Patch Lady – KB4099950 gets a revision

Topic

New Reply

On April 17, KB4099950 was revised.  But not exactly the nicest of revisions as it demands an uninstall and reinstall:   More information Importa
[See the full post at: Patch Lady – KB4099950 gets a revision]

Susan Bradley Patch Lady/Prudent patcher

8 users thanked author for this post.

walker, abbodi86, Elly, laidbacktokyo, JDeC, woody, ch100, Mr. Natural

Reply | Quote

Replies

Thanks for the info, Susan.

So if we haven’t installed any of the March updates, when the DefCon rating is raised and it’s time to install the April update KB4093118, should we also install KB4099950 assuming that it is offered again? It was optional but then disappeared.

Also, what about KB4100480 which I didn’t install in March but it’s still offered now as important and checked, should that be installed when the April updates are recommended for installation?

Finally, if either KB4099950 and/or KB4100480 are recommended in due course in addition to the April monthly update KB4093118, will there be any recommended order or can they be installed in one lot?

I realise it may be too soon to know the answers to these points, but I’d be grateful if they were addressed please when the DefCon rating is raised.

I’m running two unconnected Windows 7 x64 desktops at home. The only updates I installed in March were the MSRT and the four checked Office 2010 updates (but not the unchecked ones KB2965234 and KB4018317).

1 user thanked author for this post.

DrBonzo

Reply | Quote

I just posted in another thread that today I turned on a server 2008r2 system running on a vmware server that had not been running since October 2017. I ran windows update connected to our WSUS and 14 available updates were available including the new kb4099950. No issues of any type to report including the previous nic issue.

Red Ruffnsore

1 user thanked author for this post.

DrBonzo

Reply | Quote

Do you have vmxnet3 card or E1000/E1000E?
Normally only the paravirtualised NIC vmxnet any flavour should be affected, as it emulates a PCI Express card.

Reply | Quote

E1000. I know a number of you folks have really been going over this quite thoroughly but I haven’t had the chance to get all the details which all of you have covered so well. Thanks

Red Ruffnsore

Reply | Quote

You were lucky to get the fixed WU version of updates, which correctly handle the pci NIC issue (if present)

Reply | Quote

I think E1000 is not affected as it does not emulate PCI Express, but traditional PCI.
I haven’t tested, but this issue introduced in the 2018-03 Monthly Rollup is identical with the one fixed in the past by the private hotfix KB2550978 (included in KB3125574).
See this VMware article for details and various NIC emulated cards. Workaround 3 provides a way around the issues without installing the patch.
https://kb.vmware.com/s/article/1020078

EDIT: A lot of the users affected have Wi-Fi cards which are generally PCI Express cards.
A large number of users are likely not to have any side effects because they use the PCI built-in network cards, especially on older computers.

4 users thanked author for this post.

MrBrian, walker, abbodi86, Mr. Natural

Reply | Quote

? says:

precisely, and thank you ch100. personally, i’m running intel 7260 ac which is as fast as i can go. router runs at 1733 and card runs at 867. i probably did not need to install kb409995 at all, now i have the april 17th version on all machines. thank you microsoft!

Reply | Quote

I have 3 Win 7 computers, all group B. On each, I installed the pre April 17 version of 4099950 from Windows Update, followed by 4088878 from the Update Catalog. No issues of any kind, neither with IP addresses, network connections nor anything else. All 3 machines showed the presence of an updated PCI.sys file in the Windows\system32\drivers folder. None of the machines had PCIClearStaleCache.txt in the Windows\Logs folder.

Last night on one of the machines I downloaded the post-April 17 version of 4099950. It contained two files: the stand alone package which is apparently identical to the pre April 17 4099950, and an additional file, the PCIClearStaleCache.exe file. I ran the latter as an administrator. No issues and the only difference is that the PCIClearStaleCache.txt file showed up in the Windows\Logs folder. But this .txt file simply told me what I already knew, namely that the updated version of PCI.sys file was in the Windows\system32\drivers folder.

So, it appears as though the additional .exe file in the post April 17 4099950 does NOTHING other than tell me something I already knew and that had already been done by the pre April 17 4099950.

I’m not sure how to interpret this, but some possibilities are

1) on this machine I wouldn’t have had any IP or networking issues anyway upon installing 4088878
2) There really is no need to prefer either version of 4099950 over the other
3) the group B 4088878 doesn’t cause the IP or networking issues.

My main interest, though, is whether or not having run the .exe file in the post April 17 version, I’m protected at least up through the March updates. I’m holding off on the April 4093108 update for now.

As always, I’d appreciate any input from those more knowledgeable than I (that probably is most of you. 🙂 )

3 users thanked author for this post.

GoTheSaints, OscarCP, amraybt

Reply | Quote

To expand a bit on what I did, I was following this post by abbodi86:

https://www.askwoody.com/forums/topic/microsoft-releases-major-update-to-win10-1703-and-the-usual-monthly-previews-for-win7-and-8-1/#post-185572

which says if the pre April 4099950 is already installed, the leave it (i.e., don’t uninstall) and just run the .exe file I referred to above – and which you get when you download the post April 17 4099950 from the update catalog – as an administrator.

Everything seems consistent this way and it seems to me that I’m protected as much as I can be without yet installing the April Security Only update.

Again, I welcome any other interpretations and/or comments.

