Critical update for Windows 7 / Server 2008 R2 users

Microsoft has announced that all Windows 7 / Server 2008 R2 Updates will require an update in order to continue to get Windows Updates [the same will go if WSUS 3.2/3.0 SP2 is used]. This is for SHA-2 code signing.

After August 13, 2019, Windows 7 / Server 2008 R2 Updates will not receive any updates.

As the update was just release this past Tuesday, you would of figured that the update would be included in this week’s updates, but so far I haven’t seen any.

For further information click here. Click here for the deadlines.

Advertisements

Microsoft delays February patches until March

Microsoft has decided to delay the February patches until March – even though there is a possible critical vulnerability not addressed.

While not officially disclosed, some believe it is the “build” mechanism for the patching that is an issue and not a patch itself.

[Updated 2017/02/21:] Word went out that Microsoft would release the Flash Player update but as of “press” time, it hasn’t. The Malicious Software Removal Tool has been released though.

For those who want to at least be slightly more secure, Microsoft did release an interim update late January for v1607 which you can find it here [manual download and install]. There were no updates for the other editions of Windows 10 or older versions of Windows.

 

Microsoft’s updates for February delayed a bit

Microsoft has delayed releasing the February patches due to a last minute issue found:

“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.”

Further changes to Windows Update

Back in October, Microsoft started to release cumulative or roll-up packages for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

They consist of a security only package that has all the updates for that month only. They call it the Security Only Quality Update [SOQU].

There is also the monthly roll-up which includes all security and non-security updates since October 2016. They call it the Security Monthly Quality Update [SMQU].

If you install the SMQU, it will bring you up to date quite fast. It also replaces all SMQUs since October 2016]. It technically also replaces all SOQUs since October 2016 as well.

If you just want security updates, you would need to install every monthly SOQU available from October 2016 and on.

From October 2016 to January 2017 the SOQU contained all supported Internet Explorer updates. As of February 2017, Microsoft has removed IE from the SOQU and IE will be a separate update. This was requested by enterprise clients. [The SMQU will still incorporate the latest IE update.] As usual, none of the updates will upgrade your version of IE.

Months with no new Windows security or reliability fixes will not have a SOQU or SMQU release. [Of course with Windows, that gets a bit unlikely!]

Confused?

 

 

Fixing Windows 7’s Windows Update from doing nothing

hereIf you have tried to install Windows 7 from scratch, I don’t know about you but I’ve seen reports [plus a few times in person] where when trying to check for updates, Windows Updates just constantly searches. Could even last for hours.

Here is a way to fix the problem:

  1. Download and run the “FixIt” from Microsoft here for Windows 7 [works with Windows 8.x as well].
  2. Use the default settings. Elevated access required. Don’t reboot.
  3. Open the Services applet from the Administrative Tools which is in the Control Panel.
  4. Stop Windows Update. Keep the Services applet open.
  5. Go to c:\windows. Find the SoftwareDistribution folder and rename it [I usually add a letter or number at the end].
  6. Create a new folder called SoftwareDistribution. [You can optionally delete the SoftwareDistribution folder that you renamed.]
  7. Start up the Windows Update service.
  8. Download the appropriate platform version of July 2016 Cumulative Update (3172605). [Note that this update works. The cumulative updates that came out after may or may not correct the problem.]
  9. Run the July 2016 Cumulative Update.
  10. Reboot.

From this point on, Windows Update should properly work. You can download all the missing updates that you need.


Notes:

  • The July 2016 Cumulative Update seems to have something in the update that fixes Windows Update but isn’t listed in what was updated.
  • Once you have renamed the SoftwareDistribution folder, this will effectively reset Windows Update settings.

 

Changes coming to Microsoft updates in October

As of October 2016, Windows will releasing single monthly rollups that will contain both security issues and reliability issues in the single update for most Windows operating systems. The monthly rollup will be released the usual ways but not through the download center. Each month’s rollup will supersede the previous month’s rollup. So to be current, you just need the latest rollup.

Over time, Windows will also add patches released in the past to the monthly rollup. Eventually all of the patches Microsoft will be included since the last baseline [unsure at this time what the baseline is] and the monthly rollup will become a fully cumulative update. They are unsure how IE will be included as multiple versions of IE are supported. Flash Player and servicing stack and some specialty updates are not included in the rollups.

As well, from October 2016 onwards, Windows will release a single security-only update which will collect all of the security patches for that month into a single update. But unlike the monthly rollup, the security-only update will only include new security patches that are released for that month. So at one point you will have 12 related security updates per year plus the latest cumulative update plus an IE update, a Flash update [Windows 8.1 only] and any specialized updates. Nothing else.

The .NET Framework updates will also follow the monthly rollup model with a monthly release that will be known as the .NET Framework Monthly Rollup. This monthly .NET Framework Monthly Rollup will deliver both security and non-security updates to all versions of the .NET Framework as a single monthly update. The Monthly Rollup will not automatically upgrade the base version of the .NET Framework that is installed. A separate security-only update on Microsoft Update Catalog and Windows Server Update Services every month.

Finally, the Microsoft Update Catalog website will be updated to remove the ActiveX requirement so it can work with any browser [it doesn’t work properly with Microsoft’s own Edge!]. Microsoft is expected to launch the updated site soon.

The news applies to Windows 7, Windows 8.1, Server 2008 R2, Server 2012 and Server 2012 R2. As support for Vista and Server 2008 dies next year, they aren’t bothering to follow this schedule. Few reliability [non-security] updates are released for Vista and Server 2008 anyways.

 

Turn off the option to get driver updates from Windows Update

As you may know, sometimes drivers that may come through Windows Update may not be perfect [hummm]. Many experts prefer to update the drivers on their own. In Windows 10 you can turn off Windows Update from updating any drivers with is procedure:

  1. Navigate to Control Panel > System > Advanced system settings.
  2. Click the Hardware tab then click on Device Installation Settings.
  3. Select the No (your devices may not work as expected).
  4. Then select Save Changes.

Under Windows 7, you have further options if you choose No, let me choose what to do. You can choose always or never get driver updates from Windows Update or only get drivers if not on the computer.