-
I wanted to wait until DEFCON 3 (or higher) before I used MrBrian’s new instructions to update my Group B computer. I’m pleased to report that all went well! I am one of the many who did not hide any updates in the past, other than Windows 10-related updates. So I wanted to make sure my computer was totally update-to-date prior to installing October’s updates. Before I started, I decided to “unhide” any hidden updates. To my surprise, there were none, even though I had hidden many over the past couple of years (and have the list).
Not 100% sure of using the Windows Update MiniTool (yet), I decided to go through the process of “checking for updates & then hiding unwanted updates” and did so repeatedly 11 times, including the initial check. Each of the subsequent 10 checks took 1 minute each (and hiding took even less time), making the entire process very manageable and not time-consuming.
As a result, I installed the following 5 Important updates and then rebooted:
– Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition
– Security Update for Microsoft Office 2010 (KB2837599) 32-Bit Edition
– Security Update for Microsoft Outlook 2010 (KB4011196) 32-Bit Edition
– Security Update for Microsoft Word 2010 (KB3213630) 32-Bit Edition
– Windows Malicious Software Removal Tool x64 – October 2017 (KB890830)After checking for updates again, I installed the following 1 Important update (no need to reboot):
– Update for Windows 7 for x64-based Systems (KB3177467) from 10/11/16
[Note: Servicing stack update for Windows 7 SP1 SP1]Interestingly, this is the same “missing” update that both Elly and fl also found after going through this process.
Afterwards, I compiled a list of all Hidden updates (1 Office 2010 and 47 Windows 7), and then unhid the following:
Optional:
– 2017-10 Security and Quality Rollup for .NET Framework 4.6.1, 4.6.2, 4.7 on Windows 7 (KB4043766)
– Microsoft .NET Framework 4.7 for Windows 7 for x64 (KB3186497)Note: I get Recommended Updates as Optional Updates
I bet next month’s process will be quicker, now that all past Previews and Windows Rollups are now hidden . . .
Group B — and the beat [still] goes on
“Thank you” once again to MrBrian, Woody, PKCano, and everyone else who contributes their time and expertise to AskWoody!
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie' -
I’m really glad you did some testing with WUMT, MrBrian, as I’ve been reluctant to try it. And thank you to @ fl for his/her feedback on using this tool. I have a Home version of Windows 7 and also have “Never check for Updates” selected in MS’ Windows Update.
‘Group Policy’ is irrelevant in Home versions and, as I understand it, that’s what the options within the “Automatic Updates” drop-down menu in WUMT modify. I was concerned that the ‘Automatically’ option in WUMT might change my intended setting in MS’ Windows Update.
I did not see a ‘Never’ option in WUMT that fl referenced, only these options:
Automatically
Disabled
Notification mode
Download only
Scheduled
Managed by AdministratorMany thanks for clearing this up!
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'1 user thanked author for this post.
-
I’m not sure there’s anything you can check regarding potential .net issues. I can only tell you that I have not encountered any issues after I installed KB4041083 a month ago.
Good question — do you really want to know
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'1 user thanked author for this post.
-
-
Thanks for your list! The Windows 7 Important (all checked by default): the Office updates are from both September (6) and October (4). Since they all appear, I would install all of them.
KB4041083 – I installed this in September without issues.
Kirsty answered your question about MSRT.
KB4043766 – since it’s unchecked, I would leave it unchecked.
Optional: updates: As for the language packs, you might want to hide them so that they don’t appear each time you check Windows Update. Same with snooping patch KB2952664!
I can’t speak to 8.1 . . .
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'1 user thanked author for this post.
-
-
-
Give yourself more credit
If your computer has been running okay, then you’ve been updating it correctly.No, you do not have to wait days in between installing patches. I just suggested that in order to make sure your computer is running okay.
You do need to do all the reboots for each month’s patches before moving on to installing the next month’s patches. So yes, you have to reboot after first installing September’s [unbotched] patches. After the [final] reboot, you can then install October’s patches and reboot when asked. Always reboot your computer when asked to do so.
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie' -
-
Option 2. You miss out on ALL features, but still have to take ALL security fixes for that month, even if one or two of them has a problem, or they include telemetry or whatever. You can however pick and choose WHICH months to install, as these aren’t cumulative. These have to be downloaded from the MS Catalogue. Not available in WU Client.
:
I presume Group B HAS to go Option 2 now? (Unless you’re ok with getting EVERYTHING up to a certain point, where you’ll then start doing the Security Only Patches). As otherwise you have little control over what you’re getting.
Speaking as a Windows 7 SP1 Home Premium Group B-er from the start: remember that Windows 7 has not had any features for quite a while, so we won’t be missing out on any new features. I am referencing a thread from September 4, 2016, when Woody first detailed the Group A ad Group B strategies [https://askwoody.com/2016/ms-defcon-3-get-windows-patched-gingerly/]: “… For those of you who want all the new features in Win7 and 8.1, but don’t want the snooping… I hate to break it to you, kid, but Microsoft hasn’t given us any new features in years. As best I can tell, all of the patches these days are either security fixes, advertisements for Windows 10 (which should be going away), snoop enablers, or fixes for problems created by one of those. …”
Group B has always been about your Option 2: taking all security fixes (aka “Security Updates”) for that month. By the time Woody gives the go-ahead (DEFCON 3 or higher), the updates (security and otherwise) have been vetted. In the unlikely chance that there is an issue with any, we’re warned in advance and can elect to not install it at that time. And then we continue to follow Group B’s instructions . . . that is, Group B’s new instructions
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'4 users thanked author for this post.
-
Thank you, MrBrian
Although I haven’t hidden any Monthly Rollups, I had hidden all Windows 10-related updates as they presented themselves each month. I’ve also hidden Daylight Savings Time-related updates as well. I’ve kept a list of those hidden.I think I’ll unhide what I’ve hidden to see what remains, and then decide what to re-hide. I’ll also find out more about Windows Update MiniTool: I’m already reading https://askwoody.com/2017/in-praise-of-windows-update-minitool/
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'1 user thanked author for this post.
-
-
-
“I don’t install any of these rollups. Instead I adopt the “Full” Group B approach by installing only the Security Only .Net Updates…”
I also employ the Group B approach. And though “rollup” is a dirty word for us, it has an entirely different meaning in .Net Framework, as explained here:
https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/
Security and Quality Rollup
The Security and Quality Rollup is recommended for consumer and developer machines. It includes both security and quality improvements and is cumulative, meaning that it contains all of the updates from previous rollups. This makes it easy to catch up if you have missed any of the previous updates. The Security and Quality Rollup update will be made available on Windows Update and Windows Update Catalog.Security Only Update
The Security Only Update is recommended for production machines. It contains only the security updates that are new for that month. This enables you to fine-tune the security updates that are applied. If you have installed the Security and Quality Rollup for the month, then you are up to date and do not need to install the Security Only Update. The Security Only Update will be made available on Windows Server Update Services and Microsoft Update Catalog.So although I wasn’t initially sure which mode of .Net Framework to install, I’ve been installing the cumulative ‘Security and Quality Rollup’ mode (I have both 3.5.1 and 4.6.1 on my system). So far, so good . . .
Now, as far as “transforming” .Net 4.6.x to 4.7 under the hood, I’ll also be interested in knowing the answer.
Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'1 user thanked author for this post.
-
Author