Reply | Quote

Susan, what is your recommendation to me who installed the original April 10th version of KB4093118 and also the original version of KB4088875 in March? I have confirmed that KB4099950 has never been installed as per my list of installed updates. Moreover, I had hid the optional/recommended version of KB4099950 when offered via WU in late March. Since April 17th, WU has not offered me any version of KB4099950 even though that update has never been installed. Group A, Windows 7-x64 Home Premium.

Reply | Quote

Patch Lady,

I am strongly interested in what might be going on with KB4093108, the Security Only patch, rather on its sibling, the unfortunate Rollup. Same problem with that other one? Or not enough information yet?

Woody wrote that he does not know about the Security Only, but that “the problem is quite widespread.”

So here I am now, busily chewing off my fingernails to the quick, hoping for some clarity.

Group B, Windows 7 Pro, SP1 x64, Intel I-7 “sandy bridge” CPU.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

JDeC

Reply | Quote

Well, I’m afraid W7 is a lost cause… MS again and again proves they are unable to patch that OS in a reasonable way, release junk after junk after junk. Switching to W8.1 (which will be receiving patches until 2023) for sure sounds like a much better alternative while you are still able to keep patching under your control, instead of having it crammed down your throat by Microsoft without any other option and getting upgraded twice a year with a new buggy W10 fallen creators late spring updates…

By 2023, either MS will have put their derailed train back on rails, or people will have abandoned their OS altogether.

1 user thanked author for this post.

HiFlyer

Reply | Quote

So Microsoft is telling me I need to install this update (KB4099950), released on April 17, 2018, BEFORE I install either of two updates (KB4088875 or KB4088878) that were released on March 13, 2018.

Where the %#$@Q% do I get a time machine to make this happen????

If I’ve read this correctly, this is a new high (low?) in update screw ups.

1 user thanked author for this post.

walker

Reply | Quote

My question to Microsoft is what are the average pc user suppose to do when they have no knowledge of any of this.  How would the average person even know to install one update before another, or uninstall an update then reinstall the same update from the catalog.  Does the average user know what the catalog is or how to find it?

3 users thanked author for this post.

HiFlyer, jburk07, walker

Reply | Quote

The average user probably does not know how to evaluate when and how to install patches. Patches look the same and have the same weight: optional and important are treated equally. Instructions are difficult, obscure, hidden, contradictory, or result in link-not-found errors.

If patches are installed, it’s because the user mashes computer-anything-that-moves and forges onward with metaphorical sledge hammer hoping for the best.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

HiFlyer

Reply | Quote

anonymous wrote:

My question to Microsoft is what are the average pc user suppose to do when they have no knowledge of any of this

You have just asked the big question. The people you are talking about are not just the ones with Win7 Home who do nothing but email, search the Internet and have their PCs on Auto Update. They include many small (and not os small) businesses who do not run (cannot afford) Enterprise Editions or full-time IT staffs.

Microsoft is obligated to support Win7 until 2020 for what amounts to half it’s user base. It’s not fulfilling that obligation by turning out defective updates for the public to Beta test. And it’s not doing much better by it’s Enterprise customers because it is feeding the same broken patches to WSUS and SCCM.

Some entity/agency needs to put it’s foot down and hold Microsoft to it’s obligation.

8 users thanked author for this post.

HiFlyer, jburk07, SueW, walker, Elly, NoLoki, David F, Seff

Reply | Quote

As you most aptly state, more than half of Microsoft’s enterprise clients are still on Windows 7. Is this the way to treat your most valued clients?

Today, the IT department shoulders the burden of maintenance and the users in an enterprise are primarily oblivious to it. These users are no more computer literate than the average home user. A locked-in AND locked-down environment makes Microsoft look good. The locked-in side will soon disappear with the maturing of cloud services. Microsoft’s monopoly is set to dissolve.

I do not think that the obligations set out in ‘extended support’ has anything to do with the issues that have plagued Windows 7 since January 2018. This is basically sloppy, rushed work by a small group of people. I think there is a good amount of indifference from Microsoft management as well. It will cost them.

1 user thanked author for this post.

HiFlyer

Reply | Quote

As children in wartime, average Windows users now must grow up fast… into their own IT and Operating System experts… or that seems to be what is expected of them by the wizards of One Microsoft Way, in Redmond, Washington State.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

Susan,

The big question that I originally posted here and which Woody quoted in his Computerworld article is:

So those of us who installed KB4099950 before March Rollup KB4088875, but prior to April 17, 2018, have to uninstall the older version of KB4099950 and reinstall to be sure we have the most recent version?

Are we supposed to do that before or after installing April Rollup KB4093118?

Do you have the answer to this question?

3 users thanked author for this post.

walker, DrBonzo

Reply | Quote

The last monthly update I installed was February’s Rollup KB4074598 on 03/06 after DEFCON 3 was issued. Per instructions I installed KB4100480 on 04/01 and KB4099950 on 04/07 in preparation for KB4093118.  I did not install KB4093118 because of its issues.

Now it seems I need to uninstall KB4099950 and re-install it.

Can someone please advise.  Do I uninstall KB4099950 and reboot?  Then do I run Windows Update and will it find KB4099950 again?  Or (I have downloaded the two files from the Catalog) do I run both windows6.1-kb4099950-x64_245d5aaf7d50587297825f9176be166c47ad10f7.msu and pciclearstalecache_1c944f48bfb21d88a2054683abcd02327ecf6b37.exe and reboot?  Or do I do nothing and leave the KB4099950 that I already have installed alone?

This is so confusing and I want to do it right.  I used to be in fear of Jan 2020 but that fear is no more because for me Jan 2020 has already passed and patching has become an unbelievable nightmare (at least for me) that I am somewhat comfortable with not patching since that will be the reality come Jan 2020 anyway.  I am more afraid of my machines becoming unusable than I am of being backleveled on maintenance.

I read this site daily for instructions but now I do not know what to do for KB4099950.

Win 7 Pro SP1 64-bit
AMD FX-8350

2 users thanked author for this post.

HiFlyer, walker

Reply | Quote

Update patching is like watching a disaster happening in relative slow motion.

Could this be an orchestrated scenario?

Cautious “B” group patching still seems the only viable option now.

2 users thanked author for this post.

HiFlyer, The Surfing Pensioner

Reply | Quote

? says:

HOOEY!

It is almost May. Miraculously, I was able to install the March security only patches (with more complementary BSOD’s) and moved on to the April security only patches. Question, why would a person need to (re) mess with KB4099950, anyway? I currently have PCI.sys v6.1.7601.24056 on all the Win7 machines. The PCI sections in the registry(s) have no “SlotPersistentInfo” present in the Device Parameters entries. Interestingly, the machines that have wifi NIC cards generated the .txt file in the logs, whereas the machines that connect using usb wifi NICs have no such “.txt” logs, and besides they are listed in the USB section of the registry not in the PCI section. Personally, I am weary of all the circus hoops required to attempt to stay current with these defective and unacceptable “security” updates. PKCano and others are right to restate the fact that most casual Windows users are just that. So, I would very much appreciate a power user to recommend a “final solution,” to this mess tagged KB4099950.

As always, thanks to Woody and company for working so hard to make sense of the long running update nightmare…

1 user thanked author for this post.

HiFlyer

Reply | Quote

Have same question as others. Did not install March rollup. Did not install 4099950. Am going to install April rollup. The full one I always do, not the security only.

Do I have to first separately install KB4099950 or is the rollup all I need?

2 users thanked author for this post.

HiFlyer

Reply | Quote

April rollup is enough

but satisfying WU require installing KB4099950 too

5 users thanked author for this post.

geekdom, HiFlyer, OldBiddy, ch100, walker

Reply | Quote

I installed kb4088878 and kb4100480 and then installed kb4099950. I haven’t installed any April patches since it has problems reinstalling constantly. Do I need to uninstall kb4099950 before installing the April patches when it’s time? I didn’t follow the recommended order with the March updates – got confused – maybe it doesn’t matter if I uninstall kb4099950 at this point?

Reply | Quote

I can’t get the point.

So, I deployed KB4099950 to my enterprise computers before April 17, through PDQ Deploy (*not* WSUS). The checksum of the patch is the same, it was only missing pciclearstalecache.exe. What am I supposed to do? Uninstall and redeploy? And should I run pciclearstalecache.exe before/after the .msu or just place it in the same folder?

Reply | Quote

If PDQ Deploy use msu file directly for installation, then you don’t need to do anything
msu file already contain pciclearstalecache.exe and should execute it

2 users thanked author for this post.

Sheldon88, HiFlyer

Reply | Quote

Something strange happened. Fired the pv up for first time in 3 weeks. Got the WU-notification. Looked. 8 important (roll up April, MSRT and 2952644, + 5 office-updates) and 18 optional. Went to first update my Firefox and Chrome. returned to WU: only 5 available updates (the office ones). The other 3 important ones and the optional ones have just disappeared. Am doing a manual search for updates now, it is taking ages …. Any one here having problems with WU?

Reply | Quote

P.s. 4099950 was not offered separately.

Reply | Quote

… And they are back. Forget last post.

EDIT:

anonymous wrote:

P.s. 4099950 was not offered separately.

Reply | Quote

It seems KB4099950 of either old revision or a new one is intended/applicable only to installation of  KB4088875 or KB4088878

The indirect confirmation of this idea is a current m$ WSUS approach as below:

If no KB4099950 installed then both KB4088875 & KB4088878 aren’t offered.

If KB4099950 installed then both KB4088875 & KB4088878 immediately listed.

Thus if you don’t plan to install either of these 2 March 2018 rollup and/or preview massive updates then you also don’t need to install this registry patch KB4099950 or can safely remove it if already installed.

2 users thanked author for this post.

Demeter

Reply | Quote

I’m not seeing 4099950 as available in WSUS though I do see the March 2018 offerings. I got it from catalog for testing on W2K8R2 VM, installed and then patched March sec only update. Production VM’s are not patched with either 4099950 or 4088875|8.

Reply | Quote

@laidbacktokyo:

There was a message a while back (April 12th I think) recommending that KB4088875 should be hidden.    I hid it, and since I can’t seem to get my “restore hidden updates” to be functional (it only comes up with 4 at a time (THE LIMIT), and these are the recent ones), I couldn’t restore it if I wanted to.  I try to make a  note when I hide an update, however it’s a “no win” situation because it leaves so much to keep a handle on.

My question is:    Is there any action which a user can take which will show ALL of the hidden updates instead of just the last FOUR?   Never had this problem until recently, however it is very frustrating not to have this capability.     Seems I’ve seen a few others that have had this problem occasionally, so wondering if there is a “magic method” to store this function.

I installed the 4099950 as soon as it came out.

