MS-DEFCON 4: Mixed bag for March

Topic

New Reply

ISSUE 22.12.1 • 2025-03-25 By Susan Bradley Although CISA has given businesses who follow its guidance until early April to install updates released i
[See the full post at: MS-DEFCON 4: Mixed bag for March]

Susan Bradley Patch Lady/Prudent patcher

13 users thanked author for this post.

WSRolandJS, jburk07, Elly, CADesertRat, DLivesInTexas, LHiggins, cmar6, opti1, deuce120, lmacri, rbailin, WSchetfreeman, Alex5723

Reply | Quote

Replies

After running updates that installed build 19045.5608, the About Windows dialog (run the command winver from a command line) correctly shows 22H2. However, Settings | About shows 2009. This is very shoddy work, very disappointing.

Hi Susan:

Just FYI,  Settings | System | About | Windows Specifications (and winver) correctly shows I have Version 22H2 / OS Build 19045.5608 on my Win 10 machine, not Version 2009, after applying my March 2025 Patch Tuesday updates.

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5608 * Firefox v136.0.2 * Microsoft Defender v4.18.25010.11-1.1.25020.1007 * Malwarebytes Premium v5.2.8.173-128.0.5184 * Macrium Reflect Free v8.0.7783

Reply | Quote

Mine all show the same – version 22H2 and Build 19045.5608.
None of mine qualify for Win11 without using hardware exceptions.
And all were upgrades to Win10 from previous versions (Win7 or win8.1).

 

Reply | Quote

Settings About shows I have Win 10 Pro 23H2 19045.5608 installed 3/18/2025 with Features 1000.19061.1000.0 as I had un-paused updates.  It shows 11 24H2 is ready and “free.”  I guess I want to try updating my primary (and sometime gaming) PC to 11 (I have 2 others on it). As I understand the AskWoody guidance Win 11 23H2 is is better than 24H2.    I have 2 questions:

1.  I understand in most case I can revert back to 10 if I do it within 10 days but discussions I have seen never talk about a system restore option.  I have AOMEI auto system backups set for 1 full/week and 1 incremental/day (plus others such as EaseUS).  If i wanted to go back after 10 days why isn’t a system restore viable?  Am I missing something?
2. What is the best method to go to Win 11 23H2 (not the now offered 24H2)?  I have the 23H2 .iso file, but I want to preserve all my apps and their data, etc..  I do not want to do a clean install/setup from a mounted copy unless that offers to let me keep them.  I have fairly good records of my many keys, but some are one time keys and also I have found that some Win 10 programs simply can’t be clean installed in Win 11 even in compatibility mode.  Additionally I may have 200 programs installed so it would take a lot of time, effort, and energy.

Any insights greatly appreciated.

Reply | Quote

Susan – have you heard anything definite about when MS could release Windows 12?  I suspect it will be in the fall when Win10 end of life occurs.  I know Win12 would be quite buggy for a while so I’m hoping to wait until they get most of initial release bugs fixed before buying a new desktop.  Unfortunately they could take months or years.

Custom Build - Intel i5 9400 5 Core CPU & ASUS TUF Z390 Plus Motherboard
Edition Windows 10 Home
Version 22H2

Dell Laptop - Inspiron 15 11th Generation Intel(R) Core(TM) i5-1135G7 Processor
Edition Windows 11 Home
Version 23H2

Reply | Quote

One update, no problems
2025-03 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5053602)

Windows 11 Pro
Version 23H2
OS build 22631.5039

1 user thanked author for this post.

MrToad28

Reply | Quote

You talk about Win 10. Is this reduced threat only for that? Or is it also safe for us Windows 11 users to install?

Reply | Quote

As is so often the case with my Windows 11 23H2 system, Wumgr does not show the current Windows update. How would I manually install it and which KB# is it?
Thanks

1 user thanked author for this post.

Perq

Reply | Quote

cmar6 wrote:

As is so often the case with my Windows 11 23H2 system, Wumgr does not show the current Windows update. How would I manually install it and which KB# is it?
Thanks

For Windows 11 23H2 manual update, would that be KB5053602?

