If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rating: | Display Modes |
#1
|
|||
|
|||
Another Windows Update query
Before installing Windows updates, I check the advice from a newsletter
I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne |
Ads |
#2
|
|||
|
|||
Another Windows Update query
Jo-Anne wrote on 2016/02/11:
I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 That MS article was published February 9, 2016; however, if you look at the description of each update instead of the MS article listing multiple updates, you would see those updates have been around for 2 to 3 weeks. If they were not offered via WU until incorporate to MS016-019 then they may not have been noticed until the last 1 or 2 days. Go back to the MS016-019 article. Do a search on those update numbers (without the "KB" prefix) instead of relying on your eyes. On each hit, look at the Windows version and bitness in which that hit applies. You would see that both those updates apply to both the x86 and x64 version of Windows 7. KB31272220 Published: 1/22/2016 https://www.microsoft.com/en-us/down....aspx?id=50865 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. KB3127229 Published: 1/29/2016 https://www.microsoft.com/en-us/down....aspx?id=50919 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. |
#3
|
|||
|
|||
Another Windows Update query
Jo-Anne wrote:
Before installing Windows updates, I check the advice from a newsletter I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne Hi, Jo-Anne Both 3127220 and 3127229 are shown for Win7x64 Sp1 systems as 'Information Disclosure' related updates for the .NET 3.5.1 and .NET 4.5.2 components. cf. https://technet.microsoft.com/en-us/...urity/MS16-019 Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 Important Denial of Service (3122648) Important Information Disclosure (3127220) ===== Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.5.2[1] Important Denial of Service (3122656) Important Information Disclosure (3127229) ===== -- ....winston msft mvp windows experience |
#4
|
|||
|
|||
Another Windows Update query
On 2/11/2016 11:37 AM, Jo-Anne wrote:
Before installing Windows updates, I check the advice from a newsletter I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne Thank you both. I misread my "Find" results as 1 of 1 instead of 1 of 10. My apologies. -- Jo-Anne |
#5
|
|||
|
|||
Another Windows Update query
On 2/11/2016 12:37 PM, Jo-Anne wrote:
Before installing Windows updates, I check the advice from a newsletter I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne I found some updates that are questionable, too. KB2952664 Don't understand what it's for. KB3102429 KB3123862 KB3135445 Last 3 have something to do with Win10 |
#6
|
|||
|
|||
Another Windows Update query
susan wrote:
On 2/11/2016 12:37 PM, Jo-Anne wrote: Before installing Windows updates, I check the advice from a newsletter I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne I found some updates that are questionable, too. KB2952664 Don't understand what it's for. KB3102429 KB3123862 KB3135445 Last 3 have something to do with Win10 These two act as a team. You won't be offered a free copy of Windows 10 by GWX alone, without '664. But today, receiving it via Windows Update, is a second delivery mechanism. So even if this tag team is not installed, you might still be offered Windows 10 when you didn't particularly ask for it. 2952664 Engine components for qualifying OS analysis. 3035583 GWX (Get Windows 10) display and state machine. The '664 update is referred to as a "servicing stack update". Which doesn't tell you anything, but you can use such a description in a web search, to see what duties such an update performs. Paul |
#7
|
|||
|
|||
Another Windows Update query
On Thu, 11 Feb 2016 22:58:26 -0500, susan wrote:
On 2/11/2016 12:37 PM, Jo-Anne wrote: Before installing Windows updates, I check the advice from a newsletter I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne I found some updates that are questionable, too. KB2952664 Don't understand what it's for. KB3102429 KB3123862 KB3135445 Last 3 have something to do with Win10 I did a quick Google search for those last 4 updates and it seems to me that MS would like to have a Windows 10 party for you and your PC. Your invitation could appear on a PC near you any time soon. As I have already upgraded to Win 10 from Win7 I can't tell whether or not they were installed on my two PCs. |
#8
|
|||
|
|||
Another Windows Update query
Paul wrote:
