MS-DEFCON 2: Defer Windows & Office updates to June 24

Topic

New Reply

ISSUE 18.20.1 • 2021-06-04 By Susan Bradley Consumer and home users Hopefully, you’ve taken the time to get the May updates installed. Before next Tue
[See the full post at: MS-DEFCON 2: Defer Windows & Office updates to June 24]

Susan Bradley Patch Lady

3 users thanked author for this post.

Jorge Troitiño, abbodi86, Fred

Reply | Quote

Replies

thanks for the DisableNews[.]reg

* get out of the poisonous Metaverse *

Reply | Quote

One problem I have with the defer updates approach recommended, which I use, is that when I resume updates it usually includes a .net update preview, which I can’t stop from installing.  So far this hasn’t broken anything but it is worrying.

I resume by clicking on check for updates, if that makes any difference.

Reply | Quote

Don’t check for updates. Just let the machine do it’s thing and you won’t get previews. Checking for updates equates to Install anything up there NOW.

Susan Bradley Patch Lady

1 user thanked author for this post.

Perq

Reply | Quote

Or use WuMgr to hide / install the previews etc.

cheers, Paul

Reply | Quote

I’m going to be working on some videos over the next few weeks to showcase the different methodologies.  “Run the clock out” or rather – the date – is the first methodology.

Susan Bradley Patch Lady

Reply | Quote

Please be sure to explain what happens when the clock runs out.  Does the update process just start updating, and if so when?  Thanks.

Reply | Quote

Not right away but truly within 24 hours it will have downloaded the needed updates – without the previews – and demand a reboot.  It’s not as nice as the Windows 7 I want you to update now method, but it’s acceptable if you don’t want to do the wumgr (and I’ll cover that in the future)

Susan Bradley Patch Lady

Reply | Quote

Millwood – I use Susan Bradley’s methodology for deferring updates and just as she said I do not get .NET previews. I have noticed that upon expiration of the Windows Update pause period Windows may not immediately update, but it usually does within a day or two. However, this slight delay in updating after the expiration of the pause period has not been a problem for me.

Reply | Quote

Millwood wrote:

One problem I have with the defer updates approach recommended, which I use, is that when I resume updates it usually includes a .net update preview, which I can’t stop from installing.

Use WiinAero which is an outstanding program that I have used for many years to tweak and control versions of Windows from XP Pro on. It’s free. It’s a huge program but you can just use small parts of it. In the Behavior section look for Windows Updates and check the box to disable it. This works much better than WuMgr to hide stuff which I found confusing and way too complicated. Simply disabling WU and then reenabling long enough to install what you need each month (usually just the cumulative update and in my case to update Windows Defender each morning) works easily and is simple and quick to do using WinAero.

You won’t get a .net preview this way (unless you were to forget to recheck the box to disable Windows Updates). For the latest .Net you will need to go to .Net website and download it (first removing the checkmark in WinAero that disables Windows Updates) and install it and then go back to WinAero that you minimized to the task bar and recheck the box to disable Windows Updates. Then run Belarc Advisor (free) to see if you have missed any critical updates and, if you have, read the KB (linked to in Advisor and then download the fix from Microsoft Catalog and install (after temporarily lifting the block from WinAero you have enabled for Windows Updates). This may sound complicated but I have found this way much easier and faster than what Susan recommends and not confusing like what is recommended here what with hiding and unhiding and getting unwanted stuff installed.

https://winaero.com/

1 user thanked author for this post.

Matador

Reply | Quote

Thanks all.  I want to be able to run the updates when I like so I set the delay as far out as is allowed, and then start the updates when safe.  I thought about trying to changing the delay date to start the process but that doesn’t work – you can’t set it sooner than tomorrow.  Sigh.

Reply | Quote

I installed the latest updates for May and both of my computers were hit with the BSD Ndu.sys, problem on my laptop I had to go to the manufacturers website and get the latest WIFI adapter driver which seems to have fixed the problem.

On my main desktop I had to uninstall/reinstall the updates to clear out the problem.