Thanks, CMA

Reply | Quote

Just applied the 2025-03 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5053602) on Alienware Aurora R13 with Windows 11 Pro Version 23H2 OS build 22631.4890. Apparently it did not like the fact that I use Stardock Start11.

At first the taskbar was not responding, then after a slow reboot, the taskbar was completely blank. Several slow and agonizing reboots later and still no joy. Moving the mouse pointer to the far end of the blank taskbar would bring up the Start11 menu. Went into Start11 and there was a message that it could no longer control the taskbar because something else was controlling it.

I was not about to spend the time and try and figure out why. Fortunately I ran a Macrium backup prior to the windows update, so I had my system back to functioning correctly in 30 seconds. I don’t have a lot of faith in Microsoft anymore, they seem to always be breaking something!

2 users thanked author for this post.

MrToad28, J9438

Reply | Quote

Check for updates for Start11 menu before each Windows Update.
Microsoft is known for making changes to Windows user interface  that cause software tweakers (particularly to taskbar and other user interface) to stop working.

1 user thanked author for this post.

lmacri

Reply | Quote

Regarding Figures 1 to 4 in Susan’s post: Perhaps the reason for the sloppiness shown by Figure 4 is that nowadays Microsoft’s focus is on the marketing seen in Figs. 1 to 3.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Following today’s Defcon Alert advice, I resumed updates which have been paused since 2/25/25, and the only updates I’m offered are a security update (which installed successfully) and 24H2.  No march cumulative updates were offered.  As soon as 24H2 began automatically downloading, I instantly paused updates for 4 weeks to stop the download.  Any advice for why no March cumulative updates offered ?

Device Details:

11/24 Asus Vivobook

23H2

Updated through 2/25/25 with KB5051989 cumulative update

Thank you!

Reply | Quote

Win11 24H2 was offered instead of 2025-03 KB5053602 Cumulative Update for Win11 23H2 because Microsoft is pushing the upgrade to 24H2 on all eligible computers that don’t have control on Windows Update.

Download Gibson Research’s InControl. Put it on your desktop (it doesn’t install, it just works from there). In the bottom left corner, set version = 11, and release = 23H2. Click the “Take Control” button.

Open File Explorer. Navigate to
C:\Windows\SoftwareDistribution\Download
Right click on the Download folder and choose “Delete” (You will have to give admin permissions in the box that pops up)
Close File Explorer.

InControl should keep the computer from upgrading to 24H2 until you choose to do so by clicking “Release Control.”

2 users thanked author for this post.

cmar6, Perq

Reply | Quote

PKCano wrote:

In the bottom left corner, set version = 11, and release = 23H3. Click the “Take Control” button.

There’s  typo error in the above quote. It should read release=23H2.

Regards, Phil

1 user thanked author for this post.

rizzquery

Reply | Quote

With Windows 11 and Wumgr, it’s easy enough to avoid Win 2024 H2. The problem is getting an update for Win 2023 H2.

Reply | Quote

PK: \SoftwareDistribution\  had two folders: \Download  and \Download-

Should both be deleted?

Reply | Quote

Just do what the instructions say.

 

Reply | Quote

So leave the \Download-

Will do.

Reply | Quote

WSchetfreeman wrote:

Settings About shows I have Win 10 Pro 23H2 19045.5608 installed

There is no Windows 10 23H2. It should be 22H2

Reply | Quote

Steven V wrote:

then after a slow reboot, the taskbar was completely blank

On my old PC Win 8.1 that was updated to win 10, same thing happened.

After the update and final restart, desktop came up fine but taskbar blank. I figured it was just a slow restart and let it sit for 30 minutes. No tasks on bar.

So finally I did another restart and taskbar fine.

Everything normal on my Win 10 newer OEM.

Reply | Quote

How will the March updates be received ~ by a Consumer of Win11 23H2 PC (HP Pavilion/Brave)?

Reply | Quote

David W wrote:

You talk about Win 10. Is this reduced threat only for that? Or is it also safe for us Windows 11 users to install?

To follow up, I installed it after backing up my drives and making sure Start11 was up to date. So far, I’m having no issues.

Reply | Quote

Just updated main W10 22H2 computer and Winver shows correct version. KB 5053606 and SSU 10.0.19041.5547. Was surprised that there was no MSRT this time!

