MS-DEFCON 2: Make sure Windows is locked down in preparation for the Feb 2020 patches

Topic

New Reply

If you’re running Win10 version 1903 or 1909 and followed my instructions last month, you’re in good shape – you have Pause Update in effect for sever
[See the full post at: MS-DEFCON 2: Make sure Windows is locked down in preparation for the Feb 2020 patches]

5 users thanked author for this post.

Mr. Austin, geekdom, abbodi86, Kathy Stevens, Microfix

Reply | Quote

Replies

It is an indictment of the competence of those controlling Microsoft that all Windows 10 users must be tech savvy in order to preserve the continued functionality of their devices at update time.  It is beyond many users to be able to achieve this and they should not be expected to do so.

1 user thanked author for this post.

Mr. Austin

Reply | Quote

You’re making an assumption that x amount of Windows Updates cause problems, when in reality, this is not the case. Even here, when Woody posts about a patch issue, the exposure level and amount of confirmed cases is usually anecdotal at best (ie a few users on reddit).

It’s been this way in my experience going back to the 1703 days which is nearly 3 years ago now. The fact is, <1% of Windows 10 users have issues with updates when you account for 1 billion+ devices running the platform at this point in time.

2 users thanked author for this post.

bbearren, b

Reply | Quote

zero2dash wrote:

You’re making an assumption that x amount of Windows Updates cause problems,

Every single Windows 10 since the first Windows 10 had problems, bugs, rendering PCs useless…
Windows updates damages amount in $Trillions…
Only those technical enough know where/howto complain. 99% of home users just suffer running to the nearest Geeks or repair shops.

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Alex5723 wrote:

Windows updates damages amount in $Trillions…

That’s absurd. Math isn’t that hard.

1 user thanked author for this post.

b

Reply | Quote

[zero2dash]

Win10 had issues on launch, but then again so have most versions of Windows.
And there were lawsuits related to GWX but nothing awarded in millions or trillions.

• This reply was modified 5 years, 2 months ago by zero2dash.

2 users thanked author for this post.

b, Microfix

Reply | Quote

Alex5723 wrote:

zero2dash wrote: You’re making an assumption that x amount of Windows Updates cause problems, Every single Windows 10 since the first Windows 10 had problems, bugs, rendering PCs useless… Windows updates damages amount in $Trillions… Only those technical enough know where/howto complain. 99% of home users just suffer running to the nearest Geeks or repair shops.

That is an outrageously untrue statement.  I have 5 Windows 10 installations without a single problem, bug, or being rendered useless.  My son has two laptops that are updated automatically without any intervention on his part.  No problems, bugs, or being rendered useless.

I’m “the friend who knows computers” who gets called about PC problems.  Since Windows 10, I don’t get any calls.  If any one of those friends had bugs, problems or their PC’s rendered useless, I would hear about it immediately.

Outrageous over-statement.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

SoCalBB, b

Reply | Quote

indeed Alex5723 is overreacting again with that outrageous statement
from my experience I’ve only encountered few problems with many Win10 versions on the computers that run them

1 user thanked author for this post.

b

Reply | Quote

I began my Windows 10 experience as an Insider, before RTM, five years ago.  I’ve never had a bad update/upgrade.  The only updates I have blocked via group policy are driver updates.  It’s been all good.  The sky is not falling.

For home users, creating a drive image the weekend before Patch Tuesday requires less tech savvy than getting all the obscure settings tracked down and set correctly, and provides a greater degree of protection.  With all the imaging software available, many free, together with the free advice from all the experienced users of these various imaging software here on these forums, getting imaging setup by a first time uses is a piece of cake.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

SoCalBB, b

Reply | Quote

bbearren wrote:

I began my Windows 10 experience as an Insider, before RTM, five years ago.  I’ve never had a bad update/upgrade.  The only updates I have blocked via group policy are driver updates.  It’s been all good.  The sky is not falling.

For home users, creating a drive image the weekend before Patch Tuesday requires less tech savvy than getting all the obscure settings tracked down and set correctly, and provides a greater degree of protection.  With all the imaging software available, many free, together with the free advice from all the experienced users of these various imaging software here on these forums, getting imaging setup by a first time uses is a piece of cake.

A home user should *never* even have to think about creating a drive image under any circumstances. Maybe if Microsoft renamed its Home version to, “Amateur Geek” version, that might fly. Complex computer operating systems are not do-it-yourself affairs.

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

Reply | Quote

That’s why File History is an available feature in Windows 8 and Windows 10:

Use File History to backup and restore in Windows 10

Reply | Quote

Mr. Austin wrote:

A home user should *never* even have to think about creating a drive image under any circumstances.

