Yes, I’m recommending that you get updated

Topic

New Reply

Lots has happened in the past couple of weeks. In case you missed it, we’re at MS-DEFCON 3 for a reason: If you’re careful, now’s a very good time to
[See the full post at: Yes, I’m recommending that you get updated]

Reply | Quote

Replies

Hi Woody

It’s not directly related, but it’s relevant. For some reason W10 installs a stand alone version of Flash Player – see ‘System & Security’ – at the bottom. It doesn’t appear under the Install/Uninstall list. IE11, Edge & Google have it baked in, so I wanted to delete the stand alone version. It was a pain, but I followed this :

https://eksith.wordpress.com/2015/08/06/how-to-remove-flash-from-windows-10/

And I’m free with no ill effects.

Regards,

Lee

Reply | Quote

Lee, I think the procedure is complex for most people with little benefit, as Microsoft will likely reinstall the missing bits at the next round of updates. Wouldn’t be a better option to DISABLE Flash Player in IE and Edge if this is desired? This has the advantage of being fully supported and not breaking the system. Also by only disabling Flash, if Flash is needed in the future, it can be easily re-enabled.

Reply | Quote

@Woody,

So we have a green light on KB 3139398 and KB 3139852?

Reply | Quote

Any word on the 2 updates (KB3139398 & KB3139852) that Susan Bradley recommended holding off on? There are a couple of worrying replies in the defcon post regarding those 2 seemingly activating that elusive Win 10 upgrade ad.

Reply | Quote

Except for KB3139398 and KB3139852, correct? Those were the ones you said not to install.

Thanks.

Reply | Quote

All true, Woody. There was a modicum of satisfaction that I could at least get rid of something I didn’t want. A rare experience with Win10.

Your grateful follower and disciple.

Reply | Quote

Yes, that’s correct.

Reply | Quote

I don’t think they activate anything, but they aren’t important enough to risk installing.

Reply | Quote

No, sorry, should’ve made it more clear. I do not recommend that you install KB 3139398 and KB 3139852 at this time. I haven’t heard anything bad about them, but there’s no pressing reason to install them.

Reply | Quote

Woody
On 3/16/16 you said we should hold off on running updates KB3139398 and KB3139852.
Does this mean we should now run these updates?
Thanks
Sam

Reply | Quote

Oops! I installed these yesterday. So far, no problems.

Reply | Quote

@All….

Could someone explain why my W7 SP1 x64 machine shows 3 different security updates for .NET?

I’m currently showing 2 March updates for .NET 3.5.1 and one March .NET update for 4.5.2….

I’ve never understood the .NET updates, so, basically I’m asking if all 3 of these updates need to be installed or should I (we) be installing the security update for only the most recent .NET release (the 4.5.2 version)?

And why, if there’s a version 4.5.2 should there even be a version 3.5.1 on a machine?

Hopefully someone can explain this in layman’s terms for us laymen. Thanks in advance.

Reply | Quote

Howdy Woody,

Read your most recent post this evening regarding update. So far I have run 8.1 successfully in a home built system for almost 2 years.

Checking Windows Update lists 3 important updates:
1) Windows Defender update (Done)
2) KB 3139398
3) KB 3139852

It also lists an Optional 40 updates, which includes KB 31303709 & KB 3115224, which in previous posts you suggested to hold off on.

Looking forward to your clarification when you have time.

Thanks for all the years of good advice.

Reply | Quote

I installed KB3139852 on a Win 7 Ultimate x64 test system last week to see if it helped with the long waits for updates and as I had anticipated it made no difference at all.

On the bright side though (if there is one) the GWX Control Panel still shows “You appear to be safe” after installing it. This being a “testing” system I use IE regularly & daily and I haven’t seen anything out of the ordinary… yet.

Reply | Quote

Because of the slow downloading and installing of updates, by mistake, I installed KB3139398 two days ago. I have not had any ramifications (that I can tell) by doing so.

I’m at the stage now of selecting 1 update and letting it do it’s thing for hours and hours while I do other things! I still read the information about each update but obviously I was not concentrating enough on this one. If it were to stuff something up it should of happened by now (?), I’m hoping so anyway

Reply | Quote

it’s gotten to the point that I don’t know why some systems show some patches as Optional, and others as Important. Usually it’s pretty straightforward, but I’ve seen many recent reports where things got cross-filed.

For now, I’ll stick with checking “Security” updates and unchecking everything else. I also suggest that you not install KB 3139398 and KB 3139852

Reply | Quote

In laymen’s terms – many people have more than one version of .NET installed. That’s one of the great design faults of .NET – some programs are only compatible with older versions of .NET. Unfortunately, Windows isn’t real good about keeping track of which versions of .NET you need, so you kind of get everything whether you need it or not.

Short answer: If the security update is checked (they invariably are), go ahead and install them.

Reply | Quote

Nope, hold off.

If you installed them, it really isn’t a problem. I haven’t heard any screams of pain about them. It’s just that, historically, that kind of patch has caused problems – and they don’t plug security holes that are being actively exploited.

Reply | Quote

.NET Framework 4.5.2 is a current major upgrade for .NET Framework 4 (think Service Pack)
.NET Framework 3.5.1 is a current major upgrade and including .NET Framework 2.0 (again think Service Pack)
Only one of the versions 2/3.5/3.5.1 and only one of the versions 4/4.5/4.5.1/4.5.2/4.6/4.6.1 can coexist as the 2 and 4 versions are completely independent.
The ideal combination is as it installed on your machine 3.5.1 & 4.5.2 so what you see in Windows Update is perfectly normal.
You may see in WU that .NET Framework 4.6.1 is offered as Recommended Update as replacement for 4.5.2 (this is not so obvious from the description) which is very likely that it is not required for now.

Reply | Quote

@louis

Some apps require the older versions of .NET.
They are usually older apps that haven’t been updated. If you remove the older version of .NET, the app will stop working. If you don’t update the old version of .NET, then you have a possible security problem.

Reply | Quote

Woody
Thanks for the clarification.
Sam

Reply | Quote

I have NOT downloaded =>> Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3139929)
Nor have I installed any of the optional updates like NET Framework 4.6.1 for Windows 7 for x64 (KB3102433)
or any other optional ones..I hope I am on the right path?
thank you!!

Reply | Quote

Yeah, I might’ve jumped the gun a bit there which is kind of easy to do with Microsoft these days. Apologies for scaring anyone. Though I’d love to know how that user in your defcon post managed to activate the IE ad.

Reply | Quote

I still haven’t seen the IE ad. The search continues, but I think Microsoft has shied off, after the hue and cry.

Reply | Quote

The big trick is to check all of the security updates (with the two noted exceptions), and uncheck all the others.

Reply | Quote

Wody, I have a Prosurface3 running 8.1 and have yet to install the last firmware update from 1/19/2016. Is it OK to do so now or should I continue to wait

Reply | Quote

Definitely install the firmware update.

Reply | Quote

@Woody, @ch100, @Allan

Thanks for the explanations.

Reply | Quote

Running W7 Home Premium SP1.
Uninstalled Silverlight a few days ago and have received 2 optional updates for it since then! Weird…
(3126036 optional – MS16-006: Security update for Silverlight to address remote code execution
3106614 optional – MS15-129: Security update for Silverlight to address remote code execution)

Reply | Quote

Woody,

I have not seen mention of this Win 10 update on this forum.

My daughter’s computer has Windows 10, there was a new patch released later in March, around the 24th. It is KB3140741.

She said she hid it, but it installed anyway–it was in her pending list when she hid it. She said it showed as hidden, and I can now verify it is hidden. She said her system was “not right” after, so she did a system restore and then installed the main one, KB3140768.

There are some reports that KB3140741 caused issues on other people’s windows 10 computers.

We are wondering what you and others here think about this KB, and if she should try installing it again?

Thank you from her, and all of us who depend on you.

Reply | Quote

KB3035583

is Get Windows 10 App, Don’t bother getting it, most likely a pesterware from MS to get W10

Reply | Quote

KB2952664 is for those wanting to upgrade to W10, I don’t think its really needed unless You intend on moving to 10

Reply | Quote

https://support.microsoft.com/en-us/kb/3139398
https://support.microsoft.com/en-us/kb/3139852
https://technet.microsoft.com/library/security/MS16-033
https://technet.microsoft.com/library/security/MS16-034

Info from those is not very in depth for the 2 initially not recommended.

