Users should avoid Microsoft's just-released preview Windows patches

[Karlston]

Microsoft’s new monthly patching cadence include 'previews' that are not for general consumption, including KB 3197869

Credit: Thinkstock

 

Yesterday Microsoft released eight “preview” patches, in line with its new method of releasing patches on the third Tuesday of every month. They’re optional, which means they won’t get installed unless you specifically check the Windows Update box. If you’re tempted to install them, don’t.

 

Preview patches serve a good purpose, but they’re not for general consumption.

 

The two major preview patches:

• KB 3197869 is the “November 2016 Preview of Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.” In other words, it’s an early look at the non-security patches for Windows 7 that Microsoft expects to roll out for real in December. You can see details of the patch on the Win7 update history page, where you can learn, for example, that this patch updates Belarus’ ISO 4217 code from BYN to BYR. Positively riveting.
• KB 3197875 is the “November 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2”—in other words, another preview of the non-security patches that will appear for real next month. There’s a long list of fixes on the Win8.1 update history page including, you guessed it, a change of Belarus’ ISO 4217 code from BYN to BYR.

Several of you have written to me, confused about the patches. The simple instructions: Unless you know precisely what you’re doing, leave preview patches alone. You don’t need or want them. When they’re fully baked next month, Microsoft will roll them out.

 

Microsoft’s intentions here are noble: It's giving programmers and system administrators a chance to kick the tires on the new non-security patches before the patches get rolled out through the Windows Automatic Update chute. If you write programs for Windows or you control a bunch of Windows machines, you should take a look at the previews. The vast majority of Windows users should look the other way. Unless you specifically hunt down the patches, check them and install them, you’re just fine.

 

In a similar vein, we saw four previews of .Net Framework patch rollups:

• KB 3195382, the “November 2016 Preview of Quality Rollup for the .Net Framework 2.0 SP2, 4.5.2, 4.6 on Windows Vista SP2 and Windows Server 2008 SP2”
• KB 3195383, the “November 2016 Preview of Quality Rollup for the .Net Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Server 2012”
• KB 3196684, the “November 2016 Preview of Quality Rollup for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows 8.1 and Server 2012 R2”
• KB 3196686, the “November 2016 Preview of Quality Rollup for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1”

There’s also KB 3197878, the “November 2016 Preview of Monthly Quality Rollup for Windows Server 2012.”

 

There’s one oddity I’ll be following: The preview monthly rollup for Windows 8.1 includes a fix for a bug introduced by Microsoft in the August security patch MS16-100. Oddly, that bug isn’t described in the security bulletin, but the Win8.1 update list says the monthly rollup preview “addressed issue with the boot partition appearing in File Explorer after installing MS16-100.”

 

The reason why I’ll be watching – and you should, too: We need to make sure that bugs introduced by Microsoft’s security-only patches are fixed with security-only patches. If Microsoft starts fixing its own bugs willy-nilly, by including security bug fixes only in non-security patches, it won’t be possible to keep your PC upgraded with security-only patches.

 

For those of you accustomed to my patchocalypse terminology, crisscrossing patches will make it impossible to stay in Group B. You’ll be forced into the telemetry-friendly Group A, if only to fix the problems created by patches in Group B.

 

The price of patching liberty is eternal vigilance.

 

Source: Users should avoid Microsoft's just-released preview Windows patches (InfoWorld - Woody Leonhard)

 

Avoid yesterday’s “preview” patches, including KB 3197869 and 3197875 (AskWoody.com)

[WALLONN7]

I've been thinking a lot lately and... Observing the routines adopted by Microsoft over the last eighteen months, I conclude:

Microsoft seems and reheat a bad food and serve us after sour... So... it'd not be wiser to accept the bad Instead of sour?!... 

 

 

 

[straycat19]

42 minutes ago, WALLONN7 said:

it'd not be wiser to accept the bad Instead of sour?!.

 

After looking at many systems (over 15,000), which had patches of various amounts installed over the years, I began to doubt the validity of any patches.  I saw systems that had never had a patch installed since SP1 and had been running for over 3 years with no malware on it and it was stable.  I began to doubt the need for updates, however, since my job was to secure the entire system, I brought all the patch levels up to date.  When Microsoft announced that in June 2015 they were going to add all the telemetry crap from windows 10 to 7 and 8.1 I made a conscious decision not to install any more updates.  Part of securing a system is also monitoring and limiting the connections it makes to other places since each connection is potentially a security hole.  And that is the state of all the computers today.  There hasn't been one problem since that time from not installing the updates.  Currently, new Windows 7/8.1 setups use the last ISO from Microsoft and an update DVD created by WSUSOFFLINE in June 2015 and then have our local tweaks and GPO applied.  This has produced excellent results.  As far as Windows 10 goes, if you keep in mind that there is no stable version, such as there is with Windows 7 SP1, and that every update not only updates the system but modifies it, sometimes to the detriment of the system and user, then the monthly cumulative patches become more necessary.  However, the Enterprise LTSB versions we run have also never been patched and are very stable for what we are currently using them for, which is still in the testing stage using 150 systems.  So whether to install updates and which ones to install are a personal preference based on what the user is comfortable with and how many problems they are willing to put up with from Microsoft continually screwing with their systems.

[steven36]

 

 

[Metatron]

Spoiler

 

[pc71520]

I've seen so many systems crippled by M$ Updates; worst than Malware.

What a mess...

[jmcdanie69]

Could you please give a list of all the updates to present that break pirated copies of win Se7en I have stopped updating as of a few weeks ago cause there nbis a new one keeps bustin me for my pirated copy so I could really use such a list and either way thanks any oh who.

[luisam]

On 16/11/2016 at 2:46 PM, Karlston said:

The simple instructions: Unless you know precisely what you’re doing, leave preview patches alone. You don’t need or want them....

...Microsoft’s intentions here are noble: It's giving programmers and system administrators a chance to kick the tires on the new non-security patches before the patches get rolled out through the Windows Automatic Update chute...

...The vast majority of Windows users should look the other way.

 

Great information. Now the issue is that most of Windows users don't read AskWoody's or Infoworld nor they are members of a forum like Nsane where this informacion is displayed so it looks just unavoidable that lots of them will download and install these useless updates.

So Micro$oft's intentions might be "noble" (???) but they are generating a general confusion, to say it in some way.

Actually my Windows Update for Windows 7 showed available kb3197869 and kb3196686 as optional!

NOWHERE it mentions Micro$oft's noble intention about giving this options for programmers and system administrators!

Although are optional, they says literally "Install this update to resolve issues in Windows". Moreover, at Micro$oft's website it say explicitly; " We recommend that you apply this quality rollup as part of your regular maintenance routines".

So if it hadn't been for this post, most probably I would have installed it happily, as many users will install it, without much considerations about Micro$oft's noble intentons

[nIGHT]

On 11/17/2016 at 4:32 AM, straycat19 said:

 

After looking at many systems (over 15,000), which had patches of various amounts installed over the years, I began to doubt the validity of any patches.  I saw systems that had never had a patch installed since SP1 and had been running for over 3 years with no malware on it and it was stable.  I began to doubt the need for updates

This is what I've been telling a lot of people. The common ways to get infected is when you install malicious softwares or making a connection to a malicious/phishing website. Install antivirus like nod32, some other with IDS and Behavior blocking aginst PUP, and addons like WOT, ghostery, disconnect, ABP+, greasemonkey and adblocking scripts (AAK, Adsbypassers, AntiAdware) and Noscript, and you might prevent the chance of being infected. Malwares are continually being updated too so even you have an updated system when there is nothing preventing it from being installed you still have a chance to get infected. The chance of being infected is small as compared to having a system inoperable due to a bad windows update. The number of system being inoperable due to infection might be 0 or 1 computer but a bad windows update could make almost all our computers inoperable! That's why I always advise to wait at least two weeks before deploying windows update. Now, it's windows 10 then the only way is to make it a Current Branch for Business (CBB) which I think is safer and eaiser. The problem is if you are still using old Windows 7, 8 ,8.1.

[Karlston]

1 hour ago, nIGHT said:

The chance of being infected is small as compared to having a system inoperable due to a bad windows update.

 

Well said. It's sad that the stability of one's device is more at risk from the OS manufacturer than from the nasty bastards.

 

One wonders how long Microsoft can keep pushing these flaky updates before even they realise something's deeply wrong. IMO their testing is lousy (that's what happens when you sack your internal team of testers) and there's intrinsic problems with both bundling updates (take the bad with the good) and cumulative updates (take all forever).

 

I don't think these W7 and W8/8.1 preview updates are going to help much. The theory is that some users (IMO brave) will grab them and report any bugs, so that they're perfect when the previewed updates roll out the following month. Hasn't worked very well with Windows 10 and its much vaunted Windows Insiders testing and bug reporting methodology. What's that definition of a fool... someone who repeats the same action over and over and expects a different result?

[WALLONN7]

5 hours ago, Karlston said:

One wonders how long Microsoft can keep pushing these flaky updates before even they realise something's deeply wrong.

 

F-o-r-e-v-e-r...

 

5 hours ago, Karlston said:

IMO their testing is lousy (that's what happens when you sack your internal team of testers)

 

And you're completely correct.

The truth is: there have been no internal tests.

The policy now is the well-known "outsourcing"... But unlike what usually happens in this mode, the Microsoft' "outsourced" does not receive a single dime as payment... Just "in thirty days issues will be solved... ( We hope so )..."