Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to install an update to IE without non-security fixes being installed too


  • Please log in to reply
8 replies to this topic

#1 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:20 PM

Posted 08 March 2016 - 06:26 PM

Today there has been an update released for IE, a cumulative one, KB3139929. It contains important security fixes, although I think they are not so important for someone like me who never even opens IE let alone browses with it. I really ought to install this update but there is a huge problem, it has as one of it's non-security fixes (which come along with it during installation) something called KB3146449. KB3146449 is an update to make "upgrade" from windows 8.1 or 7 to windows 10 easier, it might go so far as to cause "upgrade" I'm not so sure about that though, Either way I have no intention of taking that kind of risk. Therefore I need a way to install KB3139929 but avoid the non-security fixes coming alongside it. I assume there must be a way that this can be done, there are circumstances from time to time where users will want to install a cumulative update to IE but some of the non-security fixes might be buggy or (as n this case) highly unwelcome. Please can someone explain a method to install the cumulative security fixes without KB3146449 coming along with them, cannot risk installing an update which may then cause unwelcome "upgrade".

The link below gives the page for the cumulative update
https://support.microsoft.com/en-us/kb/3139929

You may notice the mention on that page of the fact that KB3146449 is a non-security fix included alongside the security fix, but you will find that the link about it instead goes off to another page, nothng to do with KB3146449. So below I've included the link to the page about KB3146449 so that you can see why I can't risk getting it:
https://support.microsoft.com/en-us/kb/3146449

Please explain how to install the cumulative update without the non-security fixes, I'll happily go without ALL the non-security fixes if doing so avoid KB3146449. I'm sure there should be a general method for doing this, this can't be the first time a cumulative IE update has been released and someone has needed to avoid one of the things in a non-security fix.

Thanks

Edited by rp88, 08 March 2016 - 06:26 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 08 March 2016 - 08:28 PM

I'll look around, but pretty sure that you can't. The thing is, it's a cumulative update. You cannot handpick which updates you want in it and which ones you don't.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:20 PM

Posted 09 March 2016 - 06:50 AM

Look at the description page, the non-security fixes have their own KB pages, although not all those links work properly. If you go to those pages, or manually type the correct kb number into the browser's address bar you'll see that the non-security fixes are each individually available as stand alone updates, so surely the main update is available as a stand alone without them? What about going via downloading the update from ms's website via the browser rather than through the usual update client route? Or one of the command prompt methods of updating? Just for this particular update.

Edited by rp88, 09 March 2016 - 06:51 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 09 March 2016 - 07:50 AM

This is usually how I search for updates when I want to download them "KB$NUMBER Windows X xZZ" where $NUMBER is the KB number, X is the Windows version, and ZZ the architecture. I looked up all the non-security updates in that KB article for the cumulative update, and Google cannot return a single result for any of them.

It isn't possible to use a command to install "half of an update", or specific "KBs" from a cumulative update as far as I know. I can look it up, but I'm pretty sure that it's not possible since I've never encountered a such command. Also, the KB on both the Microsoft Download Center and Windows Updates are the same, no difference.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:20 PM

Posted 09 March 2016 - 03:10 PM

I need to find a solution, I never use IE but I know that it's highly dug into the system to the point that programs may use elements of it and there is a risk that it can be exploited in this sort of way. Despite using firefox as my browser coupled with noscript and malwarebytes anti-exploit I still know that the best option for security is to have the security updates to IE installed. And yet ms has gone and done this, bundled nagware into a security update. When I first wrote that post google searches for KB3146449 brought only 2 results, this thread and ms's page, now there are tens of reports of the same, apparently the most visible action of KB3146449 is adding a "microsoft recommends upgrade to win 10" banner to any new tab opened in IE, but who else knows what it migth be doing. I just hope someone can find a way that users might be able to download the update in such a way that the security parts can be performed but the bundled junk can be stopped, this is an extraordinarily unethical method of trying to spread the new OS.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 09 March 2016 - 03:25 PM

Like I said, unless Microsoft release the original cumulate update without that KB you don't want to install, you won't be able to install it with exclusions. And even there, I wouldn't trust any Windows Update packaged by people other than Microsoft.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 09 March 2016 - 03:40 PM

I just read about it here: http://www.ghacks.net/2016/03/09/security-update-ms16-023-installs-new-get-windows-10-functionality/ I must say that Microsoft is resorting some very low tactics now.  You are damned if you do, damned if you don't.



#8 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:20 PM

Posted 10 March 2016 - 08:07 PM

Post #6 "And even there, I wouldn't trust any Windows Update packaged by people other than Microsoft. "

I quite agree with you there. If someone finds a way to cure this, a way to cut KB3146449 kicking and screaming out of KB3139929 they'll have to post a tutorial online of HOW users can do it themselves, not merely try and get people to download the modified patch, because no-one ( not I, not you ) would trust such a modified patch unless we had modified it ourselves.

The question remains, how, unless some clever and kind person does find a way and post a tutorial, are we to protect ourselves from the vulnerability whilst avoiding this unethical junk bundled alongside it. We very much are damned if we do and damned if we don't. There is NO justification for this, but how are we to deal with it. So many people don't even realise it's going on.

Edited by rp88, 10 March 2016 - 08:09 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 Westone

Westone

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 28 March 2016 - 10:07 AM

See here for registry settings that will prevent OS Upgrade, Reservations for OS Upgrade, etc, so that any of the Microsoft updates hiding a Win 10 Upgrade promotion can be installed but will not show, ask or otherwise offer an upgrade option:

 

https://www.reddit.com/r/TronScript/comments/49u9x5/dealing_with_kb_3139929/

 

Read about halfway down through the thread to get registry settings other than just the DisableGWX setting. I have installed all of these settings on all of the Windows systems I am responsible for to good effect so far.


Edited by Westone, 28 March 2016 - 10:10 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users