Windows update not offering KB4088881

Topic

New Reply

Hello All,

I have 3 Win7 Pro 64 bit machines, the only difference between them being
that one is an AMD machine and has MS Office 2010, and the other two are Intel machines
and have MS Office 2007.

Usually, all the machines receive the same Windows7 updates using Windows Update and they have several old optional updates listed, which I never install.

On the AMD machine I performed a Disk Cleanup, which removed all the optional Windows updates from the list.

On the next Patch Tuesday of March 13 2018, all the 3 machines received the same Windows 7 updates:
–  KB4088875  (the 2018-03 Monthly Quality Rollup)
–  KB890830  ( the Malicious Software Removal tool – March 2018 )
–  KB2952664 ( update for Win7 64 bit )
plus also 3 different updates respectively for MS Office 2010/2007.

The AMD machine (on which the Disk Cleanup was performed before this update)
got stuck forever on the restart required after installing the set of important updates,
showing “Configuring Windows Updates 100% completed”,
while the other two (Intel) machines did restart without problems.

I had to perform a power-off/power-on on the AMD machine and go through several rounds of CHKDSK-s until finally this machine was able to restart and all the important updates were reported as “installed successfully”.

Further on, each of the 3 machines received and installed automatically 3 Windows Defender updates as usual.

On March 23 2018, however, Microsoft released KB4088881 (the C-week Preview Monthly Rollup for 2018-03) and this update only appears on the list of Optional Updates
on the 2 Intel machines, but NOT on the similar list on the AMD machine (the one which encountered the restart problems after the March 13 Updates).

I went through the WindowsUpdate.log of ALL the machines and all of them do have many warnings recorded, like the following one:

“DtaStor   WARNING: Attempted to add URL http://download.windowsupdate.com/c/msdownload/update/others/2018/03/26312437_f048796909b2eb7c2e4340e92187a35fe41e0e05.cab for file 8Eh5aQmy63wuQ0DpIYejX+QeDgU=
when file has not been previously added to the datastore”

for various URL-s similar to the above one, including some with very old dates in the URL.

Such a warning appears even for the new KB4088881 update on the two Intel machines, where this update DOES however appear on the Optional updates list.

Otherwise the Automatic Update seems to work correctly and there are no errors
reported in the WindowsUpdate.log.

What I have remarked also is that sometimes the WindowsUpdate.log reports a higher number of “Found Updates” then what is finally displayed on the Optional updates list in the Windows Update GUI.

I have seen numerous web sites that suggest to perform a complete reset of the Windows Update components, including the complete deletion of folder C:\Windows\SoftwareDistribution, but as far as I am aware, if we do this, then the update history will be lost, so I am a little reluctant to take such drastic steps.

I would also add that I have performed all of the following on the AMD machine:

1.  Used the Windows 7 Update troubleshooting tool, which reported all of the problems solved.

2.  Used the Microsoft Windows update troubleshooter (file WindowsUpdate.diagcab downloaded from MS web site) which did not report any issues.

3.  Installed and run KB947821 (System Update Readiness Tool) which found no errors.

4.  Run SFC/scannow , which found no errors.

 

I would like to receive your help in understanding why is the KB4088881 update offered as an optional update only on some of the machines and not on others.

I read the MS support page for KB4088881 and checked and found that my Antivirus
software (ESET NOD32) does have the required Registry entry in place,
which is a condition for this update.

Also, I would like to better understand what is the exact process used by Windows7 to decide which NEW updates to offer as Optional Updates.
Namely, is Windows Update checking the updates that are effectively installed on the machine or, instead, it checks a list contained in some database file
(like for example DataStore.edb, the one for which the many warnings appear in WindowsUpdate.log) ?

I usually do not intend to install any Optional Updates, but, however,
I would like to know whether there exists any procedure/tool
by which I can check and make sure that Windows Update is working correctly,
that all the files it accesses are not corrupt, and so on,
besides waiting for the next Patch Tuesday to see what happens.

Thanks a lot in advance for your help & Best Regards,
Iudith Mentzel

Reply | Quote

Replies

I recommend to turn on verbose settings for Windows Update by using the program at https://support.microsoft.com/en-sg/help/2545723/how-to-enable-microsoft-installer-logging-and-verbose-logging-to-gathe. Then do a check for Windows updates. Then search windowsupdate.log for 969e37f4-7022-4146-8bfb-0dbc76d75bc4, which is the update ID for KB4088881 for Windows 7 for x64-based Systems. Feel free to post the relevant lines here if you wish. Don’t forget to turn verbose settings off when you are done.

Reply | Quote

Hello Brian, All,

Thank you lots of times for your answer and I wish you a Very Happy Easter

I enabled the verbose settings as instructed, and it created a huge WindowsUpdate.log file.

Searching for the update ID you indicated, the entire file contains only the following 2 lines

…………
2018-03-31 18:48:59:048 536 fc4 Agent update {969E37F4-7022-4146-8BFB-0DBC76D75BC4}.201 is NOT a generic match
…………
2018-03-31 18:49:01:102 536 fc4 Agent update {969E37F4-7022-4146-8BFB-0DBC76D75BC4}.201 is NOT a generic match
…………

There are lots of similar lines for other ID-s as well.

First, I wonder how could you deduce the Update ID from the KB number.

As far as I was able to see, on the Microsoft Update catalog page for KB4088881 the Update ID does NOT appear.

Second, in the last 24 hours there was another security update released, KB4100480.

Just like KB4088881, my AMD machine also did not received this new update, while the two Intel machines did receive it.

Could it be that these updates are “reserved” for Intel machines only ?

The update catalog page for KB4088881 does show AMD on the details page.

In addition to the above search, I also looked for FATAL errors reported, and I found the ones below.

All these sections report the same error: 0x80070645
They appear in the log file BEFORE the list of the entries similar to the two ones above.
I don’t understand what is the meaning of these errors.

They only appear in the verbose WindowsUpdate.log, but not in the regular one.

https://pastebin.com/2yvcCLpX
……………………………………………………………………………………….

Any further enlightenment about what can I do further will be very highly appreciated

Thank you lots of times and, once again,

HAPPY EASTER

Best Regards,
Iudith Mentzel

Reply | Quote

You’re welcome, and I wish you the same :).

On the AMD computer, I recommend to check for the presence of the QualityCompat registry item.

To find the update ID for a given update, go to the Catalog, search for the given update (such as 4088881 in your case), then click on an update link, then look in the URL for the update ID.

Reply | Quote

Hello Brian,

Thanks a lot for the info regarding the UpdateID
Yes, I checked the registry and the following entry is present, exactly as documented in the requirements for MS4088881

Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat”
Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”
Type=”REG_DWORD”
Data=”0x00000000”

The MS Update catalog for KB4088881 specifically states “Architecture: AMD64 , X86”.
I try to understand the meaning of the message that I got (twice) in the verbose WindowsUpdate.log
for this update:

2018-03-31 18:48:59:048 536 fc4 Agent update.201 is NOT a generic match

Now I applied the same trick for the next update, KB4100480,
which has Update Id “b7533d34-0678-403f-bfdf-576c780a935d”
This one has “Architecture: AMD64”.
For this one there exist two different messages in the WindowsUpdate.log:
…………………………..
2018-03-31 18:48:53:090 536 fc4 EEHndlr EvaluateApplicability: cache hit for 874632D8-8CB0-4E17-B438-D411EE40B13C.

2018-03-31 18:48:53:090 536 fc4 EEHndlr CBS applicability for 874632D8-8CB0-4E17-B438-D411EE40B13C: ApplicableState=0x0, InstallState=0x0.

2018-03-31 18:48:53:090 536 fc4 Handler CUHHandlerBase::Release: refcount is 1

2018-03-31 18:48:53:090 536 fc4 Perf, UpdateRule(IsPresent), time, 0, {874632D8-8CB0-4E17-B438-D411EE40B13C}.204, handler, none, result, 2

2018-03-31 18:48:53:090 536 fc4 Agent Final detection state for update 26415620 (updateId = {874632D8-8CB0-4E17-B438-D411EE40B13C}.204) is “NotApplicable”

2018-03-31 18:48:53:090 536 fc4 Perf, DetectForUpdate, time, 94, {874632D8-8CB0-4E17-B438-D411EE40B13C}.204, handler, CBS, result, “NotApplicable”
……
2018-03-31 18:48:53:090 536 fc4 Agent Final detection state for update 26415621 (updateId = {B7533D34-0678-403F-BFDF-576C780A935D}.204) is “NotApplicable”
……
2018-03-31 18:48:58:984 536 fc4 Agent update {B7533D34-0678-403F-BFDF-576C780A935D}.204 is NOT a generic match

The last message also appears twice (just as for KB4088881), but the first message is new here !
This shows that the Windows AU Agent DID find both these updates, but its “internal logic” decided that they are “not applicable” to my machine !
This is weird, because for both of them the “Architecture” does specifically include AMD64.

