It is always a good idea to suspend Windows updates just before they reach the deployment chute. This month we are facing two extraordinary problems which you must take into account. It wouldn’t hurt if you told your friends and family too.
Take last month’s Windows patches. Please. We had a fix, KB 4524244, which slipped on Patch Tuesday, cluttered a unknown number of machines (HP computers with Ryzen processors were hit hard), then remained in an “automatic download” state until they were finally removed on Friday. We had another patch, KB 4532693, which sunken desktop icons and moved files while performing a nifty trick with temporary user profiles. Microsoft has never fixed this problem.
These are not isolated incidents. we see the same diagram, again and again. Microsoft releases fixes that are not properly tested. Cries of pain ensued. Microsoft fixes some of the fixes, does not fix others. Wash rinse. Repeat.
Getting out of the karmic gear wheel induced by automatic updating is a huge pain – and one that is entirely preventable. Just avoid the automatic update, wait to see while the crowdsourcing beta test runs its course.
As if you need more incentive this month, two more problems are looming.
First, the “C / D Week optional and unsecured” patch that was released two weeks ago, KB 4535996, has all kinds of problems. Mayank Parmar at Windows Latest and Lawrence Abrams at BleepingComputer document an impressive list of deadlocks, crashes, broken pilots, poor performance and black and blue screens. Microsoft has not officially recognized any of the bugs.
The only bug that was recognized, the one that breaks the signtool.exe application in Visual Studio used to sign projects, drew a reference in a blog post from a Microsoft engineer. “We are working on a resolution and believe that a solution will be available in mid-March.”
Normally, we expect that “optional” patch bugs will be fixed by the time the regular cumulative update appears. The past few weeks, however, have been anything but normal times.
Almost all Microsoft staff in the Northwest have been working from their homes since last week. Microsoft announced last week that two of its employees in the Seattle area have tested positive for COVID-19, the new coronavirus. You’d think the transition to telework would be easy – after all, Microsoft has been selling telework-friendly software for decades – but the bottom line is that there are a lot of bumps in the road.
This brings me to my second concern regarding this month’s fixes. Even if Microsoft pulls together and fixes known (and unknown!) Bugs this month’s Patch Tuesday patch, we have virtually no experience with Microsoft in handling new bugs in this coronavirus-influenced home environment .
Microsoft is struggling to fix bugs when the entire team is in the same building, within walking distance. Heaven only knows what’s going to happen this month.
You have to patch sooner or later. But there are even more reasons this month not to be in the “earlier” cohort.
Blocking automatic update on Win7 and 8.1
Those who paid for extended security updates for Win7 should be very careful about the immediate installation of patches. Those who do not ignore it will ignore the patches (the vast majority there) or wait to see if free alternatives appear. We will cover both carefully on AskWoody.com.
If you use Windows 7 or 8.1, click Start> Control Panel> System and Security. In Windows Update, click on the “Activate or deactivate automatic update” link. Click the “Change settings” link on the left. Verify that important updates are set to “Never check for updates (not recommended)” and click OK.
Windows 10 Auto Update Block
At the moment, you are almost all on Win10 version 1903 or 1909. You do not know which version of Win10 you are using? In the search box, near the Start button, type About, and then click About Your PC. The version number appears on the right under Windows Specifications.
If you are using Win10 1803 or 1809, I strongly invite you to upgrade to Win10 version 1909. If you insist on staying with Win10 1809 (hard to blame yourself!), You can block updates by following the steps in December Patch Warning. Be fully aware that Microsoft will no longer be distributing security patches for 1809 Home or Pro after Tuesday’s patch. There are two months left.
In versions 1903 or 1909 (Home, Pro, Education or Enterprise, unless you are connected to an update server), using an administrator account, click Start> Settings> Update & security. If your paused update timer is set before March 30 (see screenshot), I invite you to click Resume Updates and let the automatic update program start – and do now, before noon in Redmond Tuesday, when the Tuesday patch fixes are released. .
If the break is to expire before the end of March or if you do not have a break in effect, you must configure a patch defense perimeter that prevents patches from your machine for the rest of the month. Using this administrator account, click the “Suspend updates for 7 days” button, then click it again and again, if necessary, until you are interrupted in late March or early April.
If you see an optional update available (you can see one in the screenshot), DO NOT CLICK “Download and install”. You will soon be bitten by these bugs.
Do not worry. Don’t be stamped. And don’t install any patches that require you to click “Download and install”.
If there are immediate and widespread issues protected by this month’s Patch Tuesday – a rare occurrence, but it does happen – we will let you know here and on AskWoody.com, within a very short time. Otherwise, sit down safely knowing that you are not in the first round of cannon fodder. Let’s see what problems arise.
We are at MS-DEFCON 2 on AskWoody.
Copyright © 2020 IDG Communications, Inc.