Page 1 of 1

Missing pre- and after- "correction" updates.

PostPosted: 31.07.2018, 18:47
by Wizard
Windows 7 and Server 2008 R2 had problems with three updates at least.
They were KB4056897, KB4088878 and KB4338823.
KB4056897 must be fixed with KB4073578.
KB4088878 must be installed in this way:
1. KB4099950 (as "precorrection");
2. KB4088878 (as itself);
3. KB4100408 (as "aftercorrection").
KB4338823 must be fixed with KB4345459.
Version of WSUSoffline 11.4 doesn't download those additional updates, only KBs 4056897, 4088878 and 4338823.
I know only about these 3 updates (had a headache with lots PCs in my corporation), but shure there are more.
So now I wonder, is there any option to force downloading those additional updates or am I doing something wrong?
Our corporate WSUS downloaded those fix-updates and then distributed to clients, but WSUSoffline doesn't.

Re: Missing pre- and after- "correction" updates.

PostPosted: 31.07.2018, 23:39
by aker
Just to check the updates:
1. KB4099950 = PCIClearStaleCache.exe
2. KB4088878 = 2018-03 SecOnly rollup for Windows 7 (version available in MS Update Catalog was last changed on 2018-04-04; internal change date 2018-03-09)
3. KB4100408 = I can't find it in the MS Update Catalog. Could you provide an URL of the file to me? [Will check my Windows 7 update archive "tomorrow", at the moment it's 12:30 AM]
Or did you mean KB4100480?

As far as I know, the third update was a fix for the broken Meltdown/Spectre-patch in Windows 7 x64.

Just two assumptions:
- As far I have seen in newer rollups, the first update has been integrated into all following rollups (will check the SecOnly ones "tomorrow"). Maybe (unverified) it's not needed anymore, if newer updates get installed the same reboot cycle.
- If you mistyped the third KB-number: maybe the update has been superseded by newer SecOnly-updates (will also check this "tomorrow").

Re: Missing pre- and after- "correction" updates.

PostPosted: 01.08.2018, 09:32
by Wizard
Thank you for your quick reply.

Yes, you are right, that's my mistake - KB4100480.

I thought also about replacement, actually in two types: replacement in revision of update (something like KB4088878 v.2, which now could include KB4099950 and KB4100480) or replacement with superseding new update.
But KB4088878 has not changed - downloaded CAB-file by wsusoffline is the same as CAB-file inside MSU-file, which is downloaded manually from MS.
Checked now if those updates were replaced - they were not.
Also found that 4099950, 4345459, 4073578 have "unspecified" importance mark, only 4100480 is set as "important" - I guess, that's why they are not downloaded by wsusoffline.

Re: Missing pre- and after- "correction" updates.

PostPosted: 02.08.2018, 00:30
by aker
Wizard wrote:Also found that 4099950, 4345459, 4073578 have "unspecified" importance mark, only 4100480 is set as "important" - I guess, that's why they are not downloaded by wsusoffline.

Most likely. For more info, please take a look at this topic:
:arrow: viewtopic.php?f=7&t=172

I just checked KB4100480. (You can just open it inside an archive unpacker such as 7-Zip and view the CAB-file)
Usually (does not work in all but in the most cases) you can check, if a package gets superseded by one or multiple updates.
There are some files named "amd64/wow64/x86_<component name>_<version>_<more characters>.manifest".
If all components inside one update have equal or higher versions in other updates, installing the other updates superseded the update you checked in the most cases (just a hand full of updates, where this rule does not apply).
So no classic "-v2"-rule or supersedance listed in the catalog files. This is no official rule published by MS, but the way WUA determines missing updates.
And nearly all packages (except for some Hyper-V components) inside KB4100480 are included / have been updated in newer SecOnly updates.
But you're right, it should be included in wsusou SecOnly-mode (not relevant for the rollups).

Could we add KB4099950 and KB4100480 at least for the SecOnly-mode?
Both should be not required when using the rollups (as included). [Just checked by setting up a new w61-x64 machine with a 2016-09 slipstreamed ISO & 2018-07 rollup]

Re: Missing pre- and after- "correction" updates.

PostPosted: 04.08.2018, 10:33
by Wizard
Aker, thank you for idea about manifest-files, but that didn't help me.
Compared 4338823 with 4345459 - seems that 4345459 has something new regarding 4338823, and later I thought that 4345459 can be installed without 4338823.
But then I made investigation on virtual machine (win7 x86) with all recent updates installed manually and with help of MS Baseline Security Analyzer (using from 10.07.2018).
MBSA now always recommends 890830 (malicios soft removal) and 4130978 (time zone changes) - I ignore them in next story:
1. Uninstalled 4345459, 4338823, 4088878, 4099950, 4073578, 4056897 and rebooted. Those updates disappeared from system's installed updates list.
2. Run MBSA but it didn't recommend anything.
3. Removed 4338818, rebooted.
4. Run MBSA, it found missing: 4049068, 3004361, 3076895, 4054521, 3101722, 4338818, 4048960, 4338823, 4339093, 4038779, 4041678, 2509553, 4054518.
5. Reinstalled 4338818, rebooted.
6. Run MBSA - no missing updates, no recommendations again; only 4338818 appeared in system's installed updates list, 12 others - not.
7. Manually installed 4345459, just for test - it appeared in system's installed updates list, but 4338823 did not (as we remember, 4345459 is a fix for 4338823).
8. Run MBSA again - it does not recommend anything.
4338818 is cumulative (huge in MBs), released July 05.
After installing of it, MBSA does not recommend 4338823 (for example). But it's not clear - does it install it "insisibly" to user, or it makes "shut up" for MBSA not to display it.
I mean - can't say if 4338823 is really installed (released also July 05), 4345459 is released July 13, but WSUSSCN2.CAB is older and it don't "know" about that fix-update.

So I should conclude now saying that without manual checking with resources like:
end-user will not know actual situation, MBSA is unable to help.

Thank you for participation in discussion.
I guess, topic should be closed now and no modifications should be made to WSUSoffline - I worry that this could make a lot of problems.

Re: Missing pre- and after- "correction" updates.

PostPosted: 08.08.2018, 10:45
by aker
Sorry for the late reply, I had too much to do the last days...

Then it seems to be some kind of bug or interaction inside the CBS (component based servicing).
Also you have to remember, that not all components apply to all versions of Windows (e.g. Hyper-V normally just applies to Windows Server platforms).

I think, we will fix this issue (which is caused by some mistake by MS) by adding the missing update using a static definition.
I will check, if KB4100408 changes anything on a Windows 7 Enterprise x64 and post it here.

Re: Missing pre- and after- "correction" updates.

PostPosted: 19.08.2018, 09:38
by Wizard

Recently MS released new updates and now:
    4345459 is replaced by 4343900
    4100480 is replaced by 4343900 with 4343899.
There should be no problems, because 4343899 and 4343900 have no known issues by now: (problem with inf-files is not detected anywhere in my company PCs);
But there could be problems with future "Monthly Rollup" and "Security-only" as previous releases had:
Hope MS will test new releases more thoroughly.