|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
MS-DEFCON 4: Get Windows patched, but watch out
I’m still running down details, but figured it’s time to release the floodgates. While it may look like the August 2015 Patch Tuesday updates are just fine, in fact we’ve seen a real problem – solved earlier this week – and there’s been a lot of speculation about a host of “snooping” patches.
I’ve been looking high and low for more information about the snoopers, and lemme tell ya, it’s hard to find real facts buried in a big mound of, uh, opinions, both for and against. The debate over new surveillance in Win7 and Win8.1 sounds more like a Microsoft loyalty test than a dispassionate look at the facts.
But I digress.
There aren’t any patches sitting in the closet, screaming to get out, unless you use Internet Explorer. If you still use IE – knowing that Microsoft has put it out to pasture – you should check Firefox or Chrome (or any of a dozen other browsers).
Let’s take ’em from the oldest to the scrappy youngest.
Vista – Install all offered updates.
Windows 7 – Here’s where things get interesting. If you’re concerned about Microsoft snooping (and you should be), it would be a good idea to avoid KB 3068708, 3022345, 3075249, and 3080149 for now. I say that realizing that my tinfoil hat is showing. I have an inquiry into Microsoft at this moment which should shed some light — if I get a straight answer.
All of those patches are from the June Patch Tuesday crop. If you already have them installed, don’t worry about it — I’ll update you on my findings in InfoWorld shortly. If you don’t have those patches installed, though, I’d hide them for now. (In the Windows Update available patches list, right-click on the patch and choose Hide.)
The rest of the Windows 7 patches are now OK.
Windows 8.1 – Same thought process, parallel advice. For now, hold off on installing KB 3068708, 3022345, 3075249, and 3080149 (from June’s Patch Tuesday). If they’re already installed, don’t do anything drastic just yet. There may be a much simpler way to blunt their snitching proclivities. The rest of the Win 8.1 patches are also OK.
Windows 10 – We’re up to Cumulative Update 5, and aside from some ongoing driver heartburn (which you may be able to blunt using this approach), I haven’t heard of any major problems.
If you’re using the metered connection trick to block forced updates, tell Win10 that your internet connection isn’t metered. Run out to Updates (Start, Settings, Update & security, Windows Update), click Check for updates and let Windows run its course. Then turn the metered indicator back on.
If you’re using the new Windows Store setting to block Automatic Store app updates, turn the switch in Windows Store on, then in Windows Store, click on your picture, choose Downloads and Updates, then click to Check for updates.
UPDATE: In the comments, @Louis asked, “If we haven’t installed KB 3076895 yet, and KB 3092627 isn’t currently available, should we install KB 3076895 and then look for KB 3092627? Or just hide KB 3076895 altogether?”
My answer: “Unless you’re using Symantec Endpoint on a server, or Microsoft Forefront, you shouldn’t have any problem with 3076895. I’d say install it, with the expectation that 3092627 will show up shortly. In fact, if you run the updates, re-boot, then re-run Windows Update (standard procedure), I bet it appears in the second round.”
In summary, then, I’m cranking us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.
The usual admonition applies: In Vista, Win7 and Win8.1, use Windows Update, DON’T CHECK ANY BOXES THAT AREN’T CHECKED, reboot after you patch, and then run Windows Update one more time to see if there’s anything lurking. When you’re done, make sure you have Automatic Update turned off. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source).
For Windows 10, the situation’s more complicated, depending on how far you’ve gone to block forced patches. The general procedure’s described above.
-
So when’s MS-DEFCON going to change?
Just got this from Quicksilver…
Good morning, Woody.
I’ve been holding off on the updates, waiting for an “all clear”. I don’t use the IE, however there were 2 critical patches this month, and I do keep it updated, although never use it.
Is it safe to always update the IE, although it’s never used?
Guess I’m getting a little nervous with patch Tuesday being less than a week away.
Thank you for your guidance on the updating. I learned to not make a move without your “all clear” announcement because you keep us all out of trouble.
Good question, and I’m sorry for the delay. Many of you know that there’s been a rash of reports about new (and old) “phone home” software for Win7 and Win 8.1. I’m trying to sort through the details before leading anybody down a golden patch path. Hang in there. I should have something up today or tomorrow – and in the meantime, if you don’t use IE, there are no immediate reasons to patch.