The second one KB4100480 was installed successfully on both my Intel machines, and the MS knowledge base article explains that this update is mandatory for ALL the machines that have installed the (flawed) Monthly updates of 2018-January thru March,
as ALL my machines in fact did.
To tell you the truth, I am much less troubled by some theoretical attack that might exploit this security problem, but I am very troubled by the mess that was caused on my machine by the 2018-March update (KB4088875),  which was especially flawed for AMD machines and which caused my machine to get stuck on reboot.
I am afraid that something was corrupted in the entire Windows Update mechanism,
which might not work any more !
Now, after a lot of reading about all this issue, I am pretty sure that the Disk Cleanup that I had used on the AMD machine prior to this update was only a coincidence,
and in fact, the real problem was caused by the flawed KB4088875 update itself.
The strange is that many people seem to have encountered BSOD with AMD machines when applying the 2018-Jan update (KB4056894), while I only encountered it with the 2018-March update (KB4088875).

Thanks a lot for your further insight and help

Best Regards,
Iudith Mentzel

Reply | Quote

You’re welcome :).

If you want to check further for corruption in the Windows servicing system, I recommend that you post at https://www.sysnative.com/forums/windows-update/.

1 user thanked author for this post.

satrow

Reply | Quote

You could also try doing what’s mentioned at https://www.askwoody.com/forums/topic/2000009-getting-out-of-a-no-boot-situation-after-installing-windows-updates/ even though your computer is not in a no-boot situation. I recommend to make a full backup or at least a restore point first though before proceeeding.

Reply | Quote

Hello Mr.Brian,

Thanks a lot for this info.

Regarding restore points: I remember having read somewhere that these are not reliable, and in most cases they do not help exactly when you need them most.

My system only keeps the last 2 restore points, but I still remember that once in the past, on a machine that had many restore points available ( I think it was Windows XP ), none of them could be used successfully.

I was preparing to start doing a full backup anyway, but in the meantime I used to only backup my document/data files, because I was only accustomed to situations of complete hardware crash, when a full backup would not help anyway, as it is only compatible with the same hardware where it was initially taken.

Please correct me if I am wrong.

Regarding the link to “getting-out-of-a-no-boot-situation”, did you mean using the DISM command ?

Thanks a lot & Best Regards,
Iudith Mentzel

Reply | Quote

Full backups are very helpful when there is a software issue, and you want to revert the system back to the prior state when it was working better. Unfortunately though, any documents or any other data on the affected partition(s) are also reverted to their prior state.

“Regarding the link to “getting-out-of-a-no-boot-situation”, did you mean using the DISM command ?”

Yes. I believe that particular DISM command is not too likely to be dangerous, but it’s better to be safe than sorry :).

Reply | Quote

Hello MrBrian,

In the meantime, I am also trying to post to the forum you indicated:
https://www.sysnative.com/forums/windows-update/.

One of their detailed preparation documents
https://www.sysnative.com/forums/windows-update/4736-windows-update-forum-posting-instructions.html

indicate DISM to be used on Win 8 and higher, while for Win 7 the equivalent is
the Windows Update Readiness tool:
https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness

which I have already tried and found no errors.

I know that backups are a good thing … though I still could not decide what is the best backup tool to be adopted (for me).
As I have read, here the MS tool is also not the best one …

I also remember that Windows is supposed to have an option “to restore to the last known
good configuration” … I really don’t understand why Windows does not do this automatically when it encounters a problem during a reboot, as it happened with
the last flawed KB4088875  ….

In my opinion, it is a MUST that Windows automatically uninstall any update that it could not install successfully (including the automatic reboot).
The fact that MS does not invest in solving this problem for the world-wide community
is a bigger crime in my opinion than not supplying patches for all these last hardware
security problems that they tried to patch immediately and without thorough checking …

The mere fact is that they destroyed many AMD machines, which from the start were not vulnerable to all those security issues and did not have any need to apply those patches,
be them flawed or not …
As far as I understand, the last sentence about all those complaints from a huge numbers
of users is that that specific security problem could ultimately be corrected only by a hardware patch, and not by software patches, as MS was trying to do during the last several months.

Making a full backup and storing it is not the problem … but I still need some way to go
for being confident to apply a Restore in case of a real problem … since I have no training for such operations …

The best that I could do by now is to backup all my documents,
and, also, never store documents on the system partition.

Is there any easy to use backup tool that you could recommend ?

I know that Macrium Reflect was among the recommended once (but it seems that its free version is not available any more), while EaseUS Todo used to have some pros and cons.

Thank you so much again,
Iudith Mentzel

 

 

Reply | Quote

You’re welcome :).

I use Macrium Reflect free version for full backups; it’s worked well for me. I didn’t know it’s not available for free anymore. I wish I knew the answer to your other questions about Microsoft!

Reply | Quote

Macrium Reflect 7 Free Edition

Reply | Quote

Hello Mr.Brian

Thanks a lot, now I found it here: https://www.macrium.com/reflectfree

If already at this point, maybe you can enlighten my knowledge a little bit:

Once I remember that I installed Acronis (for the 30 days test), still on an old XP machine,

and it was all nice, but what I didn’t like about it was that it installed a lot of services that were all supposed to run on startup. I don’t exactly like this behavior, and at that time, my overall OS knowledge was much “less extended” than it is today …

( Fortunately, in those times, there were much less Microsoft bugs around, that force you to learn “at the wrong moment” !!!
Yes, that’s true !!! )

So, in principle, I would like a backup software that only runs all its components (including services) on demand, or, at least allow to easily customize this behavior, without “breaking the functionality”.

High chances are that I will create a full backup image only once, because I really refrain from performing any drastic changes on my machine, except for installation of a few “small” nice programs here and there, well known and already well experienced,
and they never broke anything on any of my machines.

In rest, I will probably continue with my periodic document only backup.

Back to Microsoft …
I really wonder how come that a company can be so “widespread” for such a long time, and still having so many bugs, even in products that already work for so many years …

Yes, the OS is a complicated animal, or at least it looks like that to us, “the mere mortals” …

But exactly because this, they should apply working standards by which nothing is ever released to the user community without topmost thorough checking and certification, even if reacting to a specific security thread (like the recent one) might take many months !

They should check each and every OS change, however minor, on any hardware that is certified for their OS or other software.

I think that the whole world has become a little too paranoid regarding all the security issues …

The bottom line with security issues, as underlined by ALL the professional security instructors with each occasion is that, ultimately, all the security problems arise only when the user performs specific actions without being careful enough.
It is not at all that simple as “somebody just breaks into my machine whenever he wants and steals my data” !

These days people are afraid even of having their Facebook data leaking out …
though, it is entirely up to them what info do they share at all !

Fact is that many companies are making a lot of money out of these security issues and other ones (Microsoft included) also want money …

I worked many years on Mainframe computers (Digital VMS) and when I first started to use Windows I could not understand at all how is it possible that different programs (sometimes from different vendors) are able to “overwrite” each other’s memory stacks ….

Why isn’t the OS itself, including ALL its files, protected in such a way that no other program, ever, except for Microsoft’s own programs could be able to touch those files
in any way ?

I honestly believe that the Windows users world-wide community is “far too permissive” with all what Microsoft is doing  and with the way that they do it !

For example, I see no reason in the world for any user to be forced to upgrade his OS, MSOffice, or anything else to a later version that the one he prefers to use, regardless of all these “security threats” that Microsoft always threatens with them …

Also, in the recent case of many machines failing after installing the last updates, Microsoft should have had to gather its top level specialists and have them elaborate clear and detailed explanations of what happened and what is the correct and secure way to correct the problems, without having to fear forever that some time in the future additional hidden issues might still pop up following these failures and all kinds of partial recoveries from them.

But Microsoft knows that whatever they do to us, we will continue to use Windows, because this is the OS we are accustomed to use for so many years …

The wide community, especially the common users who are not computer-professionals, will probably not switch to another OS, like Linux or MAC … though they are described as having much, much less problems …

While still seeking for some detailed explanation,
I can only hope that everything will be ok !

Thanks a lot for all the info and all the enlightenment

Best Regards,
Iudith Mentzel

 

Reply | Quote

You’re welcome :).

I checked for services starting with “Macrium”. There is one: Macrium Reflect Image Mounting Service. I am using a years-old version of Macrium Reflect though.

Reply | Quote