November Cumulative Patch Tuesday

I'm still to install any updates this month. I'm still also to hear anything - good or bad - about this month's rollup.


Wipe your tapes with lightning.

I'm still also to hear anything - good or bad - about this month's rollup. - Coldheart2236

If I find out anything I'll post it here. Please do the same.

I installed November 2016 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1 (https://support.microsoft.com/en-us/kb/3197868) tonight. No issues except for...

This is the update that turns telemetry, AKA snooping, on.

I ran FINDEYE.BAT (see batch files below) prior to rebooting and this was the result:

[ SC ] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.


After the reboot, FINDEYE.BAT reported:

SERVICE_NAME: DiagTrack
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Volume in drive C is OS

Directory of C:\ProgramData\Microsoft\Diagnosis

11/15/2016 07:03 PM 25,165,824 events00.rbs
11/15/2016 07:03 PM 6,375,342 events01.rbs
11/15/2016 07:03 PM 503,316 events10.rbs
11/15/2016 07:03 PM 1,509,949 events11.rbs
4 File(s) 33,554,431 bytes

Volume in drive C is OS

After running POKEYE.BAT, FINDEYE.BAT reported:

SERVICE_NAME: DiagTrack
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Volume in drive C is OS

Directory of C:\ProgramData\Microsoft\Diagnosis

11/15/2016 07:03 PM 25,165,824 events00.rbs
11/15/2016 07:03 PM 6,375,342 events01.rbs
11/15/2016 07:03 PM 503,316 events10.rbs
11/15/2016 07:03 PM 1,509,949 events11.rbs
4 File(s) 33,554,431 bytes
0 Dir(s) 384,017,395,712 bytes free

Volume in drive C is OS

Double-checking Services confirms that POKEYE.BAT stops and disables the Diagnostics Tracking Service.

I have an even more extreme batch file called BLINDEYE.BAT, but for now I'm going to stick with the conservative approach. However, if a subsequent cumulative update re-enables the Diagnostics Tracking Service I may have to resort to the BLINDEYE approach.

Batch files - Must run as administrator

FINDEYE.BAT
@echo off
cls
sc query DiagTrack
echo.
dir %ProgramData%\Microsoft\Diagnosis\*.rbs
echo.
dir %ProgramData%\Microsoft\Diagnosis\ETLLogs\*.* /s
pause

POKEYE.BAT
@echo off
cls
sc config DiagTrack start= disabled
sc stop DiagTrack
pause

After some deliberation, I'm currently downloading the November security patch. If it's as simple as stopping/disabling a service in Windows to prevent 'diagnostics', then hopefully MS updates won't be so painful, going forward. I just hope I don't go on to regret those words.

Edit: I have successfully installed KB3197868, with no discernible issues post-restart. I actually made use of your handy batch files and checked it against services.msc to find that DiagTrack is both stopped and disabled.


Wipe your tapes with lightning.

After some deliberation, I'm currently downloading the November security patch. If it's as simple as stopping/disabling a service in Windows to prevent 'diagnostics', then hopefully MS updates won't be so painful, going forward. I just hope I don't go on to regret those words. - Coldheart2236

You and me both!

Edit: I have successfully installed KB3197868, with no discernible issues post-restart. - Coldheart2236

I've had no issues either. In addition, Woody Leonhard blogged today:

I figure it’s time to get the November patches pushed onto your machine. I’ve seen very few problems with this month’s patches – a welcome change from the past year or so.

https://www.askwoody.com/2016/ms-defcon-4-get-windows-and-office-patched/

I actually made use of your handy batch files and checked it against services.msc to find that DiagTrack is both stopped and disabled. - Coldheart2236

Glad I could help out!

Edit: I have successfully installed KB3197868, with no discernible issues post-restart. - Coldheart2236

One nice thing I noticed about installing November 8, 2016—KB3197868 (Monthly Rollup) instead of November 8, 2016—KB3197867 (Security-only update) is the former includes all the previously released Daylight Savings Time fixes. I had five of them hidden on my system, and after installing KB3197868, all of these disappeared from my list of hidden updates:

https://support.microsoft.com/en-us/kb/3148851 - Time zone changes for Russia in Windows
https://support.microsoft.com/en-us/kb/3153731 - May 2016 DST update for Azerbaijan, Chile, Haiti, and Morocco
https://support.microsoft.com/en-us/kb/3162835 - June 2016 DST and time zone update for Windows
https://support.microsoft.com/en-us/kb/3177723 - 2016 Egypt cancels DST
https://support.microsoft.com/en-us/kb/3182203 - September 2016 time zone change for Novosibirsk


Now if only Microsoft would fix the dependencies for the Windows Update Client itself. I have July 21, 2016–KB3172605 installed, which includes the latest Windows Update Client. However, I still have the following obsolete versions in my list of hidden updates:

https://support.microsoft.com/en-us/kb/3050265 - Windows Update Client for Windows 7: June 2015
https://support.microsoft.com/en-us/kb/3065987 - Windows Update Client for Windows 7: July 2015
https://support.microsoft.com/en-us/kb/3075851 - Windows Update Client for Windows 7: August 2015
https://support.microsoft.com/en-us/kb/3083324 - Windows Update Client for Windows 7: September 2015
https://support.microsoft.com/en-us/kb/3083710 - Windows Update Client for Windows 7: October 2015
https://support.microsoft.com/en-us/kb/3112343 - Windows Update Client for Windows 7: December 2015
https://support.microsoft.com/en-us/kb/3135445 - Windows Update Client for Windows 7: February 2016
https://support.microsoft.com/en-us/kb/3138612 - Windows Update Client for Windows 7: March 2016