This was the first time in a very long time that I ran into any problem updating windows, I hope that it doesn’t happen again…

1 user thanked author for this post.

jburk07

Reply | Quote

Hi Susan I am a Home user, updated my PC & laptop and deferred WU up to June 24.
But I noticed that I am still on Version 2004 on both machines w/o knowing the reason
How can I get recommended Version 20H2?
Best

Reply | Quote

Have you used the targeted release version?  20H2.reg (askwoodylounge.com) If you install that registry key the next time the system looks for updates (June 24) it will bring it down.

Otherwise you can use the Thurrott Tip: Download Any Version of Windows 10 – Thurrott.com to download the 20H2 iso specifically and from a running computer, click on the iso you downloaded “mount it” and run setup.exe

Susan Bradley Patch Lady

Reply | Quote

Why have you removed prior advice to set target release version in Group Policy Editor, Windows Update for Business?! Simple. Why risk messing with the registry?!

1 user thanked author for this post.

rontpxz81

Reply | Quote

The reg file is simple and works for Home and Pro versions. You can still set it in GP if you want.

There is no risk in running a known good reg file. Opening registry editor and just changing stuff is the risky bit.

cheers, Paul

1 user thanked author for this post.

rontpxz81

Reply | Quote

Because people here on the forum venue more often than not run Windows 10 Home, thus the registry key method ensures that EVERYONE can use the same method.

Susan Bradley Patch Lady

Reply | Quote

just rebooted and saw UNAUTHORIZED update restart.

running OSbuild 19043.985 -19043.867

thankfully everything installed OK, but then when I checked,

the HISTORY screen on Win Update SHOWS NO RECENT UPDATE

Anyone Else? This is MADNESS

[Moderator edit] edited for swearing

be well, breathe and honor wabi sabi

Reply | Quote

What do you mean by “unauthorizied update restart”, explain please?

Susan Bradley Patch Lady

Reply | Quote

Susan Bradley wrote:

Because people here on the forum venue more often than not run Windows 10 Home, thus the registry key method ensures that EVERYONE can use the same method.

Really? I find that very hard to believe. How have all these basic, naive, not wanting to learn about their computer users even found this site? I’ve had computers since 1999 but I only found this site a few years ago because an IT friend told me about it. I don’t see many basic users here. I have never had the home version of any version of Windows..it’ s for naive users who want very little from their computers and have no interest in learning about their computers. It’s awful compared to the Pro version.

Reply | Quote

I have been an IT professional for over 20 years and I run Home on my PCs. You do not need more unless you want Bitlocker – I use Veracrypt.

cheers, Paul

3 users thanked author for this post.

Matador, SueW, Fred

Reply | Quote

How do you know it’s awful if you’ve never run ‘Home’ versions of anything, as you state?

1 user thanked author for this post.

SueW

Reply | Quote

Re: Controlling Windows 10 Version Updates – Registry Key Method vs. Edit Group Policy Method

Susan Bradley wrote:

Because people here on the forum venue more often than not run Windows 10 Home, thus the registry key method ensures that EVERYONE can use the same method.

I am not an IT professional and have never felt comfortable entering the Windows registry even if only to paste a new registry key copied from a known trusted source. I was therefore very pleased several months ago when I read one of Susan Bradley’s posts explaining how to use the Group Policy Editor that is available in the Pro version of Windows 10 to control Windows 10 version downloads. Fortunately my computer has Windows 10 Pro and now I am able to easily and confidently set the Target Release Version using the Group Policy Editor.

Please continue to post helpful ideas for using Group Policy Editor.

Reply | Quote

Hello Susan. I received a copy of Alert issue 18.20.1 by email last Friday and was very interested to read the section on disabling News and Interests. In fact I made a print of it because I planned to update my Win 10 version 1909 to 20H2 on the weekend and had already made up my mind to disable News and Interests. Came as a surprise when my attempt failed – no response to right click on Weather. I have just been looking on the Forum for the Alert and its different to my email copy. It’s now just a one liner about ‘fully enabled to your task bar this month’. What happened to the ‘use our registry key link’.
Thanks and by the way update to 20H2 not a pleasant experience. Its there’ but dont like the version.
bsqrd

Reply | Quote

That full alert is available:

ISSUE 18.20.1 • 2021-06-04 MS-DEFCON 2: Defer Windows and Office updates to June 24

You should be able to right-click almost anywhere on the task bar to get the menu shown there.

But the DisableNews.reg download works from the link in the alert if necessary or preferred.

(I think you found the abbreviated version available to everyone; the link for Plus subscribers is at the bottom of that.)

Windows 11 Pro version 22H2 build 22621.105 (group ASAP) + Microsoft 365

Reply | Quote

What do you not like about 20H2?

Susan Bradley Patch Lady

Reply | Quote

Hello Susan. I had already deferred updates to June 14. How can I now change to deferring until June 24? If I let it update now, will I be letting bad updates through?

Reply | Quote

Disconnect your internet connection then Check for updates.  After it fails due to no connection, you will be able to extend the deferral.

Reply | Quote

Does the deferral until June 24th apply to Windows Defender Update KB915597 ?

Also,  I sometimes have problems installing the Windows Defender update,  but it seems to be related to having too many files open on my computer.  If I close out the files to free up some RAM,  then it installs OK.   Is this update difficult to install if you’re low on RAM?

Reply | Quote

June Windows 10 update fixes six zero-day vulnerabilities that are being actively exploited by hackers.

CVE-2021-31955: Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
CVE-2021-31956: Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rating: Important. CVSS 8.4
CVE-2021-33742: Windows MSHTML Platform Remote Code Execution Vulnerability. Rating: Critical. CVSS 7.5
CVE-2021-31199: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2
CVE-2021-31201: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rating: Important. CVSS 5.2

“While these vulnerabilities have already been exploited in the wild as zero-days, it is still vital that organisations apply these patches as soon as possible,” said Satnam Narang, staff research engineer at cybersecurity company Tenable, about the patches. “Unpatched flaws remain a problem for many organisations months after patches have been released.”

1 user thanked author for this post.

L95

Reply | Quote

Likewise,  here are some quotations from a “Krebs on Security” posting on June 8, 2021 at https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/  :

1.   “June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency:   Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.”
2. “Interestingly, two of the Windows zero-day flaws — CVE-2021-31201 and CVE-2021-31199 — are related to a patch Adobe released recently for CVE-2021-28550, a flaw in Adobe Acrobat and Reader that also is being actively exploited…“Attackers have been seen exploiting these vulnerabilities by sending victims specially crafted PDFs, often attached in a phishing email, that when opened on the victim’s machine, the attacker is able to gain arbitrary code execution,” saidChristopher Hass, director of information security and research at Automox. “There are no workarounds for these vulnerabilities, patching as soon as possible is highly recommended.”

Do the managers and/or bosses at AskWoody.com still recommend deferring updates until June 24?

Reply | Quote

“Targeted” attacks are always a quandary for me.  Typically targeted attacks means some attacker has gone after a specific business and the attacks are not wide spread.  Do you remember the Exchange patch situation from a few months back?  That was a type of an attack that attackers pivoted from going after narrow/specific businesses to EVERYONE in a few short days.  I have yet to see that happening with these.  Ultimately it comes down to what you feel comfortable with.  Do you open PDFs on a regular basis?  Do you randomly surf?

I don’t recommend delaying updates to browsers. I don’t recommend delaying updates to a/v.  I still want to ensure there are no major side effects.  I’m still in test mode, I don’t see massive widespread attacks to make me change my mind.  I’ll let you know if I do.

Susan Bradley Patch Lady

3 users thanked author for this post.

IT Manager Geek, L95, Fred

Reply | Quote

Susan:   Thanks for your response.   I do open PDFs frequently,  so I  installed the Adobe update and the Windows Defender update (although I already have a paid antivirus program that I update daily anyway).   But I plan on waiting to install the Windows operating system  security update until you give the go-ahead.

Reply | Quote

KB5003637 : Apps might have issues accessing event logs on remote devices

After installing KB5003637 or later updates, apps accessing event logs on remote devices might be unable to connect. This issue might occur if the local or remote has not yet installed updates released June 8, 2021 or later. Affected apps are using certain legacy Event Logging APIs. You might receive an error when attempting to connect, for example:
error 5: access is denied
error 1764: The requested operation is not supported.
System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand
Windows has not provided an error code….