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

You mention that you think Microsoft’s OneDrive backend issue is fixed.

Sadly, it has been identified by Microsoft but not cleared on my machine yet.  The only cure I had found was to create a totally new Microsoft username and configure that to receive emails from my primary account.  This worked for a period of time (two months, two weeks, two days), and then suddenly changed to the brain-dead mode again.

The last occurrence of brain-dead was two days ago and it hasn’t recovered.  I’m pondering whether I can be bothered with yetta.nuther@outlook.com.

 

Reply | Quote

So can consumers have an affirmative statement about installing the March 2025 updates? It’s not clear to me from the discussion, (about Microsoft “nagware” for updating to Windows 11) whether consumers should update or not. This makes it necessary for me to ask the question. I do appreciate the nagware discussion, and I am not using a desktop that meets the expected Win 11 update so it’s important for me to keep up on this. However I’m always looking for a “yes/no/wait” on the monthly update.

1 user thanked author for this post.

rizzquery

Reply | Quote

The MS-DEFCON 4 is the go-ahead to update the March Windows Update for Win10 22H2 and Win11 23H2. Susan is still not recommending upgrading Win11 to 24H2 (unless you have a computer that already has 24H2 on it). If you do already have 24H2, then install the March updates.

3 users thanked author for this post.

Hiawatha, rizzquery, DW

Reply | Quote

That’s what the Defcon 4 is all about. It’s time to install updates.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

Hiawatha, rizzquery

Reply | Quote

I just finished installing the March update for Windows 10 22H2 and I have the correct version indicated for my copy in all places it’s supposed to be found, no indications whatsoever of “Windows 10 2009” that is shown in Susan’s screenshots.

Installation was a matter of six minutes from Windows Update downloading it to being prompted for a post-installation reboot by Windows Update.

 

Reply | Quote

I got that in the insider edition.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Kinda thought that’s why you had gotten those annoying nags! 

 

Reply | Quote

Not an insider addition.

Win 11 home - 24H2
Attitude is a choice...Choose wisely

1 user thanked author for this post.

Cybertooth

Reply | Quote

To avoid confusion with my signature, this computer has now been updated to Windows 11 24H2.

 

Win 11 home - 24H2
Attitude is a choice...Choose wisely

Reply | Quote

PK, you suggest using InControl instead of Wumgr in the future? Does Susan have instructions for how to use it somewhere?

Reply | Quote

No, I did not suggest using InControl instead of WUMgr.
You are getting a version upgrade instead of monthly updates probably because MS is pushing 24H2 and making it take a higher priority than (supersede) the monthly update.

WUMgr controls the Windows updates. You can also hide the 24H2 upgrade with WUMgr. InControl does not control monthly updates. It only controls version upgrades. Using InControl will prevent the 24H2 upgrade from being offered. Then you use WUMgr to control the monthly updates as usual.

 

1 user thanked author for this post.

cmar6

Reply | Quote

PK, greatly appreciated. I just hid 24H2 upgrade with WUMgr. 3/2025 Win11 23 H2 update still does not show up but likely because I already did a manual update. Hopefully next month (having hid 24H2 upgrade), WuMgr will show the 23H2 update.

Reply | Quote

Updates that have already been installed will not show up again in Windows Update.

Reply | Quote

Did you follow the instructions in #2758156 to delete the Download folder?
If 24H2 was downloaded, you need to remove the installer.

 

1 user thanked author for this post.

cmar6

Reply | Quote

cmar6 wrote:

he problem is getting an update for Win 2023 H2

Lock your Windows to 23H2 (InControl, TRV) and you will get 23H2 updates and not 24H2)

1 user thanked author for this post.

cmar6

Reply | Quote

Thanks, Alex, as you can see, PK says I can accomplish same thing in WUmgr by hiding Win 24H2 feature upgrade. Have you tried that?

1 user thanked author for this post.

Alex5723

Reply | Quote

Hiding will work

Reply | Quote

Successfully installed KB5053602, 2025-03 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems, according to Event Viewer log and Uninstall Updates listing, as per the following screen captures:

Strangely, KB5053602 does not appear under the Quality Updates list of Update History, as previous Monthly Cumulative Updates did (see the following screen capture):

dism /online /cleanup-image /scanhealth indicated “No component store corruption detected”. sfc /scannow indicated “Windows Resource Protection did not find any integrity violations.”

Anyone else seeing this with KB5053602 (for the first time)?

Reply | Quote

I didn’t look in Event Viewer, but here’s my results: Update History shows KB5053602 install, does not show up in uninstallable updates, shows as installed update in Control Panel.

1 user thanked author for this post.

SteveIT

Reply | Quote

Thanks for your feedback – what you’re seeing is what I was expecting.

I’m running Windows 11 Home Version 23H2 (OS Build 22631.5039). Clicking on “View installed updates” in Control Panel takes me back to the Settings App.

There are four Uninstallable Updates listed in Update History, as per the following:

The Windows 11 23H2 Enablement Package (KB5027397) also never showed up under the Feature Updates listing, even though it successfully installed. The other two Uninstallable Updates (KB5012170 and KB5049624) are found under the Quality Updates list. Other updates recently installed have showed up in the Update History listing.

As everything appears to be running without errors, I am inclined to call it a day, and see what happens next month, and when I eventually make the transition to Windows 11 24H2 (once Susan gives us the green light).

Reply | Quote

You didn’t by any chance do a manual install of KB5053602? Manual installs may not show up in Update History.

1 user thanked author for this post.

SteveIT

Reply | Quote

No. I use InControl to keep Windows 11 at 23H2, and had Windows Update paused. When I unpaused Windows Update yesterday, KB5053602 downloaded and installed (seemingly without incident – only a single reboot required).

Interestingly, I did download and manually install the Windows 11 23H2 Enablement Package last June (as was recommended). That may explain why KB5027397 did not show up under the Feature Updates listing.

Reply | Quote

Hello,

took me a short while to write ( let the updates resume the 29th ) due to being more than annoyed with what happened here. I’m on a Dell T7820 and purposefully kept the bios at version 2.8.0 for various reasons, mainly because I had no interest in the cpu security remediation for vulnerabilities that posed no issues to me (so wanted to retain 100% of the cpu computing power).

Well… MS pushed on me not just the monthly updates for windows ( win10 still, will let it upgrade to 11 in some months ), but forced a bios update straight to 2.45.0 , resulting in 5 flashes in a row (so 5 chances of something going wrong….)

Reply | Quote

mazzinia wrote:

but forced a bios update straight to 2.45.0

You should have blocked BIOS, drivers, firmware.. updates in Windows update.

Reply | Quote

They were blocked… since ages. In fact never got a driver or bios update… until this surprise.

In fact I’m the original owner of the workstation and the windows installation is still the one I got with the computer, various years ago. If things were not blocked, I would have got pushed on me 2.10 , .11 , .12  and all the other updates done all these years until .45 a couple of months ago

Now you see why I’m a bit livid ?

1 user thanked author for this post.

Alex5723

Reply | Quote

Well, there is this statement by Microsoft :

1 user thanked author for this post.

Cybertooth

Reply | Quote

Yeh well, I don’t consider the bios something that can be forced on me using that kind of excuse

2 users thanked author for this post.

Deo, Cybertooth

Reply | Quote

Well, finally went for it and installed the March updates for my Win 10 Pro 22H2 yesterday, all SEEMED good, but checked Event Viewer logs and noticed 2 things:

1. One hour after reboot, DeviceManagement-Enterprise-Diagnostics-Provider error, event id 2545, “MDM Declared Configuration: Function (DeletePerEnrollmentScenario:GetAllRequestsPerEnrollment failed) operation (enrollmentId: C8A326E4-F518-4F14-B543-97A57E1A975E) failed with (The system cannot find the file specified.)” appearing twice. Previous instances of error seem to have been when I originally installed the OS (and assembled the computer) in November and some three weeks later when I put in another NVMe drive. OS is not Enterprise or domain enrolled.
2. No longer getting the TPM-WMI error 1796 “The Secure Boot update failed to update a Secure Boot variable with error Secure Boot is not enabled on this machine..” on boot and every 6 AM and 6 PM, though I didn’t do anything in BIOS, so any boot settings are as they were… Unless Windows did something on its own there, of course.

Any idea what that’s about?

