Sign in to follow this  
Followers 0
phaolo

Win7 post-SP1 patches

14 posts in this topic

Posted (edited)

Hi,
to update Win7 in the past I used a "post-SP3 patches" maintained list (without MS crap and obsolete files), but I can't find it anymore.
Do you know where I could find one now? (up-to-date)

What about this program: WSUS Offline Update 10.92
Do you know if it's good & safe?
I'd like to use+save only the security patches, avoiding all the new telemetry spyware and such.

Btw, is it possible to get\create a "cleaned up" version of the cumulative rollup somehow?

 

Edited by phaolo
0

Share this post


Link to post
Share on other sites

It does seem that nobody here, or at least no group here, is actively managing any sort of KB update list for win-7.  Picking apart the monthly roll-ups, providing direct download links to individual updates/patches, etc.  Is anyone doing that over at sevenforums?  I was somewhat deep into doing that last year, and had a tweaked set of .MSU files (no telemetry, no MS spyware, no win-10 nagware) that I rolled into a win-7 sp1 ultimate 32-bit install image using RT7.   It was up-to-date as of August 2016 and on the 1 machine I've used it on, I haven't done any updating on that system (hardly use it).  Since MS went to monthly roll-ups, I really don't know if the roll-up package can be "un-packaged" to reveal individual .MSU files so that I (we) can continue to pick and choose which ones to install.  So I've kindof lost interest in the whole thing.  I have a couple of nice laptops (Dell Latitude E6230) that I bought as retail re-furbs (something like $250 each) and they came with win-10, and my plan is to create a custom win-7 install image for them (including all drivers, updates, etc) and blow away the win-10 crap that's on it (take the drive out and slave it to another system to format it).   So if there's a list of *useful* .msu files released since Aug 2016  (and a way to get them) then I'd like to know.  (I'll probably install XP on these dells first, on a FAT32 partition because I really like running XP from FAT32, then make it dual-boot with 7.  Triple-boot actually because the FAT32 would have DOS too).


 

0

Share this post


Link to post
Share on other sites

Posted (edited)

Simplix Pack to update Live Win7 System/ Integrate updates into Win7 or Server 2008

Link (use google translate):

http://forum.oszone.net/thread-257198.html

Google translate:

https://translate.google.com/

I use it to offline update my 7 SP-1, also it can be used on online system.

alacran

Edited by alacran
0

Share this post


Link to post
Share on other sites

Here's a better link, to the creator of the update pack, written in English:
https://www.patreon.com/simplix

Website: http://update7.simplix.info or auto-translate in English

The UpdatePack7R2-17.5.15.exe is a self-extracting 7-zip archive, some 654 MB in size. I've downloaded the torrent and verified the SHA-256 hash. It is current to 2017-05-15.

I will be checking the contents tomorrow against where I left off my updating last year.

From the included excel spreadsheet:

============

The following updates are undesirable and excluded:

KB971033- x86-x64 (Update for Windows Activation Validation Technologies)
KB2952664- x86-x64 (System Compatibility Update for upgrading to Windows 10)
KB2977759- x86-x64 (Diagnostics of compatibility problems for switching to Windows 10)
KB3021917- x86-x64 (System Diagnostics and Telemetry for the transition to Windows 10)
KB3035583- x86-x64 (Update installs the "Get Windows 10" application)
KB3068708- x86-x64 (Update for quality improvement and telemetry diagnostics)
KB3075249- x86-x64 (Update adds telemetry points to the file consent.exe)
KB3080149- x86-x64 (Update for CEIP program and telemetry diagnostics)
KB3081954- x86-x64 (Update to improve working folders and telemetry)
KB3123862- x86-x64 (Updated features for upgrading to Windows 10)
KB3139923- x86-x64 (Update adds telemetry points to the file consent.exe)
KB3150513- x86-x64 (Updated Configurations for Compatibility Diagnostics)
KB3161608- x86-x64 (Update adds telemetry points to the file consent.exe)
KB3163589- x86-x64 (The message about work under the control of the out-of-date Windows version)
KB3172605- x86-x64 (Update adds telemetry points to the file consent.exe)
KB3173040- x86-x64 (Update expiration notice for Windows 10)

==========

Of the above, 3161608, 3163589 and 3173040 are new additions to my list of 90-odd "bad" Win-7 KB updates.  All the others are already on my bad list.


 

0

Share this post


Link to post
Share on other sites

Posted (edited)

15 hours ago, Nomen said:

my list of 90-odd "bad" Win-7 KB updates

Err.. could you please share such list?

Edited by phaolo
0

Share this post


Link to post
Share on other sites

Ok, here's a writeup of the KB's that I've assembled for my win-7 SP1 installation image, the kb's that I've seen mention in various forums as being "bad", and what I've found in the patreon/simplix UpdatePack7R2-17.5.15 and how it compares with my stuff.  From what I can tell, the patreon list would want to add 33 kb's to my August/2016 set of KB's, and of those 33, 14 are on my "bad" list, 9 I already had (as part of my 800+ repository of msu files as of Aug/2016), and 10 I didn't have (but have now).   Of those 10, I think maybe 6 are "new" since Aug 2016.  Not many for the 8-month stretch of time we're talking about here.

win-7 kb info.txt
 

1

Share this post


Link to post
Share on other sites

So here's the story. I created my reference Win-7 install image on Aug 30, 2016 (using RT7). As of that date, after sitting back and watch it install itself on my reference system (complete with drivers, all .net updates, the install of IE10 and it's updates), I tell it to do a windows-update check and all I get (for Important Updates) are a handful of KB's I don't want. OK, so far so good.  It's got everthing I want it to have, and nothing I don't want.



