MS-DEFCON 2: Get automatic update turned off in preparation for April 2018 Patch Tuesday

Topic

New Reply

It’s time. Tomorrow is Patch Tuesday. Don’t let it catch you unaware. Post coming in Computerworld. We’re moving to MS-DEFCON 2: Patch reliability is
[See the full post at: MS-DEFCON 2: Get automatic update turned off in preparation for March 2018 Patch Tuesday]

6 users thanked author for this post.

SueW, Pepsiboy, Elly, JDeC, Microfix, AJNorth

Reply | Quote

Replies

Microsoft may have its way with all things Windows, but not this time. However not what month it is – Woody, it is April.

Reply | Quote

Perhaps Woody has inside knowledge that April’s patches are akin to March! ARRGGHH!

Windows - commercial by definition and now function...

Reply | Quote

Windows 10 Pro x64..I just did notice after reading the Computerworld article that KB4023057 was installed when I updated the March updates Friday. Should I try to uninstall it or is this version safe ?

Reply | Quote

That is like 2952664 in Win7. Unless you care surrendering to MS, uninstall it. And look in Settings\Apps and if it is there, uninstall it

1 user thanked author for this post.

woody

Reply | Quote

It’s not listed in Programs & Features under installed updates and it has been installed every monthly update for the last several months. I used Windows Update Mini Tool and I see where it’s installed but not giving me any option to uninstall. For some reason I can’t get wushowhide to bring any thing up before installing monthly updates ( tried everything ). Any suggestion on how to remove it and then I can run Windows Update Mini Tool prior to installing April updated down the road.

Reply | Quote

In an elevated CMD prompt or within an elevated Powershell, type:
wusa /uninstall /KB4023057 /norestart

Windows - commercial by definition and now function...

Reply | Quote

I copy and pasted that command into power shell and CMD elevated and it just brings up the windows stand alone installer menu.

Update: I got it to work, but it comes up and says that the update is not installed on this computer. BUT plain as day under Installed Updates it says it installed successfully on 04/06/18.
What gives with that ????

Reply | Quote

I think that it is because the update’s installer files were deleted after the update was installed successfully. As a result wusa doesn’t “see” the update as an update which can be uninstalled.

Reply | Quote

It’s in “Programs and Features”, not “Installed Updates”

1 user thanked author for this post.

Microfix

Reply | Quote

I’m on 1511. Barely. MS is relentless. I’m stubborn.

I uninstalled 2 installations of 4023057 today. Uninstalled the Update Assistant – again. Turned Windows Update Service off – again. How does MS keep worming it’s way inside my computer?

Bad Microsoft. Bad.

P.S. – If you run WUSHOWHIDE and it immediately returns with no updates to hide Windows UPdate Service is stopped and/or disabled. If it trundles and gives you one or more updates to hide MS has successfully restarted the stopped/disabled Windows Update Service.

P.P.S. – After I turn off the Windows Update Service I see flashes of window frames – programs starting running and finishing so fast that the screen can’t paint it fast enough for me to discern. Something is running in the background that I can’t discern. Ugh.

Reply | Quote

I just got a couple of tweets from @NippySnowman that present an interesting approach that I’ve never tried. If you have Win10 Pro, Enterprise or Education:

Turn on Pause updates.

Set a reminder and after 30 days or so,

(1) disconnect from the internet

(2) turn off pause updates

(3) turn pause updates back on

(4) reconnect to the internet.

Has anybody tried that? Any weird side effects?

Reply | Quote

I use the Pause Update 35 days option and tried that last month and it wouldn’t let me reset the Pause feature until it updated. I’m not sure on the Manually set number of days option, but would guess they have that hole plugged also.

Reply | Quote

I’m all prepared for tomorrow to hide any updates even 1803 with WUHide.:Saluting to him.: AND LET’S HOPE WHEN WE GET A DEFCON 3 at the end of the MONTH, WE ARE TOLD IN DETAIL what updates are optional, safe and/or not safe to install. Because I had to uninstall the cumulative for March that made my computer act up even kept signing me out.

So I pray for future reference that WE GET FULL DETAILS ON EACH UPDATE FOR THE SYSTEMS THAT are safe. So Woody, PK and Patch Lady-Be sure to be detailed so we know what to do. BECAUSE SAYING ALL patches and updates are safe to install DOESN’T MEAN ALL ARE SAFE.

Reply | Quote

Can I suggest you complain to Mr S. Nadella, and perhaps tone it down a bit.

Windows - commercial by definition and now function...

2 users thanked author for this post.

