MS-DEFCON 4: Microsoft begins a strong push for 24H2

Topic

New Reply

ISSUE 22.04.1 • 2025-01-28 By Susan Bradley Last week, Microsoft announced that Windows 11 24H2 is now “broadly available.” This notice was contained
[See the full post at: MS-DEFCON 4: Microsoft begins a strong push for 24H2]

Susan Bradley Patch Lady/Prudent patcher

11 users thanked author for this post.

abbodi86, jburk07, rizzquery, DLivesInTexas, Cybertooth, deuce120, lmacri, MrToad28, Rush2112, Norio, Alex5723

Reply | Quote

Replies

I was able to successfully able to apply updates on my Win 11 Pro 24H2 laptop and my Win 11 Pro 23H2 Desktop without any issue. Be it noted that my laptop is an LG Gram 16 that has 24H2 preinstalled. It suffered no internet loss when updating. Thank heavens for that!

1 user thanked author for this post.

MrToad28

Reply | Quote

Bevare this months updates if you use a DAC USB1 audio device: https://www.youtube.com/watch?v=UbOI3bfb70s&t=1s

Reply | Quote

I believe the usb 1 DAC problem and possibly related web camera issue is resoleved in the just released non-security optional update KB5050081. It is too soon to know whether this optional update will bring any additional unforeseen behaviors but if you installed the January security update and have experienced these issues, I guess your option is to uninstall or take a chance on the just released update.

 

Reply | Quote

How to block 24H2 but still receive other updates for 23H2?

23H2 will still be good until (I believe) November of this year.  I don’t want updates to be an all-or-nothing option.  I still need to keep 23H2 updated & secure in the meantime.

Reply | Quote

The easiest way to stay on 23H2 is to use Steve Gibson’s InControl tool to set the version of Windows that you want to stay at.

You can also use this Registry edit.

Good luck!

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

rizzquery, gwt10

Reply | Quote

You can use InControl to keep you computer on Win11 23H2.
It will block the version upgrade 23H2 to 24H2.
It does not block monthly updates. They will continue as before.

2 users thanked author for this post.

rizzquery, gwt10

Reply | Quote

PKCano wrote:

You can use InControl to keep you computer on Win11 23H2.
It will block the version upgrade 23H2 to 24H2.
It does not block monthly updates. They will continue as before.

That’s good to know since I was reluctant to use that.  Thanks!

Reply | Quote

I know you wrote this:

“For Windows 10 — and as usual — the update will be offered only to PCs meeting Windows 11’s hardware requirements. There are a lot of posts and videos out there claiming that Microsoft relaxed those requirements, even going so far as to suggest that Windows 11 can be installed on any PC. The truth? Nothing has changed. Windows 11 still has the same hardware requirements. Anyone telling you otherwise is probably reacting to clickbait.”

But, my machine – a Dell XPS8910 – does not meet the hardware requirements, yet I woke up one morning in April to find I was no running Windows 11. I’ve continued to receive updates. I did not attempt to download or install Windows 11, it just happened.

Norm

 

2 users thanked author for this post.

Cybertooth, DLivesInTexas

Reply | Quote

If you are not having any issues you can stay on W11. If you want to revert to W10 you have 10 days.

To stay on W10, use InControl.

And make regular image backups to an external drive, just in case.

cheers, Paul

Reply | Quote

https://www.reddit.com/r/Windows11/comments/11agns7/windows_11_upgrade_incorrectly_being_offered_to/

Back in April you say?

There have been some documented oopsies along the way but nothing recently.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Microsoft informed some customers:

Event Viewer displays an error for System Guard Runtime Monitor Broker service

Status: Mitigated

Affected platforms:

OS Versions
Message ID
Originating KB
Resolved KB

Windows 10, version 22H2
WI982633
KB5049981

Windows Server 2022
WI982632
KB5049983

The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices which have installed Windows updates released January 14, 2025 (the Originating KBs listed above) or later.

This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935‘.

This error is only observable if the Windows Event Viewer is monitored closely. It is otherwise silent and does not appear as a dialog box or notification.

SgrmBroker.exe refers to the System Guard Runtime Monitor Broker Service.
This service was originally created for Microsoft Defender, but it has not been a part of its operation for a very long time.
Although Windows updates released January 14, 2025 conflict with the initialization of this service, no impact to performance or functionality should be observed.
There is no change to the security level of a device resulting from this issue.
This service has already been disabled in other supported versions of Windows, and SgrmBroker.exe presently serves no purpose.

Note: There is no need to manually start this service or configure it in any way (doing so might trigger errors unnecessarily).
Future Windows updates will adjust the components used by this service and SgrmBroker.exe.
For this reason, please do not attempt to manually uninstall or remove this service or its components.

Workaround:

No specific action is required, however, the service can be safely disabled in order to prevent the error from appearing in Event Viewer.
To do so, you can follow these steps:

1) Open a Command Prompt window. This can be accomplished by opening the Start menu and typing ‘cmd’.
The results will include “Command Prompt” as a System application. Select the arrow to the right of “Command Prompt” and select “Run as administrator”.

2) Once the window is open, carefully enter the following text:

sc.exe config sgrmagent start=disabled

3) A message may appear afterwards. Next, enter the following text:

reg add HKLM\System\CurrentControlSet\Services\SgrmBroker /v Start /d 4 /t REG_DWORD

4) Close the Command Prompt window. This will prevent the related error from appearing in the Event Viewer on subsequent device start up.

Note that some of these steps might be restricted by group policy set by your organization.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

 

Reply | Quote

Thanks, Susan.  As a home user, I truly value your recommendations.

With Win 11 on my computer, The recommendations in week’s alert are a bit unclear and contradictory.  You stated “Except for my continuing recommendation not to install 24H2″, then two sentences later “Go ahead and patch”.  Huh?

Again, further on you said “I do not yet recommend installing Windows 11 24H2.”   I think that with all the bugs described in 24H2, readers – especially those who are not pros, deserve a clear path …  either to patch, or not to patch. Period.   I’ve got InControl installed (per your recommendation) , so I’m steering clear of 24H2 until you give a clear and unequivocal ok to install to your readers, or Redmond forces no other alternative.

I remain thankful for your guidance.

Reply | Quote

OhNoBillS wrote:

deserve a clear path …  either to patch

There are 2 type of updates :

Monthly security updates

Feature updates (23H2, 24H2..)

These are not the same.

The go ahead is for monthly security updates not feature updates.

You can use InControl to block 24H2.
You can use free portable WUmgr to manage, hide…individual updates..

Reply | Quote

I tried to download BlockaPatch from Microsoft.  It was blocked as unsafe.  How do I get around this.  This PC is Win 11 Pro. No problem on my Win 10 Pro PC.

 

Reply | Quote

BlockaPatch.com is a web page associated with AskWoody (not Microsoft). It is not downloadable. I contains several tools you can use to help control updates.

wushowhide.diagcab is a Microsoft tool that can be used to help control updates. It is safe to download, but you may have to make an exception for it in your security software. Before you try to use it, you should read the description of what it does provided on the website and watch the YouTube video to see how it works.

If you have further questions, please come back and ask.

Reply | Quote

Rather than bother Susan here was my usual nightmare experience with a Windows 10 update ( was not offered 24H2)

1. As noted by Susan I received an error message regarding the Security update, telling me to retry. Got this error message twice.
2. After using Windows Update Troubleshooter it installed, then  got the Cumulative  .net update to install 100 percent.
3. However the <mark class=”QVRyCf”>KB5049981</mark> kept re-installing over and over, eventually stopping at  20 percent. Microsoft tech ( who I spent a good deal of my day with….a monthly occurrence) eventually conceded that the .net had disparities with 9981 and that I would have to restart the computer, let the.net install and then go back to Windows Update where 9981 allegedly would then install and then restart my PC again.

At that point I decided to give up and pause both updates because who knows what would have happened if I restarted. I’ll find out when I give it another go tomorrow.

Reply | Quote

The HTML version of the 1/27 Master Patch List is pretty much empty.

Reply | Quote

Try it now?  (I don’t know why it likes to reset itself down to a cell or two.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

It’s all there now. Thanks!

I already went ahead and updated (Win 10 22H2) using the PDF version, and all went smoothly.

Reply | Quote

I spoke too soon about the “smoothly” part. I’m using Office 2019, and every now and then an update messes with my AutoFormat/AutoCorrect settings, and this was one of those months.

Annoying.

Reply | Quote

As several posts have stated, install Steve Gibson’s InControl to stop Win 11 24H2.  Why not make InControl part of the MS-DEFCON recommendations, hand-in-hand with the long list of known defects in 24H2.  And, of course, has Microsoft indicated when we might see an improved 24H2 with bug fixes or maybe a 25H1 with bug fixes to remove ambiguity as to just which 24H2 it is.

I need to set up a couple of my clients with InControl on the Windows 11 systems they bought.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Ben Myers wrote:

or maybe a 25H1

There won’t be 25H1. Microsoft moved to 1 feature update per year so the next update will be 25H2.

24H2 is being patched/fixed with every monthly update.

Reply | Quote

General question regarding InControl …

Typically after monthly updates, I eventually run the ‘sfc’ command to check the file integrity.  I understand that InControl will modify registry entries (maybe create some new entries?).

Will running ‘sfc’ create any issues or alter any of the changes InControl may apply?

1 user thanked author for this post.

gwt10

Reply | Quote

Brocktoon wrote:

General question regarding InControl …

Typically after monthly updates, I eventually run the ‘sfc’ command to check the file integrity.  I understand that InControl will modify registry entries (maybe create some new entries?).

Will running ‘sfc’ create any issues or alter any of the changes InControl may apply?

I would like to know that, too.

In addition, would any DISM repairs affect InControl?

2 users thanked author for this post.

Perq, Brocktoon

Reply | Quote

Just had to run both DISM repair and SFC on my Windows 10 Desktop to get the January CU to properly install and can verify that InControl still shows I’m in control and locked down to Windows 10 22H2.

3 users thanked author for this post.

MrToad28, Perq, Brocktoon

Reply | Quote

Brocktoon wrote:

General question regarding InControl …

Typically after monthly updates, I eventually run the ‘sfc’ command to check the file integrity.  I understand that InControl will modify registry entries (maybe create some new entries?).

Will running ‘sfc’ create any issues or alter any of the changes InControl may apply?

gwt10 wrote:

Brocktoon wrote:

General question regarding InControl …

Typically after monthly updates, I eventually run the ‘sfc’ command to check the file integrity.  I understand that InControl will modify registry entries (maybe create some new entries?).

Will running ‘sfc’ create any issues or alter any of the changes InControl may apply?

I would like to know that, too.

In addition, would any DISM repairs affect InControl?

I haven’t run into or noticed any issues of those kinds with the use of InControl. InControl modifies only the Windows registry and doesn’t affect the integrity of any of the files that SFC or DISM check for.

You can use Steve Gibson’s utility without worries.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

3 users thanked author for this post.

gwt10, Perq, Brocktoon

Reply | Quote

You say that “To be fair, Redmond isn’t exactly pushing the update without your permission.” I am sorry to report that for me, at least, they are doing exactly that.  I have had three Windows 11 machines get afflicted with this update against my wishes and doing everything I could to block or delay it, the most recent being my main workstation, which just got it and has not yet been put through the tedious restart/installation step. The previous two did not seem to exhibit any problems, so I’m crossing my fingers that that trend continues.

Reply | Quote

They make the opt out very small and not easily seen.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan Bradley wrote:

They make the opt out very small and not easily seen.

Sorry, I must have missed that.  Where can people see that, again?

Thanks.

 

Reply | Quote

It’s just that it makes the “No thanks, I’ll pass” button very small and locates it at the bottom of the dialog offering the update.

I added  the bolding n the quote.

I hope that helps answer your question! That was copied from the fourth paragraph of the notice, just below the quote that Susan put in italics.

2 users thanked author for this post.

SueW, Cybertooth

Reply | Quote

Ken wrote:

I have had three Windows 11 machines get afflicted with this update against my wishes

Susan Bradley wrote:

They make the opt out very small and not easily seen

I apologize for not understanding what’s being said here,  but I’d like to ask some questions to help me understand. Here are my questions:   (1)  What update is Ken talking about?  Is he talking about going from 22H2 to 24H2? … (2) When Susan says “they make the opt out very small”,  is she talking about opting out of 24H2? ….(3) If the answer to Question #2 is “Yes”,  then can I simply skip installing the InControl software and go directly to the fine print and opt out of 24H2?
I will appreciate any responses to those questions.  I have Windows 10 22H2.