susan wrote: On 2/11/2016 12:37 PM, Jo-Anne wrote: Before installing Windows updates, I check the advice from a newsletter I subscribe to; but occasionally an update doesn't appear in its recommendations on whether to install. Two updates yesterday didn't appear in the newsletter, so I checked them at the Microsoft website https://technet.microsoft.com/en-us/...urity/MS16-019 I have a 64-bit Windows 7 Dell laptop. In WU, these two updates claim to be for 64-bit Windows 7 machines. However, the Microsoft website says that they're for 32-bit Windows 7 computers. The updates are KB3127220 KB3127229 They both have to do with .NET Framework. My question: Should I install them? Thank you, Jo-Anne I found some updates that are questionable, too. KB2952664 Don't understand what it's for. KB3102429 KB3123862 KB3135445 Last 3 have something to do with Win10 These two act as a team. You won't be offered a free copy of Windows 10 by GWX alone, without '664. But today, receiving it via Windows Update, is a second delivery mechanism. So even if this tag team is not installed, you might still be offered Windows 10 when you didn't particularly ask for it. 2952664 Engine components for qualifying OS analysis. 3035583 GWX (Get Windows 10) display and state machine. The '664 update is referred to as a "servicing stack update". Which doesn't tell you anything, but you can use such a description in a web search, to see what duties such an update performs. Paul 2952664 supports the GWX app's Upgrade Advisor component. -- ....winston msft mvp windows experience |
#9
|
|||
|
|||
Another Windows Update query
On Thu, 11 Feb 2016 13:09:37 -0600, VanguardLH wrote:
KB31272220 Published: 1/22/2016 https://www.microsoft.com/en-us/down....aspx?id=50865 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. KB3127229 Published: 1/29/2016 https://www.microsoft.com/en-us/down....aspx?id=50919 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. I hate, hate, HATE the generic descriptions of updates. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#10
|
|||
|
|||
Another Windows Update query
In message , Stan Brown
writes: On Thu, 11 Feb 2016 13:09:37 -0600, VanguardLH wrote: KB31272220 Published: 1/22/2016 https://www.microsoft.com/en-us/down....aspx?id=50865 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. KB3127229 Published: 1/29/2016 https://www.microsoft.com/en-us/down....aspx?id=50919 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. I hate, hate, HATE the generic descriptions of updates. So do I. But if the choice is between that and nothing, I guess I'd rather have that. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "quidquid latine dictum sit, altum viditur". ("Anything is more impressive if you say it in Latin") |
#11
|
|||
|
|||
Another Windows Update query
Stan Brown wrote on 2016/02/13:
VanguardLH wrote: KB31272220 Published: 1/22/2016 https://www.microsoft.com/en-us/down....aspx?id=50865 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. KB3127229 Published: 1/29/2016 https://www.microsoft.com/en-us/down....aspx?id=50919 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. I hate, hate, HATE the generic descriptions of updates. Yep, Microsoft has become well practiced in the last couple of years in being vague about their updates, especially so for the Win10 updates (and the Win10-oriented updates for Win7/8). However, regarding security updates, I can see why they are vague. They are not interested in providing instructions to script kiddies or malware wannabes on how to code for a vulnerability so those a-holes can harm Windows users that have yet to install the patches. Microsoft is not in the business of educating malware authors so I fully understand why they do not provide details on security updates. Do you help those that are trying to hurt you? I ran into the same situation in newsgroups that discuss malware. I normally do not provide a valid e-mail address, not even an obfuscated one, when posting in Usenet. However, in those newsgroups, you may want to or should take offline any discussion of the details of malware or for a vulnerability you have discovered or want to discuss. The point of the newsgroup is to fight malware, not abet it. It would irresponsible and reprehensible for Microsoft to describe in detail a vulnerability via a public venue of communication. Not all truth is for the public good. Also, for the vast majority of their users, details would be far beyond the expertise of their customer base to comprehend. While I research all offered updates, some involve technologies to which I've never been exposed because I never used, administered, or dealt with them before. So I have to learn more than I wanted to determine if I want to permit the install of some updates. Could take hours or days before I understand enough of the technology to make a decision to install an update. How many users do you know that will go through that much effort to validate an update? Do you? Well, maybe you and I do but even the majority of visitors here do not, so even much less so for the general user community. |
#12
|
|||
|
|||
Another Windows Update query
On 2/13/2016 1:24 PM, VanguardLH wrote:
Stan Brown wrote on 2016/02/13: VanguardLH wrote: KB31272220 Published: 1/22/2016 https://www.microsoft.com/en-us/down....aspx?id=50865 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. KB3127229 Published: 1/29/2016 https://www.microsoft.com/en-us/down....aspx?id=50919 A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. I hate, hate, HATE the generic descriptions of updates. Yep, Microsoft has become well practiced in the last couple of years in being vague about their updates, especially so for the Win10 updates (and the Win10-oriented updates for Win7/8). However, regarding security updates, I can see why they are vague. They are not interested in providing instructions to script kiddies or malware wannabes on how to code for a vulnerability so those a-holes can harm Windows users that have yet to install the patches. Microsoft is not in the business of educating malware authors so I fully understand why they do not provide details on security updates. Do you help those that are trying to hurt you? I ran into the same situation in newsgroups that discuss malware. I normally do not provide a valid e-mail address, not even an obfuscated one, when posting in Usenet. However, in those newsgroups, you may want to or should take offline any discussion of the details of malware or for a vulnerability you have discovered or want to discuss. The point of the newsgroup is to fight malware, not abet it. It would irresponsible and reprehensible for Microsoft to describe in detail a vulnerability via a public venue of communication. Not all truth is for the public good. Also, for the vast majority of their users, details would be far beyond the expertise of their customer base to comprehend. While I research all offered updates, some involve technologies to which I've never been exposed because I never used, administered, or dealt with them before. So I have to learn more than I wanted to determine if I want to permit the install of some updates. Could take hours or days before I understand enough of the technology to make a decision to install an update. How many users do you know that will go through that much effort to validate an update? Do you? Well, maybe you and I do but even the majority of visitors here do not, so even much less so for the general user community. I'd agree with your position on malware updates. The two referenced at the top have sufficient detail. Most of the discussion over updates has to do with MS pushing update items that allow THEM to "compromise my system and gain access to my data." If an update allows MS to FORCE a OS upgrade on you, that should be spelled out in big red letters and be OPT-IN. Hell, they should go to jail for hiding it. |
#13
|
|||
|
|||
Another Windows Update query
In message , mike
writes: On 2/13/2016 1:24 PM, VanguardLH wrote: [] Microsoft is not in the business of educating malware authors so I fully understand why they do not provide details on security updates. Do you help those that are trying to hurt you? [] Also, for the vast majority of their users, details would be far beyond the expertise of their customer base to comprehend. While I research [] I take your point(s). For the first one, it would do no harm if they were to add, to the boilerplate text, "this update protects against xyz, abc, and 123, among others" - that wouldn't tell the malware authors much. But, as suggested by your second point, this information would probably be of little use to most users. I do agree with the OP that boilerplate text is irritating, though. [] Most of the discussion over updates has to do with MS pushing update items that allow THEM to "compromise my system and gain access to my data." Yes - "bundling" of such things (which are not, IMO, strictly "updates") with other things, especially genuine security updates, is at best underhand. If an update allows MS to FORCE a OS upgrade on you, that should be spelled out in big red letters and be OPT-IN. Hell, they should go to jail for hiding it. Indeed. In fact I'd question whether it should be allowed to be distributed via the "update" channel at all. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf A perfectionist takes infinite pains and often gives them to others |
#14
|
|||
|
|||
Another Windows Update query
On Sun, 14 Feb 2016 11:57:03 +0000, J. P. Gilliver (John) wrote:
I take your point(s). For the first one, it would do no harm if they were to add, to the boilerplate text, "this update protects against xyz, abc, and 123, among others" Not only would it do no harm, it would be helpful. That's probably why they don't do it. :-) And that brief description ought to appear in Windows Update on your computer, instead of just "This fixes issues in Windows." It's irritating to have to go out on the Internet, and even enable Javascript, to get even basic information from Microsoft about an update. I'm sure they do that on purpose, trying to pressure people not to pick and choose among updates. I like someone else's suggestion to google for the KB numbers and read about a given update on sites other than Microsoft's. If a update has been out for a few days, and nobody but Microsoft has written about it, it's probably safe. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#15
|
|||
|
|||
Another Windows Update query
Stan Brown wrote on 2016/02/14:
J. P. Gilliver (John) wrote: I take your point(s). For the first one, it would do no harm if they were to add, to the boilerplate text, "this update protects against xyz, abc, and 123, among others" Not only would it do no harm, it would be helpful. That's probably why they don't do it. :-) And that brief description ought to appear in Windows Update on your computer, instead of just "This fixes issues in Windows." It's irritating to have to go out on the Internet, and even enable Javascript, to get even basic information from Microsoft about an update. I'm sure they do that on purpose, trying to pressure people not to pick and choose among updates. One item Gilliver did mention (but somewhat independently of his prior post or its replies) is the bundling of updates. I've seen updates that address 2 totally different functions in Windows. For example, one was about some login mechanism that did not apply in non-domain setups and also had an update for some component in MS Office. To get the MS Office update meant getting their other superfluous update (for my setup). As to the vague descriptions, quite often the KB article to which the WU client links is too vague assuming the user actually even gets that far to research an update. Alas, most users just ingest whatever Microsoft spoon feeds them. Some of those generalized KB article have links to "Additional Information" pages with more technical details. For KB3127220: https://www.microsoft.com/en-us/down....aspx?id=50865 links to https://support.microsoft.com/en-us/kb/3127220 Obviously Microsoft should *not* be providing an example to script kiddies and malware wannabes just what is a "specially crafted XSLT" (https://en.wikipedia.org/wiki/XSLT). For KB3127229: https://www.microsoft.com/en-us/down....aspx?id=50919 links to https://support.microsoft.com/en-us/kb/3127229 which is another XSLT vulnerability. Both dealt with "specially crafted XSLT" content. The updates replaced different files but that in itself is not sufficient reason to issue separate updates. KB3127220 updates .NET 3.51. KB3127229 updates .NET 4.52 and why the updates are separate. So, in this case for those 2 updates, there is probably sufficient information to decided whether or not to install them. I don't expect and would not want Microsoft to map out and publicly disclose exactly what is the "specially crafted XSLT". To be sure, there have been updates with too little technical information but not in this case. Also, quite often to what an update applies against is not what even experienced Windows users may be knowledgeable so the user has to educate themself. Once the user has more background in the technology the update addresses then it becomes more apparent why the update is offered. If a doctor where to get deeply involved in discussing why some blood disorder caused a particular change in osmosis of sodium through the cell wall for which types of cells and yadda yadda, it's all gobblety-gook to you unless you educate yourself beyond what is expected for patient knowledge but does not prevent the patient from educating themself to further understand the blood disorder. Depends on how self-motivated is the patient or even if the patient cares about getting into that far greater level of detail. Microsoft provides links to articles to give general and too often overly vague descriptions of their updates; however, sometimes there is a link providing more technical details on an update. I'm not sure that I want Microsoft bloating network bandwidth and disk consumption to include every document applicable to every update. Most users never research an update so why bother doling out documentation they never read? These are the same users that never read the help documentation that comes with software or even bother to investigate what configuration settings are available. They deliberately choose to remain blind. I suppose Microsoft could provide a user-configurable option to determine how much information was included in a downloaded update package but that's a hindsight issue regarding adding new functionality both in the WU client and up in the server and its database. After all, you have to be online to get the updates so it isn't a huge leap to go online to read the KB articles and use their links, if available, to read more detailed technical descriptions. Yes, Microsoft could do much better regarding their descriptions of updates (and not bundling them for unrelated functionalities). Always easier to tell someone else what to do than do it yourself. More info available (even if only online) would allay increasing suspicions as to what Microsoft is doing. To me, it doesn't seem that Microsoft deliberately wants to make their customers distrust them. Seems more like the old guard of programmers and documenters at Microsoft has faded away (quit, fired, moved on, died) and the new guard is less capable. The old was used to telephone conversations and face-to-face review meetings. The new grew up with urgent immediacy and texting littered with acronyms. Attention span is now less than for a goldfish. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|