windows update just seems to hang while checking.

wither 3

Vista Guru
Gold Member
Back in post 692, Vistaar questioned why I didn't provide a link to the server 20008 updates. I was simply following up on that. I'm not going to use them. Everything is working fine, despite the things I've noted.
 

My Computer

System One

  • Operating System
    Vista Home Premium 64 bit SP2
    Manufacturer/Model
    Cyberpower
    CPU
    Intel Quad CPU Q6700 2.67 GHZ
    Motherboard
    NVIDIA 780i
    Memory
    4 GB
    Graphics Card(s)
    MSI GTX 560 TI Twin Frozr
    Sound Card
    Sound Blaster SB Audigy
    Monitor(s) Displays
    Viewsonic VG2436
    Screen Resolution
    1920x1080p
    Hard Drives
    Samsung HD 105SI
    WDC WD20
    Case
    Apevia XJupiter
    Cooling
    air
    Mouse
    Logitech MX 600
    Keyboard
    Logitech MX 3200
    Internet Speed
    30 Mbps

lmacri

Vista Pro
IMO this thread makes downloading 4 patches before checking for updates sound much harder than it really is. Here's a video tutorial...
Hi Vistaar:

Thanks for the link to that July 2017 video. It looks like the five Vista SP2 / IE9 "speed up" patches used in that video (KB32053638, KB4012538, KB4015195, KB4015380 plus KB4014661 if IE9 is installed) are identical to what I suggested back in April 2017 in my step-by-step instructions on page 1 of m#l's thread Updates not working, it has been searching for updates for hours where I post as user Great White North.

Unfortunately, that video was created in 2017 and doesn't take into account that users will now have to install additional "speed up" patches if they have MS Office 2010, MS Office 2007 and/or the MS Office Compatibility Pack SP3 add-on installed, since these MS Office products were (or still are) supported beyond the end of extended support for Vista SP2 (11-Apr-2017) and will also cause these "Checking for updates..." hangs. That's why Volume Z must revise his list of required "speed up" patches on page 1 of peggybeggs' thread why has vista stopped automatic updates? every Patch Tuesday. Those revisions will continue until all those MS Office products, including MS Office 2010, reach their end of support and stop receiving new security updates via Windows Update.

That's also why I provided customized instructions for townsbg in post #669, since he has MS Office 2007 (which likely includes the MS Office Compatibility Pack add-on) on his Vista SP2 machine.
______________________________

EDIT: If you pause that YouTube video at 2:26 you will also notice that Windows Update is set to receive updates "For Windows only". Most Vista SP2 users with other Microsoft products like MS Office, MS Silverlight, etc. will have Windows Update set to "For Windows and other products from Microsoft Update".
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 
Last edited:

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps

Vistaar

Vista Guru
Imacri, you have a real talent for making things sound more complicated than they really are:
...Unfortunately, that video...doesn't take into account that users will now have to install additional "speed up" patches if they have MS Office 2010, MS Office 2007 and/or the MS Office Compatibility Pack SP3 add-on installed....That's also why I provided customized instructions for townsbg in post #669, since he has MS Office 2007 (which likely includes the MS Office Compatibility Pack add-on)...
No, users will not "now have to install additional 'speed up' patches." Post #662 shows that townsbg had already acquired Windows updates before your "customized instructions" were ever posted. If MS Office is installed, I have no doubt that Windows Update could finish checking for updates somewhat quicker if the latest updates for MS Office had already been manually installed - but that is clearly not essential. There is apparently no point asking you how much quicker Windows Update will run with additional "speed up" patches, since your second screenshot in this post (attachment 30607) shows that your SP2 was installed 26/05/2009 - i.e. you have not reinstalled Vista in the last 10 years, and everything you know about this topic was merely gleaned from the writings of others. On the other hand, gurus townsbg and wither 3 now have actual hands-on experience.
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT

townsbg

~~тσωηsвg~~
Vista Guru
Gold Member
Imacri, you have a real talent for making things sound more complicated than they really are:

No, users will not "now have to install additional 'speed up' patches." Post #662 shows that townsbg had already acquired Windows updates before your "customized instructions" were ever posted. If MS Office is installed, I have no doubt that Windows Update could finish checking for updates somewhat quicker if the latest updates for MS Office had already been manually installed - but that is clearly not essential. There is apparently no point asking you how much quicker Windows Update will run with additional "speed up" patches, since your second screenshot in this post (attachment 30607) shows that your SP2 was installed 26/05/2009 - i.e. you have not reinstalled Vista in the last 10 years, and everything you know about this topic was merely gleaned from the writings of others. On the other hand, gurus townsbg and wither 3 now have actual hands-on experience.
Please don't make that conclusion based upon me. I still haven't finished Windows updates or enabled updates of other products.
 
Last edited:

My Computers

System One System Two

  • Operating System
    Windows 7 Pro x64
    Manufacturer/Model
    Mid 2010 iMac
    CPU
    Quad core 3.2 Ghz Intel I3
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5670 512 mb ram
    Screen Resolution
    1920x1080 and 1440x900
    Hard Drives
    1 TB
    Other Info
    N/A
  • Operating System
    Windows 2008 R2 Enterprise
    Manufacturer/Model
    Compaq Presario SR5350F
    CPU
    Pentium 2.0 gHZ Dual core E2160
    Memory
    2 gb
    Screen Resolution
    1440 x 900
    Hard Drives
    300 GB

Vistaar

Vista Guru
Reviewing wither 3's participation in this thread's April 2019 resurrection, post #675 shows that the Windows Update problem was solved by installing just the 4 patches recommended by Volume Z in post #656. Of course wither 3 was promptly informed by Imacri, "If you have IE9 installed you must include one IE9 cumulative security update released after March 2017 (KB4014661 or higher) to your list of required 'speed up' patches or your Windows Update will still run very, very slowly." This belated advice was obviously nonessential - not that I am opposed to manually updating IE9. There seems to be some disagreement as to whether KB4014661 (April 2017) or KB4018271 (June 2017) was the ideal "speed up" patch. This strikes me as rather absurd, since KB4018271 has now been replaced 22 times and counting. (Do we really think Microsoft made different versions of IE9 for different versions of Windows 6.0?)

A separate thread about updating Microsoft Office might not be a bad idea, but it's rather late to prevent this thread from becoming unreadable.
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT

Volume Z

Member
Hi Vistaar,

manually preinstalling one or more of the blacklisted updates is about eliminating their issue-triggering potential.

The issue gets triggered by the preceding equivalent of one of the above being applicable. You do not necessarily have to have (KB4015195 + KB4015380 + KB4012538 + KB3205638) installed. It's just the most recent variant of (KB4015195 (invariant regarding predecessors) + KB3191203 + KB3185911 + KB3087039) - which makes it more reasonable to recommend.

As to the Cumulative Security Update for IE9, triggering the Update Search issue is about KB4014661 being applicable. This one, too, is invariant regarding predecessors.

Applicability of KB4014661 can be prevented several ways.

1. Having IE9 not installed.

2. Having IE9 as well as KB4014661 installed.

3. Having IE9 as well as any superseding version of KB4014661 installed - like KB4018271.

The same goes for the aformentioned Security Updates for MS Office. Note that any update not rated Security does not qualify for trigger of the search issue. Also, any update not available at Windows Update does not qualify for trigger of the issue, while it may very well qualify for un-triggering.

I just recently discovered that the formerly triggering Excel and Word related Security Updates for Compatibility Pack SP3 have stopped doing so. Not exactly sure about the respective Office 2007 SP3 and Office 2010 SP2 ones right now.

Regards, VZ
 
Last edited:

My Computer

lmacri

Vista Pro
...I ran a Windows Update today at ~ 3 PM after enabling Windows Defender (I normally have Windows Defender disabled), and Windows Update ran to completion in a few minutes and was able to install the latest KB915597 Definition Update for Windows Defender (v1.291.1271.0 rel. 05-Apr-2019). Note that I'm fully patched to the end of extended support (11-Apr-2017) and I manually installed both "speed up" patches for my Microsoft Office Compatibility Pack SP3 (KB4018354 for the Word converter, released Apr 2018; KB4661607 for the Excel converter rel. Feb 2019) listed in Volume Z's post on page 1 of peggybeggs's thread why has vista stopped automatic updates? ...
...I just recently discovered that the formerly triggering Excel and Word related Security Updates for Compatibility Pack SP3 have stopped doing so. Not exactly sure about the respective Office 2007 SP3 and Office 2010 SP2 ones right now.
Hi Volume Z:

Further to my 07-Apr-2019 post, I'm fairly certain I ran a Windows Update on my Vista SP2 machine this month before installing the latest KB4661607 "speed up" patch for my MS Office Compatibility Pack SP3 and had another "Checking for updates..." hang. I aborted that Windows Update after ~ 15 or 20 min and re-booted, installed the KB4661607 Excel converter (I installed the KB4018354 Word converter several months ago) and my next Windows Update ran to completion in under 5 min. I think those "speed up" patches for the MS Office Compatibility Pack SP3 are still helping on my 32-bit Vista SP2 machine, but that might be because it has a relative slow CPU and limited RAM and is more susceptible to these "Checking for updates..." hangs than a machine with a 64-bit Vista SP2 OS.

If there's another MS Office Compatibility Pack SP3 update released for the May 2019 Patch Tuesday (14-May-2019) I'll test again and post my results in peggybeggs' thread in the MS Answers forum.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps

Volume Z

Member
Hi lmacri,

are you even sure KB4461607 is available at Windows Update? I just installed Compatibility Pack SP3 for testing. The latest versions of xlconv2007 and wordconv2007 I'm able to obtain automatically are the Patch Day April 2018 ones. Search time involving KB4011717 and KB4018354 is under nine minutes. It's the same Windows Update that helped identify their predecessors at the end of 2016 and that right now goes haywire with, say, KB3191203 applicable.

Could you post a picture of the next CP SP3 related Update offered to you?

Regards, VZ
 

My Computer

lmacri

Vista Pro
...are you even sure KB4461607 is available at Windows Update?...
Hi Volume Z:

Sorry for the misunderstanding. I did not mean to say that the latest available MS Office Compatibility Pack "speed up" patches KB4018354 (wordconv, rel. Apr 2018) or KB4461607 (xlconv, rel. Feb 2019) were automatically delivered via a Windows Update. I downloaded those .msu standalone installers for KB4018354 and KB4461607 from the Microsoft Update Catalog and installed them manually. After those "speed up" patches were installed I ran a manual Windows Update, which found and finished installing the latest virus definitions (v1.291.1271.0, created 05-Apr-2019) for the Windows Defender anti-malware scanner in about 5 minutes. Windows Defender has not reached its end of extended support on Vista SP2 machines so Windows Update should still be able to automatically deliver new virus definitions for Windows Defender to my machine once I've manually installed any missing "speed up" patches.

30652

...I just installed Compatibility Pack SP3 for testing. The latest versions of xlconv2007 and wordconv2007 I'm able to obtain automatically are the Patch Day April 2018 ones. Search time involving KB4011717 and KB4018354 is under nine minutes...
The point I was trying to raise in my previous post is that "Checking for updates..." hangs are much more severe on "true" Vista SP2 machines purchased a decade ago with slow CPUs and limited available (free) RAM, especially if they have a 32-bit OS. If I recall correctly, the Vista SP2 system you use for testing is actually a virtual machine (VM) that is installed on a 64-bit machine running Win 7 SP1 or Win 10. I don't know the speed of your CPU or how many CPU cores and RAM are allocated to your Vista SP2 VM emulator, but I just wanted to clarify that your comment that "the formerly triggering Excel and Word related Security Updates for Compatibility Pack SP3 have stopped doing so" might not apply to someone with a different system configuration. As far as I know, Microsoft hasn't purged the expired (superseded) updates for the MS Office Compatibility Pack in Vista's update catalog wsusscn2.cab that still cause these "Checking for updates..." hangs on many systems.

The impact any of these "speed up" patches have on Windows Update is very much dependent on your system configuration and how long it has been since patches for these problem security updates with long, complex supersedence chains like IE9, MS Excel 2007, the Vista SP2 kernel-mode driver Win32K.sys, etc. were last applied on your system.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 
Last edited:

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps

Volume Z

Member
Hi lmacri,

you're somewhat overestimating my hardware. The installation used right now is not a virtual one, also it's not 64-bit. It's not a fast CPU and RAM is limited as well.

The impact any of these "speed up" patches have on Windows Update is very much dependent on your system configuration and how long it has been since patches for these problem security updates with long, complex supersedence chains like IE9, MS Excel 2007, the Vista SP2 kernel-mode driver Win32K.sys, etc. were last applied on your system.
Totally disagreeing. It could never appear on fresh installations then. It does result from complex supersedence chains, but they are a property of the triggering updates themselves. It makes no difference what environment you build around them.

As to KB4461607 - as I wrote earlier, it can't be a trigger if it's not available at Windows Update. If it's not a trigger, it has no urgency with regard to fixing the update search issue.

For Windows Defender updates - I'm doing those, too. You are not left to searching them manually, at this poor monthly frequency. I'm using an automatic task to do a silent search at every startup without even employing Windows Update. I'm going to look up the exact command for you shortly.

Regards, VZ
 
Last edited:

My Computer

wither 3

Vista Guru
Gold Member
I believe townsburg is running it in a VM.
 

My Computer

System One

  • Operating System
    Vista Home Premium 64 bit SP2
    Manufacturer/Model
    Cyberpower
    CPU
    Intel Quad CPU Q6700 2.67 GHZ
    Motherboard
    NVIDIA 780i
    Memory
    4 GB
    Graphics Card(s)
    MSI GTX 560 TI Twin Frozr
    Sound Card
    Sound Blaster SB Audigy
    Monitor(s) Displays
    Viewsonic VG2436
    Screen Resolution
    1920x1080p
    Hard Drives
    Samsung HD 105SI
    WDC WD20
    Case
    Apevia XJupiter
    Cooling
    air
    Mouse
    Logitech MX 600
    Keyboard
    Logitech MX 3200
    Internet Speed
    30 Mbps

lmacri

Vista Pro
...you're somewhat overestimating my hardware. The installation used right now is not a virtual one, also it's not 64-bit. It's not a fast CPU and RAM is limited as well.
Hi Volume Z:

Sorry, my bad . I assumed you were still testing with the Vista VM you mentioned <here> in the MS Answers forum, and my posts from around that time kept referring to your 64-bit VM. I don't know where I got the idea you had a 64-bit machine.

...Totally disagreeing. It could never appear on fresh installations then. It does result from complex supersedence chains, but they are a property of the triggering updates themselves. It makes no difference what environment you build around them...
I'm fairly certain the amount of RAM can effect the length of the "Checking for updates..." hangs, although the CPU speed probably isn't as important.

See my post # 80 in this thread. Windows 7 SP1 was also affected by these "Checking for updates..." hangs but Microsoft eventually released a series of updates for the Windows Update Client like KB3050265 that fixed an issue that "has the greatest effect on computers that have a small amount of physical memory" (that quote was from the KB article). My understanding is that KB3050265 and subsequent updates for the Windows Update Agent for Win 7 SP1 (which were never pushed out to Vista SP2 machines) improved the efficiency of data buffering in and out of RAM and helped to speed up searching of the update catalog wsusscn2.cab for security updates with these long, complex supersedence chains. These supersedence chains are relatively short and simple when you first apply SP1 on a fresh Vista installation because the Windows Update Agent only looks for updates released between SP1 (rel. 04-Feb-2008) and SP2 (rel. 25-May-2009). As soon as SP2 is installed the Windows Update Agent has to sift through supersedence chains going all the way up to the end of extended support on 11-Apr-2017, and the amount of available RAM then becomes a limiting factor.

...For Windows Defender updates - I'm doing those, too. You are not left to searching them manually, at this poor monthly frequency. I'm using an automatic task to do a silent search at every startup without even employing Windows Update. I'm going to look up the exact command for you shortly....
Thanks, but don't worry about the Windows Defender updates, unless you think your command would be helpful for others following this thread. Windows Defender is normally disabled on my machine and I don't use it for scanning. I temporarily enable Windows Defender when I'm testing a new "speed up" patch for Windows Update; if Windows Update can find, download and install the latest available virus definition set in less than 5 minutes then I know it's running correctly. As soon as my Windows Update test is finished I disable Windows Defender again.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps

Volume Z

Member
Hi lmacri,

the first update to really address the Windows 7 general search issue was KB3161608, the June 2016 Rollup Update. Also no matter how much RAM you have, it's still about having the issue happen or not. I wouldn't recommend waiting a spoiled search out just to find out how long it really takes.