 

Reply | Quote

Okay they changed it from the last time.  There is no “no thank you”.  Granted I did not wait for it to offer, I clicked on ‘get updates’ and it comes.  So let me roll it back and see if I can get what I thought should be happening based on the machine I saw this on before this one.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Bob99 wrote:

It’s just that it makes the “No thanks, I’ll pass” button very small and locates it at the bottom of the dialog offering the update.

I added  the bolding n the quote.

I hope that helps answer your question! That was copied from the fourth paragraph of the notice, just below the quote that Susan put in italics.

Does anybody have a picture of this dialog box that’s supposed to come up, asking for permission?

I always thought 24H2 installed itself on it’s own silently, like any other update…

Reply | Quote

gwt10 wrote:

I always thought 24H2 installed itself on it’s own silently, like any other update…

Nothing should install silently as you should use the controls : InControl to manage feature updates, WuMgr to control monthly security update, GPedit to block preview/optional, drivers, firmware..updates..

Reply | Quote

Alex5723 wrote:

gwt10 wrote:

I always thought 24H2 installed itself on it’s own silently, like any other update…

Nothing should install silently as you should use the controls : InControl to manage feature updates, WuMgr to control monthly security update, GPedit to block preview/optional, drivers, firmware..updates..

Thanks for the info.  I still want to see a picture of that dialog box they are talking about, though…

Reply | Quote

Just installed Windows 10 Cum. Jan.2025 KB5049981. Was not happy after that:
My MS Wireless Multimedia Keyboard did not work anymore. Tried changing the driver, reinstalled the software etc. but nothing helped.
Ended up putting back a backup, but to my surprise that didn’t solve the problem either!

Had to restore an end-of-December backup to get everything to work again.

LMDE is my daily driver now. Old friend Win10 keeps spinning in the background

2 users thanked author for this post.

MrToad28, Deo

Reply | Quote

I ‘dunno, I remember the things MS did to kneecap Win 7 during its final months of life. Regardless, I managed to get Win 7 installed on a system with a newer (at the time) Ryzen 5900X cpu. It ran fine & was stable. It actually rendered 3D images at least 3% faster than on Win 10 Pro (installed on the same system). Kind of makes me wonder if THAT was one of the real reasons MS wanted to kill Win 7.

Will they kneecap Win 10?? Well, I’m not rolling the dice…

During 2025, I’m going to skip Win 10 updates unless it’s something super critical AND I’m absolutely sure MS is not trying to ‘bork my system.

I generally keep my Win 10 system off the internet anyway & use Linux as my primary platform for doing business. I “curate” any Win apps that I plan to install: googling for malware hits for the software, running the files through a few virus scanners plus something like Virustotal.

My advice to those still on Win 10: ALWAYS do a full backup of the system before you do any degree of 10 updates. I stuck with this habit during the final months of Win 7 & it saved my bacon a few times.

Reply | Quote

ek wrote:

things MS did to kneecap Win 7

Evidence please.

ek wrote:

rendered 3D images at least 3% faster than on Win 10 Pro

If it took 10 seconds to render an image, W7 would have done it in 9.7 seconds. How did you notice?

cheers, Paul

Reply | Quote

In one of the final servicing stack updates, MS included updated code that would trigger if Windows Update detected a processor that was not considered a supported CPU. The result would be a nagging warning popups and no more updates. No, I don’t know which servicing update that was. I had been running Win 7 on a 5900X system for a while before that without issue. I do know that when I saw the unsupported CPU popups, I just rolled it back to a previous system backup and called it a day. However, I could not install any newer updates successfully after that. Wasn’t a problem for me as I had Win 7 off the internet anyway.

As for your question about rendering times:

For me, the >=3% faster rendering speed is not considered insignificant. My 3D scenes can take a few minutes per frame. The app displays the render times in both total minutes and total seconds. So it’s easy to measure and note differences.

Modest to large 3D animation projects can be rendered a number of ways: frames distributed to multiple computers (locally or remote), frames distributed to multiple GPU cards on the local machine (or multiple networked machines) or via a cloud service (that uses what I described previously). In any case, for a large animation project with high computational demands, a 3% improvement can be the difference between hitting the deadline, making a profit – or both.

Thanks for the questions, I enjoyed answering them.

Reply | Quote

Updated 3 Win 10 & 1 Win 11 using InControl app to prevent feature update as suggested on this thread. No Problems seen.

1 user thanked author for this post.

Cybertooth

Reply | Quote