Hi, I'm on Win7 Pro x64. As we lost official ESU now I'm curious, are we getting updates for the PosReady/Server variant (until 2024) or all our ESU is finished now? I've heard that I can get PosReady/Server variant (until 2024) updates installed manually but I'm curious if BypassESU can do that automatically. If this doesn't work I would probably reinstall Windows on my PC with Server 2008r2.
BypassESU still allow to install updates (marketing-named PosReady/Server) standalone WU_ESU_Patcher alow to install updates from WU
Is the Windows 7 32-bit Enterprise Edition different from the MSDN 4-in-1 version? Even if you use BypassESU, you still can’t get the ESU update, and the ESU preparation package has already been installed. I really can’t figure out why, please. Can you let me know if you know? Thanks!
This is my First post! I must say, after reading many threads and countless posts, there is some incredible work and unselfish sacrifice from @abbodi1406, @Enthousiast, @wkeller, and so many, many, others on the forum. A tip of the cap from me! Given my novice computer skill level in these type matters, and in particular, so I can avoid making a total mess of things, I’m trying to lay out a solid, accurate set of Steps to follow to get a Windows 7 machine up to date using ESU BypassTool & Disable Telemetry and was hoping some of you could review it and make sure I am on the right track for success. Background/General Information I previously purchased a used Desktop computer from an authorized HP refurbisher with Windows 7 Professional COEM x64 bit installed.The computer was shipped with SP1, and when I check to see what Microsoft Updates were installed, it shows there are 225 MU installed, with all updates being installed 7/20/2017. The system has not been connected to the internet yet. From another machine I did download an Antivirus program (Avast Free) and Browser (Mozilla Firefox 113.0.1, 5-12-2023). Windows Update Settings: - Never Check for Updates I created a Disk Image of the complete system using the Macrium Reflect Free program. "Planned" Steps to Update Windows 7 Pro x64 Machine Below are the Steps I was planning to do to get the system fully up to date. Note: From a different computer, I have already downloaded and saved all of the below noted Windows Updates: A. Manually Install Updates from Windows Updates Step 1. Root Certificate Update KB3004394 (2/9/2015) Step 2 Servicing Stack Update #1 KB4536952 (1/14/2020) Step 3 Windows Update Agent V 7.6.7600.256 Step 4 Windows 7 Update Roll-up KB3179573 (9/13/2016) Step 5 Block Windows 10 Telemetry Settings W10-Block.cmd (abbodi1406 Script) Note: Re-run the command manually after installing any future updates/monthly rollup B. Get all updates up until mainstream support ended January 14, 2020. Step 6 Run Windows Update Download and Install all Important Updates Step 7 Block Windows 10 Telemetry Settings (Repeat of step 5) *My extra step OPTION- Create a 2nd Disk Image with Macrium Reflect. C. Install ESU Bypass Prerequisites Step 8 Servicing Stack Update #2 KB4490628 (3/12/2019) Step 9 SHA-2 Code Signing Support Update KB4474419 (9/10/2019) Step 10 Servicing Stack Update #3 KB5017397 (9/13/2022) Step 11 8. ESU Licensing Preparation Package KB4575903 (7/30/2020) D. Install ESU Bypass Tool Step 12 Install ESU Bypass Tool, BypassESU-v12_u - Type 1 to select Option [1], then press Enter - Full Installation (ESU suppressor, WU patcher and the .NET 4 ESU Bypass) Step 13 Run Windows Update - Get updates through January 10, 2023 - Download and Install all Important Updates Step 14 Block Windows 10 Telemetry Settings (Repeat of step 5) *My extra step OPTION - Create a 3rd Disk Image with Macrium Reflect. E. Get Windows Updates released after January 10, 2023 through current (until ???) Step 15 Use Standalone Windows Update ESU Patcher - Run WU_ESU_Patcher.cmd as administrator - Type 1 to select option [1] (Patch as Windows Embedded 7 category), then press Enter - Restart the system Step 16 Use Windows Update Catalog to find and Manually Download, Save and Install updates listed for *Windows Embedded Standard Windows 7 - Go to Microsoft Windows Update Catalog website - Download and Install all Important Updates from February, March, April, and May 2023... Step 17 Block Windows 10 Telemetry Settings (Repeat of step 5) *My extra step OPTION - Create a 4th Disk Image with Macrium Reflect. Some Questions: 1. Are my steps correct (the correct order, proper KB Update and “latest” date, any missing steps, etc.)? 2. Am I correct in that I do not need KB5016892 (ESU Licensing Preparation Package) since my desktop system is Windows 7 Pro x64? 3. Is it likely, due to the timeframe of the 225 updates (7/20/2017), that I need to delete some/any of the 225 original WU that were already installed on the computer as it shipped to me because of Telemetry, etc. (I can provide the list, but I do see a few KB's that I believe are supposed to be bad)? I “think” I am on the right path, but this is pretty complicated to me, so I want to make sure before I get started- so I can avoid screwing everything up. I appreciate any help and guidance you can provide.
Still hoping for some help from my post #7432. @abbodi1406, if you have an opportunity, could you please review my 17 Step "tentative" Windows Update/ESU Plan to see if it is complete and correct for my situation. I'm trying to make sure my steps are correct before I proceed with them.
a) Swap Step 2 update with Step 8 update (a switch over); b) Blank Step 9 (leave this for an ESU updates list from 2020-02 to 2023-01) c) Edit Step 8 with the following updates (you need to get your Windows 7 OS updated to 2020-01 first before doing the ESU updates - you don't just leap deep into it with enabling the ESU Monthly Rollups, it doesn't work that way with SHA-2 only supported updates!) Security Only Quality Update (KB4041678) - WPA2 Encryption Key Bypass Patch - October 17 Update (KB4073578) - AMD CPU Flaw + Reboot Fail (Meltdown & Spectre) Patch - January 18 - More associated for AMD CPUs Security Only Quality Update (KB4056897) - Intel CPU Flaw (Meltdown & Spectre) Patch - January 18 Security Only Quality Update (KB4088878) - AMD Meltdown Patch (CAUTION - May Cause BSOD) - March 18 - More associated for AMD CPUs Security Update (KB4100480) - Windows Kernel EOP (2018-01-02-03) Patch - March 18 Security Only Quality Update (KB4093108) - Meltdown Exploit PAE (BSoD) Resolution - April 18 Security Only Quality Update (KB4284867) - Speculative Side Channel (Spectre v2) Resolutions - June 18 Security Only Quality Update (KB4343899) - Foreshadow L1 Terminal FLT & Lazy FP State Restore Mitigations - August 18 Security Only Quality Update (KB4462915) - Multiple Components Update 1 - October 18 Security Only Quality Update (KB4471328) - Multiple Components Update 2 - December 18 Security Only Quality Update (KB4480960) - AMD Spectre v2 (CVE-2018-3639) Mitigations - January 19 Security Monthly Quality Rollup (KB4074598) - MS Windows Defender ATF Support Pre-Requisite - February 18 Update (KB4490511) - VM Restore & MS Jet Database Fails Resolutions - February 19 Security Update (KB4474419) - SHA-2 Code Signing Support - March 19 (Yes, you are better off installing this version FIRST!) Security Only Quality Update (KB4493448) - Spectre v2 Mitigations (VIA Chipsets) + Improvements - April 19 Security Only Quality Update (KB4499175) - Microarchitectural Data Sampling Side-Channel Patches - May 19 Security Monthly Quality Rollup (KB4507449) - Multiple Security Improvements - July 19 Update (KB4517297) - VB6 & VBScript Quality Improvements - August 19 Update (KB4516655-v2) - WU Servicing Stack Update - September 19 Critical Update (KB4474419-v3) - SHA-2 Code Signing Support Update - September 19 Security Only Quality Update (KB4516033) - Microarchitectural Data Sampling Mitigation v2 - September 19 Update (KB4523206) - WU Servicing Stack Update - November 19 Security Only Quality Update (KB4525233) - Multiple Security Improvements 3 (New Intel Mitigations) - November 19 Update (KB4528069) - W7 SP1 ESU Eligibility Check Requirement - November 19 (Check archive.org whether someone has posted this update there.) Security & Quality Rollup (KB4040980) - NET v3-5-1 Hacker Compromise - November 17 Security & Quality Rollup (KB4532945) - NET Framework v3-5-1 - January 20 If you're smart, your OS would have upgraded IE8 to IE11. Cumulative Update (KB4505050) - HTTP Strict Transport Security (HSTS) For Govt Sites Patch - May 19 Cumulative Update (KB4508646) - SVG Power BI Markers Resolution Update - June 19 Cumulative Security Update (KB4507434) - Update (Supersedes ALL) - July 19 Critical Update (KB4522007) - Script Engine RCE Hacker Compromise (Supersedes ALL) - September 19 Critical Update (KB4524135) - Script Engine RCE Hacker Compromise - October 19 Cumulative Security Update (KB4530677) - Common Security Vulnerabilities - December 19 Cumulative Security