On 7/13/2021 7:44 PM, David E. Ross wrote:
> On 7/12/2021 8:00 PM, Michael Trew wrote:
>> Microsoft issues urgent security warning: Update your PC immediately
>>
>>
>> Microsoft is urging Windows users to immediately install an update
>> after security researchers found a serious vulnerability in the
>> operating system.
>>
>> The security flaw, known as PrintNightmare, affects the Windows Print
>> Spooler service. Researchers at cybersecurity company Sangfor
>> accidentally published a how-to guide for exploiting it.
>>
>> The researchers tweeted in late May that they had found
>> vulnerabilities in Print Spooler, which allows multiple users to
>> access a printer. They published a proof-of-concept online by mistake
>> and subsequently deleted it - but not before it was published
>> elsewhere online, including developer site GitHub.
>>
>> Microsoft warned that hackers that exploit the vulnerability could
>> install programs, view and delete data or even create new user
>> accounts with full user rights. That gives hackers enough command and
>> control of your PC to do some serious damage.
>>
>> Windows 10 is not the only version affected -- Windows 7, which
>> Microsoft has ended support for last year, is also subject to the
>> vulnerability.
>>
>> Despite announcing that it would no longer issue updates for Windows
>> 7, Microsoft issued a patch for its 12-year-old operating system,
>> underscoring the severity of the PrintNightmare flaw. Updates for
>> Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
>> are "expected soon," it said.
>>
>> "We recommend that you install these updates immediately," the company
>> said.
>>
>> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>>
>
> I successfully installed the Servicing stack update (KB4592510). To be
> sure, I then did a warm reboot. Then I tried to install the Print
> Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.
>
> When I did a warm reboot, I got the message that configuring the update
> failed and the update was being removed. This was during the boot up
> after the shutdown.
>
> The failed update file that I tried is
> windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
>
> Do I have the wrong file? If not, what did I do wrong?
>

An attempt to install the very large security rollup failed at the end
of installation, before any message about rebooting. The file was
windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.msu

--
David E. Ross
<http://www.rossde.com/>

At the recent Conservative Political Action Conference in Texas,
a featured speaker urged the mostly Republican attendees to
avoid COVID-19 vaccines. Good! There will be fewer live
Republican voters in 2022.

David E. Ross wrote:
> On 7/13/2021 7:44 PM, David E. Ross wrote:

>> I successfully installed the Servicing stack update (KB4592510). To be
>> sure, I then did a warm reboot. Then I tried to install the Print
>> Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.
>>
>> When I did a warm reboot, I got the message that configuring the update
>> failed and the update was being removed. This was during the boot up
>> after the shutdown.
>>
>> The failed update file that I tried is
>> windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
>>
>> Do I have the wrong file? If not, what did I do wrong?
>>
>
> An attempt to install the very large security rollup failed at the end
> of installation, before any message about rebooting. The file was
> windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.msu

Dumpster fire. See comments.

https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/comment-page-1/

I love the smell of napalm in the morning.

Whatever Microsoft had in mind... it's working.
My nasal passages are already clearer.

Paul

On 2021 Jul 13, Stan Brown wrote
(in article<MPG.3b57d10bd956b3298fde9@news.individual.net>):

> On Tue, 13 Jul 2021 04:06:56 -0400, Paul wrote:
> >
> > Jo-Anne wrote:
> >
> > > > "We recommend that you install these updates immediately," the company
> > > > said.
> > > >
> > > > <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-war
> > > > ning-update-your-pc-immediately>
> > > Any idea of where the update is for Windows 7? The article doesn't seem
> > > to say.
> >
> > https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-window
> > s-right-now/
> >
> > Windows 11 = 22000.65
> > Windows 8.1 = KB5004954
> > Windows 7 = KB5004953
> >
> > But if you look at this right now, it's a bit of a mess.
>
> Woody Leonhardt says as much on askwoody.com. (He was our guru during
> MS's years-long effort to "upgrade" Windows 7 installations to
> Windows 10 by stealth.)
>
> By searching
> printnightmare site:askwoody.com
> I found
> https://www.askwoody.com/2021/print-nightmare-is-going-to-be-a-
> nightmare/
>
> Woody points out that "this [PrintNightmare] is a big deal on domain
> controllers ? not so much on stand alone computers." So that's one
> large group of Win 7 users off the hook.
>
> He goes on to say that PrintNightmare " allows attackers to wiggle in
> via a remote authenticated user and raise the rights of that
> account." But if you recall, Windows 7 Home doesn't allow remote
> logins,(*) so Windows 7 Home users would seem to be safe. If you have
> one of the business editions of Windows 7, and you're not logging in
> to your computer remotely, you can just disable Remote Desktop
> _server_ (which you should probably do anyway, on general security
> principles) and you should be fine.
>
> So the only Windows 7 folks who seem to be vulnerable are those who
> allow remote logins into their computer and have the print spooler
> both enabled. I don't deny it's a serious vulnerability for them, but
> near the end of the article Woods links to a workaround from TrueSec.
>
> (*) All versions of Windows 7 have Remote Desktop _client_, by which
> you can use your computer as a terminal to log in to a remote
> computer. That's kind of Remote Desktop is not vulnerable.

Win 7 Home doesn’t have Remote Desktop unless you download it from MS. It
does have Remote Assistance, which is NOT the same thing. Win 7 Pro and Ent
and Edu have Remote Desktop _and_ Remote Assistance. Win 7 (and later)
‘editions’ which have Remote Desktop have it disabled by default. Remote
Assistance is enabled by default.