Any and all suggestions are appreciated.    🙂

Reply | Quote

walker wrote:

Is there any action which a user can take which will show ALL of the hidden updates instead of just the last FOUR?

Walker, I ran into a similar issue when I once checked my hidden updates and saw that I had none, even though I knew I had many.

Try this: run ‘Windows Update’ first; once there, ‘Check for Updates.’  Then, ‘Restore Hidden Updates.’  One needs to ‘check for updates’ at least once before being able to restore hidden updates.  Hope this works for you.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

walker, jburk07

Reply | Quote

@SueW:  Thank you for the recommendation, however I was already aware of this “glitch” in not getting many (except recent ones) updates which had been hidden.   I was only able to get 4 of them twice now, however I may try again.

I’ve seen it where you couldn’t see “ANY” of these hidden ones, however it’s been quite a while, and after I began checking updates first everything came up, however “not now”, so I’m wondering if MS has added “something” which has this function  “NON-FUNCTIONAL”.   I’m Win7, x64, Home Premium, Group A.  Never had this problem until just recently.   Thank you for the information you provided.   If I’m ever successful in attaining the old COMPLETE list of hidden updates, I’ll post it here.    🙂

1 user thanked author for this post.

SueW

Reply | Quote

@walker

well, sorry, I never saw such absolutely odd stuff like limit of 4 updates in any of win7  WSUS lists including the hidden ones. Moreover I guess it’s just impossible to set such limit or your win7 update center is damaged.

Anyhow 1st pls check your win7 wsus setting like a pic below. Pls don’t care of a note on ‘some parameters control by admin’. It’s my particular case.

2nd – the another pic below is just taken from my win7sp1x64ultimate of its current updating status as Dec2017 rollup but KB4099950 PCI 29KB registry patch is installed!

Reply | Quote

Interesting post with April 2018 patchday issues appeared on https://borncity.com/win/2018/04/20/microsoft-april-2018-patchday-issues/

But we are still on MS-DEF 2 so read and believe in a bright clear future of Microsoft patches.

2 users thanked author for this post.

woody, The Surfing Pensioner

Reply | Quote

My mistake. As I thought, you still need to import from catalog into WSUS.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099950

But why is there an MSU and exe for this patch? What is happening? MS is not handling this very well.

1 user thanked author for this post.

woody

Reply | Quote

WU and WSUS deal with inner cab files for updates, not msu files
so the exe inside msu file but outside cab files wil no reach WU/WSUS
therefore the external exe file is to workaround that

6 users thanked author for this post.

MrBrian, HiFlyer, jburk07, ch100, columbia2011, woody

Reply | Quote

anonymous wrote:

MS is not handling this very well.

You can say that again…

2 users thanked author for this post.

HiFlyer, walker

Reply | Quote

woody wrote:

anonymous wrote:

MS is not handling this very well.

You can say that again…

Depends on what M$ real goal is.

2 users thanked author for this post.

Bill C., Cybertooth

Reply | Quote

I am in awe of the knowledge on this blog.  And I am learning from you.  However, as just an average Group A computer user, I’m hoping that when all the dust settles we will receive a simple instruction on how to proceed.  This should include whether we need to install 4099950 separately or just the April Rollup.  Again, thanks to all who devote so much time and effort to help us keep safe on our computers.
?❤?

Edit to remove HTML

2 users thanked author for this post.

HiFlyer, Spiral

Reply | Quote

@Peacelady
I, like you, would consider myself pretty much as an “average Group A user”…with the distinction of one who wants to learn, understand and in some measure take control over my computer enough to insure I am running a safe, stable and secure environment. Last month seems to have been one of the more complex and confusing for windows-7 in quite some time, and while the more we read and consume the mounds of information, the more confusing and anxiety ridden the experience may seem…it is important to keep up so as not to miss some subtle answer that may slip through if we are not paying attention…it is none-the-less- reassuring than ultimately just prior to the next round of updates Woody always manages to pull things together enough to give us a write-up in his ComputerWorld site to explain the procedure(s) we need to follow to hopefully insure success…in a straightforward and concise manner. So while we may stress in our desire to follow and understand throughout the month just what is going on and what we need to know…things seem to flush themselves out just in time…even if we may always be a month behind. Hang in there…Woody’s has not failed me yet. I hope you find a bit of comfort in these words!!!

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

3 users thanked author for this post.

HiFlyer, jburk07

Reply | Quote

Sorry to disagree with you as respects last month March updates.

We were pretty much left to fend for ourselves and decide (mainly based on what others did) whether to install March updates or not. Lots of conflicting info regarding several tag along KB’s.

In the end no clear cut direction was provided only warnings.

The defcon system was rather useless.

Reply | Quote

anonymous #186251….I did state that March’s were the most complex and confusing month’s situation I have thus far experienced, however I did manage to tread through the wilderness and break through the other side successfully, minus the KB4099950 issue which still remains unsettled on my machine though with no apparent backlash that I can see…but I managed to scale through with the help of everyone here in regard to all the other updates and KB’s…so I consider that to be in large measure a testimony to the value of following the advice here…questions did still remain, but I am still on a functioning machine thanks to all here. I consider that as close to success as I could hope for, given the nature of the issues Microsoft has thrown at us. I respect your opinion…but I will still give Woody and All a thumbs up…for, after all, we are each responsible for seeking our own answers and making our own decisions in regard to our own unique devices and experiences…Woody is not responsible for what Microsoft does…nor for the maintenance of our machines, thus I will accept graciously any guidance I might glean from this site…now and going forward.

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

5 users thanked author for this post.

Cascadian, Elly, HiFlyer, SueW, jburk07

Reply | Quote

…it is none-the-less- reassuring than ultimately just prior to the next round of updates Woody always manages to pull things together enough to give us a write-up in his ComputerWorld site to explain the procedure(s) we need to follow to hopefully insure success…in a straightforward and concise manner.

Agree not so much for March, certainly no definitive direction on what to do.  Some of us updated, others awaiting more clear direction for April.  Some even rolled back to December 2017.  What a mess!  Woody and Susan not even in agreement!

Lets hope they all tell us specifically and concisely what to do shortly with April.

Reply | Quote

Agree not so much for March, certainly no definitive direction on what to do. Some of us updated, others awaiting more clear direction for April. Some even rolled back to December 2017. What a mess! Woody and Susan not even in agreement!

As the saying goes, “everything should be made as simple as possible, but no simpler”…
in other words, dude, there’s not always a simple one-size-fits-all “right answer” universally applicable to everyone in every situation.

That being said, thanks much to woody & susan & abbodi86 & mrbrian & ch100 & pkcano & the many others here on AskWoody providing constructive–and much appreciated–information and insight and advice. Because of your input I’m better informed on patching matters–and therefore in a better position to make patching decisions for the systems I’m responsible for.

(Ooops, think I just ended a sentence with a preposition. Guess maybe now I need to find a good grammar forum? 🙂 )

4 users thanked author for this post.

MrBrian, HiFlyer, SueW, jburk07

Reply | Quote

The Defcon system works great. I’m never intimidated by making my own choice when there is enough information. I am frustrated by Microsoft’s poor documentation and testing. I really appreciate the good information that I find here… and especially that there are people willing and able to test the patches that Microsoft puts out there. The poor people not following the Defcon system were the beta testers… and they found lots of problems for us since the beginning of this year. The actual testing done by various Loungers and MVPs then pinpoints what the problems are, along with possible fixes. There was a lot of information posted about “I did this… and this is what happened”… That is not the same as “you should do this, now”… but will be part of what Woody considers when making his patching recommendations.

I really appreciate that Woody respects that there are those of us who want to follow different patching strategies. I didn’t even know that the possibility of foiling telemetry and auto-updating pitfalls even existed before I came here. But, I have had to figure out what my values are (and they are about not allowing privacy invading technology loose… and I’m not telling anyone else they have to have the same values), and educating myself as to how to do that for my laptop.

Yet… it can be frustrating for people who jump in here, in the middle of the patching fiasco that Microsoft has presented us this year…

To me, I have very clear ideas about what I want my laptop to do and not do… that probably makes it easier for me to make a choice, when presented with such. I accept that there are risks, no matter what direction I take. The value, here, is that I have a pretty good idea of what those risks are, and how to recover from them. That is what I’ve learned, in addition to using the Defcon system, to keep my system safe.

What does having a clear path of safety mean to you? Woody recommends Group A patching for most people. From what I hear (Group B, here, so not tested first hand) most of the problems of the last three months are being worked out. There was a lot of testing and retesting, and checking and double checking, changes by Microsoft, and more testing and checking… and that gets reported. There have been a lot of problems, but there haven’t been a lot of complaints from those on Group A, following the Defcon system. That means that they have updated through March… successfully… following Woody’s instructions… and are waiting for April patches to be cleared…

And yes, Woody (and Susan) gave us the heads up on the problem (Total Meltdown) that Microsoft had opened up, that was worse than the problem being patched… and they gave us choices about what to do about it… but, if you read through, they informed us about what the problems were, what the risks were, and what our choices were. Somehow, I feel much better about that, than turning on automatic updating, and taking my chances that Microsoft knows best… I have too many family members who had GWX regret… whereas, by following the Defcon system here, I avoided GWX, and all the patching pitfalls, and have a stable and useful computer, that has had none of the bugs being reported here. It is vulnerable to things that would have been problematic on auto update, but Woody’s Defcon recommendations have always guided me through…

I’m curious, what about the Defcon system isn’t working for you? It may be simply a matter of deciding which Group you are in, and double checking those particular instructions and apply them to your system. We can’t fix Microsoft, but we can avoid the worst that they are throwing our way.

Non-techy Win 10 Pro and Linux Mint experimenter

10 users thanked author for this post.

Bill C., Cascadian, HiFlyer, walker, AlphaCharlie, jburk07, amraybt, columbia2011, SueW, Individualist

Reply | Quote

I’m going to try one more time to make my point. I am totally a Group A member.

In another post, a poster suggested that one does not need to follow all the commentary in all the various topics to stay on top of each month’s update issues – just follow the Defcon rating.

First, clearly this did not apply to March as recommendations were all over the place and mostly as relates to Win 7.  Hardly any info regarding the vars Windows 10 versions yet only 1 conditioned Defcon rating.  Susan recommended to roll back to Dec 2017 and wait while Woody issued all kinds of cautions and concerns, and subscribers posted what worked for them. No agreement as to if KB4099467 was really needed or not and if it caused any issues if installed as a precaution – so close your eyes and guess.

A lot of information, but in the end the road to take was up to the reader which was where the reader was before spending the time reading all the info provided.  So the reader might as well have saved the time and just taken a shot in the dark as to what to install and hope for the best.

