MS-DEFCON 2: Time to make sure Windows Automatic Update’s turned off

Topic

New Reply

https://www.youtube.com/watch?v=vkqnAh_5ODw Post coming in Computerworld.
[See the full post at: MS-DECFON 2: Time to make sure Windows Automatic Update’s turned off]

2 users thanked author for this post.

Elly, Myst

Reply | Quote

Replies

MS-DECFON? Meh… accidents happen. Not sure if spellcheck tried to interfere… got the message. Will wait for the CW article… currently on “Check for updates, but let me choose whether to download and install them”.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

1 user thanked author for this post.

woody

Reply | Quote

Does setting the “Pause updates for up to 35 days” option accomplish the same thing as setting the internet connection to “metered”?

Reply | Quote

You will have to keep telling Windows 10 no every new month.

Reply | Quote

I really hope the new LTSC version is coming out soon, as a former LTSB 2016 user for almost 2 consecutive years I don’t want anything to do with CB/CBB.

Sure 1803 works OK but I shouldn’t have to de-bloat Windows with scripts, batch files and registry settings.

I would still use LTSB 2016 if it weren’t for the fact that my new i7 8700K Coffee Lake build is acting strange with freezes, programs crashing and causing frustrating unresponsiveness right after clean installs.

LTSB 2016 is what Windows 10 should have been in the first place and is a valid upgrade from Windows 7.

At least in LTSB/LTSC you have more control over your OS and Windows Updates.

Reply | Quote

Is there any way for a normal person to get a license for this, or do you use more “creative” methods?

Heck, I’d even pay MS ~$100 a year to get a version like this; I have a tower PC with no camera or touchscreen and run 99% “Win32” apps. All I want is peace/stability!

Reply | Quote

I’m afraid there isn’t normal ways for the average Joe to get their hands LTSB 2016 and Microsoft do not want anyone to run one of their most stable and de-bloated Windows 10 version.

But truth is, I’m like any average Joe you would know and I still ended up with LTSB 2016 so what did I do different?

Let’s just say I didn’t gave up and did my homework correctly. And maybe I did a ton of Googling too.

For anyone wanting to migrate to LTSB 2016 there is only to 2 things people need to know which is the following:

1. 031ED6ACDC47B8F582C781B039F501D83997A1CF (Search and you will find what you are looking for)
2. KMS (Research this and it will enlighten you)

Reply | Quote

Microsoft do not want anyone to run one of their most stable and de-bloated Windows 10 version.

You got that right. The enterprise I work for decided to go LTSB (due to my encouragement) about 5 months ago. The Micro$ rep did NOT want us to do it and tried to talk us out of it, but couldn’t come up with any argument that held up to scrutiny or convinced the higher-ups when weighed against the prospect of upgrading many hundreds of machines every year. You’d think we were costing him commission or something.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

One thing that completely baffles me is why they even bother with LTSB/LTSC versions if they don’t want anyone to use them in the first place.

Microsoft, don’t tell me that LTSB/LTSC is strictly for critical infrastructure like ATMs, medical equipment, and PCs that control machines on a factory floor.

It’s just bull, Windows 10 LTSB compared to CB/CBB versions works just as good for anything you want to do in your life.

Gaming, nope no problems there. Office, Visual Studio and other software whether it be from Microsoft or 3rd party creators works just as good too.

LTSB/LTSC is a cruft free Windows 10 version where you are in more control of things than in other CB/CBB Windows 10 versions.

Coming from Enterprise LTSB 2016 to regular Enterprise 1803 was a cruel joke, seriously what have happened since the days of Windows 7 Enterprise.

App Store and other annoyances shouldn’t even be in Enterprise to begin with, and heaven forbid that you accidentally installed a cumulative update AFTER you configured the OS to your liking and removing the cruft which takes you back to square one.

I really hope LTSC 2018 is what LTSB 2016 used to be and that it’s cruft free.

Reply | Quote

This will be my first patch Tuesday behind Automatic Updates being outright Disabled (setting of 0), and using WUMT in lieu of Settings\Updates and security. Previously I had AU set to 2 which is Notify for download and install. (In all cases, deferrals set: Feature update set for 365 days, Quality update set for 14 days.)

Reply | Quote

Bummer! I dragged my feet, and now we are at Defcon 2. Oh well, guess I’ll wait a bit longer to do Windows updates.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

These days I install updates from the catalog. It does mean I have bigger file sizes to download but at least I get a heck of a lot more control over the updating process, and I can update when I want to, not when Micro$oft wants to. Plus, you’re able to uninstall these updates through the classic Control Panel –> Installed Updates page, so it’s quite a nice relief from the monster that is now Windows Update.

Reply | Quote

Time to make backups — everyday is backup day — and prepare to beta test.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

2 users thanked author for this post.

BobbyB, MrJimPhelps

Reply | Quote

Just got this email from SL:

Windows 10 Patches? So What

Honestly, I don’t know what your problem is. I have every patch and I have yet to experience a problem with Windows 10.

