MS-DEFCON 5: Get your systems patched

Topic

New Reply

The problems this month are relatively benign (as long as you aren’t manually installing WIn7/Server 2008 Security-only patches). If you’re running Wi
[See the full post at: MS-DEFCON 5: Get your systems patched]

8 users thanked author for this post.

HiFlyer, Spiral, Moonbear, CAS, Myst, SueW, OldBiddy, abbodi86

Reply | Quote

Replies

WOW !!!

Can’t remember when I’ve seen a MS-DEFCON 5.

Has it been lonely??  🙂

Cheers!!
Willie McClure
“We are trying to build a gentler, kinder society, and if we all pitch in just a little bit, we are going to get there.” Alex Trebek

1 user thanked author for this post.

warrenrumak

Reply | Quote

It appears to have been a little less than 3 years since the last one…

2 users thanked author for this post.

Cybertooth, SueW

Reply | Quote

Thanks Woody.

I take it then for Windows 7 users, that if we are following Windows Update then we install the monthly rollup KB4530734 and only then when (with any other updates also installed such as MSRT and Office updates etc) we are offered the SSU update KB4531786 do we install that update? There has been a lot of talk about the order in which those two are installed and I’m assuming we follow the order in which Microsoft give them to us.

2 users thanked author for this post.

OldBiddy, Charlie

Reply | Quote

And the big question to be answered regarding Windows 7:

Do we install the December SSU KB4531786 first and exclusively, then the December CU or go with the Window Updater which will first install all available updates, then after reboot show the SSU KB4531786 for installation last?

PS: I was apparently typing my post while Seff was posting his/her question.

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

2 users thanked author for this post.

OldBiddy, Charlie

Reply | Quote

I am also a Windows 7 Home Premium User. In December I installed the MSRT KB89030 and hid the December Security updates for .NET KB4533095 and the December Monthly Rollup KB4530734.

 

After I hid the updates, the SSU populated KB4531786 and I installed it. I believe it took a little longer than usually to get the MSRT to load and install as well as the SSU for December, 2019.

 

So my question is the same as others, is it now acceptable to unhide the NET and Monthly rollups for December and let the installation begin?

Thanks, as I want to save my Win 7 machine with all the good advice you have given over the years!

Win 10 Home 22H2

1 user thanked author for this post.

OldBiddy

Reply | Quote

for windows 7 ultimate (group b): do i need ssu kb4531786 first before installing security only patch kb4530692 and ie patch kb4530677? in this case i’ll need to hide all office, msrt, .net patches…

and which registry entry do i have to modify in order to never see that eos nag screen? do i already modify registry right after installation of kb4530692 BEFORE reboot?

and is there any ssu for windows 8.1? or can i simply install group b patches on 8.1 notebook?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

2 users thanked author for this post.

pandarunnerpt, Charlie

Reply | Quote

sorry, can’t edit my post anymore.

this time i really need step by step instructions for dummies otherwise i won’t dare installing any december 2019 patches on windows 7.

additional to nag screen, are there any “services” to be deactivated like in july 2019 and september 2019 patches which had spyware built in?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

I installed

KB 4531786 did a restart even though it didn’t need it and waited for the red light to stop flashing
KB 4530734 did a restart and it restarted 2 more times then waited for the red light to stop flashing
KB 890830 did a restart even though it didn’t need it and waited for the red light to stop flashing
Tried KB 4533095 and it was still unchecked so I put it back in the hidden area

No problems so far.

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

OldBiddy

Reply | Quote

fernlady wrote:

KB 4530734 did a restart and it restarted 2 more times then waited for the red light to stop flashing

To clarify was that the regular restart and then 2 more times (total of 3 restarts) or the regular restart then 1 more (total of 2 restarts)?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

When it finished installing the update I had to restart, I walked away for a few minutes and when I looked it was at 35% configuring went to 100% and restarted.

In the past it did a restart at 30% and came back at 60% then finished. Now I’m not sure how many times it restarted.

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

OldBiddy

Reply | Quote

The white whale!
Haven’t seen a DEFCON-5 in probably 2 1/2 – 3 years. 😀
I think it was back when all the Win7 updates in…February? were pulled for the month. Can’t remember if that was 2016 or 2017.

Reply | Quote

Dont know if we missed this before or MS recently added, but at the very top of the MS support page for KB4530734 it shows the following:

IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update.

The “How to get this update” section (lower in the page) is what several had previously quoted and subject to interpretation.  However that section does address 3 old items and the current SSU KB4531786 specifically.  Therefore it seems those enumerated KB’s are the required updates listed that should be installed before installing “this” update KB4530734.

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

That’s a tricky one, and made all the trickier by Microsoft’s habit of reissuing updated patches with the same KB number.

The updates they recommend installing prior to KB4530734 include the SSU update KB4474419 released in September 2019, but my notes indicate that Woody ended up recommending that we skipped the September updates, so I don’t have it installed. However, the October 2019 updates were recommended for installation in due course, and they also included KB4474419. So I do have KB4474419 installed, but not necessarily the right one!

Reply | Quote

Seff wrote:

The updates they recommend installing prior to KB4530734 include the SSU update KB4474419 released in September 2019, but my notes indicate that Woody ended up recommending that we skipped the September updates, so I don’t have it installed. However, the October 2019 updates were recommended for installation in due course, and they also included KB4474419. So I do have KB4474419 installed, but not necessarily the right one!

I think you may have some KB’s confused. KB4474419 is not a SSU but the latest SHA-2 update (there was one in March and one in September). This was separate from any separate September CU and should have been installed.  Not sure but question if KB4474419 would have been included in the October CU or not.

MS does reference the March SSU KB4490628 as a prerequisite and should have been installed. Again I question that an SSU would be included in subsequent monthly CU. There was also a SSU in September KB4516655 and in November KB4523206 which should have been installed but MS does not seem to be singling those out.

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

1 user thanked author for this post.

Seff

Reply | Quote

Ah, thanks for putting me straight on that!

So I declined to install the SHA-2 update in September and it was then offered to me in October – that actually makes sense, not as part of the standard October offerings but because I hadn’t installed it in September.

I already had the March SSU installed, and as you say that’s the only one they’re singling out initially, although they then go on to recommend that the December SSU KB4531786 is installed as part of the prerequisite to installing the December monthly rollup – the complication being that they say it will be automatically offered under WU although in practice you have to hide the rollup for the prerequisite SSU to appear or else find it in the catalog, neither of which is intuitive to the vast majority of users.

So it would seem that I am up-to-date with the prerequisite updates apart from knowing whether the December SSU update must be installed before or after the rollup, as per the question being pursued throughout this topic. The indication is that it should be installed before, but you have to seek out the information on that in order even to know that it exists.

Reply | Quote

Seff wrote:

That’s a tricky one, and made all the trickier by Microsoft’s habit of reissuing updated patches with the same KB number.

