Replies

This sort of a tangent, Born recently reported here that:

397.31 seems to cause serious issues on some Geforce GTX 1060 graphics cards. The driver does not install on some systems, and fails with error 43.

TonyC wrote:

Well, as I have mentioned before in this thread, I installed KB4099950 and then rebooted before I installed KB4088878 (the March 2018 security only update). Afterwards, PCIClearStaleCache.txt reports that pci.sys was at 6.1.7601.17514 but, looking at the properties of pci.sys, it is now at 6.1.7601.24056. So, it appears that, even though I rebooted after installing KB4099950, KB4088878 still successfully updated pci.sys. Can you account for that? (I still haven’t installed any of the April 2018 updates.)

If you install KB4088878, there will be an updated version of pci.sys on your system (6.1.7601.24056) regardless of whether you did or did not install 4099950.

Now, I imagine your question is, did rebooting after installing 4099950 mess things up?

I haven’t read anything definitive that says you “must not reboot” before installing 4088878. What abbodi said a few days ago was this:

abbodi86 wrote:

There is no need to reboot after installing kb4099950 as matter of fact, it’s better to install kb4099950 then March security-only, then reboot

Elly wrote:

KB 4099467 fixes Stop error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session. The bug was introduced by KB 4088878. The fix was included in KB4093108, so KB 4099467 doesn’t have to be installed independently any more.”

Sorry, I’ve got one more pesky question vexing me. I was unable to verify that the Apr Security Only (4093108) and Apr Rollup (4093118) contains the fix for 0xAB Stop error. I checked the MS bulletin for KB 4093108 and noted that it doesn’t mention fixing this issue. However, it does mention fixing a different stop error that was introduced in Mar: involves 32-bit machines with PAE mode disabled.

But according to the bulletins for Mar Security Only (4088878)  and Mar Rollup (4088875) that’s a separate issue — 3rd listing in Known issues table notes that the PAE stop error is fixed by 4093108 / 4093118, respectively. And the Stop 0xAB is the last issue in the table says KB 4099467 remains as its resolution.

I recognize this is a bit nit-picky and probably academic… especially since I recall one of our Ask Woody MVPs posting that he was never troubled by the 0xAB stop error; so he never bothered with installing KB 4099467.

However, I’ve been trying to document the ins — and many outs — of Windows 7 updates since even before the GWX debacle began. And I’m sometimes asked to fix the machines of friends and family… I want to get it right the 1st time. Thanks for all your help Elly.

@ Elly and MrBrian

Thank you so much for clearing up the last pesky Group B matters that were perplexing me. It’s greatly appreciated.

2 users thanked author for this post.

MrBrian, Elly

anonymous wrote:

Two questions, though: 1. Why does Microsoft keep pushing KB2952664 at us?

2952664 contains the primary telemetry machinery for Win7: the DiagTrack service. They periodically update it — we get an updated version of it.

1 user thanked author for this post.

Elly

Elly wrote:

IMPORTANT: If you have an AMD processor, DO NOT reboot immediately once the installation finishes: install KB4073578 first, then Reboot. 

This sounds logical to me, but I’m a bit confused by posts from abbodi86 (here) and from PKCAno (here) that they say that the “bricked AMD fix” (KB4073578) should be installed first — no reboot — followed by the Jan security only update (KB4056897)

Color me confused… can you help me out here? (I do have an AMD machine)

Note: abbodi86’s post was in response to a poster with a Windows 8.1 machine

Elly wrote:

Microsoft cites two issues with the April Monthly Rollup, and the April Security Rollup, affecting both Groups A and B: ….”

But what about the outstanding issue from Feb for Group B? Namely the SCARD_E error affecting systems with Smart card readers.  As PKCano pointed out here, “the  hotfix for it (KB4091290) is a Rollup. As a Group B patcher, you probably don’t want to install it.”

It seems to me that you can’t stay in Group B if you need Smart card readers to continue to work. Any word further information about this?

Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

anonymous wrote:

windows 7 64 bit group b, do i have to install any patches prior to april updates? on susan’s advice i did rollback to december, uninstalled three windows updates: kb4074587 (february), kb4073578 (january), kb4056897 (january) …. 

I’m in the Group B no 2018 club as well. I don’t believe we “have to” install the April updates yet… there are still some issues. And I’m considering holding off a bit longer.

Nonetheless, the list of pending updates (not to mention their install order) is getting a bit long. Here’s what I’ve compiled according to what’s been posted here on AskWoody this year:

2018 Win7 Group B – Manual Install List (all downloaded from Catalog):

0. Create a system image* and then ensure the Set AV Compat reg key is properly set. Hide the all Previews and Security Monthlies for 2018: so all the proper updates show up in Windows Update (per MrBrian’s research.)

(You’ll have to do this first for the ones for April; then ‘check for updates.’ Repeat… )

1. KB4073578 – fix for AMD machines only

2. KB4056897 – Jan “Security Only” (S-O)

3. KB4074587 – Feb S-O

__ a. Note Well: bug now introduced for machines with SD readers.
__     Fix for Group A only is: KB4091290
__     (it’s a Rollup (post);  “Security-Only” fix unknown)

4. KB4099950 – newest pci.sys; prevents NIC issues (Sometimes it really pays to wait)

5. KB4088878 – Mar S-O

__ a. OPTIONAL (see this post): Do Not Reboot

__ b. KB4099467 – hot fix for “Session Has Valid Pool On Exit” BSOD

__ c. Reboot

6. KB4100480 – Total Meltdown fix

7. KB4093108 – Apr S-O

8. KB4092946 – Apr cumulative IE11

9. After another reboot, proceed with installing (or hiding, such as KB2952664) updates that are now showing up in Windows Update.

*I always create a system image before (and after) I install Windows updates; just a good idea.

MrBrian wrote:

Today’s changes for KB4099950 probably involve changing its metadata to fix the issue of KB4099950 not working properly when installed via Windows Update (mentioned here by abbodi86) …. The catalog versions of KB4099950 were probably unchanged.

I just downloaded the 32 & 64 bit editions from the Catalog and compared against the SHA-1 hashes for the ones I downloaded on April 6th: they are identical

MrBrian wrote:

@ch100: Ok, but I believe that the vast majority of Windows 7 users would be considered unsupported according to your criteria because – correct me if I am mistaken – Windows 7 users that use default Windows Update settings (such as Windows automatic updates on) don’t have Optional updates installed.

I suspect that M$ considers any Win7 user who does not allow themselves to be led by the nose through the Windows Updates ‘chutes’ to be “unsupported.” For the last two years M$ has been moving directly towards eliminating choice and increasing demanding uniformity that suits their corporate purposes.  There’s only 1 reason we even have “Security-Only” updates: “the only ‘people’ that count” — Enterprise customers — would revolt. <rant = off>

2 users thanked author for this post.

HiFlyer, Cybertooth

anonymous wrote:

April Security Only Windows 7 64 bit patches probably cleans up some of the mess from the Meltdown Spectre patches. Some fixes and kernel reliability improvements sounds like it will be worth installing when Woody gives the green light. Maybe next month I might consider Group W. How to get off this update treadmill and still feel secure. Damned if I do yet damned if I don’t.

AN answer — if you’re really up to it — is to do some serious hardening of your Win 7 system and employ a multi-layered defense. Best place for advice and expertise I’m aware of  –other sources appreciated– it is at MalwareTips forums; this post will get you started.

Although Application Whitelisting & a Software Restriction Policy are at the top of the list, there’s one thing even more important: developing a regular routine of system imaging and data backup. I always image my system before & after I install Win Updates… or any program that hooks deeply into the OS.

5 users thanked author for this post.

SueW, Elly, Demeter, Noel Carboni, Cybertooth

Intel and their stockholders must be ecstatic

 

LH wrote:

OK, silly question – how do you install both patches without a reboot in between? …. However, whenever I try to install the second patch after successfully completing the first (with a “restart required” message), I get another message saying something to the effect that “only one wusa process is allowed at a time”

Try installing the patches manually. When I do that, first I disable the network (unplug the ethernet cable) and then stop the Windows Update service (via services.msc) After the 1st patch is installed, I opt out of a reboot and then again stop the Windows Update service (otherwise it can take awhile before I’m asked if I want to install patch blah-blah-blah)

Works for me; Win 7 x 64 “Group B”

 

 

…. I’m Group B but I absolutely dread the day I might have to do a clean install on my 7 desktop or 8.1 laptop. As for 7, thank goodness for Simplix I guess…

I use the Simplix patch myself with doing clean installs of Win7. What an incredible it makes… only a dozen or so patches to install after 1st boot instead of well over 200. But it’s far to geeky for most users.

2 users thanked author for this post.

HiFlyer, SueW

Intriguing… the question that leaps immediately to mind is why would someone want to sow havoc on companies that do business in the Ukraine?