On Tue, 13 Jul 2021 23:14:23 -0400, Paul <nospam@needed.invalid>
wrote:

>David E. Ross wrote:
>> On 7/12/2021 8:00 PM, Michael Trew wrote:
>>> Microsoft issues urgent security warning: Update your PC immediately
>>>
>>>
>>> Microsoft is urging Windows users to immediately install an update
>>> after security researchers found a serious vulnerability in the
>>> operating system.
>>>
>>> The security flaw, known as PrintNightmare, affects the Windows Print
>>> Spooler service. Researchers at cybersecurity company Sangfor
>>> accidentally published a how-to guide for exploiting it.
>>>
>>> The researchers tweeted in late May that they had found
>>> vulnerabilities in Print Spooler, which allows multiple users to
>>> access a printer. They published a proof-of-concept online by mistake
>>> and subsequently deleted it - but not before it was published
>>> elsewhere online, including developer site GitHub.
>>>
>>> Microsoft warned that hackers that exploit the vulnerability could
>>> install programs, view and delete data or even create new user
>>> accounts with full user rights. That gives hackers enough command and
>>> control of your PC to do some serious damage.
>>>
>>> Windows 10 is not the only version affected -- Windows 7, which
>>> Microsoft has ended support for last year, is also subject to the
>>> vulnerability.
>>>
>>> Despite announcing that it would no longer issue updates for Windows
>>> 7, Microsoft issued a patch for its 12-year-old operating system,
>>> underscoring the severity of the PrintNightmare flaw. Updates for
>>> Windows Server 2016, Windows 10, version 1607, and Windows Server 2012
>>> are "expected soon," it said.
>>>
>>> "We recommend that you install these updates immediately," the company
>>> said.
>>>
>>> <https://www.ksl.com/article/50203184/microsoft-issues-urgent-security-warning-update-your-pc-immediately>
>>>
>>
>> I successfully installed the Servicing stack update (KB4592510). To be
>> sure, I then did a warm reboot. Then I tried to install the Print
>> Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.
>>
>> When I did a warm reboot, I got the message that configuring the update
>> failed and the update was being removed. This was during the boot up
>> after the shutdown.
>>
>> The failed update file that I tried is
>> windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
>>
>> Do I have the wrong file? If not, what did I do wrong?
>>
>
>Read between the lines, here.
>
>Looks like we're going to need to do innumerable
>experiments to get this piece of crap to work!!!
>
>https://support.microsoft.com/en-us/topic/july-6-2021-kb5004951-security-only-update-out-of-band-e05a81cd-9b45-4622-b715-ddb2367bca47
>
> "Failure to configure Windows updates.
> Reverting Changes.
> Do not turn off your computer"
>
> If you do not have an ESU MAK
> add-on key installed and activated. <=== paid version of W7 past-2020
> support
>
>Does disingenuous Microsoft strike again ?
>
>Now, you have a new hobby. Trying stuff
>until an update stays put. Maybe the bloated
>version will install ? Or, maybe not.
>
> Paul
>

How serious is this threat anyway?
At a certain point I would just format my C and load an old image.
My data is backed up several ways.
What can it really do and why would they want to?

gfretwell@aol.com wrote:

> How serious is this threat anyway?
> At a certain point I would just format my C and load an old image.
> My data is backed up several ways.
> What can it really do and why would they want to?

I take it this is some kind of philosophical question ? :-)

OK, let's ask the dude in alt.computer that had his
computer room wiped out by Osiris ransomware. Ask him how
long it took to reinstall all the computers, or even figure
out which license key went with which computer.

I don't think disaster recovery is ever "pleasant" or "a lark".

Paul

On Tue, 13 Jul 2021 23:18:01 -0400, Paul wrote:

> PeterC wrote:
>> On Tue, 13 Jul 2021 11:23:45 -0400, Paul wrote:
>>
>>> I followed the link provided by JuanSbrado-3258, downloaded the
>>> Servicing Stack Update from the MS Update Catalog, and installed
>>> this MSU (KB4592510).
>>>
>>> https://support.microsoft.com/en-us/help/4592510/servicing-stack-update
>>>
>>> After installing the Servicing Stack Update, I am now able to install
>>> the KB5004953 update.
>>>
>>> Thank you JuanSabrado-3258."
>>>
>>> It appears to be (partially) an SSU issue.
>>
>> I installed the SSU OK. Installation of the Security Update went through to
>> the point of restarting; as it booted up it failed and rolled back. Tried
>> twice, same result.
>
> See reply to David Ross. Looks like 4951 may need an
> ESU MAK. That's $$$ paid extra support for Windows 7
> enterprise users or the like. They buy an additional
> license key, to get extended support.
>
> We're going to need some "success stories" from
> somewhere, to see if the bloated version (the Cumulative)
> is the only thing that works for regular Windows7 users.
>
> Paul

Out of morbid curiosity I tried the fat version - same result.
--
Peter.
The gods will stay away
whilst religions hold sway

On Tue, 13 Jul 2021 at 11:23:45, Paul <nospam@needed.invalid> wrote (my
responses usually follow points raised):
>J. P. Gilliver (John) wrote:
[]
>> Just points to KB5004953 (Rollup, 237 MB) or '4951 (Security Only,
>>21.1 MB). When I try either of those, I get told to update the
>>Windows Modules Installer first, which I have not succeeded in doing.
>>(Any guidance on that [or otherwise implement '4953] would be appreciated.)
>
>Recipe here. Two files. SSU + 4953

Cake cooked, thanks!
[]
> Upon trying to install KB5004953 to mitigate the PrintNightmare
> exploit on Windows 7, I received the message that the PC needed
> to update the Windows Modules Installer.

As did I.
>
> The link to MS 2533552 works, but the links on that page pointing
> to the downloadable update files lead to a page that states the
> downloads are no longer available.

I had (by what route I forget) also found mention of 2533552, and
obtained it (IIRR from the catalog); however, on running, my system told
me it was already installed.
>
> I followed the link provided by JuanSbrado-3258, downloaded the
> Servicing Stack Update from the MS Update Catalog, and installed
> this MSU (KB4592510).
>
> https://support.microsoft.com/en-us/help/4592510/servicing-stack-update

I checked and found I had no files with 4592510 in the name, so got and
installed that ...
>
> After installing the Servicing Stack Update, I am now able to install
> the KB5004953 update.

.... and looks like the same for me.
>
> Thank you JuanSabrado-3258."

Indeed!

This time, on running 5004953, the "Searching for updates on this
computer" stage took _many_ minutes (what _is_ it doing during that
time? I can't believe it is only searching!), but eventually it has got
to the "The updates are being installed" stage. (It's taking its own
sweet time; the progress bar is about a third across.)
>
>It appears to be (partially) an SSU issue.

Indeed. (Ah, it's moving again. Paused at nearly all the way across. Now
all the way, though still ... ah, Done! Wants a restart.)
>
>I think at some point, there was also an irritating "End of Support"
>patch that puts something on the screen. At the time, some people would
>name and shame such patches (so others would not get bands or messages
>on their screen), but perhaps that also had something to do
>with the SSU status.

I vaguely remember blocking that; as you say, it looks as if it also
blocked the SSU, as the 4592510 file (according to the catalog page,
anyway) was dated sometime last year.
>
>In the past, if a necessary SSU was missing, double clicking a
>.msu file would say "Not For This OS", when in fact it was for the
>OS, but the .msu was too bashful to indicate what item was missing.

In this case it said it needed the update to the Windows Modules
Installer, which seems to have been equally incorrect.
>
> Paul

Thanks - as I said, cake now appears to be baked!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Veni, Vidi, Vera (I came, I saw, we'll meet again) - Mik from S+AS Limited
(mik@saslimited.demon.co.uk), 1998

On Tue, 13 Jul 2021 at 11:16:30, VanguardLH <V@nguard.LH> wrote (my
responses usually follow points raised):
>"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote:
>
>> VanguardLH <V@nguard.LH> wrote:
[]
>>>
>>>https://www.digitaltrends.com/computing/how-to-fix-print-nightmare-on-
>>>windows-right-now/
>>
>> (Why do web pages now tend to have bigger and bigger blank banners at
>> the top? When I load that one, I have to scroll down before I see _any_
>> content! OK, </rant>.)
>
>I don't see a huge banner. I see the black banner at the top consisting
>of their site branding, and a line showing what's trending (like I would
>give a gnat's fart).
>
>However, I use uBlock Origin which cuts out a lot of the noise. If I
>disable uBO and refresh the document, yep, there's a much bigger banner.
>What do you use for an adblocker?

Mostly, my hosts file.
[]
>I don't subscribe to any of the hosts files (Pollock, MVPS, Lowe) as I
>find they are slow to update and overly aggressive. The ones I picked
>above have been sufficient to get rid of a majority of visual noise.

I don't mind some such - or, at least, I think I wouldn't; I see very
little.
>
>>> available using the Windows Update client (instead of having to
>>> search the Update Catalog site). Did you try using the WU client?
>>
>> I (W7-32, Home) get the green shield with tick, "Windows is up to date)
>> There are no updates available for your computer.
>> Most recent check for updates: Today at 1:48
>> Updates were installed: 2021-6-9 at 1:6. <View update history>"
>>
>> If I click on View, the last seven updates - one a month - are just the
>> MSRT (KB890830), versions 5.84 to 5.90. No sign of 5004953.
>
>Guess you're stuck using the WU Catalog site if you want the fix early.
>Sometimes the catalog site will let you get an update sooner than when
>Microsoft gets around to pushing it out to their WSUS server. Since the
>fix is bundled in a cumulative patch, maybe you won't get it until next
>Patch Tuesday. Wait a minute, isn't that today? The update was
>out-of-band for Windows 10, but might be rolled into the monthly updates
>for older and unsupported versions of Windows. MS also does load
>balancing on their servers, so not everyone gets offered an update at
>the same time; it's available, but not now for everyone. They often
>spread it out. I had to wait 6 months for a feature update to Windows
>10, and which just a month or two prior to the next feature update.

I did indeed get a popup saying updates available, so had a look: but it
was only offering the MSRT, as it does every month (version 5.91 this
time). I let it run (I know it's pretty ineffective, but I've never
heard any report of it doing _harm_). For once it failed (not sure if it
was something I did, I have a feeling it was), according to my history.
Trying check for updates again just said there were no updates
available; I manually downloaded KB890830v5.91 from the catalogue site
and ran it (choosing the short scan when it asked me - it still took
10-15 minutes at a guess; didn't find anything), but didn't change the
update history.

(Checking my update history now, after the servicing stack update Paul
found, the last four entries now show: MSRT (KB890830) 5.90 successful;
MSRT 5.91 failed; SSU (KB4592510) Successful; Rollup [including
PrintNightmare fix] (KB5004953) Pending.)
>
>Because updates are re-released as new versions to fix problems with the
>prior version released, the same update (by the same KB number) may be
>presented multiple times. Plus, there are dependencies that are checked

KB890830 (the MSRT) being the most blatant example.

>to see if your setup should receive the update. In the long awaited

But often misreported (in this case it said I needed to update the
module installer, whereas in practice I needed a servicing stack
update.)
[]
>From what you said in reply to Paul when you tried to get the Print
>Nightmare patch, you retrieved the one with a title of "2021-07 Security
>Monthly Quality Rollup for Windows 7 for x86-based Systems (KB5004953)".
[]
>I clicked on the hyperlink, and it downloaded okay despite I was using
>Windows 10 x64 Home 21h2. I did *NOT* elect the default action of "Open
>with". I selected "Save file". If I were to apply the update, I want

(Oddly enough, the link in the extra window that pops up when I click
the Download button in the catalog page usually does nothing, but if I
right-click it, save link address, then paste that into my main window,
it does work. I see to have it defaulting to save rather than run
anyway, which is what I want.)

>to download it (to ensure I have it for later as retries are sometimes
>needed), and then prepare to run it (by saving an image backup first).
>It downloaded okay. I can't test running it because I don't have any
>Windows 7 hosts at home, anymore. Instead of downloading AND installing
>in one step, see if you get different results by downloading only, and
>then double-clicking the .msu file in File Explorer. Before running it,

(I didn't: still said I needed to update the module installer - which it
seems I didn't, I needed to update the servicing stack instead.)

>I would disable any AV software, except Defender, and AVs can interfere
>with installations.
>
>I see you hit one of those dependencies for an update (Windows Modules
>Installer) that the WU client would've taken care of due to the manifest

Except the WU client wasn't seeing I needed KB5004953 (or '1) at all.

>for the update. Personally, if I were still running Windows 7, and for
>personal use, I wouldn't care about the Print Nightmare patch. That's
>only when allowing remote access to the print spooler. Do you allow
>remote access to your printers from the Internet (i.e., outside your
>intranetwork)? I'd just wait until WU offered the update.

I almost certainly don't need it.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

For this star a "night on the tiles" means winning at Scrabble - Kathy Lette
(on Kylie), RT 2014/1/11-17

On Tue, 13 Jul 2021 at 13:48:22, Frank Slootweg <this@ddress.is.invalid>
wrote (my responses usually follow points raised):
[]
> Another approach would be a trusted sites which 'attacks' your
>computer to report any unneeded inbound connections/ports.
>
> Any pointers to these are welcome.

https://www.grc.com/x/ne.dll?bh0bkyd2 seems to do some of that. Though
the "Common Ports" probe gave me a clean bill of health, which I wasn't
expecting - in fact several of them did.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A man is not contemptible because he thinks science explains everything, and a
man is not contemptible because he doesn't. - Howard Jacobson, in Radio Times
2010/1/23-29.

On Wed, 14 Jul 2021 at 00:57:31, Paul <nospam@needed.invalid> wrote (my
responses usually follow points raised):
>David E. Ross wrote:
>> On 7/13/2021 7:44 PM, David E. Ross wrote:
>
>>> I successfully installed the Servicing stack update (KB4592510). To be
>>> sure, I then did a warm reboot. Then I tried to install the Print
>>> Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.
>>>
>>> When I did a warm reboot, I got the message that configuring the update
>>> failed and the update was being removed. This was during the boot up
>>> after the shutdown.
>>>
>>> The failed update file that I tried is
>>> windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
>>>
>>> Do I have the wrong file? If not, what did I do wrong?
>>>
>> An attempt to install the very large security rollup failed at the
>>end
>> of installation, before any message about rebooting. The file was
>> windows6.1-kb5004953-x64_62d21485a29cad041230e4c647baeaeacc09ac7c.msu

I used "2021-07 Security Monthly Quality Rollup for Windows 7 for
x86-based Systems (KB5004953)"
windows6.1-kb5004953-x86_076aed0ffca7ef0c30d6e4dfda0346f6b319f448.msu
(i. e. the 32-bit one), and got no problem up to the reboot instruction
(I haven't done that yet).
>
>Dumpster fire. See comments.
>
>https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for
>-windows-flaw/comment-page-1/

Though most of those seem to be from W10 users.

I've been interested to note that the patches for W7 are KB5004953
(rollup) and '1 (security only), whereas the one for W10 is '5. I can't
help wondering if the allocation of KB numbers means they started on the
W7 one(s) first!
>
>I love the smell of napalm in the morning.
>
>Whatever Microsoft had in mind... it's working.
>My nasal passages are already clearer.
>
> Paul

Several people have said that on doing the reboot, it fails, mainly they
think because we haven't nasally paid. The (currently) last comments in
the above (krebsonsecurity) page - from "synstsia" dated "July 10, 2021"
- may be relevant there.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A man is not contemptible because he thinks science explains everything, and a
man is not contemptible because he doesn't. - Howard Jacobson, in Radio Times
2010/1/23-29.

Stan Brown <the_stan_brown@fastmail.fm> wrote:
> On 13 Jul 2021 13:48:22 GMT, Frank Slootweg wrote:
> > Another approach would be a trusted sites which 'attacks' your
> > computer to report any unneeded inbound connections/ports.
>
> grc.com, and follow "Shields Up!"

Thanks!

I think I used that before, but I couldn't remember the name of the
facility, nor where I kept the URL, if I kept it.

Anyway, I tested my computer (and router) and got a 'perfect' or
similar score in all the tests ("that's very cool", "VERY SECURE",
etc.).

So thanks again for the link!

David E. Ross <not_me@not_there.invalid> wrote:
[...]

> I successfully installed the Servicing stack update (KB4592510). To be
> sure, I then did a warm reboot. Then I tried to install the Print
> Spooler update (KB5004951) for Windows 7 Ultimate SP1 x64.
>
> When I did a warm reboot, I got the message that configuring the update
> failed and the update was being removed. This was during the boot up
> after the shutdown.
>
> The failed update file that I tried is
> windows6.1-kb5004951-x64_2fcf9eaa66615884884cc1cb9f75fc96294cbf2a.msu
>
> Do I have the wrong file? If not, what did I do wrong?

I don't have Windows 7 (but 8.1), so take this with a grain of salt,
but AFAIK, you should have installed the Servicing stack update and then
let Windows Update do the rest of the work, i.e. Check for updates,
hopefully find the (big) update for - amongst others - the
PrintNightmare vulnerability and then install that update.

I.e. you should not have installed the .msu file yourself. Either do
the work yourself or let Windows Update do the work, but not a mix of
both.

See the results of others (John?) for who the WU-only method worked.

On 14/07/2021 13:01, J. P. Gilliver (John) wrote:
> On Tue, 13 Jul 2021 at 13:48:22, Frank Slootweg <this@ddress.is.invalid>
> wrote (my responses usually follow points raised):
> []
>>  Another approach would be a trusted sites which 'attacks' your
>> computer to report any unneeded inbound connections/ports.
>>
>>  Any pointers to these are welcome.
>
> https://www.grc.com/x/ne.dll?bh0bkyd2 seems to do some of that. Though
> the "Common Ports" probe gave me a clean bill of health, which I wasn't
> expecting - in fact several of them did.

Same here for a wrt-flashed router. However ...

https://www.grc.com/fingerprints.htm

Is anyone else finding a difference in the expected fingerprint for ...
www.paypal.com/uk/home

???
--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote

| (Why do web pages now tend to have bigger and bigger blank banners at
| the top? When I load that one, I have to scroll down before I see _any_
| content! OK, </rant>.)

It seems to be for phones. Everything is dumbed down,
gigantic, with minimal text. Most sites are no longer bothering
with things like self-sizing pages. They just make it to look
good on a phone.

Some of these have bothered me enough that I've added
them to userContent.css in Mozilla browsers. But you have to
know how to read webpage code to get the class or ID of
what you want to remove. This works to remove the bar on
that page, but unfortunately it only applies to digitaltrends:

..dtads-slot, .dtads-slot-atn {display: none !important;}

Lately I decided to deal with the scourge of cookie popups.
So far I have this, which seems to be blocking quite a few:

/* cookie popups on top */

..z-nav-fixed {display: none !important;}
..js-consent-banner {display: none !important;}
#eu-cookie-law {display: none !important;}
..cli-bar-popup {display: none !important;}

On the bright side, few webmasters have any idea how to
write code. They're just using templates an automating
software, along with pasted snippets. That means that
many sites are using the same class and ID names. (Note
that in CSS an ID is denoted by a hash and a class by a
period:

#id1 .class1

Frank Slootweg wrote:
> Stan Brown <the_stan_brown@fastmail.fm> wrote:
>> On 13 Jul 2021 13:48:22 GMT, Frank Slootweg wrote:
>>> Another approach would be a trusted sites which 'attacks' your
>>> computer to report any unneeded inbound connections/ports.
>> grc.com, and follow "Shields Up!"
>
> Thanks!
>
> I think I used that before, but I couldn't remember the name of the
> facility, nor where I kept the URL, if I kept it.
>
> Anyway, I tested my computer (and router) and got a 'perfect' or
> similar score in all the tests ("that's very cool", "VERY SECURE",
> etc.).
>
> So thanks again for the link!