Update (KB4534251) - IE11 Security Vulnerabilities Resolution FINAL - January 20 Update (KB4536952) - WU Servicing Stack Update - January 20 Security Monthly Quality Rollup (KB4534310) - W7 SP1 Security Fixes & Improvements FINAL - January 20 (Else, use the final Monthly Quality Rollup Preview Update KB4539601.) Update (KB4539602) - Wallpaper Set To Stretch Shown As Black System Fix - February 20 (Also included in the Monthly Quality Rollup Preview KB4539601.) Monthly Quality Rollup Preview (KB4539601) - KB4534310 + KB4539602 + Security Improvements - February 20 Reinstalls updates (Post-KB4539601). Critical Update (KB2676562) - Hacker Compromise - May 12 Security Update (KB3123479) - MS Root Certificate SHA-1 Hashing Algorithm Patch - January 16 This is your Eligible OS ESU Pre-Bypass State. Get to this point here before moving into installing the ESU Bypass and the ESU updates (again, they will require monthly steps - no big leaps.) Pointers for beginners, read response #7383 of this forum here before getting too hot in it: https://forums.mydigitallife.net/th...dates-eligibility.80606/page-370#post-1787606
@Guitar-Rock Step 1. Servicing Stack Update KB4490628 (prerequisite for 2019+ updates) Step 2 SHA-2 Code Signing Support Update KB4474419 (contain Root Certificate Update) Step 3 Windows Update Agent KB3138612 or KB3172605 Step 4 Servicing Stack Update KB4536952 (or go to the latest KB5017397 directly) all further steps are fine (except the duplicates from above) --- if "Windows Embedded 7 category" works for you, you don't need KB5016892 --- Old updates don't hurt to keep installed you can run "Disk Cleanup" and select "Update Cleanup" to remove most of them
Thank you @Ready_Slavik. Very much appreciate your reply with a lot of details. You clearly put a lot of effort into it. I'll need to take some time to study and try to absorb this given my more novice knowledge level.
@abbodi1406 Very kind of you to take the time to help me out. I know how busy you are on the forum and I am genuinely grateful. Follow-up Questions: - Do I need to install separately the Windows Update Agent file named V 7.6-X64.exe (latest version is 7.6.7600.256) from Microsoft learn website titled "Update the Windows Update Agent to the latest version" (I can't post links yet) or is it already contained in either KB3138612 (3/8/2016) or KB3172605 (9/13/16) from Step 3 below? If it needs to be installed in addition to KB3138612 or KB3172605, what Step # should it be? - Any Advantage/Disadvantage between KB3138612 or KB3172605 in Step 3 that I should consider when deciding which one to install? - I've Edited/Updated my Steps (and a couple other details) as shown below. Do I have things correctly now? Updated Planned Steps to Update Windows 7 Pro x64 Machine A. Manually Install Updates from Windows Updates Step 1. Servicing Stack Update #1 KB4490628 (3/12/2019) Step 2 SHA-2 Code Signing Support Update KB4490628 (3/12/2019) (contains Root Certificate Update) Step 3 Windows Update Agent KB3138612 (3/8/2016) or KB3172605 (9/13/16) Step 4 Servicing Stack Update #2 KB5017397 (currently 9/13/22) Step 5 Windows 7 Update Roll-up KB3179573 (9/13/2016) Step 6 Block Windows 10 Telemetry Settings W10-Block.cmd (abbodi1406 Script) Note: Re-run the command manually after installing any future updates/monthly rollup B. Get all updates up until mainstream support ended January 14, 2020. Step 7 Run Windows Update Download and Install all Important Updates Step 8 Block Windows 10 Telemetry Settings (Repeat of step 6) *My extra step OPTION - Create a Disk Image with Macrium Reflect Free. C. Install ESU Bypass Prerequisites Step 9 ESU Licensing Preparation Package KB4575903 (7/30/2020) D. Install ESU Bypass Tool Step 10 Install ESU Bypass Tool, BypassESU-v12_u - Type 1 