Patch Tuesday not dire – quick recap

Topic

New Reply

Microsoft has released 14 security bulletins. According to the SANS Internet Storm Center, only two of the bulletins involve exploits that are current
[See the full post at: Patch Tuesday not dire – quick recap]

Reply | Quote

Replies

There is another patch Tuesday today. The iOS10 release for older phones.
I updated 2 iPhone5S and the experience with upgrading the OS is very much like from Windows 7 to Windows 10.
No, I am joking 🙂
About the experience, I did the update and it went as smooth as anyone would like it for Windows and a lot better.

Reply | Quote

Woody, Windows 7 has IIS with limited functionality (if installed, it is not there by default), mostly for the developers use, when they don’t have a full server available.
I think the DHE key upgrade is for them to be consistent with Windows 2008 R2. When the time comes, if the patch is reliable and if it is offered without IIS installed, should probably be OK to install.
If anyone is interested in this sort of stuff, check this site https://www.ssllabs.com/ which sets the standards for server ratings and has in detail documentation.
Woody’s https://askwoody.com has an “impossible” to achieve A+ 🙂
A- is generally accepted as OK, while Ask Woody is rated at maximum, 2 notches higher.

Reply | Quote

AWWWWRIGHT! Now let’s see what I do wrong to break it….

Reply | Quote

Like I mentioned on the other post, it’s not only 2008 Servet that got the KB3172605 re-run, since I got it as well on my W7 Pro x64 system… Now wondering what has changed… Perhaps some correcting of it’s previously known Intel BT animosities…

Can only hope the changes do not mean bundled crap with it…

Reply | Quote

any idea why KB3187022 hasn’t been released on WU (the patch that fixes the printing bug)? I’m not getting it on my PCs…

Reply | Quote

Also confusing is that MS16-106 has 3185911 replacing 3177725. But what if you installed the standalone fix for 3177725’s problems that was offered by 3187022? Now what?

Reply | Quote

@woody: Windows Update was offering me KB3172605 as a RECOMMENDED update, even for normal Windows 7 SP1 x64 systems, not just for Windows Server 2008 R2 systems. It looks like a “re-released” version of KB3172605 since WU was still offering it while I had the “original” KB3172605 update installed back in late July.

The KB3187022 fix that resolves those “printing” problems in late August is no longer needed as the KB3185911 user32.dll+win32k.sys update supersedes & includes the fix.

Reply | Quote

This has to be the longest i’ve waited for updates to show up so far. Well over 4 hours and counting… Next month there will be no individual speed-up patch to install before the others since it’ll be bundled in with the rollup.

Reply | Quote

Do you need it?
That patch is for limited release, because those printer manufacturers who released drivers which do not work anymore, have probably not used the published specifications and need to catch up and release new drivers. Even Intel did this with their Bluetooth driver.
A patch which is not on Windows Update should not even be considered official by most users.

Reply | Quote

The safest thing is to uninstall the unofficial patch.

Reply | Quote

well i was going heave a big sigh of relief that “trauma tuesday” is over for another month but not so fast!! win 7×86 downloaded ie11 update seems to have flagged all favourites as unknown files (yep including you Woody!) they still open but its now a 2 step process 🙁 win10x64(VHD) 1607 went in without a whimper but now the store wont let me sign in to download individual free apps (i’ll be dammed if i am going over to a full blown M$ account wondering if this is a sign of things to come??) win10x64 1511 kb3189866 no worries except that and kb3161102 & kb3181403 and a few office2016, adobe flash some misc sec. updates amounted to just over an hour to install. Still got win7x64 & win8.1×64 to go, i am almost to scrared to look they are set on ask d/load etc hoping everybody elses “trauma tuesday was less eventful 🙂

Reply | Quote

So can you make a list of what updates are safe to install and what ones are not-like:

Install:

Not Install:

That way it simplifies so that wya it helps people know what to do.

Also any word on a speedup for windows update?

Reply | Quote

Woody do you know which update is the security update for Windows kernel-mode drivers for september?

Reply | Quote

Once again…. very long wait…. until today, only took 5 min to “Check for updates”

Checked at Dalia’s site (http://wu.krelay.de/en/2016-09.htm) and he’s updated his list with KB3185911 (MS Graphic Components) replacing last month’s KB3177725 at the top of his list

Reply | Quote

Hi Woody
For some reson I have not received any ‘important’ updates this month so no security patches. Just 15 optional updates came through.

Reply | Quote

After manually installing KB 3185911, it only took 4 mins for my Win7 machine to check for updates! JOY

Reply | Quote

So It seems like usual (every other month since april) my Win 7 is now infinitely searching for updates, this time Sept 13th 2016. I usually drop in here when this happens and find the patch I need to install to correct this and be safe for another two months.

So far though no word, does anyone have any clues for this month?

Reply | Quote

How it’s released by Microsoft if it’s Unofficial 😀

@Eric
3185911 replaces both 3177725 & 3187022
so the printing fix is included in 3185911

Reply | Quote

The revised version of KB3172605 is updated to contain whatever KB3175024 have, plus the same components that KB3172605 have from June/July

Reply | Quote

It’s not in my nature to rely on others but I’ll make an exception when it comes to Woody’s words concerning at this time September 2016 Patch Tuesday :

“As long as you aren’t running IE 11, I don’t see any reason to hurry up with the patches.”

OK. Made me save time and bother. Many thanks (cumulative thanks!).
Have a nice day, week, month, you and you and everybody.

Reply | Quote

Hello Everyone,

I have been doing a little PC Cleaning and was wondering if someone could give me some feedback on what to do with these recent updates and with several ones that have been hidden.

Recent: 3175024, 3177186, 3184122, and 3185911

Past/Hidden; 3170455, 3172605, 3168965, and 2952664

I am using IE11, Win7 64 bit. I also have been using the GWX panel.

Thank you for any insight you can give me,

Sincerely, Robert

Reply | Quote

Standalone install:
Version 1511 (Build 10586.589)
Note: lost save-video.mp4 back in late July
Updates & Security: Windows Update
Update for Windows 10 Version 1511 (KB3150513) Waiting Updates are available.
Feature update to Windows 10, version 1607
Note: water mark removed they fixed it 🙂

1 user thanked author for this post.

Reply | Quote

Try manually installing KB 3185911 – that’s the “magic patch” for this month.

Reply | Quote

Relax. We’re still at MS-DEFCON 2. Nothing important is lurking.

Reply | Quote

Weird. I’m having trouble connecting to Dalai’s site.

Maybe it’s been overwhelmed by the traffic?

Reply | Quote

The speed-up patch is KB3185911

Reply | Quote

We’re still at MS-DEFCON 2. After the patches have had time to age a bit, I’ll come up with the list.

Reply | Quote

@Woody,

You know what the irony is here?

After all these months of long searches for updates and the aggravation and pain associated with it, we’ve finally figured out how to make each month pretty much painless with the speed up patch.
Really, between AskWoody and krelay, you download the standalone, stop WU service, install and for the next month the auto check for updates is like lightning. So, MS decides to now fix what we’ve already fixed. When it was truly broken, they had no interest in fixing it. Smart people had to create a hack to fix the problem. Now, MS wants to help us when we don’t need their help.

Makes sense, no? Why would MS want their users to be free of pain?

Reply | Quote

Woody,

I’m going to hold off on ANY of the “Recommended” updates for a while. Even the “Magic” fix for update speed. This morning it only took 2 minutes to search and find the 6 “Recommended” and 1 “Optional” update. I see no reason for any of them at this time. Please correct me if I’m wrong.

Dave

Reply | Quote

I mean “unofficial” for end-users. The Catalog is not supposed to be used or needed by end-users.

Reply | Quote

Megan, they all appear to be “safe” in the sense that none causes major crashes, BSOD, bricking the machine.
However it is better to wait for Woody, as otherwise if Microsoft finds issues with one or another of the patches which happens sometimes, those patches get retired and then you would have to uninstall the offending patches to avoid further issues. Too much trouble.

Reply | Quote

You have to use only Internet Explorer to connect 🙂

Reply | Quote

Did M$ slip something through the net while I wasn’t looking to enable Windows 8.1 to display ads of the lock screen?

I haven’t seen any since I scrutinize every patch which gets shunted down the WU update chute with a fine toothcomb.

But I noticed one of the updates is KB3178539 which is described as, quote: “The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen”.

For “web content” I assume they mean ads.

I haven’t installed it (yet) since doing so might introduce a vulnerability which doesn’t exist yet.

Here’s the KB article: https://support.microsoft.com/en-us/kb/3178539

Reply | Quote

You’re right. It normally takes weeks to shake out all the bugs. Since none of the patches cures a problem that’s being actively exploited, you should just sit back and whistle a merry tune.

Reply | Quote

@abbodi86 & @Woody:

I just posted a question regarding this update on the “Defcon 3, post gingerly blog”. Just found this new blog or would have posted here.

I installed it on September 11th (successfully), and now it is appearing listed as “OPTIONAL”, NOT checked, and italicized.

Left a question for Woody on that blog.

Need guidance on this one (29.2 MB),

Reply | Quote

Hmmmmm… Something’s fishy….

Reply | Quote

Windows 7 sp1

Tried updating! BIG MISTAKE

Sept updates causes system to freeze…update stops and computer must be reboot by removing battery.

NO MORE UPDATES FROM MICROSOFT

They just don’t know what they are doing and I am spending all my time trying to keep my system running smoothly!

Reply | Quote

@Woody: Could you please post instructions on how to “manually install” this KB3185911?

I don’t have the instructions for the “manually install”. My apologies for not being able to find the instructions.

Thank you once again, for all of your help. 🙂

Reply | Quote

Thanks Woody.

1 user thanked author for this post.

Reply | Quote

Alright and when you install it it’ll speed up windows update?

Reply | Quote

This might be the month I just end all Windows updates on my computer…

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

I’m sitting on 5 Optional patches for Sept…….
on my Win7 machine….they were all there before, but have been republished as of ‘yesterday’ meaning 13th Sept. with the exception of one of the Windows Journal patches from last month. They are all italic and unchecked.
Also included is KB3179573…. which you state is now recommended…….. but that doesn’t seem to be the case for me as it is still italic and unchecked and published as I said on the 13thSept.

My plan for future updates from October onwards is to protect myself from telemetry/snooping basically and of course dodgy updates that cause mayhem…and all the ad bashing as per Win10…. so guess I’m in Group B. I would rather not have alot of optional updates sitting in WU because I’ve not installed them…. which would be the case if because we are doubtful of what has been included in the forthcoming system of updating. At the moment both my husbands (Win8.1) and my (Win7) machines are working well… downloading/updating is pretty minimal in time….
so I’m thinking that perhaps rather than have WU “to check for updates but let me choose whether to
download and install” that I should have “NEVER check for updates”… and then check myself monthly as per your advice… and that way would eliminate a growing list of optional updates that I would rather not install. Am I thinking correctly here…….. or have I misread it all.
Any thoughts would be gratefully received!
Many thanks! LT

Reply | Quote

@ EP,

Why would you think KB3185911 fixes the printing issue? It appears to be related to a vulnerability in the graphics component: https://support.microsoft.com/en-us/kb/3185911

(Maybe you know something I don’t).

Reply | Quote

You realize that beginning in Oct we won’t have the luxury of a speed up patch. It will be embedded in the GLOB and we won’t be able to download and install it separately.

Wonder if MS will fix WU only for the “Whole Glob” installers and not for the “Security-only Glob” installers. That would fit their current mindset.

Reply | Quote

It says “unintended web content” if you read the whole thing – must mean whatever MS doesn’t intend.

And, yeah, now MS can install whatever they want on your PC – ads, CrApps, telemetry….
You shouldn’t be surprised!

Reply | Quote

I’ve installed all of these on Windows 8.1:

https://support.microsoft.com/en-us/kb/3185319
https://support.microsoft.com/en-us/kb/3183038
https://support.microsoft.com/en-us/kb/3175024
https://support.microsoft.com/en-us/kb/3174644
https://support.microsoft.com/en-us/kb/3177186
https://support.microsoft.com/en-us/kb/3184122
https://support.microsoft.com/en-us/kb/3184943
https://support.microsoft.com/en-us/kb/3185911
https://support.microsoft.com/en-us/kb/3187754

I skipped the following one though since it appears to be related to a component which allows ads to display on the lock screen:
https://support.microsoft.com/en-us/kb/3178539

I pretty sure I don’t have the update installed which allows that to happen so there’s no need to address a vulnerability which doesn’t exist right now.

There weren’t any Optional updates included in this month’s WU.

If I get any problems though, I’ll update this post.

Reply | Quote

Right at the bottom of his post:

“As long as you aren’t running IE 11, I don’t see any reason to hurry up with the patches.”

Are you using IE 11 instead of Chrome or Firefox? Odds are, you’re not. That likely being the case, don’t update yet.

Most people (who know better at least) don’t take Patch Tuesday updates the day they’re released, or even a few days later. Let them stew at least a week – you’ll be a lot better off.

Not accepting these patches for another 7 days is not going to make you terribly vulnerable.

Reply | Quote

Same with me on a Win7X64 machine. Anything clicked on in Favorites comes up as unknown file type. Asked if you want to open, it will open; but very weird. Even happens for Hotmail. LOL!

Reply | Quote

Interestingly, this only happens if IE is not open. If you open a link in favorites through the browser it functions normally. A link on the desktop gives you the dialog box.

Reply | Quote

Same here. Neither IE11 or Firefox work.

Reply | Quote

In IE11 I’m getting “This page can’t be displayed” for http://wu.krelay.de/

Can’t get it in Edge, either, with or without the /en branch.

Reply | Quote

Welcome to the Group W bench… 🙂

Reply | Quote

Coming right up, on InfoWorld.

Reply | Quote

Patience.

Reply | Quote

KB3172605 now enforces a D-H key length of 1024 bits or greater.

The registry edit to override it to 512 bits (as below) no longer works.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELKeyExchangeAlgorithmsDiffie-Hellman]
“ClientMinKeyBitLength”=dword:00000200

Reply | Quote

Patch Tuesday for the desktop was great. It found the updates in about 3 minutes.

This patch Tuesday has been the worst ever for my Lenovo laptop. It is patched identically to the desktop EXCEPT for the KB3172605 that kills Intel Bluetooth. Yesterday (and today) it took 11 hours just to list the updates. An attempt to install the speedup KB3185911 via Windows Update stuck for 3 hours on 0%. It threw 5 WU failures on download in the Action Center.

I resorted to the Catalog and did the turning off WU and stopping the WU in Services trick. The manual update of the speedup was successful. After the patch, WU found the updates in 3 minutes, but then they had been found before. I again attempted to initiate the downloads and it started in a minute. The install took 4 minutes, but had a failure on the MSRT. A reboot and rerun of the WU and MSRT install took about 4 minutes and was successful. Updating should not be like this!

This made me think of the Group A, B or other question. If every month there needs to be a manual magic bullet speedup fix, would not even a group A strategy still take forever if the speedup is issued each Patch Tuesday? My thoughts are if I still have to visit the catalog for the ‘speedup’ for WU, why not just stay and grab the monthly Security-Only patch (if B) or the rollup (if A).

Ubuntu Linux calls strongly, but I need Windows for my Garmin GPS software updating and mapping when on the road. Updating my wife’s Ubuntu 16.04 LTS Linux laptop with 186MB of updates took 4 minutes the other night (it has an SSD).

Reply | Quote

Very good question – and I don’t have any idea about the answer.

Reply | Quote

I am on an old vista machine, and suddenly today I can not get to Dalai’s “@wu.krelay.de/en/” site nor can I access the update catalog form either Firefox OR Internet Explorer to download the KB3185911 patch to speed up updates…and again my attempt to update just goes on forever. I at the least wanted to search for updates whether I installed them yet or not. I have update clicked off and attempted to search manually. What is going on today…is Microsoft punishing me for running Vista still and not 10?

Reply | Quote

What happens if you click on this link in Firefox?

http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3185911

Reply | Quote

I found the site and am ready to download and see what happens…should I also subscribe to this feed as asked? Will it help me in the future? I will now try the download and then let you know what progress, if any, I have made to resolve this issue. Thank you kindly for your rapid response. 🙂 J.

Reply | Quote

Back in July, I installed the Microsoft update fix, KB3161608, on my Win 7 64-bit computer after installing KB3168965 from wu.krelay.de site. It was discovered that KB3161608 update caused problems with Intel Bluetooth;so, Microsoft replaced it with KB3172605 (which I did not install).

My ‘Check for Window Updates’ and download/installation of monthly updates has been normal ever since I installed the update fix, KB3161608 in July. Checking for updates takes less than a minute.

Reply | Quote

No reason to subscribe to any feed. Just drop back by from time to time…

(Or you can set up an RSS reader for AskWoody, or follow me on Twitter, @woodyleonhard)

Reply | Quote

Download successful…now only need a restart. Again, Thank You. However, I am still wondering why I can not access the “krelay” site?

