Jump to content

Microsoft strips some Windows 7 users of IE11 patch privileges


Guest

Recommended Posts

Guest LilBambi

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) - FCS Blog

 

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on Windows 7 according to an article on Computerworld:

 

 

Microsoft strips some Windows 7 users of IE11 patch privileges – Computerworld

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.

 

The requirement and associated patch stoppage were similar to those Microsoft mandated for Windows 8.1 when it told customers they had to
migrate to Windows 8.1 Update
by June 10 or lose their patch privileges. The Windows 7 requirement, however, affected only IE11, Microsoft’s newest browser, not the operating system.

This type of thing is very hard to understand. Why would Microsoft do such foolish things. Why would they cut off their nose to spite their face by making things so difficult for their users? Windows Update should provide what is needed as it is needed. Period. If they can’t figure out how to do that, maybe they need to get someone in there to help them do the updates.

 

At this rate, they will be causing more people to move from Windows to other platforms like Mac and Linux. Do they not realize this? Not to mention that people need their security updates not just for the operating system but for the browser. If they want to maintain market share with their IE browser, they are showing a very strange way of doing that by cutting off the very much needed security updates because one hasn’t installed as yet. Why is it not installed? That is what should be addressed here.

“All future security and non-security updates for Internet Explorer 11 require you to have update 2919355 or update 2929437 installed in order to receive updates (emphasis added).”

With the way that malware is attacking Microsoft Windows, I can not see how they can feel it is OK to do this as well as stopping supporting Windows XP when it as still garnered nearly a third of all users world wide even after security update support was ended for Windows XP. As of today, June 15, 2014 it still garner’s over 25% or 1/4 of the total global market:

netmarketshare_6-15-20141.jpg?w=660

netmarketshare.com as of 6-15-2014 – choose operating system Desktop Share by Version

 

May 2010 Windows 2000 fell below 5% and end of life for Extended Life Support of Windows 2000 was July 10, 2010 so WINDOWS 2000 FELL below 5% TWO MONTHS BEFORE SUPPORT ENDED.

 

OS Statistics- w3schools_org – includes less then 5% Win2K market share at time of end of support (PDF)

 

Windows 2000 End-of-Life – Strategic Technology Resources – Site Home – TechNet Blogs-11-10-2009 (PDF)

 

Netmarketshare postings.

 

Then the Windows 8.1 Update 1 fiasco and now this IE11 fiasco.

 

There is something very anti-customer about all of this, don’t you think? Especially in light of the fact that Windows is the most high profile target for malware purveyors because it garners the greatest marketshare.

 

I personally feel Microsoft has a made a BIG mistake ending support for Windows XP when it still holds slightly over 25% or 1/4 (one quarter) of the total global marketshare as shown above. And they are continuing to make security missteps for Windows 8.1 and Windows 7 users now too.

 

I do not understand. Microsoft has never been this way before in it’s long history of being customer centric. It just does not make sense.

 

REPRINT from FCS Blog

Edited by LilBambi
Link to comment
Share on other sites

V.T. Eric Layton

I rarely ever open IE in Win 7, and when I do, it's usually just to provide background music (via Grooveshark) while I'm gaming.

Link to comment
Share on other sites

This reminds me of XP.

 

If you don't upgrade IE separately at some point (I don't know where) during the patching process, all future updates fail. The fix is to do a manual download and update of a IE, after which normal updates will start working again.

Edited by Robert
  • Like 1
Link to comment
Share on other sites

Guest LilBambi

Yes, but many folks will not know to do that. They will not even realize they are not getting updates.

 

And even if you don't use IE, you still need the updates. Scripts that probe systems from websites will see that IE11 is vulnerable and take advantage of it no matter what browser you use.

 

All Internet facing programs must be kept up to date or you open yourself up to being hacked.

Link to comment
Share on other sites

Actually, it does make sense that patches can only be applied to a certain operational level. And it is really misleading to say that users aren't being offered the security patches. The required previous patches are listed in the updates for the computer. Once they are dl'ed, the later ones will follow.

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

This reminds me of XP.

 

If you don't upgrade IE separately at some point (I don't know where) during the patching process, all future updates fail. The fix is to do a manual download and update of a IE, after which normal updates will start working again.

 

I remember having this issue and posting how to fix it somewhere around here before. :yes:

 

AHA! I found the thread, and Robert posted the solution there that time, too. Thanks again, Robert! :)

 

http://forums.scotsnewsletter.com/index.php?showtopic=66738&st=25#entry385239

Link to comment
Share on other sites

Guest LilBambi

Actually, it does make sense that patches can only be applied to a certain operational level. And it is really misleading to say that users aren't being offered the security patches. The required previous patches are listed in the updates for the computer. Once they are dl'ed, the later ones will follow.

 

Not always. Windows Updates makes mistakes. And personally I think this situation happened due to one of these mistakes.

 

Problem is IE11 can't be left unpatched! No browser should be left unpatched.

 

And even though a similar issue has happened for Windows XP, this one is a bit different and only for Windows 7 and IE11.

Link to comment
Share on other sites

Yes, but many folks will not know to do that. They will not even realize they are not getting updates.

 

And even if you don't use IE, you still need the updates. Scripts that probe systems from websites will see that IE11 is vulnerable and take advantage of it no matter what browser you use.

 

All Internet facing programs must be kept up to date or you open yourself up to being hacked.

Still not completely clear to me....

 

Windows 8, gives you the option of "disabling" Internet Explorer.

I have done so.

A lot of the components are still on my hard drive, but it can't be used unless I "enable" it.

 

Out of an abundance of caution, I've been getting the IE, and IE flash updates....

They seem to be the biggest ones that come out on "Patch Tuesday".

I usually end up updating two browsers, and two iterations of flash (the other is Firefox, and it's Flash plug in).

 

If IE is "disabled" are it's updates necessary?

Edited by Pete!
Link to comment
Share on other sites

Pete! Play it safe and install the updates. I had Java on one computer and I had it disabled. I made sure to patch it despite the fact that it was disabled.

 

I'm glad I'm still running IE 10 in Windows 7. I did get the security update for it this past Tuesday.

  • Like 1
Link to comment
Share on other sites

Guest LilBambi

This issue is not Windows 8. It's IE11 on Windows 7.

 

Pete! Play it safe and install the updates. I had Java on one computer and I had it disabled. I made sure to patch it despite the fact that it was disabled.

 

I'm glad I'm still running IE 10 in Windows 7. I did get the security update for it this past Tuesday.

 

Exactly Liz!

Link to comment
Share on other sites

I apply all the IE updates to my mother's win 7 system, but she never uses IE so I've never installed the flash plugin for IE, just for FF.

Link to comment
Share on other sites

Smart move. I do the same for my clients and family and friends; whether they use it or not.

I removed all the shortcuts to IE from her desktop and the Start Menu, so she can't find IE by accident. :whistling: (She also doesn't know the admin password, so can't get in trouble there either.)
Link to comment
Share on other sites

Pete! Play it safe and install the updates. I had Java on one computer and I had it disabled. I made sure to patch it despite the fact that it was disabled.

 

I'm glad I'm still running IE 10 in Windows 7. I did get the security update for it this past Tuesday.

........Exactly Liz!

I have been "playing it safe", because I don't know the vulnerabilities of a "disabled" IE.

 

However, (Liz knows, maybe not Fran), I'm one of those troglodytes, still Dunning (using dialup).

It's fine for routine surfing, and email.... not so great for videos....AND, I don't take large downloads lightly.

 

If I actually knew, I might feel better about the time I spend/waste on updates.

Link to comment
Share on other sites

I can't tell you Pete. You are less susceptible to getting hacked but I'd still play it safe.

I keep installing all the updates they offer for Windows Media Player despite the face I do not use it. I have some computers I never go through the routine of setting it up. It was set up on the one computer, an XP I brought home that someone was going to throw out.

 

Is your Win 8 a desktop? If it is a tablet, laptop or notebook. Take it to a hotspot to update it. That's way faster than crawling along on dialup and tying up the phone line.

Link to comment
Share on other sites

I can't tell you Pete. You are less susceptible to getting hacked but I'd still play it safe.

I keep installing all the updates they offer for Windows Media Player despite the face I do not use it. I have some computers I never go through the routine of setting it up. It was set up on the one computer, an XP I brought home that someone was going to throw out.

 

Is your Win 8 a desktop? If it is a tablet, laptop or notebook. Take it to a hotspot to update it. That's way faster than crawling along on dialup and tying up the phone line.

Desktop....

One of these days, I'm going to bring it to my wife's business to get the update to Win 8.1, but I'm not going to do that every "update Tuesday".

Link to comment
Share on other sites

Guest LilBambi

I would definitely take it to the Library or Starbucks, or your wife's business (if you know your computer is clean and won't hurt their network). ;)

 

I take mine to the Library, Starbucks, Panera Bread, etc. to get updates because we have insanely limited and priced cellular wireless...no wired cable solutions here.

Edited by LilBambi
Link to comment
Share on other sites

There is an uninstaller for IE. I got rid of it once on another box a couple of years ago. Then I installed Opera which I had waiting in My Documents. Dial-up is a big problem. But if you have unlimited access. Set the box to work at night . OTW go to library with a strong firewall.