The updates they recommend installing prior to KB4530734 include the SSU update KB4474419 released in September 2019, but my notes indicate that Woody ended up recommending that we skipped the September updates, so I don’t have it installed. However, the October 2019 updates were recommended for installation in due course, and they also included KB4474419. So I do have KB4474419 installed, but not necessarily the right one!

as far i remember i have several incarnations of KB4474419 installed. 🙁

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

1 user thanked author for this post.

davide

Reply | Quote

Indeed, but given that MS say that the latest SSU update is automatically offered, does that mean it must be the September version that you have installed or will the October one do just as well? I’m assuming that because I didn’t install it in September they offered it (albeit possibly updated) in October. Hopefully that qualifies!

Reply | Quote

Windows 10 v1903 PRO Retail x64 Desktop PC

My “Pause” period was set to expire tomorrow: January 11, 2020. As this box (and the concomitant brand-new to me Windows 10 installed on it) are only a couple months old, and we have storms coming our way here in North Texas, I went ahead, took the plunge, and un-Paused my WU.

I was surprised by the results. Three updates were found and seamlessly installed in less than 15 minutes, in this order:
KB 4530684 (2019-12 CU for Win10 x64, v1903)
KB 4533002 (2019-12 CU for .NET for 3.5 & 4.8 for Win10 x64, v1903)
KB 890830 (MSRT x64 – December 2019)

I am still on v1903, my Build number just changed from 18362.476 to .535, I still have the Optional “Feature Update to Windows 10, v1909 clickable link), I got (it looks like and I hope) my 5 Pauses back, and as far as I can tell, nothing else has changed. My Classic Shell stayed the same.
I take that back. The login splash screen picture changed.

I’m happy, at least for now, and maybe only until I am required to install v1909.
Just my $0.02. YMMV.
-Grond

Windows 10 Pro x64 v1909 Desktop PC

Reply | Quote

For those of you in Group B, let me explain something.

You can interpret things any way you want to, BUT…..
Rollups contain the SO and the IE11 CU. They are basically the same thing (less the non-security part). The sequence is the same. Just put SO/IE11 CU in place of Rollup. From Woody’s instructions, my experience:

I Installed the Dec Updates on eight (8) Win7 machines of varying types (32 and 64 bit, Home, Pro, and Ultimate). I let Windows Update handle the installation each time, which means the Rollup, .NET, Office (when installed), and MSRT were installed first and the SSU appeared and installed AFTER the reboot. In all cases, the initial install of the Rollup involved two (2) reboots to complete, but presented no problems. And I had no problems with the SSU installs afterward.

I can only say it works.

5 users thanked author for this post.

Lori, pandarunnerpt, honx, SueW, RDRguy

Reply | Quote

I couldn’t have said this better myself … thanks PK

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

PK my question to you is that you have always insisted that SSU’s get installed first and exclusively.  Now let Windows decide?

Others including fernlady installed the SSU first then the other updates and got the same double restart, so same result.

Question though is: Why would MS bother to issue another new SSU in December, right after one in November, and right before the last Windows 7 update in January if it was only needed for the January – last ever update?  The install it last routine would mean the SSU was not needed for December only January – right?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

finished. (i hope so).

on win7 i installed win kb4530692 and ie kb4530677. after double reboot i installed important all important checked office 2010 and msrt patches. there was no .net patch this time (at least not “important”. as usual i hid group a qualitysecurity rollup. then ssu kb4531786 was available, i installed it and rebooted again.

i was not offered november ssu kb4523206.

on win8.1 i installed win/ie patches, after reboot i installed office 2010, msrt and defender patches as usual.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

2 users thanked author for this post.

Charlie, PKCano

Reply | Quote

Okay, so the last thing you installed was the SSU KB4531786 after all the other updates.  At last a definitive answer from a fellow Win 7 Group B person. Since another person did the SSU first, it appears that it can be done either way.  Thank you very much.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

2 users thanked author for this post.

Lori, SueW

Reply | Quote

“another person did the SSU first” — That other person might be me. I’ve always installed the SSU first, and have reported that a number of times on this site. I’ve done one Win 7 Starter 32 bit and one Win 7 Pro 64 bit this month the same way. I’ve never had any problems, although I do restart after an SSU installation even though I have never been told during an installation that I needed to.

1 user thanked author for this post.

SueW

Reply | Quote

Whenever, before or after the other patches, you install the SSU, make sure to create a restore point just before installing it. That way you have a chance to getting your machine back from among the dead and dying by, if necessary, logging in in protected mode and then, with enough luck, de-installing the fateful SSU and have the PC live to have it installed again (after creating another restore point), this time following all the other December patches, as the consensus seems to lean towards this being the right and safe order of patching this time, for some reason. That’s how I’ll do it, when I can find the time and patience for doing this.

Others will probably recommend going further and creating an ISO disk. That should be even safer, although the risk does not strike me as bad enough to do it. But that’s just my opinion.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Unfortunately, if I understand correctly, an SSU patch cannot be uninstalled, at least not in any simple way.

Reply | Quote

DrBonzo, as I understand it, the purpose of using a restore point is not to uninstall patches or anything else installed after it was created: it is to obliterate them, to erase their very memory from the HD, to leave the PC as if the patches and etc. had never been installed. Using the restore point, by definition, restores the system to its earlier state, in this case  just before the SSU was installed. So, when the system is restored, all should be as if there never there was an SSU, not just installed, but even in existence anywhere in the Universe, as far as the PC is concerned. Assuming the restoration works, of course. Because you never know.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

I agree with your interpretation of the purpose of a restore point.

Perhaps I misunderstood your use of the phrase “de-installing the fateful SSU…”

1 user thanked author for this post.

HiFlyer

Reply | Quote

PKCano wrote:

For those of you in Group B, let me explain something.

You can interpret things any way you want to, BUT…..
Rollups contain the SO and the IE11 CU. They are basically the same thing (less the non-security part). The sequence is the same. Just put SO/IE11 CU in place of Rollup. From Woody’s instructions, my experience:

I Installed the Dec Updates on eight (8) Win7 machines of varying types (32 and 64 bit, Home, Pro, and Ultimate). I let Windows Update handle the installation each time, which means the Rollup, .NET, Office (when installed), and MSRT were installed first and the SSU appeared and installed AFTER the reboot. In all cases, the initial install of the Rollup involved two (2) reboots to complete, but presented no problems. And I had no problems with the SSU installs afterward.

I can only say it works.

thx, so now i’l follow this order. FIRST i’ll install win so kb4530692 and ie kb4530677.
after reboot i’ll install all important checked office, .net, msrt patches…
and LAST i’ll install ssu kb4531786 and reboot again.

is there any ssu for windows 8.1? or can i patch 8.1 notebook as usual?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

2 users thanked author for this post.

