Microsoft Download Center still offering Windows update downloads
Sometimes, I feel like Microsoft's right hand does not know what the left hand does. It does not help if communication is often minimal or non-existent. Vital information are often missing, and it is up to guesswork and not facts when it comes to changes.
As you may know, Microsoft announced a major change coming to Windows 7 and Windows 8.1 devices related to how updates are provided by the company (the same applies to Windows Server products).
The company decided to bring cumulative updates to those operating systems, much like it does for Windows 10.
This means that organizations and end users get only update packages instead of individual updates. Considering that the system did not work too well on Windows 10, it seems likely that users will be hit with issues eventually on Windows 7 or 8.1 devices as well.
Since it is no longer possible to block faulty updates, or uninstall them, all that users can do if they run into issues is to remove the whole update package. This means removing all security updates if updates were installed via Windows Update, or if a security update is causing issues.
Microsoft Download Center still offering Windows update downloads
The October 2016 patch day was the first month in which only update packages were made available.
Without rehashing what has been said already, this meant the following things:
- Windows users can either use Windows Update to install one massive update package, called monthly rollup, which includes security and non-security patches.
- A security-only update is provided via Microsoft's Update Catalog and WSUS. This includes only the security patches released for the month.
Microsoft noted that the security-only update package would only be made available via WSUS or the company's Update Catalog. The former is only available to organizations, the latter only if you use Internet Explorer as it requires ActiveX. There is a workaround for that though.
While Microsoft was adamant about the availability of update packages -- it explicitly stated that security-only updates would only be made available via WSUS and Microsoft Update Catalog -- it turns out that downloads are still available on Microsoft's Download Center site as well.
If you check out one of the security bulletins, MS16-124 for instance on Microsoft's website, you will notice links to KB download pages right on that page.
This means that users can download the security-only updates from Microsoft's Download Center site as well.
No word on why Microsoft changed its mind and is offering the downloads directly as well. The most likely explanation -- guesswork of course -- is the Internet Explorer exclusivity of the Microsoft Update Catalog.
It could be that Microsoft decided to make direct downloads available for as long as it has not published an updated version of the Update Catalog that runs on all modern browsers.
Now You: What's your opinion on the change?
I don’t really like nothing MS made after Windows 7.
For instance, I don’t need tiles on my desktop (maybe also on my phone…), and what else did we gain with Windows 8.x or 10?
So I have been using GWX Control Panel Monitor (http://ultimateoutsider.com/), don’t know if it’s still effective today, latest version is from April 1, 2016. Maybe it doesn’t know about KB****664 etc.
As for blocking updates, and as I use MS Security Essentials as Anti-Virus (yes, and a lot of firewall rules…) I made this script that enables previously disabled ‘update engine’, downloads the AV signatures and disables the updates in the end…
Comment if you want, I’m all for improvements – although it’s doing what I need.
BR
The longer i read and think about it, i’m more and more convinced the call for action!
And the wonderful action you have to take is : Take no action and no updates.
Why ? Because this is still monitored no matter which telemetry kb’s you have removed.
It is one of the more important metrics of windows security.
I was really pissed off that MS is now only offering cumulative patches . All this time I have been trying to be very careful which KB’s I would install after reading Martin’s excellent monthly blog about patch Tuesday and doing further research. It all served me well.
Now it seems there is,for the time being, another way to download the security patches. When that loophole is closed of I think I will stop downloading any MS cumulative updates. I am pretty confident it won’t affect me as I am careful and have plenty of other protection.
Just use WSUS offline update and you’ll still have access to all the individual patches as you’ll be pulling from WSUS instead of Windows Update.
Argh, too much hassle. I’m gonna go with no updates at least for now, maybe microsoft will still offer windows updates seperately in the future. Too much hassle to get updates one by one through Chrome. I wish somebody would create like a page on Github where we could download updates seperately or in a .ISO file for all OS’s, that would be awesome.
