|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates. But after reading this and especially Kevin Beaumont’s tw
[See the full post at: Patch Lady – to patch or not to patch?]
Susan Bradley Patch Lady/Prudent patcher
I have something strange on two of my Win7 computers.
Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed.
I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?
@ PK Cano-
Group B patching… Win 7 Home, 64 bit… and they are all listed for me.
Non-techy Win 10 Pro and Linux Mint experimenter
I’ve been patching Group A, and doing Disk Cleanup once a month.
Have you done Disk Cleanup?
I do disk clean up just before installing the next month’s patches.
Non-techy Win 10 Pro and Linux Mint experimenter
UPDATE
After uninstalling the Feb 2018 Rollup (reboot), the Jan 2018 Rollup (reboot), I was offered the following:
KBs 4054518 (Dec Rollup), 3084135, 3022777, 3076895, 3161958, 3181988, 3092627, 3101722, 2862152, 4011720, and MSRT. One of these goes back as far as 2013.
After rebooting, the computer was up to date with no other updates offered.
Win7 Ultimate x64 Group A patching
@The Surfing Pensioner, I like yourself did not install Jan/Feb/Mar 2018 patches for both W7 Pro x32 and x64 machines albeit both in group A and one system offline. I found the whole issue of meltdown/ spectre et al too panic stricken and uncertain so, went on my gut instinct not to install the security patches.
However, I did on my W8.1 and reverted back to an image from Dec 2017 with relative ease beginning of last week on the news that the MS security fixes in Jan/Feb for the exploit/ hole was actually made worse.
Looks like the updated browser versions with AV updates will help for now without the sacrifice of performance. IMHO the fix outweighs the risk in this case.
If you have installed the Jan and Feb Rollups and you decide not to roll back to Dec 2017. you should install KB 4100480 to mitigate the Total Meltdown vulnerability. Then I would sit tight and wait to see how this plays out.
1709 has had three cumulative updates so far this month.
The last one — which is voluminous — finally fixed the “Delta” bug introduced in January.
I’ve been so busy chasing all the patches this month that I don’t know if there are any additional problems with the three cumulative updates, thus far.
If you uninstall it should put back what it replaced.
Susan Bradley Patch Lady/Prudent patcher
A lot of people here tend to run Disk Cleanup often. In such conditions, there is a good chance that the previous update is no longer present and as such it will not be brought back by uninstalling the later update.
“Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.”
Those who use Disk Cleanup to clean up Windows Updates should note that immediately after doing this, every Windows monthly rollup other than the newest installed Windows monthly rollup will be removed due to component-supersedence. If you then uninstall the newest installed Windows monthly rollup, you will find that no Windows monthly rollups are installed. To install the December 2017 Windows monthly rollup, you’ll have to either hide the March 2018, Feb 2018, and Jan 2018 Windows monthly rollups, or install the December 2017 Windows monthly rollup manually via the Catalog, or use Windows Update MiniTool with “Include superseded” ticked.
Whilst grateful for the advice, my natural inclination is to say that as the Group A updates were successfully installed in January and February, and we are at DefCon 2 for March, with no problems encountered so far this year with my home Windows 7 machines which are running normally, I will sit tight and not start uninstalling updates and reverting to an old position.
“Stability in the hand is worth two threats not yet in the wild”, or something like that!
However, I will keep the situation under review as I read further comments and recommendations.
In trying to assist a friend of mine on his Windows 7 machine, he is currently updated with the last security only, internet explorer & MSRT from February. These were installed Group B style on March 10.
I’m willing to “roll back” the January & February groups. One thing still bothers me about it though. The non-cumulative nature of the “security only” update bundle will require a reinstallation of Jan & Feb at some point. Add the March group to the mix near the end of April or beginning of May (if at all) & this all starts to seem like a vicious circle. Is FUD getting the better of us or is it just another case of “this is the new normal” for M$.
The only alternative I can see for my friend is to hold off on all the usual W7 March updates (including 4100480) hoping for a solution by the next update cycle. Any other considerations missing in my findings?
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
If my reading of the situation at MS is right, then yours might be a really long wait.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Nor me – the Group A mob who have been virtuously installing their monthly rollups are now in a bit of a pickle. What an interesting turn-up for the books!
Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.
Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.
So far, no problems noted. (fingers crossed!)
Caveat: My usage scenario is a relatively simple one.
Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.
Win 7 Pro SP1 64-bit , Group B, updated with security-only patches through Jan & Feb 2018.
Not wanting the hassle of rolling back all three of my Win 7 machines, I just took a flyer and installed the KB4100480 security-only patch – downloaded from the MS catalogue.
Which is how I’ve been spending my Saturday (until now) — getting a passel of Win 7 Pro x64 (and a few Home) machines squared away.
Like yourself, the prospect of rolling every machine back to the December 2017 patch point was singularly unattractive.
Therefore, I installed only the March MSRT, KB4096040 (the March Win 7 IE Cumulative Security Update) and KB4100480 (putting KB4099950 on hold until further word from On High).
So far, nothing untoward to report (and I’ve even left my ‘phone on its hook).
Ok, at least that’s settled. Now all I need to do is figure out whether rolling back or installing KB 4100480 is the better option.
For a Windows 7 x64 user who is current through February, and wants to move forward, not backward, is this the correct patch order?
1. Install KB4099950
2. Install KB4088875
3. Install KB4100480
Looks good.
Thank you!
I’m not going to install anything tonight. The weather has been windy and the power has gone out (briefly) three times. Maybe tomorrow.
No fooling – I did what I said I was going to do and installed these three patches in this order:
1. KB4099950
2. KB4088875
3. KB4100480
So far there are no apparent problems.
I’m on Windows 8.1, but not crowing at all. I really feel for those on Windows 7, because these problems aren’t your fault, they’re Microsoft’s. If this is another scam to con Win 7 users to upgrade to Win 10, then it’s totally wrong. Since Microsoft abandoned Win 8.1 for the enterprise, they don’t care if we upgrade. With more users still on Win 7, they’re a target. I don’t trust Nadella, since he cares about the cloud more than the desktop.
Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...
NASA has, at each center, a team of dedicated IT security people. I have not seen any reports from them, yet, warning about problems such as those mentioned here, or suggesting measures to resolve them. That probably will change, and soon.
I am going to ask around. If that turned up any useful and practical information, I’ll let you know.
Others using Woody’s and working also for, or with (such as myself, as a consultant), similar large organizations, might consider doing the same thing.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
I have something strange on two of my Win7 computers. Looking at the possibility of taking them back to the Dec 2017 patches, I find that the patches listed in”Installed Updates” include Jan and Feb2018 listings, then it skips back to Sep 2017. There are no OCT, Nov, Dec 2017 updates listed. I have done Disk Cleanup each month, but did not expect this. Is anyone else seeing these results?
Same here, KB 4054518 only shows up in WU “View Installed Updates” as having successfully installed, just no mention of it in Programs and Features installed updates. Just confirming your findings as I have read Mr. Brians response below.
I thought I was the only one, LOL.
Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
On two Windows 7 machines I have installed per Windows Update when Defcon was briefly 3:
2018-2 Rollup KB4074598
and
2018-1 Rollup .NET KB4055532
Do I have a memory leak? And do I need to Rollback to December?
Then just install the x64 version of the patch if you so choose. AMD64 is the designation Microsoft uses for almost ALL of their 64 bit patches. They don’t differentiate between AMD and Intel unless the patch is specific to the manufacturer. In other words, if a patch is specific to either AMD or Intel architecture (32 or 64 bit), Microsoft will SAY SO in the patch’s title.
That is what @satrow is trying to explain to you just below this post, and what @PKCano was trying to say in this post above here.
Case in point: When MS earlier this year bricked many older AMD machines with the January patch, they released a patch just for AMD machines and only certain AMD processors. Windows Update was smart enough to figure out which specific AMD processor was on the machine (if any) and offer the AMD-specific patch if it was called for.
Still unsure of what you’re being offered by Windows Update?
Then check out the following link to the patch you might have been ready to install for March, KB4088875, if the current mess for March hadn’t developed: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4088875 and then click on the link that says “2018-03 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088875)”. You’ll notice that in the “Overview” tab, the supported architectures listed are “AMD64, X86”. In other words, ALL x64 and x86 architecture, even though Microsoft doesn’t come out and say it directly.
I sincerely hope this helps clarify things for you.
EDIT html to text – content may not appear as intended
See section “Affected Products” at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038.
I have an x64 Intel chipset in my 7-year old HP, and dare think I am not the only one.
So this should be made very clear. It is not a trivial fact.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Your Intelx64 HP runs exactly the same Windows AMDx64 version as my Intel Ivybridge Xeon and i3’s do, there is no Intelx64 version of Windows.
Lucky me indeed.
The designations are definitely confusing. The way I understand it is that “AMD64” is a nod to the fact that the folks at AMD were the ones who first developed the 64-bit CPU architecture. “AMD64” does not mean that you have an AMD processor in your PC, it means that you have a 64-bit processor (manufactured by whomever) in your PC.
