This hornet’s nest of rollup patches, .Net offal, and miscellany looks remarkably like the mess we’re expecting to see in October Microsoft has released 12 optional patches for Win7 and 8.1. No, this isn’t the regular Patch Tuesday, nor the designated nonsecurity precursor First Week Patch Tuesday. It’s a messy Third Week Tuesday, which we used to call Out of Band. Bah, humbug. We’re expecting big changes in patching come this October, and this mess — non-security rollups, arbitrary .Net patches, servicing stack update, lots of miscellany — looks like a dystopian preview of the Ghost of Windows Patching Yet to Come. Yet, there is some good news. Most Win 7 and 8.1 customers will be delighted to see the most intriguing patch: KB 3184143 — Win 7, 8.1 — Removes the much-reviled GWX system (defined as KB 3035583, KB 3064683, KB 3072318, KB 3090045, KB 3123862, KB 3173040, KB 3146449). There are three big nonsecurity rollup patches (presumably similar to what we’re going to see in October): KB 3185278 — Win 7 and Server 2008 R2 — Nonsecurity update rollup, which includes the EMET bug in MS16-111/KB 3175024. There’s a lengthy manual workaround and a Group Policy change to fix the bug described in KB 3175024. Yes, you read that correctly: Microsoft’s Sept. 20 Win7 nonsecurity rollup includes a known bug in an earlier security patch. It also includes a patch for a bug in the convenience rollup (“Win7 SP 2”) KB 3125574. Looks like you can’t get one without the other. KB 3185279 — Win 8.1 and Server 2012 R2 — similarly, a nonsecurity rollup patch for Win 8.1. KB 3185280 — Server 2012 — similarly, a nonsecurity rollup patch for Server 2012. Then there’s a mass of .Net patches. Apparently we’re going to continue to get these here and there, even in October: KB 3179930 — Vista, Win 7 — .Net Framework 4.5.2 reliability rollup KB 3179949 — Vista, Win 7 — .Net Framework 4.6 and 4.6.1 reliability rollup KB 3184951 — Win 8 and Server 2012 only — .Net Framework 4.6, 4.6.1, and 4.5.2 reliability rollup KB 3186208 — Win 8.1 and Server 2012 R2 — similar .Net Framework 4.6, 4.6.1, and 4.5.2 reliability rollup The obligatory update to Windows Update: KB 3177467 — Win 7 — Servicing stack update Another fix to a Microsoft-created bug: KB 3181988 — Win 7 — Fixed bug in SFC scans caused by the convenience rollup (“Win 7 SP2”) KB 3125574 And a couple of, uh, miscellaneous patches: KB 3063109 — Win 10 — “Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host.” Revision 7. The official Windows Update list shows this as a patch for Win 7 and 8.1. It doesn’t appear to be part of a Win10 cumulative update. KB 3182203 — Win 7, 8.1 (and POSReady/XP) — Time zone change for Novosibirsk All of the patches are optional and will thus appear in Windows Update as unchecked — except the time zone change. It still amazes me that Microsoft hasn’t implemented a more elegant way to change time zones. Guess they’ve been too busy with GWX. There’s a pattern emerging … a harbinger, if you will. KB 3185278 and KB 3185279 — the two September update rollups — follow the pattern that I expect we’ll see starting in October. Microsoft has released the September update rollups this month as Optional/unchecked, so they won’t be automatically installed. My guess is we’ll see those patches changed to Recommended in October. For Win7, we saw a similar pattern with KB 3172605 (July rollup) released as Optional on July 21, then changed to Recommended on Sept 20. KB 3179573 (August rollup) was released as Optional on Aug. 16, then changed to Recommended on Sept. 20. I’m guessing that 3172605 was held back a month because of documented problems with Bluetooth (the KB article is now up to Revision 10, never a good sign). If that experience proves exemplary, the general pattern is to have a cumulative update (er, patch rollup) released as Optional, wait a month to see if anything explodes, and if not, then change it to Recommended the next month. We’re still going to see all sorts of flotsam and jetsam in the patching cycle. Nathan Mercer’s description of the new post-October patchopalypse leaves an enormous number of details hanging, but we know that IE patches won’t fall into the monthly rollup, .Net patches will be consolidated in an as-yet-undefined manner, and time zone changes aren’t going away anytime soon. Hope y’all enjoy the trip to Novosibirsk. Related content opinion On a personal note... Woody Leonhard looks back a bit, looks ahead to retirement — and shares good news about who's picking up the Windows patching torch. By Woody Leonhard Nov 09, 2020 3 mins Small and Medium Business Computers Windows news analysis Get Microsoft's October patches installed — and seriously consider Win10 2004 Odd ancillary patches have their problems, but the mainstream October patches look pretty reliable. The big question: Is Win10 version 2004 up to your stability standards. I’m skeptical -- especially because it has few worthwhile improvements. By Woody Leonhard Oct 30, 2020 6 mins Small and Medium Business Microsoft Computers news analysis Microsoft Patch Alert: October 2020 The big news with this month’s patches – aside from the usual smorgasbord of strange errors – has more to do with the patches that are outside the regular cumulative update stream. Remarkably, we didn’t get any security fixes By Woody Leonhard Oct 22, 2020 189 mins Small and Medium Business Microsoft Office Microsoft news analysis With Patch Tuesday here, be sure Windows Update is paused With all the flotsam floating around, it’s easy to lose sight of Second Tuesdays. October’s arrives tomorrow and, with it, another round of Windows and Office patches. Take a minute to make sure you aren’t in the front lines, as eve By Woody Leonhard Oct 12, 2020 5 mins Small and Medium Business Microsoft Windows Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe