|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
My advice: If you have a zoom call coming up this week for a Thanksgiving get together – ensure that you do that Zoom call FIRST – then update your co
[See the full post at: MS-DEFCON 4 – It’s time to Patch for Nov]
Susan Bradley Patch Lady/Prudent patcher
You know, MS keeps making it more difficult for us to control updates. IMHO – going into GP Edit is more effort than settings Advanced Options in WU. And that is more effort than in prior years when you could simply check a box to hide the updates you didn’t want and click install! I hope they are not going to eventually take away our option to install updates or not, but it seems to me that is the direction MS is moving toward.
There are no more deferral settings in Advanced Options in v2004 Pro. You have to use Group Policy to do the settings that control Windows Update.
Yes I know, I learned that here, thank you! I was just commenting that MS is making it more difficult for us since with 2004 there are no more advanced settings and it was even easier prior to that. My comment probably belongs in the Rant forum 
I’d also suggest updating Zoom before making that call. Seems Zoom has an update almost every week based on the machines we maintain.
I do miss the specific paragraph for Windows 7 on ComputerWord – I’m still hanging on – even if it’s just a note to say “all clear” or to refer to any problems cropped up. Just in case I’ve missed something here on AskWoody.
And, congratulations on taking over the helm. When I first read that Woody was retiring I thought “Oh, no!” Then I saw that “Susan Bradley” was taking over and I went “Whew! That should be OK, then.”
Because of the holiday week I consider this a bit of a weird week and I’ve scheduled migrations, upgrades, etc during this week. So for me Thanksgiving week is my “do maintenance on computers” week. Maybe I’m the weird one
Susan Bradley Patch Lady/Prudent patcher
I will and you’ll still see the full listing of updates coming up in patch watch later this week. For the computerworld article I just didn’t list all versions and was calling out the unusual items of note.
Susan Bradley Patch Lady/Prudent patcher
You missed Woody’s announcement- see Changing of the guard at Askwoody.com!
All of us are getting used to the changes. Susan isn’t Woody, but she knows her stuff.
If you prefer, wait to update until just before December’s Patch Tuesday… but most of the problems have been with managed business environments… or Malwarebytes (see Computerworld article).
Susan didn’t use the exact same format as Woody… she has her own voice… but she isn’t going to abandon us home users, either. If there is something you still need to know after reading her Computerworld article, post back here… and we’ll see if we can help you.
PS- Woody has a special place in many hearts here… he’s guided us reliably for years… but he’s taught us well, and we should be able to continue updating reliably and safely under Susan’s guidance.
Non-techy Win 10 Pro and Linux Mint experimenter
Okay I’m very confused from that article…..So is it safe to install Windows 2004 or just install the usual Cumulative Monthly update and safe updates and don’t install the update with 57 at the end that contains the new WIndows 2004 version update.
I can’t make heads or tails or the article. When Woody wrote safe levels on what to install, he was precise on what updates to install, but I can’t tell heads or tails in this article on what to install. Should I install the usual or should I install the usual with 2004? Is Windows 2004 safe to update windows 10 to?
My recommendation at this time for general use is to be running Windows 10 1909 or later. Its predecessor, 1903, will reach end of servicing on Dec. 8. I have not noted any issues with Windows 10 version 2004, but that’s not true for all users — especially those that use third-party antivirus.
No, Susan didn’t say it was time to upgrade to 2004, just that one should at least be on 1909…
Since there hasn’t been an announcement that it is time to upgrade to 2004, I take this as regular monthly upgrade advice… but it could be that Susan doesn’t realize that we are waiting for such a specific cue, and maybe she could clarify. In the US, with a long, four day weekend, it might be the perfect time to upgrade, if not planning to wait until close to 1909’s end of life.
Non-techy Win 10 Pro and Linux Mint experimenter
It’s only third party antivirus, if you are running one, that had any problems.
Advanced system care isn’t an antivirus, but I might make sure the AI mode is turned off before updating. I don’t know enough about it, but when I see it detects threats.. well, it takes little time to turn it off, and then back on (if you are using it)… but that is for going to 2004, not regular updates…
Non-techy Win 10 Pro and Linux Mint experimenter
it might be the perfect time to upgrade,
I am going to wait to upgrade to 2004 until all year-end matters are taken care of, including electronic tax returns.
I am notoriously slow in applying updates myself… and since retiring, it is all one long weekend for me… but for people in the US with jobs, the four day Thanksgiving holiday may be one of their few long breaks, giving ample time, just in case.
I’ve recommended that several family members go ahead and install 2004 because it suits their schedules. They have time to do back ups and imaging… and then install… and then have time to deal with any problems before they need their computers for work.
Non-techy Win 10 Pro and Linux Mint experimenter
I’m sorry if I made it confusing. The normal patch watch on askwoody’s newsletter is coming this week and I was trying to make sure that I wasn’t giving the same content for both articles. I wanted to focus in on the problem patches and issues, not to list each update like I do for askwoody’s newsletter. I do the full listing of updates for the Patch watch.
Apologies if I confused anyone! I was hoping that I was giving you a holiday break and extra time to install updates on your schedule.
Susan Bradley Patch Lady/Prudent patcher
November patches installed with no problems to report on Win 8.1
Installation Successful: Windows successfully installed the following update: 2020-11 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4586845)
Installation Successful: Windows successfully installed the following update: 2020-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4586085)
Win 10 ver. 22H2 x64
As you will see on the list, it was last updated 2 weeks ago. I’m sure there will be a new update to it tomorrow (ok, the next day or so)
It’s coming out this week. Clearly I’m still working out the kinks so if you would be to kind as to bear with me. Clearly Woody’s shoes are not quite fitting just yet.
I normally consider Thanksgiving week my week that I can blow up my computer and get it working by the following Monday, thus I normally install updates this week in all of my years of installing updates. My apologies if I didn’t give you the heads up!
I’ll do better next month!
Susan Bradley Patch Lady/Prudent patcher
Susan, thanks for letting us know on master patch list. I plan on waiting to do patches when you have updated the list. Thank you also for taking over from Woody and providing the information on patches to the rest of us. It is appreciated.
Any time Microsoft comes out with a new feature release, it also has to re-release that old chestnut KB4023057. It ensures that your computer is ready for the release by making sure you have enough hard drive space and checks that your windows update is ready for the process. If you don’t see it, it’s a sign your machine is ready for 20H2. If it is offered up, take it as a sign that you need to check hard drive space and ensure that your machine is otherwise healthy and ready.
Those of us intending to update on our own schedule, and not on Microsoft’s, would do well to avoid KB 4023057. It is designed to wipe out any way we may be blocking updating on their schedule.
This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows 10.
My intention is to run 1909, now that it is stable, to its end of life… and that means avoiding KB 4023057. The language Microsoft uses to describe things I may have done to ensure updating on my schedule, and not Microsoft’s, shows their hostility to end user preferences.
I’m sorry Susan… until Microsoft provides an absolute off switch for telemetry and demonstrates respect for end user’s needs and preferences, I absolutely intend to block updating any way necessary… and KB 4023057 is not my friend… Unless I have a problem I cannot diagnose that is interfering with updating when I decide to update, it is malware, pure and simple. Describing it as something that helps ready one’s computer for updating is as misleading as describing a car theft as helping me upgrade to a newer vehicle. Choice and consent is absent. (And for the compulsive who will reply that I agreed to the EULA, don’t bother… that is legal speak that covers Microsoft’s self entitlement, not something that is ethical in terms of real informed consent for end users… a way to legally defraud us, nothing more).
So… KB 4023057 is never downloaded onto my machines. It installs Microsoft Update Health Tools, which are designed to ignore and over ride any end user preferences I may set… so… no… not going to happen…
It did, by the way, show up this month, in wushowhide… and is safely hidden.
Non-techy Win 10 Pro and Linux Mint experimenter
It would not remove the group policy/registry key for the targetedreleaseversioninfo. If you use that setting no matter what the intent of Microsoft you won’t get pushed to 2004.
Susan Bradley Patch Lady/Prudent patcher
Do read PKCano’s Guide for Windows Update Settings for Windows 10, section 2, Home. The registry changes are reported to be working for now.
The trick regarding wushowhide is to set your internet to metered, unpause, and immediately run wushowhide… being on metered may allow you to block some updates before they are downloaded.
It is very much easier to control updating on Pro… you might look for Black Friday sales, but go through a legit vendor.
Non-techy Win 10 Pro and Linux Mint experimenter
when you set it via Group Policy, where in the registry does it make the change?
Group policy is simply an automated way to set registry values – it can do other things as well, but automation is its remit.
If you set Group Policy, it does the same thing as manually editing the value in the registry.
cheers, Paul
Good morning,
With regards to this months patches, I am not seeing the normally displayed format. Last month I updated to 2004 and this months patches normally keep nagging me that updates are ready. I DO NOT hit check for updates. I do have the appropriate settings in Group Policy set to keep this version until ready to update to 204Q. My question is why am I showing what appears to be several drivers ready to install on the Windows Update nag screen? (See attached) I have not seen this before.
Normally I can see the updates listed in Susan’s “Patch Watch” when checking the database file.
The deferral option will continue to prevent Feature Updates until:
+ v1909 approaches EOL in May 2021. When it is upgraded will be when you decide to do so OR when MS decides to push an upgrade as v1909 approaches EOL or shortly thereafter.
OR
+ v2004 (the next version being deferred) reaches 365 days deferral after it’s release on 5/27/2020
Yes, that is correct.
Because “Check for updates” doesn’t really mean CHECK for updates. It means download and install anything that is available for the PC – including monthly updates, Preview updates, Feature updates, drivers, etc.
We do not recommend clicking on “Check for updates.”
When pause expires, or you click to resume, you then receive all available updates, just as if you clicked check for updates at that time.
Non-techy Win 10 Pro and Linux Mint experimenter
c. then click on “Resume Updates”
You have to wait for the queue to clear before resuming or you will get them all. This may take Windows days.
Would setting airplane mode to “on” subvert any download
Yes and it will also prevent WU phoning home and updating the queue – much like pausing updates. In other words, “don’t do this”.
You may want to try WUmgr for more granular control of the updates.
cheers, Paul
This is why you want either the deferral set or the targeted setting set. It keeps 2004 and 20h2 from installing.
Susan Bradley Patch Lady/Prudent patcher
For the first v1909 PC – You need the Servicing Stack (SSU) KB4586863. Technically, the SSU should be installed first before the CU. It doesn’t ever show up in Windows Update as a separate update (it is bundled with the CU) but it will show up in “Installed Updates” (NOT Update History).
You need to look on the Support page for the CU to see what the current SSU is and install it first.
You probably need the .NET CU also KB4580980.
On the second PC, wait until Windows Update scans for updates again and the ones you unhid will show up. wushowhide is a dynamic (current) scan. The Windows Update queue is a cache that is not updated/refreshed between Windows Update scans, therefore is static.
Just installed on my Win10 Pro x64 1909:
4586863 SSU 2020-11
4586786 Cum 2020-11
4580980 Cum 2020-11 .NET Framework 3.5 and 4.8
No problems so far.
Be very nice to get this one fixed sooner rather than later because the issue also stops me using 2TB LaCie Thunderbolt backup drives. The workarounds are dramatically more cumbersome.
Windows 10 1909 Home here, just reporting successful update and no issues after allowing the following patches through Windows Update:
– KB4586786 – 2020-10 Cumulative update for Version 1909
– KB890830 – Malware removal tool Windows x64 v5.84
– KB4484520/KB4486730/KB4486725/KB4486734 – Security Updates for several Office 2013 products.
I have skipped KB4585878 (2020-11 Preview CU for .NET Framework) since it is a preview and manually installed KB4580980 (regular “2020-11 CU for .NET Framework) obtained through the MS Update catalog, since it’s no longer offered to me through WU.
Also, I was offered the pesky KB4023057 in its 2020-10 flavor and promptly hid this patch with wushowhide when it showed up some days ago. Interestingly, I note that Susan’s Computerworld article states the following regarding this patch:
If you don’t see it, it’s a sign your machine is ready for 20H2. If it is offered up, take it as a sign that you need to check hard drive space and ensure that your machine is otherwise healthy and ready.
However, it seems my machine is ready for 20H2, since 20H2 is offered as “Download & Install” in the WU window, there’s plenty of hard drive space and no “health issues” are reported by Windows. My guess is that MS pushes KB4023057 to all machines running a version of Windows 10 they regard as “close” to EOL (and I assume that by MS standards the 1909 EOL on may 2021 is “close”) regardless of whether it’s ready or not for the next Feature Update.
Here are screenshots from the MS-Catalog and from History of CUs for .NET. No “Preview” designation in either one.
ghacks doesn’t list it as a preview either.
I have followed Susan’s advice and updated two surface pro systems and a older desktop all running Windows v1909. No apparent issues. I used wushohide to hide 4023057 as I don’t think I have ever installed that. I sort of remember it changes a bunch of update settings and I do not wish to hunt for what it changes. I also updated office 2016 c2r without any apparent update issues. My question is this: I still have not installed the Cumulative update for .net from October. What is the consensus here. Should I install the .net CU patch or just leave it hidden and forget about it? .Net patches confuse me as I often see advice not to install them and then there is no subsequent post advising to go ahead and install them.
Thx.
So I have KB 4023057 installed as of 10/10/20 without issues.
I still have Home v 1909 installed.
The 2004 feature update is still there, and still has instructions to download and install, however, I have not done so.
Not sure if I should take action and uninstall KB 4023057.
Also I always go back before the pause expires and resume the updates and NEVER check for updates.
Win 10 Home 22H2
Microsoft Update installed the following: KB4023057 (displayed in update history) KB4586786 (displayed in update history) KB4586863 (displayed in installed updates) Malicious Software Removal Tool (displayed in update history) No .NET update was offered. Upon completion of the update process a “Meet Now” icon appeared in the task bar. Apparently this is some sort of video conferencing tool from Microsoft.
I received the same updates on the 2 desktops I have updated so far and no .NET either but I did not get the “Meet Now” in the Task Bar. Evidently some do and some don’t.
Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
Update: I updated my HP laptop this morning that has a camera and it DID get the “Meet Now” icon on the Taskbar. Evidently MS searches to see if you have a camera on your computer before it adds the notification.
Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
..but I did not get the “Meet Now” in the Task Bar. Evidently some do and some don’t …
I didn’t get the MEET NOW icon in my system tray on my Skylake device, which has a web camera, but no Skype was ever downloaded from the MS-store.
My Whiskey Lake does have Skype on it, but I haven’t updated that device yet. Will report back, if I get the icon.
no Skype was ever downloaded from the MS-store.
I’ve never downloaded Skype either, it just came with windows. I’ve never used Skype.
Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
Just updated the last Desktop this morning with no camera and it GOT the “Meet Now” icon. So now I’m not sure what in the heck it’s looking for to put that icon in the taskbar. Seems to be random.
I did “hide” the notification so it’s not showing on the 2 computers now though. So it basically showed up on 2 out of 4 computers with only the laptop having a camera. The settings are the same on all computers.
Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
I started updating for Nov. on 11/24/20 and didn’t get the “meet now” on the first 2 desktops but this morning on 1st boot I now have the “Meet Now” icon (which I hid). So maybe it’s not coming with the cum. update, it must be coming in separately.
Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).
OK, reporting in from the hinterlands of Win 7 ESU…(yes, we’re still here)…
Installed:
1. 2020-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4586827)
2. Windows Malicious Software Removal Tool x64 – v5.84 (KB890830)
…but the PC got to 65% on the reboot, then rebooted itself again, this time with no MSE icon in the lower right tray! I did another reboot, and it showed up again. It’s getting twitchy with these WIN 7 patches.
..but “so far, so good,” (said the guy as he passed the 50th floor of the Empire State Building after jumping from the top)
(And at 439MB worth-man, these rollups are getting to be quite a beast!)
Happy Turkey Day, everyone!
Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty
Replying to myself.
Fixed the issue :
Instead of using Display settings (new win 10 setting part) , I went to the old control panel, power options, display > saved a random setting, resaved my preference.
now works as intended
@glnz , I have a further update for you! After looking through Intel security advisory SA00233, I found a listing in the chart in that advisory stating that your processor’s entire family will not be getting any new microcode updates after June 2020:
2. Ivy Bridge
3. Ivy Bridge Xeon E3
(2,3. RETIRED: No new MCU updates starting June 2020)
That note is very early on in the expansive chart’s listings.
The chart’s first column lists a type of processor Id that Intel assigns to its processors (in your case 06_3AH). The second column lists the stepping of the processor (9). The third column lists the processor’s code name or microarchitecture (1. Gladden, 2. Ivy Bridge, 3. Ivy Bridge Xeon E3). The charts 4th column lists the actual processor’s Product Family (1. Legacy Intel® Core™ Processors Legacy Intel® Pentium® Processors Legacy Intel® Celeron® Processors Intel® Xeon® Processor E3 Family, 2. 3rd Generation Intel® Core™ Processor Family Intel® Pentium® Processor Family Intel® Celeron® Processor Family, 3. Intel® Xeon® Processor E3 v2 Family). Finally, the chart’s 5th column lists the exact processor numbers covered by all the technospeak in the previous four columns, and that’s where your exact processor is listed as being affected by this security bulletin.
So, in a nutshell (albeit a big one in this case 
) after June of this year, Intel hasn’t released any more microcode updates for your processor’s entire family.
What this means is that if this bulletin gets updated in the future because Intel finds more security holes, your processor won’t receive the fixes, unfortunately. Since this bulletin covers a lot of ground, you may wish to see if there are indeed any BIOS updates available from your system or motherboard manufacturer and install them. That way you’ll be as protected as you can get.
Wish I had better news!
R/
Bob99
Versions 1903 and 1909 have the same core, receive the same CU and SSU.
V1903 will be EOL on Dec Patch Tuesday.
You will probably not even notice the difference between the two versions.
I would recommend going ahead and upgrading to v1909 at this time.
Minor glitch to report for a Win 8.1 Pro x64 computer:
After installing the .NET rollup (KB4586085), upon restart the computer failed to connect automatically to wi-fi. When I connected manually I saw an unchecked box for ‘automatically connect’as well as a ‘connect’ box. I ignored the former and clicked on the latter, after which I as connected without issue. I waited a few minutes, shut down, then started (as opposed to another restart), and wi-fi was connected automatically.
Exactly the same thing happened with the November Rollup (KB4586845).
Everything seems fine now.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