 

Be safe Be lucky

Link to comment
Share on other sites

It took me a while to put this together. Hopefully this will explain what is really happening.

 

It isn't unusual that a prerequisite is required in order to successfully install an update. That is all this is. Without installing the prerequisite update, there is the likelihood of compatibility issues.

 

For our purposes with the June update, we're looking at the information for Consumers. From the Update FAQ for MS14-035:

 

There are multiple updates listed for Internet Explorer 11. Do I need to install all the updates?

 

No. Depending on how your system is configured to receive updates, only one of the updates for Internet Explorer 11 may apply.

 

For systems running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2:

  • The 2957689 update is for systems that have the 2929437 update installed. (Consumer)
  • The 2963950 update is for systems without the 2929437 update installed. Note that the 2963950 update is only available for customers managing updates using Windows Server Update Services (WSUS), Windows Intune, or System Center Configuration Manager. (Enterprise)

{SNIP}

 

For Internet Explorer 11, are there any prerequisites for the 2957689 update?

 

{SNIP}

 

Customers running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2, must first install the 2929437 update released in April, 2014 before installing the 2957689 update. For more information about this prerequisite update, see Microsoft Knowledge Base Article 2929437.[bold added]

 


 

Let's go back to May.

 

Microsoft ended up issuing a separate update for those who had not installed the prerequisite update -- KB 2961851, MS14-029: Security update for Internet Explorer 11 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7 SP1 or Windows Server 2008 R2 SP1) installed: May 13, 2014. With that update, Microsoft included the following statement:

 

Important note for Internet Explorer 11 systems This update applies only to computers that are running Internet Explorer 11 and that do have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7 SP1 or Windows Server 2008 R2 SP1) installed. All future security and nonsecurity updates for Internet Explorer 11 require update 2919355 or update 2929437 to be installed in order to receive updates. We recommend that you install update 2919355 or update 2929437 in order to receive continued future updates.

 

See Microsoft Knowledge Base article 2961851 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7 SP1 or Windows Server 2008 R2 SP1) installed.

 

Thus, the security update for IE11 in May included two separate patches for systems running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2:

  • The 2953522 update was for systems that have the 2929437 update installed.
  • The 2961851 update was for systems without the 2929437 update installed.


 

Now, looking back at April and the description of the KB2929437 prerequisite for consumers, Description of the security update for Internet Explorer 11 on Windows 7 and Windows Server 2008 R2: April 8, 2014:

 

The Windows 7 and Windows Server 2008 R2 Update for April, 2014 (2929437) is a cumulative update for Internet Explorer 11 on Windows 7 and Windows Server 2008 R2. In addition to the fixes addressed by Microsoft Security Bulletin MS14-018 and previous updates for Internet Explorer 11 on these operating systems, update 2929437 includes new enhancements for Internet Explorer 11 as described in the "New for Internet Explorer 11 in Windows 7 and Windows Server 2008 R2" section.

 

Note the "New for Internet Explorer 11..." section. Those systems that did not install the prerequisite did not get the "new" information. As a result, in May, Microsoft found it necessary to issue two separate updates for IE 11. One for those with the April update and another for those without the update.

 


 

Personally, I think Greg Keizer would have performed a better service to his readers by explaining the importance of the April Cumulative Security Update for IE 11 instead of playing the sensationalist card that, unfortunately, the press too frequently resorts to.

Link to comment
Share on other sites

Guest LilBambi

I am sure you are right. The problem is that many will not know why they can't get the updates nor will they realize they can go back to get that update if it got missed. They will just go on with their merry little lives and not even realize they are no longer getting IE11 updates if the order somehow did not get the proper order.

 

It used to be that Windows Updates knew which ones needed updated first and offer them and nothing else for that item until it got them.

Link to comment
Share on other sites

If Windows Update is turned on (Check but let me decide; Download but let select), the April Cumulative update for IE11 is sitting in the list to be installed. If the "Never check for updates" box is checked, a manual check will bring the April update.

Link to comment
Share on other sites

Guest LilBambi

Again, without help or realizing it's needed, many never do a manual check. If it's not presented, they never know it's missing.

 

But I am glad that for most, it was presented.

 

I just wish I knew what causes it NOT to be presented when it was supposed to be presented and installed back in April.

Link to comment
Share on other sites

"Patch Tuesday" has been in effect since 2003. I would think that after 11 years, people would be accustomed to monthly security updates -- even if they prefer to manually check and install the updates a week or two after release. Does Greg say in his article that users checking for updates are not being offered KB2929437 when checking for updates? No! He is saying that in order to install KB2957689, the prerequisite update must be installed first. Would it be better if Microsoft allowed the installation of KB2957689, resulting in compatibility issues? I think not.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...