MS re-re-..release (again) of KB 2952664 and KB 2976978

Topic

New Reply

We’re seeing a recurrence of the two snooping patches KB2952664 for Win7 and KB2976978 for Win8.1. The last time they showed up, was on March 7th, but
[See the full post at: MS re-re-..release (again) of KB 2952664 and KB 2976978]

8 users thanked author for this post.

Elly, SueW, HiFlyer, woody, MrBrian, AJNorth, JDeC, Pepsiboy

Reply | Quote

Replies

PKCano,

I got it listed today, also. It is Optional and unchecked at this time.

Time to hide it AGAIN ! ! !

Dave

Reply | Quote

Why?

They’ll just un-hide it AGAIN.

Won’t it disappear “automatically”? And even if installed, will it have any effect, when you’ve opted out of the CEIP?

It’s certainly not easy to be microSoft with such ungrateful customers! 😛

2 users thanked author for this post.

SueW, HiFlyer

Reply | Quote

It’s optional, which makes it an option to not install it.

Do you give the 3rd or 4th scammer to call you your credit card number? They’ll just call AGAIN. 🙂

-Noel

Reply | Quote

Nothing serious or new 🙂

4 users thanked author for this post.

Cesar, PKCano, HiFlyer, woody

Reply | Quote

Must be some changes to 664.  I hid the March one and it was 6MB now the new one is 6.2MB`s

Reply | Quote

Just got mine at 11am this date.

Reply | Quote

Ah well at least you still can ignore them. Better than Win 10 where you get what you get and its not your choice anymore. Microsoft is sort of the nanny of your PC these days.

Reply | Quote

We have some important updates for you (wink). They help keep your system up to date (wink).  As someone else said, at least you still can ignore them at least for a while. What other choice do you have but to move to Windows 10 which certainly isn’t better in terms of controlling updates. Not unless you fork over for Win 10 Pro which still only is marginally better. At this point I don’t see a good option, Linux still sucks, Mac OS is pricey unless you do a hackintosh. Chromebook’s are no better your in a Google world with again forced updates. Maybe I’ll go back to DOS?

Reply | Quote

I still wonder why Microsoft is so interested in collecting information about Windows 7 systems. It can’t be for  an “improved customer experience” because there won’t be any more new features for W7 – just security updates until January 2020 (hopefully).

In fact, there haven’t been any new features added to W7 for several years now.

Perhaps all the telemetry is to help them find new ways to try and get everyone off W7 and onto W10 seeing as all of their previous efforts haven’t been too successful so far.

Carl D.

Reply | Quote

Windows 7 still has nearly twice the market share of Windows 10. It isn’t just Microsoft, via embedding telemetry into Windows 7, who has keen interests about everything which Windows 7 users do with their computer. In fact, telemetry is also sent to non-Microsoft servers which are operated by companies which are not part of Microsoft. A good while back I stopped investigating just how deep the rabbit hole goes. Instead I focused on making sure that the Windows 7 operating system on my computers sends zero telemetry.

4 users thanked author for this post.

Elly, SueW, Karlston, Cascadian

Reply | Quote

I now can’t keep 2952664 out by any method I know.

I can mark it as “declined” in WSUS but it still persistently re-installs when manually uninstalled and marked “hidden” in the update client on Windows 7 Pro computers in my domain.

“Approved for removal” is now greyed out in WSUS, so I’m pretty sure that’s no help.

Reply | Quote

the new KB2952664 patches for Win7 is revision V23 and the new KB2976978 patches for Win8.1 is revision V22.

2 users thanked author for this post.

SueW, ch100

Reply | Quote

Anyone remember what version the KB2976978 that is baked into the latest Windows 8.1 ISO (sometimes known as U3) is? if we are on v22 now?

Also KB2976978 can be removed, it isn’t really baked in, you just have to mark it as removable.

Reply | Quote

v2

Reply | Quote

anonymous wrote:

Anyone remember what version the KB2976978 that is baked into the latest Windows 8.1 ISO (sometimes known as U3) is? if we are on v22 now? Also KB2976978 can be removed, it isn’t really baked in, you just have to mark it as removable.

I am in Group B for privacy reasons. My Windows 7 laptop just died and since 2020 is getting closer and I keep laptops for about 6 years or so, I bought a new dell with windows 8.1 installed rather than getting windows 7 and updating it in 2020 to windows 8.

Anyways, when I looked at the list of installed updated I found KB2976978. I would like to remove this spyware but can’t even in command prompt. You mentioned that you can remove it it by marking it it as removable. How do you do that?

I also found this board that MadMaxmx claims he removed it (on page 2 5th post from bottom) but he didn’t describe how he did it. https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/i-cannot-uninstall-windows-update-kb2976978/ce005f1a-7deb-4147-88be-0d153d5d73ab?auth=1 Anyone have any ideas?

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

Reply | Quote

@ Erik

Look under the Comments at …
https://www.ghacks.net/2015/04/17/how-to-remove-windows-10-upgrade-updates-in-windows-7-and-8/
.
https://www.ghacks.net/2017/02/11/blocking-telemetry-in-windows-7-and-8-1/

Reply | Quote

Whoa, you replied to my post from a long time ago, glad I saw it! You might want to start a new thread.