Reply | Quote

@Woody, @James,

Workaround…if you are using Chrome browser, paste the link
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3185911

into Googles home page/search box https://www.google.com/

Instead of hitting Enter to search, highlight the link, right click and choose “Go to http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3185911”

Once you get to the “document tree”, scroll down, look for KB3185911 for whichever OS version you’re running (W7, W8.1, etc.), highlight the link, right click and “Go to” again.

Reply | Quote

Actually, you have been my “Go To” for a LONG time, and I have followed everywhere you have popped up! You have gotten me through many a headache, most especially lately with these update issues, though today was the first time I have not been able to resolve my problems on my own without having to directly interact. I know I am running out of time with this Vista machine…still don’t know what direction to take next. I am old and resistant to change but it is appearing as though I have little choice in this matter.! Thank you for saving me once again. J.

Reply | Quote

Wish I knew. Dalai, are you around?

Reply | Quote

So that’s this month’s “magic bullet” patch?

Reply | Quote

@Woody,

What’s your guess that someone is able to hack the new MS update “method” and allow W7, 8.1 users to control their updates come Oct? I mean MS basically created krelay, so, might it be possible that krelay or a new techie steps up and circumvents what MS is trying to do? I think there’s good probability it might happen. Too many smart people around.

@james,

Just as an aside, if you can’t get to krelay, have you tried emptying your cache and/or deleting the krelay cookie (if he sets one)?

Reply | Quote

@James,

I think the message that you saw about “subscribing”
was not to subscribe to this website as a whole,
but probably was a notice from the commenting system that offered you these choices:
a) to make a comment on this discussion thread and then to be notified (via an email that will be sent to you) of follow-up comments that are made by other contributors to this discussion thread,
b) or, to subscribe to this discussion thread even if you don’t want to leave a comment yourself, whereby you will be notified (via an email that will be sent to you) of further comments that are made by other contributors to this discussion thread.

That check-box you saw will sign up your email address to receive any new comments that are made on this particular blogpost’s discussion, but it won’t subscribe you to the output of this site (AskWoody.com) in a wider sense.

Reply | Quote

@Bill C.,

Regarding your question “I still have to visit the catalog for the ‘speedup’ for WU, why not just stay and grab the monthly Security-Only patch (if B) or the rollup (if A).”

Bill, I don’t think that after this month anyone will be able to visit the catalog to grab an individual patch, such as the “magic” speedup patches that people have been downloading manually in the last few months prior to running Windows Update.

It seems that the ability to obtain a newly-published* individual patch manually will be finished after this month.

*(Possibly/probably they will still have the historical individual patches from the old updating system available for separate download from the catalog, but presumably none of those patches from the past will have the ability to speed-up a new month’s update Rollup.)

Reply | Quote

If Microsoft had the power to pull the plug on your operating system and force you to buy (or install) their new version of Windows, Google has the power to brick your hardware and force you to buy a new Chromebook :

http://betanews.com/2016/06/10/google-chromebook-end-of-life/

So, Chromebooks as an alternative ? At least, with a PC, you can turn it into a Linux box… or reinstall XP (OK, just joking).

Reply | Quote

Who the hell is Diffie-Hellman and why would I want to exchange a key with him?

(sorry, couldn’t resist…)

Reply | Quote

WU scan problem has now hit my Win 8.1 box. Last month <5 minutes to display; today 1 hour (twice). Anyone else noticing this on 8.1? Too early to install patches, but would like to at least see what's there!

Would KB3185911 provide any benefit?

FWIW Sidebar Comment: Changed my name to avoid confusion with the other "James".

Reply | Quote

Delete Google Maps ? Go ahead, says Google, we’ll still track you

Security researcher Mustafa Al-Bassam reported on Twitter that he “almost had a heart attack” when he walked into a McDonald’s and was prompted on his phone to download the fast food restaurant’s app.

Al-Bassam dug into his phone’s apps to figure out how that had happened, and was amazed to find that his suspected culprit – Google Maps – was not responsible. It was Google Play that had monitored his location thousands of times.

http://www.theregister.co.uk/2016/09/12/turn_off_location_services_go_ahead_says_google_well_still_track_you/

Reply | Quote

@Lizzytish,

My non-computer-expert thoughts on a couple of the topics you mentioned in your post:

1. Optional updates: If you have optional updates sitting in your Windows Update, and you say you would rather not have them there after we are transitioned to the new updating system, I believe that Woody has said that you can install them if you want to.

But if you are avoiding those optional updates (as many of us are) because they introduce unwanted telemetry or otherwise are unnecessary for your computer, then you can leave them uninstalled, which will not hurt anything. Many of us will be leaving old, optional updates uninstalled and just sitting in Windows Update, as Microsoft moves to the new updating system.

If you decide later on that you do want install those old, optional updates, it seems that you will still be able to do so.

You say that you want to “eliminate a growing list of optional updates that I would rather not install”, but the only way to delete that list is to install the updates; otherwise, if you don’t install them, they will remain in that long list (which many of us have on our computers, also).

With the future updating system, if we choose to be in Group B and not patch everything that Microsoft recommends, then the individual updates we don’t install (the non-security patches they will introduce each month) won’t be listed out one by one anymore, but rather it is possible that the entire month’s joint, cumulative, Monthly Rollup chunk will be listed as still uninstalled on your system, with an entry named something like “November 2016 Monthly Rollup”, in the available-patches area. This name will probably change month to month and the new month’s rollup name will stand in the stead of the old month’s rollup name, since the joint Monthly Rollups are cumulative and completely replace each other (like the MSRT patch already does, whether or not you have installed the prior months’ MSRT patches).

In other words, I don’t think that our lists of uninstalled, optional, individual updates will be growing too much after October, since Microsoft won’t be introducing any more individual updates that the computer owner can pick and choose from.

(That said, there will apparently be a few other types of patches that Microsoft won’t be including in the Monthly Rollup, such as Office patches, Internet Explorer patches, and others, and if you decline to install those, they will be listed in your “available patches” list.)

—-
2. Windows Update setting of Never Check:

If you are thinking about being in Group B (meaning that you would only download security updates in the future), you should set this to “Never Check” right now.

If you leave it on “check for updates and let me choose whether to download and install”, I believe Woody has said that that setting *sounds* innocent and safe, BUT it is not safe, and it could let Microsoft take over your updating, and they might force your computer to be in Group A.

Even if you later decide you want to be in Group A and to accept everything Microsoft sends you, it will do you no harm at this time to put your updates to “Never Check”. It buys you some protection from Microsoft making unwanted changes without asking you — better to be safe than sorry.

(As long as you remember in the future to conduct occasional manual checks for updates when Woody says it is safe for us to do so, if you wish to be in Group B and install the security-only updates. You can have your updates set to “Never Check” and still manually check them yourself, unimpeded — I’ve been doing that for over a year now.)

Sorry that this was a little verbose – I’m being distracted by people around me, but have to log off in a moment and wanted to press “send” on this before I shut my computer down. 🙂

Reply | Quote

I have to investigate deeper. One of these updates… either July or August… has absolutely killed my WU. It now takes forever a la W7. I’m on W8.1.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

Downright reports that wu.krelay site is down for everyone.

Reply | Quote

See http://www.infoworld.com/article/3120365/microsoft-windows/kb-3185911-speeds-up-the-windows-7-scan-for-updates.html

Reply | Quote

Just now was able to access wu.krelay.de and wu.krelay.de/en .

JF

Reply | Quote

It is back up.

Reply | Quote

Thanks!

Reply | Quote

Because windows updates for the same components are cumulative in their nature

so win32k.sys v6.1.7601.23528 (KB3185911) have whatever vv6.1.7601.23523 (KB3187022) have

Reply | Quote

@Woody: Thank you so much for the prompt reply, and all of the other information you have provided here. 🙂

Reply | Quote

I hope you didn’t take me seriously about IE 🙂
This one works for me in Firefox
http://wu.krelay.de/en/

Reply | Quote

They released new version for KB3172605
and for WU, it’s treated as separate new update

Reply | Quote

First…according to DownRightNow, Dalai’s server went/was offline today, though yes it appears he is back online as of this afternoon. That is a reassuring sign!! I was beginning to wonder…

Secondly, concerning your thoughts about someone finding a way to circumvent what Microsoft has planned for “us”, I would not be half surprised to “eventually” see some form of, at the least, partial work-around in regard to this issue of taking away “our” control…though I would not think it will be at all soon enough to please any users in the near future, though I ‘spect someone is working on a plan as we speak!.

Reply | Quote

I tried ie! Don’t tell anybody.

Reply | Quote

There is no such thing as “speed-up patch” and many of us already know it. This is just a workaround meant to temporarily assist people doing Windows Update incorrectly in the technical sense, i.e. missing a large amount of patches and breaking the supersendence chains. The “speed-up patch” fixes one of the bigger supersedence chains which is broken for many people by skipping patches. The Catalog documents the supersedence chains for each patch and it is there for everyone interested to check. More such chains are fixed by the other patches on Dalai’s page.
Saying that, except for the Windows Update clients which were released if I am not wrong since October 2015 and which any of them would do the job of superseding 7.6.7600.320 as it is confirmed by Dalai, all “speed-up patches” or “magic patches” have been Security Updates, as they tend to supersede each other more often and become the facto rollup patches. This has nothing to do with Microsoft doing anything to break or fix anybody’s Windows Update.
The only real bug which is clearly known and documented in this matter of Windows Update is the failing 7.6.7600.320 which should have been retired since about 2014 when it stopped doing the job for which it was released. Before that date, for unindentified reaosns, this patch was working well.
This page which was updated for September 2016 is still the best reference to temporary fix all Windows Update problems until catching up with all other patches on offer.
http://wu.krelay.de/en/

Note: A lot of user don’t realise that even if they may think that they are fully patched, they have at the same time hidden patches which means those patches are blocked from being installed and this counts in the same way as non-hidden patches.

Reply | Quote

See my other post about https://www.ssllabs.com/ and how Woody’s site has an “impossible” to achieve rating of A+

Reply | Quote

ch100: Based on what I think you are saying, would this mean that if I were to NOW install every patch available to me — optional, recommended, checked, not checked, important, security, non-security, hidden, etc. — my WU scan forever problem would be cured once and for all? Or, is there no MS forgiveness for my past misdeeds?

Tnx

Reply | Quote

@CH100,

“…people doing Windows Update incorrectly in the technical sense, i.e. missing a large amount of patches and breaking the supersendence chains.
The “speed-up patch” fixes one of the bigger supersedence chains which is broken for many people by skipping patches.”

You might be imagining that people here have more patches uninstalled than many of them do.

For example, I always update a relative’s machine, and today I went ahead and installed on it September’s Patch Tuesday patches (even though normally I’d wait 3 weeks first) because I looked each one up, no one seemed to be reporting problems with them, and I wanted that computer to be completely up-to-date before the new updating system is introduced in a few weeks (when we will have to decide which Rollup Group, A, B, or C, that my relative is going to be in).

In the past year and a half, I’ve been very careful to avoid telemetry and Get-Win-10 patches, and even though I didn’t use either of the 2 third-party programs to fend off Win-10, I never was bothered with it showing up unannounced on our machines. The list of patches I was choosing not to install had become pretty long, and I stuck to my guns and did not install them. NONE of those are offered by Microsoft to me as Important or Security any more.

Also, a few months ago I un-hid every hidden patch that we had, so that Windows Update could look easily at what the patch situation was on our computers and offer me the patches it deemed were most applicable.