-
MS-DEFCON 2: As we approach the known unknown, turn off Auto Updates
Will we get a Patch Tuesday this month? Who knows?
My bet is that the answer is “yes,” and it’ll be a big one. But it’s only a guess. If we’re lucky, it’ll be as innocuous as the past four months. If we aren’t lucky…
As usual, if you’re using Vista, Win7, Win8, or Win8.1, now is the time to turn Automatic Udpate off (see the tab above if you’ve never done it before).
If you’re using Win10, care to participate in a little experiment? If you have Win10 and are using a mobile connection (WiFi or 3/4G), could you set it to Metered Connection? (Start, Settings, Network & internet, Wi-Fi, Advanced Options then slide the Metered Connection slider to On.) In theory, that should have these side-effects:
- Windows Update will only download priority updates.
- Apps downloading from the Windows Store might be paused.
- Start screen tiles might stop updating.
- Offline files might not sync automatically.
(In fact, that’s the description for Win 8.1, but I don’t see anything for Win10 on Microsoft’s site.) When I switched on the Metered Connection setting on one of my mobile machines, Win10 refused to download today’s Windows Defender update, KB 2267602. That’s progress, I think.
(Update: To be clear, I don’t expect a Win10 patch today or tomorrow. I’d just like to get a bunch of people watching, poised for when the next update comes out.)
The big question, for me, is whether any new updates that may come down the pike this week are “priority” updates. Microsoft uses the term “priority” in varying ways.
Anyway, get yourself locked down and let’s see what Tuesday will bring.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
by 3 hours, 36 minutes ago
-
OpenAI urges U.S. to allow AI models to train on copyrighted material
by 4 hours, 22 minutes ago
-
Windows 11 Insider Preview Build 22631.5116 (23H2) released to Release Preview
by 14 hours, 42 minutes ago
-
Windows 11 Insider Preview build 27813 released to Canary
by 14 hours, 44 minutes ago
-
Windows 10 Build 19045.5674 (22H2) to Release Preview Channel
by 14 hours, 45 minutes ago
-
PartWork™ for Windows
by 16 hours, 13 minutes ago
-
Toll road scams are back: What to do if you get a text saying you owe money
by 18 hours, 36 minutes ago
-
Windows update download issue…
by 18 hours, 9 minutes ago
-
WUMgr & KB5053602 Update/Install fail
by 1 hour, 2 minutes ago
-
Finding Microsoft Office 2021 product key
by 9 hours, 6 minutes ago
-
Over-the-Top solves it!
by 1 day, 8 hours ago
-
To Susan – Woody Leonhard, the “Lionhearted”
by 1 day, 15 hours ago
-
Extracting Data From All Sheets
by 1 day, 17 hours ago
-
Use wushowhide in Windows 11 24H2?
by 19 hours, 26 minutes ago
-
Hacktool:Win32/Winring0
by 2 hours, 11 minutes ago
-
Microsoft Defender as Primary Security Question
by 22 hours, 54 minutes ago
-
USB printers might print random text with the January 2025 preview update
by 22 hours, 32 minutes ago
-
Google’s 10-year-old Chromecast is busted, but a fix is coming
by 6 hours, 19 minutes ago
-
Expand the taskbar?
by 2 days, 5 hours ago
-
Gregory Forrest “Woody” Leonhard (1951-2025)
by 5 hours, 31 minutes ago
-
March 2025 updates are out
by 14 hours, 24 minutes ago
-
Windows 11 Insider Preview build 26120.3380 released to DEV and BETA
by 2 days, 23 hours ago
-
Update Firefox to prevent add-ons issues from root certificate expiration
by 3 days, 6 hours ago
-
Latest Firefox requires Password on start up
by 19 hours, 23 minutes ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 3 days, 19 hours ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 13 hours, 7 minutes ago
-
How Much Daylight have YOU Saved?
by 2 days, 20 hours ago
-
A brief history of Windows Settings
by 2 days, 14 hours ago
-
Thunderbolt is not just for monitors
by 14 hours, 14 minutes ago
-
Password Generators — Your first line of defense
by 2 days, 18 hours ago
Remembering Woody
