MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked

[woodyDa Boss]

Tomorrow’s Patch Tuesday so that means today is… Block Monday. As in blockhead. Don’t be one. Make sure you have Automatic Update well and thoroughl
[See the full post at: MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked]

9 users thanked author for this post.

Elly, abbodi86, HiFlyer, Morty, WildBill, willygirl, Fred, SueW, Joulia.S

[Mr. NaturalAskWoody Plus]

By golly, I think Woody has come up with new terminology. Block Monday. Or maybe Blockhead Monday…….. yeah!  🙂

Red Ruffnsore reporting from the front lines.

5 users thanked author for this post.

willygirl, Elly, woody, HiFlyer, WildBill

[WildBillAskWoody Plus]

It’s Block Monday… & Blockhead Tuesday for those willing to let Microsoft update their machines automatically. Love the Johnny Carson/Carnac reference, Woody! Very appropriate for Win10 Home…

Windows 8.1, 64-bit, now in Group B!
Wild Bill Rides Again...

1 user thanked author for this post.

Elly

[bAskWoody Plus]

woody wrote:

The current beta test version of the next (“19H1” or “1903”) version of Win10 Home includes the ability to Pause updates for seven days. … that’s basically useless.

I have a sneaking suspicion that if/when this arrives with 1903 for non-Insiders in a couple of months it will be for 35 days (and therefore not nearly so useless).

Because all Insider rings (even Release Preview) for any edition can only pause updates for seven days.

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

2 users thanked author for this post.

NetDef, Microfix

[MicrofixDa Boss]

IMO It makes no sense delaying updates in a preview/ insider ring, it’s what people opted in for..beta testing!
OTOH this could well be a trial which may be removed completely.
As for the 35 day grace period/ pause once RTM, I’ll believe it when I see it.

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[NetDefAskWoody_MVP]

My peers here are betting it will be 30 days, and in the same UI as Pro where you can defer updates and feature upgrades, just minus the feature upgrade control.

Crossing our fingers . . .

~ Group "Weekend" ~

[woodyDa Boss]

Man, I hope you and NetDef are right.

I’ve been watching closely to see if the beta builds get modified…

Oh, somewhere in this favored land the sun is shining bright; 
The band is playing somewhere, and somewhere hearts are light,
And somewhere men are laughing, and little children shout; 
But there is no joy in Mudville- mighty Casey has struck out. 

2 users thanked author for this post.

WildBill, Elly

[PKCanoDa Boss]

If I’m not mistaken (and I very well could be), Pause is useless because….

At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.

2 users thanked author for this post.

Elly, woody

[bAskWoody Plus]

Why does that make Pause useless? That’s what Woody is advising everyone to do every month; pause for a few weeks, unpause and update last month’s, then re-pause before the next month’s patch day.

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

[PKCanoDa Boss]

Does Woody recommend “Pause“?

[bAskWoody Plus]

No, pause.

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

[PKCanoDa Boss]

I see his recommendation for “deferral” but not for “pause.” As I read it, he says:

All of which makes Win10 Home “Pause updates” a really nifty marketing setting (“Look! You can pause updates in Win10 Home!”) that’s basically useless. Unless you’re Carnac the Magnificent.

[bAskWoody Plus]

It appears that for complete clarity I should have said, “In effect…”, but I was hoping that the “every month” would have been a hint as we’re discussing an unreleased feature here (as far as Home users are concerned).

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

[KirstyDa Boss]

PKCano wrote:

Does Woody recommend “Pause“?

To quote Woody (3rd. Ed, Windows 10 All-in-One, p. 619):

“Don’t move the slider marked Pause Updates unless you absolutely have no other way to keep Windows Update’s filthy hands off your machine.”

1 user thanked author for this post.

WildBill

[bAskWoody Plus]

Slider? Can’t be for Home users as they’ve never had one.

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

1 user thanked author for this post.

Kirsty

[woodyDa Boss]

Yeah, I was working under something of a handicap at that point. Writing for version 1803….

[Chronocidal GuyAskWoody Lounger]

PKCano wrote:

If I’m not mistaken (and I very well could be), Pause is useless because…. At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.

A key question about the “Pause” functionality.. how does it apply to current updates in the queue?

Is this a case of “I’m going to wait and not download any updates for 7 days”, or is it going to say “I’m going to download everything, and then not install for 7 days”?

