The Big Bug rollup: Many problems, few solutions, with bugs in the July Patch Tuesday crop

Topic

New Reply

I can’t believe how many bugs we’re seeing in this month’s patches. Oh. Wait a sec. Yeah, I can believe it. If you’re applying Windows/Office updates
[See the full post at: The Big Bug rollup: Many problems, few solutions, with bugs in the July Patch Tuesday crop]

9 users thanked author for this post.

abbodi86, Noel Carboni, alpha128, seamonkey420, SueW, walker, Microfix, Elly, geekdom

Reply | Quote

Replies

With VMware hosting my Win 10 system in a virtual machine, all backed by solid state storage, I have the option of taking a snapshot, testing, and restoring the snapshot if something important goes wrong.

I can’t stress enough how much freedom and confidence being able to revert literally in seconds brings.

The whole “defer updates” thing seems to miss the point that it’s not trivial for most folks to determine if an update is going to negatively affect them.

Imagine if you had the confidence you could revert an update in seconds – or even just a few minutes. I know, I know, this is what “System Restore” (now disabled by default) was supposed to do, but the reality is that it didn’t work all the time or restore everything. Backup restoral? Plan for hours, not seconds or minutes.

For what it’s worth I’ve been testing the Win 10 July patches (to 17134.165) since yesterday in a virtual machine and so far I’ve not found any problems. But of course there’s only so much one person can do in a day.

-Noel

7 users thanked author for this post.

jburk07, anita.yk, walker, BobbyB, HiFlyer, Elly, geekdom

Reply | Quote

Noel thank you for sharing your method of using VMware. I agree with all the conveniences. The only downside for me was that I had to update my hosting OS and any VM OSs. What OS do you use to host? What happens if your hosting OS has issues? Thanks in advance

Reply | Quote

Of course I’m not speaking for Noel, but I use a Debian derivative (LMDE2). It is my daily driver and I use VirtualBox as a virtualization solution for Win 8.1 with AutoCAD, Photoshop (it also runs under Wine),and Classic Shell, of course.

But if you don’t use Linux as a daily driver, you can use some minimalist Linux with a simple Desktop Environment like OpenBox. Everything is light so most resources go to the VMs.

And everything, apart Windows :(, is just free. (Please read the licensing if you’re running a business).

Reply | Quote

Thanks for sharing your setup. I have personally had very bad luck however, using Linux as my main OS to host VMs. My last attempts tried using the latest versions of Ubuntu and Mint as hosting OS. This has been almost a year ago, but I believe I tried both VirtualBox and VMware. My goal was to test some linux distros as VMs. I got frustrated and used my Windows 8.1 as the hosting OS without issues.

Reply | Quote

My host OS is Win 8.1 Pro/MCE, which is 100% stable and reliable – without many “issues” at all since I installed it in 2013, and it’s still tidy and efficient.

I test Windows 8.1 Updates in a VM first before applying them to my host system, but if after that I *were* to have “issues”, I have a number of options for restoral…

• The potential to uninstall the updates, since it still has a reasonable Windows Update process.
  
• Nightly system image backups on a big external USB drive if the worst happens
  
• System Restore points (which are also integrated with the above-mentioned backups)
  
• I also tend to hold off longer updating my hardware system until I’ve heard from others.

-Noel

Reply | Quote

Thank you Noel for sharing your setup of your hosting OS and VM. You sound very safe indeed. I occasionally test Linux distros (as VMs) using Windows 8.1 pro as the host. Preparing for my move from Windows 7 to Windows 8.1 pro as my main PC. I use Deep Freeze on my Windows 7 and hope it will work on my Windows 8.1.

Reply | Quote

Back to making backups this morning. I’m sure there will be other as yet unreported errors.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

2 users thanked author for this post.

jburk07, Elly

Reply | Quote

At this point, not having a once-monthly backup (at minimum) of a system running any flavor of Windows is just asking for heartache. When you see the DEFCON rating change a few days before patch Tuesday – there’s your cue to make a full backup of any and all systems you care about.

I thought Windows 10 was supposed to make patching easier, yet all it’s done IMHO is further muddy the waters.

4 users thanked author for this post.

jburk07, SueW, Elly, Cybertooth

Reply | Quote

Nearly every day is backup day: research and beta testing require backups.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Elly

Reply | Quote

Yes, I have Veeam Agent doing nightly backups of all of my systems as well, as I like to have the extra options for recovery – but since most home users don’t back up at all, I think a single monthly backup is certainly an easy and low-hassle way to do it at least, at a minimum. Plenty of good free imaging software products out there to do it with, too, from Veeam Agent, to Macrium Reflect Free, Aomei Backupper, and EaseUS Todo Backup Free.

Reply | Quote

How simple and quick is backing up for those whose system files are not partitioned or on a separate drive? Do the backup programs select only system files or is it then necessary to clone the entire drive, in which case how long would that take for say a 1TB drive?

Much as an insurance company is only as good as it’s record on paying out claims, rather than as most people assume on how cheap the premiums are, backup programs are only as good as their reliability in restoring a backup when needed – is there any information on which programs are better than others in that respect?

1 user thanked author for this post.

jburk07

Reply | Quote

Seff wrote:

How simple and quick is backing up for those whose system files are not partitioned or on a separate drive? Do the backup programs select only system files or is it then necessary to clone the entire drive, in which case how long would that take for say a 1TB drive?

There are different backup programs, and each one has its own feature set.  You can’t really say that “backup programs do [x],” because they’re all different.  Now, with that said… nearly all of them will give you a series of choices about this stuff, but the nature of those choices will vary from product to product. In general, you can back up by selecting just the partitions you want backed up, just the physical drives, just certain folders and files (file-based backup), or everything.

Even when you specify entire drives at a time, you can (depending on the software) exclude certain directories (folders) or files or file types.  It’s up to you what you want to back up, and what you want to restore from that backup too, should that ever need to happen.  If you did a whole disk backup, you can usually restore just one partition or even one file if you want… you don’t (usually) have to restore the entire thing just because that was how you backed it up.

You don’t have to go into that level of detail about what you want backed up if you don’t want to.  If you want to keep it simple, you can choose a disk backup, where you select or deselect entire hard disks or SSDs at once, and then select all your hard drives (if you only have one, that will be easy). You will need to tell the program where you want the backed up data to go, but otherwise, you don’t need to change the other options if you don’t want to.  Other options will be things like adding encryption to the backup, changing compression options, excluding certain files, creating backup schemes, scheduling, and other stuff like that.  This stuff is there if you want, but you’re not required to use it.

How fast a backup program will create a backup is highly variable.  If you are doing a full backup, it will take the longest.  If you haven’t done a backup yet, the first one has to be a full backup.  After that, most backup programs will let you do an incremental or a differential backup (those are similar, but not the same thing).  These will only back up what has changed, not the whole thing, so after that first one is done, subsequent ones will be much faster.

When you say a 1TB drive, do you mean one that is a third full, half full, or nearly full?  Unless you select a “sector by sector” backup, only the full portion of the disk matters in terms of the speed.  A sector by sector backup is seldom required, and it makes the backup take longer and use up more space on the backup device too.

It also makes a difference what you’re using as the backup device.  If you’re using a networked drive, it will be limited by either the link speed or by the speed of the storage device on the remote server.  Of those two, the link speed is more likely to be the limiting factor.  If you’re using an external hard drive and you’re (unfortunately) stuck using USB 2, that’s going to slow it down a huge amount.  USB 3 external drives should be pretty close to the speed of an internal drive.

The other options you may have chosen (or that are chosen by default) also play a role in the backup speed.  Compression can either speed things up or slow them down, depending on circumstances (and it is nearly always used by default in backups, since they’re going to be huge).  If you’re bottlenecked by the speed of the network or the backup device, compression will usually speed things up (up to a point).  If the limiting factor is the speed that data can be read from the drive(s) being backed up, or if the PC is not very powerful and is hitting 100% CPU utilization, more compression will probably slow things down.  Encryption will slow things down too.

I don’t mean to make it all sound daunting or mysterious, because it really isn’t.  It’s just that there are so many factors involved that you can’t really say that “backup programs do [this]” or “backing up a 1TB drive takes [x] time.” The best way to find out is to try it, because anything less is just a guess.

If the 1TB drive is a standard 7200 RPM hard drive with, say, 120 MB/s maximum transfer speed, and that disk is full, it would take a minimum of about three hours for all of that data to be read from the disk.  You don’t get the 120 MB/sec for the entire disk, so the average read speed will be considerably less than that.  Even at three hours, it’s a theoretical minimum, and you’d be very lucky to actually see that in real life (that’s the speed you’d get if everything else went perfectly).  A terabyte is a lot of data, and reading and writing that much is going to take some time.  Other things, like the speed that the data can be written to the backup device, may be slower than the raw read speed, so that may end up being the limiting factor instead of the read speed.

The long backup times don’t mean that you must sit there and wait for it, though.  You can schedule the backup to take place at some other time, like while you are sleeping, or (with most Windows backup programs) it can do its backing up while you use the PC (though if you use it for something demanding, you’re going to see a slowdown in that task and the backup if the PC is not powerful enough to handle both at once).

Everyone needs to sleep, so it’s usually a good time to do any backup tasks.  You can set the scheduler in the backup program to do it by itself, or you can just start the backup before you go to bed and let it work by itself.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

4 users thanked author for this post.

SueW, jburk07, Seff, Elly

Reply | Quote

@Ascaris nice summary (even though it was a long post).

I would add that after you’ve made a Backup Image you should “Verify” it.

Macrium Reflect can be set to verify an image immediately after it has been created, or you can separately verify images at a later time (like before restoring). I assume that other backup software has similar options.

Once you have verified your Backup Image, create at least one more copy of it on another external storage device.

-lehnerus2000

3 users thanked author for this post.

SueW, jburk07, Seff

Reply | Quote

I use Veeam Agent which does daily backups on each of my machines to a shared drive.
The defaults are daily backup, which makes them incremental. First backup (full) takes awhile but depending on your drive(s) it’s not too bad. From SSD to the shared drive (a 4TB SSHD hybrid) takes 20-30 minutes each. The next daily backups are just the changed files since the full backup, so they’re usually <1 GB and take only a few minutes.

You can make a recovery ISO which has WinRE for when you can’t boot off the drive.

Veeam products are heavily used in the enterprise, and their free products use the same engine and technology as the paid ones. At my old job, we backed up a physical Exchange 2010 Server with the free Veeam Agent app, so I knew it was a good product. I’ve had total success using it at home, the few times I’ve had to restore a backup. I also have it set up to email me every day from each machine with the backup status and details, so I know I’m covered.

If you want to manually back up more occasionally, I’d use Macrium Reflect Free, as it’s geared a bit more for that. Macrium also lets you create a rescue ISO with WinRE, and I’ve had total success with it as well.

Both products are fairly easy to use and will let you back up the entire drive, specific volumes/partitions, or folders, enough to repair a broken system. If you’re backing up a drive to itself, it’ll be slower than if you were to back up to a secondary drive.

3 users thanked author for this post.

SueW, Elly, Seff

Reply | Quote

Thanks all for your very informative and helpful replies, greatly appreciated.

I think on balance I’m happy to stick to my present setup, at least for the time being – who knows what sort of changes might be needed when we reach EOL for Windows 7! I only run a couple of separate home desktop PCs with the only risk being a bricked system given that I have the few important documents and photos etc stored in multiple places, and game saves stored server-side or backed up by e.g Steam on the Cloud.

If the system is bricked by defective updates and can’t be fixed by a system restore (which it was last month, for the first time in several years) then it’s down to a repair or reinstall of Windows which I can live with especially as cleaning up the Windows installation every couple of years or so is never a bad thing.

In any event I make a point of only ever updating my machines one at a time with several days between them and of course that process only starts after DefCon 3 has been triggered and in the light of other people’s early experiences from then.

I will, however, print off your replies for possible future reference. Thanks again for the detailed advice.

1 user thanked author for this post.

Elly

Reply | Quote

If the system is bricked by defective updates and can’t be fixed by a system restore (which it was last month, for the first time in several years) then it’s down to a repair or reinstall of Windows which I can live with especially as cleaning up the Windows installation every couple of years or so is never a bad thing.

A clean install is the perfect time to create some Backup Images.

I create these clean install Backup Images:

1. Windows + the safe updates
2. Windows + the safe updates + my default programs (no AV)
3. Windows + the safe updates + my default programs + AV

When I’m going to restore, or transfer to a new drive:

• Image 1 is my Windows-Only Image in case I decide to do major software changes
• Image 2 is in case I decide to change AV
• Image 3 is my default working setup

I then use Macrium Reflect to make Differential Images based on Image 3.

-lehnerus2000

3 users thanked author for this post.

SueW, BobbyB, Elly

Reply | Quote

As soon as I see Defcon drop down to “2” I change Update settings to “Never check”, sit tight and wait for the techies to shake out the bugs. Thanks techies. Win 7 Pro x64 i7 core, Haswell, Grp. A

3 users thanked author for this post.

jburk07, Elly, woody

Reply | Quote

I am group A, W7x64, except don’t take 664, I am a home user. No problems so far. Cant vouch for enterprise users.

Edit: Formatting/ removal of quote block

1 user thanked author for this post.

jburk07

Reply | Quote

Thanks Woody, great article, covers a lot (unfortunate that there is so much that needs covered!)

Anyone know if the .net “Security Only” update also causes problems on Server 2012 R2, or is it just the “Security and Quality” release?

Reply | Quote

Am I assuming correctly that when it goes to DEFCON 3 for July, that Microsoft is going to attempt to force 1803 on us instead of getting the usual updates for 1703 ?

Reply | Quote

I updated a 1703 test VM yesterday. I was offered 4 1703 patches and also got a popup. See my experience here. Apparently the only thing that installed were the legitimate patches. I went looking and didn’t see anything suspect.

3 users thanked author for this post.

Microfix, bobcat5536, woody

Reply | Quote

Remains to be seen, but my guess is that MS will continue to honor the “defer feature updates” setting.

Since 1703 hit “Semi-Annual Channel” on July 17, 2017 (the branch was renamed from CBB by that point), you may have to rely on one of the other upgrade-blocking mechanisms, to stay with 1703.

Once the 365 days expires, my guess is that you’ll be upgraded from 1703 to 1803. Manually upgrading to 1709 may be a good alternative.

 

2 users thanked author for this post.

Elly, bobcat5536

Reply | Quote

Woody wrote:

It’d be nice if Microsoft would identify the offending NICs as well

Plus the 41.7% of the marketshare who still use W7 would also like to know.

Realtek PCIe GBE Family Controller NIC seems ok on W7 (I’ve had no problems since March)

Perhaps when DEFCON 3 is announced we should monitor and report affected NIC models for AskWoody?

Windows - commercial by definition and now function...

3 users thanked author for this post.

jburk07, AlphaCharlie, Elly

Reply | Quote

just had a system on 1803 with patch KB4338819

Sage 50 2018 would not open,  just get the spinny wheel thingy,  removed the above patch 4338819, reboot system and now Sage 50 works.

Reply | Quote

Just saw this post over on the 1803 ongoing gripes page:

https://www.askwoody.com/forums/topic/patch-lady-early-trending-issues-with-1803/#post-203153

Mick Mickle:

2018-06 and 2018-07 cumulative updates for 1803 feature update did nothing to fix inability of certain motherboards to wake from task scheduler, so I have no choice but to restore three computers to pre-1803 and block future feature updates for those machines. I plan to use the WUMT Wrapper Script, which uses a combination of WUMT and WUB, that I’ve tested on another machine and works to still allow picking security updates while preventing forced updates. (The Asus AM2+ motherboards are about 5 years old and were a good choice to buy at the time, so I got the of them.  The Windows as a service consequence of making hardware obsolete is working quite well, intentional or not.)

Reply | Quote

I updated my Insider’s Preview yesterday to Build 17713.1000. When I went to update the UWP Apps, nothing on the Store App menu worked – not Account, not Settings, not check for updates, nada. Woah, if I wanted to spend my money at MS, they just lost a sale!

2 users thanked author for this post.

walker, Elly

Reply | Quote

With Windows 7 and in Group B, this looks to me same old, same old: wait for at least two weeks before applying (with data backups and with restore points created previously to installing) those patches about which nothing horrible has been heard until then and with “no known issues” still holding steady for them in the Master Patch List. Or else until the DEFCON moves up from 2, except for hiding those obviously not-security related ones, particularly the ones that promise to “improve” my “experience” and such like. And then I might or might not end up a winner (until now, I have), but that’s as far as I think a home/small business user like me can reasonably go. If things then turned out badly, I have a Mac can use to go online and come here to ask for advice and a shot at the PC’s survival. With heartfelt thanks to all the helpful souls at Woody’s that give me that option. And to the Mac.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

From Computerworld article:

“ProTip: Microsoft has no incentive to improve Win7. None. Unless you’re offered a clearly identified security patch, you don’t want it, checked or not.”

Does that also apply to the MSRT’s (i.e., shouldn’t install), and .NET non-security updates?   Thanks.

BTW, one “cute” thing Windows Update is doing to me is refusing to hide an optional Silverlight update that appeared after I uninstalled Silverlight.  It’s always back the next day, so I stopped even trying to hide it.  Basically a non-issue, but weird.   (I am on “Check for Updates but let me choose whether to download and install…”)

1 user thanked author for this post.

jburk07

Reply | Quote

Microsoft certainly has some incentive to watch after Windows 7’s security, and they probably do fix bona fide bugs. You may not actually be running into many bugs at this stage of the game, though, unless you’re running brand new software on your aging OS and/or exercising things you’ve not used before.

That being said, they may well not optimize their patches very aggressively, since it really IS an operating system nearing the end of its support life. There is some evidence, for example (though exceptionally hard to quantify!), that the Spectre/Meltdown mitigations for the old systems are less efficient than those for Windows 10.

-Noel

P.S., I still develop brand new software that does things no software has done before for Windows 7 and newer. An awful lot of folks are still running Windows 7…

6 users thanked author for this post.

SueW, jburk07, ch100, Elly, rick41, OscarCP

Reply | Quote

Noel, this is definitely the case. I recently installed Windows 7 on a laptop for an elderly couple who requested it. InSpectre reported that the system was protected, but with slower performance. The laptop has a Skylake i3 so supports INVPCID, but Windows 7 doesn’t use it.

Reply | Quote

rick41 wrote:

BTW, one “cute” thing Windows Update is doing to me is refusing to hide an optional Silverlight update that appeared after I uninstalled Silverlight. It’s always back the next day, so I stopped even trying to hide it. Basically a non-issue, but weird. (I am on “Check for Updates but let me choose whether to download and install…”)

When you hide a Silverlight update, a previous version will show up next time you check for updates. You’ll need to also hide all the previous versions, one at a time, to stop seeing Silverlight listed among the available updates. It’s tedious, I know, but it’s possible to do so. I’ve already done it myself.

César

3 users thanked author for this post.

SueW, Elly, rick41

Reply | Quote

From my experience, Silverlight is best avoided and just left as an ‘Optional’ without hiding it, unless needed of course

Windows - commercial by definition and now function...

Reply | Quote

The main reason why I install Silverlight these days is to turn on Microsoft Update instead of Windows Update. After that, I remove it.

 

César

3 users thanked author for this post.

Microfix, MrJimPhelps, geekdom

Reply | Quote

No doubt I’m missing something obvious here, but if you have other Microsoft programs that receive updates via Microsoft Update, why would you need Silverlight to activate MU?  And if you *don’t* have any such MS programs, why would you want MU?

Reply | Quote

The option to “get updates for other MS programs” (check box) is not always present in Windows Update\Change settings. You can add the option through a script that writes to the Registry. But an easy way for non-Techies to add the option is by installing Silverlight (then you uninstall Silverlight if you don’t want it). It’s just one way to get the option set in WU.

7 users thanked author for this post.

walker, SueW, Cesar, jburk07, Microfix, Elly, rick41

Reply | Quote

Installing MSE has the same result. But that could prove complicated unless you actually want to change your A-V.

3 users thanked author for this post.

Cesar, jburk07, Elly

Reply | Quote

rick41 wrote:

No doubt I’m missing something obvious here, but if you have other Microsoft programs that receive updates via Microsoft Update, why would you need Silverlight to activate MU? And if you *don’t* have any such MS programs, why would you want MU?

When you’ve just installed Windows 7 or 8.x (not sure if it’s the same for Windows 10), you only receive updates for Windows itself, and you’ll need to turn Microsoft Update on in order to receive updates for other Microsoft software (Office, etc.). As the original procedure to do it is now broken, an alternative and easy way of achieving this is by installing Silverlight from https://www.microsoft.com/silverlight/

If you don’t use other Microsoft software, there’s no need to activate Microsoft Update.

César

2 users thanked author for this post.

SueW, rick41

Reply | Quote

Microfix: I’ll be curious to know what is the problem with keeping Silverlight installed and just ignoring it. I have had it installed, for years now, along with its successive updates, and have not bothered to delete it. I am just letting it be. So far, it has not given me the slightest bit of trouble. I used to need it for watching Netflix videos with IE11 in my Windows 7 PC, but now I use only either Chrome or Waterfox for most things, videos in particular, as both of them have HTML5 clients. I have plenty of hard disk free space, so having that unnecessary bit of software in it is no skin off my nose.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I just tested the July updates for Windows 7 on a test system…

I hid, as usual, KB2952664. The others shown here went in.

So far these updates have tested out fine for my purposes. I didn’t even have one error or warning logged in the Event log. The only anomaly I saw was that I like to keep the BITS service on Manual, and a Windows Update always seems to change it to Automatic.

Bear in mind that no one person can possibly test or even use all of Windows, nor does everyone have the same hardware. But at least the updates are basically functional on at least one test virtual machine. Performance seems about the same too.

REMEMBER: If you’re not set up to test the patches for your own fitness for purpose, you should consider waiting for Woody to digest all the feedback he gets and move the MS-DEFCON level to 3 or higher before applying these updates.

-Noel

10 users thanked author for this post.

walker, geekdom, SueW, seamonkey420, jburk07, Microfix, ch100, Elly, DrBonzo, woody

Reply | Quote

The worst thing, for Windows 7 users at least, is that the July rollup update for .NET (KB4340558)  somehow conflicts with the last two .NET rollups.

C’mon Microsoft – I thought we were past the days when you had to uninstall last month’s rollup before you can install this month’s rollup.  Hopefully they’ll pull this patch and reissue it with a fix for this behavior.

P.S. For the record the last .NET update I installed was KB4096418, which is one digit higher than the number in Woody’s article, but both numbers seem to be valid and seem to lead to the same Microsoft web page.

Reply | Quote

Isn’t KB4340558 for Windows 8.1? I believe KB 4340556 is for Windows 7.

1 user thanked author for this post.

alpha128

Reply | Quote

DrBonzo wrote:

Isn’t KB4340558 for Windows 8.1? I believe KB 4340556 is for Windows 7.

Yes, you are correct – KB 4340556 is for Windows 7.  I was quoting from Woody’s article rather than looking at what was being offered to me in Windows Update.

I would edit my original post, but it’s not letting me.

Thank you for bringing this to my attention.

Reply | Quote

alpha128 wrote:

The worst thing, for Windows 7 users at least, is that the July rollup update for .NET (KB4340558) somehow conflicts with the last two .NET rollups.

C’mon Microsoft – I thought we were past the days when you had to uninstall last month’s rollup before you can install this month’s rollup. Hopefully they’ll pull this patch and reissue it with a fix for this behavior.

I didn’t see anything like that. What does it do wrong, specifically? Maybe I just didn’t test it in the same way you are.

-Noel

Reply | Quote

I’m curious: does the NIC problem recur every time you install a new update since the first one that broke it?

Reply | Quote

This is what the MS pages say for KB4338818. It’s the same thing that has been on every Rollup since March

Symptom
There is an issue with Windows and third-party software related to a missing file (oem.inf). Because of this issue, after you apply this update, the network interface controller will stop working.
Workaround
1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

a. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.

2 users thanked author for this post.

walker, Chessie

Reply | Quote

Sometime in the last 3 hours or so my WIN 7 pro x64 sp1 is no longer being offered the July Rollup nor the July .NET Rollup, KB 4338818 and KB 4340556, respectively, through Windows Update.

Anyone else notice this?

In case it matters, its a 5th generation core i3 and Intel Dual Band Wireless – AC 3160 NIC

1 user thanked author for this post.

jburk07

Reply | Quote

Personally I use VMware Workstation all the time and am familiar with its ability to recover a Windows installation quickly if something goes wrong in the virtual machine, but I simply can’t be bothered to test Windows 10 in a VMware virtual machine (except the LTSB version) as I consider it a waste of time.

Now it is the .NET rollup that causes problems? Should we be surprised now after all the previous problems, especially that Total Meltdown flaw?

In this case, I always download .NET security only updates from the catalog and install only those, ignoring ALL .NET rollups. Since there seem to be no such updates in July, no .NET updates will be installed and this problem will not affect me.

I have adopted a policy of waiting at least 4 weeks before considering whether to install the security only updates, and if necessary I will delay further. I delayed for 5 months and I only get back to May 2018 level in June all the way from the December 2017 level. Defcon 3 or not, if I consider necessary that these patches should be delayed or even ignored it will be done.

Hope for the best. Prepare for the worst.

Reply | Quote

I haven’t had any problems with KB4340558.  I did not install KB4054566 yet until I see how what happens in the meantime.

Window 8.1 Group B (mostly).

Reply | Quote

Yesterday I installed the update KB4338818 and everything seemed in order, but today Windows Update told me that there were “new” updates, Kb3185319, Kb2676562, Kb3123479 and Kb3118401, all of them old.

So I proceeded to uninstall KB4338818 and when restarting Windows Update I no longer asked to install the other updates, but it did not appear to install the July update, only the KB4284842 preview appeared.

As an experiment, uninstall the June update KB4284826, and upon rebooting I already appreciate KB4338818, but the selection box is unchecked.

Then download and reinstall KB4284826 and when doing the search, KB4338818 reappears but continues with the selection box unchecked.

Is someone else experiencing this strange thing?

1 user thanked author for this post.

Chessie

Reply | Quote

Cesar wrote:

rick41 wrote:

BTW, one “cute” thing Windows Update is doing to me is refusing to hide an optional Silverlight update that appeared after I uninstalled Silverlight. It’s always back the next day, so I stopped even trying to hide it. Basically a non-issue, but weird. (I am on “Check for Updates but let me choose whether to download and install…”)

When you hide a Silverlight update, a previous version will show up next time you check for updates. You’ll need to also hide all the previous versions, one at a time, to stop seeing Silverlight listed among the available updates. It’s tedious, I know, but it’s possible to do so. I’ve already done it myself.  César

Aha, I had never noticed that the KB #’s were changing each time.  Turned out I only had to try two more times after reading your post, and now it’s staying hidden.  At least for now, that is, but based on your explanation I’m hopeful it will now remain hidden.

Reply | Quote

Silverlight is probably only useful for those with Windows 7 that want to use IE11 to watch Netflix videos. To everyone else, as far as I can tell, it is unnecessary, but also harmless. So keeping it installed and ignoring it is most likely harmless as well — or at least such is my experience, as I use either Chrome or Waterfox instead of IE11 to watch videos with their HTML5 clients. So, personally, I don’t worry about it and just let it be wherever it is in my PC.

Dealing with Silverlight in this way has saved me, so far, some extra work and some extra worry, two things I definitely do not need.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

DrBonzo wrote:

Sometime in the last 3 hours or so my WIN 7 pro x64 sp1 is no longer being offered the July Rollup nor the July .NET Rollup, KB 4338818 and KB 4340556, respectively, through Windows Update. Anyone else notice this? In case it matters, its a 5th generation core i3 and Intel Dual Band Wireless – AC 3160 NIC

Same thing here, both of those are gone.

2 users thanked author for this post.

jburk07, DrBonzo

Reply | Quote

I have just now noticed that there is a new “Known Issue” for both the July Rollup and the July Security Only patches for Windows 7. The old NIC problem is still there on the Rollup but now on the both patches there is this:

After installing this update, some devices running network monitoring workloads may receive the 0xD1 Stop error because of a race condition.

the support page says there is no current work-around but that MS is working on a resolution and expects one in mid July.

Edit: The support pages are listed as being last modified on July 12 and the Catalog dates are listed as July 13!

3 users thanked author for this post.

OscarCP, jburk07, rick41

Reply | Quote

And now, suddenly I’m being offered the JUNE Rollup although the .NET July Rollup is still gone. Perhaps it’s not surprising I’ve got the June Rollup back since the July Rollup is still gone and I’m Group B. Crazy stuff.

Reply | Quote

Slightly off-message for the July updates, but relevant to the April 2018 updates (and I’ve lost the link to my earlier comments about this issue).

For those of you running W8.1 32 bit and Sandboxie affected by the April 2018 W8.1 32 bit windows updates which broke Sandboxie, but which the Sandboxie developers fixed/worked around in a Beta version 5.25.1, there is now a stable Sandboxie version 5.26 including this fix/work-around (if you prefer to avoid Beta software).

Sandboxie 5.26 also allows printing to a PDF file using the CutePDF printer in Firefox when run in Sandboxie in W8.1 32 bit. This had not worked for me in earlier months, but I had not tried it recently (so I don’t know how or when it was fixed).

HTH. Garbo.

3 users thanked author for this post.

Microfix, Elly, Noel Carboni

Reply | Quote

There is an issue with Windows and a third-party software”

What is the third party software?

Reply | Quote

Microsoft refuses to identify the third-party offender.

Reply | Quote

Noel Carboni wrote:

alpha128 wrote:
The worst thing, for Windows 7 users at least, is that the July rollup update for .NET (KB4340556) somehow conflicts with the last two .NET rollups. C’mon Microsoft – I thought we were past the days when you had to uninstall last month’s rollup before you can install this month’s rollup. Hopefully they’ll pull this patch and reissue it with a fix for this behavior.

I didn’t see anything like that. What does it do wrong, specifically? Maybe I just didn’t test it in the same way you are. -Noel

I didn’t install or test anything yet. I was going by Woody’s Computerworld article which says:

If you tried to install KB 4340558, the “Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1, and Server 2012 R2” and had it crash with an error 0x80092004, you aren’t alone.

But I didn’t notice at first that Woody is specifically referencing a Windows 8.1 patch, so maybe the Windows 7 version (KB4340556) is immune from this problem, but I wouldn’t count on it.

Reply | Quote

“Sometime in the last 3 hours or so my WIN 7 pro x64 sp1 is no longer being offered the July Rollup nor the July .NET Rollup, KB 4338818 and KB 4340556, respectively, through Windows Update.”

Same here, both updates are gone. WIN 7 pro x32 sp1

Reply | Quote

anonymous wrote:

“Sometime in the last 3 hours or so my WIN 7 pro x64 sp1 is no longer being offered the July Rollup nor the July .NET Rollup, KB 4338818 and KB 4340556, respectively, through Windows Update.”

Same here, both updates are gone. WIN 7 pro x32 sp1

The same has happened on my system.  The important June rollups have disappeared and the optional June previews have reappeared.

“Microsoft.  The name goes on before the quality goes in.”

Reply | Quote

As per … https://answers.microsoft.com/en-us/windows/forum/windows_10-update/windows-10-will-not-load-after-an-update-2-days/19e55b1e-bc49-4e27-adfc-eb2d3a181d0e , ….
seems some old computers are beginning to be designated as not compatible with and cannot run the latest Win 10 version 1803, and will have to remain on Win 10 version 1703, which will EOL in around Oct 2018 = may then need to buy new OEM Win 10 computers = Planned Obsolescence by M$ ?.

1 user thanked author for this post.

woody

Reply | Quote

We’ve seen a few machines officially declared obsolete, but by and large MS continues to support older hardware with new versions of Win10. The devil’s in the details, though.

Reply | Quote

We are experiencing the following problems after installing the July’18 updates in lots of Windows boxes:

1) We can no longer restart the www service. The service locks in “stopping” mode forever.

2) We can no longer instantiate .NET .DLLs (interop) in classic ASP using server.createobject. We receive the error 0x800A01AD “ActiveX component can’t create object”. I’ve read some workarounds at other forums to change IIS Anonymous Authentication to “Application pool identity” but it didn’t resolve the problem.

We could only fix both problems after uninstalling ALL the July’18 KB’s. What a mess!

1 user thanked author for this post.

Microfix

Reply | Quote

What is your operating system and “bit” size?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Microfix

Reply | Quote

Windows 10 64 bits 1803

Reply | Quote

For Windows 7, this optional preview appeared sometime yesterday. Hide it. Trouble we already got.

https://support.microsoft.com/en-us/help/4338821/july242018kb4338821osbuildpreviewofmonthlyrollup
July 18, 2018—KB4338821 (Preview of Monthly Rollup)

———

I usually beta test Microsoft anything; not this time.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

walker

Reply | Quote

Installed patches on a 2012 Exchange server.  Patch for KB4338419 created 100% CPU usage on the server.  The culprit was the microsoft online reporting monitoring agent.  I uninstalled the patch for KB4338419 and the CPU is back to normal.  Hopefully it’ll stay that way.

Just another instance of bad patches this month.

Reply | Quote

In light of this information, you may want to consider updating Internet Explorer:
https://www.bleepingcomputer.com/news/security/that-ie-zero-day-from-may-needed-a-second-patch-in-july/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Microfix

Reply | Quote

Seen this earlier, and the problem lies in:

1. If Group A, the kb patch is rolled up
2. We’re on MS-DEFCON 1
Rock and a hard place..

Windows - commercial by definition and now function...

1 user thanked author for this post.

geekdom

Reply | Quote

My next computing system will be an abacus.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Yesterday Microsoft finally published a resolution for the “ActiveX component can’t create object” error: https://support.microsoft.com/en-us/help/4345913/access-denied-errors-after-installing-july-2018-security-rollup-update. I tested it in Windows Server 2012 R2 and Windows 2016 and it worked OK.

1 user thanked author for this post.

columbia2011

Reply | Quote

I’m not sure if this is the place to comment but wanted to let Woody/the readers know that MS found another way to install its telemetry app on Windows 7 Professional.  I have neither 2952664 nor 2976978 installed on my machine, but somehow CompatTelRunner has been running daily at 9am.  It has been diminishing my computer’s productivity and lifespan for months, my system never “idled” at less than 25% CPU and was above 50% as often as not.  The AIT service was also running and had a phone-home task scheduled every 5 days.  Thanks for all your work saving us from Windows!

Reply | Quote

As of the Oct 2018 Microsoft has built the KB2952664/KB2976978 functionality of KB2952664/KB2976978 into the Monthly Rollups. If you have installed either the Oct or Nov Monthly Rollup, you basically have installed KB2952664/KB2976978 in Win7/Win8.1.

1 user thanked author for this post.

walker

Reply | Quote