SueW, jburk07

Reply | Quote

Nadella won’t listen even if he did somehow read our complaints. The new status quo of releasing buggy, untested patches to the masses will simply continue as Microsoft thinks all of their patches are picture perfect.

Reply | Quote

still no bugfixed version of march windows 7 security only available? i’m still waiting before taking the risk of installing march updates…

1 user thanked author for this post.

JDeC

Reply | Quote

I’m so looking forward to 2020 when windows 7 support runs out! No more patches to be afraid of!

Reply | Quote

Hold on to your hats.  Here we go again.

Reply | Quote

I am not sure if this is the appropriate place for this question or not, but I don’t know where else to place it…Ever since the new server was put in place, I have had such a hard time with the site…constant Data Base Errors, trouble logging in, and once in, trouble logging out…and pages will not refresh and navigation has becoming a hit and miss effort. I have tried Firefox, my dominate browser…Chrome…even went to the Ipad and tried Safari and Dolphin. It is only this site, so I am fairly certain it is not my Provider or connection. Any ideas or thoughts?

A ship in harbor is safe, but that is not what ships are built for. --John Augustus Shedd

Reply | Quote

What you are seeing is the effect of the increased traffic on the site. With the problems caused by MS patches, more and mote people are looking for answers. It has been overwhelming, particularly the last few days.

And tomorrow being Patch Tuesday, there is little hope of immediate relief.

6 users thanked author for this post.

SueW, Elly, JDeC, jburk07, Individualist

Reply | Quote

So the time required to bring a patch set into more or less order is nearly a month.

What happens when it gets longer than a month? Is it an indication that patching is more risk-prone than the risk it reduces?

-Noel

Reply | Quote

just an observation – just 2c

boss… your defcon3 lasted only 3 days… max!!! and we’re down back to 2?!

life is more than …. em…. patching?!! maybe?

for ppl who cant or wont or dont want to take that – thats why grp W/L makes me more sane and calm   dont really feel missing out on anything THAT important… sorry im just too old for young stuff

its more like gambling these day – will it work or wont it work? good luck ppl

back to fishing for better dreams

Reply | Quote

Perhaps MS are working on an inverse psychology principal: the more difficult and uncertain patching your computer becomes, the more desperately will computer operators spend untold hours trying to keep it updated?

Reply | Quote

That’s what I suspected and posted here previously…
If they cant get you with bell and whistles
they will get you with ‘problem solving’
Attention goes where energy flows – the universal spiritual principle
The collective effort of all these good ppl put in patching since whence it begun

anyway be well ppl..
patch or no patch… to each his/her own
to be sure…
There is a possibly that grp W will ‘suffer’ as result of not following the prescribed ‘protocal’ and patching
again… the same choice remains… patch or no patch… to each his/her own
…
anyway be safe be well be sane be cool
peace to all – Shalom
back to fishing for better dreams

Reply | Quote

forgive me…

What I am trying to share here is –
Im just saying, for me anyway, that time and energy can be spend on somewhere else and on some one else we care about, and not on the machine
I mean, if the patching is surefire, and it will do good everytime (as it suppose to be)
then I will patch ASAP when its out, but if patching is like a gambling, maybe it will work or maybe it wonr work,
or did I get the order right and on and on…
Please that’s not the time and energy I am willing to spend ‘there’
so I am forced (in a way) to go to grp W (as being old age and need to keep the blood pressure stable too)
STILL I MUST ACKNOWLEDGE da BOSS and Susan and many experts here
If not for them
I would hv BSOD every day on every bootup since whence
So pls… there is a reason why da BOSS is… da BOSS
It seems they are on the ball and selflessly working for the benefit for many here
(hint: dont forget a thanksgiving)
be well all
back to fishing for better dreams

Reply | Quote

anonymous wrote:

boss… your defcon3 lasted only 3 days… max!!! and we’re down back to 2?!

Keep in mind that the DEFCON 3 was for March Updates; since we’re now in April, Woody turned DEFCON back to 2 . . .

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

1 user thanked author for this post.

Elly

Reply | Quote

My Windows 8.1 systems (X99 / Ryzen) have been patched to March 2018 level. No problems so far.

My Windows 7 systems continue to stay at December 2017 level, having been restored since the discovery of the Total Meltdown flaw.

Will see what Microsoft brings this month and whether the mess has been fixed. If not then the Windows 7 systems will stay unpatched (with the advantage of no performance degradation).

Hope for the best. Prepare for the worst.

1 user thanked author for this post.