The first is great to avoid potentially bad patches, but the second could potentially have you install broken updates even if they’ve already been pulled from release in that 7 day period.

Either way, now I can’t shake the image of hitting the “Pause” button, and immediately getting a phone call with a creepy voice saying “Sevennn daaayyyssss…”

[bAskWoody Plus]

Chronocidal Guy wrote:

A key question about the “Pause” functionality.. how does it apply to current updates in the queue?

Is this a case of “I’m going to wait and not download any updates for 7 days”,

Yes:

If you’re using Windows 10 Pro or Windows 10 Enterprise, you can choose to temporarily pause updates from being downloaded and installed:

Pause updates in Windows 10

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

1 user thanked author for this post.

NetDef

[NetDefAskWoody_MVP]

Disclaimer, we are talking about a feature that’s not yet final, is on Insider builds only, and may or may not change or be yanked.  Given the nature of Insider builds, the seven day pause may be increased on general release.  Or not.

Here’s the way it’s supposed to work.

When you hit pause (for seven days):

All pending updates that have not yet been installed are stopped.

All released updates that come out during the seven day period are ignored.  They are not downloaded, nor presented to you. (Unless you are a seeker . . .)

If you are a seeker, which means you manually click the check for updates button – we think you just might get more than you thought you were asking for – but that’s not been confirmed on the pause feature yet. (I plan to try to test this tomorrow!)

Once the pause expires, on this new model (not to be confused with the old deferral setting in Windows 10 Pro) the system is supposed to do the following:

1) Re-run a live online check for updates – this means that if MS yanked a bad patch from WU during your pause; you won’t see it at all.

2) Install all pending updates found that you have not received since the pause (minus the ones MS yanked, see above.)

And that’s the “simple” explanation . . .

 

~ Group "Weekend" ~

2 users thanked author for this post.

woody, Chronocidal Guy

[MortyAskWoody Plus]

Oy. As we speak, I’m backing up my other (Win7) computer to make it safe to update.

I tried to back it up last week, but I broke my old backup drive and had to buy a new one.

Can I still safely get the January updates?

[PKCanoDa Boss]

Yes, Jan updates are still available.

1 user thanked author for this post.

Morty

[MicrofixDa Boss]

Yes you should be able to get the January updates required within the next 23 hours AFAIK

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

1 user thanked author for this post.

Morty

[Noel CarboniAskWoody_MVP]

Heh, and here I just put the January updates in for Windows 10 v1809 this morning. All’s well so far.

-Noel

Attachments:

You must be logged in to access attached files.

1 user thanked author for this post.

Morty

[mn–AskWoody Lounger]

Although, I’m fairly sure 17763.292 is having memory management problems.

I’ve seen loss of all graphics output when there’s a low-memory condition on that build version, which is sort of nasty… not getting graphics back either even after going back and freeing memory (killing processes) by remote.

I mean, sheesh, I’ve heard Microsoft loves Linux these days, but I could’ve done without this particular failure mode… computer running but no graphics output… especially as it doesn’t look like we got text-mode virtual consoles either.

Would be nice to get a fix for that in this week’s updates. (And the Access file format problem too, but no one cares about Edge much…)

[Susan BradleyAskWoody MVP]

BUT they then have the ability to pull off an update from the WU servers.  7 days is actually a good pause time.  By Friday of the dead body week, we know if there are dead bodies.

Susan Bradley Patch Lady

2 users thanked author for this post.

NetDef, Morty

[woodyDa Boss]

That’s true for the spectacular bugs.

The other ones can crawl around for a bit before they’re identified… but you’re probably right in that the number of bugs that appear between 7 days and 15 days isn’t great.

Assuming MS yanks the patches. They don’t always do that.

[MortyAskWoody Plus]

Thank you all.

Just checked. The backup and system image is about halfway done. Started around 9:30 this morning. It’s 1:53 now. … Waiting and praying.

1 user thanked author for this post.

Microfix

[GeoAskWoody Plus]

Normally I use ” check for up dates but let me choose”  This time  I’ll be setting it to ” Don’t check” because of Microsoft’s  insistence on trying to force you to update Silverlight  even when you try to hide it.  It comes back everyday.

[bAskWoody Plus]

Even if you uninstall Silverlight?

Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1903

[GeoAskWoody Plus]

Yes, I uninstalled Silverlight but still get unchecked updates daily.  I keep trying to hide it.

[PaulKAskWoody Lounger]

Even when Silverlight has been removed, apparently there is/are trace/s in the computer. There are a dozen or more updates that Windows will attempt to download. If you look at each one offered you will see that the KB numbers are different. Just keep hiding them; once the queue has regressed to the oldest one, they will stop being offered.
Except: I just did a new Updates test, and KB4481252, for the new Japanese calendar eras, was offered. Hid it.

[KarenSAskWoody Lounger]

May I ask where we stand on the outstanding January Office updates (KB2553332 – Security office 2010, KB44461623 – Security Outlook 2010, KB44461625 – Security Word 2010, KB4462157 – Update Office 2010 and of course the “unchecked” KB4461614 – Security office 2010. Are some or all safe to install or should I wait? I now have the February updates which are unchecked as well but I know we are still in wait mode for those. Thanks for your advice in advance.

[PKCanoDa Boss]

I hid KB4462157 and KB4461614. I installed the rest of Jan 2010 updates. That is not a recommendation, but only what I did personally. I’ll probably pull those two out when MS gets the Japanese calendar thing sorted out (if they are not superceded by then).

1 user thanked author for this post.

woody

[BobTAskWoody Lounger]

Bwahahahah, you guys on 10 actually accept someone telling you what to do in your own house with your own equipment?

I mean what the heck is this c***, really?:

“You can only Pause once, and only for seven days
You can’t Pause again without accepting all backed-up updates in the interim”

Why is it not YOUR decision, are you not the admin? The customer? Did you pay for this OS at all? If yes, then why is this ok?

[joep517AskWoody MVP]

You have purchased a license to use Windows according to the terms of use. You agreed to the terms of use. If you don’t like switch to a different Windows SKU or a different OS platform.

--Joe

[warrenrumakAskWoody Plus]

None of us really happy about this whole “Pause” situation….. but it’s built this way to avoid machines getting significantly out of date.

Out-of-date machines are the #1 largest contributor to botnets.  It’s vanishing rare on machines that are 1-2 weeks behind the bleeding edge of patches, but after 6 weeks or so, you’re really starting to take unnecessary risks.

If you’re really concerned about “your equipment”, then you do need to keep up with the fixes.  All the machismo in the world along the lines of “I don’t need updates, I know how to protect myself!” won’t help f an attack uses a novel vector you aren’t watching out for, such as web fonts, an exploit on your ISP-provided router / switching equipment, or DNS hijacking.  Attacks take some time to be developed and get into circulation in an automated fashion, but they do get out there eventually.

 

1 user thanked author for this post.

b

[abbodi86AskWoody_MVP]

It seems ver 1809 Cumulative Update for this month can be fetched early with Media Creation Tool

17763.316 (KB4487044)

1 user thanked author for this post.

woody

[woodyDa Boss]

Interesting. I wonder why. Maybe somebody just jumped the gun?

[abbodi86AskWoody_MVP]

Yeah, apparently someone push the button for the Dynamiv Update variant too sooon

it seems pulled now

1 user thanked author for this post.

Woody Lounger

[mn–AskWoody Lounger]

Too bad, would’ve been nice to be able to read the description already… but seems there’s nothing yet at https://support.microsoft.com/kb/4487044

[OscarCPAskWoody Plus]

Is it better to wait always (unless there is something that clearly requires urgent action) until after the third Tuesday following Patch Tuesday, in case off-band patches (such as patches to patches), come out and to give MS time to pull out some buggy ones?

[anonymous]

It is best for each individual to follow their own council after consulting the advisors they trust. But if you are seeking to define yet another argument in support of the MS-DEFCON system used here, that is one of the good reasons for waiting, yes. Woody’s own case can be read here: https://www.askwoody.com/ms-defcon-system/

3 users thanked author for this post.

warrenrumak, Geo, Elly

[ram5thwheelAskWoody Plus]

I have all of my update settings as per recommendation and this morning I noticed that KB4487044 somehow got pushed to my PC and it is now waiting for me to schedule or restart my computer to finalize the patch.  Not quite sure why it ran the patch as I have been avoiding hitting the “Update Now” button until the MS-DEFCON status was changed.

A share all of the frustration with fellow Windows users as to the method of updating.

ram5thwheel

[PKCanoDa Boss]

Windows 10, v1809

[Author]

Posts