Discussion:
Not getting today's important 64-bit W7 updates in 2018 so far.
(too old to reply)
Ant
2018-03-14 00:20:22 UTC
Permalink
Raw Message
Hello.

I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.

What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.

Thank you in advance. :)
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Paul
2018-03-14 01:37:32 UTC
Permalink
Raw Message
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Don't you need MSE to set a registry setting
to un-gate the 2018 updates (2018-01, 2018-02, or the 2018-03
undoubtedly coming in today). Select language and bitness as necessary.

https://support.microsoft.com/en-us/help/14210/security-essentials-download

*******

I did a test install of Win7 within the last week or two, and
I have an "mseinstall.exe" in my Downloads folder from that.

This is a sampling of things in my Downloads folder, with
no particular merit attached to any of them.

Install the IE11 cluster to improve Windows Update supercedence delay.

03/04/2018 54,932,464 ie11-CUMULATIVEwindows6.1-kb4088835-x64_89760279f8f121f9fc82c5539f255456dd49a57d.msu
03/04/2018 55,915,216 IE11-Windows6.1-x64-en-us.exe
03/04/2018 11,840,839 Windows6.1-KB2670838-x64__platform_update.msu <=== Evil DirectX platform
update for IE11 usage

03/03/2018 15,065,792 mseinstall.exe <=== Needed for 2018-01 cumulative etc...

Convenience Update version 4, covers many updates since SP1, to save time.
This also contains Microsoft "plums", which is why not everybody uses this.

03/02/2018 11:09 PM 500,046,015 windows6.1-convenience-kb3125574-v4-x64_2dafb1d203c8964239af3048b5dd4b1264cd93b9.msu

03/02/2018 9,575,735 windows6.1-kb3020369-x64...msu <=== Servicing stack
03/02/2018 30,678,976 windows6.1-kb3172605-x64...msu <=== windows update patch?

03/03/2018 214,638,649 windows6.1-kb4054518-x64...msu <=== Paul fools around with 2018-01 ???
03/02/2018 1,448,524 windows6.1-kb4054521-x64...msu <=== Security-only version is not enough
Those might not install until
mseinstall is done.

Make a backup before screwing around with that stuff.

Some people have very specific tastes in setups, and I don't
want to mess up anybodies "spyware free" configs :-) Since this
was a throwaway install, just to test 2018-02 brickage, I
didn't particularly care about spyware/telemetry.

Paul
Ant
2018-03-14 02:11:53 UTC
Permalink
Raw Message
Post by Paul
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Don't you need MSE to set a registry setting
to un-gate the 2018 updates (2018-01, 2018-02, or the 2018-03
undoubtedly coming in today). Select language and bitness as necessary.
https://support.microsoft.com/en-us/help/14210/security-essentials-download
Well, my 2 clean 64-bit W7 HPE SP1 VMs also don't have MSE and they got
today's W7 updates.
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Paul
2018-03-14 07:34:49 UTC
Permalink
Raw Message
Post by Ant
Post by Paul
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Don't you need MSE to set a registry setting
to un-gate the 2018 updates (2018-01, 2018-02, or the 2018-03
undoubtedly coming in today). Select language and bitness as necessary.
https://support.microsoft.com/en-us/help/14210/security-essentials-download
Well, my 2 clean 64-bit W7 HPE SP1 VMs also don't have MSE and they got
today's W7 updates.
You should be checking the Windows Update History for any entries
that have "Fail" listed for them, with no "Success" entry later
to cancel out the issue.

Using the working machines, get the KB number of the
cumulative they installed ("2018-03...") and grab a copy
via catalog.update.microsoft.com . And see if you can
double-click the downloaded .msu file and install it.

A .msu should not install if dependencies are not met.
For example, if a necessary Servicing Stack update is
missing, it won't install. I just figured from the observation
that 2018-01 didn't install, that the "QualityCompat" flag
wasn't set. And it's possible the 2018-03 install will "cancel"
that dependency (once it's installed).

https://www.windowscentral.com/windows-10-patch-tuesday-updates-march-now-rolling-out

"In addition to expanding its software fixes, Microsoft says that
it has also removed the antivirus compatibility check for
security updates on Windows 10."

