At least the really bad bugs, introduced by “security” patches earlier this month, have been fixed. The problems that remain reside in the dregs — not likely to bite, but worth knowing about in case something suddenly goes bump in the night.
And if you’re using Win10 1803, you should definitely ask Microsoft for an increase in combat-duty pay.
The ongoing Win7/Server 2008 R2 patching threat
Remember when Win7 was relatively stable? OK, OK; “stable” is a relative term that’s unlikely to apply to any version of Windows, but you know what I mean. Win7 and Server 2008 R2 have gone through months of problems with networking in general, and apoplectic network interface cards in particular.
This month’s problem (which is different from the previous two months’ bugs) involves a bad .inf file. If you get bit, you don’t see one of those completely inscrutable error messages (“CredSSP encryption oracle remediation” anyone?). Instead, your network card just dies. Kerplop.
Microsoft says it’s a problem in the May Win7 Monthly Rollup doc, KB 4103718:
Symptom: There is an issue with Windows and a third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.
1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.
Which must rank as one of the most convoluted instructions Microsoft has ever published. At least, one of the most convoluted instructions this month. Note that Microsoft tells us there’s an issue with third-party software, but doesn’t deign to tell us which third-party software.
If, after installing this month’s Win7/Server 2008 R2 Monthly Rollup KB 4103718 (or possibly the Security-only patch KB 4103712), your network interface card stops working, you can use Microsoft’s steps to get going again. Once you’re back online, take Susan Bradley’s advice:
visit the vendor of your computer or the vendor of your network card and update both your bios and network drivers from the vendor’s web site.
Windows 10 version 1803 still ain’t ready for prime time
If you’re stuck in Win10 April 2018 Update — the notoriously buggy version 1803 — you need to get the latest cumulative update applied, KB 4100403. But before you do that, think. If you “up”graded to 1803 fewer than 10 days ago, it’s still easy to roll back to your previous version: Start > Settings > Update & security, on the left choose Recovery. Under Go back to the previous version of Windows, click Get started. Click through Microsoft’s warnings again (and again and again) and finally click Buzz Off, I want my old Windows back. Or the functional equivalent. Once you’ve rolled back, be sure you take the necessary precautions to keep Microsoft from forcing you back to 1803 again.
Speaking of forced upgrades, Microsoft is actively looking for folks who were upgraded to 1803 even though they had Win10 1709 set to defer updates. Those of you with the temerity to click “Check for updates” — you seekers — need not apply.
By the way … those of you who are convinced that 1803 now runs on half of all Win10 PCs need a lesson in lies, damn lies and statistics. Ed Bott over on ZDNet has a great takedown of the AdDuplex numbers that fueled the clearly ridiculous assertion. 1803 hasn’t taken over the Win10 universe. At least, not yet.
Win10 versions 1703, 1709 ready to roll
The bugs introduced earlier in the month are fixed. I think.
My production machines are still on 1703, but when I get a spare couple of hours, I’ll probably move to 1709. (Yes, I downloaded and saved a copy of the Win10 1709 ISO file back while it was available. If you need one, check out Ed Tittel and Kari Paajolahti’s article in Computerworld.)
I think it’s quite remarkable that Windows 8.1 continues to stand out as the most stable version of Windows available.
Windows 7/Server 2008 R2
Ready to take a chance on messing up your NIC? Here’s how to proceed. The patching pattern should be familiar to many of you.
Step 1. Make a full system image backup before you install the May patches.
There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points.
Step 2. For Win7 and 8.1
Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s a year old or less, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.
If you’re very concerned about Microsoft’s snooping on you and want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. If you insist on manually installing security patches only, follow the instructions in @PKCano’s AKB 2000003 and be aware of @MrBrian’s recommendations for hiding any unwanted patches.
For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Realize that some or all of the expected patches for April may not show up or, if they do show up, may not be checked. DON'T CHECK any unchecked patches. Unless you're very sure of yourself, DON'T GO LOOKING for additional patches. That way thar be tygers. If you're going to install the May patches, accept your lot in life, and don't mess with Mother Microsoft.
If you want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping) before you install any patches. (Thx, @MrBrian.) If you see KB 2952664 (for Win7) or its Win8.1 cohort, KB 2976978 — the patches that so helpfully make it easier to upgrade to Win10 — uncheck them and spread your machine with garlic. Watch out for driver updates — you’re far better off getting them from a manufacturer’s website.
After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines. But I’m starting to believe that information pushed to Microsoft’s servers for Win7 owners is nearing equal to that pushed in Win10.
Step 3. For Windows 10
If you’re running Win10 Creators Update, version 1703 (my current preference), or version 1709, the Fall Creators Update, and you want to stay on 1703 or 1709 and not get sucked into the 1803 pre-release vortex, follow the instructions here to ward off the upgrade. Of course, all bets are off if Microsoft, uh, forgets to honor its own settings.
Remember: If you want to avoid 1803, don’t click “Check for Updates” until you’ve gone through all the precautions listed in this article, including running wushowhide. If you forget, you may be tossed in the seeker heap and shuffled off to 1803 land.
If you’re running an earlier version of Win10, you’re basically on your own. Microsoft doesn't support you anymore.
If you have trouble getting the latest cumulative update installed, make sure you’ve checked your antivirus settings and, if all is well, run the newly refurbished Windows Update Troubleshooter before inventing new epithets.
To get Windows 10 patched, go through the steps in "8 steps to install Windows 10 patches like a pro."
Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano and @MrBrian.
We’ve moved to MS-DEFCON 3 on the AskWoody Lounge.