Windows 7 Hotfix repository

Discussion in 'Windows 7' started by SoLoR, May 22, 2010.

  1. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
  2. Tito

    Tito Admin / Adviser
    Staff Member

    Nov 30, 2009
    19,091
    19,920
    340
  3. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30
    This list of updates have been expired for Windows 7/Windows 7 64 bit/Windows 2008 R2 on January 12, 2017.
    This seems to have fixed the slow scanning without the need for manual installs up front like KB3020369/KB3172605

    KB2567053
    KB2617657
    KB2639417
    KB2641653
    KB2660465
    KB2709162
    KB2718523
    KB2731847
    KB2761226
    KB2778344
    KB2778930
    KB2779030
    KB2808735
    KB2829361
    KB2850851
    KB2876315
    KB2883150
    KB2893984
    KB2913602
    KB2930275
    KB3000061
    KB3002885
    KB3013455
    KB3034344
    KB3057839
    KB3070102
    KB3095649
     
  4. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    They are old updates which already superseded by various updates before 2016

    what @ch100 mean is that their metadata is removed and no longer pushed to WU/WSUS
    and they are not available for download anymore in MU catalog
     
  5. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    Off-topic :)
    how you get the list of expired/removed updates in WSUS?
     
  6. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30
    You look at the Synchronizations under the Expired Updates column and where you see a large number, double click on the specific one to see the report.
    I copied the KBs manually from the report, few of them apply only to 64-bit version, which means Windows 7 64-bit and Server 2008 R2.
    Also when updates are expired, they automatically move into the Declined section.

    If you are interested in understanding WSUS better, check for anything written by Lawrence Garvin anywhere on the Internet. He sadly died unexpectedly not long ago. :weep:
     
  7. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30
    It is a bit complicated to detail each of them.
    But if you check either WSUS or Microsoft Catalog, you will actually see the relationships between them.
    I briefly checked and I found that there are few of them being part of longer chains of supersedence, some of them in the middle of those long chains, some superseding each other.
    The net effect of expiring updates belonging to longer supersedence chains is that the calculations performed as part of Windows Update by svchost.exe are much lighter and as such the performance is dramatically improved.

    Saying that, you would still be better off by installing an optimised Windows Update agent like the one contained in KB3172605 or if you don't trust some of the components inside, then the next best is KB3138612, but this is not as good as KB3172605.
     
  8. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30

    For those using WSUS, this means they are automatically expired, and as such invisible. A similar mechanism may be used at WU, as I was able to find an invisible SCEP Engine upgrade not long ago on the download servers, by having the URL sniffed previously.
    In WSUS the admin has the luxury to decline manually whatever needs to be and as such a well maintained WSUS server should have never had the slow scanning issue.
    Only that most admins either do not do maintenance, or simply do not have a clue about the slow scanning issue.
     
  9. liam2

    liam2 MDL Junior Member

    Jun 23, 2009
    97
    23
    0
    Hi, after installing on windows 7 all the security only updates:
    oct 2016: KB3192391
    nov 2016: KB3197867
    dec 2016: KB3205394
    jan 2016: KB3212642
    ie11: kb3210694

    the Security Monthly Quality Rollup KB3212646 still appears after checking for windows updates.
    Is this normal?
    Thanks
     
  10. oldsh_t

    oldsh_t MDL Expert

    Dec 23, 2009
    1,081
    532
    60
    It will always show the Quality Rollup even if you install the security only. Uncheck it and right click on it then select "Hide".
     
  11. liam2

    liam2 MDL Junior Member

    Jun 23, 2009
    97
    23
    0
    Hi, thanks, I did that, and after hiding all Quality Rollups, some old updates showed up:
    (my last checking for updates on this machine was on june 2016)

    KB3182203 (time zone)
    KB3168965 (windows kernel mode)

    KB3185319 (ie11) but the Microsoft Update Catalog says it is superseeded by Security Only updates of december, november and october already applied on my system?????
     
  12. oldsh_t

    oldsh_t MDL Expert

    Dec 23, 2009
    1,081
    532
    60
    Just a fluk ... Hide it
     
  13. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30
    I think it is normal. I am not installing the Security Only updates, but they are only a subset of the Monthly Rollups.
    Security Only are normally installed outside of Windows Update and compared to a master list like Wsusscn2.cab and not with Windows Update for compliance and full patching.
     
  14. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    I always wondered, why IE10 is offered as Important, while IE11 is merely Optional
    although both needs "optional" Platfrom Update, and IE10 is support-ended :g:
     
  15. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30
    I noticed the same thing, but if you don't know this, who else would be able to know? ;)

    Just guessing.
    I think IE10 support-ended as is, it is still offered to Server 2008 R2 for reasons specific to business applications, in general Microsoft Server applications, like CRM, BizTalk, Sharepoint. It doesn't make much sense as browsing from the servers should be minimal, ideally at least, except for configurations like Terminal Server (Remote Desktop Host) or Citrix XenApp.

    My point of view is that IE11 is not so much different when compared to IE10, only that it sends a more neutral (not IE like) browser agent string.
    For that reason, IE10 is more compatible, while offering essentially the same functionality with IE11.

    I am not sure if IE10 is still offered to Windows 7. This is easy to test, by hiding IE11, I only did not test recently.

    I think IE11 used to be Optional but now comes as Important on a new installation, without being offered IE10 first.
    IE10 is not expired like IE9, so it should still be available.

    The Platform Update is another thing. It is Optional by itself, but if you install IE10/11 from Windows Update or even from the IE downloaded installer without the pre-requisites while allowing Internet access, the Platform Update is installed in the background, but in the history is flagged as Important. I know that the history does not matter being just a cache, but this is how it appears.

    You are probably right when saying that the difference between the various types of updates, Important (Security & Critical), Recommended and Optional is only cosmetic. In addition, according to WSUS (and Catalog I believe) there are other categories like Updates (no distinction there between Recommended and Optional) or Update Rollups, Feature Packs and Definition Updates (MSE, FEP, SCEP, Defender, but also Office Definitions/Junk Mail filter updates).

    Recommended updates have superseded sometimes Security Updates and as such, there should be no difference other than cosmetic.
     
  16. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    My wondering is from very recent clean install :)
    IE10 still important, IE11 still optional
     
  17. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    856
    730
    30
    I will do another test soon.
    I was under the impression that IE11 is presented as important for new installs only with SP1 right now. :)