Page 2 of 2

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 15.10.2016, 22:21
by aker
I didn't try it yet, but which one gets installed on a machine running Windows 7 2016-09?

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 15.10.2016, 22:40
by Denniss
Code: Select all
15.10.2016  9:28:53,16 - Info: Installed ..\w61-x64\glb\windows6.1-kb3188730-x64_d9606f2b8742f5b4def59539b7f0e67034198b38.cab
15.10.2016  9:29:45,35 - Info: Installed ..\w61-x64\glb\windows6.1-kb3188740-x64_b6e6f416b29f9ddb779a72c9ee37882178cf1d2c.cab
15.10.2016  9:34:29,10 - Info: Installed ..\w61-x64\glb\windows6.1-kb3185330-x64_b89b88ac042c27d6694771dbd8900d4f4cf4c4bd.cab
15.10.2016  9:34:33,21 - Info: Installed ..\ofc\glb\ogl-x-none_49bb1acfd04c93065caf20f87e40597dcf5d70c3.cab
15.10.2016  9:34:35,96 - Info: Installed ..\ofc\glb\wordconv-x-none_de140ee4616c9046b3c2d56c5d4b06adaf41f656.cab
15.10.2016  9:35:40,42 - Info: Installed ..\w61-x64\glb\windows6.1-kb3192391-x64_46ff895c96395a951e39305e226694d0702d6a76.cab
15.10.2016  9:36:01,47 - Info: Installed ..\w61-x64\glb\windows6.1-kb3018238-x64_e044f3e0e6f4ccfccadaaa8294f9472f15d4db9a.cab

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 16.10.2016, 17:44
by aker
Pretty good job, MS.
Why just install 1 monthly update for Windows & .NET 3.5, if we could install both... :roll:

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 19.10.2016, 22:13
by aker
Just tested it. wsusou will report and install the full rollup. Steps I did:
1) Installed slipstreamed (2016-09) w61-x64.
2) Installed 2016-10 Security-only rollup (w61 and .NET 3.5.1)
3) ran wsusou
4) wsusou reported the full rollup as missing and installed it

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 20.10.2016, 18:08
by boco
That's why I blacklist the full packs. Security-wise, only one of them suffices.

If you check out the Preview of next month's "quality" updates, you'll notice there is already an updated Telemetry client in it. This is what will be in next month's full pack, too. So, with full packs, you'll inevitably infect your systems with Telemetry spyware.

No, thanks.

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 20.10.2016, 20:32
by aker
I agree with boco. wsusou should just install the security-only rollup. But to do this, we would need to find a way, to dynamically determine the rollups. Else we would have to update the blacklist every month.

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 01.11.2016, 17:04
by hym
Hello,
please forgive me for not totally understanding. I think my question is, will wsusoffline still keep the bad telemetry and other crap out since it reads in other places that Microsoft is now calling some security updates that are listed as critical/very important as "optional" updates.

Again I apologize for needing this clarification, but I am in early Dementia, but still want to protect my computers until I can't.

Thanks you,
hym

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 01.11.2016, 18:21
by boco
Windows 7 / 8:

The problem is that they now combine all month's updates (for security-only pack) or even all updates since last SP (planned for the cumulative update) into one package, you you can no longer cherry-pick what to install.

There are two flavors one can use:
1. The cumulative update pack. Combines all updates and is updated every month. Only the latest pack is required to install, eventually (they'll begin migrating all old post-SP1-patches next year). This is what you do get from Windows Updates.
If it sounds too good to be true, it usually is. This packs contains all so-called Telemetry updates (the Diagtrack client plus the Telemetry points), so, leaving WU on Automatic will get the system infected in no time.
As you know, there are classes of updates (critical, security, recommended, optional), and an update pack gets the class of the highest-ranked updates in it. It contains security-critical updates and thus is handled as being security-critical and auto-installed.

Not better than those useful programs that are bundled with crapware!

2. Security-only packs. Contains only one month's worth of security updates. Not cumulative, so you need to install each month's security-only pack to be secure. I do expect they will create a Security-only Rollup package at one point if the numbers get too high.
Now to the caveat: The security-only packs are not offered by WU!


Currently, with default settings, WSUSOU does install both packs, since there is no functionality in place that contains them, at least not yet. Without any such functionality in place, WSUSOU will start installing Telemetry crap beginning next Patch Tuesday (one week from now).
Luckily, you can exclude updates yourself, using the Exclude lists.


aker wrote:I agree with boco. wsusou should just install the security-only rollup. But to do this, we would need to find a way, to dynamically determine the rollups. Else we would have to update the blacklist every month.
It's only two (or four if .NET included) KB numbers a month. Users could choose to go either the cumulative way (all updates but Telemetry included) or the security-only way (no optional stuff but more updates to install). Since you only need one type of the packs the other type could be blacklisted in WSUSOU and even auto-hidden so WU won't offer it anymore.

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 11.11.2016, 21:03
by bezeelev
Hi.
What's WSUSOU status regarding this topic? I see there is no new update on the software, but Microsoft's monthly rollup update is here. Have you taken a look at it?

Will users have the choice of installing the security-only packs in the next WSUSOU version?

Re: Handling of "Monthly Rollup" Patches starting October

PostPosted: 11.11.2016, 22:21
by aker
We're currently discussing on what to do. MS currently forces the full patch to be installed, but a solution for those, who want the security only is worked on.

:arrow: viewtopic.php?f=2&t=6072