Windows Update in 2019

This discussion is a follow on of an earlier discussion entitled Windows 7 Update Solution, dated Aug 9, 2016

UPDATE February 9, 2019:

I have 130 client Windows 7 computers that have not had a single  Microsoft update of any kind since May 2017.  That's 20 months now.  Those systems run very reliably now.  My workload supporting them has fallen off to well less than half and that is mostly hardware issues.  These systems use Chrome for their browser and have had Adobe Flash Player, Adobe Reader and Java removed because Chrome  does not need themThey also have a top-notch antivirus product.

Windows Update had been a standard of security that was heavily relied upon by scores of Windows users for decades. Applying the once monthly updates became a mandatory ritual that most all Windows owners followed.  Windows Update is by default automatic. For all those decades it worked largely flawlessly.

 Unfortunately, the quality of Windows Updates has fallen off badly.  This has given rise to numerous defective updates that cause a whole range of problems.  Many updates are re-issued, some many times over.

Coincident with this falloff in quality, starting just after Microsoft ended Windows 7 development (December 31, 2014) and began security-only “support,” Microsoft changed the objectives of these updates from primarily security-only, to feature-related along with security.  The “features” often contain(ed) changes to Windows 7 that some owners did (do) not want.  At first they could selectively reject specific updates.  October 2016, Microsoft changed the way it assembled updates in a way that no longer allows people to be selective. They call this new type of update “Roll-ups”.  These Roll-ups are an all or nothing kind of deal, that includes all manner of “updates” that are largely unpublished. There is a way to get just the security updates, but it is complex and fraught with problems unless you are a serious technician.  Therefore out of reach of most people.

Best advice is to set Windows Update setting to “Never check for updates.”  Unfortunately, that means Windows Update no longer works automatically, but requires the user to manage the update process.  However, this is the only way to take control of the situation.  Enterprise IT folks have always done it this way.

If you really must continue to update, in spite of my advice to not do so,  do NOT do updating until the day before the next cycle begins on the 2nd Tuesday of the month. That allows time for most of the erroneous updates to get fixed. Woody Leonhard, a tech writer extraordinaire, operates a web site, which does an excellent job of advising on Windows Update.  It features his MS-DEFCON rating system that tells you when NOT to update, and when to do so.  There is even a section on his web site, that specifically deals with Windows 7 updating.

The security-only crowd (Woody calls them Group B) was popular at first but by June of 2017, that strategy fell apart because defects in security only updates got fixed in the “roll-up updates.”  So, that made security only updating impractical for all but the most technically competent.  

Woody’s recommendation is that Windows 7 owners should stick to Group A, which just accepts all Microsoft roll-up updates and simply allows whatever changes Microsoft decides to make. 

Another group, Group W, of which I am a member, simply does no further updating.   That group has decided the risk of not applying updates that could immunize your system from some disease, hacker or virus is a lesser risk than applying updates and allowing your system to become something you would not buy if you had a choice.  Of course this strategy includes some other choices that become far more critical:  A very good antivirus program, switching to a browser that will be updated and therefore be more secure, and the acceptance that the January 2020 date that Microsoft has set for the end of updates for Windows 7, has already come.

At this date, I support 132 Windows 7 systems, and have for 16 years now.  None of these are enterprise systems, just home PCs.  All systems have a major Anti-virus product that I have selected.  Most have switched to Chrome browsers, which no longer requires the security problem prone Adobe Reader, Adobe Flash Player or Java.  None of these systems have versions of Microsoft Office any more recent than 2010.   None of these systems has had Microsoft updates since May, 2017. That is 14 months now.  Not a single one of them has had a problem of any kind.  In fact, my support activities have fallen off by at least 50% as these systems have become so stable and reliable that problems just do not occur.  Most of my work is now hardware maintenance.

A bit of advice about a re-install:  

Consider seriously replacing the hard drive.  That is the most likely to fail part on your computer.  They are not expensive, easily found, and not difficult to install.  The life expectancy of a laptop hard drive is about 5 years.  For a desktop, 8 years.  The process of replacement is fairly quick and easy and the re-install process is a long one.  You can likely buy a top of the line 500 gigabyte 7200 rpm hard drive for about $70.

When I re-build a system, I follow a very specific process of updating.  Note well that I do not apply any updates after May 2017:

  • Use a Win7 install disk with SP1.  This disk need only match the product type (home, pro, etc.) an bitness (32 or 64) of your Microsoft Product Key
  • Select Custom, not Upgrade
  • Switch to advanced and Delete all partitions, only one logical partition – C:, which will be created by the installer.
  • After install and activation, install network drivers if not installed already

Do NOT install anything until all Windows Updating is completed.  Not even antivirus.

  • Set Windows Update to Never
  • Download and install either one or two of the following updates manually.  ***Note exception below if not starting with SP1 disk.  In most cases only the first (KB3138612) of these is needed.  If that produces a result that says the update is not appropriate for your computer, you need to first install the 2nd of these (KB3020369), then install the first (KB3138612).  Choose the one that is for your machine -- 32 bit (X86) or 64 bit (X64).


32 bit,

64 bit



32 bit

64 bit

  • Switch from Windows-only updates to Microsoft updates
  • Reset Windows Update setting to Never
  • Start Windows Update
  • When a list of updates is offered (likely nearly 200 or so), refuse the following updates by right-clicking on them and choosing hide
  1. Anything labeled Roll-up, with the exception of .net roll-ups
  2. Any update that is NOT described as “Security” whose issue date is later than December 31, 2014.  That is the date Windows 7 development ended.
  3. Any Office update whose issue date is later than June 2017, displayed on the right side of the window as you select the individual update
  • Proceed to update and run the same process as previously described again and again until no more are offered.

