MS-DEFCON 2 – Deferring the April Updates

Topic

New Reply

ISSUE 18.12.1 • 2021-04-11 By Susan Bradley Brace yourself for April updates It’s the time of the month to pause for updates. You will recall that the
[See the full post at: MS-DEFCON 2 – Deferring the April Updates]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

Linda2019, abbodi86, lmacri, Alex5723

Reply | Quote

Replies

“First, select Start, Settings, Network & Internet, and then Wi-Fi”

Why only Wi-Fi and both Wi-Fi and WAN ?

Reply | Quote

I fixed it to say wifi or ethernet, thanks!

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Alex5723 wrote:

“First, select Start, Settings, Network & Internet, and then Wi-Fi”

Why only Wi-Fi and both Wi-Fi and WAN ?

the post says Wifi but the video says Ethernet.

Whichever way you’re connected, select Properties and set metered connection

then go to windows update and select pause updates for up to its maximum

Reply | Quote

So we are to outright skip the March patches this year?

Reply | Quote

It was your decision to install them. If you didn’t, yet they can be skipped. Remember on Windows 10 patches are cumulative so we’ll get the patches we need in April.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I have not logged into the site in a long time.  I’m looking for the forum that deal specifically with MS Word issues, coding, etc.

thank you.

Reply | Quote

MS Word and Word Prossessing Help.

Reply | Quote

I highly recommend setting Windows Firewall to BLOCK outbound connections, and manually allow what you need. Then exporting your custom policy and resetting it periodically. MS messes with Firewall after each windows update!
This way not only you block Windows updates, as well as most snooping, and other apps that call home unnecessarily.

Since working with Firewall interface is a pain, use could use Firewall App Blocker  by sordum.org, which is just a better interface for Windows Firewall.

Reply | Quote

I am using WAU and have Windows Updates turned off via GP settings (Windows 8.1 Pro w/Media Center is the OS), but I like the idea of telling Windows that the Ethernet network connection is metered (in addition to the WiFi network).

That brings me to a question: Why does this system display “No Internet access” below the Ethernet network name when I hover over the Network and Sharing icon in the Notification area?

I rarely enable WiFi on any computer I use for serious things such as reading this newsletter, gaming, and sometimes working or studying.  That policy seems quite reasonable to me since I live in a condoplex with 130+ units on a few acres of land and I believe that both VZW and Spectrum offer some sort of secure WiFi for free to their customers in this development.

A new WiFi Cable Modem Router (a Netgear X45 AC3200) is the network hardware connecting my LAN to my ISP, instead of the sclerotic two-component cable modem plus WiFi router provided by the ISP.

I am looking for a guide to adding a large outgoing block list to the Netgear device. The table would include the IP addresses MS Windows uses for its telemetry and spyware, even malware if one counters Windows Update’s persistent attempts to change the software configuration of a computer against the owners wishes).  That sort of thing was often discussed back when people without access to the Internet were running FidoNet BBSes.

Does Windows just assume that users wishing to access things in the internet will always be using WiFi?  The way that many^H^H^Host of today’s Web sites are clearly designed for people browsing on mobile devices is what let me to wonder about the incorrect text under the Network and Sharing icon.

Regards,

FractalZ

 

Reply | Quote

Hey Susan, PK,
I hace my updates for March paused until April 12 (tomorrow), and I can’t use the advanced option to push the resume date further out. I want to wait and just install the April updates (after you guys give the go-ahead), rather than risk getting the March updates.

I’m on Win 10 v 2004 (build 19041.804) Home; I always leave metered connection on unless allowing updates. I also and use WUShowHide to hide updates.

Can you confirm if the old trick of flicking wifi on/off (using airplane mode) will work (after hitting the resume button) so I can revise the paused date to a later date?

Reply | Quote

How to Cheat Pause. Read through this thread.

1 user thanked author for this post.

Linda2019

Reply | Quote

Thanks PK, that was the exact method I was proposing to use. I’ll assume it still works then.

Reply | Quote

I am using WAU and have Windows Updates turned off via GP settings (Windows 8.1 Pro w/Media Center is the OS), but I like the idea of telling Windows that the Ethernet network connection is metered (in addition to the WiFi network).

That brings me to a question: Why does this system display “No Internet access” below the Ethernet network name when I hover over the Network and Sharing icon in the Notification area?

I rarely enable WiFi on any computer I use for serious things such as reading this newsletter, gaming, and sometimes working or studying.  That policy seems quite reasonable to me since I live in a condoplex with 130+ units on a few acres of land and I believe that both VZW and Spectrum offer some sort of secure WiFi for free to their customers in this development.

A new WiFi Cable Modem Router (a Netgear X45 AC3200) is the network hardware connecting my LAN to my ISP, instead of the sclerotic two-component cable modem plus WiFi router provided by the ISP.

I am looking for a guide to adding a large outgoing block list to the Netgear device. The table would include the IP addresses MS Windows uses for its telemetry and spyware, even malware if one counters Windows Update’s persistent attempts to change the software configuration of a computer against the owners wishes).  That sort of thing was often discussed back when people without access to the Internet were running FidoNet BBSes.

Does Windows just assume that users wishing to access things in the internet will always be using WiFi?  The way that many of today’s Web sites are clearly designed for people browsing on mobile devices is what let me to wonder about the incorrect text under the Network and Sharing icon.

Regards,

FractalZ

 

Reply | Quote

Yes, Microsoft assumes fast internet.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

That used to work on 1909 but seems no longer to work on 2004 Win10 Pro. 🙁

Reply | Quote

I was not keeping up with demise of 1909. I’ve never been offered an update by MS Update although it was mentioned last year sometime that an update might be coming soon. Is it possible there is a configuration issue with my laptop? Specs attached below.

Reply | Quote

You don’t have a Conexant audio driver do you?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

No, only Realtek Audio and USB Advanced Audio Device under Manage sound devices. Latter probably pops up due to use of Plugable USB-C docking station. I suppose that is an item that could be interfering.

Reply | Quote

[MrToad28]

I have a recently acquired Win 10 pro refurb with 1909  and want to go to 2004 without incurring toxic updates. Is there a simple way to do this?

Thanks.

• This reply was modified 2 years, 5 months ago by MrToad28.
• This reply was modified 2 years, 5 months ago by MrToad28.

Reply | Quote

See this thread. Be sure to watch Susan’s video.

1 user thanked author for this post.

MrToad28

Reply | Quote

When I update from 1909 to 2004 can I be assured that the current toxic updates will not piggyback in on that or should I wait till the updates are Def 4 or higher?

Thanks for taking to trouble to answer

Grateful Toad

Reply | Quote

When you upgrade, you will get the latest updates offered through Windows Update.
That would be the March (DEFCON-3) updates as of today (4/11). For 2004/20H2 you may also want to download and manually install the OOB patch KB50001649.
If you wait till Tuesday after MS releases the April updates at 10:00am PDT US, you will get the April updates (under DEFCON-2).

DEFCON-3 = update with caution.
DEFCON-4 or 5 may not happen within a given month.

3 users thanked author for this post.

Fred, Wibbly, MrToad28

Reply | Quote

Thanks..I got the version target set for 2004..now how do I get it to go forward before the Gates of Hell…I mean the April patch window opens?

Thanks so much

Reply | Quote

Be sure you don’t have:
+ Any Conexant Audio drivers in Device Manager
+ You haven’t hidden the 2004 Feature update with wushowhide
+ You don’t have any 3rd party update blockers
+ You don’t have metered connections set
+ You have enough free disk space
+ You don’t have any USB devices connected

+ Have you been getting regular monthly updates?
+ Turn off Fast startup in Control Panel\Power options\Choose what the power button does

There’s a few things to check.

2 users thanked author for this post.

MrToad28, Fred

Reply | Quote

Turned out to be simple matter of turning on the updating…had been on 7 day hold..then following up and checking for updates after each restart..It’s all up to date now and the box didn’t meltdown.

Thanks for your assistance

Grateful Toad

Reply | Quote

That used to work on Win10 Pro 1909 but sadly appears to work no longer on 2004. 🙁

Reply | Quote

Is Susan Bradley recommending that home users should opt for either one of the specified actions or is she recommending that they should take both actions?

Reply | Quote

I do both. It ensures I don’t get updates when I don’t want them.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

280park

Reply | Quote

[rebop2020]

Hi Susan, PK….

A little background and a question.

I have a topic here where I had issues updating 1909 CU’s. PK got me to the point I was getting updates offered to me again. We were going to do the 1909 CU last month (March) and when (or if) that was successful Change TRV to 20H2 and finally update to there.

Since there was so much caution on the March 1909 CU, I paused for 7 days. Actually paused for 7 days twice! After that hid the 1909 cu in wushowhide, installed the office updates and all seemed good to me.

PK said I should NOT have used pause for 7 days when GP is set to 2 for show updates but do not install. I saw no harm from it. Of course, if I had chose to Resume Updates, they would have installed immediately.

So your article said to pause April updates until more is known. Sorry for being long winded, but how exactly should I do that when Notifications tells me I have new updates available?

My thinking is not to hide anything nor install anything until it reaches a DEFCON blessing. You say to pause. What exactly is the best thing to do?

Thanks.

• This reply was modified 2 years, 5 months ago by rebop2020.

Reply | Quote

[Paul T]

Pausing updates doesn’t mean use pause – yes, its confusing. It means do not install updates. You can using either Group Policy or metered connection for this.

The Windows Update pause function is actually a bad way to prevent updates being installed, because once the pause ends all updates are installed regardless.

cheers, Paul

• This reply was modified 2 years, 5 months ago by Paul T.

Reply | Quote

It did not dfo anything of the sort for me Paul as I mentioned above. I used Pause FOr 7 Days TWICE. Each time it would show me a notification of New Updates Available in the Action Center. I could then hide any with wushowhide, download all of Pause again for 7 Days. Nothing was automatically downloaded or installed.

 

So I still do not know what is best (I don’t want to do metered) to do until the April updates are approved and after I first get the notice that I have new updates available.

Make sense? This IS how it works for me. If it is different than others see I do not know why.

~Bob

 

Reply | Quote

Does anyone know if anything has changed with the Conextant drivers issue?  My Toshiba S55 1909 laptop with Conextant HD Audio has just been offered 20H2!  It never got offered 2004.  I was using WUMT so I only allowed the Office 2010, Defender and MSRT updates.  Reset defer updates to mid-May after applying the above. Thinking I want to upgrade to 20H2 before 21H1 comes out using the documented tricks posted here & in other articles.

Reply | Quote

I upgraded an HP Desktop last week from 1909 to 20H2, with the infamous audio driver. I just followed the mitigation solution of uninstalling the audio driver from the device manager and started the upgrade process from Microsoft upgrade site and everything when well. The infamous reinstall it-self after the update to 20H2. I still don’t understand if that’s the way to go with the upgrade from 1909 to 2004/20H2, why MS doesn’t include the uninstall procedure within the upgrade process?

Reply | Quote

OK, so what IS the recommended way to pause for the April updates and what is the difference between the following two?

It seems one could also just ignore the update until ready. Or hide the parts of the update one wishes and then ignore. Not quite understanding what the recommended is and even perhaps why.

Thanks.

Reply | Quote

You are on Pro so no pause is needed.

1. set TVR to your desired Windows 10 version (the current version, next version)
2. Set Windows Update in GP to ‘Notify don’t download..’ = 2.

That setting will let you see what coming but won’t download updates until you are ready
It will also give you the option to hide any of the updates (use WUmgr).

AKB 2000016: Guide for Windows Update Settings for Windows 10

Reply | Quote

All is set just that way right now. And just what I did last month with the exception of using Pause 7 days twice.

I’ll continue to read to see if there are more recommendations / instructions.

Thanks.

Reply | Quote

If so, how do I enable it without updating automatically?

Should I also use Pause or is it not necessary?

Any reason to hide any updates?

Reply | Quote

If you have Win10 Pro, and you set Group Policy like it says in AKB2000016, you do NOT need Pause. You will be able to hide whatever you don’t want whenever you want to. When you are ready to update, all you have to do is click the “Download” button (NOT “Check for updates””

1 user thanked author for this post.

ECWS

Reply | Quote

I do have Windows PRO Version 19042.928.

Followed instructions and set option to 2 – Notify for download and auto install

Removed Pause Updates and all updates began installing.  Think I am ok with that for now (rather than uninstalling and waiting for Defcon change) however did not see the “Download” button.  Does that only appear when updates are available?

Reply | Quote

If you use “Pause”, then click “Resume updates,” updates will download/install. and may not respect the “2” (notify download/install) setting.

“Resume updates” ignores other settings you have made and initiates download/install. That information is in AKB2000016, and is the very reason I recommend NOT using Pause if you are using the Group Policy settings.

Reply | Quote

Re: Dymo Connect
I updated MS on Friday 4/9 thinking all was fine Dymo & Dymo Connect.
Wrong, spend the weekend trying to use Dymo Connect address feature, nothing would not allow the address to be entered.
Finally uninstalled last MS update & now’s all back to normal.
Was told Dymo & Dymo Connect are offering another Major update later this week.
They say MS changed their update which changed Dymo’s update…
Who know, Who cares, ME, just get it right…
Bad enough Dymo lost it’s Address Fixer.
john

Reply | Quote

If you install the new updates, you have to install the new Dymo software.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

[EP]

the April 2021 updates for Windows are out as of Tue. April 13, 10:10am pacific local time

KB5001330 for 2004/20H2/21H1
KB5001337 for 1909
KB5001342 for 1809 enterprise/education/ltsc 2019

KB5001335 rollup for Win7
KB5001392 security only update for Win7

KB5001382 rollup for Win8.1 / Server 2012 R2
KB5001393 security only update for Win8.1 / Server 2012 R2

edit – best to NOT install these yet until either end of April or start of May

• This reply was modified 2 years, 5 months ago by EP.

1 user thanked author for this post.

DrBonzo

Reply | Quote

plus! kb4601275 for Win7, Win8.1, Server 2008, Server 2012 & Server 2012 R2..
as usual, no documentation at time of this post.

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

DrBonzo

Reply | Quote

[EP]

MS support article 4601275 has been posted after 11:30am Pacific local time of Tues. 4/13

KB4601275 is a standalone time zone update for “The Republic of South Sudan”
not needed if installing the newest rollup update which includes KB4601275, unless Win7 users opted to install security-only updates

• This reply was modified 2 years, 5 months ago by EP.

1 user thanked author for this post.

DrBonzo

Reply | Quote

Neowin has the run down of April’s updates.

Microsoft releases Windows 10 builds 19042.928, 18363.1500 – here’s what’s new

Here’s what’s new for Windows 7 and 8.1

1 user thanked author for this post.

DrBonzo

Reply | Quote

KB4601275 for Win7 and Win8.1
Time Zone updates for The Republic of South Africa and Sudan.

1 user thanked author for this post.

DrBonzo

Reply | Quote

[DriftyDonN]

well darn! KB5001330 installed today. Am not sure how that happened- oh I installed 20H2 last night, and had Dr appt this am. Forgot to start laptop until mid afternoon Eastern time. Thought the updates were missed last night and I fumble thumbed install.

Well, we shall see .  BTW, KB5001649 wouldn’t install and it is no where to be found. (I DID install it pre update and it was there) Will try my HP printer tomorrow if feeling better.

am now  win10 pro version 20H2 (OS Bld 19042.928)

• This reply was modified 2 years, 5 months ago by DriftyDonN.

Reply | Quote

KB5001330 is the April CU for 2004/20H2.
KB5001649 is the March 18th OOB patch for 2004/20H2.
Since Win10 updates are cumulative, that means the earlier updates are contained in the later updates.
That is why “KB5001649 wouldn’t install and it is no where to be found.” It has been replaced/superseded by KB5001330.

1 user thanked author for this post.

280park

Reply | Quote

Had to resume updates to get out of pause and it did not respect the “2” setting.  did not know how to get out of pause without it resuming updates one time.

Will the “Download” button appear only after the computer checks for updates?  How often will it check for updates now that I have changed the setting to “2”?   Last check was 8:35 PM last night when I changed the setting to 2.

Reply | Quote

The “Download” button will appear when there are updates in the WU queue available to be downloaded.
If there are updates you don’t want in the queue, you need to hide them with wushowhide, then clear them from the WU queue before you click “Download.”. Because what you see in the queue is what will download/install.

Reply | Quote

Thanks for the warning.

Where do I get wushowhide?

I am on Win PRO 20H2 19042.928

Reply | Quote

There is a link to download it in AKB2000016. You should read through it so you don’t get Update surprises.

1 user thanked author for this post.

ECWS

Reply | Quote

April Updates have just popped ready for download in all my AMD family PC x 3 (PK settings for notify Download only, no pause).

Is there some reason that MS keeps trying to give me Intel Microcode updates for AMD CPU/MB?

2021-01 Update for Windows 10 Version 20H2 for x64-based Systems (KB4589212)

Is there something else besides Intel CPU/MB that is on AMD CPU/MB or just inside WIN10 Pro 20H2 that needs this KB.

MS wanted to give these to me last cycle as well. But I just hid them and of course they are back with new Tuesday.

P.S. Are we still deferring 2021-01 Update for Windows 10 Version 20H2 for x64-based Systems (KB4023057)

• This reply was modified 2 years, 5 months ago by .
• This reply was modified 2 years, 5 months ago by . Reason: add KB

Reply | Quote

KB4023057 is a servicing stack update. If Windows Update determines your system needs it, this type of update will be included automatically when you install a cumulative update. It will be installed first. If you have installed either the Feb., or Mar. CUs you should have this update already. You should check your update history to see if it is already installed.

Why you are getting a recommendation for KB4589212 is anyone’s guess. Most likely the metadata used to detect systems requiring this fix is faulty.

 

--Joe

Reply | Quote

KB4023057 is the Windows 10 update that resets your settings to make sure you upgrade when MS wants you to. It installs as an App/program.
It is not a Servicing Stack.
You don’t want it.

2 users thanked author for this post.

Fred

Reply | Quote

Interesting, I can wushowhide the KB4023057 but the KB4589212 does not show up to be hidden??

Reply | Quote

We’re getting the Intel Microcode updates on VM and Server VMs so IMHO yes it’s faulty.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Well as of a few moments ago I just got forced 2021-04 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5001330) update.

The Notifications Icon has been blank since before Tuesday when it will normally start giving the “updates are available” as it starts holding them for download with PKCano settings.

Now last hour I guess, I see the separate “Your Device Needs to Restart…” icon on the notification area.

I don’t remember changing anything this week on Update settings and don’t remember hitting a notification button to say update.  oh well, can’t back it until I let it restart.

 

 

Reply | Quote

Windows 10 KB5001330: Watch out for these critical issues in latest update
https://www.windowslatest.com/2021/04/16/windows-10-kb5001330-fps-drop-installation-failure-bsod/

Reply | Quote

I had an issue on a Windows Server 2016 VM after installing KB5001347 (April updates).

I use a VHDX drive mounted on Windows Server to make backups using Windows Server Backup to a NAS volume using SMB. This is one of the ways we save a system image, system state and files in case of problems.

Normally, when mounting a VHDX file on Disk Management, I should see the volume label. However when I mount the disk file with KB5001347 installed, the volume label doesn’t show up, the virtual disk shows up but the volume appears offline on WSB. On Event Viewer, I see permisssion denied problems on VSS. I also tried to create a new virtual drive and create a new volume, but the formatting doesn’t complete, it fails or it’s inconsistent, that is Disk Management shows drive letter but doesn’t show file system (NTFS), while on File Explorer the test volume is accesible, it shows up as NTFS and I can write. In other cases, formatting doesn’t work and if I try to format from File Explorer, it gives me an error with “no sufficient permissions”, event with Administrator account.

I rebooted multiple times to see if it helped, but the problem continued. I even recreated the same problem on another WS2016 VM having the same results.

After uninstalling the update, mounting a volume from a VHDX file works normally, the backup volume shows up as online and the backup process works correctly.

Has anyone experienced something similar with VHDX files after applying the April update?

Reply | Quote