This assumes you installed from the last Windows 8.1 DVD ISO (semi-officially known as U3 — Update 3 from November 2014). First uninstall any instances of KB2976978 you are permitted to remove. Then when you are back to the “locked” version from U3:

Go to:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2976978~31bf3856ad364e35~amd64~~6.3.2.1\Owners

Then find the “DWORD” “Package_for_KB2976978~31bf3856ad364e35~amd64~~6.3.2.1” with the value “0x20080”, if you find it, before you change it chances are you will need to take ownership of that key, then grant yourself (or everyone, this key is going away when you uninstall KB2976978) full control.

If you’ve found the key and the value is as expected change it from “0x20080” to “0x20070”. You should now be able to uninstall KB2976978 semi-locked-in from the U3 DVD.

I’ve scripted this as part of larger “anti-junk” script (for windows 7, 8.x), so far no-one has expressed any interest testing/using it (although I’ve used / updated it extensively).

It’s surprisingly hard to script a “take ownership” of a registry key from a batch file. In all my batch script has a C++ import via an inline powershell script (which I had to escape from a “here-string” to in-line, then RE-escape it into the batch file — all just to take ownership of a registry key), a simple javascript file to hide windows updates (wasn’t able to in-line that — separate file), and a in-line scheduled task to hide those updates on a schedule (every 12 hours or when a new update is downloaded).

Let my know if you need more info or want to test/use the full batch file. (reply here, but make a new thread too)

1 user thanked author for this post.

Erik

Reply | Quote

You can spare yourself the take ownership part by launching cmd or regedit with TrustedInstaller privileges, using NSudo tool:

https://github.com/M2Team/NSudo

Reply | Quote

That would mean bundling additional software, as it stands now it is two plain text files (a .bat and a .js)

Reply | Quote

Thanks, I finally got around to doing this. I had to fumble with it a little, but I got it done. I have little experience with registry edit (but at least I knew that was what you were referring to). First I didn’t know what HKLM was but figured out that it was short for HKEY_LOCAL_MACHINE after looking at the available choices for a bit. It was straight forward through packages but there were two packages for KB2976978. I opened both and opened owners for both and only one had the value of 0x20080 so I figured it had to be that one. Then I did not know how to take control of the key and it did not allow me to assign full control to myself. I did finally find out how to take control with help from this site:

https://www.eightforums.com/tutorials/2808-take-ownership-file-folder-drive-registry-key-windows-8-a.html

I was then able to refresh the installed updates and “uninstall appeared” No problems uninstalling it now. Thank you!

By the way I replied to an old post because I thought most likely you would get notification that it was responded to. My experience from other forums I use (mostly vehicle specific for vehicle maintenance) is that most people don’t like to repeat answers to issues if you can search for them first.

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

Reply | Quote

I’m seeing 2952664 in both Important and Optional. In Important, it is listed as 6.0MB, and in Optional it is 6.2MB. I deleted the DataStore before running the update scan to make sure there was nothing left over from before. If I hide one of them, the other remains. I now have two separate entries for 2952664 in the hidden-update list:

Reply | Quote

You have patches with the same number, but they are not the same. They are two different versions. Notice ones says optional, the other recommended. The “optional” one will show up in the unchecked in the “Optional updates” list. If you have “Give me recommended updates the same way I get important” box checked the “recommended” one will show up in the “Important Updates” list, possibly checked, but if the box is not checked it will be an unchecked in the “Optional Updates” list until it becomes important.

The older version (let’s say v.x) is “recommended.” The newer version (v.y) comes out with the same KB number as “optional – it’s like a preview. V.y stays “optional” untill MS promotes it to “recommended,” at which time it replaces v.x (the older one) and v.x disappears. This usually happens on Patch Tues when the updates are released.

You can have two with the same KB number as long as their “status” is different. This is the part of the “supersedence” process we frequently mention.

Reply | Quote

Take note that not installing KB2952664 can lead to problems upgrading from Windows 7 to Windows 10,  see: https://www.niallbrady.com/2016/09/27/how-to-fix-upgrade-hang-when-upgrading-from-windows-7-to-windows-10-version-1607/

1 user thanked author for this post.

MrBrian

Reply | Quote

Anon#120684, that is a good thing to have in mind if you are going to go that route.

I think at this point it makes more sense to bring your backups current and ignore any upgrade transitions and possible conflicts by opting for the often recommended ‘clean install’. Are there reasons to allow [cruf] stale bits of useless code crowding the background to exist that should have been removed?

If Microsoft has given your machine a current stamp of approval on a hardware check, then make sure you have three things: Your data backups, separate from recovery media; A verified method to get your existing Operating System back, if you need to; Your new install media for Win10, and a key you already know will work. (OK, I guess that makes four things.)

If you are missing any one of those things, then you are not ready to do an in place upgrade either, because things sometimes go wrong. If you have all of those things, then you don’t need to risk it. I’m always open to seeing where I’m wrong.

Reply | Quote

KB 2976978 (for Win 8.1) & KB 2952664 (for Win 7) were tagged earlier this year by Microsoft as a “compatibility update”. Microsoft-speak for “you need this in order to upgrade to Windows 10”. Real-world translation: “We need this to spy on you”. Not until I’m desperate enough to upgrade in the next 5 years!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

KB2952664 appears now as non-optional security update.

Reply | Quote

“non-optional”? How’s that?

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote