What's wrong with you people? Why do you listen to perverts and follow their recommendations? Compromising the integrity of the system and inserting an old file with a vulnerability is the worst solution you can come up with. Just skip this update and wait for the next one.
[Paradroid666, post: 1860547, member: 1170069 - "Solution 1. disable integrity-checks and driver-signing in a console with admin-rights: BCDEDIT /set nointegritychecks ON BCDEDIT /set LoadOptions DISABLE_INTEGRITY_CHECKS BCDEDIT /set TESTSIGNING ON 2, 3, 4, .. 5. Boot into Windows 7 Recovery CD or WinPE or Linux-LIVE etc. Copy the original win32k.sys from Backup to c:\windows\system32 (overwrite the patched win32k.sys)."] Would reconstructing the November 2024 .CAB file that possesses the new win32k.sys file work (simply to delete the new win32k.sys file and copy the October 2024 win32k.sys file [ie., the backup file], and then to recompile the .CAB file as per the original .CAB file to then use W7ESUI to install the update package)? It would require to unpack the KB5046705 .MSU package with 7-Zip, to locate the win32k.sys file in the correct .CAB file [unpack THAT one also, but rename the original .CAB file with a "0" in front of the original filename after unpacking its contents] and make the switchover for the win32k.sys file from October 2024's security update. Then, to recompile that .CAB file and place it into the W7ESUI folder along with its other 3 original files. If it works out, this would have to be the unofficial November 2024 Security Only Quality Update for Windows Server 2008 R2 for future setups (for now until a better monthly update patch is official). Just an idea that might cut out needing to use settings changing with BCDEdit or the Recovery CD/WinPE/Linux-LIVE methods at all. P.S.: Were the previous (no) integrity checks, load options and test signing settings reverted back to their original state settings? Or they are left as were performed to avoid a BSOD?
Ahh, very good, But one Problem, i have checked SFC /scannow, this will replace the win32k.sys and after Restart the Browsers does not working. Now I have replaced it again and it works again.
Good morning /or/ evening to everyone Long story short I've been a lurker at this thread for 4-5 years now ever since Windows 7 was condemned to EOS, and even saw the thread went it wasn't yet members-only censored. (plus monthly visits to Ghacks & later on Ask Woody) And it's only now that I was forced to create a MDL account because of my current problem Basically, because of work I only had the free time now (since yesterday) to install the October 2024 updates (KB5044356 & KB5044095 for me), but Windows Update always fails the downloaded updates: -if I try both updates, it keeps giving me the "Windows update encountered an unknown error" (forgot the exact code number but probably a 8024200) -if I try either 1 of the updates, it gives me the error code containg a 7 & e at the end I had to download individually from the Update Catalog because what else can I do... -successful with KB5044356 -for KB5044095 (.NET 4.8 Windows Embedded 7 x64) I downloaded all 4 files (2 MSU's & 2 EXE's) because I'm basically a noob regarding the more technical aspects, and only managed to successfully install Windows 6.1 KB4019990 x64 MSU & the ndp48 KB5044027 x64 EXE, while I couldn't proceed with the Windows 6.1 KB5044011 x64 MSU & the ndp48 KB5044019 x64 EXE for some reason I have downloaded the latest BypassESU (v13) and even triggered the Win7_WU_ESU_Patcher, but nothing happened, at least in a manner where I can say "Everything's fine" If anything the situation actually worsened -"View update history" got wiped out and only lists KB5044356 manual installation (it got similarly wiped out previously when I missed the February or March 2024 updates and I tried installing the previous month despite the then-current month updates) -"Most recent check for updates" & "Updates were installed" indicate "Never" -Windows Update is still stuck on "Checking for updates...", and I don't have any free time to either check in or even leave my laptop on as I have work the following day This post doesn't begin to start regarding potential November 2024 updates Can anyone tell me where & which stage I proverbially £ụćкęđ up??? Edited for a typo & additional information
I agree 100%. Each of us has to make that decision. I now have all of the info, research (so far) & the instructions saved without making any changes this month. I will be updating IE11 & .NET framework as these do not negatively affect my system & software. It is the Security Rollout that I am waiting on. What to do, what to do. lol
I have this message since January 2023, because Microsoft refused to sign the Nvidia-Drivers for Windows 7 (no WHQL). The bcdedit-commands for disabled driver-signature-check are included in the official Nvidia-Manual to allow the installation of the Nvidia-Drivers without signature. Windows shows just a watermark at the bottom right but works as good as ever. This has nothing to do with activation or something. The security is lowered because of this missing signature-checks, so you should be careful, what you install, as allways. Windows 7 Ultimate with Applocker ON can block all unknown programs because they have no execution rights and can't do anything malicious. On Win7-Home and Win7-Pro there is no Applocker available, but you can use Software Restriction Policies (SRP) to block unknown programs as good as Applocker. The solution obove with the replacing of win32k.sys is just step #1 with the intention to prove that it is just this one file which makes those problems. Step #2 will be information transfer to Microsoft and to the programmers of Firefox and Supermium, so they can make a better fix that avoids the incompatibility with the new win32k.sys. By the way: Windows Server 2008 R2 had various similar internet-problems since the year 2011 and curious workarounds had been found for those bugs.
The security-update KB5046705 includes 1425 updated files. If I replace just 1 of those files then +1424 updated files remain active in the system, which is better than 0 updated files. This first solution is just a proof-of-concept to show that only this one file win32k.sys is the culprit. From now on we can focus on this one file, which makes it a lot easier to write fixes for Firefox and Supermium, which in turn will make it unnecessary to overwrite the new patched win32k.sys with an older unpatched version. Some of the mitigations that are included in the win32k.sys can be made with other harmless hacks. For example we can disable NTLM via GPO or registry.
Just a reminder, since it may have gotten lost in all the new posts, but Firefox Portable 132.0 x 64 Supermium and Pale Moon 33.4.0.1 x 64 both still worked fine for me after the installation of KB5046687 with no modification to the update itself.
No the BCDEDIT-commands were NOT reverted, because they are needed to avoid the BSOD at boot. to revert the BCDEDIT-commands you can do this: BCDEDIT /set nointegritychecks OFF BCDEDIT /set LoadOptions ENABLE_INTEGRITY_CHECKS BCDEDIT /set TESTSIGNING OFF and then you will get a BSOD. If we replace or hack the manifests, mum and cat files which are associated with the win32k.sys then maybe we can replace it without a BSOD. The solution was only to proof that it is only this one file (win32k.sys) which creates the browser-error, so the work can be focused there and need not be spread across all 1425 files in the security-update. The work for the better real solution #2 can now begin. One step after another.
No, it is not better. If a file is updated, it does not mean that it had security updates. In addition, one vulnerability can be fixed by updating several files at once and we cannot say for sure without a detailed analysis. By replacing one file with an older one, you are playing roulette and do not know what else will break and how it will affect the stability and security of the system. A simple example - if you leave an older kernel in the system (just one file), then in one case you will not see any visible problems, in another you will get a BSOD, and in a third, programs will stop starting with the error 0xC0000005.
Update 1: While waiting in anxiety I did multiple searches on my own, and found some similar yet dated questions at the official Microsoft Support forums regarding the same topic, and the technical agenrs advised to just wait between 2 to 20 hours. Of course I initially scoffed at the idea (refer back to my dilemma), but surprisingly the "Checking for updates..." did eventually finish, and lo and behold I had 10 updates total for both Windows Server 2008 R2 & Windows 7: -of course hiding IE 11 because even though I grew up in IE it's already obsolete even for a regular 7 stan -as per @abbodi's advice (post #8209) ignoring the Windows Server 2008 updates -and as @everyone kept pointing out, also ignoring KB5046687 in the meantime -which just leaves me with KB890830 for now Update 2: Looks like everything is fine for now Other than ignoring KB5046687, the Windows Server 2008 updates, & a NVIDIA Display update (which resolutely refuses to be updated); plus a diminished "View update history" list, everything appears to be back the way it's supposed to look
A simple question from a simple guy....I installed KB5046705 on Tuesday and of course my Firefox 115.17.0esr (x64) tabs crash intermittently.......can I.....should I..... uninstall KB5046705 ?? I'm not skilled enough to undertake some of the other suggestions posted on MDL. Thanks in advance guys.
Does the browser crash with Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5046687) only happen on Windows 7 or also on the original Windows Server 2008 R2 x64?