In essence, no help really what to specifically do which is why one comes to sites like this in the first place.

Again there was hardly any time given to Windows 10 – but one Defcon rating given for all Windows versions – really?

Here we are regarding KB4099950 awaiting answers:

>If installed the original KB, does it need to be uninstalled?

>If one did not install the March KB, is KB4099950 even needed?

>Does the April KB include the new KB4099950?

Woody? Susan? PK?  Answers pls.

>Where are we as respects the various iteration of Windows 10 – crickets…….

All I am trying to say is people are lost in the sea of trial and error and come to places like this to get specific direction not to read for hours only to end up having no better direction than when they started.  We all know coming in we could make a choice, we are hoping to leave with guidance on what is the right choice.

Reply | Quote

Please follow this link: https://www.computerworld.com/article/3268133/microsoft-windows/get-the-march-patches-for-your-windows-machines-installed-but-watch-out-for-win7.html

And realise that it was written on 6APR2018. You seem to want one authoritative direction out of the many learned examples, opinions, and advice that is available from a large group of people. On this Website, AskWoody dot com, that would be Woody Leonhard. He alone commands the MSDefcon rating that you have stated you would like to follow. That link is to the most recent occasion that Woody raised the MSDefcon level, temporarily, to allow for March released updates to be installed. It may read as dated, because two weeks has allowed for new developments to occur. And this fluid situation creates new advice that adds to your confusion.

That series of Computerworld articles gives direction straight from Woody’s fingertips. Outside of his control is the poor environment that Microsoft has created in its own updating structure this year. So instead of his usual ‘do it this way’ direction, Woody was forced to acknowledge that Win7 had difficulties, and gave optional advice as well. But Win10 directions were so clear you may have skipped right over them.

Windows 10

Go ahead and install all outstanding Win10 patches. They were re-released and re-re-released in March, and the current versions appear to be working OK. Heaven only knows what’s going to happen on April Patch Tuesday, so get the patches squared away now.

(from the Computerworld article linked above)

Under the MSDefcon system, there will be no further directions until the level has again moved to a level 3 or more. All other advice is outside the MSDefcon system.

It is also possible to read and share opinions outside the MSDefcon system of patching. But that is not definitive advice you seem to seek. I, like many, enjoy reading more information, even if I do not intend to take any action until after Woody has written his next MSDefcon article for Computerworld. It will publish the same day that he changes the number at the top of this and every AskWoody page when he creates a teaser topic on this blog that will link to that next Computerworld article.

5 users thanked author for this post.

SueW, columbia2011, Elly, Cybertooth, jburk07

Reply | Quote

On your other listed questions…

anonymous wrote:

Here we are regarding KB4099950 awaiting answers:

>If installed the original KB, does it need to be uninstalled?

>If one did not install the March KB, is KB4099950 even needed?

>Does the April KB include the new KB4099950?

Woody? Susan? PK? Answers pls.

I am not of the level you asked for. But I did the search legwork and have decided to reference abbodi86, from 18APR2018, as the most succinct…

They fixed the KB4099950 issue with WU yesterday
if you have it installed, uninstall it and let WU reinstall it

you may also go with the manual way from the catalog

Then, on my own, I will say that if you have not installed a ‘March’ rollup, that is the proper time to install KB4099950, before installing the rollup, and the new one is the only one available now. But then you wouldn’t be a totally GroupA member if you haven’t yet done that. Further, if you choose to wait for the MSDefcon clearance for The April SMQR, then appropriate directions will be given then, when more is understood. Any opinion before then is optional, outside the MSDefcon system.

Reply | Quote

Individualist wrote:

I will still give Woody and All a thumbs up…for, after all, we are each responsible for seeking our own answers and making our own decisions in regard to our own unique devices and experiences…Woody is not responsible for what Microsoft does…nor for the maintenance of our machines, thus I will accept graciously any guidance I might glean from this site…now and going forward.

Very well said, Individualist.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

3 users thanked author for this post.

HiFlyer, SueW, Individualist

Reply | Quote

Don’t know if this helps anybody, but since this site has been such a great help I figured I’d post my current standing.  I have a Win7 x64 system that I had all patched up for Jan/Feb.  With the March mess I skipped the March rollup.  I did install the original KB4099950 from WU and never got the txt log file.  Yesterday I decided to bite the bullet and did the following:

1) Hid the May preview rollup in WU

2) Uninstalled the old KB4099950 and downloaded the new version from the catalog.  After installing I now had the txt log file

3) After rebooting I installed KB4093118

I’m now all patched up and been running for 2 days now with no issues that I can tell.  For me at least it looks like hiding the preview rollup and pre-installing 4099950 has worked well with KB 4093118.

Edited for HTML Please use Text tab for replies, when using copy/paste.

3 users thanked author for this post.

HiFlyer, jburk07, Individualist

Reply | Quote

I installed Kb4100480 using windows update April 7 and the newest Kb4099950 April 18 from the catalog. Kb4088875, Kb4091290 are still hidden and unchecked, do I need them or just wait for Kb4093118 when Woody says it’s safe to install?

Windows 7 Home x64 SP1 Group A

Windows 11 Pro
Version 23H2
OS build 22631.5039

Reply | Quote

You probably won’t need them since the Rollups are cumulative.
But wait and see what Woody recommends when he raises the DEFCON numbe.

3 users thanked author for this post.