Charlie, RDRguy

Reply | Quote

No SSU for Win8.1

Be aware. You may also get the double reboot with the SO.

4 users thanked author for this post.

Lori, OscarCP, RDRguy, OldBiddy

Reply | Quote

PKCano wrote:

No SSU for Win8.1

Be aware. You may also get the double reboot with the SO.

as long it’s no reboot loop and i still have a bootable usable sytem afterwards, two or three reboots are fine. 😀

 

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

@pkcano I’ve never seen my system do a double reboot before. Does it happen automatically or do you have to click restart first?

Win 7 Group A 64-bit Windows Home Premium user.

Reply | Quote

It happens automatically before it comes back to the login screen. Be patient.

2 users thanked author for this post.

Lori, OldBiddy

Reply | Quote

Windows 10 Version 1903 – I tried using a metered connection and it did work to stop the automatic updating, but I also paused updates.

If I don’t pause the updates … will the metered connection alone stop the automatic updates?

One thing I do miss about Windows 7 is the information you were able to get about the individual updates .. size , date issued, etc.  Is there a way to get this information in Windows 10 before we update?

 

Reply | Quote

Wow! Defcon 5
Who would have thought?
Windows update reporting in…..

KB4530734 (rollup) installed smoothly.  Rebooted only once per usual.
waited about 1/2 hour then installed
KB4531786 (service stack) it installed smoothly.  I rebooted after
waited another 15 minutes then installed….
Kb4533095 (.net rollup) which also installed smoothly.  I rebooted after.
Then….
I figure with Defcon at 5, might just as well go big or go home.
I installed the Dec. MSRT
I have not installed MSRT since last January.
All went smoothly.
The only thing I noticed was that after I installed the rollup, “checking for updates”
was taking a long time, so I “ended the task” via task manager and restarted “checking for updates”.  No further problem.

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1 GROUP A
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller
Bitdefender (free version) installed 12/6/19 (replaced MSE)
Chrome browser
DSL via ethernet (landline)

 

2 users thanked author for this post.

Chessie, PKCano

Reply | Quote

Just to be clear, I have the December SSU KB431786 installed and the MSRT for December installed and held back and hid the December Security updates for .NET KB4533095 and the December Monthly Rollup KB4530734.

From what I hear everyone saying, it should not matter with the Monthly Rollup or the .NET Security update to be installed AFTER the December SSU?

And, there might be several restarts with the updates or just the group that does the security only updates. I’m not in the groups, just a very cautious consumer that does not want to break her old friend Windows 7.

Win 10 Home 22H2

Reply | Quote

“From what I hear everyone saying, it should not matter with the Monthly Rollup or the .NET Security update to be installed AFTER the December SSU?”

Windows Update, when allowed to install updates automatically,  will first install Dec-CU, reboots the PC,  then installs Dec-SSU.  I just let WU do its thing and my Win7 PC is fine.

Not sure if you’ll run into problems installing SSU before CU, but that’s been Microsoft’s guidance from the beginning, so it’s kind of strange to see WU behaving opposite from that guidance.

 

1 user thanked author for this post.

Win7and10

Reply | Quote

That’s the only thing I am concerned about. Since I hid the security updates for December and went ahead and let the SSU KB4531786 install since I was offered it, there is concern on my part whether to go ahead and try the December security updates or just wait and do the January 14, 2020 updates. Any thoughts?

Reply | Quote

Woody is giving the all clear for December’s updates, he didn’t include January 14,2020 in the come and get it DEFCON5.

If the past is any evidence, by January 13, 2020 DEFCON2 will be up again.

Reply | Quote

Win7and10 wrote:

Just to be clear, I have the December SSU KB431786 installed and the MSRT for December installed and held back and hid the December Security updates for .NET KB4533095 and the December Monthly Rollup KB4530734.

From what I hear everyone saying, it should not matter with the Monthly Rollup or the .NET Security update to be installed AFTER the December SSU?

And, there might be several restarts with the updates or just the group that does the security only updates. I’m not in the groups, just a very cautious consumer that does not want to break her old friend Windows 7.

you were offered .net december update for windows 7?

for me there was no .net update available, on both win7 and win8.1, at least not “important”. and i never install anything optional…

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

[Win7and10]

I hid the December Security updates for .NET KB4533095

Win 10 Home 22H2

• This reply was modified 5 years, 2 months ago by Win7and10.
• This reply was modified 5 years, 2 months ago by Win7and10.

Reply | Quote

This just came up on my newsfeed.  Any comments?  “The Department of Homeland Security has sent out an urgent alert for users of the Mozilla Firefox browser.”

Reply | Quote

To update your copy of Firefox version to Firefox 72.0.1 or Firefox ESR 68.4.1 (or higher):

On a Mac: Launch Firefox and click About > Firefox and click the “Restart to update Firefox” button to update Firefox
On a PC: Launch Firefox and go under either Options > Firefox Updates or Options > Advanced > Update or Help > About Firefox and click the “Restart to update Firefox” to update Firefox.

You should be running Firefox version 72.0.1 or Firefox version ESR 68.4.1 or higher.

This vulnerability does not affect mobile versions of the web browser.

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

I think that I’m going to wait for the Jan 2020 Windows 7 updates to be announced at 7’s final EOL(For consumers) update Tuesday and actually manually run Windows update just to see what updates it offers. I’m group B currently but I have from time to time manually run Windows update just to see. But currently I’m skipping Dec 2019’s Windows 7 SO update with the nagging included and IE11’s updates are cumulative anyways. But I guess that I’ll still have to install December 2019’s Servicing Stack Update for 7 before any January 2020 Windows 7 patches.

Does anyone think that maybe MS will create an EOL for Windows 7 convenience roll-up with all the Windows 7 lifetime patches included, the ones that actually work and don’t cause issues.   I’m still considering doing a fresh Windows 7 Pro install from a 7+ year old  set of OEM provided Windows 7 Pro Recovery DVDs and redoing the all the patches over. And I’m doing this to get all the cobwebs and dust out of the registry the fresh clean install way.

I still plan to physically remove the old 7 Hard Drive with 7 Pro still installed and replace that with an SSD to install Windows 8 Pro(The laptop is actually licensed for 8 Pro) and updating that to 8.1 and using that until 2023.

I hoping that the Windows 7 update servers are kept active for a good few more months anyways just so any final bug/regression fixes can be offered if need be for any updates that still have issues.

Reply | Quote

So, I suppose this is my moment of truth.

I’ve happily been Windows 7×64, Group B—or at least I was until the announcement of the problems with the July 2019 SO patch. I skipped that month, then I was out of town during the next month’s window, then there were problems with the September SO patches….and long story short I’ve effectively been Group W since the June updates, with no apparent problems to report.

