MS-DEFCON 5: Time to get patched

I’m still amazed but this past month — the May  2015 Black Tuesday crop — has been one of the best-behaved mammoth bunches of patches I’ve seen.

There were problems, to be sure, but most of them were confined to Microsoft’s insipid attempts to force Windows 10 upgrade advertising down our throats. Considering that was about 1% of all the patches dished out over the month, that’s not a horrible result. Misguided, yes, but not horrible.

All of the May patches that appear to cause problems — KB 3020369, 3045171, 3057110 — have been fixed or nearly fixed. KB 3020369 can hang at “Stage 3 of 3” during reboot, but we’ve been reassured it isn’t a problem, if you just pull the plug.

The April stinkers – KB 3048043, 3022345 — have been re-issued and re-issued and, in some cases re-re-re-re-issued. But they now appear to be stable.

I continue to recommend that you don’t bother with KB 3022345. It’s a Windows 10 come-on. People who install it and then run SFC /scannow get treated to a report of broken system files, but we now know the system files are fine — it’s just that SFC doesn’t like KB 3022345. If you have 302234 installed already, thwack yourself on the forehead, but don’t uninstall it. Ain’t worth the effort.

The other painful April patch, KB 303814, has been superseded by KB 3049563 on May 12. Another one bites the dust. The painful March IE patch, KB 3032359, was superseded by KB 3038314 in April. Once again, don’t use Internet Explorer unless you really have to. Microsoft’s abandoning it, and so should you. (Okay, I overstate the case, but only by a little bit.)

So, I’m giving a green light except for KB 3022345, which is an embarrassment that will come back to bite us again. It’s not going to clobber your system, though, so don’t worry about it too much.

In a rare occurrence, I’m moving all the way down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

The usual admonition applies: Use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source).