It’s time to install August Windows and Office patches — carefully
Credit to Author: Woody Leonhard| Date: Tue, 05 Sep 2017 05:37:00 -0700
August was a banner month for Windows and Office customers. If I counted correctly, we saw patches on 14 different days last month. The current list of outstanding problems with those patches weighs heavily on my mind, but with the first September non-security Office patches due today, and the September security patches due in a week, it’s time for you to get the August patches out of the way.
As mentioned in the outstanding problems list, the Windows 7 multi-monitor bug has been resolved — if you’re careful to manually install the right patch (details below). The server redlining problem has also been fixed, as has the Excel 2016 hyperlink bug. Unfortunately, the Word/Outlook merged cell bug is still around, but fortunately, you can skip that patch if it’s going to affect you.
There were reports of eight undocumented Surface Pro 4 patches delivered last Friday, but so far I’ve seen no confirmation that they’re widespread. Reports of a re-issued Server 2008 security patch, KB 4019206, have been nailed down as a metadata change and nothing to be worried about. There’s also an as-yet-unresolved problem with Microsoft Security Essentials definition 1.249.211.0 appearing over and over again — apparently if you hide it, it’ll go away.
As always, I strongly recommend that you avoid installing the Preview Rollups on offer, such as KB 4034670. That’s easy — you have to check the right box to install the Preview, and you shouldn’t be checking any boxes!
Here are my recommendations:
If you’re very concerned about Microsoft’s snooping on you, and only want to install security patches, realize that the path’s getting more difficult. The old “Group B” — security patches not only isn’t dead, but it’s no longer within the grasp of typical Windows customers. If you insist on installing security patches only, follow the instructions in @PKCano’s AKB 2000003.
Microsoft is still blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s a year old, or newer, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.
If you want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping) before you install any patches. (Thx, @MrBrian).
If you have Office 2016 installed, and you use merged cells in tables in either Word or Outlook, don’t install KB 3213656. Microsoft still hasn’t fixed the problem. If you see an entry in Windows Update for KB 3213656, uncheck the box so it won’t be installed.
For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Watch out for driver updates — you’re far better off getting them from the manufacturer’s web site.
After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Win7 and 8.1 machines.
Also after you’ve installed the latest Monthly Rollup, if you’re having problems with a garbled second screen on Win7 machines, you need to download and manually install a separate patch, KB 4039884. I don’t recommend that you run through the manual fix, which Microsoft used to recommend — use the (newly updated) KB 4039884 hotfix instead.
Given the problems with recent patches to the Anniversary Update, version 1607, I now recommend that 1607 users upgrade to version 1703, the Creators Update, using the Windows Update mechanism, if it’ll work. Mind you, I recommend 1703 not because it’s superior but because the patches now appear to be less buggy. As a bit of lagniappe, 1703 also gives you more control over forced patching.
If you decide to stick with 1607, do yourself a favor and manually install KB 4039396 before you run Windows Update. Running KB 4039396 will preserve your Update history, keep your hidden patches hidden, and add a couple dozen bug fixes in the mix.
Those of you still on 1511, the Fall Update (later renamed to “November Update”), you need to move on to 1703 now. The last 1511 security patches will arrive on Oct. 10. May as well swallow your medicine now.
To get Windows 10 patched, run the eight steps to install Windows 10 patches like a pro. If you have Office 2016 installed, and you use merged cells in tables in either Word or Outlook, use wushowhide as described in the article to “hide” KB 3213656. Microsoft still hasn’t fixed the problem. You may also want to use wushowhide to hide any driver updates. All of the other updates should be OK, including Servicing stack updates, Office, MSRT or .Net updates (go ahead and use the Monthly Rollup if it’s offered).
Microsoft finally told us last week what the mysterious KB 4033637 is all about — it’s an update to the Compatibility Appraiser, no doubt being pushed to ease the way to Fall Creators Update, due to arrive on Oct. 17. You’ll be hearing a lot more about that in the coming weeks.
As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED.
Time to get patched. Tell your friends, but make sure they understand what’s happening. And for heaven’s sake, as soon as you’re patched, turn off automatic updating! Full instructions are in the referenced guides to patching.
I just changed the MS-DEFCON level on the AskWoody Lounge.