Now I’ve got a few days to decide whether it’s worth it to wade through six months of instructions—apparently with a really bad SSU thrown in, plus this month’s double-reboot nightmare—spending hours if not days asking questions and relying on the kindness (and patience) of others as I try to figure out the exact order of patches, update checks/hides/rechecks/etc., and reboots, with the best-case scenario that I’ll end up with…an unsupported system come January 14 no matter what.

I have a single home computer, I never use IE, and I haven’t heard of most of the programs or devices that have sometimes had problems with monthly updates. I’m not necessarily asking for definitive advice (I know why the experts don’t want to give that out) but I am certainly open to anyone’s thoughts, especially if someone has been part of Group W longer than I have. I promise I won’t hold anyone to anything…but what would you do? Grateful in advance.

Reply | Quote

I’m no expert, but in your shoes I’d probably forego the frustration and possible pain of sifting through all the updates since June 2019 and either leave things as they are or more probably just accept the Group A approach and for the December and/or January updates simply install the updates offered to me which would likely be the latest monthly rollup, the latest SSU update and the latest .net framework update, all of which are cumulative so long as you’re not installing the security-only updates. I no longer bother with the monthly MSRT as it became a tad problematic a while ago and I’m not convinced it adds anything if you have decent anti-virus/malware protection anyway.

Others may take a different approach of course!

Reply | Quote

I have a question regarding KB 4530692. I understand that it includes the KB 4493132 nagware that installs an executable file that will be run daily on Windows. So far I am disinclined to install it. Is there anything that can be done about the nagging if I do install it?

PS: the correct sequence for for installation is still KB 4530692 and KB 4530677 before the December SSU KB4531786, right?

 

Windows 7 Home Premium, 64bit, Group B

Reply | Quote

On my Win 8.1 system, a check for updates comes up with KB4533097:

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4533097) — Published 12/10/2019

I don’t see this KB number listed anywhere in the Master Patch List.  Does anyone know if this KB is included in the current MS-DEFCON5, and is safe to install?

Reply | Quote

[dgreen]

I have a question about my hidden updates.
Before W7 end of support goes into effect, here are my “hidden” updates.
Should any of these be installed?
I know these 5 should probably be kept hidden
KB31493132 is the nag one
KB4503548 is the Net 4.8
KB2594819, KB25992687 are the RDP (remote desktop protocol)
KB2830477 (my notes tell me this was problematic so I hid it)
not sure about the rest of them however ?

Windows 7 Home Premium 64 bit Group A

• This reply was modified 5 years, 2 months ago by dgreen.

Reply | Quote

These patches you don’t need:
+ Telemetry patches: KB2952664/KB3150513, KB3021917, KB3022345, KB3068708,  and KB3080149
+ KB4493132/KB4524752 EOL nags
+ KB4503548  Net 4.8 – not for Win7 unless you have an app that needs it.
+ KB971033 Win validation tech
+ KB2594819 no longer shows in the Catalog, probably superseded

KB2592687 and KB2830477 are updates for RDP. I don’t know if lack of the updates leaves you more vulnerable.
KB2970228 and KB3102429 are support for Russian and Azerbaijani Mainat currancies and should’t be critical one way or the other unless you are dealing with them.

1 user thanked author for this post.

dgreen

Reply | Quote

Windows 10 Pro 1809:
After changing gpedit.msc’s update settings I received the ‘upgrade’ for 1903, which installed without any problem, but I noticed a significant slowdown in start up. Double checked that by restarting a few times after upgrading but it didn’t improve, so I reverted to 1809. (And reverted my update settings to 365/30 days.)
I then got offered KB4530715 Cum.Dec, KB4533094 Cum.Dec .NET 3.5, 4.7.2, 4.8 and KB890830 Dec.
All installed without problem and caused no problem afterwards.

Windows 7 Pro – Group B:
I’m using Win10 as my daily driver for a few months now, and I must say Win7 looks and feels a bit outdated. Never thought I would say that!
Downloaded KB4530677 IE Dec and KB4530692 SO Dec and installed them without problems during or after. Both needed a restart. Did not see any nag screen afterwards.
Then told Windows Update to search and got offered KB890830 Dec (among others). Installed that one too – did not need a restart.

However, I did NOT get KB4531786 SSU offered, so I will have to download that one myself.

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

Reply | Quote

TJ wrote:

I noticed a significant slowdown in start up

That may just be post upgrade tasks. I always give the machine 30 mins to settle before testing.

cheers, Paul

Reply | Quote

Right. Will try that next time.

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

Reply | Quote

…However, I did NOT get KB4531786 SSU offered…

Besides going out and getting it from the Catalog, you can also HIDE the December rollup that is probably showing up in Windows Update. Once you hide that update (by right clicking on it and selecting “hide update”), selecting the option in the upper left corner of the WU window to “Check for Updates” will then produce the SSU for December within Windoes Update,

SSUs (servicing stack updates) are “loners”, in that they MUST be installed by themselves with NOTHING else installed along with them. For this reason, Windows Update only offers them when all other “Important” category of updates are either already installed or hidden.

2 users thanked author for this post.

HiFlyer, TJ

Reply | Quote

You are right both times. I saw the first one being mentioned before, but forgot about it.
Forgot about the second one as well 😐

 

 

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

1 user thanked author for this post.

HiFlyer

Reply | Quote

Hid the Dec roll up, but SSU KB4531786 did not come up.
So that meant going to the Catalog after all.

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

Reply | Quote

Two x desktop Win 7 Pro 64bit systems Group A updated as follows.

Had hidden KB4530734 (Dec roll up), KB4531786 (SSU) and the Dec MSRT.

Unhid KB4530734 and KB4531786, Windows Update checked for updates and installed the SSU first and then offered the Dec roll up and installed this. Then restarted once only and returned to the log in screen.

Unhid the MSRT which WU then installed.

So far everything seems OK.

Reply | Quote

I don’t remember seeing a 5 before. As far as I am concerned it is a first. But anyway…

My systems (Windows 7 and Windows 8.1) had been patched to November 2019 level, and I won’t be patching again for months until such a time I deem necessary (e.g. when there is an urgent security issue worthy of my attention).

And for Windows 7, I won’t install the December 2019 (and probably also January 2020) patches until I can be sure that there are no problems AND I am able to disable the out-of-support full screen warning.

Hope for the best. Prepare for the worst.

Reply | Quote

… I won’t install the December 2019 (and probably also January 2020) patches until…I am able to disable the out-of-support full screen warning.

That can already be done, and there is guidance here on AskWoody on just how to do it. Simply use the “Search the Lounge” search box and type in “EOSNotify” (without the quotes, of course). That will give you a listing of posts that deal with the Windows 7 End Of Support notification program that’s included in BOTH the December rollup AND the December security-only patches.