HiFlyer, walker, JDeC

Reply | Quote

Will do, Thank you PK

Windows 11 Pro
Version 23H2
OS build 22631.5039

Reply | Quote

@PKCano:  I have a question relevant to checking the “Add Microsoft Programs Updates” too, when doing the “check for updates”.   It seems that it was recommended, and mine isn’t checked so perhaps that would solve the problem I’m having getting the full listing of “hidden updates”?

Thank you for any advice you can provide on this subject.  It is very much appreciated, as always.    🙂

Reply | Quote

“Updates for other Microsoft Programs” will give you updates for programs like Office, C++, Silverlight, Skype – updates for OTHER programs, NOT Windows updates.

You may not be seeing past updates because they are not needed. The Rollups and Previews are CUMULATIVE. That means they contain the parts of the previous updates.For example, lets start with Jan:

Jan 2nd Tues – Jan Rollup contains (Security, non-security, and IE11 parts).
Jan 3rd Tues – Jan Preview contains (Jan Rollup + Feb non-security)
Feb 2nd Tues – Feb Rollup contains Feb Preview (Jan Rollup + Feb non-security) + (Feb security & IE!!). Now you have all the parts of the Jan Rollup + all the parts of the Feb Rollup.

SO, once you have Feb Rollup, you nolonger need Jan Rollup b/c it’s contained in it already. You will no longer see Jan Rollup in Windows Update because you don’t need it anymore. You have all the parts of it in the Feb Rollup.

Now, that works most of the time – except when MS messes up. But if you can see the latest Update, in this case the April Rollup, you are not missing anything because it contains Jan, Feb, and Mar as well.

3 users thanked author for this post.

walker, Elly, geekdom

Reply | Quote

@PKCano:  Thank you so very much for the information.   That is one item I can forget about – – – –  and I appreciate the “in depth” explanation on how these updates “function (or not)” as they do.   “Oh, for the “Good Old Days”!!  You do a wonderful job of keeping us knowledgeable, and making our experiences much easier.   Thank you, again and again.    🙂  🙂

Reply | Quote

I am Group A  (Win7 X64).  After reading about the March debacle, I had installed KB 4099950 on 10 April, by I missed the March security roll-up.  So, my question is:  do I need to uninstall the 10 April KB 4099950 and install KB 4099950 of 17/04, or is it all overtaken by the April security roll-up, which I would install when we get to DEFCON 3.

Appreciate any advice on this.

GeoffB

1 user thanked author for this post.

KarenS

Reply | Quote

GeoffB’s question is the exact same one that I have and would like an answer to. I too am Group A (Win7x64) and am patched with Jan & Feb cumulative rollup patches (did not want to uninstall on two computers). As instructed I also installed KB4100480 and KB4099950 prior to April 17th, 2018 (in that order as per instructions). I did NOT install March’s cumulative rollup patch KB4088875 because it showed up in WU when it was first released but then disappeared never to return. I have NOT installed any April patches yet (waiting for the Defcon level and Woody’s okay). I too want to know if I need to uninstall the original KB4099950 and install the newest version released on April 17th or if it NOT necessary?????????

Reply | Quote

It may not be mandatory, but it is certainly good practice. Install KB4099950 by running the msu version.

1 user thanked author for this post.

walker

Reply | Quote

I’m in Group B running Win 7 64-bit on a home PC. I can’t find the answer to the following query in this thread but I apologise if it is there and I have missed it.

On the 8 April 2018, at MS-DEFCON 3, I installed the March 2018 updates in the following order: KB4099950 > KB4088878 > KB4099467 > KB4100480 > KB4096040. As reported in another thread, others used this sequence as well. If Microsoft is now telling me to uninstall KB4099950 and then install the new version, does that mean that I have to uninstall all the above patches in reverse order back to and including KB4099950, install the new version of KB4099950, and then install all the subsequent patches again?

Reply | Quote

Uninstall KB4099950. Reboot. Download the later version of KB4099950 from the Catalog and install it. Reboot.

Read today’s blog post,

3 users thanked author for this post.

walker, TonyC, Elly

Reply | Quote

Thank you for your reply. However, I would find it interesting to know why, when Microsoft state that KB4099950 should be installed before KB4088878, it would now be alright effectively to install KB4099950 after KB4088878? If the answer is too complex, I’ll just take your word for it.

I am aware of today’s blog, but I don’t know what relevance it has to my question.

Reply | Quote

TonyC wrote:

I would find it interesting to know why, when Microsoft state that KB4099950 should be installed before KB4088878, it would now be alright effectively to install KB4099950 after KB4088878? If the answer is too complex, I’ll just take your word for it.

Suggest you take his (her?) word for it. But, fwiw, short version prbly would go something like this:

KB4099950 was released to address particular issue.

Although initial KB4099950 didn’t install correctly, you got lucky when you installed KB4088878 and didn’t happen to be affected by issue KB4099950 was put out to address.

The purpose of now uninstalling and reinstalling KB4099950 is to ensure underlying issue KB4099950 was released to address is actually fixed on your system.

You don’t have to worry about patch order now because (1) you got lucky earlier and KB4088878 installed earlier without issue, and (2) when you now (re)install KB4099950, system is smart enough to know _not_ to overwrite newer stuff (i.e., system files with new updates/fixes) with older stuff (i.e., system files without newer updates/fixes).

Hope this helps.

6 users thanked author for this post.