Anyone know yet if KB3192391 is “safe” as in no telemetry or win 10 upgrade nag remnants? And is it all the security updates needed even if it’s been awhile since the last update on a machine was done?
Does this mean that we can still download updates seperately instead of that combined update package?
Only the security patches as far as I know. It is unclear for how long this will be offered.
And Microsoft Update Catalog requires Active-X right? That’s a plug-in I’m not gonna never install. Any other method to download updates seperately?
No you can use a workaround for that: https://www.ghacks.net/2016/08/29/download-updates-from-microsofts-update-catalog-without-ie/
Microtruth knows exactly what they are doing.These days it is one way to run a business and leave their customers guessing and in the dark. . Microtruth tries to create a will-less customer who blindly and without questioning pays for and follows everything they create in their out of ones wit’s minds. At this time it seems to be working fine for them.
Also, one could get the impression Microtruth is all about screwing and milking the customer in a highly questionable way to maximize their own profits. Business morals or ethics plus a good customer relationship seems to be of absolutely no interest to Microtruth.
The only way this may change is if they would start losing high numbers of customers year to year. I don’t see this at this time since the big dumb masses still running for their products. Don’t get me wrong: despite their heinous business attitude I think Microtruth has and had very good products. But the price to pay for this is getting much too high. Greetings from Dr. Faust.
I will keep my Win8 (yes, I know… @#%@) and when support runs out look for something else. No, probably not Linux. Something else, maybe an Abacus or MacAbacux ? Maybe in the meantime some toymaker in China or Hungaria will buy Microtruth and start producing Pinoccio puppets with the faces of the Microtruth chieftains. Guess there would not be enough storage with theses extensive long noses. Happy computing for all of you. :)
Big companies represent big threats since they are very well known to strongly abuse their power. Their arrogance is boundless as their foresee is limited. And for Mircosucks such a decent product being marketed by such highly intelligent, wonderful and creative people is just a shame. Wondering if a mildly drunk doofus from Bourbonstreet could do a better job than they do. I am willing to step in.
Awesome sleuthing work Martin, your “my hero” status just got another little boost towards the top.
Thanks, for as long as msoft allows that optional-choice to last, but it seems they are pretty anti-choice at best though, so that facility may not be there next month. My fingers are crossed.
Great job!
My last update was on the 27.03.16. Guess i must be one of those people that M$$$ isn’t making enough money out off , or isn’t controlling the way they want to. The fact that i purchased & paid quite a lot for Win 7 Pro , doesn’t count for anything. If you DON’T trust & got to keep fighting the OS & it’s maker , does it make sense to keep using it? I’ve just received a new pc with win10 on it , guess what’s the first thing i’m removing? I’m NOT allowing Big Brother to tower over everything i do. Linux here i come! I don’t expect anything from the US authorities for obvious reasons , but i’m wondering where is the EU on all of this? I wish i was a dog & nadella & his mates ,,, trees. I’d be extremely busy for a very, very long time !!! Thank you to Ghacks for opening my eyes !
With this approach, MS has decided to shake up devoted Windows 7 & 8 users to make Windows 10 not look so bad.
Truth be know, MS has really become a lame duck since Windows XP. Too many cooks in the kitchen and no bottle washers.
People are right not to trust Microsoft when they install 14 new trusted root certificates without announcing it to anyone.
https://hexatomium.github.io/2016/10/11/unannounced-root-cert-update/
If, because because of incompetence and dirty dealing, MS can’t be trusted on some updates, then they can’t be
trusted on any updates.
If you don’t trust updates for Microsoft products, you should not even use their software. Period. Unless we’re talking about games, there are viable alternatives out there, they just take some time and effort to familiarize with.
In my case it is less the lack of trust, but the inconvenience. Ever since Microsoft started advertising their free Win 10 upgrade from within Windows Update and later by including them in security patches or labeling them as such, the update process of older Windows operating systems has become quite the annoyance. Glad that’s over with now, but I’m not a fan of the big one-file patches either and soon there won’t be anything I can do about it. Linux sounds more and more attractive.
kb3192391 is the security-only one?