Fast forward 8 months. I do another update check a few days ago. Remember, at this point, I've not downloaded *anything* from WindowsUpdate on the reference system.  As of yesterday, WU is offering me (in terms of Important Updates) these:

KB4019264 2017-05 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4019264)
KB3124275 Cumulative Security Update for Internet Explorer 10 for Windows 7 (KB3124275)
KB4019112 May, 2017 Security and Quality Rollup for .NET Framework on Windows 7 (KB4019112)
KB3042058 Security Update for Windows 7 (KB3042058)
KB3086255 Security Update for Windows 7 (KB3086255)
KB3138612 Update for Windows 7 (KB3138612)
(there's also a windows defender update, and maybe IE11, but let's ignore that for now)

Lets look at the last 3. They are in my Bad book, so my system doesn't have them, WU says I should have them. Patrion/Simplix update package also thinks they're good, and they have them. That's nice - I'll continue to pass on them.

So there's a .net update (4019112) and apparently there's a vulnerability patch associated with this (CVE-2017-0248). So even though WU is offering 4019112 to me (win-7 SP1 Ultimate 32-bit) the following KB's are all tied together some how as a solution for that CVE:

KB4016871 KB4019108 KB4019109 KB4019110 KB4019111
KB4019112 KB4019113 KB4019114 KB4019115 KB4019472
KB4019473 KB4019474

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4019112

Not sure if the one for me is the 104.9 mb one or not. Doesn't say x86. But it's huge. Can I trust it? Has MS implanted any telemetry or other junk in Important .net updates? Patrion/Simplix is not showing this .net kb BTW.

Next we have KB3124275. Always the same kb number for IE10 updates. Why is that? Same question - can IE updates be trusted?

Lastly we have KB4019264. Simplix has this. The x86 version is 100 mb. Now there's about 30 CVE numbers that came down the pipe, for which the following KB's address:

KB4016871 KB4018196 KB4018556 KB4018821 KB4018885
KB4018927 KB4019149 KB4019204 KB4019206 KB4019213
KB4019214 KB4019215 KB4019216 KB4019263 KB4019264
KB4019472 KB4019473 KB4019474

Note that 4019262 is just one of many. 4019262 is a monthly roll-up.  Do we know how to de-construct or pick apart these roll-ups?   Are all those others also rollups?

See here for details:

https://www.qualys.com/research/security-alerts/2017-05-09/microsoft/


 

0

Share this post


Link to post
Share on other sites

I could not find where to ask this, concerning the  WannaCry patch for Win 7.  I noticed that the patch or patches are in one of the up-date roll ups, either March, or May I think---but the one of those Kbs contained some kind of graphic enhancements of sorts; the last time I updated my Lenovo all in ones with all the MS  up-dates (about three months back)--the screen changed to practically all gamma!  Going into the graphic options, I had to set things to a very dark look, just to read anything: no thing worked.  I read, that this was a common problem when that new graphic driver was installed. I restored the computer to factory condition, and do not want to go through all that again.  The roll-up seems to be in the 30 or so mb range--can one remove the offending updated driver?

Edited by cyberformer
0

Share this post


Link to post
Share on other sites
On 5/22/2017 at 11:17 AM, cyberformer said:

...I restored the computer to factory condition, and do not want to go through all that again...

Huh? All you had to do was uninstall the update. You could have also then used system restore.

Edited by Luxman
0

Share this post


Link to post
Share on other sites

This is going to seem crazy Luxman, but I just started using 7 just the past three months, and that infrequently so far.   I have no knowledge yet of the major differences between the two!  Ridiculous I know.  My only guess, is that I was so shocked at witnessing the crystal clean and perfect display, go all gamma faded, almost impossible to see--panicked me!  Never even thought to think about removing the updates.  Usually, I am quite calm, collected, and methodical: not that time though.

0

Share this post


Link to post
Share on other sites

Heads up: if you (plan to) use the Security Only updates (from the update catalog) to avoid 'functional' overhead, be advised that some Security Updates are Superseded by the Security Monthly (as such have the Supersedence tag in SUS etc.) and some are not Superseded (=still needed) by the Security Only updates.

This is also true for the .NET updates.

Also some functional updates are Superseded by the Security Monthly updates that you still might like to have next to your Security Only updates, such as the Time zone updates.

Also: Security Monthly are cumulative, the Security Only are not.

Edited by Rydan
forgot a 'some'
0

Share this post


Link to post
Share on other sites
12 hours ago, cyberformer said:

This is going to seem crazy Luxman

Not really, as you can see my response was presumptuous. I have countless stories of similar problem solving avenues I've taken. Just another lesson learned in life. Hopefully you've got it all working again :)

Edited by Luxman
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.