Some home router boxes have "anti-scanning" detection.

If they spot, say, a sequential port scan, the router
"stops responding" on the WAN side for a short period of
time.

This causes GRC to conclude the router is "VERY stealthy",
which is wrong.

If GRC has modified the scan pattern since that test was done,
then the results of the scan may be more valid today.

In my case, the scanner "log" indicated a scanning attack,
and the log had a name for the scanning pattern it
perceived was being used against it.

Accurate scans of routers, is more tricky than it looks,
so don't get a bloated sense of accomplishment from just
one scan. As soon as I saw that log entry, it took all
the shine off the reported result :-/ Because my router,
the cheap little bastard, had outfoxed GRC. And it wasn't
stealthy after all.

Paul

On Wed, 14 Jul 2021 00:57:49 -0400, Wolffan wrote:
> On 2021 Jul 13, Stan Brown wrote
> (in article<MPG.3b57d10bd956b3298fde9@news.individual.net>):
>
> > (*) All versions of Windows 7 have Remote Desktop _client_, by which
> > you can use your computer as a terminal to log in to a remote
> > computer. That's kind of Remote Desktop is not vulnerable.
>
> Win 7 Home doesn?t have Remote Desktop unless you download it from MS.

You may have been thinking about Remote Desktop _server_, the
computer logged onto. I was talking about Remote Desktop _client_,
the one you use to reach out to a remote computer.

From WINDOWS 7 INSIDE OUT, page 650:

"Client computer
You can access Remote Desktop from a computer running any version of
Windows . In Windows 7, you use the Remote Desktop Connection program
(Mstsc.exe), which is included in all editions."

Note: "included in ALL EDITIONS" - no need to download anything.

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
https://OakRoadSystems.com/
Shikata ga nai...

Paul <nospam@needed.invalid> wrote:
> Frank Slootweg wrote:
> > Stan Brown <the_stan_brown@fastmail.fm> wrote:
> >> On 13 Jul 2021 13:48:22 GMT, Frank Slootweg wrote:
> >>> Another approach would be a trusted sites which 'attacks' your
> >>> computer to report any unneeded inbound connections/ports.
> >> grc.com, and follow "Shields Up!"
> >
> > Thanks!
> >
> > I think I used that before, but I couldn't remember the name of the
> > facility, nor where I kept the URL, if I kept it.
> >
> > Anyway, I tested my computer (and router) and got a 'perfect' or
> > similar score in all the tests ("that's very cool", "VERY SECURE",
> > etc.).
> >
> > So thanks again for the link!
>
> Some home router boxes have "anti-scanning" detection.
>
> If they spot, say, a sequential port scan, the router
> "stops responding" on the WAN side for a short period of
> time.
>
> This causes GRC to conclude the router is "VERY stealthy",
> which is wrong.

I don't think GRC is doing any such thing (making the wrong
conclusion), but read on.

> If GRC has modified the scan pattern since that test was done,
> then the results of the scan may be more valid today.

They can *also* do a sequential scan ('All Service Ports'), at least
that *looks* to be a sequential scan, but the primary checks - 'File
Sharing' and 'Common Ports' - are *not* sequential.

Just to be sure, I checked some ports one by one ('User Specified
Custom Port Probe') and the results were the same.

BTW, when I said "I tested my computer (and router)", the router test
is indeed a test of the *router*, the 'UPnP Exposure Test'.

The other tests, are tests of one's *computer*, *via* one's router.

> In my case, the scanner "log" indicated a scanning attack,
> and the log had a name for the scanning pattern it
> perceived was being used against it.
>
> Accurate scans of routers, is more tricky than it looks,
> so don't get a bloated sense of accomplishment from just
> one scan. As soon as I saw that log entry, it took all
> the shine off the reported result :-/ Because my router,
> the cheap little bastard, had outfoxed GRC. And it wasn't
> stealthy after all.

Again, let's not try to outsmart the people at GRC. They don't "scan"
(unless you tell them to) they *probe*.

We can't prove it either way, unless you still have the "cheap little
bastard" router, but I think your router detected a sequential scan when
you had *told* - on purpose or by accident - GRC's Shields UP! facility
to *do* a sequential scan. I.e. a case of "Duh!".

Perhaps Char can share his opinion on this.

On Wed, 14 Jul 2021 02:32:34 -0400, Paul <nospam@needed.invalid>
wrote:

>gfretwell@aol.com wrote:
>
>> How serious is this threat anyway?
>> At a certain point I would just format my C and load an old image.
>> My data is backed up several ways.
>> What can it really do and why would they want to?
>
>I take it this is some kind of philosophical question ? :-)
>
>OK, let's ask the dude in alt.computer that had his
>computer room wiped out by Osiris ransomware. Ask him how
>long it took to reinstall all the computers, or even figure
>out which license key went with which computer.
>
>I don't think disaster recovery is ever "pleasant" or "a lark".
>
> Paul

But how is this risk for this particular bug expressed? What would you
need to be running or how do you get exposed?

"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote:

> (Checking my update history now, after the servicing stack update Paul
> found, the last four entries now show: MSRT (KB890830) 5.90 successful;
> MSRT 5.91 failed; SSU (KB4592510) Successful; Rollup [including
> PrintNightmare fix] (KB5004953) Pending.)

Yeah, I heard the Print Nightmare patch came in a cumulative (rollup)
update for Windows 7. That was my suspicion when I expressed "but might
be rolled into the monthly updates for older and unsupported versions of
Windows".

> (Oddly enough, the link in the extra window that pops up when I click
> the Download button in the catalog page usually does nothing, but if I
> right-click it, save link address, then paste that into my main window,
> it does work. I see to have it defaulting to save rather than run
> anyway, which is what I want.)