Today, after I installed the few patches from yesterday’s Patch Tuesday release, my relative’s machine has no hidden patches, and no uninstalled patches in the main list. The important/security main list of patches is empty because all the “dodgy” patches that I avoided for 18 months **have disappeared and are no longer offered by Microsoft on that list**, and the new important/security ones that Microsoft recommends for my relative’s machine are all installed on her machine.

There are about 19 patches on the optional list, and if they are deemed by Microsoft to be optional, then I’m not worried about them.

Therefore, on my relative’s machine, there does not appear to be a “large amount of patches… breaking the supersedence chains”. I have not done Windows Update incorrectly from a technical standpoint, since there are no hidden patches, there are no patches remaining on the important/security list, and the only patches that Microsoft thinks I don’t have are some “optional” patches.

Unless you feel that I am breaking the supersedence chain by having some “optional” patches uninstalled, then your premise is incorrect that there are broken chains and user-created confusion on my relative’s machine. It’s actually patched with every single patch that Microsoft thinks is important/security for it.

—
My machine is a little bit different, because there is one important/security patch from 2 years ago that I cannot install because it causes a blue screen of death. I have not put the new September Patch Tuesday patches on my own computer – I will wait a week or so to do that. However, aside from that one patch I must not install, by the end of this month, my machine will also have every single security/important patch that Microsoft feels at the present time it should have. No patches are hidden, and there are about 20 patches on the optional list.

Even though I had a list of about 10-12 patches that I refused to install from about May 2015 to August 2016,
Microsoft has stopped offering ANY of those (to me, at least) on the important/security list,
and the **current** Windows Update situation for the 2 machines I take care of is clean, straightforward, responsible, clear, open, complete, and not entangled in the slightest.

So I don’t think your assumption of how screwed-up the Windows Update situations of the “anti-telemetry, anti-get-win-10” people must be at the present moment is correct.

Reply | Quote

Actually I meant the Security only rollup (Group B) or the Monthly update of security and other fixes rollup (Group A via WU or the Catalog). I referred to it as a patch. I meant the single rollup file, not individual KB number patches.

Sorry for the bad description.

Reply | Quote

My analysis might not be correct here.

With this version of KB3172605 it is no longer possible to connect to legacy VMware vCenter servers from viClient.

It might be some cipher suite issue instead.

Connects happily to vCenter 6, but not to an old vCenter 5.1 instance we have here

Reply | Quote

Aha. Got it.

Group A will be fed from Windows Update. Group B will have to rummage around in the Catalog.

Reply | Quote

As far as we know, that’s correct. There are two specific patches that you need, KB 3020369 and KB 3172605, as Canadian Tech explains in his Answers Forum post.

That said, everything’s supposed to change next month, and we really don’t know how it’s going to work.

Reply | Quote

I just tried in in IE but the page loads normally Woody.

Reply | Quote

@ Alex,

Right click the Start button and go to Command Prompt (Admin).

Type or copy/paste from here:
DISM.exe/Online /Cleanup-image /Checkhealth

To copy/paste in a command prompt you have to right click and then click Paste. Ctrl+V doesn’t work.

If when it finishes you see the message that the component store corruption is repairable, copy/paste the following command into the same command prompt window:
DISM.exe/Online /Cleanup-image /Restorehealth

When that finishes, copy/paste: sfc /scannow

When DISM runs you’ll only see a flashing cursor initially, but after about five minutes you’ll see the figure 20% appear followed by 100% about 15-20 mins later.

Should be OK after that.

Reply | Quote

The problem is that I have W8.1.
I’ll try Xircal’s suggestion.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

well its been another “Trauma Tuesday” mercifully relatively unscathed here, well not quite! never really had a “mauling” too badly with the antics of windows update untill this week. Briefly IE11 update for win7x86 thought it would take a “swipe” at the “favicons” and while it was at it, took a chunk of the desktop short cuts as well. Most of the regular fix’s didnt work so with a combination of “faviconizer” a 2009 util. (i jest ye not)and a roll back life was good again with IE11 kb3185319 in the WUD “sin bin.” Moving on to 1607 ann. update living in a VHD this pretty much does its own thing before being let loose on a good working sytem. Kb3189866 duely arrived accompanied by the usual clutch of sec. updates and office16 U/Ds that was an hour and a half of my life i’ll never get back (makes molasses look like Road-runner) sure, as what ever diety you subscribe to, made little green apples. crash city in the apps. dept (no surprises there)off to the, by now, bulging power shell scripts and CMD lines folder opend up power shell and went to work. well the apps. didnt and so tiring of the whole excercise with 1607 and Edge (yes it has funcionality now somewhat, but missing the stop google tracking list and i believe even possibly ad-guard is rumoured to have sold out to some adware peddlers) I deleted the VHD and reset the bcd store. Got to wonder how long we can defer this ill conceived 1607 (info out there is less than forthcoming as is continuing support info about the other win10 ver. cant wait for Oct’s “trauma tuesday” (well actually i can) sure to be another walk on the wild side. You got to get your act together M$! I can hear the Linux convertee’s chanting the oath of allegiance in the distance. 🙁

Reply | Quote

Good news! You can put Linux on a Chromebook, including very full featured distos like Manjaro. Here’s a link to a YouTube clip showing how it looks:

https://www.youtube.com/watch?v=WRNGhakgPJo

Reply | Quote

@Bill C,

I realized that you meant the Group B or Group A rollup rather than Group B or A patch; in fact, I hadn’t noticed that you had referred to those as a patch rather than a rollup!

However, what I was talking about was not that part of your comment, but about the following part of your comment:
“If every month there needs to be a manual magic bullet speedup fix,
would not even a group A strategy still take forever if the speedup is issued each Patch Tuesday?
My thoughts are if I still have to visit the catalog for the ‘speedup’ for WU, why not just stay and grab the monthly Security-Only patch (if B) or the rollup (if A).”