I’m a home user.  Drive images have come to my rescue (from my own tinkerin’ and piddlin’, not because of Windows) countless times.  Creating drive images is one of the first things I learned how to do back in the days of Windows for Workgroups v3.11.  It was easy then, it’s a piece of cake now, with lots of solid, free software available for download, and loads of free help available from AskWoody and many, many other sites as well.

Are you not aware that your statement is directly contradictory to virtually everyone who participates in these forums?

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

[Mr. Austin]

zero2dash wrote:

You’re making an assumption that x amount of Windows Updates cause problems, when in reality, this is not the case. Even here, when Woody posts about a patch issue, the exposure level and amount of confirmed cases is usually anecdotal at best (ie a few users on reddit).

It’s been this way in my experience going back to the 1703 days which is nearly 3 years ago now. The fact is, <1% of Windows 10 users have issues with updates when you account for 1 billion+ devices running the platform at this point in time.

I’m not necessarily buying those numbers of users. Why? My very 1st 10 machine put into service in September 2019 has *always* had annoying bugs which interrupt my work. And like many others this past week, Windows had broken its own search and indexing functions several times. I now place Microsoft in the same league of programmed mediocrity and obsolesence as Apple’s stupid churning of iOS releases, which is now approaching 5 years in length.

It looks every bit to me like Microsoft is trying to deepen its own role as a company practicing surveillance capitalism at the expense of a reliable software user experience.

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

• This reply was modified 5 years, 2 months ago by Mr. Austin.
• This reply was modified 5 years, 2 months ago by Mr. Austin.

Reply | Quote

Please explain how Microsoft practices surveillance.

Reply | Quote

[Mr. Austin]

Mr. Austin wrote:

zero2dash wrote:

You’re making an assumption that x amount of Windows Updates cause problems, when in reality, this is not the case. Even here, when Woody posts about a patch issue, the exposure level and amount of confirmed cases is usually anecdotal at best (ie a few users on reddit).

It’s been this way in my experience going back to the 1703 days which is nearly 3 years ago now. The fact is, <1% of Windows 10 users have issues with updates when you account for 1 billion+ devices running the platform at this point in time.

I’m not necessarily buying those numbers of users. Why? My very 1st 10 machine put into service in September 2019 has *always* had annoying bugs which interrupt my work. And like many others this past week, Windows had broken its own search and indexing functions several times. I now place Microsoft in the same league of programmed mediocrity and obsolesence as Apple’s stupid churning of iOS releases, which is now approaching 5 years in length.

It looks every bit to me like Microsoft is trying to deepen its own role as a company practicing surveillance capitalism at the expense of a reliable software user experience.

• This reply was modified 5 years, 2 months ago by Mr. Austin.
• This reply was modified 5 years, 2 months ago by Mr. Austin.

It’s elementary math.
The last report they gave was in mid-September of last year and they were over 900 million devices. Surely in the last several months including the push and EOL of 7, they’ve added another 100 million devices, which means 1 billion is a formality.

Now, let’s address the amount of users who complain about Win10 issues in the largest public soundboard available, which is reddit. Yes, people complain of issues (and usually it’s driver-related, but I digress).

1% of 1,000,000,000 is 10,000,000.
Do you see 10 million new posts day to day on reddit for Win10 issues? I’ll admit I don’t monitor it that much, but I know that I don’t see that many posts. Hence my claim of <1% holds water.

Again, this is elementary math here.

You claim you have (or had) issues. I had issues and didn’t particularly like Win10 RTM, but that was 5 years ago. Since 1703, I’ve had no issues, and in fact, have grown fond of the OS to the point that anything but 10 feels archaic to me at this point in time. (And I say that as someone who held on to Win2K with bloody stumps for fingers long after XP was released.)

2 users thanked author for this post.

bbearren, b

Reply | Quote

Prior to suspected patches:

• Make a full backup including system image
• Make a rescue disk and make sure you can boot from it.
• Create a system restore point.

Despite all the best efforts and precautions, patches may still be installed on a system.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

WildBill

Reply | Quote

Still following MS-DEFCON cues… & also keeping a sharp eye out for any problems with Windows 8.1 patches from now on. Since Win7 users only get MS patches now if they’re on ESU, any hanky-panky from Micro$oft is aimed at Win8.1. I’m hoping to upgrade to v2004… in October!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

1909 (OS Build 18363.628), only driver updates controlled via group policy, nothing paused.  But it’s locked down in the drive images Task Scheduler used Image for Windows to create early Sunday morning that I have stored in an air-gaped 3TB HDD.

That’s my version of  preparedness, and most of it is accomplished automatically.  I’ll be clicking on Check for updates tomorrow until I get them downloaded and installed.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

joep517

Reply | Quote

For version 1909 Windows 10 Pro users,

is Woody’s Pause recommendation here, on the one hand,

and @PKCano’s recommendation for Feature Update Deferral set to 365, Quality Update Deferral set to 0, Group Policy Editor>Automatic Windows Update Configuration set to #2 -“Notify Download/Install”, Use Wushowhide to hide updates in the queue, on the other hand,

leading to the same goal of locking down Windows in preparation for Patch Tuesday?