Microfix

Reply | Quote

I have a question…..
I had rolled back to December rollup per Patch Lady’s recommendations.
In my hidden updates are the rollup patches for Jan.and Feb. (along with previews).
March doesn’t show up.
Since I am in Group A and these will not be installed,
if I unhide them and did a windows update check before today’s patches come out…
would they now go away seeing March is the latest rollup?
or do I just leave them hidden for now…
Not sure if I’m making myself clear….

Reply | Quote

If you want to answer the question for yourself, unhiding them then searching will do that. Unhiding does not install them and you can always re-hide them.

However, I would just leave them hidden b/c once they are superseded, they will go away anyway.

2 users thanked author for this post.

dgreen, Microfix

Reply | Quote

Down the chute and pending the go-ahead!

Windows - commercial by definition and now function...

Reply | Quote

Updates ran alright on my two Windows 7 64 bit systems. When I ran Windows Update on the Windows 7 x86 system, it caused a bluescreen every time the computer tried to start. It brought me into startup repair, and ran through a few things (and restarting a few times). Each time it would blue screen, and eventually just said that it couldn’t repair it (and would I like to send the report to Microsoft). I ran system restore to get it back up and running. I think it’s KB4093118 causing the trouble.This system didn’t get the March security updates due to Microsoft pulling them for x86. The March update still doesn’t appear as an option in Windows Update.

Edit to remove HTML. Please use the “text” tab in the entry box when yu copy/paste

1 user thanked author for this post.

MrBrian

Reply | Quote

Woody with hyperbole again. Does anyone here actually manage Windows machines in a business? Windows patching isn’t that hard, nor does it cause havoc if you have any idea what you’re doing. I’ve got a couple hundred active Windows 10 machines deployed currently and I don’t have SCCM on many of them and yet there is basically never an issue related to a Windows patch that causes tickets to be open (the worst we had was a dual monitor issue from a bad patch many months ago). Essentially, unless you’re a Windows 10 Home subscriber (and, like, don’t be) then you can easily set yourself to Current Branch for Business or it’s new equivalent Semi-Annual Channel to delay current feature installs. The “buggy” patches don’t affect 98% of customer workflow. Everyone knows not to patch the latest feature updates, but security updates you have to do because (and I’m being nice when I say this) Woody nor virtually any other non-software developer has any clue what goes into a security update, what is actually “buggy” and whether those “bugs” actually affect your workflow or even your underlying security (e.g. if you practice defense in depth almost any bad Windows patch is already solved/mitigated by some other safety feature like restricted local user rights, firewall IDS/IPS, etc.).

1 user thanked author for this post.

MrBrian

Reply | Quote

anonymous wrote:

Essentially, unless you’re a Windows 10 Home subscriber (and, like, don’t be) then you can easily set yourself to Current Branch for Business or it’s new equivalent Semi-Annual Channel to delay current feature installs.

No hyperbole to recommend that auromatic update be turned off in preparation for patch Tuesday. It is just good personal computing self-defense.

It appears that you are recommending home or small business users not to use Windows 10 Home at all… but even Pro is seriously down-graded in how it can be configured and locked down for privacy. Enterprise/Education versions are in managed environments, not available to most of the people here. Wouldn’t it be hyperbole telling all of us not to be a Home user? That statement is way more extreme than Woody telling us to turn off automatic updating.

There is an established method of updating here, following Woody’s Defcon levels and recommendations. It is relatively easy to avoid being an unpaid beta-tester for Microsoft… if you turn off automatic updating.

If you are using Semi-Annual Channel to delay current feature installs… you have the worst of automatic updating turned off. Why criticize others for advocating and doing what you, yourself, are doing? Maybe you’re afraid of losing the beta testers your environment is dependent upon, and being forced to do the testing yourself (because Microsoft isn’t)… and then, maybe, you wouldn’t have that 98% of customer workflow be problem free any more.

Be nice to Home users… they are why the Semi-Annual Channel works as well as it does. You are the tech expert where you are, and lack basic awareness of that? What can I say?

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Additionally, I can say with certainty I’ve experienced more bugs on the 24-25 machines I have running OS X High Sierra (even patched to 10.13.4) since it was released in September than I have on any version of Windows 10 since v1607 on far more machines. Of course, High Sierra is superior in many important ways, but stability & patch management ain’t one of those ways.

Reply | Quote

I’m in the Win7/Group B that went the safe(r) route and only installed IE11, KB4100480, and the MSRT but SKIPPED the March Security Only update.

Will there be some direction coming as to what people like me need to do with this next round of updates when MS-DEFCON goes all clear?

Reply | Quote

See post in #184675

https://www.askwoody.com/forums/topic/patch-lady-we-just-got-a-new-update-for-april/

Reply | Quote