I was pointing out your assumption inherent in this statement:
“if every month there needs to be a manual magic bullet speedup fix….
if I still have to visit the catalog for the ‘speedup’ for WU”

The assumption that every month there is still going to be a speedup fix that we can visit the catalog for (in addition to visiting the catalog for the monthly Rollup Patches) is apparently not correct.

From October onwards, it appears that every patch will be inside of one of the new Rollups. There won’t be a manual speedup fix that every month we will be able to get separately from the catalog.

Reply | Quote

Group A would have already installed kb3172605, which fixes the WU scan issue permanently, and will not need to install temporary monthly-changed fix
AFAIK, Intel Bluetooth had been fixed by Intel

Reply | Quote

I also had to uninstall KB3175024 to get this to work.

I’m guessing that both updates are enforcing D-H >= 1024 bits

Reply | Quote

@abbodi86 & @Woody: I have the KB3172605 already installed, and now in the Optional, it is showing up again at a whopping 29.2 MB.

What is to be done with this new Optional update, which is italicized, and not checked? MS updates get more and more confusing.

Any advice on this one???

Reply | Quote

Wait. We’re still at MS-DEFCON 2.

Reply | Quote

All I ended up with after 2.5 hours was the computer having to repair my C drive. Didn’t fix the problem.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

The new kb3172605 is the same one released in July + KB3175024 components
so installing KB3175024 should be good for now

but my advice, install kb3172605 too 🙂
i believe it will become recommended soon

Reply | Quote

Many thanks for all your input, poohsticks….. and not a problem re the length……….. I’m inclined to be ‘wordy’ too, as some put it……….. but then again have been told that what you want to say will take as long as is needed to say it!!! I’m still digesting it all…. think one needs to either ‘sleep’ on it……. or go do something else and let the mind work it out…….. and that’s what I’m doing right now! But yes…… did realise that the number of optional patches will be less because of the one ‘roll -up’ that we’ll have to deal with….
But all this discussion helps one to get it sorted in one’s mind and plan ahead……. or at least understand a bit more about what lies ahead. Of course it may be entirely different….. they always say there are several scenarios to a future event….
1. What you think may happen
2. What actually happens
3. And After the Event……
What you should have done in the first place!
(in hindsight)
LT

Reply | Quote

sharing my wushowhide DEFCON 2
Cumulative Update for Windows 10 Version 1511 x64
KB3185614
Update for Windows 10 Version 1511 x64
KB3161102, KB3181403, KB3150513
Feature update Windows 10 Version 1607

Reply | Quote

@ Alex,

Have you checked for malware? Download the free version of Malwarebytes and run a full scan. https://www.malwarebytes.com/

You can also check the HD for bad sectors. Open another Command Prompt (Admin) and run chkdsk /f

You’ll get a message that diagnostics can’t be run because the volume is in use and whether you want to schedule a check on the next boot up. Hit Y and then finish what you’re doing and reboot.

After the machine boots to the desktop, right click the Start button and click Event Viewer. Expand Windows Logs and click Application. When the center pane populates, right click Application and click Find. Type: Wininit and click Find Next. The Wininit log can be used to identify what the problem is and whether your HD is failing.

If it’s due to a bad sector, open an elevated command prompt again and run chkdsk /r /f

Reply | Quote

@Lizzytish: Excellent comment! We all need some humor in dealing with the “never-ending MS nightmare”, and poohsticks’ humor and yours both help me a lot! Thank you! 🙂

Reply | Quote

Anyone having issues with kb3172605 where users are unable to change their passwords similar to KB3167679. Looks like it disables NTLM and forces Kerberos.

Reply | Quote

The only virus here is Windows, I’d say. I’d venture a pretty strong guess that it’s one of the August updates causing the problems. I’ve done some pretty in depth fixes before, so I’ll run Malware-bytes just in case (have had it for ages) before blowing out every August update.

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

I haven’t hit it, but…

Have you run this up the flagpole at patchmanagement.org?

Reply | Quote

I have not, I will have to check it out, thanks!

Reply | Quote

They’re the go-to people for problems like this. Susan Bradley leads the bunch.

Reply | Quote

patchmanagement.org does not seem to have reports in this matter. But if you find anything @Tomahawk, please let us know, I am very interested too.

Reply | Quote

@Woody:

I have the “new” KB3172605″ in the “Optional” list now. The older version was installed on Sept. 11th, and was also shown as Optional.

I think it appeared in the July updates, and was the SAME size as this new “Optional” one (29.2). I had it hidden until I installed it on Sept. 11th.

I am waiting for an “all-clear” on this Optional version which came on Sept. 13th with the other updates. It’s italicized, and not checked, and I think I mentioned it before along with a few others (?). It’s 29.2 MB.

Doesn’t “seem right” somehow…. Any advice at the present time??

Nothing gets installed in the “new” updates until there is an “all-clear”. 🙂

Thank you, as always. 🙂

Reply | Quote

Hang in there. Wait for the MS-DEFCON level to change.

Reply | Quote

If you installed security update KB3175024, then you already have what new KB3172605 have
you can install it or hide it, it won’t make a actual difference to the system

Reply | Quote

@abbodi86: Haven’t installed any of the new updates yet. Thank you for this information. 🙂

Reply | Quote

It appears KB3172729 torpedoes Windows 8.1 in some ways, including slowing checking for WU. No matter what method I try of uninstalling it, I get an error message saying that the uninstall failed with message “Installer encountered an error: 0x800f0922”

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

Check this link.

http://www.jordanhardware.com/threads/kb3172729-failure-on-8-1-windows-8-1-help.272010/

Reply | Quote

Forgot to add I have it installed since August 13 with no apparent problems.

Reply | Quote

That is…….yet. Haven’t updated any of Sept to date.

Reply | Quote

So MS16-111 from this month supersedes KB3167679 which breaks NTLM. There must also be something in KB3172605 as well because it too breaks NTLM even without KB3167679 and 3175024 from MS16-111 installed. I have not had a chance to contact patchmanagement.org.

Reply | Quote

New KB3172605 contain whatever KB3175024 have
and now KB3185278 also have whatever KB3175024 have

Reply | Quote

Do you recommend removing KB3185319. A client is getting a popup: “A FILE DOWNLOAD SECURITY WARNING”

CT

Reply | Quote

Forgot to check the notify button

CT

Reply | Quote

@ who – knows
I’m just not one to know but my W8.1 was taking forever checking for updates and I went in Task Manager after 15minutes and found the windows process with the most cpu/memory usage and despite the warning given ended it’s task and poof my windows updates showed like right then…

Can anyone explain this?

PS: @woody yes I needed to use email to post here, when you said differently to me one time.
Good thing this time I had copied my post cause after submit comment – POOF it’s gone but my names still there… No advise waiting to be approved – nothing but gone…

Reply | Quote

Ouch. Lots of people post without giving an email address – and that’s fine. If you like, create a bogus email address. It’ll never be used…

(I had three copies of your post, and deleted two of them. Perhaps the post was listed as “awaiting moderation”? That’s because I, personally, approve every post before it’s visible to the outside world.)

Reply | Quote

Your svchost.exe process had done some processing until you killed it. The results you get are partial, but a good start. Just install those patches and keep on going on until nothing more shows up.

Reply | Quote

FYI, What happened after I hit submit comment was it jumped up to top of the page – I never seen the “awaiting moderation” till I entered an email address, then it showed me my commit as well. Yes there could of been three as I tried a few times. I use a VPN maybe need for email? I don’t know site requirements and it’s happened where I haven’t used an email and never seen any of my commit posted in either case – awaiting moderation, or final posting.

More important is the Task Manager – finding windows process with the most cpu/memory usage and ending that task when windows update is running long time and then immediately seeing listed updates.
Can anyone else confirm and give reason why it work(s/ed)?
Thanks…

Reply | Quote

Is there a good site to check updates on Kb’s information, as if trouble has been experienced, if really needed to install and that with consideration to each version of the Win OS (Vista,7,8, 8.1,10)?
EX: Diffie-Hellman Key Exchange in KB 3174644
Why would a home user need this?

Reply | Quote

@Woody:

I realize I’m referring to information posted almost 2 weeks ago, however I still have the “Optional” KB3172605, which showed up right after I already had one installed.

It is still unchecked, and italicized.

Is your recommendation the same now for this? Win 7, Home Prem. x64. Just need some guidance, after it seems everything is going crazy. All of the updates are still here, and waiting. Nothing hidden has been installed, etc.

Wondering “where do we go from here. Potential Group B (or C/W). Thank you for your help.

Reply | Quote

Regardless of which group, if it isn’t checked, don’t check it!

Reply | Quote

I see it as Recommended, I am not sure why for some users it shows Optional.
It may be because they do not see Recommended in the main screen and do not make distinction between Italicized which means Recommended and true Optional. Or they avoid Recommended anyway, being in Group B according to Woody’s classification.
We can certainly have an opinion, but I would leave it with Woody to decide about this update, at least for the purpose and the main target audience of this site.

Reply | Quote

@ch100 thanks for an answer, I only waited like 15-20 min.’s before ending the task.

There were more but, these Kb’s I took – are
3175024
3177186
3178539
3184122
3184943
3185319
3185911
3187754
Adobe Flash Player (Kb# not shown in Win P&F)

So it wasn’t just a few shown – is what I’m trying to say. I only accept Updates for Windows. I keep updates shut off-down so I have to check each time I want to DL. 8-10-16 and 9-10-16 were the two times before when I DL some and installed.
Thank you…

Reply | Quote

What are the updates to Windows 7 and Windows 8.1 that added forced telemetry collection.

Some I know are-
KB3068708
KB3022345
KB3075249
KB2976978
KB3021917

A search by the box on here yielded nothing as an article I could ask in.

Reply | Quote

It’s a good question – and I don’t think there’s a definitive answers. Occasionally I publish “block lists” of patches that are suspect.

Search on this site is horrible I have no idea how WordPress hooks its search engine into the site, but it’s completely useless. I always pop back to Google search and append “site:askwoody.com” to the query.

Reply | Quote

… but it’s unchecked, yes? Even if it’s italicized…

Reply | Quote

Here is my current list. However, I need to tell you that it is my practice to refuse EVERY Windows Update that is not labeled Security that was issued after 2014.

KB2882822
KB2952664
KB2977759
KB2999226
KB3021917
KB3022345 SFC
KB3035583
KB3068708 SFC
KB3064683
KB3072318
KB3075249
KB3080149
KB3081954
KB3090045
KB3118401
KB3123862
KB3138378
KB3146449
KB3150513
KB3163589
316896531
KB3173040

The ones labeled SFC actually cause SFC to produce false reports.

CT

Reply | Quote

I have a system that uses RODC for authentication. I just installed KB3174644 on the RODC and my end-user cannot login to the system with their domain login. I had to uninstall KB3174644 and user can login fine after that.

Reply | Quote

Hi All,

After the below MS Patching for October Month, we are unable to login to the Vcentr, when we uninstalled and restarted the server, it works fine, not sure why Microsoft did not informed earlier-

(KB3167679)

Thanks,
Sandeep

Reply | Quote

I haven’t heard of that bug. The patch KB article has a lengthy “known issues” section, which is never a good sign. There was quite a problem with changing passwords in some situations (see https://lists.samba.org/archive/samba/2016-August/202197.html ) but I hadn’t heard of this one.

Reply | Quote