In other news, I'm about to stop flagging the Excel and Word related Security Updates for Office 2007 SP3. Once again installed Office 2007 SP3, searched for KB4018353, KB4018355, KB4011717 and KB4018354 without any problems. And again nothing offered beyond April 2018.

Regards, VZ
 
Last edited:

My Computer

townsbg

~~тσωηsвg~~
Vista Guru
Gold Member
So I bit the bullet and reinstalled Vista. Now it's fully updated to EOS. The strange thing is though, I'm not getting any IE updates other than the one for IE 7, the actual IE 9 install, and the IE 9 speed up patch. Any idea why? I checked my installed updates and those are the only ones showing up. IE.JPG
 
Last edited:

My Computers

System One System Two

  • Operating System
    Windows 7 Pro x64
    Manufacturer/Model
    Mid 2010 iMac
    CPU
    Quad core 3.2 Ghz Intel I3
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5670 512 mb ram
    Screen Resolution
    1920x1080 and 1440x900
    Hard Drives
    1 TB
    Other Info
    N/A
  • Operating System
    Windows 2008 R2 Enterprise
    Manufacturer/Model
    Compaq Presario SR5350F
    CPU
    Pentium 2.0 gHZ Dual core E2160
    Memory
    2 gb
    Screen Resolution
    1440 x 900
    Hard Drives
    300 GB

lmacri

Vista Pro
...
I'm not getting any IE updates other than the one for IE 7, the actual IE 9 install, and the IE 9 speed up patch....
Hi townsbg:

That sounds correct. Vista Service Pack 2 (rel. May 25, 2009) comes with IE7, and not the IE8 version released March 19, 2009. After Service Pack 2 is applied during a clean reinstall the "normal" update path (assuming Windows Update is not hanging on "Checking for updates...") is IE7 >> direct upgrade to IE9 (usually the original KB982861 installer released on 14-Mar-2011) on first Windows Update >> patch to KB4014661 on second Windows Update (the last monthly cumulative security update for IE9 released on 11-Apr-2019 via the Windows Update channel).

This KB4014661 (v9.0.60) is at the top of the supersedence chain for IE9's monthly cumulative security updates for Vista SP2, so after a clean reinstall and upgrade to IE9 the Windows Update Agent, if working, is smart enough to skip over all the monthly IE9 updates released between March 2011 and March 2017 and install the KB4014661 update of April 2017 that supersedes (replaces) all these older IE9 updates. It looks like you manually applied the special out-of-band KB4018271 (v9.0.61) that was posted on the Microsoft Update Catalog in June 2017 (i.e., but never delivered via Windows Update after Vista SP2 reached the end of extended support in April 2017) as your Windows Update "speed up" patch, but the same principle applies - Windows Update will not go back and install older cumulative security updates that have been superseded (replaced) by a newer update.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps

Vistaar

Vista Guru
2019 SHA-2 Code Signing Support requirement for Windows and WSUS apparently means that Windows Update will cease to function for legacy Windows versions on July 16, 2019. If anyone needs to reinstall Vista, you should do so before that date. If your Vista installation is in good condition (sfc /scannow finds no integrity violations, registry hasn't been fouled up), this would be a good time to make an image or clone for backup purposes. A custom Vista ISO with slipstreamed updates might also be a good thing for Vista enthusiasts to have on hand.
 

My Computer

System One

  • Operating System
    Vista Home Premium x86 SP2
    Manufacturer/Model
    HP Pavilion Elite m9150f
    CPU
    Intel Q6600
    Memory
    3 GB
    Graphics Card(s)
    NVIDIA GeForce 8500 GT

lmacri

Vista Pro
2019 SHA-2 Code Signing Support requirement for Windows and WSUS apparently means that Windows Update will cease to function for legacy Windows versions on July 16, 2019. If anyone needs to reinstall Vista, you should do so before that date....
Hi Vistaar:

I've been wondering about the implication of that policy change for Vista SP2 myself. Windows Update delivered the KB2763674 security update for handling certificates signed with a SHA-2 (specifically SHA-256) hashes to my Vista SP2 machine during my January 2013 Patch Tuesday updates (see image below). Are you saying that Vista SP2 users will not be able to run Windows Update to download patches for programs that have not reached the end of extended support (e.g., like MS Office 2010 that doesn't reach EOS until October 2020) after 16-Jul-2019 if those new patches are signed with a SHA-2 hash? Or are you suggesting that Windows Update will be unable to install any security update signed with a SHA-1 hash (including updates for Vista SP2 and IE9 released prior to 11-Apr-2017) once we reach that 16-Jul-2019 cutoff? I assume that would require a change to the Vista SP2 Windows Update Agent (wuaueng32.dll v7.6.7600.256, released June 2012) before 16-Jul-2019, which likely isn't going to happen now.

30667

------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 
Last edited:

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps

townsbg

~~тσωηsвg~~
Vista Guru
Gold Member
July 16, 2019

Required: Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in April and May will be required in order to continue to receive updates on these versions of Windows.
Windows Server 2008 SP2
I wonder if the April patch for 2008, the one that changes the build, is what they are referring to here. If so maybe that can be applied to Vista, at the user's own risk.
 

My Computers

System One System Two

  • Operating System
    Windows 7 Pro x64
    Manufacturer/Model
    Mid 2010 iMac
    CPU
    Quad core 3.2 Ghz Intel I3
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5670 512 mb ram
    Screen Resolution
    1920x1080 and 1440x900
    Hard Drives
    1 TB
    Other Info
    N/A
  • Operating System
    Windows 2008 R2 Enterprise
    Manufacturer/Model
    Compaq Presario SR5350F
    CPU
    Pentium 2.0 gHZ Dual core E2160
    Memory
    2 gb
    Screen Resolution
    1440 x 900
    Hard Drives
    300 GB

lmacri

Vista Pro
I wonder if the April patch for 2008, the one that changes the build, is what they are referring to here. If so maybe that can be applied to Vista, at the user's own risk.
Hi townsbg:

If you are referring to the KB4489887 or later Monthly Rollups for Windows Server 2008 that change the Vista SP2 build from 6.0.6002.x to 6.0.6003.x (see the discussion <here> in the MSFN forum) then I don't think applying a single update is going to help. See the support article 2019 SHA-2 Code Signing Support Requirement for Windows and WSUS Vistaar referenced for the entire list of updates being released between March and September of 2019 that need to be applied to install updates signed exclusively with SHA-2 hashes.

I suspect that Vista SP2 users who are manually installing the Windows Server 2008 patches each month (i.e., since Vista SP2 reached EOS on 11-Apr-2017) will have to ensure they apply all the relevant security updates listed in 2019 SHA-2 Code Signing Support Requirement for Windows and WSUS if they want to continue installing new updates released after 16-Jul-2019 that are signed exclusively with SHA-2 hashes. Note that this support article states that the "legacy" OSs this change applies to are "Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2". Those "legacy" OSs haven't actually reached their EOS yet - Win 7 SP1, for example, doesn't reach EOS until 14-Jan-2020.

My question was about Vista SP2 users who perform a clean reinstall after 16-July-2019. If I understood correctly, Vistaar suggested in post # 717 that Vista SP2 users performing a clean reinstall users will not be able to patch their system back to EOS (11-Apr-2017) because Windows Update will completely cease to function on Vista SP2 computers after 16-Jul-2019 (at least without applying the Windows Server 2008 patches listed in that 2019 support article). That doesn't sound right to me - I can't imagine that Microsoft is going to pull hundreds of security update for Vista SP2 released prior to 11-Apr-2017 and then re-issue those old updates with new security certificates that are signed exclusively with SHA-2 hashes.

Going forward, it would be unfortunate if Microsoft starts issuing new security updates that are signed exclusively with SHA-2 hashes for supported products that are compatible with Vista SP2 (e.g., MS Office 2010, which does not reach EOS until October 2020) and prevents Vista SP2 users from installing new security updates for these supported product after 16-Jul-2019, but given their past track record it's not entirely impossible they'd do something thoughtless like that.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * MS Office Professional 2003
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
 
Last edited:

My Computer

System One

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Internet Speed
    5 MBps
Top