Reply | Quote

Resolution: This is expected due to security hardening changes relating to Event Tracing for Windows (ETW) for CVE-2021-31958. This issue is resolved if the local and remote devices both have KB5003637 installed.

Patch both sides, and there’s no issue.

Susan Bradley Patch Lady

1 user thanked author for this post.

Alex5723

Reply | Quote

L95 wrote:

Does the deferral until June 24th apply to Windows Defender Update KB915597 ?

A/V applications should be updated a couple of times every day (every 1-2 hours).

1 user thanked author for this post.

L95

Reply | Quote

Once a day is sufficient unless you download lots of random files and open / run them.
Most of us can probably get by on once a week if all we do is mail / office things and a bit of surfing.

cheers, Paul

Reply | Quote

Paul T wrote:

probably get by on once a week

I disagree. A/V software should be constantly updated as there are..

Every day, the AV-TEST Institute registers over 350,000 new malicious programs (malware) and potentially unwanted applications (PUA)

In 2020, an average of 360,000 new malicious files were detected by Kaspersky per day..

Reply | Quote

Windows 10 KB5003637 update could break your taskbar, printer

Windows 10 has a new bug which has been introduced thanks to its monthly security patch “KB5003637”. The problem is that the update is messing up with the icons on the taskbar and desktop. This issue was first reported last month when users installed the optional and it seems to have slipped into the mandatory security update…

Fortunately, those reporting the KB5003637 issues confirmed that uninstalling the cumulative update gets rid of the problem. If you want to keep the update for security reasons, there is a workaround here.

The issue can be fixed if you configure Windows 10’s News and Interests feed again.

Reply | Quote

Installed KB890830 and KB5003637 with Servicing Stack 19041.1022
on 21H1 Pro using WUmgr. Didn’t get KB5004476 nor KB4023057 (although WUmgr runs Check for Updates).

WinVer : 19043.1052.

Everything normal.

Disabled News and Interests with GP and right-click Taskbar.

Reply | Quote

My available deferal dates all are in December 2021.  Yes, system date is correct.  20H2.

Deferal date was sitting at June 16 until I repeatedly and rapidly poked the pause button.
You guys should try it, then let us know.

Reply | Quote

Pro 20H2
About the June update to which this topic refers:
1) Is it KB5004476 ? That is what came today.
2) Does it include whatever May update would have provided?  (May is not in the history.)
3) KB5004476 wanted restart, after which it reported failure to install, removed whatever it did.
In Settings, failure description indicates 0x800F0922.

Reply | Quote

KB5004476 is an optional fix for Xbox games, but is cumulative if installed:

Shared code base means interesting out of bands

That error number has recently been caused by an empty folder being left behind after manual removal of Microsoft Edge:

Try this if you are getting error code 0x800f0922 on Windows 10

Windows 11 Pro version 22H2 build 22621.105 (group ASAP) + Microsoft 365

Reply | Quote

The first instructions I saw for the removal of Edge said to move to the folder where the installer is located and execute the removal command. This led to the error you experienced (because if you are sitting in a directory, you can’t uninstall it. Duh!)

If you use an elevated Command Prompt in its default startup location (C:\Windows\System32) and execute the command from there, you will not get the error and what is left of the Edge directory structure contains an Edge.dat file that probably tells any further  installation to “bug off.”

"C:\Program Files (x86)\Microsoft\Edge\Application\<current version of Edge>\Installer\setup.exe" -uninstall -system-level -verbose-logging -force-uninstall

Reply | Quote

What I wrote did not involve Edge.

Reply | Quote

carpintero wrote:

n Settings, failure description indicates 0x800F0922

See if this folder exists:
C:\Program Files (x86)\Microsoft\Edge\Application\<version of Edge>\Installer\
If the “Installer” folder is empty (setup.exe is not there), it will cause error 0x800F0922 when you install the monthly Cumulative Update and it will roll back.
If Edge has been removed in the past, the directory structure must be removed up to and including the “Edge\” folder before the CU will install without error.

