Rolling back: I think I’m in deep trouble..maybe

Topic

New Reply

Windows 7 x64 Intel

Using the “Patch Lady” advice ( https://www.askwoody.com/2018/patch-lady-patch-or-not-to-patch/ ), I uninstalled my security patches basically back to the end of December.

I thought.

As I was using the add/remove dialogue, every time I uninstalled an update another would appear dated 04/02/18.    Thinking these were part of a rollup, I continued uninstalling them until I got tired and suspicious.   Looking at my installation notes that I had, the one I quit on was installed in 2017, yet add/remove was saying it was 04/02/18.

I don’t get it ?

Now, using Windows Update, the some 11 uninstalled updates don’t even show up as missing from my Win 7 x64 intel machine.

Question (s):   I’m not sure if I should continue uninstalling anything that reads 04/02/18, or bail at this point ?   Which, in that case, who knows what I have and don’t have since my update history has nothing to do with what is really installed now.

Or, if I should now attempt to reinstall if I’ve gone back too far ?

Below is a list of what I uninstalled (if it helps).  There might be a couple of others I didn’t log.

Thanks for the help, Mike.

KB4074598

KB4054998

KB4048957

KB4054518

KB4041618

KB4034664

KB4025341

KB4022719

KB4019264

KB4015549

 

Reply | Quote

Replies

Hi Mike,

Alrighty. Here is what you uninstalled:

KB4074598 — 2018-02 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4074598)

KB4054998 — 2018-01 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4054998)

KB4048957 — 2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957)

KB4054518 — 2017-12 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4054518)

KB4041618 — 2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264)

KB4034664 — 2017-08 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4034664)

KB4025341 — 2017-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4025341)

KB4022719 — 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719)

KB4019264 — 2017-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4019264)

KB4015549 — April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4015549)

Do not uninstall anything else. Don’t use the Windows Update history as your guide. Instead, reboot your computer, wait 10 minutes, and then open Control Panel and then click on Windows Update. It is obvious that you are on Group A. Reinstall all updates which were not released after December 2017, after first hiding all updates dated after December 2017. Note that since you are on Group A, you will be presented with a much, much shorter list of updates to reinstall, versus the above list of the updates which you did uninstall. Rinse and repeat. In other words, do everything in this paragraph again and perhaps one more time, until Windows Update shows that there are no updates available for your computer.

1 user thanked author for this post.

Chessie

Reply | Quote

Gonetoplaid:  Thanks so much for your reply and great knowledge.  I’ll  get going on this.

Reply | Quote

Let us know how it turns out. Since you are on Group A and given what you uninstalled, it looks like the only things which you will have to reinstall will be the December Security Monthly Quality Rollup and whichever the latest monthly Security and Quality Rollup for .NET Framework which the experts here say is safe to install. Once those are installed and after rebooting, run Windows Update again as mentioned, just to make sure that Windows Update doesn’t list a few much older Windows updates which might need to be reinstalled. This latter issue could crop up if you ever ran Disk Cleanup.

After doing the above, you should be all set.

Please consider joining AskWoody. It would be nice to have you here.

 

1 user thanked author for this post.

Chessie

Reply | Quote

Hopefully this post is still being monitored.

After rebooting and then checking for updates, here’s all I got:

Important

2018-01 Security and Quality Rollup for .NET Framework 3.1.1…..4.7.1 on Windows 7 and Server 2008R2 for x64 (KB4055532) Published 1/18/2018
2018-02 Security Monthly Quality Rollup for Windows 7 for x64 (KB4074598) Published 2/13/201Update for Windows 7 for x64 (KB2952664)  Published 3/13/2018 I question the motive of MS on this.

Optional

2018-03 Update for Windows 7 for x64 (KB4099950) Published today NIC settings are lost
Update for Windows 7 for x64 (KB2952664)   yes, also listed in optional

I also tried Windows update and re-searching for updates several times
Thanks, Mike

Reply | Quote

I got registered so I thought I’d try and paste in this image of what Windows Update “thinks” is installed.

Reply | Quote

Hello Mixer,

Nice to have you registered on the forum! Your screenshot of your Update History always shows when updates were installed —  even if some of those updates are no longer installed. In other words, the Update History does not get changed when you uninstall one or more updates.

Let’s see what updates are currently installed. Go to Control Panel and click on Programs and features. In the Programs and features window, click on View installed updates. It might take a minute for the list of installed updates to become fully complete. Sort the list of installed updates by name, and then scroll down until you reach the end of the list of installed Security updates. Then upload a screenshot, similar to my example screenshot. Note that your list of installed Security updates will be different than mine since you are on Group A and I am on Group B.

Next, let’s see what updates you have hidden in Windows Update. Go to Control Panel and click on Windows Update. In Windows Update, click on Restore hidden updates. Sort the resulting list by name and then scroll down the list until you reach the end of the listings for update names which begin with 2017-XX and/or 2018-XX. Then upload a screenshot, similar to my other example screenshot. Again, your list will be different than mine since you are on Group A and I am on Group B.

With the above information, we will be able to easily determine if you are missing any updates or if you need to restore a hidden update. Any solutions, if required, will be quick and painless to do.

Finally, I noted that you mentioned that you do have KB2952664 installed. Dozens of versions of KB2952664 have been released through Windows Update, and manually uninstalling all of them is a royal pain in the butt. KB2952664 is of course Microsoft’s infamous update which installs deep telemetry into Windows 7 computers. If you don’t want KB2952664 and its invasive telemetry, then there is an easy solution. I have written a CMD file which will automatically uninstall all versions of KB2952664 which are lurking on your computer. We can get to that, after we have checked that your computer is otherwise properly updated.

Best regards,

–GTP

 

Reply | Quote

Boy I really appreciate all your help and the time you’re spending on this.   Let me know if these screenshots don’t work.   I had split the hidden ones as I couldn’t find a way to sort by date.

Mike

Reply | Quote

Hi Mixer,

Thanks for the screenshots. I still need a screenshot for Programs and Features >> View installed updates. Go to Control Panel and click on Programs and features. In the Programs and features window, click on View installed updates. It might take a minute for the list of installed updates to become fully complete. Sort the list of installed updates by name, and then scroll down until you reach the end of the list of installed Security updates. Then upload a screenshot, similar to my example screenshot.

Best regards,

–GTP

 

1 user thanked author for this post.

Reply | Quote

Here are two images of installed updates that are sorted by date (descending).  Sorry.  I thought I did that before.  These are using control panel/programs and features and then installed updates.

Reply | Quote

Please click on the Name column to sort by update name. Then scroll down to the bottom of the list of security updates and post a screenshot. Thanks.

Reply | Quote

Sorry again, I was second guessing what you wanted.

Reply | Quote

Oops, that is sorted by name (KB number) in descending order rather than descending order. My bad for not clarifying. Anyway, sort by name, and then scroll to the part of the security update list which has the latest KB numbers. That will do it.

Reply | Quote

See if this works.  Edit:  Oh, you see that one dated 4/2/2018.  Well that’s the one that if I remove it, it just reappears (as I indicated on my first post above).

Mike

Reply | Quote

Ah yes. That works. Give me a little time to review it.

 

Reply | Quote

The last update rollup which you presently have installed is the March 2017 rollup. You have no Windows update rollups later than March 2017 installed. So, let’s get you updated through December 2017:

If you are running Windows 7 64-bit, download and install this one:

2017-12 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4054518)

If you are running Windows 7 32-bit, download and install this one:

2017-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4054518)

After you get done installing whichever of the above is appropriate for your flavor of Windows 7, we can then check that you have other needed updates installed. And then if you want, we can remove all instances of KB2952664 which is the update which installs deep telemetry.

Edit to remove HTML from copy/paste of first link.

Reply | Quote

I don’t know why the first link has the weird span thing, but the link actually works!

Reply | Quote

If you use the “text” tab in the entry box when you copy/paste, the HTML is stripped out (usually).

1 user thanked author for this post.

Elly

Reply | Quote

Thanks. I will try that next time.

Reply | Quote

Installed the 64 bit version of KB4054518 rollup.  I can always tell that one, since it slows down my machine as it includes the MS Spectre patch (I think).

Here’s what WU is offering me now:

Important (Recommended)

Optional

Reply | Quote

Hello Mixer,

KB4054518 does not include any Meltdown or Spectre patches. Yet now you are fully updated in terms MS security updates through December 2017. Now…

1. Hide the 2018-02 Security Monthly Quality Rollup, and hide KB2952664. You already have a version of KB2952664 installed on your computer (probably accidentally installed from the looks of it), yet we will deal with that later by ripping it out of your computer. After you hide these updates, Windows Update will automatically check for updates. After doing so and if Windows Update shows the 2013-03 Security Monthly Quality Rollup, hide that as well.

2. Ask here about whether or not to install the 2018-04 .Net Framework, or whether to hide it and instead install a later version which would show up in Windows Update after hiding this one. I have been rather lazy about updating .Net Framework on my computers, and as such, I have not done a good job of keeping up with which updates have problems, versus which updates are good to go for .Net Framework. Hmm…so both you and me need to know about how to proceed with regards to any .Net updates.

3. Do not install the unchecked updates.

4. I am not sure if you should install the Security Update for Microsoft Office. Ask others if there are any issues with this particular KB number.

Best regards,

–GTP

 

Reply | Quote

Windows 7 (x64) / i7-Ivy Bridge / Group B

I have KB4056897 (Jan.) and KB4074587 (Feb.) Security Only updates installed, along with KB4099950. All other security updates are up to date through KB4054521 (Dec. 2017). I do video editing and production in Adobe Premiere Pro and After Effects, and have noticed a performance drop after installing January’s KB4056897.

Should I uninstall Jan. and Feb. security updates and stay at Dec. 2017? Do the April updates address the performance hit caused by the Jan. update? I have Gibson’s InSpectre blocking Meltdown protection (Performance: GOOD), but I’ve read that it doesn’t block all aspects of the Jan. update.

Reply | Quote

Personally, I would uninstall the Jan and Feb 2018 updates for the time being, and hold at Dec 2017. Why? Microsoft created a huge security hole in the Jan and Feb 2018 updates which will allow any program to read any other program’s memory.

1 user thanked author for this post.

EH

Reply | Quote

Thank you GoneToPlaid. I uninstalled both Feb. and Jan. Security Only updates, along with January .NET update. I am sitting at Dec. 2017 with only Office 2007 and MSE updates for 2018.

Now what should I do? What exactly is my computer exposed to by staying at Dec. 2017?

Windows 7 (x64) / Ivy Bridge / Group B

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

Thanks a bunch for the help and wisdom.  Gosh, I don’t how you keep up with all this stuff that MS throws at us.

I will ask about the .NET updates in a separate post in the Windows “General” section.

Below is the screen grab from WU after I followed your advice.   A couple of things remain:

1.  What is your advice on the 2018-01 KB4056894 Security Monthly Quality Rollup ?   In your post above you have something like it.  But I want to make sure.

2.  Also, I looked in installed updates and couldn’t find any instance of KB2952664, so either I don’t have it or………I can’t find it.   Is there another way to check for it ?

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

Hello Mixer,

Sorry for such a late reply to your question about KB2952664, as I was knee deep in alligators at work. Check out my post about KB2952664:

https://www.askwoody.com/forums/topic/kb2952664/#post-172871

In my post, you will see my Dropbox link for some tools which I have created. Here is the Dropbox link:

https://www.dropbox.com/sh/ohvcinlscjvq6i5/AABwVmnwfFhw0fdtPBWsYmAba

On visiting my Dropbox link, please first read the README.txt file in which I explain how I organize my folders and files, notes about my CMD files, and notes about how to use my CMD files.

After reading my README.txt file, click on the KB2952664 folder. In that folder are two CMD files and another TXT file with specific notes about using these two CMD files. I write my CMD files to always display errorlevel codes and their meaning, so that all users can understand these errorlevel codes. These errorlevel codes are Microsoft errorlevel codes.

Anyway, the “Check if KB2952664 is installed rev1.CMD” file is the file which you want to download, perhaps to your desktop. After downloading this CMD file, simply right-click on it and choose Run as administrator. It sounds like you most likely do not have any instances of KB2952664 installed on your computer. My CMD file should report the same. If you find that KB2952664 is installed on your computer, then the other CMD file performs the same check, and then gives you the option to remove all installed instances of KB2952664.

Best regards,

–GTP

 

Reply | Quote

Microsoft .NET Downloads (.NET Framework Runtime third from bottom) and find a flavor you like:

https://www.microsoft.com/net/download/all

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

And in case you have to back things out, a cleanup tool:

https://blogs.msdn.microsoft.com/astebner/2008/08/28/net-framework-cleanup-tool-users-guide/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

I like your Group G thing for “Got backup”. Hehe. I am on Group B-G.

2 users thanked author for this post.

geekdom, Elly

Reply | Quote

EH wrote:

Thank you GoneToPlaid. I uninstalled both Feb. and Jan. Security Only updates, along with January .NET update. I am sitting at Dec. 2017 with only Office 2007 and MSE updates for 2018. Now what should I do? What exactly is my computer exposed to by staying at Dec. 2017? Windows 7 (x64) / Ivy Bridge / Group B

If the forum has approved any 2018 .NET updates, go ahead and install them. I still am sitting at Dec 2017 for Windows Security Updates, just as you now are.

To answer your questions about what you are exposed to…

Theoretically, you are exposed to Meltdown and Spectre, yet there are no known successful exploits out there in the wild.

Meltdown:

If you are using the latest version of either the Chrome or Firefox web browsers, then these web browsers prevent the Meltdown vulnerability via JavaScript code which could run in these web browsers. The only other way to get Meltdown code on your computer is via email or via a malicious program which you download and install. I consider this to be unlikely since, presently, the antivirus companies seem to be regularly detecting and blocking malware which is based on the Meltdown proof of concept (POC) code. The upshot is that to exploit Meltdown, presently the only known way to do so would have to be very similar to the POC code which has been published. Meltdown is low on my list at the moment, especially since my antivirus program will alert me about any new program or process, and ask me to specifically approve that program or process. There are tons of other malware which can do far nastier stuff than what can be accomplished by Meltdown.

Spectre:

Spectre has three known variants. Spectre requires that you actually download and install a program which would attempt to exploit the CPU Spectre vulnerabilities. Spectre, as far as is presently known, can NOT be accomplished by using Javascript in a web browser. Drive-by malware on web sites could try to exploit a vulnerability in a web browser plugin to get actual Spectre software installed on your computer, yet the really good antivirus programs should detect and block such malware.

I haven’t kept track of any other vulnerabilities which Microsoft patched with their 2018 Security Only updates for Windows, yet again a really good antivirus program should keep you safe. Check out AV Comparatives for their regular tests of AV programs which pass muster, and see how your AV program ranks in their test results.

Total Meltdown:

Total Meltdown is a result of a flaw in how one single bit was set by Microsoft for memory page tables. If you have truly rolled back to December 2017, and verified that you do not have any of the 2018 Windows Security Updates installed (see the list posted elsewhere on this forum), then you are completely safe from Total Meltdown. Total Meltdown is incredibly easy to exploit, as exploiting it requires virtually no malware techniques whatsoever in order to simply locate read the contents of all memory on the computer.

The upshot is that, by rolling back to Dec 2017 and by making sure that you do not have any of the 2018 security updates installed, you are safe from Total Meltdown. Total Meltdown can locate 32 GB of memory to be read in less than 1 second. This is how serious this threat, created by Microsoft, really is.

 

Reply | Quote