The WU Catalog site uses Javascript. Some users disable Javascript, or
default to Javascript disabled and then enable it for a selected source.
I recall the NoScript web browser add-on was like that. I could do
that, too, in uBlock Origin, but Javascript has become ubiquitous in the
vast majority of web sites. I could block it by default, and then
choose when and at which sites to allow it, but when I did that it was
too tedious and too much of a nuisance to keep exempting so many sites
to enable Javascript (or disable the block) almost everywhere I visited.

> (I didn't: still said I needed to update the module installer - which it
> seems I didn't, I needed to update the servicing stack instead.)

As I heard, the WU client reads the manifest for an update to check for
dependencies. When using the WU Catalog site, that's up to you do do.
You can download the .msu file, and extract its contents using a zip
archive tool (7-Zip, Peazip, etc). Look for a manifest file. It's in
XML format, so it might be easier to view in a program that formats XML
tags into an indented hierarchy, like a web browser.

The problem is the manifest can be huge, so you'll have a hard time
finding all the dependencies. I haven't delved into update packages to
know just how they determine or define their dependencies. I noticed
that the manifest file for the "2021-07 Security Monthly Quality Rollup
for Windows 7 for x86-based Systems (KB5004953)" update (32-bit) lists
other manifest files. Using [Search] Everything, there are tons of
manifest files for already installed features and updates. My guess,
and only a guess, is if a manifest file is not found locally that a
dependency was not previously installed, is a prerequisite, and the
update can either halt due to a missing dependency or issue an error
noting the dependency. All the dependencies, and how they are chained
together it a tree hierarchy, is why it takes the WU Client so long to
check for updates.

Instead of downloading a .cab or .msu update file (which won't have a
dependency tree built for it), sometimes the description articles for a
KB will mention dependencies (aka prerequisites), like:

https://support.microsoft.com/en-us/topic/july-6-2021-kb5004953-monthly-rollup-out-of-band-b0e3bd48-924b-45c5-8b54-d8317aa62901
(under the "Prerequisite:" section)

When I was back at the WU Catalog site, and I clicked on the file name
hyperlink which brings up an info dialog about the KB5004953 update,
under Package Details it says:

This update has been replaced by the following updates:
2021-07 Security Monthly Quality Rollup for Windows 7 for x86-based
Systems (KB5004289)

So, yep, the 4953 update on which most folks focused got replaced by
getting embedded in the 4289 cumulative update. Windows 10 users got a
separate out-of-band patch. Older, and unsupported Windows version
users, got a cumulative update.

> Except the WU client wasn't seeing I needed KB5004953 (or '1) at all.

Did it list the 4289 cumulative update? Did you check update history to
see if you already got 4289?

> I almost certainly don't need it.

Yeah, once I read up on how it works, it had no significance for my home
computers.

At work, it would only be of concern to the IT folks if they were
attempted to isolate resources, like printers, from segments in the
corporate network, or if they granted access to printers from outside
the corporate network. When I used to work from home, they setup a VPN
on their laptop loaned to me that brought me into a DMZ group of hosts
afterwhich I had to work with the IT folks to add permissions/grants to
get at my work hosts (on my desk and in the alpha lab). I can't
remember if I had access to printers or not. It's so rare that I have
to print anything. One a month I do a test print on my home printer
just to make sure the ports in the ink cartridge don't get plugged up
with dried ink. I do have to print rebate forms from Menards to send in
to get the rebates (wish they'd make it a wholly online process). Takes
me over a year, sometimes 2 years or more (if I don't deal with the
gov't for a long time), to use up the ink cartridges (black and color)
in my inkjet printer.

I can see in a corporate network where there is no external (Internet)
access to their internal resources that they would still care since
sometimes disgruntled (versus gruntled) employees could pose a threat as
malcontents taking advantage of vulnerabilities.

On Wed, 14 Jul 2021 12:08:17 -0400, gfretwell@aol.com wrote:
>
> On Wed, 14 Jul 2021 02:32:34 -0400, Paul <nospam@needed.invalid>
> wrote:
>
> >gfretwell@aol.com wrote:
> >
> >> How serious is this threat anyway?
> >> At a certain point I would just format my C and load an old image.
> >> My data is backed up several ways.
> >> What can it really do and why would they want to?
> >
> >I take it this is some kind of philosophical question ? :-)
> >
> >OK, let's ask the dude in alt.computer that had his
> >computer room wiped out by Osiris ransomware. Ask him how
> >long it took to reinstall all the computers, or even figure
> >out which license key went with which computer.
> >
> >I don't think disaster recovery is ever "pleasant" or "a lark".
> >
> > Paul
>
> But how is this risk for this particular bug expressed? What would you
> need to be running or how do you get exposed?

I answered this yesterday, in
Message-ID: <MPG.3b57d10bd956b3298fde9@news.individual.net>

--
Stan Brown, Tehachapi, California, USA https://BrownMath.com/
https://OakRoadSystems.com/
Shikata ga nai...

On 14 Jul 2021 15:45:28 GMT, Frank Slootweg <this@ddress.is.invalid> wrote:

>Paul <nospam@needed.invalid> wrote:
>> Frank Slootweg wrote:
>> > Stan Brown <the_stan_brown@fastmail.fm> wrote:
>> >> On 13 Jul 2021 13:48:22 GMT, Frank Slootweg wrote:
>> >>> Another approach would be a trusted sites which 'attacks' your
>> >>> computer to report any unneeded inbound connections/ports.
>> >> grc.com, and follow "Shields Up!"
>> >
>> > Thanks!
>> >
>> > I think I used that before, but I couldn't remember the name of the
>> > facility, nor where I kept the URL, if I kept it.
>> >
>> > Anyway, I tested my computer (and router) and got a 'perfect' or
>> > similar score in all the tests ("that's very cool", "VERY SECURE",
>> > etc.).
>> >
>> > So thanks again for the link!
>>
>> Some home router boxes have "anti-scanning" detection.
>>
>> If they spot, say, a sequential port scan, the router
>> "stops responding" on the WAN side for a short period of
>> time.
>>
>> This causes GRC to conclude the router is "VERY stealthy",
>> which is wrong.
>
> I don't think GRC is doing any such thing (making the wrong
>conclusion), but read on.
>
>> If GRC has modified the scan pattern since that test was done,
>> then the results of the scan may be more valid today.
>
> They can *also* do a sequential scan ('All Service Ports'), at least
>that *looks* to be a sequential scan, but the primary checks - 'File
>Sharing' and 'Common Ports' - are *not* sequential.
>
> Just to be sure, I checked some ports one by one ('User Specified
>Custom Port Probe') and the results were the same.
>
> BTW, when I said "I tested my computer (and router)", the router test
>is indeed a test of the *router*, the 'UPnP Exposure Test'.
>
> The other tests, are tests of one's *computer*, *via* one's router.
>
>> In my case, the scanner "log" indicated a scanning attack,
>> and the log had a name for the scanning pattern it
>> perceived was being used against it.
>>
>> Accurate scans of routers, is more tricky than it looks,
>> so don't get a bloated sense of accomplishment from just
>> one scan. As soon as I saw that log entry, it took all
>> the shine off the reported result :-/ Because my router,
>> the cheap little bastard, had outfoxed GRC. And it wasn't
>> stealthy after all.
>
> Again, let's not try to outsmart the people at GRC. They don't "scan"
>(unless you tell them to) they *probe*.
>
> We can't prove it either way, unless you still have the "cheap little
>bastard" router, but I think your router detected a sequential scan when
>you had *told* - on purpose or by accident - GRC's Shields UP! facility
>to *do* a sequential scan. I.e. a case of "Duh!".
>
> Perhaps Char can share his opinion on this.

