Microsoft delays February patches until March

Microsoft has decided to delay the February patches until March – even though there is a possible critical vulnerability not addressed.

While not officially disclosed, some believe it is the “build” mechanism for the patching that is an issue and not a patch itself.

[Updated 2017/02/21:] Word went out that Microsoft would release the Flash Player update but as of “press” time, it hasn’t. The Malicious Software Removal Tool has been released though.

For those who want to at least be slightly more secure, Microsoft did release an interim update late January for v1607 which you can find it here [manual download and install]. There were no updates for the other editions of Windows 10 or older versions of Windows.

 

Microsoft’s updates for February delayed a bit

Microsoft has delayed releasing the February patches due to a last minute issue found:

“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.”

Further changes to Windows Update

Back in October, Microsoft started to release cumulative or roll-up packages for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

They consist of a security only package that has all the updates for that month only. They call it the Security Only Quality Update [SOQU].

There is also the monthly roll-up which includes all security and non-security updates since October 2016. They call it the Security Monthly Quality Update [SMQU].

If you install the SMQU, it will bring you up to date quite fast. It also replaces all SMQUs since October 2016]. It technically also replaces all SOQUs since October 2016 as well.

If you just want security updates, you would need to install every monthly SOQU available from October 2016 and on.

From October 2016 to January 2017 the SOQU contained all supported Internet Explorer updates. As of February 2017, Microsoft has removed IE from the SOQU and IE will be a separate update. This was requested by enterprise clients. [The SMQU will still incorporate the latest IE update.] As usual, none of the updates will upgrade your version of IE.

Months with no new Windows security or reliability fixes will not have a SOQU or SMQU release. [Of course with Windows, that gets a bit unlikely!]

Confused?

 

 

Fixing Windows 7’s Windows Update from doing nothing

If you have tried to install Windows 7 from scratch, I don’t know about you but I’ve seen reports [plus a few times in person] where when trying to check for updates, Windows Updates just constantly searches. Could even last for hours.

Here is a way to fix the problem:

  1. Download and run the “FixIt” from Microsoft here for Windows 7 [works with Windows 8.x as well].
  2. Use the default settings. Elevated access required. Don’t reboot.
  3. Open the Services applet from the Administrative Tools which is in the Control Panel.
  4. Stop Windows Update. Keep the Services applet open.
  5. Go to c:\windows. Find the SoftwareDistribution folder and rename it [I usually add a letter or number at the end].
  6. Create a new folder called SoftwareDistribution. [You can optionally delete the SoftwareDistribution folder that you renamed.]
  7. Start up the Windows Update service.
  8. Download the appropriate platform version of July 2016 Cumulative Update (3172605). [Note that this update works. The cumulative updates that came out after may or may not correct the problem.]
  9. Run the July 2016 Cumulative Update.
  10. Reboot.

From this point on, Windows Update should properly work. You can download all the missing updates that you need.


Notes:

  • The July 2016 Cumulative Update seems to have something in the update that fixes Windows Update but isn’t listed in what was updated.
  • Once you have renamed the SoftwareDistribution folder, this will effectively reset Windows Update settings.

 

Changes coming to Microsoft updates in October

As of October 2016, Windows will releasing single monthly rollups that will contain both security issues and reliability issues in the single update for most Windows operating systems. The monthly rollup will be released the usual ways but not through the download center. Each month’s rollup will supersede the previous month’s rollup. So to be current, you just need the latest rollup.

Over time, Windows will also add patches released in the past to the monthly rollup. Eventually all of the patches Microsoft will be included since the last baseline [unsure at this time what the baseline is] and the monthly rollup will become a fully cumulative update. They are unsure how IE will be included as multiple versions of IE are supported. Flash Player and servicing stack and some specialty updates are not included in the rollups.

As well, from October 2016 onwards, Windows will release a single security-only update which will collect all of the security patches for that month into a single update. But unlike the monthly rollup, the security-only update will only include new security patches that are released for that month. So at one point you will have 12 related security updates per year plus the latest cumulative update plus an IE update, a Flash update [Windows 8.1 only] and any specialized updates. Nothing else.

The .NET Framework updates will also follow the monthly rollup model with a monthly release that will be known as the .NET Framework Monthly Rollup. This monthly .NET Framework Monthly Rollup will deliver both security and non-security updates to all versions of the .NET Framework as a single monthly update. The Monthly Rollup will not automatically upgrade the base version of the .NET Framework that is installed. A separate security-only update on Microsoft Update Catalog and Windows Server Update Services every month.

Finally, the Microsoft Update Catalog website will be updated to remove the ActiveX requirement so it can work with any browser [it doesn’t work properly with Microsoft’s own Edge!]. Microsoft is expected to launch the updated site soon.

The news applies to Windows 7, Windows 8.1, Server 2008 R2, Server 2012 and Server 2012 R2. As support for Vista and Server 2008 dies next year, they aren’t bothering to follow this schedule. Few reliability [non-security] updates are released for Vista and Server 2008 anyways.

 

Turn off the option to get driver updates from Windows Update

As you may know, sometimes drivers that may come through Windows Update may not be perfect [hummm]. Many experts prefer to update the drivers on their own. In Windows 10 you can turn off Windows Update from updating any drivers with is procedure:

  1. Navigate to Control Panel > System > Advanced system settings.
  2. Click the Hardware tab then click on Device Installation Settings.
  3. Select the No (your devices may not work as expected).
  4. Then select Save Changes.

Under Windows 7, you have further options if you choose No, let me choose what to do. You can choose always or never get driver updates from Windows Update or only get drivers if not on the computer.

 

More updates to Windows coming

Non-security updates for Windows 7 SP1 and 8.1 (as well as Windows Server 2008 R2 SP1, Server 2012 and Server 2012 R2) will be available as a monthly rollup. This means that all the non-security updates will be released as a single update to install.

Microsoft claims this will improve the reliability and quality of our updates. Unsure how this will be true because if one fix “breaks” a system, Microsoft will either have to re-issue the update or provide a separate update to fix the issue.

Also note that when Windows 8 was first released, they were releasing monthly updates to non-security updates. But that seemed to stop in December 2014 for the last monthly rollup for Windows 8.1.

These fixes will be available through Windows Update, WSUS, and SCCM as well as the Microsoft Update catalog.

In addition, within the next few months Windows updates will no longer be available from the Microsoft Download Center. All security bulletins will continue to link directly to the updates, but will point to the packages on the Microsoft Update Catalog instead of the Microsoft Download Center.

Finally, Microsoft Update Catalog website still requires using Internet Explorer at this point because of an ActiveX control used. Later this summer, the site will be updated to eliminate the ActiveX control in order to support other browsers.