to select Option [1], then press Enter - Full Installation (ESU suppressor, WU patcher and the .NET 4 ESU Bypass) Step 11 Run Windows Update - Get updates through January 10, 2023 - Download and Install all Important Updates Step 12 Block Windows 10 Telemetry Settings (Repeat of step 5) *My extra step OPTION - Create a 2nd Disk Image with Macrium Reflect Free. E. Get Windows Updates released after January 10, 2023 through current (until ???) Step 13 Use Standalone Windows Update ESU Patcher - Run WU_ESU_Patcher.cmd as administrator - Type 1 to select option [1] (Patch as Windows Embedded 7 category), then press Enter - Restart the system Step 14 Use Windows Update Catalog to find and Manually Download, Save and Install updates listed for *Windows Embedded Standard Windows 7 - Go to Microsoft Windows Update Catalog website - Download and Install all Important Updates from February, March, April, and May 2023 (Important: Install in monthly steps, one month at a time, before moving to the next month) *Note: Windows Embedded Standard 7 Updates are completely compatible with Windows 7 Step 15 Block Windows 10 Telemetry Settings (Repeat of step 6) *My extra step OPTION - Create a 3rd Disk Image with Macrium Reflect Free.
@Guitar-Rock - No, KB3138612 or KB3172605 are enough and replace WindowsUpdateAgent-7.6-x64.exe - KB3138612 is the last separate update for WUA, which miminize the "long search high CPU" scan issue KB3172605 contain the first update for WUA which totally fix the scan issue but it's a Rollup update and might cause some known issues (e.g. some Bluetooth stacks) that's why it's still offered as optional update in WU
@abbodi1406, - Thanks for the follow-up clarification on Windows Update Agent. It seems like KB3138612 might be less of a possible problem, so I'll just use that one for Step 3. - Since you did not mention any errors or other suggested changes with my Updated 15 Step plan as outlined in post #7439, I will proceed using those steps. Of course, please advise if I am mistaken and there are remaining errors in the plan. - I hope this can be useful as a Reference Guide to help other forum readers (both beginners and anyone who is confused about doing the process successfully).
Hi guys, can I please confirm that as long as I download Simplix's latest updates pack, then my windows 7 will be fully updated? I've downloaded the latest pack and updated to it, but have come to realise that some of the KB numbers mentioned in this thread ae not installed on my system. Is this due to the cumulative nature of the patches, that if i have May 2023 roll up installed, I won't need updates from Janaury 2023 for example? I've also installed Abboid's ESU bypass AiO and have found new NET updates in my windows update application.
Yes you can (only .NET 4.7.2-4.8 needs addons) Not needed In WU, look at the latest on the day of the release of updates. The latest .NET Framework update in WU is (KB5022731) _February 2023 On the system: .NET Framework 3.5.1 (KB5022523) and .NET Framework 4.8 (KB5022509) + (KB5023823) for .NET Framework 4.8 - installed by hand, it will not be in WU. ...for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 - (KB5022515) + (KB5023820)
Hi. I am using Win 7 Ultimate SP1 x64bit. I have been able to install all ESU updates but kb5026413 (will install) but cannot configure and Windows reverts the changes. No problem installing kb5026426 though. Please Help!!!
Microsoft 2007, Something broke: roll back to a restore point (when everything worked), disk cleanup of old updates, run a disk and system file check. Or find someone who knows how to analyze logs. ...Did you put kb5026426 for verification?, or do you always do this with ESU (manually, without understanding, put everything found in catalog_microsoft)?