Reply | Quote

Regarding #2, yep, secure boot is still off according to system info. But of course I would expect secure boot operation errors to be suppressed, and in fact the operations themselves to be disabled, if it’s off, so the fact that the error existed so far was the oddity, but I wonder if the fact that it stopped appearing meant that MS fixed that issue or something else is going on.

Reply | Quote

It seems to me that M/S has found a way to bypass the GRC InControl App on my Win11 Home 23HS set up and push its 24H2 onto my system. Because of my Win11 Home edition it seems I have no access to use Group Policy to there instigate a fix.

Twice now, the first was in February 2025 and the second, latest, on April 1st 2025. The April M/S push “update” didn’t even show itself as such, it just intruded into my system overnight on 1st April like a sly burglar that, once inside, set about trashing my otherwise healthy machine causing a number of glitchy software and system failures.

I thought at first it was a virus or hack of some sort (or maybe a sick April Fool joke) but after looking and not finding any intruders I went straight to System Restore and saw TWO, otherwise hidden, updates from M/S installed on 1st April 2025!

On both occasions I was able to do system restore and roll back to before the 24H2 installed itself.

I have read online how M/S is continuing to push 24H2 but it was still a nasty surprise to see how they had bypassed InControl. I wonder how they did this. Does anyone have any solution ideas?

I thought of mentioning to GRC to get their advice but there is no direct email link to contact them on their site.

The April 24H2 install also coincided with the Google Chrome crash caused by its own fault in its recent misconfigured browser update. I guess you guys already know about this?

I got around the Chrome update failings by using their offline link to download the latest version of Chrome update that works without their error.

Any ideas please on how to stop 24H2 or fix M/S bypassing InControl?

Reply | Quote

MartyM wrote:

on my Win11 Home 23HS set up

There’s no such version of Windows 11 so, if you actually have InControl set for 23HS, that’s why it’s not blocking 24H2.

To stay on Windows 11 Home 23H2, it must be set like this:

Reply | Quote

Thanks for reply. Sorry, my mistake typo. My InControl IS set as Version11 Release 23H2 as shown in your post.

The first time the 24H2 installed itself (February 2025) the InControl tool was changed somehow from on to off. I didn’t do this. Since then, every few days I checked it was still set as InControl (on), which it was, until the April 1 24H2 intstallation update, when it somehow (again) changed InControl to being off. Hence my post, “something” seems to be able to switch InControl off.

The Windows updates installed on 1st April both do not have any KB designation which is why I suspected M/S.

Reply | Quote

MartyM wrote:

“something” seems to be able to switch InControl off.

There is no such “something”

In order to switch InControl Off you need to edit the changes made in the registry or run a .reg file:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
TargetReleaseVersionInfo = {Feature release such as “21H1”, “21H2”, etc.}
TargetReleaseVersion = 1
ProductVersion = {Windows major version, “10”, “11”, “12”, etc.}
DisableOSUpgrade = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
DisableOSUpgrade = 1
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeNotification
UpgradeAvailable = 0

Reply | Quote

Thanks for reply. The fact remains, InControl got switched off and not by me. Possibly an intrusion of some sort or a system glitch. Since my recent April System Restore, I have reset Home from USB media. I have also raised User Account settings to highest to watch for applications trying to install or make changes to Windows settings. I had noticed before that my system often switched itself from Private to Public network. I have now made changes to firewall settings to stop this. Now I watch and wait while getting on with rest of my life. If anything untoward happens to InControl again, I will post here.

1 user thanked author for this post.

Alex5723

Reply | Quote

MartyM wrote:

Possibly an intrusion of some sort or a system glitch

I am certain that there is no intrusion or a system glitch that will initiate launching InControl and clicking on “release control”.

The only way to “release control” is to restore the registry entries changed by InControl.
Or
“Get the latest updates as soon as they’re available” in Windows update is set to ON which will disregard InControl settings.

2 users thanked author for this post.

Perq, MartyM

Reply | Quote

Thanks Alex5723. You are on the right track. I had run a third party system cleaner tool that included “fix registry errors”. I think it probably restored the registry entries changed by InControl. So, a my mistake that I will not make again.

 

1 user thanked author for this post.

Alex5723

Reply | Quote