Mathwiz

It sounds like .Net Framework 3.0 and 4 somehow got installed on your netbook, possibly as part of some other software. Also, you may only have .Net 4 Client Profile installed, not .Net 4 Extended; if so, you'll get only some of the Net 4 updates. I'd go to Add/Remove Programs and check. If the .Net frameworks are there, that'd explain why you're being prompted to install updates. The looping problem we've both had doesn't seem to be all that common, so it's probably OK to install the updates. If it does start looping, the easiest fix is probably just to hide the looping update, but if you have a day or two to waste, uninstalling and reinstalling the .Net framework with the looping update did seem to work for me eventually. You might also PM Heinoganda as he offered in the post before yours. His unofficial roll-up updates might save you some time vs. installing dozens of updates from scratch as I did. For .Net 4, make sure you uninstall first Extended, then Client Profile. Even if the looping update is for Extended, I had to uninstall Client Profile and reinstall the whole shebang before the looping update finally "took." Very frustrating and time-consuming.

Doesn't seem to hang on a particular file. Once it stopped on explorer.exe! No other AV software is installed. I'll scan C: for errors and report back.

All good suggestions (and all free, too!) Thanks.

Well I'm gobsmacked. The $%^@ update installed again, and now it's gone from the list! I don't even need to hide it now. Of course I've got about two dozen more updates to install now; I hope it doesn't come back at some point! But I have another MU annoyance: My "Restore hidden updates" link is greyed out! I know I have hidden a couple of updates (Skype is one), but the only way I can see them is to hide an "Important" update, then click the banner that warns "You've hidden important updates."

OK, will try once more; if it still keeps offering the update even after I've installed it, I'll just hide it and be done with it. I've already wasted the whole day on this and life is too short to mess with nonsense like this.

BTW, there should be an easier way to clear your USB history than booting into safe mode and deleting all USB devices one at a time. Anyone know of a simple program to do it?

OK, this is getting really frustrating. I tried uninstalling and reinstalling again, then installing only KB2487367. Still no luck! Still wants to install it again! Could I have gotten a bad download of KB2487367? I tried going to https://support.microsoft.com/en-us/kb/2487367 but clicking "Download the package now" just takes me to the Microsoft Download Center with no clue where to go from there.

Didn't work for me. Uninstalled, reinstalled, installed 7 (!) "Important" updates including KB2487367 (which was the first one), and it still wants to install KB2487368 again!

Running into a weird problem with MSE 4.4.304.0. I'm trying to run a "Quick Scan," and the scan always freezes after scanning 31868 items. I can't even cancel the scan at that point. I have to reboot to stop the frozen scan. It isn't always the same item being scanned when it freezes, but it always seems to be the same number of items.

@kikuk: If you go to the trouble to uninstall and reinstall .Net Framework 4, please post back and let us know if it fixed the problem with KB2487367. I'd hate to go to all that trouble, then find out it didn't help at all! Until then, I've just hidden the update on my PC so it'll quit bothering me. I think it really is installed (it shows up in Add/Remove Programs), but WU is just not checking it correctly.

Copy the following (which I copied from the first post at the POSReady '09 topic) into Notepad, save it as a file with a .reg extension, then double-click the file: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded] [-HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS] [-HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES] [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 This removes some possibly conflicting registry entries and sets the PosReady registry entry to "Installed." Then run Microsoft Update. As always, you can choose which updates are actually downloaded and installed. To reverse, simply delete the HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady registry key.

Similar to Dave-H's problem, I'm now being prompted to install Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367) over and over, even though it installs successfully each time! A reboot didn't help. Other than hiding the troublesome update, anyone know how to stop this crazy thing?

Yes, that's all that's required in my experience. Just add the registry entry, and not only does MSE auto-update start working, but you'll get ~70 other updates from MU that you've missed since Win XP EoL.

Well, if the application is a browser, you can just browse to https://www.ssllabs.com/ssltest/viewMyClient.html and it will tell you, right at the top of the page, whether it supports TLS 1.2. I don't know of an easy way to check non-browser clients (secure email, etc.) though.

With or without the POSReady '09 updates, XP 32 will support large HDDs but only if they present 4K sectors (not real or emulated 512-byte sectors): http://www.msfn.org/board/topic/158361-confirmed-3tb-hdd-usb-drive-on-winxp-32bit/?do=findComment&comment=1046836

Well, me neither; sadly, so many web sites seem to flummox Opera 12 now. Facebook doesn't really work very well with it anymore. Have to use Firefox. But I still prefer Opera 12's interface to the new browser "look" that has somehow become the standard from Firefox to Chrome to Opera 15-36. And 12 still works fine with a lot of sites, including many forum/board sites like this one. I'm glad to hear 12.18 stopped those random crashes. I haven't seen one in a while, but I used to get them a LOT on my Win 7 machine at home. (I always suspected they had something to do with Flash; they seemed to stop for me once I got to Flash 23.) But either way, I needed the 12.18 security updates because some https: sites just wouldn't connect to 12.17 any more. Anyhow, I seem to have drifted off-topic. I hope Microsoft leaves their site where it will work with TLS 1.0 and 1.1. I just tested it, and the WMC link above even works with a browser as old as Firefox 3.5! You really should use TLS 1.2 if your browser has it, but most of the time there's no reason to force it on folks using older browsers like IE 8.

I had totally missed the 12.18 update to Opera. Thanks! Now I can use Opera 12 with those annoying Web sites that only support Elliptic Curve Diffie-Hellman Ephemeral key exchange. (They used to just give me the Unable to Complete Secure Transaction message and I had to go to another browser.)

Looks like Microsoft enabled HTTP Strict Transport Security as well. That will cause some browsers to turn all http: requests into https: ones. Opera does this, for instance. Oddly, I just tried https://www.microsoft.com/en-us/download/windows-media-player-details.aspx with IE 8 and it worked! So I went back and tried with Opera again, and now it falls back to TLS 1.1 if I disable TLS 1.2. I swear it didn't do that yesterday! BTW, make sure you have the latest IE 8 security fixes. Use the POSReady 9 registry hack if necessary.

OK, I just tried this page with Opera. It works; but if I disable TLS 1.2, it fails with "Unable to complete secure transaction." That's probably why https: connections to microsoft.com fail with IE 8 too. IE 8 does not support TLS 1.2. You can go to https://www.ssllabs.com/ssltest/viewMyClient.html with any browser to see what security protocols, encryption ciphers, etc. your browser supports.

Sounds like the same WU screw-up that bedeviled Win 7/8/8.1 users for several recent months. BTW, the IE8 update (and probably earlier versions) fix a couple of issues most of the Internet says "cannot" be fixed on IE8 on XP: Closes FREAK vulnerability Adds AES support to IE8 (AES was added to schannel.dll many updates ago, but IE8 wouldn't use it) Still haven't figured out a way to enable TLS 1.1 or TLS 1.2, though. Of course IE8 is pretty ancient compared to other XP compatible browsers, but at least if you do use it at a secure website, the security will be less likely to be compromised. One more thing. If you use IE8 with secure websites, you should probably consider disabling the old RC2 and RC4 cipher and MD5 hash algorithms. I've attached a .reg file to do that. Disable insecure algorithms.reg

I wanted to add that kb3172605 is still somewhat buggy. First, as Microsoft has documented, it still breaks Intel Bluetooth devices. Second, on my work PC it breaks Mitel's VOIP software (MiCollab 6.0) just as kb3161608 did. So it may not be a solution to slow Windows Update scans for everyone. The link I provided to Woody's InfoWorld article contained its own link to this page. It's a little hard to follow but gives a workaround. (Unfortunately the workaround may change next Patch Tuesday.) It involves installing a couple of updates on dencorso's blacklist (I'd suggest kb3083710 and kb3102810 for Win 7, kb3083711 and kb3102812 for Win 8.1; despite being on the blacklist, these appear to be relatively safe from both a telemetry and a Win 10 perspective), as well as downloading and installing five security fixes manually (bypassing the search for updates). Once this is done the search for additional updates is purported to take under 15 minutes. I just hate "roll-up" updates. Why couldn't Microsoft have addressed each issue with a separate update? That way, even if there are problems with one, you could still install the others.

That hours-long update cycle is a bug. KB 3161608 was supposed to fix it but was itself buggy. So, it was recently replaced by KB 3172605 for Windows 7, and KB 3172614 for Windows 8.1. Here's an article on the topic: http://www.infoworld.com/article/3099109/microsoft-windows/microsoft-yanks-buggy-speed-up-patch-kb-3161608-replaces-it-with-kb-3172605-and-3172614.html You can try installing the appropriate KB 31726nn update for your system. Hopefully Microsoft finally got it right (at least as far as Windows Update is concerned). They do not seem to include any Win 10 nonsense, as far as I can tell. Unfortunately all these patches do seem to include telemetry so you'll probably also want a telemetry blocking solution (as discussed a few posts ago).

The end (of all this GWX nonsense) appears to be near: https://support.microsoft.com/en-us/kb/3173040

Back in my Win98 days (and I still use my Win98 PC once in a while), I needed a similar wild-card capability for ad blocking, and used a freeware program called DNSKong for this purpose. I just Googled it and apparently, it still exists - and it seems to run fine on Win 7 (someone will need to try it on Win 8 through 10): http://www.pyrenean.com/Filtering. If you set up DNSKong, add the above domains (w/o the * or "=0.0.0.0" parts) to DNSKong's named.txt file and, in combination with the numerous hosts entries added by Spybot Anti-Beacon, you should be set. Depending on your router, you may also be able to set up the above blocks there; but that process varies greatly from one router to another and isn't possible on all of them. BTW, I agree we should try to avoid telemetry updates in the first place if/when feasible. But for those of us not quite ready to ditch Windows updates altogether, updates with telemetry are likely to sneak through on occasion. (In particular, the latest "Windows update update" appears necessary for updates to finish in a reasonable amount of time, and is likely to include the WU telemetry introduced back in December.) So a combination of strategies - both blocking bad updates and blocking telemetry servers - seems more prudent than relying on either strategy alone.

My concern with 3161608/3161647 is telemetry: presumably all updates to the WU client include 3112343, listed on post 1 as "This update also improves the ability of Microsoft to monitor the quality of the upgrade experience." But if it's the only fix for days-long WU downloads, our only realistic choices may be either to live with it or live without updates. Or maybe not. Has anyone tried this from Safer-Networking.org?