Update for Windows 7 (KB976902) – Detailed Analysis

KB976902 – An Important Update for Windows 7?

In today’s batch of Windows updates was Update for Windows 7 (KB976902), and I did a detailed analysis of this Windows update.

Today is Tuesday, the day that Microsoft typically releases updates for its Windows operating systems. In today’s batch of updates, Microsoft has listed “Update for Windows 7 (KB976902)” in the list of “Important” updates. However, when one clicks on “More Information” next to this update, the search results return:

Sorry, but we couldn't find the page that you requested.

Why is there no KB976902 in Microsoft’s database? Is this some secret update that they don’t want to tell you about? Maybe Microsoft has been hacked, or maybe it’s a new anti-piracy thing related to Microsoft’s Windows Genuine Advantage, that they like sneaking into updates. After all, the description says:

Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed.

This reminds me a lot of Microsoft’s previous Windows Update and WGA tactics from the past.

Update (10/28/2010)

The KB976902 update package was pulled from Windows Update somewhere between 2:37AM and 3:56AM EDT on 10/28/2010, and no longer shows in the list of Important or Recommended updates. However, the update is still available via direct download at the links in my detailed analysis. At 10:59PM EDT on 10/28/2010, Microsoft finally released the KB article for KB976902, which has less information than their articles usually have and way less information than my article has.

Analysis

In preparation for supporting a new Windows image, this update is updating the servicing stack to 6.1.7601.17105 including Component Based Servicing, Component Management Infrastructure, Package Manager, and Windows Management Instrumentation. This is to support Windows 7 and Windows 2008 R2 SP1.

Detailed Analysis

The Update for Windows 7 (KB976902) is currently only available as an express installation package, available through Windows Update services. An express installation package has the benefits of using BDC (Binary Delta Compression) and BITS (Background Intelligent Transfer Service). Although the update is only 30.4KB in size, it updates 39 files on the computer that are 15.5MB in size total. An express installation package only downloads files that need updating, and then only downloads the differences (deltas) between the two files to create the updated file, to save on data transfer. Additionally, Windows will use only unused bandwidth to download these files in the background, using BITS. The update oddly shows up in Windows Update as 4.3 MB on Windows 7 32bit and as 10.2 MB on Windows 7 64bit.

The update is available at the following URL:

http://download.windowsupdate.com/msdownload/update/software/crup/2010/10/windows6.1-kb976902-x86-express_f5a971562a7d8714435881582a67d8dc385d217e.cab

Thanks to MowGreen at the Microsoft forums, for the link to this 4.4 MB installer version of the package:

http://download.windowsupdate.com/msdownload/update/software/crup/2010/10/windows6.1-kb976902-x86_4ecfb941d7a035154f3bf264fce68c7f2e4f0e01.msu

The following files are checked to determine if they need updating.

apds.dll – Microsoft Help Data Services Module
apircl.dll – Microsoft Info Tech IR Local DLL
apss.dll – Microsoft Info Tech Storage System Library
cbscore.dll – Component Based Servicing Core DLL
cbsmsg.dll – Component Based Servicing Message DLL
cmiadapter.dll – CMI adapter for CSI
cmitrust.dll – Installers for trust info and related elements
cmiv2.dll – CMI Configuration Management API
cntrtextinstaller.dll – Performance Counter Installer Plug-in
dpx.dll – Microsoft Delta Package Expander
drupdate.dll – Driver Servicing
drvstore.dll – Driver Store API
esscli.dll – WMI
fastprox.dll – WMI Custom Marshaller
globalinstallorder.xml – Install order for CBS and Package Manager
helpcins.dll – Microsoft Help Installer
locdrv.dll – CMI Plug-in installer for localized drivers
mofd.dll – WMI
mofinstall.dll – Installers for MOF files
msdelta.dll – Microsoft Patch Engine
mspatcha.dll – Microsoft File Patch Application API
oemhelpins.dll – Microsoft Help Customization Installer
pkgmgr.exe – Windows Package Manager
poqexec.exe – Primitive Operations Queue Executor
repdrvfs.dll – WMI Repository Driver
smiengine.dll – WMI Configuration Core
smipi.dll – SMI Primitive Installer
svcini.exe – Generic command for servicing ini files
wbemcomn.dll – WMI
wbemcore.dll – WMI
wbemprox.dll – WMI
wcmtypes.xsd – Localization file for SMI
wcp.dll – Windows Componentization Platform Servicing API
wdscore.dll – WDS
wmicmiplugin.dll – WMI CMI Plugin
wmiutils.dll – WMI
wrpint.dll – WRP Integrity Check And Repair DLL
x86_installed – Installation type indicator file
xmllite.dll – Microsoft XmlLite Library