I haven't done a packet capture on the Shields Up app but what I think
they're doing is simply sending a TCP SYN packet to the ports you've
requested. If it's a large group of ports, they can address those packets
sequentially or randomly, where randomly would have a slightly better
chance of evading the IPS (intrusion protection system) in your router, but
I think most current routers would also trip over a large number of SYNs
coming from the same source, regardless of whether they are in sequential
port order or random.

I don't think they send a specific probe and then wait for the results, as
the aggregate time would be too long. Instead, they probably send all
probes at once, or perhaps stagger them slightly, and then check them off
the list as replies come back (or time out).

With a TCP SYN request, your router (or PC) can reply with a TCP SYN-ACK,
indicating the port is open, or it can respond with a TCP RST (reset),
indicating the port is closed, or it can not respond at all, which GRC
calls 'stealth'.

If they were using UDP, your router (or PC) could respond with something
valid, indicating the port is open, or it could respond with an ICMP
Unreachable message, indicating the port is closed, or it can not respond
at all, which GRC calls 'stealth'.

Terminology-wise, I suppose checking one port could be called a probe,
while checking multiple ports could be called a scan.

If someone has actually done a packet cap, perhaps they'll chime in.

--

Char Jackson

On Wed, 14 Jul 2021 at 11:33:23, VanguardLH <V@nguard.LH> wrote (my
responses usually follow points raised):
>"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote:
>
>> (Checking my update history now, after the servicing stack update Paul
>> found, the last four entries now show: MSRT (KB890830) 5.90 successful;
>> MSRT 5.91 failed; SSU (KB4592510) Successful; Rollup [including
>> PrintNightmare fix] (KB5004953) Pending.)
>
>Yeah, I heard the Print Nightmare patch came in a cumulative (rollup)
>update for Windows 7. That was my suspicion when I expressed "but might
>be rolled into the monthly updates for older and unsupported versions of
>Windows".

Cumulative (5004953) or security-only (5004951).

After I did the service stack update, 5004953 completed its phase for
that time, and asked for a reboot. Some while later, I thought I needed
a reboot (Skype wasn't starting properly), so I did one. It (the update)
did an interminable amount of messing about before shutdown. After
reboot, it did another interminable amount, then rebooted itself again.
(I don't think I've had anything that wanted two reboots for a very long
time!) But wait ... after the second reboot, it said something like
"configuring update failed. Reverting" - and that took _another_ two (at
least; I might have lost count) reboots. Eventually, I _did_ get my
computer back - but after interminable messing about, and at least four
reboots. (Oh, after all that, Skype _did_ start properly, so the reboot
achieved _that_ purpose, but my blind friend who'd called me so I could
look at something for her had a _long_ wait!)

At a _guess_, it's because I haven't paid for extended support - though
at no point did it _tell_ me that, prompt for a key, or anything like
that.
>
>> (Oddly enough, the link in the extra window that pops up when I click
>> the Download button in the catalog page usually does nothing, but if I
>> right-click it, save link address, then paste that into my main window,
>> it does work. I see to have it defaulting to save rather than run
>> anyway, which is what I want.)
>
>The WU Catalog site uses Javascript. Some users disable Javascript, or
>default to Javascript disabled and then enable it for a selected source.

I don't have JS disabled by default.
[]
>> (I didn't: still said I needed to update the module installer - which it
>> seems I didn't, I needed to update the servicing stack instead.)
>
>As I heard, the WU client reads the manifest for an update to check for
>dependencies. When using the WU Catalog site, that's up to you do do.

Assuming by "the WU client" you mean what I get by running Windows
Update from the Start menu, then that has never offered me either of the
PrintNightmare fixes at all; I've only run them by downloading KB5004953
or '1 from catalog.
[]
>When I was back at the WU Catalog site, and I clicked on the file name
>hyperlink which brings up an info dialog about the KB5004953 update,
>under Package Details it says:
>
>This update has been replaced by the following updates:
>2021-07 Security Monthly Quality Rollup for Windows 7 for x86-based
>Systems (KB5004289)

Hmm. '953 being replaced by '289 seems odd; I know the KBs aren't
_entirely_ sequential, but a difference of nearly 700 seems odd! But
I'll have a look if I ever decide I might need it.
[]
>> Except the WU client wasn't seeing I needed KB5004953 (or '1) at all.
>
>Did it list the 4289 cumulative update? Did you check update history to
>see if you already got 4289?

Nothing other than MSRTs since 2020-9, and updates around then were
45xxxxx. (No, I hadn't until now checked update history for that, as I
didn't know about it.)
>
>> I almost certainly don't need it.
>
>Yeah, once I read up on how it works, it had no significance for my home
>computers.

After all that kerfuffle, I don't feel inclined to try again! If I do,
it'll be the much smaller - and, I hope, with less potential to go TU -
security-only update. (Though will check for supercession information.)
[]
>remember if I had access to printers or not. It's so rare that I have
>to print anything. One a month I do a test print on my home printer
>just to make sure the ports in the ink cartridge don't get plugged up
>with dried ink. I do have to print rebate forms from Menards to send in
>to get the rebates (wish they'd make it a wholly online process). Takes
>me over a year, sometimes 2 years or more (if I don't deal with the
>gov't for a long time), to use up the ink cartridges (black and color)
>in my inkjet printer.