Elly, SueW, abbodi86, TonyC, columbia2011, PKCano

Reply | Quote

I’m not sure how meaningful it is to thank an anonymous post, but I have done it anyway! Much appreciated.

Reply | Quote

TonyC wrote:

I’m not sure how meaningful it is to thank an anonymous post, but I have done it anyway! Much appreciated.

It means a great deal, thanks. Happy to hear it helped… 🙂

and +1 to woody (& mods) for continuing to allow (& approve) constructive contributions from anons! 😀

Reply | Quote

I am still so confused on this matter as I didn’t get a clear answer to my question……

I am Group A (Win7x64) and am patched with Jan & Feb cumulative rollup patches (did not want to uninstall on two computers). As instructed I also installed KB4100480 and KB4099950 prior to April 17th, 2018 (in that order as per instructions). I did NOT install March’s cumulative rollup patch KB4088875 because it showed up in WU when it was first released but then disappeared never to return. I have NOT installed any of the April patches yet (waiting for the Defcon level and Woody’s okay). I want to know if I need to uninstall the original KB4099950 and install the newest version released on April 17th or if it NOT necessary?????????

Reply | Quote

As I remember from earlier posts that KB4099950 is already included in KB4093118 (April CU) (Group A) and will be automatically installed. But we are still on Defcon 2 and waiting for @Woody okay!

Reply | Quote

columbia2011 wrote:

As I remember from earlier posts that KB4099950 is already included in KB4093118 (April CU) (Group A) and will be automatically installed. But we are still on Defcon 2 and waiting for @woody okay!

Okay but will the included KB4099950 in KB4093118 (April CU – Group A) supercede the original KB4099950 or does the original need to be uninstalled first???

Reply | Quote

KarenS wrote:

will the included KB4099950 in KB4093118 (April CU – Group A) supercede the original KB4099950 or does the original need to be uninstalled first???

Suggest you uninstall original incorrectly-installed KB4099950.
But then, hmmmm…

_Specific question for abbodi86 (or Susan? or someone with a test system and extra time?)_:

If KarenS, or anyone else in Group A (I’ve seen several folks asking variations on similar theme), uninstalls original incorrectly-installed KB4099950, and then–-when Woody advises-–updates her system per his instructions using the latest/updated version of Win7 monthly rollup KB4093118 via windows update … will the KB4099950 fix then be properly installed?

… or _must_ she (and other Group A folks in her situation), _after_ uninstalling original incorrectly-installed KB4099950, install KB4099950 fix _manually_ (i.e., because of initial blown KB4099950 install), using either _catalog download (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099950)_ or _your vbs script (https://www.askwoody.com/forums/topic/tests-of-kb4099950/#post-185592)_?

5 users thanked author for this post.

abbodi86, columbia2011, Spiral, KarenS

Reply | Quote

The only way for KB4099950 or KB4093118 to fix the SlotPersistentInfo issue is that pci.sys version must be under 6.1.7061.21744

so for summerize:
– if March/April Rollups installed, the user is not experiencing the NIC/Static IP issues, running the vbs script would be enough, just to be sure

– if March/April Rollups installed, the user is experiencing the NIC/Static IP issues, he has two options:
1) unistall updates, reinstall KB4093118 (or KB4099950)
2) run the vbs script, hoepfully it would fix it

– if none of March/April Rollups are installed, then installing KB4093118 will be enough

6 users thanked author for this post.

MrBrian, KarenS, PKCano, ch100, woody, columbia2011

Reply | Quote

abbodi86 wrote:

The only way for KB4099950 or KB4093118 to fix the SlotPersistentInfo issue is that pci.sys version must be under 6.1.7061.21744

Maybe you should explain here for everyone to understand that if the pci.sys version is later than 6.1.7601.21744, then the SlotPersistentInfo value is ignored by pci.sys and thus not modified by KB4099950. This is intended behaviour and not a bug.
If the NIC is uninstalled and later reinstalled, the SlotPersistentInfo is recreated, but ignored by later versions of pci.sys.
KB4099950 is only a temporary hack to get over an unintended side-effect of removing undesired functionality for PCI Express cards until a later version of pci.sys is installed on the system. This was done first in a private hotfix in 2011 and most of those in the virtualisation world are or should be familiar with KB2550978 or later in May 2016 with KB3125574. That undesired functionality is not a Microsoft bug, but a strict implementation of the standard for PCI Express, which become undesired in the context.

2 users thanked author for this post.

abbodi86, MrBrian

Reply | Quote

anonymous wrote:

Specific question for abbodi86 (or Susan? or someone with a test system and extra time?)_: If KarenS, or anyone else in Group A (I’ve seen several folks asking variations on similar theme), uninstalls original incorrectly-installed KB4099950, and then–-when Woody advises-–updates her system per his instructions using the latest/updated version of Win7 monthly rollup KB4093118 via windows update … will the KB4099950 fix then be properly installed? … OR _must_ she (and other Group A folks in her situation), _after_ uninstalling original incorrectly-installed KB4099950, install KB4099950 fix _manually_ (i.e., because of initial blown KB4099950 install), using either _catalog download (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4099950)_ or _your vbs script (https://www.askwoody.com/forums/topic/tests-of-kb4099950/#post-185592)_?

Thank you Anonymous! That is the exact specific question I (and many others) have been trying to find the answer to but it is still unclear!

3 users thanked author for this post.

HiFlyer, Spiral

Reply | Quote