|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
It’s time to put the pause (or defer) for your updates.ย It’s the first Tuesday of the month and non security Office updates are out – PK has them lis
[See the full post at: MS-Defcon 2 – Get ready to pause for Dec]
Susan Bradley Patch Lady/Prudent patcher
You can download any updates from Microsoft Catalog manually.
@Morty …
To find all November 2020 Windows updates in the Microsoft Update Catalog, search for “2020-11” (no quotes). You’ll have to scroll thru several pages and pick only the ones applicable to your Windows version & bitness (x86 or x64).
For Windows & MSOffice updates, you can still get November’s via Windows Update (WU) up to & even after MS has released the December updates.
First run WU. After WU finds all outstanding updates, highlight (click on) each found update and verify that it’s release date (in description area on left) is prior to Dec 2020. If any are dated Dec 2020 (or later), first uncheck then hide these updates.
Once all updates dated Dec 2020 (or later) have been hidden, run WU again. This time WU will find & display the outstanding November 2020 (or prior) updates that were superseded by the hidden Dec 2020 updates.
After all your Nov 2020 (or prior) updates are successfully installed and system’s been rebooted, if you hid any Dec 2020 updates, run WU again and restore these hidden Dec 2020 updates so they can be found again when it’s time to install these later on (when we’re out of MS-DEFCON 2 for the Dec 2020 updates). You can safely exit out of WU without installing any of the re-found Dec 2020 updates.
Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS
Download WUmgr and run it. You can then choose exactly which updates to install.
cheers, Paul
The Author’s site is: https://github.com/DavidXanatos/wumgr/releases
cheers, Paul
only little risk I guess
I’m confused. I thought Patch Tuesday was the 2nd Tuesday of the month. Since the first Tuesday was Dec. 1, the second Tuesday can’t be before Dec 8. Why DEFCON 2 now? Historically, I’ve waited until just a few days before Patch Tuesday to install Windows updates. What am I missing?
November patches had the DEFCON-4 rating to go ahead and patch.
The Office non-Security patches are December updates under the December DEFCON-2 rating, not to be installed yet.
They are NOT included in the November DEFCON-4 patching (as started in the release announcement post).
The DEFCON System applies to the updates.
November updates were classified under DEFCON-4. That means they are now OK to install ANY TIME.
The DEFCON-2 rating is now aimed at the December patches in order to discourage patching before the Dec patches are vetted.
It doesn’t mean you can’t install previous patches that have already been vetted and given the DEFCON-4 rating.
This is a subtlety that has not been explained before as far as I am aware, or there has been a policy change. Before Woody retired, he would normally have called time on patching (i.e. set MS-DEFCON 2) around the eve of patch Tuesday, the second Tuesday of the month. And non-security Office patches were around then, weren’t they?
Nothing has changed – it’s always been that way.
I have explained this quite a few times.
If a patch has been approved for installing, that approval is not revoked just because the next month’s patches have not been vetted and approved.
DEFCON is meant to protect you from new, unvetted patches, not limit when you can install patches that have already been through the DEFCON-approval process and OKed for install. DEFCON assumes you install the approved patches during the DEFCON 3-5 window. But if you fall behind and miss the window, it doesn’t prevent you from catching up with the approved updates. Just don’t install the ones that haven’t been approved through the DEFCON System.
I understand completely what you are stating and, with one exception, I agree with everything. The one exception is your first sentence.
If, from now on, we can expect MS-DEFCON to be set back to 2 on the eve of the first Tuesday of the month, instead of on the eve of the second Tuesday of the month, that to me is a change in policy.
I am thankful to @snalmond for raising the issue because I was contemplating doing it. However, at a personal level, it makes no difference to me. My version of Office is CTR and so I don’t get my Office updates through Windows Update. Unless there are exceptional circumstances, I shall continue to wait until nearer Patch Tuesday before applying my system updates.
The DEFCON change has never been a set day. It has always been contingent on a condition – that condition being the ability to patch safely.
When there was enough information on the updates to determine where the problems lay, Woody changed the DEFCON number. He usually waited till the Preview was released to see what MS had fixed. And it was usually preceding a weekend that DEFCON was changed, in order to have the off-time to do the updating. But it was not set to a specific day.
Woody has retired, and this is Susan’s decision now. The problems that exist with Nov updates are pretty much known and there have not been a bunch of new ones appearing. So it seemed a good time, with the US holiday long weekend off-time, to give the go-ahead. More time for those supporting family and friends to help with the updating.
But DEFCON has never been a rigid schedule that has to be done on a given day, or not at all. It is meant as a guideline, to indicate that the problems with a particular set of updates are mostly known and, given that knowledge, installing that set of updates is relatively safe.
(Notice I don’t use the absolute where MS is concerned. ๐ )
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