For information as to the company that made the CPU in your computer, you can open your Windows 7 Start Menu, then right-click on “Computer” in the right panel, then left-click on “Properties” in the resulting menu. This will open a new “System” window, where you can visually scan for the line that’s labeled “Processor.” This line will specify whether you have an Intel chip or an AMD chip in your computer.
It may be more than a nod. I have no inside information, but it always read to me as though there was an agreement that made more strenuous action not necessary.
Intel had made their game changing reputation on the 8086. They capitalized on that reputation by continuing to evoke that success in subsequent chip names. Same branding idea that Boeing used with the 7×7 series of airframes.
When AMD came up with their own game changing chip a quarter century later, it was very important to them that everyone know who did it first. I find it possible they did not like the idea of being represented by x64 as if it were some kind of lesser knockoff.
True. And as usual in those days, lawyers were involved. Well, there are always lawyers….
Windows 10 is looking better and better…
That is what Microsoft wants, is higher Windows 10 adoptions rates. Somethings work better, some not…purposely or by mistake.
Group A…I also ran Disk Cleanup and missing the updates in the Add/Remove. I ran Steve Gibson’s InSpectre scan and disabled the Meltdown fix and performance is back. So far everything is running good and I have not installed March updates. I’ve got WU buttoned up and on hold. Should I run KB410080 ?
In the Catalog, you probably should use “2018-03 Security Update for Windows 7 for x64-based Systems (KB4100480)”.
W7 Home x64 Group B, currently up to date thru Feb18, including Oct-Dec17. I did a Disk Cleanup about a week ago. All appears to be operating normally, so I choose not to fix anything with a rollback, despite a vulnerability. I accept the risk. I will continue to sit on Mar until the Defcon goes to 3 or better, which probably won’t happen until after the Apr release. I maintain plenty of patience and strictly adhere to the B methodology. I read the threads daily and send Kudos to the crew, Da Boss has assembled here. Keep it up … you gals and guys are the best!
On a note of levity courtesy of Laurel and Hardy:
“Well, here’s another nice mess you’ve gotten me into Sattya”
Sadly it’s not a joke
I know. that’s exactly the reason why i wait regarding installation of this update.
i’m patching only once per month, as soon defcon 3 is active, do reboots necessary due to patching.
There is a lot more confusion added to the advise when there is no specific reference to what architecture is being talked about. Just stating ‘Windows 7’ gives the impression that both are equally affected and the advise applies to both. I urge everyone to add 64 or 32 after Windows 7 to avoid this confusion. The problems and remedies are, at times, different.
It would also be helpful when referring to monthly updates as either the rollup or the security-only update. Using just KB numbers works if the reader is familiar with that KB, otherwise it is not. With more KBs arriving at random (mostly for W7/64), the complexity has increased.
By no means is this a complaint. It is just a suggestion.
Everyone is trying to understand the situation, see what they should or should not do, and stay aware. We need as much clarity as we can muster right now or systems will get messed up unintentionally. Windows 7/64 and 32 may be in more trouble than Microsoft is owning up to.
Before anyone here goes ahead with the advice to install KB4100480, and unless if offered to your machine by Windows Updates, or shows up when doing a search for updates, my suggestion is to:
HOLD ON.
In the Catalogue page for KB4100480 it says that it is for machines with AMD64 architectures.
In response to my posting about this, and whether it really applies to Intel x64 machines like my own, I have got back, so far:
(1) A way-to terse-answer from PKCano.
(2) A series of postings to the effect that Intel x64 architecture is the same as AMD64, with references to Web pages that, in fact, indicate that they are similar, not identical. Is that good enough? Unclear, at this point.
So, at least for myself, until this is made crystal clear, with a sufficiently long and well-referenced explanation, I am not removing or adding any updates, something that could bring along problematic side-effects.
Of course, what you’ll do, is up to you.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
There may well be physical differences between 64 bit chips made by AMD and those made by Intel, just as there are between different generations of 64 bit Intel chips. But when used in referring to the Windows operating system ‘amd64’ means 64 bit operating system regardless of whether the chip was made by AMD or by Intel. It is confusing, but to the best of my knowledge that’s what the terminology means. So as long as you pick the 64 bit patches you should be OK – at least to the extent that the patches are OK to begin with, but that’s why Woody has the Defcon system.
That is a reference to my alternate unofficial instructions for updating Windows 7 and 8.1.
I have to ask; With all its experience and resources, is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design. And that is unacceptable, to support a company with such low ethical standards.
Given the context this is happening in, MS pushing Win 10 so hard, and the standard business model these days is more often than not deception (of the customer) rather than respect, it looks like one (brutal and dishonest) tactic to get people off Win 7 and onto Win 10.
I don’t want Win 10, the ever mutating OS – so I’ll stick with Win 7 until I figure out Linux. Maybe some other OS is on the horizon? Anyway, I’m done with MS as soon as it’s practicable.
is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design
Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time.
🙂
Personally, I cannot buy the “human error” or “unintended consequences” line because of GWX. It was malicious and it was most certainly intentional design 100%. After that, I can’t go along with anything being unintentional or by human error. They showed their hands with GWX which never really ended at all.
Disbanding their Windows team feels like a child throwing a temper tantrum after not being able to get his/her way. Windows 10 has failed despite all their efforts. Not even giving it away for free was enough to offset all of it’s shortcomings. It means they have given up on Windows which was already sabotaged when they got rid of their QA testing team. All of this was by design. They had to have known all these problems would arise without a testing team to make sure these patches were ready and so I cannot consider the consequences of those actions as being “unintended” at all. They knew what they were doing and what the consequences would be just like the rest of us did when we heard of it.
Cut costs to increase profits and who cares about the consequences. That’s called capitalism, something I’m not so sure is a good thing anymore.
AJNorth above, Agreed
Sessh, Agree with you on MS.
But if you go back in history greed not actually capitalism is the culprit. In the 1800’s and in the early 1900’s people with large companies ran everything. Teddy Roosevelt was one that passed anti-trust laws to stop this greed an control. It may be needed again, to review what is proper business practice and what is anti-trust or in this case, not trustworthy.
It has been reported (someone also posted that here, at Woody’s, a few days ago) that Nadella has announced that MS is going to concentrate now on AI and Cloud services, so it is cutting the Windows’ engineering staff in half by moving 50% to work on those other projects. Not a word about improving the support for Windows, or any recent problems that require greater attention.
Given that, staying with Windows 7, Windows 8.1, or moving on to Windows 10 and staying always current with its latest system upgrade, should make little difference when it comes to the patching problems that have been cropping up with such alarming frequency for some time now. It seems like a good bet to assume that they will continue to be with us for the foreseeable future. Or at least for however long Nadella and those who agree with him stay in charge of running MS.
Being Group B is what one does to have at least some control of one’s own work while using Windows.
Question is: for how much longer will still be wise to do that?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
If MS was an airplane or automotive manufacturer, this kind of incompetence (or whatever it is) would cause the NTSB to look at revoking the type approval certificates. Long ago.
is MS incompetent? Because if they are not, and if you accept they are not, then this mess can only be by design
Between the extremes of incompetence & intentional design would rest other possibilities, such as human error or unintended consequences… Yes, they should have checked, checked and checked again, before issuing anything, but human error can affect us all, at any time.
Perhaps, but this is happening every month now, how long can Microsoft hide behind being incompetent and stupid? Maybe they are totally incompetent but it’s still not acceptable
“This needs to be the exception, not the rule!”
But this is now the rule, not the exception. In fact this ‘new’ rule is becoming embedded. Before long people will be accepting this new norm. It seems some people already are.
Kirsty,
Yes, absolutely, there is another explanation:
Nadella and his people now think that supporting an old-fashioned, not cool anymore, activity such as maintaining the Windows OS as a working tool is not really what they ought to be doing anymore.
“Dear user of Windows, my very good man, woman, person, it, whatever: the world has moved on. Time for MS to move along with it.”
“But, wait! How about the agreement to maintain those systems, keeping them safe and stable until their appointed end of life?”
“Whaaat? I can’t hear you. Speak in proper Cool, like me, or stop wasting my time.”
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Win7 Home Premium 64-bit.
Intel i7-3770.
Stand-alone (non-networked) PC.
A proud member of Group B since 2016.
Updated thru February.
Four hours ago I sucked it up and installed KB4100480, because I know it pains Susan to watch us uninstall updates. Or perhaps that wasn’t the reason. In any case, the install/reboot went smoothly, and I’ve been using various programs since, and all seems normal.
And that is the only update I’ve installed since installing the February Group B updates on March 5th.
I’ve seen this behavior before. It’s one of the reasons that I recommend to use Disk Cleanup of Windows updates (followed by a restart, where the cleanup happens) only immediately before checking for Windows Updates.
DennyC there have been times that we have run Disk Cleanup, windows update files and old Windows Versions and the reboot took up to 45 minutes to complete.
We too, got worried but we left it alone and it finally made it to the Desktop.
If you do try again, make sure you do have a good registry restore point, do the Disk Cleanup and when it reboots, leave it alone for an hour. If no good then you have some issues with Windows and may want to run SFC system file checker or maybe the Windows Update Readiness Tool.