Which means in theory, once 2018-03 is installed in Windows 7,
later updates should stop checking for QualityCompat, and
you would no longer need mseinstall as a bandaid. Like, when
waiting for 2018-04 to install.

Paul
Ant
2018-03-14 22:15:23 UTC
Permalink
Raw Message
Post by Paul
Post by Ant
Post by Paul
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Don't you need MSE to set a registry setting
to un-gate the 2018 updates (2018-01, 2018-02, or the 2018-03
undoubtedly coming in today). Select language and bitness as necessary.
https://support.microsoft.com/en-us/help/14210/security-essentials-download
Well, my 2 clean 64-bit W7 HPE SP1 VMs also don't have MSE and they got
today's W7 updates.
You should be checking the Windows Update History for any entries
that have "Fail" listed for them, with no "Success" entry later
to cancel out the issue.
The failed ones were success later on like in October 2017.
Post by Paul
Using the working machines, get the KB number of the
cumulative they installed ("2018-03...") and grab a copy
via catalog.update.microsoft.com . And see if you can
double-click the downloaded .msu file and install it.
A .msu should not install if dependencies are not met.
For example, if a necessary Servicing Stack update is
missing, it won't install. I just figured from the observation
that 2018-01 didn't install, that the "QualityCompat" flag
wasn't set. And it's possible the 2018-03 install will "cancel"
that dependency (once it's installed).
https://www.windowscentral.com/windows-10-patch-tuesday-updates-march-now-rolling-out
"In addition to expanding its software fixes, Microsoft says that
it has also removed the antivirus compatibility check for
security updates on Windows 10."
Which means in theory, once 2018-03 is installed in Windows 7,
later updates should stop checking for QualityCompat, and
you would no longer need mseinstall as a bandaid. Like, when
waiting for 2018-04 to install.
It's not downloading issue. It's not seeing the update package in WU.
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Ant
2018-03-15 00:39:16 UTC
Permalink
Raw Message
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Paul
2018-03-15 06:42:06 UTC
Permalink
Raw Message
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Sure, you can push things along with QualityCompat.
I assume whatever you've got for an AV is actually compatible.
If you "lied" about being QualityCompat, it could
brick the machine <vbg>. When you work on WU problems,
you should really have a backup handy.

As an experiment (with backups) you could try MSEInstall.
And see if that helps. It shouldn't help, but it's a variable.

And I know why your WU is slower. You're missing the latest
IE11 Cumulative.

This is my Win7 Sp1 install process from before March Patch Tuesday.
Installing that cumulative was to bring IE11 up to date
at the time, and reduce wheel-spin in Windows Update.

03/04/2018 07:32 AM 55,915,216 IE11-Windows6.1-x64-en-us.exe
03/04/2018 08:39 AM 54,932,464 ie11-CUMULATIVEwindows6.1-kb4088835-x64_89760279f8f121f9fc82c5539f255456dd49a57d.msu

You can see here, there is a newer one now for IE11. KB4089187 (51.9MB for x64)
That's from March Patch Tuesday epoch.

https://www.catalog.update.microsoft.com/Search.aspx?q=internet+explorer+11+cumulative+windows+7

It should not be possible for Windows Update to present the
update list, faster than about 3 minutes. It used to take
3 to 5 minutes, in "good" times. The 3 minute interval, is
how long the internal scan takes, before some info is
sent off to Microsoft. If it takes much longer than that,
it means supersedence is causing a problem. Installing
the IE11 Cumulative prunes a portion of that from
consideration (reduces the looping time of WU after
the initial 3 minute scan). In the old days, if
WU was looping for an hour before showing the list,
I could cut the wait time to 40 minutes, just by installing
the latest IE11. There are three other items that affect
the looping behavior, and the actual March Cumulative
then prunes all three of them in one shot. (WU will then
present after just 3 minutes, but will be empty, so who cares ?)