There are both a registry setting to modify and two Task Scheduler entries to modify. Installing the December patch creates the Task Scheduler entries, and the eosnotify program probably creates the registry entry to modify once it runs and displays the warning on your screen for the first time.

Reply | Quote

There is, I understand, a button in the nag screen that can be pressed if one does not want to see the nag screen again. According to Woody and some others here, that works as intended. Has anyone else tried this recently and, if so, what was the result? I would much sooner push a button than edit the Registry, if pushing a button is enough.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

I have a problem on one machine, my old HP Pavillion win is running Win7 Pro. Installed the updates (roll up and NET) and MSRT.  On reboot it got to 100% and got stuck there, I then tried a reboot and it started again but only gets to 35%. Everything I’ve tried I can’t get beyond the Configuring screen.  Is there a way to get past that?  Anyway to get to a restore screen and roll it back?

Just waiting in LA.  (Only have one more machine to do and then will have to do some shopping for a Win10 Desktop).

John

Reply | Quote

Had you also installed KB4531786, December’s SSU? If not, try to reboot into Safe Mode and then check Windows Update. Hopefully, KB4531786 will be ready to download and install.  Good luck.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

I have the same setup and don’t care to chance those issues.  Quite frankly we are so near the end on Win7  that I think I’ll just call it EOL now. After years of dodging bad updates, thanks to Woody, it will actually be a relief to get off Windows updates. Until I buy my new Win10 desktop next Christmas.

Reply | Quote

[OscarCP]

To DrBonzo and other interested parties concerning the order of installation and more:

When someone reports that “I’ve just installed the x month patches (perhaps adding details, such as: “in this order”) and everything is fine”, this statement should be invariably taken with a big lump of salt, particularly if it does not carry one or both of these magic disclaimers: “as far as I know” and, or “so far”.

Personally, I prefer to wait a bit, either after the Defcon has gone green(er), or even earlier, once there have been many reports from people installing and no repeated news of something bad with the patches, either in the Master Patch List, in Woody’s or Susan’s blogs and, or comments in the Newsletter, in user comments, or elsewhere in some of the specialized sites on the Web I also visit, such as gHacks. More dramatically put, I would wait until the cries and lamentations have died down to just those about odd problems with applications I do not use or use very differently from the complainers, or affecting hardware quite different from mine.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

• This reply was modified 5 years, 2 months ago by OscarCP.

1 user thanked author for this post.

Cybertooth

Reply | Quote

To OscarCP – I think that most of us (DrBonzo and other interested parties) do, in fact, take reports of success and failure with a lump of salt, realize that such reports are merely scattered data points in the ocean of patching, and therefore neither imply nor infer guarantees of success. That said, I, for one, do like to see reports from those folks brave enough to patch early as it helps me compile evidence useful in making my decision of whether and when to patch. I do generally prefer to wait to patch, although sometime life circumstances require patching earlier than I might like.

2 users thanked author for this post.

Charlie, SueW

Reply | Quote

Amen to that, DrBonzo! Amen to that!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Especially for those few of us still brave enough to do the Group B, Security Only updates.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

1 user thanked author for this post.

SueW

Reply | Quote

This was the smoothest round of updates I’ve seen in a long time.

Monthly rollup and msrt downloaded and installed faster than normal which is a definite plus.

There was no .net rollup listed under important updates on my system but there was one listed under optional updates which I left unchecked.

SSU was installed last (with restart after) with no issues.

Why couldn’t updating work like this every time?

3 users thanked author for this post.

Myst, Kranium, PKCano

Reply | Quote

How nice to see a “5” 🙂 Here is my feedback:

1 – just in case, double-checked Task Scheduler — Application Experience, CEIP, and PerfTrack — all subtasks are still disabled

2 – imaged my disk with Macrium Reflect Free

3 – here is where I would have downloaded December’s SSU & installed it first, as I have done in the past.

However, after reading @PKCano‘s explanation [#2054289], I decided to wait until the end

4 – downloaded Updates KB4530692 (December SO) and KB4530677 (IE11 December Cumulative)

5 – installed both Updates and then restarted. Note: my computer automatically configured and restarted 2 times, taking 10 minutes total; I then waited 15 minutes

6 – re-checked Task Scheduler — Application Experience, CEIP, and PerfTrack — all subtasks are still disabled (as expected)

7 – manually updated MS Security Essentials’ Virus & Spyware Definitions to eliminate Windows Update’s “Optional” ‘Definition Update for Microsoft Security Essentials (KB2310138)

8 – ran “Windows Update” => 7 Important (all checked): 5 Office 2010 and 2 Win 7; 1 Optional (and unchecked).  Note: there was no Optional update for the December Preview Rollup

9 – unchecked and hid “Important” Update KB4530734 (December Rollup)

10 – hid the unchecked Optional update KB4533095 (December S&Q Rollup for .NET Framework)

11 – ran “Windows Update” again => 6 Important (all checked): 5 Office 2010 and 1 Windows; 0 Optional

12 – unhid 0 hidden updates to install

13 – installed 6 Updates: 5 Office 2010 (KB4484196, KB4484192, KB4484193, KB4461613, KB4475601) and MSRT (KB890830)

14 – Windows then showed “Other Important Updates”: installed KB4531786 (December’s SSU)

15 – no restart was required; restarted anyway and waited around 45 minutes

16 – unhid the earlier hidden Optional (Recommended) update KB4533095 (December S&Q Rollup for .NET Framework), just in case

Note: Windows Media Player was still reconfigured!

My thanks once again to PKCano, Woody and everyone else who continue to contribute their time and expertise, or who post their own results! One more to go 🙂

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

8 users thanked author for this post.

HiFlyer, Myst, RDRguy, Charlie, OldBiddy, Lars220, PKCano, DrBonzo

Reply | Quote

Results on my first Win7 x64 desktop:

MSRT  and optional .net framework update KB4533095 previously hidden.

Installed 5 Office 2010 updates yesterday. Then today:

Installed monthly rollup KB4530734, restarted on prompt, and waited half an hour.

Installed SSU KB4531786, no restart prompted but waited 20 minutes or so and restarted anyway, then left for another 20 minutes or so.

No issues as yet! The waits were probably a bit longer than needed, but I was doing other things anyway.

That leaves my second machine, similar specs but no Office installed. If all continues ok with the first machine then on Monday I’ll install the rollup and SSU updates on the second one, following the same method as before.

2 users thanked author for this post.

Chessie, PKCano

Reply | Quote

UPDATE: Second machine now updated as stated above. No apparent issues.

Reply | Quote

Reporting in…

Well, it wasn’t the worst, but it was a bit of a PITA here:

1. Installed the Malicious Software Removal tool, hung for 20 minutes this time while it displayed “Creating a Restore Point”, then magically indicated it was done installing. Ding! Typical, but 20 minutes is the longest it’s ever taken on this machine.