Below are the URLs and one is even from DELL with suggestions/help.
System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [October 2014]
https://www.microsoft.com/en-us/download/details.aspx?id=20858
Fix Windows Update errors by using the DISM or System Update Readiness tool
https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness
Look for: For Windows 7, Windows Vista, Windows Server 2008 R2 or Windows Server 2008
Repairing Windows Update Issues with the System Update Readiness Tool (CheckSUR)
http://www.dell.com/support/article/us/en/19/sln285523/repairing-windows-update-issues-with-the-system-update-readiness-tool-checksur-?lang=en
Hope this helps. Keep us Posted!
Susan, does this apply to 32 bit??? My beloved little netbook has Win 7 starter sp1, Intel atom, 32 bit. Jan and Feb rollups both applied. Bit of a technophobe so uninstalling isn’t a road I’d like to travel.
If things don’t improve for March is it ok to skip a month and wait for April? Any help much appreciated.
To the best of my knowledge, no, this should not apply to 32 bit Windows 7.
The KB4100480 emergency security update for the Total Meltdown flaw is for 64 bit Windows 7 only and does not apply to 32 bit systems. Your 32 bit system is not vulnerable to it.
And as 32 bit Windows 7 systems only start receiving Meltdown “fixes” beginning with the March rollup or security-only update, your system has not received these fixes anyway. (Meltdown “fixes” were delivered to 64 bit Windows 7 systems starting in January and so 64 bit Windows 7 systems that had any of the January / February / March rollups installed were susceptible to the Total Meltdown flaw.)
Hope for the best. Prepare for the worst.
(Edit: 5 minutes late getting a quick reply in, time to retire this 2009 netbook?)
Retire from MS windows maybe but you can just stick an LXDE hybrid OS on it and use it for surfing (limits due to hardware within), done that years ago with a 2010 netbook. Also runs WinXP offline nicely with integrated SATA drivers within the ISO.
back on topic..
If you follow my “install it or hide it” general update advice for Windows 7 and 8.1, you should hide the updates that you won’t install now.
Perhaps update your update advice to mention why one should hide updates which they do not wish to install? The reason of course being that newer updates might not show up in WU if WU presently is showing updates which have not been hidden.
Things to keep in mind — when you see AMD64 it means both an AMD and an Intel 64 bit support. AMD actually invented the 64 bit platform first, but bottom line if you see AMD64 it is applicable to both and AMD or an Intel system.
Susan Bradley Patch Lady/Prudent patcher
Ah, I remember the AMD Opteron CPUs. We skipped that since at the time we had three computers which used AMD Athlons which had the large vertical heat sinks and fans and which were serving us very well. You bring back memories for me. The three computers with the Athlons survived a direct lightning strike to a power pole which was roughly 200 feet from the house. I say “survived” since the only things which had to be replaced were the power supplies for those computers. The other two Intel computers completely fried — power supplies fried, motherboards fried, the CPUs fried, and the serial ports fried.
Back down memory lane, I had an AMD K6-2 300 MHz CPU in which the CPU fan completely died. Did the CPU cook? No, it did not since it properly monitored its thermals. I replaced the CPU fan and that K6 CPU hummed along for around another year before I decided to replace it first with a K6 450 MHz CPU and finally with a K6 550 MHz CPU. Ah, the good old days were when Microsoft actually cared about its customers and released Windows XP updates which were fully vetted by the no longer existent Windows Update Quality Assurance Team.
Those were the good old days in the sense that I never had to worry about installing any Windows Updates. This, sadly, has been what has been lost under Nadella — trust that Windows Updates will not cause anything from minor to extremely serious issues after installing Windows Updates. It is what it is, and this is apparently the way that Nadella likes it — perhaps to support his delusional idea to investors that Windows is no longer relevant to Microsoft’s bottom line in which Nadella has banked absolutely everything on the Cloud? If I was an investor in Microsoft, I would and should be taking a really deep and hard look into this scenario since all prudent investors should know that it is unwise to put all of one’s eggs into one basket — let alone into a company which extols only one single path forward. Yet this is nothing more than my personal opinion and for what it is worth.
Looking at the most recent commentary on the Web from various specialized publications, including financial ones investors are likely to read, I have found only fan-boy type raves admiring Nadella’s vision and rapturously fawning interviews of the man himself. What gives?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
The financial press is both oriented toward short-term performance (of the kind you get from milking a dying franchise) and sucked in by the promises of tech. Not surprisingly, many investors, particularly the big institutional ones and hedge funds, also fit this description.
In the articles that appeared a few days ago concerning Microsoft’s de-emphasizing Windows, the spin was to explain this as an effort to redeploy resources into the company’s “fast-growing” cloud initiatives. I didn’t see anyone asking whether products like Edge have been successful; instead, writers simply apply a credulous belief in tech. It’s practically a cliche to have tech companies that haven’t made a profit and in many cases don’t seem to have a clear plan to do so, yet are valued by credulous investors at billions of dollars. Satya Nadella fits right in.
“It’s easier to fool people than to convince them they have been fooled.”
~~ Mark Twain
A data point for Win 7 Pro SP1 x64 Group B current through February patches.
Just installed KB4100480. no apparent issues or drama, normal restart, no detectable slowdown (although I’m not a ‘heavy’ or ‘intensive’ user by any means).
Regarding the hangup, here are two options:
1. When it is obvious that the computer has hung after displaying Configured 100%, try typing Ctrl-Alt-Delete. For some updates in which an additional update needs to also be configured, this will cause the additional update to also be configured, and you should fairly quickly see the logon screen.
2. If #1 didn’t work and after the computer is obviously hung, wait five minutes and watch the disk activity light for your hard drive. If you see that the disk activity light is blinking only once every 1 or 2 seconds, press the reset button on your computer to force a reboot. After rebooting, you probably will see a message about configuring updates. Do not be alarmed if this message displays an update number which is in the thousands, since the update number is related to the core build of Windows and not any Windows Update itself. Your computer will now be past the hung update and will then install whatever additional updates which you had wanted to install. You should see a progress screen for these additional updates, and then see your login screen.
If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update. Accomplishing this is beyond my expertise. Yet there are experts here who can help you. I suggest that you register with this web site so that you can then get the help that you need.
“If either of the above doesn’t work, then we have to figure out what update keeps trying to reinstall on reboot, and then eradicate that flawed update”
Getting out of a no-boot situation after installing Windows updates
Stand-alone Win7 Pro SP1 x64 Haswell Group B here. All 2000003 security and IE updates installed till February.
After succesfully and unproblematically installing Mar 2018 (IE11) KB 4089187 (and reading all the do’s and don’ts and maybe’s here), I took the plunge and installed KB 4100480 as well today. Didn’t want to roll back.
All seems fine.
Happy Easter!
KB4033342 is the .NET 4.7.1 installer. If it’s UNCHECKED – leave it alone. We don’t install un ticked updates.
Disk Cleanup is part of Win7 and is already on your computer.
Not.
Just spent the afternoon putting up the walls around my wife’s computer, a Lenovo Yoga Book. This computer is not a beast – it’s a lightweight. Got it for her to read her Nook books, Pinterest, Facebook, Gmail, and light surfing. She uses Word 2013. It’s WinX-1607, mercifully.
Windows Update had brought the machine to its knees. The machine was basically useless. So, up go the walls. The MS cure is much, much worse than the disease.
Turned off Windows Update Service. Stopped and Disabled it. Rebooted.
Removed 4023057 by uninstalling it. Removed MS Update Assistant – how’d that thing get on my computer?!
Ran WUSHOWHIDE. Hid everything except malware removal tool and Windows Defender updates. Installed Spybot Anti-Beacon. Blocked everything with that aging utility. Ran Defender Quick Scan – nothing – as expected.
Did everything I could to block MS from altering my wife’s computer. Bad MS. Bad.
An hour after turning the machine back to my wife she comes up and plants a big one on my lips and says ‘Thanks User Support Guy!’. The machine is useful once again. Guess I still got a little magic the girl fancies.
Poor, poor MS. I watched IBM diminish years ago and wondered how such a massive organization with lots or really smart folks could miss the mark so wide. Now to watch MS do it again makes me wonder if some PhD candidate in suicidal tendencies of large American corporations should pick the on-going demise of MS as a dissertation subject. Just saying.
Thanks Patch Lady & Woody.
If it has reached the stage where Susan Bradley is worrying about this, (meant as a compliment), then MS has a serious problem, whatever the reason for it.
This is a company in the business of causing trauma to its users, even if not by design.
I recall reading here long ago, I think it was Woody, who said that you can run a Windows computer without updating for around 9 months without panicking…(The latest fiasco with 4GB memory leaks is unbelievable). If you feel up to it, go group W after following her advice, and if you can, seriously consider alternative operating systems. It starts to get ridiculous just trying to figure out what you do and don’t need anyway. Does anyone have the time to just user their computer instead of this patching angst (even when it works?)? Just an opinion. If there is some ultra Meltdown/Spectre exploit reported, then yes, you have to patch.