*** If you cannot find an SP1 install disk, the step where the 2 specific updates (KB3138612 and KB3020369) described and linked above does not get done until the updating process installs SP1.

  • Install any missing drivers, using drivers downloaded only from the OEM support page.

Install the following Security-only updates for October 2016 through May 2017.  You do not have to restart until all the following are installed.  You can find an excellent guide on this topic at:

You do not need to restart until all these updates are completed.  When you do restart, it may take a while to process it and get back to your desktop screen

  • October, 2016 KB3192391:

64 bit:

32 bit:

  • November, 2016 KB3197867

64 bit:  

32 bit:

  • December, 2016 KB3205394

64 bit:****4.msu

32 bit:

  • January, 2017 KB3212642

64 bit:

32 bit:

  • February, 2017.  There were no updates this month
  • March, 2017 KB4012212

64 bit:

32 bit:

  • April, 2017 KB4015546

64 bit:

32 bit:

  • May, 2017 KB4019263

64 bit:

32 bit:

  • May, 2017 IE update KB4018271

64 bit:

32 bit:

After Windows 7, system drivers and all updates are installed and any stable applications like Microsoft Office are installed and updated, and before any data or dynamic applications are installed such as antivirus software, create a system image.  It will take 3 or 6 DVD +Rs (not -Rs) and about an hour.  When you are done you will have a very nice bit of insurance.  Should you ever again need to re-build a corrupted system or replace a hard drive, you will have a precise duplicate of your system as it was at this point.  You can restore that image to a hard drive in about 20 minutes.  Creation of System Image is found in your menu under Maintenance, Backup and Restore.

Another great feature about creating the image is that you do not need an install disk or a product key to do the re-install the next time, and you will have saved yourself all the time you put in this time.

You will, in fact, have a final-state Windows 7 installation which could run on this particular computer as long as the computer hardware itself holds up and the software  you prefer is still usable.  In fact, Microsoft could evaporate, and your Windows 7 system would still function just fine, even if you had to install a new hard drive.

I emphasize the need for PLUS R DVD blanks.  Do not use the more common MINUS R DVD blanks.

  • Install software, ending with antivirus software.
  • Then copy data into the newly created system.


Discussion Info

Last updated March 22, 2019 Views 8,439 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Canadian Tech,

I have followed your advice for several years now and you have not done me, or countless others, wrong. My system is running smooth and secure. Thank you for all the time you dedicate to the many people you don't even know. Your work is greatly appreciated and I wish I could buy you a beer.


I'm on board. Thank you for letting me know about this new thread.



Thanks.   Nice to hear that.
Thanks for setting up the new discussion, and for all your help in the past - much appreciated.

Hi Canadian Tech--I have used your update solution over and over on many computers (mine and others') but now I am having problems.  I have a new (to me) windows 7 ultimate machine that has never been updated, except for the standalone installer and the other update from your solution (today), but it still won't update.  I get an error message which says: "an error occurred while checking for updates for your computer.  Unknown error 8072EE2"  I tried the microsoft help button but it couldn't find anything (unsurprisingly) .  Can you help me?

How old is the computer?

When was the last time Windows was clean installed on it?

Does it have SP1 on it?

Hi, thanks for getting back to me so quickly.  I assumed that this machine didn't have any updates because when I opened the window for updates it said it had been updated "never" but when I checked the installed updates there were some 10.  I deleted all but the installer ones you suggest and restarted.  At that point I was able to update fine.  I'm not sure how those other updates got on there or why they were a problem.  I had set the settings to never but maybe they automatically updated before that when I first connected to the internet as they were dated today.  Thanks so much for your help online.  I really appreciate it!

Hi again  I was able to install some 114 updates but then it came up with a list of over a hundred more.  Based on your advice I selected 66 of these but get an error message immediately.  One of the updates I didnt choose was for service pack 1 as my computer says it already has service pack 1 for windows.  This update was from Feb of 2015.  I seem to remember doing a double install on service pack 1 before, but never was so careful of the dates.  Should I select this as well?

I would.  I do not think it is Microsoft spyware.  It is a strange name for the update, I agree.

You did not answer my questions of May 8??

Hi Canadian Tech--I don't know the age of the computer.  It is a Dell e6400 w a windows 7 Coa sticker.  It also has a centrino2 sticker so it is on the older side of the e6400's.  I bought it from someone who it had suddenly refused to boot up for on ebay.  It had a program called Traktor which I suspect was the problem and which I uninstalled.  It continues to give me an error message on updates.  I think the best thing is to erase the hard drive and re install the OS. I have the disks and only regret losing the office which I can also reinstall but will have to buy an activation code I think.  It is funny this computer.  It won't let me delete certain music files, just spins.  I think it has some junk programs on it somewhere but can't find them.  I can't find a windows.old either, but it has 50 gigs full of I'm not sure what.  Maybe the music.  There is a lot and I have only been able to delete some of it.  It continues to give me error messages for the remaining windows updates.  I think it need to erase it and start over.  Do you agree?  Oh, and question for you:  did I understand correctly that I should do the updates (after reinstalling the OS) BEFORE putting on an antivirus program?

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.