My only grief is how slow WUD is at checking for updates in 7. I don’t allow WUD to check for updates or download them, never have never will, I don’t like my connection phoning home.

Reply | Quote

If it caused problems on her machine, don’t install it! Keep blocking it however you’re blocking it.

I fully expect we’ll see a new, improved patch in the next couple of weeks.

Reply | Quote

I recently restored my system using Symantec System Recovery using a clean install backup without any Windows Updates.

Now I’m back at the point where all updates are available. When I installed a couple from 2012 and 2014 (none for 2015 or 2016), I keep getting Bad_Pool_Caller errors that reboot in the middle of anything I’m doing.

I understand this is a year’s old problem so my assumption is it must be connected to one of those old Windows Updates. Is there a list of updates I should avoid especially for 2015 and 2016.

I read an articles that updates after a certain date last year should be avoided. I wrote down some of them, but don’t know what to do with the later updates. I’ve been ignoring updates after May 2015 since I think the article said anything after that date is Windows 10 related.

Reply | Quote

I’ve recently re-built two Win7 machines from scratch, didn’t have any of the problems you mention – although each reconstruction took well over a day.

Reply | Quote

I’m unaware of any updates in 2015 messing up Windows other than 1 that affected IE10/11 to the point you couldn’t change the default search bar from BING to Google etc, It is here as far as I know, http://www.infoworld.com/article/2911704/microsoft-windows/ie-11-patch-kb-3038314-blocks-adding-search-providers-install-may-fail-with-error-80092004.html perhaps Woody remembers it all too well. I had to downgrade to IE10 to fix the issue then go back to IE11 as I dont use IE anyway, I use Waterfox and Firefox 32Bit.

When I found a user guide by Woody for Win 7(great reference for power users even). I stumbled upon MSDEFCON and askwoody.com, I have been more wary of updates wrecking the OS.
The only annoyance ones I have found so far is KB3035583 and KB2952664, other than the 1 in the link, however I haven’t installed the Kernel Update or the USB update either. I know Windows does a system restore point automatically, I would suggest creating 1 manually for certain KB updates that way you can recall if the ones that are risky to install you can do a backpedal if they in fact bug the OS.

Reply | Quote

That is difficult to believe considering MS’ actions in the face of outcry. More likely they simply wait for the right time.

Anyway, is it only an ad on a new tab and easily clicked x off? Or even simply disabling it in the addons as I have seen it suggested in the defcon 3 thread.

No chance for it to implant an ad on my computer, correct? It does not change the svchost (network) to download the win 10 (refering to Big Downloading Thread)? if so then I will install it soon.

I apologize for my questions as I am feeling paranoid. Thank you for your advices and help

Reply | Quote

No need to feel paranoid.

To date, I still haven’t seen one of the IE 11 ads. It looks like Microsoft built all the hooks into the security update then, in the face of the outcry, didn’t go ahead with the plan.

Perhaps there were other motivations – we’ll never know. But there’s no reason to worry about it, and no reason to delay the IE 11 security patch.

Reply | Quote

Woody,

Black Tuesday is approaching. Have any of your followers commented on, or been offered
KB3140741?

It is a servicing stack update for Windows 10 version 1511. I mentioned earlier in comments and the problems my daughter was having with it. You indicated she should hold off installing it. Have you any news on this?

Should she try it again, or wait another week for Black Tuesday?

Your input is greatly appreciated!

Reply | Quote

Hi Woody,
I realize this is from March update list but one of the Optionals I received in March was KB3138901 regarding Access to Internet RDS server and Internet Explorer. Do I need this update in order to use help services that remote in to my computer such as Symantec or Geek Squad? Is it replaced in April with KB3134179 which I have pending in Optionals. I sometimes rely on remote desktop services from trusted sources. Do I need these for remote help? I use Chrome as my browser.

Reply | Quote

RDS should continue to work fine. No need to install it.

Reply | Quote