If you are wanting to roll back:
Uninstall Jan Rollup for Windows, reboot, wait 15 minutes after login, run search for updates.
Hide any Rollup for Windows later than Dec 2017 and re-run scan for updates until you are offered the Dec 2017 Rollup.
Install the Dec Rollup and whatever old individual Windows patches that are offered checked by default.
Yep, that is the way to do it. Except I would add, wait 15 minutes after you have logged onto Windows since a lot of stuff is delayed until the user actually logs onto Windows.
My experience since following Win7 X64 Group B for Jan-Feb has been a slowly deteriorating environment on my single PC.
For some reason Unzipping files using 7zip began taking two steps longer, you could see that the program was stalling trying to write the uncompressed data to my SSD.
The same issue started when copying files from my Raid Array HDD to the SSD. The copy would stall and then the copying files popup window would come up and slowly chunk through the copy until complete.
I was seriously worrying that I had the start of SSD failure (several years old but health and SMART check ok with plenty of over-provisioning and space available).
I decided to roll back after seeing this post, just to check. And now file copies are back to instantaneous.
Miss Susan, you have saved me much stress and costs, Thank You!
Windows 10 is looking better and better
What’s to like about Windows 10?
My support of (other than my own) computers has purposely dwindled from an unbelievable number to 3 desktop and 1 laptop Win7 plus 1 desktop and 1 laptop Win10 1703. I couldn’t keep up the large number OS supports and moderate too.
So here are some of my observations:
Two of the Win7 desktops are “Joe” users. They both have Jan and Feb Rollups installed, neither are being offered the Mar Rollup in WU. I had them stand pat – installing only MSRT and Office. Hid .NET 4.7.1 installer.
I thought about having them install KB 4100408, but since neither are big computer users, decided to wait.
The other desktop and laptop are my son’s. They also have Jan and Feb Rollups installed. He has a metal-working business. On his desktop (Dell XPS 27″ all-in-one quad core i7, 16GB RAM 4-5 yrs old) he usually has multiple DesignCad drawings, multiple large .PDFs, QuickBooks, and Chrome open at the same time. He has seen a HUGE slowdown in the computer lately – reports circle going around, long page loads, etc.
For him, I am considering the rollback to Dec. 2017. See if it relieves some of the resource loss. At the same time I’m considering long term effects of rollback on the integrity of the OS, considering MS’s problems with supersedence.
If I do this I am also considering doing the standalone IE11 CUs monthly to keep IE up to date, though he uses only Chrome. The security-only patches seem to have the same problems as the Rollups, so they’re out.
————-
Have managed to keep both the Win10 1703 Pros on 1703 by finagling. Feature updates set 365, quality updates set at 0, no pause. GP: WU Automatic = 2 notify download & install, Download set to 99 simple (no peering). Connected Customer Experience and Telemetry Service – Disabled (keeps turning back on). Tasks: All under Application Experience, Autochk, and CEIP Disabled (some turn back on). Tasks under Update Orchestrator – two USO, sched scan, Refresh settings, MusUx Disabled (some keep turning back on).
Have found that I can’t get rid of KB 4023057 from the WU queue with wushowhide unless I disable the sih and sihboot Tasks under WU then run Disk Cleanup and reboot immediately before wushowhide. Only then can I hide KB 4023057 using wushowhide and have it is out of the WU queue so I can install just the CU update.
Have had to uninstall KB 4023057 and delete the Windows\updateassistantv2 folder on occasion.
Both are still on latest build of 1703 (966), but I dread the emergency call from the office manager saying an upgrade is in progress or the machine is borked.
Sometimes i’m facing a black screen when i restart windows.
Here are 2 screen shots of what showed up in Windows Update this morning. I am surprised that EVERYTHING is checked. I have downloaded and installed NOTHING from this list, just letting all know what I got this morning. I’m tempted to hide all of them, but, will wait for defcon numbers to change and MAYBE install some.
Dave
UPDATE UPDATE UPDATE KB 4096040
KB 4096040 has been added to AKB2000003 for Group B.
KB 4096040 replaces the March 2018 IE11 Cumulative Update for IE11 (KB 4089187) and fixes the “IE11 doesn’t start after installing KB 4088187” error.
If people installed the original patch and don’t have a problem, then it probably not necessary that they install the patch with the fix. If they don’t have a problem, I don’t want them to think they have to uninstall. I bolded the fact that it was a replacement, so anyone installing from now on will know.
The fixes will be included in the April Cumulative Update, out in less than a week.
This message chain has taken a few detours, and many side discussions are being carried on. I’m a Group B updater, who has installed the Security only updates from January and February. I’m considering following Susan’s suggestion to uninstall these Security updates, and then holding off on the March Security Only update until such time as Microsoft gets it right. I have two computers – both Macs running Bootcamp, one of which is 64 bit Windows 7 Pro SP1, the other 32 bit Windows 7 Pro Sp1.
For the sake of clarity, can I please get confirmation before I do the following:
Uninstall KB4056897 (Jan. Security Only)
Uninstall KB4073578 (fix for unbootable AMD computers, which I installed “just in case”)
Uninstall KB4074587 (Feb. Security Only)
Install KB4100480 (the Meltdown/Spectre quick fix to forestall the issues introduced by the Jan. and Feb. Security patches) on my 64 bit machine, only if it is offered in Windows Update.
Install KB4096040 (the updated IE11 Security Patch for March)
And then hide any Rollups, Previews or other unchecked or optional updates offered by Windows Update. Plan to hold off on installing any MS Security Updates for the foreseeable future, until such time as Woody and Susan deem them safe.
Is this a suitable plan?
Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater
If at any time you are offered KB 4099950 checked, go ahead and install it. Otherwise that looks OK.
Thanks to everyone on this site – you’ve all been very helpful.
I writing this post on Monday April 9, in the waning hours before the April Updates are released, in the hope that my experience may help others.
As mentioned above, I have two Windows 7 SP1 Pro machines, both Macs running Bootcamp. One installation, on a 2012 Mac Mini is 64 bit, the other is on a MacBook Pro from 2007, and is 32 bit. The process was the same on both machines.
Everything appears to be running smoothly – and the 64 bit machine feels a little snappier.
Just in case they become unavailable, I downloaded the Jan., and Feb. updaters for what was uninstalled, above, as well as KB4088878 (March Security Only), and KB4096040 (the IE11 Security update I installed above, just in case), and stored them in a folder (but didn’t install any of them). I tried to download KB4099959 (the Total Meltdown patch I hid in Windows Update above, but found that DuckDuckGo couldn’t find the page, and when I searched using Google, the page from the Windows Update Catalogue wouldn’t load (blank page instead). If I want to install it, I’ll have to un-hide it in W.U.
So I’m back to where I was at the end of December 2017, more or less – Happy New Year Everyone!
Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater
I will admit a touch of jealousy. Two months ago I would have judged you reasonably cautious. One month ago, unreasonably over-cautious. Now you have an enviable condition. Such is the evolution in this changing landscape. When in fact, what has really changed is our new understanding of what we didn’t know before.
I remember Woody’s New Year’s Eve post reminding us of the value in an image dated 31DEC2017. And while I will very likely install KB4100480, as a personal choice, I see rolling back as also very reasonable. There on my shelf is an image that would make me just like amraybt. It will be there if I need it, I suppose.
My Group B strategy has been to wait 2-3 months then catch up with the security-only and latest IE cumulative updates whenever the dust settles (e.g. during a relatively calm month with few or even no widely reported issues). I’m updated through Dec 2017 on both systems, but it feels like MS is really trying to push myself and others to Group W. I’m glad I waited to see how things would go since the mess that began in January.
Group B, like you.
After I became aware of the Total Meltdown flaw that Microsoft introduced with their Meltdown “fixes”, I have restored ALL my systems running Windows 7 x64 back to (or stopped patching beyond) the December 2017 patch level (4 used by me and several others used by family members), using system images prepared before by Acronis True Image.
For me, the decision is simple. If Group B is no longer viable then I will simply stop patching. For now I shall stop patching the Windows 7 systems until I am satisfied that the mess has been resolved. If the mess is not resolved to my satisfaction, then those systems will remain at the December 2017 patch level, effectively becoming Group W. And by stopping patching there is the additional benefit of no performance degradation.
But I can’t stop wondering : How can Microsoft be so incompetent? How can security update(s) supposed to fix security vulnerabilities make our systems even more insecure? Is this another attempt by Microsoft to “persuade” Windows 7 users like us to “upgrade” to Windows 10 by degrading the Windows 7 experience?
Hope for the best. Prepare for the worst.
Too late. Ran that peculiar gauntlet before I ever met you. 😉
Guess I did word that like an easy set-up, well turned. And I agree with your recap as well. I also think many approaches fit many people. It is the increasing disorder that causes concern. Everything indicates that rolling back by uninstall should go smoothly. But your refreshingly lighthearted description caused a smile. And gave me an opportunity to point out that even if that goes wrong having a year end full image with more recent data files backup can make a very bad day into a much simpler recovery.
That comforting thought is what makes it possible for me to go forward with choices where I really do not know what might happen next.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
