News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

    Home Forums AskWoody blog MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

    This topic contains 43 replies, has 23 voices, and was last updated by  PKCano 5 months, 3 weeks ago.

    • Author
      Posts
    • #323774 Reply

      woody
      Da Boss

      Tomorrow’s Patch Tuesday so that means today is… Block Monday. As in blockhead. Don’t be one. Make sure you have Automatic Update well and thoroughl
      [See the full post at: MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked]

      9 users thanked author for this post.
    • #324155 Reply

      Mr. Natural
      AskWoody Plus

      By golly, I think Woody has come up with new terminology. Block Monday. Or maybe Blockhead Monday…….. yeah!  🙂

      Red Ruffnsore reporting from the front lines.

      5 users thanked author for this post.
    • #324181 Reply

      WildBill
      AskWoody Plus

      It’s Block Monday… & Blockhead Tuesday for those willing to let Microsoft update their machines automatically. Love the Johnny Carson/Carnac reference, Woody! Very appropriate for Win10 Home…

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      1 user thanked author for this post.
    • #324241 Reply

      b
      AskWoody Plus

      The current beta test version of the next (“19H1” or “1903”) version of Win10 Home includes the ability to Pause updates for seven days. … that’s basically useless.

      I have a sneaking suspicion that if/when this arrives with 1903 for non-Insiders in a couple of months it will be for 35 days (and therefore not nearly so useless).

      Because all Insider rings (even Release Preview) for any edition can only pause updates for seven days.

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

      2 users thanked author for this post.
      • #324308 Reply

        Microfix
        Da Boss

        IMO It makes no sense delaying updates in a preview/ insider ring, it’s what people opted in for..beta testing!
        OTOH this could well be a trial which may be removed completely.
        As for the 35 day grace period/ pause once RTM, I’ll believe it when I see it.

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      • #324414 Reply

        NetDef
        AskWoody_MVP

        My peers here are betting it will be 30 days, and in the same UI as Pro where you can defer updates and feature upgrades, just minus the feature upgrade control.

        Crossing our fingers . . .

        ~ Group "Weekend" ~

      • #324471 Reply

        woody
        Da Boss

        Man, I hope you and NetDef are right.

        I’ve been watching closely to see if the beta builds get modified…

        Oh, somewhere in this favored land the sun is shining bright; 
        The band is playing somewhere, and somewhere hearts are light,
        And somewhere men are laughing, and little children shout; 
        But there is no joy in Mudville- mighty Casey has struck out. 

        2 users thanked author for this post.
    • #324267 Reply

      PKCano
      Da Boss

      If I’m not mistaken (and I very well could be), Pause is useless because….

      At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.

      2 users thanked author for this post.
      • #324305 Reply

        b
        AskWoody Plus

        Why does that make Pause useless? That’s what Woody is advising everyone to do every month; pause for a few weeks, unpause and update last month’s, then re-pause before the next month’s patch day.

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

        • #324310 Reply

          PKCano
          Da Boss

          Does Woody recommend “Pause“?

          • #324349 Reply

            b
            AskWoody Plus

            No, pause.

            Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

            • #324366 Reply

              PKCano
              Da Boss

              I see his recommendation for “deferral” but not for “pause.” As I read it, he says:

              All of which makes Win10 Home “Pause updates” a really nifty marketing setting (“Look! You can pause updates in Win10 Home!”) that’s basically useless. Unless you’re Carnac the Magnificent.

            • #324406 Reply

              b
              AskWoody Plus

              It appears that for complete clarity I should have said, “In effect…”, but I was hoping that the “every month” would have been a hint as we’re discussing an unreleased feature here (as far as Home users are concerned).

              Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

          • #324393 Reply

            Kirsty
            Da Boss

            Does Woody recommend “Pause“?

            To quote Woody (3rd. Ed, Windows 10 All-in-One, p. 619):

            “Don’t move the slider marked Pause Updates unless you absolutely have no other way to keep Windows Update’s filthy hands off your machine.”

            1 user thanked author for this post.
            • #324413 Reply

              b
              AskWoody Plus

              Slider? Can’t be for Home users as they’ve never had one.

              Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

              1 user thanked author for this post.
            • #324472 Reply

              woody
              Da Boss

              Yeah, I was working under something of a handicap at that point. Writing for version 1803….

      • #324415 Reply

        Chronocidal Guy
        AskWoody Lounger

        If I’m not mistaken (and I very well could be), Pause is useless because…. At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.

        A key question about the “Pause” functionality.. how does it apply to current updates in the queue?

        Is this a case of “I’m going to wait and not download any updates for 7 days”, or is it going to say “I’m going to download everything, and then not install for 7 days”?

        The first is great to avoid potentially bad patches, but the second could potentially have you install broken updates even if they’ve already been pulled from release in that 7 day period.

        Either way, now I can’t shake the image of hitting the “Pause” button, and immediately getting a phone call with a creepy voice saying “Sevennn daaayyyssss…”

        • #324462 Reply

          b
          AskWoody Plus

          A key question about the “Pause” functionality.. how does it apply to current updates in the queue?

          Is this a case of “I’m going to wait and not download any updates for 7 days”,

          Yes:

          If you’re using Windows 10 Pro or Windows 10 Enterprise, you can choose to temporarily pause updates from being downloaded and installed:

          Pause updates in Windows 10

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

          1 user thanked author for this post.
        • #324477 Reply

          NetDef
          AskWoody_MVP

          Disclaimer, we are talking about a feature that’s not yet final, is on Insider builds only, and may or may not change or be yanked.  Given the nature of Insider builds, the seven day pause may be increased on general release.  Or not.

          Here’s the way it’s supposed to work.

          When you hit pause (for seven days):

          All pending updates that have not yet been installed are stopped.

          All released updates that come out during the seven day period are ignored.  They are not downloaded, nor presented to you. (Unless you are a seeker . . .)

          If you are a seeker, which means you manually click the check for updates button – we think you just might get more than you thought you were asking for – but that’s not been confirmed on the pause feature yet. (I plan to try to test this tomorrow!)

          Once the pause expires, on this new model (not to be confused with the old deferral setting in Windows 10 Pro) the system is supposed to do the following:

          1) Re-run a live online check for updates – this means that if MS yanked a bad patch from WU during your pause; you won’t see it at all.

          2) Install all pending updates found that you have not received since the pause (minus the ones MS yanked, see above.)

          And that’s the “simple” explanation . . .

           

          ~ Group "Weekend" ~

          2 users thanked author for this post.
    • #324307 Reply

      Morty
      AskWoody Plus

      Oy. As we speak, I’m backing up my other (Win7) computer to make it safe to update.

      I tried to back it up last week, but I broke my old backup drive and had to buy a new one.

      Can I still safely get the January updates?

      • #324312 Reply

        PKCano
        Da Boss

        Yes, Jan updates are still available.

        1 user thanked author for this post.
      • #324316 Reply

        Microfix
        Da Boss

        Yes you should be able to get the January updates required within the next 23 hours AFAIK

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        1 user thanked author for this post.
    • #324313 Reply

      Noel Carboni
      AskWoody_MVP

      Heh, and here I just put the January updates in for Windows 10 v1809 this morning. All’s well so far.

      ScreenGrab_CarboniPC_2019_02_11_124611_491

      -Noel

      Attachments:
      1 user thanked author for this post.
      • #325339 Reply

        mn–
        AskWoody Lounger

        Although, I’m fairly sure 17763.292 is having memory management problems.

        I’ve seen loss of all graphics output when there’s a low-memory condition on that build version, which is sort of nasty… not getting graphics back either even after going back and freeing memory (killing processes) by remote.

        I mean, sheesh, I’ve heard Microsoft loves Linux these days, but I could’ve done without this particular failure mode… computer running but no graphics output… especially as it doesn’t look like we got text-mode virtual consoles either.

        Would be nice to get a fix for that in this week’s updates. (And the Access file format problem too, but no one cares about Edge much…)

    • #324317 Reply

      Susan Bradley
      AskWoody MVP

      BUT they then have the ability to pull off an update from the WU servers.  7 days is actually a good pause time.  By Friday of the dead body week, we know if there are dead bodies.

      Susan Bradley Patch Lady

      2 users thanked author for this post.
      • #324478 Reply

        woody
        Da Boss

        That’s true for the spectacular bugs.

        The other ones can crawl around for a bit before they’re identified… but you’re probably right in that the number of bugs that appear between 7 days and 15 days isn’t great.

        Assuming MS yanks the patches. They don’t always do that.

    • #324336 Reply

      Morty
      AskWoody Plus

      Thank you all.

      Just checked. The backup and system image is about halfway done. Started around 9:30 this morning. It’s 1:53 now. … Waiting and praying.

      1 user thanked author for this post.
    • #324479 Reply

      Geo
      AskWoody Plus

      Normally I use ” check for up dates but let me choose”  This time  I’ll be setting it to ” Don’t check” because of Microsoft’s  insistence on trying to force you to update Silverlight  even when you try to hide it.  It comes back everyday.

      • #324643 Reply

        b
        AskWoody Plus

        Even if you uninstall Silverlight?

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

        • #324705 Reply

          Geo
          AskWoody Plus

          Yes, I uninstalled Silverlight but still get unchecked updates daily.  I keep trying to hide it.

        • #324756 Reply

          PaulK
          AskWoody Lounger

          Even when Silverlight has been removed, apparently there is/are trace/s in the computer. There are a dozen or more updates that Windows will attempt to download. If you look at each one offered you will see that the KB numbers are different. Just keep hiding them; once the queue has regressed to the oldest one, they will stop being offered.
          Except: I just did a new Updates test, and KB4481252, for the new Japanese calendar eras, was offered. Hid it.

    • #324653 Reply

      KarenS
      AskWoody Lounger

      May I ask where we stand on the outstanding January Office updates (KB2553332 – Security office 2010, KB44461623 – Security Outlook 2010, KB44461625 – Security Word 2010, KB4462157 – Update Office 2010 and of course the “unchecked” KB4461614 – Security office 2010. Are some or all safe to install or should I wait? I now have the February updates which are unchecked as well but I know we are still in wait mode for those. Thanks for your advice in advance.

      • #324703 Reply

        PKCano
        Da Boss

        I hid KB4462157 and KB4461614. I installed the rest of Jan 2010 updates. That is not a recommendation, but only what I did personally. I’ll probably pull those two out when MS gets the Japanese calendar thing sorted out (if they are not superceded by then).

        1 user thanked author for this post.
    • #324696 Reply

      BobT
      AskWoody Lounger

      Bwahahahah, you guys on 10 actually accept someone telling you what to do in your own house with your own equipment?

      I mean what the heck is this c***, really?:

      “You can only Pause once, and only for seven days
      You can’t Pause again without accepting all backed-up updates in the interim”

      Why is it not YOUR decision, are you not the admin? The customer? Did you pay for this OS at all? If yes, then why is this ok?

      • #324807 Reply

        joep517
        AskWoody MVP

        You have purchased a license to use Windows according to the terms of use. You agreed to the terms of use. If you don’t like switch to a different Windows SKU or a different OS platform.

        --Joe

      • #325081 Reply

        warrenrumak
        AskWoody Plus

        None of us really happy about this whole “Pause” situation….. but it’s built this way to avoid machines getting significantly out of date.

        Out-of-date machines are the #1 largest contributor to botnets.  It’s vanishing rare on machines that are 1-2 weeks behind the bleeding edge of patches, but after 6 weeks or so, you’re really starting to take unnecessary risks.

        If you’re really concerned about “your equipment”, then you do need to keep up with the fixes.  All the machismo in the world along the lines of “I don’t need updates, I know how to protect myself!” won’t help f an attack uses a novel vector you aren’t watching out for, such as web fonts, an exploit on your ISP-provided router / switching equipment, or DNS hijacking.  Attacks take some time to be developed and get into circulation in an automated fashion, but they do get out there eventually.

         

        1 user thanked author for this post.
        b
    • #324700 Reply

      abbodi86
      AskWoody_MVP

      It seems ver 1809 Cumulative Update for this month can be fetched early with Media Creation Tool

      17763.316 (KB4487044)

      1 user thanked author for this post.
      • #325251 Reply

        woody
        Da Boss

        Interesting. I wonder why. Maybe somebody just jumped the gun?

    • #324838 Reply

      OscarCP
      AskWoody Plus

      Is it better to wait always (unless there is something that clearly requires urgent action) until after the third Tuesday following Patch Tuesday, in case off-band patches (such as patches to patches), come out and to give MS time to pull out some buggy ones?

      • #324865 Reply

        anonymous

        It is best for each individual to follow their own council after consulting the advisors they trust. But if you are seeking to define yet another argument in support of the MS-DEFCON system used here, that is one of the good reasons for waiting, yes. Woody’s own case can be read here: https://www.askwoody.com/ms-defcon-system/

        3 users thanked author for this post.
    • #336844 Reply

      ram5thwheel
      AskWoody Plus

      I have all of my update settings as per recommendation and this morning I noticed that KB4487044 somehow got pushed to my PC and it is now waiting for me to schedule or restart my computer to finalize the patch.  Not quite sure why it ran the patch as I have been avoiding hitting the “Update Now” button until the MS-DEFCON status was changed.

      A share all of the frustration with fellow Windows users as to the method of updating.

      ram5thwheel

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel