MS-DEFCON 5: Rare opportunity to get Windows and Office completely patched

Topic

New Reply

There are caveats.

[See the full post at: MS-DEFCON 5: Rare opportunity to get Windows and Office completely patched]

7 users thanked author for this post.

Morty, Chris M, Pepsiboy, walker, HiFlyer, Microfix, ch100

Reply | Quote

Replies

Whoa! This is a momentous occasion; I’ve never seen a DEFCON 5 since I’ve been a site visitor. :O

Reply | Quote

there is no patchs to install

Reply | Quote

Very few – but there are some, and they’re well-behaved. That’s why I dropped all the way down to MS-DEFCON 5.

Wait for the article on InfoWorld, though. There are a couple of twists.

UPDATE: The articles up on InfoWorld.

6 users thanked author for this post.

ch100, walker, Morty, JDeC, HiFlyer, AElMassry

Reply | Quote

The couple of twists make it a 4.5

1 user thanked author for this post.

woody

Reply | Quote

Defcon 5? Is this reality? I haven’t seen one before.

Reply | Quote

nothing for 1511 i guess?

Reply | Quote

For that matter, except for a few stray driver patches (blacklisted in wushowhide) nothing for Win 10 Pro 1607 either.

-- rc primak

1 user thanked author for this post.

woody

Reply | Quote

The article illustration should have been a Jenga tower!

-- rc primak

Reply | Quote

Got to get a Screen shot of this for posterity !

Reply | Quote

It is legitimate!

Reply | Quote

Maybe it is the right time to update the advisory for Group A.
Most people understand that Group A patching include EVERYTHING available.
Those users can still be in Group A if they install all available patches, but MAY EXCLUDE if they choose so:

– All true Optional updates – see note below for further recommendations
– KB2952664 (all 21 versions of it)
– KB3021917
– KB971033

I still recommend installing the following Optional updates, all related to RDP:
– KB2574819
– KB2952687
– KB2830477
There are further security patches to those 3 optional updates.
If you don’t know what it is or don’t use RDP (Remote Desktop Protocol) at all, which is typical for single user, single computer home user machines, then you may skip those updates.

All Important and Recommended updates except for those mentioned above in the exclusion list must be installed. They improve Windows security and functionality significantly.
Group B users miss out on huge functional enhancements because they typically do not install Recommended updates. Their systems are only updated for Security and only marginally for functionality (Critical Updates under Important).

If you decide to keep it simple and install ALL updates, including Optional updates, it is still OK for Group A.
Avoid the Preview Patches though, as they are released only on a temporary basis. It is not a mistake to install them, but they are intended only for testing.

3 users thanked author for this post.

Hugo, abbodi86, walker

Reply | Quote

OK, I thought that I understood what to do regarding Group A vs B, and the reasons I would choose between the two. Essentially, convenience/completeness vs “security,” in the sense that with Group B I have a better idea of what my Win7 is communicating to the outside world (hopefully nothing).  As implied in the previous sentence, I am Group B (with the appropriate Windows Update settings) and have been following the instructions to manually install the Security-only updates each month.

I have two Win7 computers (one old Thinkpad, with 32-bit Win7 and a newer computer with 64-bit Win7). At times, Windows Update has shown me many Important/Recommended updates, which I have not been installing unless there was specific, relevant recommendation on AskWoody. Today I see only two Important updates on each computer –  the January 2017 Security Monthly Quality Rollup, which I know I don’t want, and a MSE definition update, which I will install. Where did the others go? If they’re Important/Recommended, why did they disappear?

In terms of Optional updates, I currently see 31 for my 32-bit computer (29 for Win7, plus Silverlight and Skype for Windows) and 62 for my 64-bit computer (59 for Win7, plus Silverlight and a wireless mouse driver). I feel like the approximate size of the Optional list has stayed constant for several months, but I haven’t paid attention to specific KB numbers to see if the contents of the lists are changing. Do I need to search the KB number for each of these to figure out which I should install? Should I follow ch100’s advice and install all but a few Optional updates (i.e., give up and go Group A)? I don’t want telemetry and snooping, but I also don’t want my computers to start having “huge functional issues” (my brain already has all the small functional issues I can handle).

I don’t want to whinge too much, but it’s immensely frustrating when a tool becomes more of a burden than a help. I enjoy tinkering with computer hardware (I have rebuilt my Thinkpad multiple times with different eBay/junk-pile parts), but I have no interest or time to mess with the intricacies of software and OS issues (I know, I should go to Linux, except I am currently reliant on lots of specialized software that doesn’t translate to Linux). I don’t need my OS to make me breakfast, I just want it to run my necessary software and display a pretty desktop background.

As an aside, I have to agree with one of the other commenters that the new AskWoody format is very user-unfriendly in my opinion. I used to visit every day or so to see the latest news, learn when to update, etc, but now the website seems disjointed and inefficient for the casual visitor. I’m sure it’s more efficient for administration, but I would be curious what a survey of users would say regarding old vs new.

Sorry for all the complaints, I must have got up on the wrong side of the bed today.

ASW

Reply | Quote

I think your reference to RDP patch at KB2952687 s/b KB 2592687.

Reply | Quote

I suppose the list is for Win7. Any recommendations for Win8.1?

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

Woody says on InfoWorld:
The check takes many minutes. If it takes many hours, follow these steps. (Microsoft claims it has solved the slow Win7 Update scan problem, but you still may need to kick-start the process by following those steps.

This happens for certain users who have selectively installed updates in the past and certain combinations of patches might still produce unexpected results due to complex supersedence relationships.
Follow the advice here if you encounter that issue:
http://www.infoworld.com/article/3136677/microsoft-windows/how-to-speed-up-windows-7-update-scans-forever.html

1 user thanked author for this post.

walker

Reply | Quote

It can also happen if Users put their computers on “Never check” during the GWX campaign and forgot about it. I’ve seen that happen.

3 users thanked author for this post.

Morty, walker, ch100

Reply | Quote

i’m little scared, again no updates for office 2007/2010, ¿is that… “normal”?

Reply | Quote

This is not normal. Microsoft seems to be having some as yet undefined problems. There have a lot of guesses. We are waiting to see what March Patch Tuesday brings.

3 users thanked author for this post.

SueW, Elly, Jayendra

Reply | Quote

Those products are older, although still under support.

Most of their problems are likely resolved.

They receive only now and then security updates and rarely functional updates.

It is not something completely unusual.

 

1 user thanked author for this post.

Jayendra

Reply | Quote

ch100 wrote:

It is not something completely unusual.

With respect, I think it is extremely unusual. Up until August last year I always had a solitary monthly update for Office 2010 (typically to do with the Junk Email Filter), but from September onwards there hasn’t been a single one. Not one.

It’s clearly nothing to do with the particular problem they’ve had in February, as there weren’t any in September, October, November, December, or January either!

1 user thanked author for this post.

Jayendra

Reply | Quote

Ask yourself: Does their continuing to actively support an older product suit their goals to get people off those “old, terrible” versions?

I don’t know about you, but I’m not getting any more junk mail breaking into my inbox lately. And when they DO update Office they undo several tweaks I have to re-make.

-Noel

3 users thanked author for this post.

Elly, Jayendra, ch100

Reply | Quote

While your second point is a fair one, the first point raises the question of whether they should make an announcement if they have changed their support timetable and have now dropped support for these products, rather than just doing so without saying anything. Extended support for Office 2010 is still listed as expiring in October 2020. The monthly updates continued after the end of mainstream support so were presumably seen as part of the extended support but appear to have stopped when there were still 4 years of extended support to go.

It hasn’t caused me any issues, I just find it yet another confusing and unexplained twist in the update story that Microsoft don’t seem to have a full grip on.

1 user thanked author for this post.

Jayendra

Reply | Quote

The updates are meant to fix ongoing issues, either from a security perspective or functional perspective.
Why do we complain when there are no outstanding issues?

1 user thanked author for this post.

Jayendra

Reply | Quote

Because we know that despite there being no updates generally in February there were outstanding security issues that remain unpatched.  Plus we have become so sceptical where MS are concerned that we don’t for a moment believe that the reason they haven’t issued any updates for a product in 6 months is because they’ve perfected the security of that product, not least in the absence of a statement to that effect. So when a product that has been updated monthly for 6 years or so runs for 6 months without a single update despite still being under extended maintenance and with no explanation then we do indeed get curious as to why!

1 user thanked author for this post.

Jayendra

Reply | Quote

Noel:

Speaking of Office updates, I’m in the process of moving to Libre Office and away from MS Office. I’m getting tired of having to work so hard for the privilege of using Microsoft software. Word and Excel documents aren’t always 100% compatible, so I’ll have to retype some of them.

I’m going to keep a copy of Windows 7 / Office 2007 around in a sandboxed VM for those docs which I can’t work on in Libre office.

It is very restful using Libre Office rather than MS Office (and Linux instead of Windows). I don’t have to stay on my guard against rogue updates; and the danger of malware is less, although still present.

Jim

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

2 users thanked author for this post.

Elly, Jayendra

Reply | Quote

Woody:

Could not find your download links for 2/2017 Win  7 patches. Will you be posting them today?

Reply | Quote

The information is here on InfoWorld http://www.infoworld.com/article/3176517/microsoft-windows/nows-the-time-to-get-caught-up-on-windows-and-office-patches.html

Reply | Quote

Took only a few minutes for me (on Win 8.1). The Flash update and Malicious Software Removal Tool are all I got. It didn’t even need a reboot.

I hid the optional telemetry update. Again.

By the way I noticed afterward that all these Task Scheduler items got a scheduled run time of tomorrow, where the date was “N/A” before… This kind of sneaky stuff is why I keep the Windows Update service disabled normally.

“\Microsoft\Windows\WindowsUpdate\Scheduled Start”,”3/3/2017 1:16:53 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start”,”3/3/2017 1:16:54 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start”,”3/3/2017 1:17:19 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start”,”3/3/2017 1:16:55 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network”,”3/3/2017 1:17:07 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network”,”3/3/2017 1:17:47 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network”,”3/3/2017 1:17:46 PM”,”Ready”
“\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network”,”3/3/2017 1:16:51 PM”,”Ready”

-Noel

1 user thanked author for this post.

Elly

Reply | Quote

Why do you have eight entries for Windows Update in Task Scheduler?

Reply | Quote

Thought perhaps the site was hacked or something when I saw DEFCON-5 (joke). Everything has been pretty calm lately….too calm.

Reply | Quote

Whoa – rare as hen’s teeth I’d say. MS_DEFCON 5? I’m a relative newbie and I’ve never seen it. Has there ever been a MS-DEFCON 5? I didn’t even realise it was such a nice shade of green lol. I feel like I should be having a moment of quiet reflection.

Reply | Quote

HA HA

Once and for all… we now have PROOF that the FLAT EARTH THEORY is TRUTH…
Be carefull not to fall off THE EDGE…
the deep dark ever expending black rabbit hole(s) await those who distrust “the authority”

must be close to the end… be safe out there ppl

back to fishing for better dreams

Reply | Quote

Woody, I have been following your Group B instructions for months.  I have held off on installing these updates in the past because they didn’t include the word “Security” in the Name.  Should I install these “Important” updates that were checked by Microsoft on Windows 7 – 64 bit?

KB3115475 – Definition Update for Office 2010
KB2999508 – Update for Microsoft Filter Pack 2.0
KB2881030 – Update for Office 2010
KB3114555 – Update for Office 2010
KB3205972 – Update for Microsoft Security Essentials 4.10.209.0

Reply | Quote

anonymous wrote:

Should I install these “Important” updates that were checked by Microsoft on Windows 7 – 64 bit? KB3115475 – Definition Update for Office 2010 KB2999508 – Update for Microsoft Filter Pack 2.0 KB2881030 – Update for Office 2010 KB3114555 – Update for Office 2010 KB3205972 – Update for Microsoft Security Essentials 4.10.209.0

Short answer: Yes. They’re mostly Office 2010 patches that came out long ago.

Reply | Quote

See further details on the Office patches here:
https://www.askwoody.com/forums/topic/need-help-from-woody-with-office-patches/

Reply | Quote

MS-DefCon 5 — I never thought I’d live to see the day!

Speaking of updates, I have apparently picked up a bad Windows update, because my printer keeps going “offline” (at least, that’s what Windows tells me); I then have to uninstall and reinstall the printer driver. It then works for a short time and then goes offline again. The reason I believe that a Windows update is the culprit is because when I dual-boot to Linux on the same machine, I can print without any issue to the same printer; and I can print from my other two computers to that same printer without any issue (one is Windows 8.1 and the other is Linux).

It would be nice to figure this problem out. But I’m moving away from Windows and to Linux (currently Xubuntu), so if I never figure it out, no problem.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

If your printer is connected wirelessly, and you are using DHCP to make the connection to the router, you might have the problem you describe. Some of the older versions of printer software (my experience with HP particularly) were not able to cope with the change of IP address. I found the best results if you assign a wireless printer a static IP address in the printer menu setup. That way the printer is at the same location every time.

Just guessing…

1 user thanked author for this post.

MrJimPhelps

Reply | Quote

Not sure how to assign a static IP address to the printer — it’s an el-cheapo bottom of the line Canon. But I agree with you that that will fix things, if I can find out how to do it. (Perhaps there is a web client; I’ve never attempted to connect to it via the web client.)

But it does the same on a wired connection. In fact, I was surprised that one computer was able to connect wired and all the rest wirelessly. That worked for about a week, then the wired connection failed; so I figured that I got away with wired & wireless together only temporarily.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

On the printer itself, there is usually menu choice setup\network (or something like that). choices auto\manual. Choose manual.
Your home router has a range of IPs it issues by DHCP – pick one on the high end. I like to use 192.168.1.200. The subnet mask will be 255.255.255.0 (most likely) and DNS will be your router address (in my example 192.168.1.1). It will scream and holler that if you change the address you may not get back on the network – ignore that. (If you make a mistake, you can always choose to set it back to the default).
Once you do this, the printer will stay at that address. You may have to go back to each computer and “add a printer.” But once you do that the printer will always be in the same place.

1 user thanked author for this post.

Elly

Reply | Quote

Just friendly advice about Linux and printing:

If you think you’re having trouble with a printer, especially a wireless one, in Windows, just wait til you try to set that thing up in Linux! Drivers are very hard to come by, and the whole printing stack is very iffy. Then there are numerous issues with Linux Wireless Networking.

Finally, you will have to gather all the info from the printer and enter it manually somewhere (usually several places) in Linux just to make contact between the computer and the printer, let alone enable any features which the generic Linux driver (if any exists) won’t support directly.

Multifunction printers with scanners are even more difficult to set up and maintain in Linux.

This is usually not by any stretch, plug and play setup!

And yes, sometimes a printer works very well in Linux, but Win8.1 or Win 10 simply does not play nice with it. Especially after something in an update simply goes wrong, as MS is fond of telling us in error messages lately.

-- rc primak

Reply | Quote

I have installed Ubuntu (64 and 32) and Xubuntu (64 and 32). In all cases, my wireless Canon printer started working with little to no intervention on my part. I didn’t have to install anything; I basically said “Yes” (to confirm that the printer that Linux found all by itself was the correct printer).

Evidently my experience has been different than yours.

The only thing I haven’t been able to do is to get the scanner part of my printer working in Linux.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I give up……I am having problems trying to find which updates for my Win7 computer that I should download and install.

The new Woody format makes it very difficult to find anything pertaining to Win7.

Reply | Quote

Install everything that comes on Windows Update as Important and Recommended and worry less.
Do not install Optional patches, unless there are any which are of interest to you.
This is the only supported method for end users.

Reply | Quote

Did you look here?

http://www.infoworld.com/article/3176517/microsoft-windows/nows-the-time-to-get-caught-up-on-windows-and-office-patches.html

The link is in the main post….

Reply | Quote

@bymar
These links may help you to find Windows 7 articles on the new AskWoody Lounge:

https://www.askwoody.com/forums/forum/askwoody-support/windows/windows-7/

https://www.askwoody.com/forums/topic-tag/windows-7/

Reply | Quote

Back in January, I reported that KB3212646 slowed down my startup apps. In mid-February, I decided to try that update again, and I am happy to report that I had no problems with my startup apps for two weeks since installing KB3212646.

Reply | Quote

Win 7 – 64 Hm Prem – Group B ….. If any of us Group B users convert to A can anyone help with the following, which should affect all B-to-A’ers:

(1) Prior Hidden Monthly Security Quality Rollups for Oct-Nov-Dec-Jan show and I know they duplicate much of Security-ONLY that Group B inst’d. Do the FULL Rollup Pkgs just Install over Inst’d Security-ONLY with No Conflicts?

(2) Some recent Forum articles (from GHacks.net) dealt with Blocking Win Customer Experience Program – and – Telemetry Back to MS (a Firefox mod incl’d, too). IF we did some of those Mods HOW will that Impact any Group A installs that Rely on Telemetry/CEP functions (ie) must we reverse all mods we did; KB3021917 that ch100 says we MAY Exclude deals with Telemetry back to MS about potential Problems IF I go from W7 to Win 10. IF CEIP / Telemetry remains blocked via mods will the CEIP/Telem Updates install & just not work, or might the computer lock-up? I do have Macrium Images but have never had to use one.)?

(3) Any other potential Uh-Oh’s from going B to A please insert.

IF I’m going to “A” then NOW is the time as the List is not so Large as to be overly intimidating. Any clarification is appreciated as always.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

Congratulations for making a good decision.

1. To get rid of all hidden updates and start clean, reset your SoftwareDistribution folder.
a. Open the Services console and stop the Windows Update service
b. Delete C:\Windows\SoftwareDistribution folder
c. Restart your computer

2. Select Install recommended… check box to have them listed as Important
3. Install everything under Important (which now include Recommended) if it is checked by default.
4. You may except all Optional updates (but you can install them as well, there is no hard rule here, I install them all, except for those marked as Preview which are meant to be temporary updates released early for testers)
5. You may except from the Important (including Recommended) only the following:
KB971033
KB3021917 – normally unticked by default
KB2952664 – this one tends to move around depending on the release, between Optional and Recommended. If you wish to avoid one and only update, this is the one to avoid. Otherwise you can install it too, no hard rule determined.

Note:
1. Never again hide updates. It causes more trouble than not. Just avoid installing them.
2. Most people would avoid the 3 patches mentioned above and all those coming under Optional, which are only 5 as far as I know (except for the Preview patches which come and go) and come unticked by default in all circumstances.
3. For March and the future, wait for Woody to give all clear before installing anything, unless you are ready to experiment and assume the risks.
4. If you configure CEIP correctly and do not install KB2952664, you are not subject to telemetry. KB3021917 is not known to be damaging, but its status is unclear and this is why I recommend not to install. Why is unclear? It comes unticked by default, it is not offered to the server equivalent 2008 R2, nobody can precisely explain what it does, except for abbodi86 who offered a reasonable and accurate explanation at the component level, but it still did not explain exactly the effects of this update. It is known not to be damaging though.
See my post here for further details:
https://www.askwoody.com/forums/topic/ms-defcon-5-rare-opportunity-to-get-windows-and-office-completely-patched/#post-98347

3 users thanked author for this post.

walker, Elly, CraigS26

Reply | Quote

Additional info about KB3021917 is at https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/#post-21433.

1 user thanked author for this post.

ch100

Reply | Quote

MrBrian had a series of outstanding posts in that thread.
https://www.askwoody.com/forums/topic/care-to-join-a-win7-snooping-test/
Excellent reading for everyone interested in the subject of telemetry and how it is implemented in Windows 7.

1 user thanked author for this post.

Elly

Reply | Quote

CH100: A little Confused now; Deleting the Win\SoftwareDistribution Folder Erases ALL WU History of Updates – AND – Previously HIDDEN Updates are Gone and sitting in the Recycle Bin in the old SoftwareDistribution Folder..

I NOW get (Important) Silverlight Security, Office 2010, Jan ’17 Quality Rollup, and MSRT = 4.

What should I do Now: Install these 4 and forget the prior Hiddens, or What?

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

ch100 wrote:

2. Select Install recommended… check box to have them listed as Important
3. Install everything under Important (which now include Recommended) if it is checked by default.

ch100 wrote:

5. You may except from the Important (including Recommended) only the following:
KB971033
KB3021917 – normally unticked by default
KB2952664 – this one tends to move around depending on the release, between Optional and Recommended.

ch100’s instructions are above

1 user thanked author for this post.

ch100

Reply | Quote

@CraigS26
Use your good judgment.
If you need Silverlight, install Silverlight and make sure it is all up to date. It is in the same league with Flash, on the way out, but still in use.
If you don’t need it or don’t know, then do not install it.
It is not a Windows Update, but a Microsoft Update, i.e. for other Microsoft products than Windows.
It may come as mandatory Security Update if you have one of the base versions already installed, in which case you have to decide, either uninstall Silverlight (preferable if not needed), or keep it patched.

The purpose of resetting the SoftwareDistribution folder was to unhide everything hidden and lost from syncing with the Microsoft master repository. This is a good thing.
Why do you need the history, as it may be misleading often? All the software installed is listed under Installed Updates in Programs and Features.

Everything else is in my original post.

1 user thanked author for this post.

CraigS26

Reply | Quote

Here is abbodi86’s post about KB3021917: https://www.askwoody.com/forums/topic/martin-brinkmanns-deep-dive-into-removing-telemetry-in-win7-and-8-1/#post-93764.

1 user thanked author for this post.

ch100

Reply | Quote

Advice needed please:  Am in group B but thinking of going to Group A.  Have installed the January security only update.  If now want to go to group A do I first have to uninstall the security update or will it install over it.

 

Thank You

Glenda Hewitt

Reply | Quote

No need to uninstall the Jan security only patch. Just install the Jan Security Monthly Quality ROLLUP for Windows and Windows will be up to date. You will also need to install any other checked patches for IE, .NET, MSRT, C++, Office, etc.

1 user thanked author for this post.

Elly

Reply | Quote

Thank You

 

Glenda Hewitt

 

Reply | Quote

All full updates install gracefully over the security only updates.
You don’t need to uninstall the security only updates, but you could if you wish.
Once the system is fully updated, you may wish to to run Disk Cleanup and allow this software to remove obsolete updates.
Be prepared, because it takes long time if there are many updates installed and also the restart (or multiple automatic restarts) take a long time too. It can run into hours, depending on the performance of the computer.

1 user thanked author for this post.

Elly

Reply | Quote

anonymous wrote:

Advice needed please: Am in group B but thinking of going to Group A. Have installed the January security only update. If now want to go to group A do I first have to uninstall the security update or will it install over it.

Glenda: If you are moving to Group A, I have two suggestions for you:

1. Do regular complete backups of your Windows hard drive, so that if a rogue update somehow hoses Windows, you can easily get back to where you were prior to the update being installed on your computer.

2. Consider installing a second hard drive and keeping your data on it rather than on the primary hard drive. (Be sure to do a regular backup of the Data drive as well, but separate from the Windows backup.) In this way, if you have to restore a Windows backup, your data will not get erased in the restore process.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Morty

Reply | Quote

The bottom line for Win 7 group B is that there is nothing except the MSRT in Feb. for us.  Nothing in the MS Update Catalog, and no Office 2010 updates.  I guess we can sit back and relax after getting the MSRT.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

1 user thanked author for this post.

Elly

Reply | Quote

Absolutely nothing for us in February, purist group B

Windows - commercial by definition and now function...

Reply | Quote

I still leave the “Give me recommended updates” UNchecked, and I have not experienced any adverse results from this.  It’s not clear to me why the recommended/optional updates are being recommended for Group A.  I consider myself a Group A person, but I only install the “Important” patches.

Reply | Quote

You will not experience adverse effects by not installing Recommended updates, only that you lose out on new functionality introduced after release and many other fixes which are not of such wide interest to grant them to be released as Important.
Not installing the Recommended updates, keeps you with fragmented patching which is a configuration less tested in the process of releasing patches.
This is the core of Group B updating style. However, by installing the monthly cumulative updates as you claim, by the end of the year you will gradually get all or most of the current Recommended updates in the rollups, regardless of your setting.
Recommended category will get deprecated and might disappear eventually.

Reply | Quote

“As an aside, I have to agree with one of the other commenters that the new AskWoody format is very user-unfriendly in my opinion”.

So it’s NOT just me…….

Boy is there a huge market out there for the likes of us then….

Canadian Tech in particular, how I wish you operated in this neck of the woods. Perhaps a franchise arrangement?

Reply | Quote

Finally!

OK, I went for it. I ran the search for updates Friday afternoon around 12:30 and it was still going a few hours later. I let it go until I checked it Saturday night and it gave me the list of available updates (which is said started around 6:30 on Friday). They looked OK and I ran the update.

Thank you!

Morty

Description      FixComments  HotFixID   InstallDate  InstalledBy             InstalledOn

Update                        KB3078667               Admin-PC\Admin     3/5/2017
Update                        KB3080149               Admin-PC\Admin          3/5/2017
Update                        KB3092627               Admin-PC\Admin          3/5/2017
Update                        KB3107998               Admin-PC\Admin          3/5/2017
Update                        KB3118401               Admin-PC\Admin          3/5/2017
Update                        KB3121255               Admin-PC\Admin          3/5/2017
Update                        KB3133977               Admin-PC\Admin          3/5/2017
Update                        KB3140245               Admin-PC\Admin          3/5/2017
Update                        KB3147071               Admin-PC\Admin          3/5/2017
Update                        KB3161102               Admin-PC\Admin          3/5/2017
Update                        KB3170735               Admin-PC\Admin          3/5/2017
Update                        KB3172605               Admin-PC\Admin          3/5/2017
Security Update               KB3177186               Admin-PC\Admin          3/5/2017
Update                        KB3179573               Admin-PC\Admin          3/5/2017
Update                        KB3181988               Admin-PC\Admin          3/5/2017
Update                        KB3184143               Admin-PC\Admin          3/5/2017
Security Update               KB3205394               Admin-PC\Admin          1/29/2017
Update                        KB3210131               Admin-PC\Admin          3/5/2017
Security Update               KB3212646               Admin-PC\Admin          3/5/2017

1 user thanked author for this post.