CMI = Component Management Infrastructure
CBS = Component Based Servicing
Info Tech = Windows Localized Help System
WMI = Windows Management Instrumentation
SMI = Settings Management Infrastructure
WDS = Windows Deployment Services
WRP = Windows Resource Protection

The only files that should need updating on an updated Windows 7 system are the following:

cbscore.dll
cmiv2.dll
drvstore.dll
fastprox.dll
globalinstallorder.xml
helpcins.dll
pkgmgr.exe
smiengine.dll
wbemcomn.dll
wbemcore.dll
wcp.dll
wdscore.dll

Besides the version changes from build 7600 to 7601 (6.1.7600.16385 to 6.1.7601.17105), the only obvious changes were some bug fixes in smiengine.dll and the following packages added to the globalinstallorder.xml file:

Microsoft-Windows-Security-SPP-Component-SKU-Embedded
Microsoft-Hyper-V-VStack.Resources
Microsoft-Hyper-V-VStack

The following registry changes are made:

<registryKeys>
<registryKey keyName=”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing” owner=”false”>
<registryValue name=”EnableLog” valueType=”REG_DWORD” value=”0x00000001″ operationHint=”replace” owner=”true” />
<securityDescriptor name=”WRP_REGKEY_DEFAULT_SDDL” />
</registryKey>
<registryKey keyName=”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version” owner=”false”>
<registryValue name=”6.1.7601.17105″ valueType=”REG_EXPAND_SZ” value=”%SystemRoot%\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17105_none_0b7293d225839c39″ operationHint=”replace” owner=”true” />
<securityDescriptor name=”WRP_REGKEY_DEFAULT_SDDL” />
</registryKey>
<registryKey keyName=”HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller” owner=”false”>
<registryValue name=”Friendly Name” valueType=”REG_SZ” value=”Windows Modules Installer” operationHint=”replace” owner=”true” />
<registryValue name=”ServiceName” valueType=”REG_SZ” value=”TrustedInstaller” operationHint=”replace” owner=”true” />
</registryKey>
<registryKey keyName=”HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller” owner=”false”>
<registryValue name=”BlockTime” valueType=”REG_DWORD” value=”0x00002a30″ operationHint=”replace” owner=”true” />
<registryValue name=”BlockTimeIncrement” valueType=”REG_DWORD” value=”0x00000384″ operationHint=”replace” owner=”true” />
<registryValue name=”PreshutdownTimeout” valueType=”REG_DWORD” value=”0x0036ee80″ operationHint=”replace” owner=”true” />
</registryKey>
</registryKeys>

These upgrades appear to be updating the servicing stack to 6.1.7601.17105 including CBS, CMI, Windows Package manager, WMI, SMI, WDS, WRP, and Info Tech to add additional localization functionality and to prepare the WDS to support the new Windows image for Windows 7 and Windows 2008 Server R2 SP1.

The service pack will introduce Microsoft RemoteFX, Dynamic Memory, and other minor fixes.

Microsoft RemoteFX is supposed to improve remote desktop’s experience, making it seem more like one is actually at the console instead of logged in remotely.

Dynamic Memory lets Hyper-V admins to dynamically distribute memory to running virtual machines.

This update does not appear to directly affect Windows Genuine Advantage files or activation. However, I have a genuine copy of Windows 7 and am not very knowledgeable of the files involved in any activation extention software or WGA bypass software. As with most updates that update the WDS or update system, there is no way to uninstall it other than doing a system restore to a point prior to installing it.

UPDATE: I didn’t realize that so many people didn’t know what the Microsoft Windows servicing stack was. Please see this documentation. Although the documentation is written for Vista and some things have changed, the brief summary and related documentation on image maintenance covers it in detail.

7 Replies to “Update for Windows 7 (KB976902) – Detailed Analysis”

  1. This up appear on WU but i not install yet. I´m waiting comments about of this up of people install the kb976902. Maybe is anti-piracy up or something strange.

  2. Good set of data Mark Adams.
    Either you don’t know the secret behind the update or you do not say.
    This update is not an upgrade to WGA, Anti-piracy, NSA snooping abilities. What Microsoft hasn’t stated is that this update prevents Vlite and RT 7 lite from working. That’s the reason you can’t uninstall it. Microsoft wanted to make sure, those tools did not work with Windows 7. New tools came to be and worked by using official Microsoft tools. In a way, we should thank Microsoft, not for not telling us about the real reason, but in this way Microsoft has forced genuine customization (DISM and DISM based tools) which as dreadful as it sounds has helped keep the Windows 7 standard high.

    Grand Master

  3. i change microsoft for spying this file kb976902 ask for my game info and it will not let them run it stops them in their track it report all of what you do to micorosoft they are now in the spying business and they are not the gov or the police so i say they are spys

Leave a Reply

Your email address will not be published. Required fields are marked *