And yes, I read the community forums where people yell and scream and look for a class action lawsuit, etc. But most of those people are on the bottom of the barrel of computer knowledge.

In my opinion, most of the new ‘innovations’ that make up Windows 10 are just plain stoopid, but they all work correctly.

I wish I had his lucky rabbit’s foot….

Reply | Quote

Well, if he loves to risk his computer by installing every patch be my guest,  he may have billion dollars to buy any computer he wants.

as for the rest of us that truly treasure its computers, we will keep following woody and susan’s advice.

I prefer holding patches even if they are ok  to  blindly install every patch

Just someone who don't want Windows to mess with its computer.

2 users thanked author for this post.

Seattle27, Cybertooth

Reply | Quote

Well, Woody,

that makes 4 Windows 10 computers I’m aware of that never have any problems with Windows 10 and it’s updates:

1. SL’s computer.

2. The manager’s computer at work.

3. My friend’s computer.

4. My friend’s wife’s computer.

Everyone else I know who has/had Windows 10 on their computers usually described it in ways that would be censored if I tried to post their comments here (or they’ve wiped 10 and installed Windows 7 or Linux).

3 users thanked author for this post.

Noel Carboni, woody, AlexEiffel

Reply | Quote

Would the comments have to be precensored before they go to the censors?

Reply | Quote

Even IF those people are ‘on the bottom of the barrel of computer knowledge’, it would only make it worse. Because do you really have to be a system engineer to run Windows 10? And if you don’t have this ‘holy computer knowledge’ that means things will go wrong sooner or later? And just because you don’t happen to be a nerd, you have to accept crashes of 10 after updates? And just ignore them because you are stupid anyway? Hope this SL whoever he is will never have to visit a doctor who tells him/her to google his problems and solve them alone. Because, you know, he/she obviously has no medical knowledge and thus is stupid.

2 users thanked author for this post.

lurks about, Cybertooth

Reply | Quote

Sorry to be play grammar Nazi on you here here but according to Mr. Intelligence himself (aka SL) it’s spelled “stoopid’.

Sorry… couldn’t resist 🙂

1 user thanked author for this post.

woody

Reply | Quote

Life of Riley, until computer misfortune befalls him. It’s not as if he hasn’t been warned by other people. I hope he has made backups and knows how to use them. Preparation is a practical skill.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

This just reminds me of some shoddy social media post about “a mother who led a very healthy lifestyle and had cancer” and “a guy who smoked like a factory and ate McDonald’s every day doesn’t have cancer” and therefore you should disregard all medical advice and just do whatever you want in your life.

It’s all a matter of probability. Leading a healthy lifestyle *reduces* your probability of getting cancer but does not eliminate it completely. Eating lots of junk food *increases* your probability of getting cancer but does not guarantee it.

You may very well be installing every Microsoft patch the minute it comes out and be the 0.0001% that experiences no problems, or you could be very careful with every patch and still have it BSOD your computer when you install it. There’s no guarantee that you’ll win the lottery or be extraordinarily unlucky.

Our best bet is to try to reduce the probability of us getting bricked machines with bad patching practices (as is frequently the case) and increase the probability of us being able to install the patches with or with little problem (as is frequently the case when we wait and watch before acting).

1 user thanked author for this post.

Seattle27

Reply | Quote

Those of us who are still using 1703 will have to decide next month whether we’re going to jump to 1709, 1803, or maybe even 1809. But that’s a decision for another day.

I am staying on 1703. Free me from these chains! Group W paradise, here I come!

Reply | Quote

OK – it’s your system – but thar be tygers….

Reply | Quote

2018-09 Updates are in the Catalog now.

Reply | Quote

woody wrote:

If you remain resolute in your belief that Microsoft’s way is the best way, then by all means, I urge you to install all of the updates as soon as they’re available. That way you can tell us what went wrong. Use your phone.

As urged, I installed six updates for Windows 10 version 1803 on two laptops today and nothing went wrong.

Using my phone was not required (but its Windows 10 still works fine too.)

2 users thanked author for this post.

columbia2011, Kirsty

Reply | Quote

Just a note if you have turned off Windows Update:

The September 2018 Patch Tuesday updates include a patch (Win 7 and higher) for a vulnerability that is being actively exploited.  See the Microsoft Security Response Center (MSRC) security update guide for CVE-2018-8440 | Windows ALPC Elevation of Privilege Vulnerability at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440.  A security researcher publicly disclosed this zero-day vulnerability on Twitter on 27-Aug-2018 without notifying Microsoft and giving them a chance to create a patch, and attacks began a few days later.  According to CERT’s Vulnerability Note VU#906424 “Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.”

This month’s SAN Internet Storm Center Patch Tuesday Summary at https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/ confirms that CVE-2018-8440 was disclosed and exploited, although they only rate the severity as Important, and not Critical.

Reply | Quote

There is a topic on this vulnerabliity here on AskWoody. Please add further comments to this topic.

1 user thanked author for this post.

walker

Reply | Quote

So i take it the risk of this exploited zero-day bug hasn’t reached critical mass to push the DefCon up?

Reply | Quote