Been there, done that.

Reply | Quote

Ok, I will look for it, at next opportunity to access that computer.

Do you know whether KB5004476 is the update to which the title of this thread refers?

Reply | Quote

The title of this thread doesn’t refer to any particular update.

Windows 11 Pro version 22H2 build 22621.105 (group ASAP) + Microsoft 365

Reply | Quote

Thanks, now I understand that it is being suggested only that we pause updating, without our knowing which problematic updates we are trying to avoid.  A pause (in my case an extension of a long pause) prevents installation of things that we would want to get. For one, May updates had been recommended.

Am I correct in thinking that the pause should not prevent manual updating by means of files that I would download from the catalogue?

Reply | Quote

carpintero wrote:

Am I correct in thinking that the pause should not prevent manual updating by means of files that I would download from the catalogue?

Yes.

Windows 11 Pro version 22H2 build 22621.105 (group ASAP) + Microsoft 365

Reply | Quote

Just wanted to report that upgrading from 20H2 to 21H1 is a bit of a long, slow challenge. Don’t be too eager to jump to the latest released version.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
offline▸ Acer AspireOne Atom N270 RAM2GB HDD GuineaPig
online▸ Win11Pro 21H2.22000.739 x64 i5-9400 RAM16GB HDD Firefox102.0b7 MicrosoftDefender WuMgr

Reply | Quote

How long did it take you – give me details that I can report back.  Microsoft is under the impression that the upgrade is fast and easy.

Susan Bradley Patch Lady

Reply | Quote

Was the 20H2 up to date with the June CU?
The upgrade 20H2 to 21H1 (turning on a Feature Pack only) may be real short if it does not include a CU update (mine took a couple of minutes).
But it you are upgrading (turning on a Feature Pack) AND updating a CU, it may be a longer process. The upgrade will install the latest Build if it isn’t already current.

Reply | Quote

20H2 was up-to-date with the June update.

21H1 was downloaded from the ‘Update Now” button.
https://www.microsoft.com/en-us/software-download/windows10

The first time I installed, 21H! took 1.5 hours and upon mandatory reboot, the system rolled back.

I cleaned up the installation detritus, and tried again.

The second attempt took about 1.0 hours. Upon mandatory reboot, multiple times, as advertised, 21H1 was installed. The system runs without error.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
offline▸ Acer AspireOne Atom N270 RAM2GB HDD GuineaPig
online▸ Win11Pro 21H2.22000.739 x64 i5-9400 RAM16GB HDD Firefox102.0b7 MicrosoftDefender WuMgr

1 user thanked author for this post.

PKCano

Reply | Quote

Let me give this feedback.  Can you list the specs on your machine?  SSD/Ram/Hard drive size etc?

Susan Bradley Patch Lady

Reply | Quote

Processor Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz 2.90 GHz
Installed RAM 16.0 GB (15.9 GB usable)
System type 64-bit operating system, x64-based processor
HDD 465GB allocated to Microsoft operating system (dual boot)

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
offline▸ Acer AspireOne Atom N270 RAM2GB HDD GuineaPig
online▸ Win11Pro 21H2.22000.739 x64 i5-9400 RAM16GB HDD Firefox102.0b7 MicrosoftDefender WuMgr

Reply | Quote

I am not justifying this in any way …. but that (dual boot) is a red flag to me.  Microsoft does not test dual boot scenarios worth a darn.  The good news is that it’s not (supposed) to get stuck on the Conexant audio this time.

Susan Bradley Patch Lady

Reply | Quote

There’s not much I haven’t tried on this machine and that’s the first ever update I got that just plain hurled without me doing something to invoke it.

Glad I didn’t have to retrieve the backup.

Cheap advice: When you don’t know what’s going on with the machine, leave it alone while it grinds away. Microsoft is fairly robust if you give it time. (“Don’t mess with the dog while it’s eating,”)

 

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
offline▸ Acer AspireOne Atom N270 RAM2GB HDD GuineaPig
online▸ Win11Pro 21H2.22000.739 x64 i5-9400 RAM16GB HDD Firefox102.0b7 MicrosoftDefender WuMgr

Reply | Quote