Elly

Reply | Quote

@morty
Your copy and paste came through unreadable, sorry (we’ve had a couple of issues this weekend), so I have removed it as it was rather long.
It may be possible to save your working as text somehow, but I’m sorry I’m not much help with that (I’ve tried my magic trick, but it didn’t help).
Might I suggest you create a topic in the relevant Support: Windows Question section for your computer, which may be more appropriate than the blog here, if you need assistance that is. There you could try to post it again, or perhaps save the results and upload, which might be more successful.
Sorry I’ve not been more help.

2 users thanked author for this post.

Elly, Morty

Reply | Quote

Thank you! I edited it and resubmitted it.

1 user thanked author for this post.

Kirsty

Reply | Quote

Wonderful – thank you
Looks so very different!

1 user thanked author for this post.

Morty

Reply | Quote

Thanks again.
Frankly, this tech stuff is over my head. But I’m managing to tread water….
Morty

Reply | Quote

Frankly, this tech stuff is over my head. But I’m managing to tread water….

Morty, seriously, you should consider moving to Group A type of updating and stop worrying so much and not wasting time with technical stuff which you shouldn’t even know that exists.
But I will leave this for Woody to convince you one way or the other.

2 users thanked author for this post.

MrJimPhelps, Morty

Reply | Quote

Hi Morty, the text version from that page should be a better match:

If you would rather have a text file, the command would be:

wmic qfe list brief /format:texttablewsys > “%USERPROFILE%\hotfix.txt”

1 user thanked author for this post.

Morty

Reply | Quote

Now the question is do I have to go back and install the monthly security updates I missed because I just kept spinning wheels? Those are October, November and December.
Thanks again!
Morty

Reply | Quote

Morty wrote:

Now the question is do I have to go back and install the monthly security updates I missed because I just kept spinning wheels? Those are October, November and December.

From November on, the Security Monthly Quality ROLLUPS are cumulative. Dec contains Nov. Jan contains Nov & Dec. So the only one you need is the last one, and it is the one that will show up in Windows Update. If you wait till patch Tues this month, March will contain Nov & Dec & Jan.

1 user thanked author for this post.

Morty

Reply | Quote

satrow wrote:

Hi Morty, the text version from that page should be a better match:

If you would rather have a text file, the command would be:

wmic qfe list brief /format:texttablewsys > “%USERPROFILE%\hotfix.txt”

That’s what I did!
Thank you,
Morty

Reply | Quote

ch100: I Replied to your Mar 4  5:33 pm Instruction post to me (thanks) and it’s Currently sitting 3 posts below that Mar 4 post (mine shows Mar 5 .. 7:15 am), and I don’t know how you’ll notice it. Should we just make a New Post when Following up Vs Reply. Thanks for the Help!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

Answer is here
https://www.askwoody.com/forums/topic/ms-defcon-5-rare-opportunity-to-get-windows-and-office-completely-patched/#post-99070

1 user thanked author for this post.

ch100

Reply | Quote

I am so pleased that @PKCano is so prompt and has all the answers for all the replies that some of us are most likely to miss for various reasons.

@CraigS26 I replied to you only after noticing that @PKCano has already pointed you to one of the possible solutions. Otherwise you were right in saying

and I don’t know how you’ll notice it

1 user thanked author for this post.

CraigS26

Reply | Quote

B to A was a Total Disaster for me and I’d like to thank my 1st Use Ever of Macrium Reflect Imaging software for allowing me to post this.

I Uninstalled Silverlight and Inst’d the Jan Rollup, Office 10 Update, and MSRT = just 3 Importants showed.

Windows showed the boot screen but would never fully load and the Repair Disk wouldn’t show the Win 7 OS so I could have a crack at the Sys Restore Pt made prior.

I can’t remember IF I Rebooted after the Silverlight Uninstall, and if No, would THAT screw up the entire process?

Any suggestions on what to do next are appreciated – and don’t try B to A without a Recovery Plan.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

ch100 wrote:

Frankly, this tech stuff is over my head. But I’m managing to tread water….

Morty, seriously, you should consider moving to Group A type of updating and stop worrying so much and not wasting time with technical stuff which you shouldn’t even know that exists.
But I will leave this for Woody to convince you one way or the other.

I’m afraid you’re right. Google and Microsoft already know more about me than I do. (So would Apple, but I don’t own a smartphone.)
Thanks, Morty

Reply | Quote

If you’re not overly concerned about snooping, Group A is the way to go.

This coming from a guy who uses Win10 constantly and has already made the plunge… so what do I know?

4 users thanked author for this post.

JDeC, Chip, ch100, Morty

Reply | Quote

CraigS26 wrote:

I Uninstalled Silverlight

Many years ago, I inadvertantly installed silverlight on a friends PC who didn’t want Silverlight. Subsequent to that WU faux pas, I uninstalled it and did some tests to find MULTITUDES of dead registry entries bogging down and slowing the OS, x86 Windows XP. Needless to say, it took ages tracking down and removing silverlight entries from the registry. Registry cleaners helped a bit but, I was forced to manually search and remove the offending entries within the registry. In the end the PC was performing as expected with regards to tests prior to silverlight installation, never again!

Ever since then, Siverlight hasn’t been near any of our or friends PC’s and the good thing is, I think Microsoft are retiring it anyway.

Windows - commercial by definition and now function...

Reply | Quote

Silverlight is dead as a doornail. Just as embarrassing these days as ActiveX.

Microsoft is putting nails in the coffins of both by simply phasing out Internet Explorer.