2. Installed 2019-12 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4530734), and yes, a double boot occurred.

2. Checked Update again, and it said I needed the update stack (SSU) 2019-12 Servicing Stack Update for Windows 7 for x64-based Systems (KB4531786).

3. Installed that, checked Update again, and it said “Optional Updates Available”. Bwhahahahaha….not in a million years, buddy.

4. Rebooted just to “blow the carbon out”, and memory use dropped 10%, but on this final reboot, at first all my desktop icons were white! Whoa! They filled in gradually, though, over a few minutes. Something killed the icon cache?

All seems to be working for the moment, unless I forgot that I may have been required to go outside, run around the block counter-clockwise, and touch an object made of wood; which I can’t do anyway, as I have the flu. (And after getting a shot, too.)

(WU always says “creating a restore point” before it does anything, but I don’t trust it, and do one myself for each item installed.)

Total time, One hour. Going back to bed. Thanks to all the Lighthouses on here!! 🙂

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

2 users thanked author for this post.

RDRguy, PKCano

Reply | Quote

Both the December patches and the November patches caused serious boot-up problems on my Win7 x64 home-built machine. Never had a problem during the previous eight years. But in November and December, after installing the patches, I experienced multiple hangs during boot up, and a couple of red screens (which I had never seen before). Were we not near the end of Win7 patching, I might spend a lot of time diagnosing this; instead, I recovered in both cases via System Restore from Safe Mode. No more Win7 updates for me. I plan to use this computer indefinitely for Quicken 2010 (an unsurpassed version of Quicken, IMHO), and for writing letters (my old HP Laserjet 6P is still 100% functional but requires a parallel printer port which is obviously obsolete). Fortunately, I don’t need to be online for those purposes, so I’m not concerned about malware.

Reply | Quote

[Marty]

False alarm.  The problem was a failing hard drive.  I replaced it, and used Windows 7’s Image Restore to get back into business.  A couple of interesting quirks:

(1) When I first tried restoring a Windows 7 System Image from an external hard drive, Windows 7 was unable to find the image.  It turns out that I had the drive plugged into a USB 3 port, which is not natively supported on my machine.  After I plugged it into a USB 2 port, the image was located, and the restoration went smoothly (albeit slowly).

(2) I also tried restoring form an Acronis image, but after the restoration completed, I got an “MBR Error 1” message when I tried to boot.  Windows 7’s System Repair did nothing to solve the problem, and I was unable to resolve the problem, so at this point I am inclined to avoid Acronis.

Anyway, the December updates proceeded as expected after Windows 7 was restored from a Windows 7 System Image.

• This reply was modified 5 years, 1 month ago by Marty.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Woody must be getting soft.  🙂  The tech world never changes and the dawn of a new decade is as good time for for anyone that wants to stay up to speed with tech. Good time to contribute to Askwoody too.

Red Ruffnsore

Reply | Quote

[Nibbled To Death By Ducks]

Addedum:

Saw EOSNotify and EOSNotify2 had appeared in the task scheduler, disabled both. Hope this works. It seems the simplest way, other than waiting for it to hit and hoping (does anyone really know?) a “Don’t show this again” box is going to be present as a switch-off.

I am not sure of all the ins and outs of Task Scheduler, but it looked like it was pretty “baked in” the sub-tabs selections, so I just disabled both.

I am also very chary of mucking around with the Registry directly unless it’s absolutely necessary, so goes my rationale. Hope I did right. (I should probably just watch cat videos with the Flu, but this really bugged me.)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

• This reply was modified 5 years, 2 months ago by Nibbled To Death By Ducks.

3 users thanked author for this post.

Myst, RDRguy, SueW

Reply | Quote

Having read all the discussions on the issue in this thread and others, I decided to install the December SSU (KB4531786) first, and then the December SO update for W7 (KB4530692) and the December CU for IE11 (KB4530677). Absolutely no problems encountered.

Reasons? I took the view that, because the strong recommendation to install the December SSU is in the PREREQUISITE section of the KB article for the SO update (and also for the Rollup), Microsoft intended that the December SSU be installed BEFORE the subject of the KB article – that is, BEFORE the SO update. And I was also persuaded by the argument that, logically, what is the point of installing the SSU to support the installation of the SO update if you have already installed the SO update?

My view is that the installation of the SO update (and the Rollup) should encounter no problems provided you have installed the stated DEFINITE prerequisites – that is, the March 2019 SSU and the September 2019 SHA-2 update. Installing the December 2019 SSU is only a strong recommendation, but is not absolutely necessary.

2 users thanked author for this post.

SueW, DrBonzo

Reply | Quote

I can’t get the 1903 upgrade to run!

I’ve carefully followed Woody’s instructions on how to finesse the upgrade process so I get 1903 on my three machines, however none have seen a hint of an upgrade yet and it’s been since he first made the recommendation to switch. Three different machines, different ages, different technologies and all on 1809 – all set to Semi-annual Channel, 180 days feature deferral and 24 days update deferral. They’ve been rebooted numerous times over the past couple of months. But so far, zip, nada, not a hint of an upgrade.

The custom ISO path looks a shade more complicated than I’m happy with, and the 1909 bug has me a little worried. Any suggestions on how to wake them up?

Reply | Quote

I have used these settings on Win10 Pro. Suggest you take a look at them then follow the instructions below. Windows Update GUI settings and Group Policy settings. After you upgrade to 1903, the Semi-Annual Channel setting will no longer be there.

Be sure your 1809 is up to date as of Dec.
Set your Feature deferral to 120 days, set your Quality deferral to 0. Go into Group Policy and set the 2 (notify download/install).
Run wushowhide to determine that 1903 is pending. If 1909 is there hide it and try again.
Allow the upgrade to download and install.
Once you are on 1903, reset your Feature deferral to a greater number.

Reply | Quote

many thanks PKCano – that did the trick!

Reply | Quote

Many thanks for the instructions. I’d wondered if I needed to reduce the number of days to account for the time difference.

In addition, to force a check, I clicked pause then immediately unpaused (this is the slider in 1809 where it’s either off or on, not the 3x thing Woody mentioned).

1903 is now “getting things ready”. 😛

Reply | Quote

Also check that your connection isn’t set as metered.  You can set it metered again if you want after 1903 is installed.

Reply | Quote

I did my December updates today and all went well and quick.

I started with the 5 Office 2010 updates which took about 15 minutes counting download time and making a restore point. No reboot was required.

Next I did the Security Only updates.  First did KB4530692 – it took 6 minutes to run and after the reboot it took an extra 7 minutes to finish thoroughly installing according to the Task Manager’s CPU and Main Memory use.

Next I did the KB4530677 IE-11 update which took 3 mins. to run and 7 minutes to finish after the reboot.

Then (last) I did the KB4531786 SSU update which took 1 minute and didn’t require any reboot, but I rebooted anyway and it took 5 mins to finish.

So it appears I’m done and I’m surprised how easily and quickly it all went. Checked View Update History in WU and all updates were successful. Media Player was not affected and no double reboots either! Wow – that DEFCON 5 was well deserved it seems.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

2 users thanked author for this post.

PKCano, SueW

Reply | Quote

I have a question directly on topic, but in a different thread. Maybe I should mention it here, as its answers, when they came, might be of interest to others as well: #2070741 .

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Yeah, I saw it and left a post directing you here.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Charlie: And have you been nagged much, screen-wise?

Also (a question to the lounge at large): how about the eleventh hour SSU? Who really needs it and really why?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[Charlie]

No not at all yet.  I’ll try the clicking the little “Don’t Remind me Again” box first, and if that doesn’t work I’ll disable it.

There are still the Jan. 14th and other possibly critical updates that may come in the future years.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

• This reply was modified 5 years, 2 months ago by Charlie.

Reply | Quote

Installing Win7 Dec update results:

1) after performing a complete system backup, installed Security Only (KB4530692) & IE11 CU (KB4530677) previously downloaded from MS Update Catalog then performed 1st reboot – resulted in a normal relatively quick single boot only (no double boot experienced).

2) after sufficient delay, performed 1st Windows Update check – got the following 9 important/recommended updates:

a) Security Update for Microsoft Office 2013 (KB4484184) 64-Bit
b) Security Update for Microsoft Office 2013 (KB4484186) 64-Bit Edition
c) Security Update for Microsoft Excel 2013 (KB4484190) 64-Bit Edition
d) Security Update for Microsoft Word 2013 (KB4484094) 64-Bit Edition
e) Security Update for Microsoft PowerPoint 2013 (KB4461590) 64-Bit Edition

f) 2019-12 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4530734)

g) 2019-12 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 and Server 2008 R2 for x64 (KB4533095)

h) Windows Malicious Software Removal Tool x64 – December 2019 (KB890830)

i) Security Intelligence Update for Windows Defender Antivirus – KB915597 (Version 1.307.2168.0)

3) unchecked then hid the Security Monthly Quality Rollup (KB4530734) then performed 2nd Windows Update check – got the remaining 8 important/recommended updates listed above.

4) installed all 8 remaining important/recommended updates listed above then performed 2nd reboot – again resulted in another normal relatively quick single boot.

5) after sufficient delay, performed 3rd Windows Update check – got 1 important update.

a) 2019-12 Servicing Stack Update for Windows 7 for x64-based Systems (KB4531786)

6) installed the Dec SSU (KB4531786) then performed 3rd reboot – again resulted in a normal single boot.

7) after sufficient delay, performed a 4th Windows Update check – only got the various optional unchecked updates which I expect & leave alone (should be noted that I get these whenever I do a WU check).

8) logged into AskWoody to write this post 🙂

This is the way I do monthly updates following the Group B method of updating for both Win7 & Win8.1.

Though not criticizing or trying to convince others nor portraying the correct sequence of installing SSU updates, my rational for NOT doing SSU updates before any/all corresponding monthly updates:

1) when performing a normal Windows Update, that month’s SSU update seems to always show up AFTER all other corresponding monthly updates have been either been successfully installed or hidden.

a) if Microsoft required you to install that month’s SSU update prior to that month’s corresponding updates, why doesn’t Microsoft do this when you perform a normal automatic monthly Windows Update? That month’s SSU update never seems to show up before the corresponding month’s other updates are either successfully installed or hidden.

b) hiding an update is essentially telling the Microsoft Update Servers that you do not intend to install the update being hidden so that month’s SSU update’s meta-data logic has to assume that all previous updates have been successfully installed and therefore it now appears when you perform a subsequent check for Windows Updates. I suspect that if you did not install the Dec SSU update this month, it should first appear as a standalone update in Jan and, after it’s installed, Jan’s updates would appear but as I’ve already installed the Dec SSU, I can no longer verify this.

2) as described by PKCano here, Security Only updates downloaded from the Microsoft Update Catalog website are that month’s security updates that were added to the preexisting security updates contained within that month’s corresponding Security Monthly Quality Rollup.

a) if Microsoft’s normal WU session incorporates presenting/updating the SSU update AFTER all of the corresponding month’s updates including the Monthly Rollup have been installed, why then would this NOT work for the SO update if the SO update is essentially a subset of the security updates within the Rollup? It does not make any sense for it to work this way for Monthly Rollups via WU but not for manual SO updates.

3) Microsoft’s prerequisites in the Dec 2019 SO (KB4530692) & Rollup (KB4530734) articles here and here are ambiguous at best.

Prerequisite:

You must install the updates listed below and restart your device before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.

1. The March 12, 2019 servicing stack update (SSU) (KB4490628). To get the standalone package for this SSU, search for it in the Microsoft Update Catalog.

2. The latest SHA-2 update (KB4474419) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

After installing the items above, Microsoft strongly recommends that you install the latest SSU (KB4531786). If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

a) both articles provide the exact same itemized list of prerequisites for installing the Dec SO or Rollup updates. The itemized list specifically includes only the Mar SSU (KB4490628) & the Sep SHA-2 (KB4474419).

b) if Microsoft really wanted you to install Dec’s SSU (KB4531786) as a prerequisite to installing either the Dec SO or Rollup, why wasn’t it included as an itemized item within the specific itemized list along with the other 2 items listed?

c) installing the latest SSU (KB4531786) excerpt from the quote above is worded as a “strong recommendation” NOT a “requirement”:

After installing the items above, Microsoft strongly recommends that you install the latest SSU (KB4531786).

d) excerpt from the quote above also states that latest SSU (KB4531786) will be offered automatically if using Windows Update: (this only happens if all current month’s important/recommended updates are either first successfully installed or hidden):

If you are using Windows Update, the latest SSU will be offered to you automatically.

e) if latest Dec SSU (KB4531786) really is required as a prerequisite, why then is the Mar SSU (KB4490628) specifically listed? Won’t the Dec SSU simply supersede the previous Mar SSU? Assume one hasn’t installed updates in a while (Group W or at least after Feb 2019) and now wants to bring their system up to date prior to Win7 EOL, wouldn’t the Dec SSU simply supersede the previous Mar SSU? As such, why not just list/install the latest Dec SSU?

By normally presenting the SSU updates via WU only AFTER all of the current month’s updates are either successfully installed or hidden, I strongly believe Microsoft’s intent is to prepare the Windows Servicing Stack to properly process/install any or all subsequent “yet to be released” future monthly updates which may or may not need the newly updated Windows Servicing Stack to do so.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

1 user thanked author for this post.

Lars220

Reply | Quote

Installed the following updates and all is well.

December Rollup – KB4530734
MSRT December – KB890830 (I skip this when issues have been reported but this month the MSRT was uneventful, thank you MS)
2010 MS Office – checked, Important

Another check for updates and the SSU KB4531786 popped up, installed with no issues

Thanks to everyone who post their results and for all the feedback on one issue or the other. Woody, Da Bosses and MVPs, fellow Plus members, y’all are the best!

MacOS iPadOS and sometimes SOS

2 users thanked author for this post.

Lars220, OldBiddy

Reply | Quote

Downloaded and installed in the following order: 2019-12 KB4530734, reboot, (which seemed to take an extraordinary amount of time, but was probably really around 20 minutes), then KB890830, no reboot. Checked updates again and KB4531786, Dec. SSU, showed up so downloaded and installed,  no reboot. Update did not offer me Dec. SSU until after KB4530734 and KB890830 were installed.  Win 7 Pro x64 SP1, i7Core “Haswell”, Grp. A, HP ZBook

2 users thanked author for this post.

Lars220, Myst

Reply | Quote

December updates installed ok. Installed KB890830, KB4530734 first – restarted but didn’t get a double reboot. Then SSU KB4531786 was offered and installed it. Went ok, but the download for the SSU took forever. Restarted after SSU.

On Jan 14 it’s EOL for Windows 7, but is that also patch Tuesday, with one more update?

______________________________________________
Win7 Group A, 64-bit Windows Home Premium user

2 users thanked author for this post.

Win7and10, Myst

Reply | Quote

Jan 14th is the last Patch Tuesday for Win7, but you don’t have to install the patches then. They will be there for installation when we know they are safe.

2 users thanked author for this post.

OldBiddy, Win7and10

Reply | Quote

Pondering the December SMQ Rollup CU KB 4530734 and the nag patch, was thinking I would wait until later in the week, hide the January updates as well, then update my PC with the December patch noted above. Then wait till the all clear for January.

I have read that perhaps the nag patch will not go away on various sources, so it will take me some time to remove it from the task scheduler.

I have this suspicion that December is the key to future issues, I do not know why I feel this way. Maybe it’s Microsoft getting in my head.

The December recommended Security update for .NET I will keep hidden.

The SSU for December is already installed on my PC.

Saving Windows 7 is like stomping out all the diseases that might have an affect on it. 🙂 Never had this much caution before, however, do understand that Win 10 will be the way to go, it’s like saying goodbye to an old friend. Windows 7 has been my favorite!

Win 10 Home 22H2

1 user thanked author for this post.

OldBiddy

Reply | Quote

Are the December patches free of the September and July telemetry?

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

I don’t believe the Dec SO has the telemetry, but you may get a nag patch included.

1 user thanked author for this post.

samak

Reply | Quote

Hi.

I have tried to install the KB4530734 update three times, and so far everytime, my PC stalls at “preparing” updates screen, and I have to simply reboot the PC and enter safe mode, from where the PC automatically reverts the system to how it was before.

I have checked many times that I have the required updates installed, and my system shows that they are all installed.

I have left the PC at the “preparing updates” screen for 20 minutes, and nothing happens. I have never has an update take more than maybe 2 minutes before, so it just can’t be right, that it must take more than 20 minutes to do an update.

I am running windows 7 Ultimate, and I am not really sure how to get that December 19 update installed on my system.

Post says that people just using the monthly rollup shouldn’t have any problems. Well, I sure do.

Any cluea as how I get the December 19 update installed will be much appreciated.

Thanks in advance.

Reply | Quote

[OscarCP]

Actually I have had to wait more tan twenty minutes, twice, in nearly a decade. I have heard of others with similar experiences. So it can happen, but rarely.

On the other hand, there might be a problem such that merely waiting a long time for the install to complete is not going to take care of it. I would give it another try, this time waiting half an hour. If that does not resolve things, I would then come back and complain about it again. Louder.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

• This reply was modified 5 years, 1 month ago by OscarCP.

Reply | Quote

Did you already install the MSRT? If not then what is likely happening is the MSRT is scanning your disc.  You can’t believe everything you read in MSFT status listings.

I seem to remember that you can click on the update history while this is going on and see what is installing or progress.

If you already ran MSRT before doing this install there might be another issue.  Did you manually install the SSU? In theory it will only be offered after you complete this update so pre-installing it could be an issue.

Otherwise you can download the update from the catalog and try it as a stand alone install.

If you are running MSRT as part of this update, it could easily take up to an hour to do the scan depending on the size of your boot drive.

Reply | Quote

I have just had 4530684 re-offered on one of my 2 machines, despite the fact it installed successfully on 10 Jan. Both machines are on 1903.

I’m going to accept it.

Chris
Win 10 Pro x64 Group A

Reply | Quote

It has something to so with the sequence of the SSU and the CU. The SSU doesn’t show up in Windows Update but it is installed along with the SSU.

Reply | Quote

Thanks @PK. It seems to have gone in OK.

Chris
Win 10 Pro x64 Group A

Reply | Quote

Hello to SueW. Here is my report.

Windows 7 SP1 64bit, with Broadcom network card. Group B.

Installed December’s updates; IE KB4530677 and MSRT only. Did NOT install, SO KB4530692 (with nagware), SSU KB4531786 (or SSU KB4523206).

From the catalog; Installed KB4530677 1st and MSRT 2nd.

I can not see installing an SSU when EOL is upon us and I am not a paid support customer. I can not see installing nagware when there does not seem to be any real threats to worry about. I have backups, I am covered.

Installed one at a time. Rebooted in between each update letting it sit 1 or 2 minutes after update was installed (when hard drive light settled down).

No network issues. No install oddities.

Rebooted 3 times and let it sit for several minutes.

I would recommend people on the last reboot to go to the desktop and let it sit 45 to 60 minutes to Process Idle Tasks and let the trusted installer (as per PKCano) do its thing.

You can also force Processing of Idle Tasks as I do if you want by the administrative command prompt: rundll32 (space) advapi32.dll,ProcessIdleTasks

You can enter that then walk away for 15 to 20 minutes. If the drive light is still on, it is still running, walk away again. Do not allow the computer to go to sleep. Reset the Power Options to 1 hour sleep if needed. Laptops make sure you are on AC power not battery!

Thanks to all here.

Windows 7 Group B

2 users thanked author for this post.

SueW, Win7and10

Reply | Quote

Have not installed the January 2020 patches yet, however, all of the December 2019 are now installed including the MSRT and the SSU.

Thank you to this forum for the suggestions to install the December Monthly CU separate from the December 2019 .NET Security CU.

Both went smoothly. therefore, for January, will plan to do the same thing, a few days apart like I did for December’s updates. Have to admit the .NET had me a little concerned, and in fact, installed quickly and easily.

Win 10 Home 22H2

Reply | Quote