Get November Windows and Office updates installed — carefully
Credit to Author: Woody Leonhard| Date: Thu, 30 Nov 2017 04:23:00 -0800
The list of complaints about this month’s patches goes on forever. I covered the high points a couple of days ago. We’ve seen people who are running Win10 Creators Update and who specifically said they didn’t want to upgrade to Fall Creators Update get pushed into an upgrade anyway. Those using Epson dot matrix or POS printers lost them for a couple of weeks. Add to that a heaping handful of hooey and there were enough problems to keep most Windows customers shaking their heads. Or quaking in their boots.
I’ve been waiting to see what Microsoft would do with Win10 version 1709. There was an entry in the Win10 Update History listing for a cumulative update called KB 4051963, which would bring 1709 up to build 16299.96, but that entry mysteriously disappeared yesterday.
While waiting, Microsoft released an updated version of the Equation Editor patch. Per @abbodi86, the old versions (KB 4011276 and KB 2553204) only worked with English and Chinese versions of Office. The new patches, KB 4011604 (for Office 2007) and KB 4011618 (for Office 2010), now work with all languages.
We’re starting to see some consumer-grade malware that exploits the Equation Editor security hole, CVE-2017-11882, and that’s the primary reason for getting patches applied now.
The latest versions of the .Net patches (released two days ago) appear to be working.
Microsoft has a catch-all web page for known (which is to say, acknowledged) bugs in Office patches. In it you’ll find entries for known Outlook problems (“Outlook was unable to recover some or all of the items in this folder” and “View Settings button is missing”), Excel problems (“Errors loading Excel Solver add-in,” “Excel may crash when you try to embed an object into a worksheet”), Word (“Export failed due to an unexpected error”), and OneNote (“This notebook may not sync correctly because another program is syncing these files”).
Surprisingly, there’s no mention on the bug page of a conflict with Dynamics 365 and Outlook, officially called “Microsoft Dynamics 365 for Outlook is unable to render webpages after installing the October 2017 Microsoft Outlook security update.” Avoid this month’s security patch for Outlook 2017 if you’re one of the unfortunate ones who need to use Dynamics 365 for Outlook 2017.
Microsoft has fixed the bug that clobbered Epson dot matrix printers in Win7 and 8.1. If you install patches this month using Windows Update, the installer will find the right fix, if you need it, and apply it for you. If you manually download and install the Security-Only patch (which I no longer recommend!), and you have an Epson dot matrix printer, you also need to install the fix, called KB 4055038, manually.
Microsoft is still blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s no more than a year old, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.
If you’re very concerned about Microsoft snooping on you and want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. We’re actively discussing whether it’s worthwhile continuing to post information about the security-only patching path. Microsoft has made that option considerably more obtuse than it was a year ago. If you insist on manually installing security patches only, follow the instructions in @PKCano’s AKB 2000003.
For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. If you want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping) before you install any patches. (Thx, @MrBrian).
Watch out for driver updates — you’re far better off getting them from a manufacturer’s website. After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines.
If you’re stuck on Windows 10 Fall Creators Update, version 1709, and you want to stay ahead of the malware mavens, you don’t have much choice but to use Windows Update to install KB 4048955 and bring your system up to build 16299.64. Before you do, read the KB article and understand that (1) you won’t be able to print on Epson dot matrix printers, and (2) “Internet Explorer 11 users who use SQL Server Reporting Services (SSRS) may not be able to scroll through a drop-down menu using the scroll bar.” Of course, if you’re still using IE 11, you have plenty of other things to worry about.
I’m still seeing lots and lots of reports of weird bugs in 1709. There’s an ongoing list on the AskWoody site here. I’ve also seen independent reports of problems with 1709 breaking search in Outlook 2007, as well as reports of folder permissions problems and autostart after boot inanities.
We’re still in the unpaid beta testing phase of Win10 version 1709. You’d be well advised to stick with your current version of Win10 and wait for the cannon fodder to fulfill their destiny.
If you’re running Win10 Creators Update, version 1703, and you want to stay on 1703 while those on 1709 get to eat Microsoft’s dog food, follow the instructions here to ward off the upgrade. As you go through the steps, keep in mind that Microsoft forgot to honor the “Current Branch for Business” setting — golly! — so you need to run the “feature update” (read: version change) deferral setting all the way up to 365. And hope that Microsoft doesn’t forget how to count to 365.
The latest cumulative update for 1703, KB 4055254, build 15063.729, released Nov. 22, has one acknowledged bug, which is the IE 11 SSRS bug mentioned for 1709.
If you’re still on Win10 Anniversary Update, version 1607, you need to be aware of yet another bug — the “CDPUserSvc_XXXX has stopped working” bug which Microsoft finally acknowledged last week. It’s been around for nearly two months. See my discussion here for details.
The latest 1607 cumulative update, KB 4051033, build 14393.1914, is just three days old. Aren’t you glad you waited?
If you’re running an earlier version of Win10, you’re basically on your own.
To get Windows 10 patched, go through the steps in “8 steps to install Windows 10 patches like a pro.”
As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED. In particular, don’t be tempted to install anything marked “Preview.” Thar be tygers.
Time to get patched. Tell your friends, but make sure they understand what’s happening. And for heaven’s sake, as soon as you’re patched, turn off automatic updating! Full instructions are in the referenced guides to patching.
Persistent patching problem? I sympathize. Join the club on the AskWoody Lounge.