I'm in a similar position - got fed up with inkjets blocking up, so
obtained a laser printer - it's an old Samsung colour one. (It's about a
two foot cube, and definitely the heaviest object I've lifted for some
years before or since! Cost me 25 quid with part-full toner cartridges;
they cost an arm and a leg, but what's in them will last me some years
at current rate.) If you do very little printing, especially if you
don't want colour, get a laser. They just work when needed.
[]
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

… too popular actually to be any good. - Alison Graham in Radio Times 2-8
February 2013

J. P. Gilliver (John) wrote:
> On Tue, 13 Jul 2021 at 11:23:45, Paul <nospam@needed.invalid> wrote (my
> responses usually follow points raised):
>> J. P. Gilliver (John) wrote:
> []
>>> Just points to KB5004953 (Rollup, 237 MB) or '4951 (Security Only,
>>> 21.1 MB). When I try either of those, I get told to update the
>>> Windows Modules Installer first, which I have not succeeded in
>>> doing. (Any guidance on that [or otherwise implement '4953] would be
>>> appreciated.)
>>
>> Recipe here. Two files. SSU + 4953
>
> Cake cooked, thanks!
> []
>> Upon trying to install KB5004953 to mitigate the PrintNightmare
>> exploit on Windows 7, I received the message that the PC needed
>> to update the Windows Modules Installer.
>
> As did I.
>>
>> The link to MS 2533552 works, but the links on that page pointing
>> to the downloadable update files lead to a page that states the
>> downloads are no longer available.
>
> I had (by what route I forget) also found mention of 2533552, and
> obtained it (IIRR from the catalog); however, on running, my system told
> me it was already installed.
>>
>> I followed the link provided by JuanSbrado-3258, downloaded the
>> Servicing Stack Update from the MS Update Catalog, and installed
>> this MSU (KB4592510).
>>
>>
>> https://support.microsoft.com/en-us/help/4592510/servicing-stack-update
>
> I checked and found I had no files with 4592510 in the name, so got and
> installed that ...
>>
>> After installing the Servicing Stack Update, I am now able to install
>> the KB5004953 update.
>
> ... and looks like the same for me.
>>
>> Thank you JuanSabrado-3258."
>
> Indeed!
>
> This time, on running 5004953, the "Searching for updates on this
> computer" stage took _many_ minutes (what _is_ it doing during that
> time? I can't believe it is only searching!), but eventually it has got
> to the "The updates are being installed" stage. (It's taking its own
> sweet time; the progress bar is about a third across.)
>>
>> It appears to be (partially) an SSU issue.
>
> Indeed. (Ah, it's moving again. Paused at nearly all the way across. Now
> all the way, though still ... ah, Done! Wants a restart.)
>>
>> I think at some point, there was also an irritating "End of Support"
>> patch that puts something on the screen. At the time, some people would
>> name and shame such patches (so others would not get bands or messages
>> on their screen), but perhaps that also had something to do
>> with the SSU status.
>
> I vaguely remember blocking that; as you say, it looks as if it also
> blocked the SSU, as the 4592510 file (according to the catalog page,
> anyway) was dated sometime last year.
>>
>> In the past, if a necessary SSU was missing, double clicking a
>> .msu file would say "Not For This OS", when in fact it was for the
>> OS, but the .msu was too bashful to indicate what item was missing.
>
> In this case it said it needed the update to the Windows Modules
> Installer, which seems to have been equally incorrect.
>>
>> Paul
>
> Thanks - as I said, cake now appears to be baked!

I tried an equivalent sequence on W8.1 and got
"reboot loop" for my trouble.

But being a trusting soul, I had backed up C: beforehand,
and just paved over the stupid thing :-) Problem solved.

"Cake ingredients, back inside respective boxes."

Paul

"J. P. Gilliver (John)" <G6JPG@255soft.uk> wrote:
> On Wed, 14 Jul 2021 at 11:33:23, VanguardLH <V@nguard.LH> wrote (my
> responses usually follow points raised):
[...]
> >When I was back at the WU Catalog site, and I clicked on the file name
> >hyperlink which brings up an info dialog about the KB5004953 update,
> >under Package Details it says:
> >
> >This update has been replaced by the following updates:
> >2021-07 Security Monthly Quality Rollup for Windows 7 for x86-based
> >Systems (KB5004289)
>
> Hmm. '953 being replaced by '289 seems odd; I know the KBs aren't
> _entirely_ sequential, but a difference of nearly 700 seems odd! But
> I'll have a look if I ever decide I might need it.

FWIW, on Windows 8.1 it's similar, i.e. the newer - by date- update
has a lower KB-number than the earlier (Out-of-band) update and is
slightly larger (which makes sense). Both have the same description
("2021-07 Security Monthly Quality Rollup..."), which is quite annoying.

Specifically, for *8.1*:

- 06JUL, Out-of-band, size 533.2 MB:
"2021-07 Security Monthly Quality Rollup for Windows 8.1 for x64-based
Systems (KB5004954)"

- 13JUL, Normal monthly, size 533.6 MB:
"2021-07 Security Monthly Quality Rollup for Windows 8.1 for x64-based
Systems (KB5004298)"

[...]

On Thu, 15 Jul 2021 at 09:05:14, Paul <nospam@needed.invalid> wrote (my
responses usually follow points raised):
[]
>I tried an equivalent sequence on W8.1 and got
>"reboot loop" for my trouble.

Well, mine did come back, after either four or five reboots - two to get
to the point where it knew it had failed, and then either two or three
to do the "reverting".
>
>But being a trusting soul, I had backed up C: beforehand,
>and just paved over the stupid thing :-) Problem solved.

(I had done an image recently, restoring from which _might_ have been
quicker. But it all came back, and touch [US: knock on] wood, all seems
to be back to no worse than before.)
>
>"Cake ingredients, back inside respective boxes."

Most definitely!
>
> Paul
John
(George and Ringo are on holiday.)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Of course some of it [television] is bad. But some of everything is bad -
books, music, family ... - Melvyn Bragg, RT 2017/7/1-7