Paul
Ant
2018-03-15 20:44:31 UTC
Permalink
Raw Message
Post by Paul
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Sure, you can push things along with QualityCompat.
I assume whatever you've got for an AV is actually compatible.
If you "lied" about being QualityCompat, it could
brick the machine <vbg>. When you work on WU problems,
you should really have a backup handy.
So far, no problems that I saw. Just not seeing March 2018 critical updates for its IE11.
Post by Paul
As an experiment (with backups) you could try MSEInstall.
And see if that helps. It shouldn't help, but it's a variable.
Is this really required? Isn't the free updated MBAM, SAS, Defender, and
MRT enough for me to get all WUs' offers? :(
Post by Paul
And I know why your WU is slower. You're missing the latest
IE11 Cumulative.
This is my Win7 Sp1 install process from before March Patch Tuesday.
Installing that cumulative was to bring IE11 up to date
at the time, and reduce wheel-spin in Windows Update.
03/04/2018 07:32 AM 55,915,216 IE11-Windows6.1-x64-en-us.exe
03/04/2018 08:39 AM 54,932,464 ie11-CUMULATIVEwindows6.1-kb4088835-x64_89760279f8f121f9fc82c5539f255456dd49a57d.msu
You can see here, there is a newer one now for IE11. KB4089187 (51.9MB for x64)
That's from March Patch Tuesday epoch.
https://www.catalog.update.microsoft.com/Search.aspx?q=internet+explorer+11+cumulative+windows+7
It should not be possible for Windows Update to present the
update list, faster than about 3 minutes. It used to take
3 to 5 minutes, in "good" times. The 3 minute interval, is
how long the internal scan takes, before some info is
sent off to Microsoft. If it takes much longer than that,
it means supersedence is causing a problem. Installing
the IE11 Cumulative prunes a portion of that from
consideration (reduces the looping time of WU after
the initial 3 minute scan). In the old days, if
WU was looping for an hour before showing the list,
I could cut the wait time to 40 minutes, just by installing
the latest IE11. There are three other items that affect
the looping behavior, and the actual March Cumulative
then prunes all three of them in one shot. (WU will then
present after just 3 minutes, but will be empty, so who cares ?)
Well, a few minutes is still a long wait. :) Yeah, that one I am not
getting from WU. Argh.
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Paul
2018-03-15 10:35:59 UTC
Permalink
Raw Message
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Here's an article about the Patch Tuesday update.

https://arstechnica.com/gadgets/2018/03/patch-tuesday-drops-the-mandatory-antivirus-requirement-after-all/?comments=1

It appears that Windows 10 has removed the dependency on QualityCompat
once the 2018-03 update for Windows 10 is installed.

The Windows 7 2018-03 update doesn't remove the dependency.

This means your registry edit to add QualityCompat was
the right thing to do (as if you have no AV, there's no way
to get the QualityCompat setting otherwise).

Paul
Ant
2018-03-15 20:49:23 UTC
Permalink
Raw Message
Post by Paul
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Here's an article about the Patch Tuesday update.
https://arstechnica.com/gadgets/2018/03/patch-tuesday-drops-the-mandatory-antivirus-requirement-after-all/?comments=1
It appears that Windows 10 has removed the dependency on QualityCompat
once the 2018-03 update for Windows 10 is installed.
The Windows 7 2018-03 update doesn't remove the dependency.
This means your registry edit to add QualityCompat was
the right thing to do (as if you have no AV, there's no way
to get the QualityCompat setting otherwise).
OK, but WU doesn't offer me March 2018 IE11 fixes after getting February
2018 updates with the manual registry tweaks. :(

My
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/not-getting-todays-important-64-bit-w7-updates-in/fc7ce971-5819-4e44-9f3f-1a1ca9770eaa
forum thread got an answer from Johann Eva. He said it is because of my
specific hardwares. W7 guest VMs gets all. Is that true?
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Paul
2018-03-15 21:29:45 UTC
Permalink
Raw Message
Post by Ant
Post by Paul
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Here's an article about the Patch Tuesday update.
https://arstechnica.com/gadgets/2018/03/patch-tuesday-drops-the-mandatory-antivirus-requirement-after-all/?comments=1
It appears that Windows 10 has removed the dependency on QualityCompat
once the 2018-03 update for Windows 10 is installed.
The Windows 7 2018-03 update doesn't remove the dependency.
This means your registry edit to add QualityCompat was
the right thing to do (as if you have no AV, there's no way
to get the QualityCompat setting otherwise).
OK, but WU doesn't offer me March 2018 IE11 fixes after getting February
2018 updates with the manual registry tweaks. :(
My
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/not-getting-todays-important-64-bit-w7-updates-in/fc7ce971-5819-4e44-9f3f-1a1ca9770eaa
forum thread got an answer from Johann Eva. He said it is because of my
specific hardwares. W7 guest VMs gets all. Is that true?
Well, all I can tell you is, the 2018-03 for Windows 7, doesn't
remove the QualityCompat requirement. Whereas Windows 10 does.
And at this point in time, I don't understand what Microsoft is
up to. The Microsoft microcode patches will not be delivered
by Windows Update, so that's not a factor in the picture at all.

And it could be you have an AMD Turion or something, but I thought
there was already a patch out, which avoids tipping over the
AMD platform. So I don't see why that should be any consideration
either. Microsoft figured out what they did wrong there. Microsoft
was blaming AMD for some "chipset documentation", when it looked
like a CPU issue. This could be the event JMMD7 is recollecting.

I'm not really getting a warm feeling about the quality of the
logic in the year 2018 patching system. Meltdown/Spectre
sure seemed to stretch the limits on what the update
system could handle, in terms of "dependencies from
left-field".

Now, in my case, I didn't get any warnings on my test install.
And it was purely by accident I happened on the mseinstall thing,
and it set the same QualityCompat key for me, that you have
set manually. (After that, 2018-01 and 2018-02 became available.)
Since yours is set, I can't imagine what additional good the
mseinstall would do. That was supposed to be its single contribution.

Paul
Ant
2018-03-15 21:58:33 UTC
Permalink
Raw Message
Post by Paul
Post by Ant
Post by Paul
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Here's an article about the Patch Tuesday update.
https://arstechnica.com/gadgets/2018/03/patch-tuesday-drops-the-mandatory-antivirus-requirement-after-all/?comments=1
It appears that Windows 10 has removed the dependency on QualityCompat
once the 2018-03 update for Windows 10 is installed.
The Windows 7 2018-03 update doesn't remove the dependency.
This means your registry edit to add QualityCompat was
the right thing to do (as if you have no AV, there's no way
to get the QualityCompat setting otherwise).
OK, but WU doesn't offer me March 2018 IE11 fixes after getting February
2018 updates with the manual registry tweaks. :(
My
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/not-getting-todays-important-64-bit-w7-updates-in/fc7ce971-5819-4e44-9f3f-1a1ca9770eaa
forum thread got an answer from Johann Eva. He said it is because of my
specific hardwares. W7 guest VMs gets all. Is that true?
Well, all I can tell you is, the 2018-03 for Windows 7, doesn't
remove the QualityCompat requirement. Whereas Windows 10 does.
And at this point in time, I don't understand what Microsoft is
up to. The Microsoft microcode patches will not be delivered
by Windows Update, so that's not a factor in the picture at all.
And it could be you have an AMD Turion or something, but I thought
there was already a patch out, which avoids tipping over the
AMD platform. So I don't see why that should be any consideration
either. Microsoft figured out what they did wrong there. Microsoft
was blaming AMD for some "chipset documentation", when it looked
like a CPU issue. This could be the event JMMD7 is recollecting.
I'm not really getting a warm feeling about the quality of the
logic in the year 2018 patching system. Meltdown/Spectre
sure seemed to stretch the limits on what the update
system could handle, in terms of "dependencies from
left-field".
Now, in my case, I didn't get any warnings on my test install.
And it was purely by accident I happened on the mseinstall thing,
and it set the same QualityCompat key for me, that you have
set manually. (After that, 2018-01 and 2018-02 became available.)
Since yours is set, I can't imagine what additional good the
mseinstall would do. That was supposed to be its single contribution.
Yeah, this update thing is a mess now. Argh. FYI on my detailed system
setups: http://zimage.com/~ant/antfarm/about/MyComputerStuff.txt
(primary PC has my activated 64-bit W7 HPE SP1 OS that is having
problems seeing all updates like March 2018).
--
Quote of the Week: "Ants never sleep." --Ralph Waldo Emerson, poet
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
MowGreen
2018-03-15 21:31:58 UTC
Permalink
Raw Message
From what I've seen and read so far, this month's Win 7 security
'rollup' update KB4088875, is causing blue screens -