2 users thanked author for this post.

JDeC, Microfix

Reply | Quote

Sadly, MS Silverlight is still relied upon for “secure” SAAS business applications… Its security has long been questioned, and its stability is poor.

1 user thanked author for this post.

ch100

Reply | Quote

And yet, Microsoft are still offering it via WU on Win7 and Win 8.1!

Beyond belief..but, there again, they are trying to kill these OSes off in favour of Win 10.

Windows - commercial by definition and now function...

Reply | Quote

It is offered to Windows 10 too.

Reply | Quote

Wushowhide shows Silverlight on my PCs (Win 10 Pro) but MS Update has never tried to install it even when it isn’t hidden.  YMMV.

-- rc primak

Reply | Quote

7 March 2017
Silverlight is used by 0.1% of all the websites.
https://w3techs.com/technologies/details/cp-silverlight/all/all

Web technology fact of the day…
2 March 2017
Flash usage is down to 7% of all websites, declining by 1% every 6 months.

Reply | Quote

woody wrote:

If you’re not overly concerned about snooping, Group A is the way to go.

This coming from a guy who uses Win10 constantly and has already made the plunge… so what do I know?

If you don’t know who does? (Besides Microsoft, Google, Apple and the NSA…)

1 user thanked author for this post.

Microfix

Reply | Quote

woody wrote:

Silverlight is dead as a doornail. Just as embarrassing these days as ActiveX.

Microsoft is putting nails in the coffins of both by simply phasing out Internet Explorer.

When I work from home, I have to use Outlook webmail. And every time I attach a file (in Chrome), I get this message:

Choose more files

If you don’t like waiting to type while your files are being uploaded, install or upgrade Silverlight.

Silverlight is one of the undead.

Reply | Quote

Better to wait than install a zombie

Windows - commercial by definition and now function...

1 user thanked author for this post.

Morty

Reply | Quote

Good advice.

1 user thanked author for this post.

Microfix

Reply | Quote

If you need Silverlight, install and use Silverlight.
If you need Flash, install and use Flash.
If you need Java, install and use Java.
But keep them always up to date.

Those technologies exist to be used and enough reputable sites implement them.

Avoid them only when you don’t use them.

Reply | Quote

B to A:  It appears that RESTORING Silverlight via Macrium Reflect from its Uninstalled state allowed a successful loading of the Jan Rollup. It could be just my Win 7 but I’d  think hard before Uninstalling Silverlight. I did Not include its Update and stuck with Only a 2010 Office update and MSRT nets 3 of the 4 Importants.

Standing by for March Group A instructions.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

woody wrote:

If you’re not overly concerned about snooping, Group A is the way to go. This coming from a guy who uses Win10 constantly and has already made the plunge… so what do I know?

If I switch to Group A, will it conflict with what I already installed in my attempts to stay in Group B?
Frankly, CraigS26’s B to A cautionary tale scares me. But I never installed Silverlight; does that make a difference?

Reply | Quote

Craig has a specific setup or problem with his computer which needs to be fixed.
Normally you should not have any problem if you allow Windows Update to manage your updates and do not hide updates or take any other adverse action and use the system as it was designed.
The Silverlight offer appears only if the so-called Microsoft Update option is activated (update other products from Microsoft, in addition to Windows), but that option is useful for updating Microsoft Office.

Reply | Quote

ch100 wrote:

If you need Silverlight, install and use Silverlight. If you need Flash, install and use Flash. If you need Java, install and use Java. But keep them always up to date. Those technologies exist to be used and enough reputable sites implement them. Avoid them only when you don’t use them.

That’s a sensible approach :). I use Silverlight for my online TV (my cable provider still uses it), I use Flash (Spotify Web Player for example), have updates set to automatic and no problems whatsoever.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

1 user thanked author for this post.

ch100

Reply | Quote

ch100 wrote:

Craig has a specific setup or problem with his computer which needs to be fixed. Normally you should not have any problem if you allow Windows Update to manage your updates and do not hide updates or take any other adverse action and use the system as it was designed. The Silverlight offer appears only if the so-called Microsoft Update option is activated (update other products from Microsoft, in addition to Windows), but that option is useful for updating Microsoft Office.

Wouldn’t it appear that DELETING Silverlight was my problem Vs HAVING it installed. When Macrium Replaced it via Image Jan’s Rollup installed fine. I don’t even remember Installing Silverlight or what I would use it for —  I presumed it was a Day 1 App included by Gateway.

Morty wrote:

If I switch to Group A, will it conflict with what I already installed in my attempts to stay in Group B? Frankly, CraigS26’s B to A cautionary tale scares me. But I never installed Silverlight; does that make a difference?

Don’t know why you would have the issue I did since you wouldn’t have UN-installed it prior to installing the Jan Rollup. Other issues might occur but they shouldn’t be based on my experience.

I presume we’re at the point where if we KNOW we USE Silverlight, Update it (ch100), and if we DON’T use it, don’t update (Woody).

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

Back to business.
Regular Office Updates have been released today, first Patch Tuesday of March 2017.

I can also see new versions of KB2952664 and KB2976978.

Maybe it is the right time now to get back to MS-DEFCON 2 for a little while.

1 user thanked author for this post.

woody

Reply | Quote

MrJimPhelps wrote:

anonymous wrote:

Advice needed please: Am in group B but thinking of going to Group A. Have installed the January security only update. If now want to go to group A do I first have to uninstall the security update or will it install over it.

Glenda: If you are moving to Group A, I have two suggestions for you: 1. Do regular complete backups of your Windows hard drive, so that if a rogue update somehow hoses Windows, you can easily get back to where you were prior to the update being installed on your computer. 2. Consider installing a second hard drive and keeping your data on it rather than on the primary hard drive. (Be sure to do a regular backup of the Data drive as well, but separate from the Windows backup.) In this way, if you have to restore a Windows backup, your data will not get erased in the restore process.

Great advice, but one caveat:

I was having problems with a PC (I won’t name the company), back in 2001. I was on the phone with them often and, finally, a rep told me, “Everything you’re doing is a band aid. You need to reformat and start over.”

So here’s where the caveat comes in: I had two hard drives in the box and used one of them for backups. I explained this to the rep. And she told me to put in the system recovery disk and follow the instructions. What she didn’t tell me was that the system recover disk would reformat all the drives in the box.

I lost eight months of work, plus all the backups.

The company agreed it was their fault and paid for me to attempt retrieving the data with Ontrack (I think that was the name). But the backups were image files that were too big to retrieve.

Lesson learned: Use an external drive for backups, even if you have a second internal drive.

1 user thanked author for this post.

rc primak

Reply | Quote

Whether you use File History and one internal drive, or make use of a secondary internal drive which is mirrored to an external drive, data backup is really easy to set up.

As Morty has experienced, internal drives are no safer than extra data partitions when it comes to mishaps involving all volumes (and all drives) within the PC. Just don’t do anything which may mess up the external drive while that drive is attached.

Which is why I always keep a spare copy of the external drive, and except when copying, never attach both copies to the PC at the same time. (And do all drive to drive copying with WiFi and Ethernet disconnected through hardware switching — usually a function key. But disabling the Network Card or Hardware in Windows Networking works almost as well.)

-- rc primak

Reply | Quote

Hi, I’m considering making the jump from Group B to Group A. Currently I have all my security patches up to date. I ran Windows Update today with recommended updates also checked. The results that came back included many of the patches that PKcano recommended not installing in a previous article which are shown below: If you’re in Group B, you want to avoid telemetry patches. The most obvious offenders for Win7 are
KB2952664 KB3021917 KB3022345 KB3068708 KB3080149
Should the patches not listed by ch100 be installed? Thanks.

Reply | Quote

The only patches which you may consider not installing are:
KB2952664
KB3021917

If you want to keep it simple, forget about keeping count of lists of patches and let Windows Update do its job.
Those 2 patches above are overrated in the sense that they do any harm. They do no harm.
Microsoft has published software and specifications for configuring the components provided by KB2952664 to capture the telemetry results internally instead of sending data to Microsoft.
https://www.microsoft.com/en-us/windowsforbusiness/windows-analytics

My considerations for leaving those 2 patches at the end user’s option are that they are not offered to the server equivalent version Windows 2008 R2, which makes me believe that they are not a strict requirement.

The other 3 patches have always been offered to the server version.
KB3022345 (faulty patch, retired)
KB3068708
KB3080149

Reply | Quote

Thanks for your response. When I read this article, you mentioned not installing KB971033 so I removed it. Is this patch something I should reinstall? And for my updates, I only have the security and monthly update for January. Do I need to go back from October and install each one of those individually like the Security updates or would installing the January update accomplish all of the updates? Thanks again!

Reply | Quote

If you are installing the Security Monthly Quality ROLLUPS from Windows Update, the answer in no, you do not have to go back and install everything after Oct. The ROLLUPS are cumulative, meaning the last one contains all the patches from the previous ones. So Jan will bring you up to date.

If you are in Group B, and installing Security Only Quality UPDATES (these have to be downloaded and manually installed), these are NOT cumulative and you have to install each one.

1 user thanked author for this post.

ch100

Reply | Quote

The user has already mentioned that the intention is to move to Group A and my replies are only in that context and not in the context of staying in Group B.

@anonymous

You can safely follow @pkcano earlier recommendations and avoid the group of 3 “telemetry” patches in which case you would be in a kind of “custom” Group A.
I don’t recommend this method though, because those patches are well behaved and follow the global settings under CEIP, are offered to the server version as I said earlier, so they have been vetted for enterprise users and they are likely to end in the rollup patches anyway.
So by avoiding those 3 patches (only 2 current patches because one of them was discontinued and no longer offered) you only make your updating experience complicated for little benefit.

Reply | Quote

Thanks for your response. When I read this article, you mentioned not installing KB971033 so I removed it. Is this patch something I should reinstall?

Keep it removed.
If required, which I doubt because this patch has been largely been obsoleted, you will be asked to install it by a Microsoft page. If this is the case, only then install it.
This patch is supposed to validate you Windows installation for legit key, but historically it is known to have caused problems for valid installations, so if it is not required, keep it uninstalled. There are no dependencies and there will be none in the future between this patch and any other patch. If it comes as part of the future rollup (which I highly doubt), then it will get installed then. Until such an unlikely event, there is no need for anyone to be too proactive about this update. The main known problem with it is that it can normally be uninstalled cleanly, but if it deemed the Windows installation as non-legit wrongly or not, then the damage is caused and marks the installation as such. Is it more clear now why I keep insisting not to install it?

If you move to Group A, you don’t need to go back in time.
Just allow Windows Update to install all the patches on offer (with the already discussed exceptions).

Reply | Quote