NET Framework patch have cause the black screen problem?

2nd time booting since installing patches, so far the computer is still booting normal.

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

I doubt it but I can’t rule it out either.

2 users thanked author for this post.

walker, Sparky

Reply | Quote

Typo correction on previous post:  It should read “I don’t know if you saw this Reply” it …

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

Edit: My earlier post may have been correct.

1 user thanked author for this post.

walker

Reply | Quote

From Security update for Adobe Flash Player: October 17, 2017: “Issue:
After installing this security update, some users may observe a content crash when loading applications that use Adobe Flash Player.”

2 users thanked author for this post.

SueW, walker

Reply | Quote

According to the link, this issue might apply to most versions of Windows, but not to Windows 7 (for once!):

This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 10 Version 1703, Windows 8.1, or Windows RT 8.1.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

For Win7, Flash Player is from Adobe download.
For Win8.1 and Win10, Flash Player for IE11 is through MS and Windows Update.
Adobe has updated their Player. MS has not – will have to issue another update for IE11.

1 user thanked author for this post.

SueW

Reply | Quote

Hi.  I have a Dell Win 7 machine.  I’m live in Group A.  I avoided last month’s (September) Security and Quality update because of a potential issue reported with Dell PCs.  Does anyone know if that issue have been corrected?  Should we be OK with installing this month’s (October) S&Q rollup?  I’ve scanned the previous comments pretty good, plus Woody’s article, didn’t see any mention of the Dell issue this month.  Thanks for all the assistance here!

Reply | Quote

Cooee fellow group B runners

I have 3 comps running W7 x64

I saw the defCon 4 so I went to install security update windows6.1-kb4041681-x64

On two of my comps there were no problems & I also did the Office updates afterwards, but I deferred the .net updates (all went well on those two comps)

On my main comp, windows6.1-kb4041681-x64 did not take.  It said it installed OK & just needs to reboot.  It goes to do its installing thing when it shuts down but it reboots when it only installs 15% of the update.  Upon reboot it says it fails & reverts back to before the security update

I did this several times through WU & I also downloaded windows6.1-kb4041681-x64 through Windows catalogue & tried several times to install it, all to no evail; it goes to install on reboot & reboots at 15%

Any ideas why she failed to take this security update?

no biggie, I shall try with next months security update, I was just curious
cheers

have a good 1 🙂 cheers

Reply | Quote

@the_Unforgiven

If you are a Security Only Group B follower, the windows6.1-kb4041681-x64 update is the wrong update for your 3 computers… KB4041681 is not the October Windows Security Only update, it’s the October Monthly Rollup update that you would install if you were in Group A. Windows Update doesn’t offer “Group B” monthly updates for Win7 and 8.1.  The 2 updates you want are, KB4041678 for windows, and KB4040685 for IE11. The easiest way to get  these updates is by going to 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1 which is maintained by @pkcano.  The other way is to download and install them from the Windows Update Catalog.

Your message indicates the you have 3 W7 x64 computers, of which you were able to install KB4041681 rollup on 2 of them. Assuming this is the first and only time you’ve inadvertently installed the monthly rollup instead of the security only updates, just uninstall it and then you can download and install the 2 security only updates. If it’s not the first time you’ve inadvertently done this, you should probably ask others how to go about removing all the other prior monthly rollups so that you can then go ahead install the required security only updates. Either that or you just became a Group A follower.

1 user thanked author for this post.

the_Unforgiven

Reply | Quote

FWIW, WU just pushed out a Nvidia driver as IMPORTANT, but no support information whatever…

This is an HP Zbook 17 Workstation, Win7 x64. Checked the HP support page for this box and no new video drivers offered for this configuration and HP is fairly good about maintaining business systems. They also send out critical alert mails frequently although lately these security updates have applied to Win10 exclusively when I check the fine print.

Another example of WU as malware I’d imagine.

Reply | Quote

Any details?

Reply | Quote

“NVIDIA – Display – 9/25/2017 12:00:00 AM – 22.21.13.8573”

No MS support or help info on the links. ZIP! And it’s IMPORTANT. Pity the unwary…

1 user thanked author for this post.

woody

Reply | Quote

Does this thread offer any insight?

https://forums.guru3d.com/threads/windows-update-nvidia-display-9-3-2017-12-00-00-am-23-21-13-8768.416859/

Reply | Quote

Looks like a train wreck? 😉

A quick Google of that number indicated that it might be for Win10 Anniversary. This box is never leaving Win7. Small wonder HP showed no update for Win7 with a Quadro K3100M…

Reply | Quote

Have you visited the NVIDIA site – http://www.nvidia.com/content/global/global.php?

If you navigate through, you should end up at http://www.nvidia.com/download/driverResults.aspx/126786/en-us, where you will find that your Quadro driver was updated to version R384 U5 (385.90) WHQL on 2017.11.06.

1 user thanked author for this post.

woody

Reply | Quote