0x80242016
The state of the update after its post-reboot operation has completed is
unexpected.

Noshit, Sherlock !

Happened to my Win x86 box, which resulted in a 'Start up repair' that
brought it back to life.
Then Windows Update offered the February 'Quality' Rollup, which
installed fine.

AskWoody has a thread on the issues with KB4088875 but I can't access
it due to a 'Gateway failure' which, I'm assuming, is being caused by
too many web site visitors.

A Googley search shows MS has stopped pushing the patch via WU and will
most likely pull it, quietly. Like a 'one cheek sneak'.

https://www.computerworld.com/article/3263645/windows-pcs/microsoft-stops-pushing-buggy-win7-patch-kb-4088875-hopefully-as-a-precursor-to-yanking-it.html

https://www.askwoody.com/2018/buggy-windows-7-monthly-rollup-kb-4088875-no-acknowledgment-from-microsoft/

Hold off on that patch as it's still showing in the WU Catalog. It bit
me, don't let it byte you. ;)


MowGreen
Post by Ant
Post by Paul
Post by Ant
With JMMD7's help in
https://www.reddit.com/r/sysadmin/comments/843w0w/patch_tuesday_megathread_20180313/dvp6eld/
with registry key additions, I got a few update packages before March
2018. However, I still don't see yesterday's critical updates. :(
Post by Ant
Hello.
I'm not seeing any recent important OS and IE11 updates for my old
custom built, activated 64-bit W7 HPE SP1 machine from its Windows
Updates (manual check). My 2 non-activated 64-bit W7 HPE SP1 VirtualBox
VMs got today's updates.
What's up? Is it related Intel's exploits on my decade old Intel system?
:( It did get its frequent Defender, MRT, and Office updates though. The
last OS update was KB2952664 (update for 64-bit W7) on 2/13/2018.
Thank you in advance. :)
Here's an article about the Patch Tuesday update.
https://arstechnica.com/gadgets/2018/03/patch-tuesday-drops-the-mandatory-antivirus-requirement-after-all/?comments=1
It appears that Windows 10 has removed the dependency on QualityCompat
once the 2018-03 update for Windows 10 is installed.
The Windows 7 2018-03 update doesn't remove the dependency.
This means your registry edit to add QualityCompat was
the right thing to do (as if you have no AV, there's no way
to get the QualityCompat setting otherwise).
OK, but WU doesn't offer me March 2018 IE11 fixes after getting February
2018 updates with the manual registry tweaks. :(
My
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/not-getting-todays-important-64-bit-w7-updates-in/fc7ce971-5819-4e44-9f3f-1a1ca9770eaa
forum thread got an answer from Johann Eva. He said it is because of my
specific hardwares. W7 guest VMs gets all. Is that true?
Daniel60
2018-03-16 05:17:46 UTC
Permalink
Raw Message
Post by MowGreen
From what I've seen and read so far, this month's Win 7 security
'rollup' update KB4088875, is causing blue screens -
<Snip>
Post by MowGreen
Post by Ant
Post by Paul
Here's an article about the Patch Tuesday update.
https://arstechnica.com/gadgets/2018/03/patch-tuesday-drops-the-mandatory-antivirus-requirement-after-all/?comments=1
It appears that Windows 10 has removed the dependency on
QualityCompat once the 2018-03 update for Windows 10 is
installed.
The Windows 7 2018-03 update doesn't remove the dependency.
This means your registry edit to add QualityCompat was the right
thing to do (as if you have no AV, there's no way to get the
QualityCompat setting otherwise).
OK, but WU doesn't offer me March 2018 IE11 fixes after getting
February 2018 updates with the manual registry tweaks. :(
My
https://answers.microsoft.com/en-us/windows/forum/windows_7-update/not-getting-todays-important-64-bit-w7-updates-in/fc7ce971-5819-4e44-9f3f-1a1ca9770eaa
forum thread got an answer from Johann Eva. He said it is because
of my specific hardwares. W7 guest VMs gets all. Is that true?
I Dual boot (Win7 WOW64 and Linux) this HP 6730b laptop, and when I
booted into Win7 a couple of weeks ago, so after Feb update I'm
guessing, when I applied the Feb updates and rebooted, I got the "HP"
splash screen then the screen went blank and I waited ... and I waited
... and I waited! For approx 1hr 25 mins!!

