By Susan Bradley • Comment about this alert

We’re less than a week away from the first round of updates for 2025, not just for Windows but for all our devices.

Although things have been relatively quiet at the end of the year, especially because many of Microsoft’s developers take extended time off over the holidays, we’ll soon be in the thick of patching. That’s why I strongly recommend deferring updates until we have time to study and test them. Therefore, I’m raising the MS-DEFCON level to 2.

We often consider what we already have to be good enough, until we get a new device or computer and realize that a technology that is new to us has been in the platform for many years. Many of my friends purchased updated Apple iPads over the holidays and are still getting used to their new features. Even if you aren’t into AI, there are some new settings that you may not know about if youְve had an older device for several years.

For example, there is a feature called Center Stage for both iPads and Macs. When you use your device for FaceTime or Zoom meetings, the feature will automatically center your face or whatever else it is focused on. If you move around, the camera angle moves around, too. Some like it, some don’t. You can turn it off. For FaceTime and many other apps, you’ll need to swipe down in the Control Center, where there is a new Video Effects button. Tap that, and a Center Stage toggle will appear. For Zoom, the Center Stage toggle is on the left side of the screen.

Be patient with new technology: it can take some time to deal with the changes. A common complaint about Windows 11 is that there is no way to move the start menu to the top or right side of the screen. If your patience is exhausted with that limitation, use third-party tools such as Start11, because Stardock is a vendor that regularly keeps up with Microsoft’s changes.

You may have heard about warnings from a German translation of an ESET post that we are all going to suffer doom and gloom because 32 million computers in Germany are still on Windows 10. There is no cause for panic. You have time to take stock and determine the proper path. If you read your email in a Web application and don’t use your computer for surfing the Web — but you can’t let go of one beloved program that still runs well on Windows 10 — the sky is not falling. You can purchase a cheap tablet to surf and read your email while you continue to use your Windows 10 device for that prized app.

If you are currently on Windows 10 and your system supports moving to Windows 11, remember that Gibson Research’s InControl allows you to stay on Windows 10 as long as you wish. Just set it to Windows 10 22H2. It’s easy to control.

Figure 1. Keep Windows 10 22H2 as long as you like.

I know you’ve been paying attention, so you know I have yet to give the thumbs-up to deploy Windows 11 24H2. Unless you are doing everything in the cloud, and for business purposes only, there is no compelling need to take the risk merely to satisfy Microsoft’s quest for 24H2 installed-base numbers. The 24H2 release isn’t working well on games and is not being offered up consistently on my computers. Once again, use InControl to keep your PCs right where you want them.

Figure 2. Stick with Windows 11 23H2 as long as you like.

24H2 may already have been offered to you. Note that for many of these systems, the feature release won’t be “shoved” at you. In addition, when we get to the January updates, youְll be offered the January 23H2 patches once they are ready for your machine.

Many of you know that in real life Iְm a shareholder in an accounting firm. From late January to April, I will install security updates once I deem them worthy. But I will not install feature releases during this time. My firm is not “cloud first,” even though I do use Microsoft 365. I do not see any features compelling enough to take the risk of disrupting our operations during this busiest time of our year.

We don’t do Copilot, we don’t do AI, and I need to ensure that my older accounting applications wonְt squawk at changes such as the SMB Firewall rule changes. As Microsoft notes:

Previously, creating an SMB share automatically configured the firewall to enable the rules in the File and Printer Sharing group for the given firewall profiles. Now, Windows automatically configures the new File and Printer Sharing (Restrictive) group, which no longer contains inbound NetBIOS ports 137-139.

This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server File Server role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the File and Printer Sharing group if necessary as well as modify this new firewall group, these are just default behaviors.

The key selling feature for Windows 11 is the lifecycle of Windows 10, which ends in less than a year. That may be compelling for your business. But once you are on Windows 11, take control over the feature releases and do not let your client base get upgrades without your approval. As long as 24H2 keeps delivering what I deem boneheaded bugs, such as those recently documented on the Release Health dashboard, I’ll keep kicking 24H2 down the road.

According to Microsoft, if you used CD or USB flash drives to install Windows 11 24H2 between October and November and thus used media including these updates, you are now blocked from getting the January security updates. Microsoft is working on a fix.

An important item for Server admins to keep in mind is that authentication for certificates that do not meet the expected mapping requirements will be denied after you install the Windows security updates in February 2025. This change is known as Full Enforcement mode. However, you can move back to Compatibility mode until September 2025. For full details, see KB5014754.

Resources

Contribute your thoughts in this alert’s forum!

Susan Bradley is the publisher of the AskWoody newsletters.