1 user thanked author for this post.

rontpxz81

Reply | Quote

Yes.

Reply | Quote

For version 1909 Windows 10 Pro users, actually  Woody’s Pause recommendation here and @pkcano‘s recommendation for Feature Update Deferral set to 365, Quality Update Deferral set to 0, Group Policy Editor>Automatic Windows Update Configuration set to #2 -“Notify Download/Install”, Use Wushowhide to hide updates in the queue both lead to the same goal of locking down Windows in preparation for Patch Tuesday.

The difference is this:
If you use Pause, when the pause period has ended, the patches download and install. You can’t use pause again till they are installed. This is the tool that Home users have to lock down updates.

If you use Defer and the “2” (notify download/install), the patches will still sit there pending when the deferral period has ended, and won’t download until you click the “Download” button. This is available to the Pro Edition, as well as Pause.

1 user thanked author for this post.

Win7and10

Reply | Quote

I’m a Win 10 home user, new to Win 10 and on pause until 2/17.
When the pause ends, what happens?
Do the updates appear and tell me I can install them?
Does it check for updates and auto install or tell me that they are there and I can choose?
Thanks for your assistance!

Win 10 Home 22H2

Reply | Quote

When the Pause ends, the pending updates will appear in Windows Update and install unless you have set Metered connections on. You can’t use Pause again until the updates install, but you can delay them further by setting Metered connections in the Settings App under Network. When you want to update, you have to turn the metered connections off.

1 user thanked author for this post.

Win7and10

Reply | Quote

You may have answered this before, from what I understand the optional updates will be separate and not be automatically installed?

In order to do this, let the laptop check again on the date that the pause expires?

So when the laptop checks on the pause date or I undo the pause the updates will show as ready to install. Can I do any wushowhide at that time or down the chute they come…:)

Win 10 Home 22H2

Reply | Quote

Down the chute they come UNLESS you have turned Metered connections ON.

1 user thanked author for this post.

Win7and10

Reply | Quote

Ooooh, just had this update come down the WSUS chute.

2020-01 Update for Windows 7 for x64-based Systems (KB4539602)

Love how they still call it a “2020-01” update, even though it is a post-January fix delivered in February… Wouldn’t want to upset the ESU-paid-up customers.

No matter where you go, there you are.

Reply | Quote

[geekdom]

Pleased read here before you consider installing KB4539602 as there are potential boot issues:
https://borncity.com/win/2020/02/11/win-7-server-2008-r2-boot-issues-with-update-kb4539602/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

• This reply was modified 5 years, 2 months ago by geekdom.

1 user thanked author for this post.

PerthMike

Reply | Quote

[geekdom]

geekdom wrote:

Pleased read here before you consider installing KB4539602 as there are potential boot issues:
https://borncity.com/win/2020/02/11/win-7-server-2008-r2-boot-issues-with-update-kb4539602/

• This reply was modified 5 years, 2 months ago by geekdom.

Hilarity ensues… So they need to post a fix for a fix for a bug that they introduced in January…

I guess Microsoft really is trying to destroy any remaining trust in Windows 7/2008R2.

No matter where you go, there you are.

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Just got this a minute ago out-of-the-blue.

Reply | Quote

that was the optional .NET KB4534132 update in late Jan. 2020, which I also got on a test machine running Win10 v1903 several days ago

Reply | Quote

ok – new security updates are out.

it appears the KB4537820 rollup is the first Win7 ESU based update

and there are new Adobe Flash security updates – KB4537759:
https://www.catalog.update.microsoft.com/Search.aspx?q=kb4537759
https://support.microsoft.com/help/4537759
https://helpx.adobe.com/security/products/flash-player/apsb20-06.html

Reply | Quote

If you have a partial pause already in effect, you may need to click “Resume updates,” then reboot.

I didn’t read this article yesterday and my three 1903 machines are only paused through 2/25.

Probably not a good idea to resume updates and reboot today though, 2/11, huh?

Reply | Quote

After following your advice on how to stop Windows 10 from auto updating, I recently read elsewhere a different way to turn off Windows 10 updating:

1. Press the Windows logo key + R or right click on Start.

2. Select Run.

3. Type services.msc and press Enter.

4. Scroll down to Windows Update, and double-click it.

5. In Startup type, select Disabled.

6. Click Apply and OK to save the settings.

Is this a valid way to do the same thing as you detailed in previous emails?

Bill B

Reply | Quote

That may stop the Windows Update Service temporarily, but Windows Scheduled Tasks in Win10 will just turn it back on.

Reply | Quote