I see it can be downloaded from here without IE:
https://support.microsoft.com/en-us/kb/3192391
x64: https://www.microsoft.com/en-us/download/details.aspx?id=53990
x86: https://www.microsoft.com/en-us/download/details.aspx?id=53990
Yes that is correct.
Solus 1.2.1 is released any day now, then we can all forget about Microsoft cockups/snooping and NSA for good.
If the new version still has systemd, then we can all still enjoy frequent ****-ups;
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
Nice logic there.. Yes, let’s not use linux because we always run commands that someone tweets. Let’s all use Windows instead where just visiting a website can encrypt all our files, updates take forever and may or may not contain botched patches and various snooping methods.
In the past year with two computers running Windows 8.1, I spent quite a lot of time researching each individual KB update, deciding whether or not to install them, and building my own commented list of all rejected updates for quick checkup on both computers every time there was a monthly updates rollout.
I’ve decided I’ve had enough of this whole charade. I will no longer waste any time or jump through any complicated hoops trying to keep updating Windows in a selective and secure way. I will just no longer install any Microsoft updates for my Windows 8.1 computers, not even those opaque security updates. A reasonable level of online security can be maintained in other ways (extra antivirus, strict firewall rules).
I already use one Linux computer. Next few years I will keep moving gradually to using Linux primarily, for nearly everything, and keep only one old Windows system for those few tasks that cannot be done equally well in Linux yet.
I did the same as you for my 2 Win 8.1 computers, thus avoiding a lot of useless updates & telemetry. I just installed the latest secuirty-only update (kb3192392) on 1 of the PCs & it did not install. DISM cannot restore health of the image, system restore does not work anymore. Luckily the PC is still working. So I’ll probably do like you – no more security updates & look @ Linux more seriously.
@ Martin Brinkman ……. Fyi, it was sometime around June 2016 that M$ removed all the KBs from Download Center = only available at Update Catalog using IE only.
Why.? … Since around Dec 2015, many tech-savvy Win 7/8.1 users had hidden M$’s Win 10-style Telemetry updates. So, from around April 2016 onward, M$ had purposely disabled Windows Update for Win 7/8.1 users who had hidden their Telemetry updates. The affected Win 7/8.1 users had to resort to manually install important security updates one-by-one via Download Center or Update Catalog. Most Patch Tuesday for Win 7/8.1 had about 10+ important security updates.
…….M$ then responded by removing all the KBs from Download Center at around June 2016. The affected Win 7/8.1 users were forced to use only IE n Update Catalog to manually install the security updates. Those affected Win 7/8.1 users who had deactivated their IE or had a non-updated IE were stuck without any more security updates.
Now, with M$’s Patch Rollups from Oct 2016 onward, those Win 7/8.1 users who had hidden M$’s Telemetry updates can no longer do so, unless they forego all security updates in the Patch Rollups. IOW, the Oct 2016 Patch Rollup very likely contains hidden Telemetry updates.
…….They can also no longer manually install important security updates one-by-one. Hence, M$ now feel “secure” enough to let all the KBs back into Download Center bc all the KBs r now Patch Rollups or r all bunched together, ie they r no longer individual KB security updates like b4.
Why did M$ do this.? NSA spyware in Windows.? Preempt prosecution by the US govt for their abusive business practices.?
Similar to how HP’s horrific breaking of non-HP ink was disguised in a security update, this new update format will cause many of us to hold off on updates til we find out if it will break things (or force a win 10 upgrade.) The inept, and sometimes deceptive, practices of these companies creates a no-win situation for their customers and has the bad guys doing a happy dance. I guess I will soon have no choice but to somehow find the time to learn Linux. Thanks M$.
My opinion on the change is that it was unintentional, Microsoft seems to have trouble telling its arse from its elbow in recent years and they appear to be flailing around like a demented child who can’t cope with the idea that their no longer the center of mummies attention.
(1) “My opinion on the change is that it was unintentional. <– notice the period. This is the end of one sentence. A comma is not what you need to use.
(2) "…who can't cope with the idea that their no longer the center of mummies attention."
(3) They can't cope with the idea that they're, not their, the center of attention.
(4) Windows is actually still the center of attention based. They are the world's top provider of desktop and laptop operating systems. They dominate the market share of OS use. That puts them at the center of consumer attention.
(5) Mummy's attention, not mummies. I assume you're not talking about ancient Egyptians wrapped up in threads.
(6) Perhaps when attempting to launch intellectual assaults against other entities you will first learn to properly use the English language, and double check your assertions for validity.
T J: “… make damn sure that you English is perfect” *cough*your*cough*
Also, it’s perfectly acceptable for “they” to have a singular direct object, when “they” act as a collective whole. “The MPA and RIAA are the source of all evil in the world” indicates that neither working alone can be the source of all evil – but together they bring pestilence and starvation to world and eat babies.
“I suggest that you read, mark. learn, and inwardly digest…” His name is Bob, and if it were mark, it would be Mark, with a capital M. Also, the first word in every sentence starts with a capital – Learn, and inwardly digest…
“inwardly digest” and “I do not recollect” are not grammatical errors, per se, but many style guides would suggest different word choices to avoid sounding self-important or pompous. Simply-stated has a harder impact, and as a bonus, tends to deescalate conflict rather than inciting it. “I don’t recall seeing any comments” is a more direct, and therefore more effective, caustic jab.
.
I don’t actually care, the temptation was just impossible to resist.
@Bob Dole: “to properly use” .. goddammit man, you split an infinitive. I’m going to have to report you to the … umm .. intergalactic interwebs grammar police
@Bob Dole, Perhaps when you stoop to the level of criticising someone’s grammar you come across as a conceited ass who has nothing of substance to say about the actual content or subject.
@ Bob Dole
Ref your comment about Corky’s English and your “attempt” to point out his errors.
You wrote:
“Windows is actually still the center of attention based. They are the world’s top provider of desktop and laptop operating systems. ……….”
1.
“Windows is actually still the center of attention based.” What the bloody hell is that supposed to mean. It is total rubbish.
2.
“They are the world’s top provider of desktop and laptop operating systems.”
“They” signifies plural, “provider” signifies singular. If you had written MS or Microsoft then provider would be correct.
If you are going to flame somebody, Troll, make damn sure that you English usage is perfect.
For your information, Corky contributes a huge amount of technical help and information to Martin’s blog.
I suggest that you read, mark. learn, and inwardly digest his input in many of ghacks blogs.
I do not recollect seeing any comments from you on this site.
To sum up, PISS OFF and practice your flawed pedantry and trolling on another blog site.
Before you do, make sure that YOU improve YOUR English.
Also, I suggest that you change your “handle”. The real Bob Dole is remembered as a really crap US politician. Perhaps that is why you chose it to emphasize how full of crap you are. :-P
Wonder how long before MS sneaks in an automatic update to Win 10 disguised as a “Safety Update”??
When you switch on you get “NAH, NAH,NA,NAH,NA, GOTCHYA”
???
The Muppets!
Sigh… I remember when windows update was included with Windows 98. I thought that was freaking cool, then they added the windows update notification, a great step, and later, microsoft update so you can update all your microsoft products at one spot. Those were some good times. Then came updates for XP that included WPA. What a annoyance that was. Still, I liked Windows update and what it brought, improvements and such.
Then came Windows 10… Prior to windows 10 I would always update my computer as soon as I could. I guess I was curious what improvements would be added or issues would be fixed. Now I mostly fear the updates wondering what microsoft might have F’d up this round. Makes me miss the good old days of being a teen on Windows 98 and checking windows update site just to see if there was any new update, and actually getting excited when there was.