Seems one of the BIOS settings (the one timing the "HP" display) is
supposed to be 5,000mS but was changed to 5,000S!!

Resetting the BIOS fixed my problem. This week-end I intent to download
any (March) updates and see what happens!!
--
Daniel
PeterC
2018-03-16 09:21:57 UTC
Permalink
Raw Message
Post by MowGreen
From what I've seen and read so far, this month's Win 7 security
'rollup' update KB4088875, is causing blue screens -
0x80242016
The state of the update after its post-reboot operation has completed is
unexpected.
Noshit, Sherlock !
Happened to my Win x86 box, which resulted in a 'Start up repair' that
brought it back to life.
Then Windows Update offered the February 'Quality' Rollup, which
installed fine.
AskWoody has a thread on the issues with KB4088875 but I can't access
it due to a 'Gateway failure' which, I'm assuming, is being caused by
too many web site visitors.
A Googley search shows MS has stopped pushing the patch via WU and will
most likely pull it, quietly. Like a 'one cheek sneak'.
https://www.computerworld.com/article/3263645/windows-pcs/microsoft-stops-pushing-buggy-win7-patch-kb-4088875-hopefully-as-a-precursor-to-yanking-it.html
https://www.askwoody.com/2018/buggy-windows-7-monthly-rollup-kb-4088875-no-acknowledgment-from-microsoft/
Hold off on that patch as it's still showing in the WU Catalog. It bit
me, don't let it byte you. ;)
Looking at KB4088875, I decided not to get it as I don't have Internet
Explorer - not even the .exe on the disk
I installed KB4088878 yesterday and it seems to be OK. Apparently it can
break networky-thingys but I don't have those.
According to InSpectre I'm now patched against Meltdown but not against
Spectre.
The microcode is out for Broadwell but still not on Gigabyte's site.
--
Peter.
The gods will stay away
whilst religions hold sway
Paul
2018-03-16 11:06:09 UTC
Permalink
Raw Message
Post by PeterC
Post by MowGreen
From what I've seen and read so far, this month's Win 7 security
'rollup' update KB4088875, is causing blue screens -
0x80242016
The state of the update after its post-reboot operation has completed is
unexpected.
Noshit, Sherlock !
Happened to my Win x86 box, which resulted in a 'Start up repair' that
brought it back to life.
Then Windows Update offered the February 'Quality' Rollup, which
installed fine.
AskWoody has a thread on the issues with KB4088875 but I can't access
it due to a 'Gateway failure' which, I'm assuming, is being caused by
too many web site visitors.
A Googley search shows MS has stopped pushing the patch via WU and will
most likely pull it, quietly. Like a 'one cheek sneak'.
https://www.computerworld.com/article/3263645/windows-pcs/microsoft-stops-pushing-buggy-win7-patch-kb-4088875-hopefully-as-a-precursor-to-yanking-it.html
https://www.askwoody.com/2018/buggy-windows-7-monthly-rollup-kb-4088875-no-acknowledgment-from-microsoft/
Hold off on that patch as it's still showing in the WU Catalog. It bit
me, don't let it byte you. ;)
Looking at KB4088875, I decided not to get it as I don't have Internet
Explorer - not even the .exe on the disk
I installed KB4088878 yesterday and it seems to be OK. Apparently it can
break networky-thingys but I don't have those.
According to InSpectre I'm now patched against Meltdown but not against
Spectre.
The microcode is out for Broadwell but still not on Gigabyte's site.
You don't have to wait for a BIOS flash update.

The OS can install one for you, after OS bootup. Right now
this says Windows 10, so in a Windows 7 group, we can stop
reading right here.

https://support.microsoft.com/en-ca/help/4093836/summary-of-intel-microcode-updates

Skylake, Kaby Lake, Coffee Lake (no broadwell, haswell, ivy bridge quite yet)

Those are *not* being put in Windows Update. They're
for private consumption. Like moonshine.

The microcode loader in Windows has *always* been loading
one of those, but at the current time, it's using out of date
versions. Because this particular patch could be performance-affecting,
they're not being forced on people.

*******

Using Linux, you can learn where the master file is located.
At the moment, Linux is using the older monolithic release mechanism,
where the master Intel file with a couple hundred processors in it
is loaded via the microcode loader.

https://wiki.archlinux.org/index.php/microcode

https://downloadcenter.intel.com/download/27591?v=t

https://downloadmirror.intel.com/27591/eng/microcode-20180312.tgz

As Windows users, we don't want the whole file.
We want the README :-) The releasenote tells us what
has changed since the last (stable) release November 17
of last year. Presumably Microsoft has been running
November 17 versions on all our computers (via Windows Update)
since last year. November 17 covers any hardware bugs
in CPUs, but has no Meltdown/Spectre coverage.

"RELEASENOTE from microcode-20180312.tgz"
== Updates upon 20171117 release ==
MODEL STEP f-mm-s:pf version
-- New Platforms --
BDX-DE EGW A0 6-56-5:10 e000009
SKX B1 6-55-3:97 1000140
-- Updates --
SNB D2 6-2a-7:12 29->2d
JKT C1 6-2d-6:6d 619->61c
JKT C2 6-2d-7:6d 710->713
IVB E2 6-3a-9:12 1c->1f
IVT C0 6-3e-4:ed 428->42c <=== my processor
IVT D1 6-3e-7:ed 70d->713
HSW Cx/Dx 6-3c-3:32 22->24
HSW-ULT Cx/Dx 6-45-1:72 20->23
CRW Cx 6-46-1:32 17->19
HSX C0 6-3f-2:6f 3a->3c
HSX-EX E0 6-3f-4:80 0f->11
BDW-U/Y E/F 6-3d-4:c0 25->2a \
BDW-H E/G 6-47-1:22 17->1d \
BDX-DE V0/V1 6-56-2:10 0f->15 \___ five Broadwells
BDW-DE V2 6-56-3:10 700000d->7000012 /
BDW-DE Y0 6-56-4:10 f00000a->f000011 /
SKL-U/Y D0 6-4e-3:c0 ba->c2
SKL R0 6-5e-3:36 ba->c2
KBL-U/Y H0 6-8e-9:c0 62->84
KBL B0 6-9e-9:2a 5e->84
CFL D0 6-8e-a:c0 70->84
CFL U0 6-9e-a:22 70->84
CFL B0 6-9e-b:02 72->84
SKX H0 6-55-4:b7 2000035->2000043

So that gives a hint as to how much progress Intel
made this week.

*******

This is the version Intel had to pull, because of
problems with a few of them.

