[German]Microsoft has release update rollup KB3172605 for Windows 7 SP1 and Windows Server 2008 R2 SP1 at 07/21/2016. This update shall fix a few non security issues, but breaks (Intel) Bluetooth.
I've been noticed about this update by some a user comment within my German blog. And at my Googl+ accout Hanspeter wrote "The Windows 7 & Server 2008 R2 Patch disappeared and reappeared every few minutes today". So I decided to check Windows Update and sort a few things out.
Update KB3172605 has been offered on my Windows 7 SP1 machine as optional and is also listed in Microsoft's Update-History.
Details about Update KB3172605
Update KB3172605 is the July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. It replaces the June update rollups, which I've addressed in June 2016 update rollup (KB3161608) for Windows 7 SP1, and Windows Server 2008 R2 SP1. The July update rollup includes quality improvements (no new operating system features are being introduced – because Windows 7 SP1 and Windows 7 SP1 are now in 'Extended Support'). Also no new security updates are included. Key changes of this update rollup are:
- Improved support in Microsoft Cryptographic Application Programming Interface (CryptoAPI) to help identify websites that use Secure Hash Algorithm 1 (SHA-1).
- Addressed issue in Microsoft Secure Channel (SChannel) that sometime causes Transport Layer Security (TLS) 1.2 connections to fail depending on whether the root certificate is configured as part of the certificate chain for server authentication.
Both improvement are fixes to improve the outdated SHA-1 support (I've addressed this issue within my German blog post Abschied von SHA-1 in 2016 heißt reagieren …). SHA-1 support is fading out in 2016.
Should I install the update rollup?
The interesting question is whether to install this optional update rollup or not. My recommendation: It depends. If you've concerns about "new telemetry features" implemented in Windows 7 SP1 or fear an upgrade to "Windows 10", there may be no warnings so far. Nothing related has been found within this update rollup so far.
Update Rollup KB3172605, the Bluetooth killer …
If you depend on Bluetooth, it's strongly recommended to hide this update rollup and wait for a revision. The version released on July 21, 2016 causes a serious issue. According to Microsoft KB article:
After you install KB 3133977, the software for Intel Bluetooth devices may not be fully functional because of existing software issues in the Intel Bluetooth driver software. These issues may affect Bluetooth keyboards, mice, audio streaming devices, and voice headsets. You may also not be able to pair new Bluetooth devices. Intel is currently working on an update to address their software incompatibilities.
The problem occurs with Intel Bluetooth chips, but the devil is buried in the details. The problem comes with KB3161608 (see June 2016 update rollup (KB3161608) for Windows 7 SP1, and Windows Server 2008 R2 SP1). Update KB3133977 (Bitlocker update from June 2016) included in KB3161608 has been responsible for this issue. Also blog reader Rolf confirms within my German blog the bluetooth issue in a comment. There is a broad discussion at Intel communities here, here and here.
Microsoft recommends for users depending on a working bluetooth stack as a workout: block this update – and if it has been installed to uninstall this update rollup. Microsoft will release a revised update rollup.
And this rollup fixes a 100% CPU hogging DFSRS.exe issue, which has been introduced with an update rollup in May and brought one of my servers to an hold, if I did not adjust the affinity after reboot.
Raises the question, if those updates are still worth it to be installed. Especially rollups, where you cannot deselect or uninstall known faulty stuff individually.
@Olaf: Thx for the infomation. According to your last question: I would block this update untill MS rolls out a revised update. If you obtain further information/experiences in server environments, I'll appreciate your comments.
After distributing our monthly patches with SCCM some of out servicedesk employees complained that they couldn't reach the telephonecenter portal from their workstations: "This page can't be displayed". This portal is build in an Apache Struts setup with Java content (.do extension). After removing KB3172605 (x64) and a reboot the portal could be reached again.
We had the same issue as Marco – we could not get to our application (SAP BusinessObjects) "Page Not Found". After uninstalling KB3172605 – we could access the application.
Thx for your feedback – will have a closer look at that topic. If I get a clue, I will blog about that. Also have a look at this VMware KB article
We had an issue that caused SAP B1 not to load and when removing this Microsoft update SAP B1 worked again.