|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
MS-DEFCON 4: Patch, but watch out for KB 3101488, and clean up afterwards
I’m now ready to give the go-ahead on the November Black Tuesday patches (including the two Windows Update patches released yesterday). We’ve had a couple of bad patches re-issued by Microsoft in the past couple of weeks (e.g., KB 3105846, 3097877), but with one exception none of the currently available patches, as best I can tell, are show-stoppers.
The one exception? If you use Outlook 2013, avoid patch KB 3101488 and check out the warnings at KB 3118497.
As I announced last month, I’m no longer going to try to list all of the Windows 7 and 8.1 patches that put Microsoft-created advertising, snooping, and other Microsoft crapware on your machine. There are just too many patches that have nothing to do with making your machine work better, and have everything to do with Microsoft trying to sell you something. If I tried to separate the useful patches from the crapware patches, you’d spend an hour or more trying to figure out what to patch and when.
Unfortunately, you can’t stop patching Win7 and Win8.1. There are too many legitimate security holes out there.
So we’re stuck between Charybdis and Scylla. For those of you willing to make the effort to identify individual patches that stink, your best source of information is Susan Bradley’s Patch Release Grid. For the vast majority of you, I say go ahead and install all of the patches except KB 3101488 on systems that use Outlook 2013.
After installing the patches, Windows 7 and 8.1 users should immediately run GWX Control Panel. (The latest version has a feature called Monitor Mode that’ll run the program automatically after your update.) If privacy is important to you – and it should be – Win 7 and 8.1 users should then follow the advice at the end of Susan Bradley’s article last month in Windows Secrets Newsletter, and turn off the Diagnostic Tracking Service.
If the idea of Microsoft snooping on you drives you absolutely nuts, try using Spybot Anti-Beacon (t/h B Silverstein). I won’t guarantee that it’ll keep all of your data out of Microsoft’s mitts, and I won’t guarantee that running it is problem-free. But it is the best approach I’ve seen to solving the general snooping questions. If you’ve used Spybot Anti-Beacon, please drop a note in the comments and let me know what you think. I’m particularly interested in learning about any problems.
Even if you plan on upgrading your machine to Windows 10 some day, you should go ahead and block GWX — prevent the advertising and downloads — and turn off the Diagnostic Tracking Service.
Windows 10 users don’t have as many options, of course, although the metered connection trick still works to hold off on updates. If you have your line set up as a metered connection, turn it off for a while and let the updates come through. You should have, or soon get, build 1511, the so-called Windows 10 Fall Update, Threshold 2, and/or build 10586. It isn’t a huge improvement over the RTM build 10240, but it is a step in the right direction. To check, in the Cortana search box, type “winver” and hit Enter. If you’re all caught up, Windows should say it’s on “OS Build 10586.14.” If you don’t have it yet, don’t worry, Microsoft will catch up with you sooner or later.
If you’re running Windows 10 and you’re very sensitive about your privacy, you can turn off some of the leaks in Windows 10. Keep in mind, though, that some of the features in Windows 10 – Cortana comes to mind – really do need to hook your machine up to Microsoft’s data-sucking mechanism. Ed Bott steps you through the basic settings in his ZDNet article about Windows 10 privacy. But if you really want to cut the snooping cord, Spybot Anti-Beacon is your best bet. Watch out: You can clobber all sorts of Windows 10 features if you aren’t careful. On the other hand, maybe you figure the features aren’t worth the snooping. Only you can tell.
With that as prelude, I’m dropping us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.
And remember, don’t check any boxes that aren’t checked already. Don’t use Internet Explorer. And in Win 7 and 8.1, keep Automatic Update set to notify but don’t download.
-
What happened to the October patches?
Just got this from EG
Hi Woody,
The last “relevant” post to ask this question in is 3 pages deep now and I’m sure many others have the same question too.
I realize November’s updates are still being scrutinized but what’s the scoop with the October updates?
They’re still in Defcon 2 as far as I can see so there’s a BUNCH of “Important” updates sitting in my pending list.
Any chance you can start a new thread with the status of October’s updates… if nothing else just to let us know they’re not forgotten?
Thanks Woody!
On November 5, I opened the gates for October patches. See https://www.askwoody.com/2015/msdefcon-3-windows-office-patched-aware-consequences/
I’m still very skeptical of the November patches. We’ve already seen two of them re-issued, one that was bricking Outlook on some systems. There aren’t any killer security holes so, as long as you’re not using Internet Explorer, I say hold tight.
-
Win10 cumulative updates KB 3105210, KB 3105213, 100 more patches, and some surprises
Including the real, final name of Windows 10 Fall Update.
InfoWorld Woody on Windows
-
MS-DEFCON 2: Block auto updates in 7/8.1, but let Win10 go free
Strange times call for strange measures.
I’m putting us at MS-DEFCON 2 for Windows 7 and 8.1, but lowering all the shields for Windows 10.
Vista, Win7, Win8.1: I recommend that you use the instructions on the Automatic Update tab above to set your machines to “Check for updates but don’t download.”
Win10: The quality of the cumulative updates has been so good that I recommend you get them installed prior to the Windows 10 Fall Update release. That means if you have your internet connection set up as a “metered connection” you should take off the cap, and let the latest cumulative updates install. That will probably make the Fall Update install better – and it’s likely, if you’re running Win10, that you’re going to want the Fall Update.
So for most of you, I’m recommending MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
For Win10 users, I suggest you spread your arms wide and welcome the inevitable. Reenact the final scene in “Sons of Anarchy.” I still don’t expect the Windows 10 Fall Update on Tuesday, but I bet we get it this week.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Steps to take before updating to 24H2
by 3 hours, 19 minutes ago
-
Which Web browser is the most secure for 2025?
by 3 hours, 20 minutes ago
-
Replacing Skype
by 3 hours, 21 minutes ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 50 minutes ago
-
Excel Macro — ask for filename to be saved
by 6 hours, 45 minutes ago
-
Trying to backup Win 10 computer to iCloud
by 1 day, 3 hours ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 1 day, 17 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 1 day, 19 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 1 day, 19 hours ago
-
No April cumulative update for Win 11 23H2?
by 7 hours, 26 minutes ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 1 day, 19 hours ago
-
Boot Sequence for Dell Optiplex 7070 Tower
by 2 days, 11 hours ago
-
OTT Upgrade Windows 11 to 24H2 on Unsupported Hardware
by 2 days, 14 hours ago
-
Inetpub can be tricked
by 22 hours, 2 minutes ago
-
How merge Outlook 2016 .pst file w/into newly created Outlook 2024 install .pst?
by 1 day, 8 hours ago
-
FBI 2024 Internet Crime Report
by 2 days, 18 hours ago
-
Perplexity CEO says its browser will track everything users do online
by 3 hours, 27 minutes ago
-
Login issues with Windows Hello
by 3 days, 5 hours ago
-
How to get into a manual setup screen in 2024 Outlook classic?
by 2 days, 17 hours ago
-
Linux : ARMO rootkit “Curing”
by 3 days, 17 hours ago
-
Employee monitoring app leaks 21 million screenshots in real time
by 3 days, 17 hours ago
-
Google AI is now hallucinating idioms
by 3 days, 17 hours ago
-
april update
by 1 day, 21 hours ago
-
Windows 11 Insider Preview build 27842 released to Canary
by 3 days, 18 hours ago
-
Quick Fix for Slowing File Explorer
by 3 days, 18 hours ago
-
WuMgr not loading?
by 2 days, 14 hours ago
-
Word crashes when accessing Help
by 4 hours, 43 minutes ago
-
New Microsoft Nag — Danger! Danger! sign-in to your Microsoft Account
by 3 days, 18 hours ago
-
Blank Inetpub folder
by 3 days, 15 hours ago
-
Google : Extended Repair Program for Pixel 7a
by 4 days, 4 hours ago
Remembering Woody
