Handling of "Monthly Rollup" Patches starting October

Re: Handling of "Monthly Rollup" Patches starting October

Postby aker » 15.10.2016, 22:21

I didn't try it yet, but which one gets installed on a machine running Windows 7 2016-09?
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 2800
Joined: 02.03.2011, 15:32

Re: Handling of "Monthly Rollup" Patches starting October

Postby Denniss » 15.10.2016, 22:40

Code: Select all
15.10.2016  9:28:53,16 - Info: Installed ..\w61-x64\glb\windows6.1-kb3188730-x64_d9606f2b8742f5b4def59539b7f0e67034198b38.cab
15.10.2016  9:29:45,35 - Info: Installed ..\w61-x64\glb\windows6.1-kb3188740-x64_b6e6f416b29f9ddb779a72c9ee37882178cf1d2c.cab
15.10.2016  9:34:29,10 - Info: Installed ..\w61-x64\glb\windows6.1-kb3185330-x64_b89b88ac042c27d6694771dbd8900d4f4cf4c4bd.cab
15.10.2016  9:34:33,21 - Info: Installed ..\ofc\glb\ogl-x-none_49bb1acfd04c93065caf20f87e40597dcf5d70c3.cab
15.10.2016  9:34:35,96 - Info: Installed ..\ofc\glb\wordconv-x-none_de140ee4616c9046b3c2d56c5d4b06adaf41f656.cab
15.10.2016  9:35:40,42 - Info: Installed ..\w61-x64\glb\windows6.1-kb3192391-x64_46ff895c96395a951e39305e226694d0702d6a76.cab
15.10.2016  9:36:01,47 - Info: Installed ..\w61-x64\glb\windows6.1-kb3018238-x64_e044f3e0e6f4ccfccadaaa8294f9472f15d4db9a.cab
Denniss
 
Posts: 819
Joined: 01.08.2009, 10:51

Re: Handling of "Monthly Rollup" Patches starting October

Postby aker » 16.10.2016, 17:44

Pretty good job, MS.
Why just install 1 monthly update for Windows & .NET 3.5, if we could install both... :roll:
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 2800
Joined: 02.03.2011, 15:32

Re: Handling of "Monthly Rollup" Patches starting October

Postby aker » 19.10.2016, 22:13

Just tested it. wsusou will report and install the full rollup. Steps I did:
1) Installed slipstreamed (2016-09) w61-x64.
2) Installed 2016-10 Security-only rollup (w61 and .NET 3.5.1)
3) ran wsusou
4) wsusou reported the full rollup as missing and installed it
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 2800
Joined: 02.03.2011, 15:32

Re: Handling of "Monthly Rollup" Patches starting October

Postby boco » 20.10.2016, 18:08

That's why I blacklist the full packs. Security-wise, only one of them suffices.

If you check out the Preview of next month's "quality" updates, you'll notice there is already an updated Telemetry client in it. This is what will be in next month's full pack, too. So, with full packs, you'll inevitably infect your systems with Telemetry spyware.

No, thanks.
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media creator: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 1823
Joined: 24.11.2009, 17:00
Location: Germany

Re: Handling of "Monthly Rollup" Patches starting October

Postby aker » 20.10.2016, 20:32

I agree with boco. wsusou should just install the security-only rollup. But to do this, we would need to find a way, to dynamically determine the rollups. Else we would have to update the blacklist every month.
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 2800
Joined: 02.03.2011, 15:32

Re: Handling of "Monthly Rollup" Patches starting October

Postby hym » 01.11.2016, 17:04

Hello,
please forgive me for not totally understanding. I think my question is, will wsusoffline still keep the bad telemetry and other crap out since it reads in other places that Microsoft is now calling some security updates that are listed as critical/very important as "optional" updates.

Again I apologize for needing this clarification, but I am in early Dementia, but still want to protect my computers until I can't.

Thanks you,
hym
hym
 
Posts: 3
Joined: 07.10.2016, 22:57

Re: Handling of "Monthly Rollup" Patches starting October

Postby boco » 01.11.2016, 18:21

Windows 7 / 8:

The problem is that they now combine all month's updates (for security-only pack) or even all updates since last SP (planned for the cumulative update) into one package, you you can no longer cherry-pick what to install.

There are two flavors one can use:
1. The cumulative update pack. Combines all updates and is updated every month. Only the latest pack is required to install, eventually (they'll begin migrating all old post-SP1-patches next year). This is what you do get from Windows Updates.
If it sounds too good to be true, it usually is. This packs contains all so-called Telemetry updates (the Diagtrack client plus the Telemetry points), so, leaving WU on Automatic will get the system infected in no time.
As you know, there are classes of updates (critical, security, recommended, optional), and an update pack gets the class of the highest-ranked updates in it. It contains security-critical updates and thus is handled as being security-critical and auto-installed.

Not better than those useful programs that are bundled with crapware!

2. Security-only packs. Contains only one month's worth of security updates. Not cumulative, so you need to install each month's security-only pack to be secure. I do expect they will create a Security-only Rollup package at one point if the numbers get too high.
Now to the caveat: The security-only packs are not offered by WU!


Currently, with default settings, WSUSOU does install both packs, since there is no functionality in place that contains them, at least not yet. Without any such functionality in place, WSUSOU will start installing Telemetry crap beginning next Patch Tuesday (one week from now).
Luckily, you can exclude updates yourself, using the Exclude lists.


aker wrote:I agree with boco. wsusou should just install the security-only rollup. But to do this, we would need to find a way, to dynamically determine the rollups. Else we would have to update the blacklist every month.
It's only two (or four if .NET included) KB numbers a month. Users could choose to go either the cumulative way (all updates but Telemetry included) or the security-only way (no optional stuff but more updates to install). Since you only need one type of the packs the other type could be blacklisted in WSUSOU and even auto-hidden so WU won't offer it anymore.
Microsoft update catalog: http://catalog.update.microsoft.com/v7/site/
Windows Install media creator: https://support.microsoft.com/en-us/help/15088/windows-create-installation-media
boco
 
Posts: 1823
Joined: 24.11.2009, 17:00
Location: Germany

Re: Handling of "Monthly Rollup" Patches starting October

Postby bezeelev » 11.11.2016, 21:03

Hi.
What's WSUSOU status regarding this topic? I see there is no new update on the software, but Microsoft's monthly rollup update is here. Have you taken a look at it?

Will users have the choice of installing the security-only packs in the next WSUSOU version?
bezeelev
 
Posts: 6
Joined: 11.11.2016, 20:58

Re: Handling of "Monthly Rollup" Patches starting October

Postby aker » 11.11.2016, 22:21

We're currently discussing on what to do. MS currently forces the full patch to be installed, but a solution for those, who want the security only is worked on.

:arrow: viewtopic.php?f=2&t=6072
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 2800
Joined: 02.03.2011, 15:32

Previous

Return to Anregungen / Suggestions

Who is online

Users browsing this forum: No registered users and 3 guests