RELEASENOTE(pulled).txt from microcode-20180108.tgz file

-- Updates upon 20171117 release --
IVT C0 (06-3e-04:ed) 428->42a <=== my processor
SKL-U/Y D0 (06-4e-03:c0) ba->c2
BDW-U/Y E/F (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx (06-45-01:72) 20->21
Crystalwell Cx (06-46-01:32) 17->18
BDW-H E/G (06-47-01:22) 17->1b
HSX-EX E0 (06-3f-04:80) 0f->10
SKL-H/S R0 (06-5e-03:36) ba->c2
HSW Cx/Dx (06-3c-03:32) 22->23
HSX C0 (06-3f-02:6f) 3a->3b
BDX-DE V0/V1 (06-56-02:10) 0f->14
BDX-DE V2 (06-56-03:10) 700000d->7000011
KBL-U/Y H0 (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0 (06-9e-09:2a) 5e->80
CFL U0 (06-9e-0a:22) 70->80
CFL B0 (06-9e-0b:02) 72->80
SKX H0 (06-55-04:b7) 2000035->200003c
GLK B0 (06-7a-01:01) 1e->22

And I observed in January, using a recent enough Ubuntu distro,
my processor go from 428->42a and applying the March 12 one
as well, the progression would be 428->41a->42c.

So you can see the version number continues to be bumped.
My BIOS loads 416 on my processor. In Windows I would see
428. In Linux in the middle of January, it read out as 42a.
In March in Linux, it went back to 428 (Linux pulled the
bad one). If I were to do some Linux experiments in the
next few weeks, the Linux one would go to 42c.

If you have a Pentium 4 processor, their release number
hasn't moved since 20171117 and if you checked the microcode
in either file, it's probably the same as a file from 2015.

The newer processors are getting patched first. And they will
work their way back. However, some of the patched processors,
will have absolutely no delivery mechanism. (Motherboard company
won't do it, Microsoft won't provide patch for all OSes.)

So now, even though Windows users can "smell and touch" the
bytes of the updated Microcode, the download file on the
Windows side ("tested") is still "Skylake, Kaby Lake, Coffee Lake".
Microsoft is taking their time. Microsoft is making this an
optional download for people who need the "assurance" of
Spectre protection in hardware via Microcode, to do it
from the OS level.

If your motherboard maker releases Broadwell before Microsoft
does, then sure, you can do it via a BIOS update. For my
Pentium 4 machine, no, no BIOS update will ever be offered,
so that Microsoft download page would be my only option.
And since right now, only Windows 10 gets the microcode
(on that page at the moment), my Pentium 4 is surely...
out of luck. Only the last model or so of Pentium 4 is
Windows 10 compatible. Practically nobody owns one of those :-)

Now, even if you bodge that Microcode into an OS, can the
OS even use it ? Intel was proposing some silly knobs to
twiddle with respect to that Microcode, and even if you
hack the file into your OS, the OS won't really use it unless
say, the kernel is modified to use it or something.
There are more details involved than just "delivery",
there are also "usage" issues. And we don't know since the
squabble between Linus Torvalds and Intel, whether Intel
budged on their control mechanism for enabling protection.

For everyone else, go back to updating your Facebook
page now. Nothing to see... Move along... Move along.

At the current time, only around 200 test samples of
malware from Black Hats have been spotted via Virustotal.
The Black Hats are still working on their Meltdown/Spectre
code and have not perfected really good exploits as
of yet. If you use a really up-to-date browser, you
have already received some "timing attack protection"
in Javascript arrays or so. "Ad hoc protection", is
how Pentium 4 owners running Vista will get their
protection.

I'm personally going to feel "warm and fuzzy", right
up until the day the Black Hats tip over my machine :-)
At that point, I won't be able to update my Facebook page.

Paul
PeterC
2018-03-16 16:25:22 UTC
Permalink
Raw Message
Post by Paul
Post by PeterC
The microcode is out for Broadwell but still not on Gigabyte's site.
You don't have to wait for a BIOS flash update.
Thanks for all the details, Paul. I'll admit to not understanding most of
them (I tinker on the edges - oil up to the knuckles, not elbows).
I might just have to contact Gigabyte if nothing appears.
--
Peter.
The gods will stay away
whilst religions hold sway
Loading...