![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked
Home › Forums › AskWoody blog › MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked
This topic contains 41 replies, has 22 voices, and was last updated by
mn– 3 days, 15 hours ago.-
AuthorPosts
-
Tomorrow’s Patch Tuesday so that means today is… Block Monday. As in blockhead. Don’t be one. Make sure you have Automatic Update well and thoroughl
[See the full post at: MS-DEFCON 2: It’s time, once again, to make sure Windows Automatic Updating is blocked] -
It’s Block Monday… & Blockhead Tuesday for those willing to let Microsoft update their machines automatically. Love the Johnny Carson/Carnac reference, Woody! Very appropriate for Win10 Home…
Windows 8.1, 64-bit, now in Group B!
Wild Bill Rides Again...1 user thanked author for this post.
-
The current beta test version of the next (“19H1” or “1903”) version of Win10 Home includes the ability to Pause updates for seven days. … that’s basically useless.
I have a sneaking suspicion that if/when this arrives with 1903 for non-Insiders in a couple of months it will be for 35 days (and therefore not nearly so useless).
Because all Insider rings (even Release Preview) for any edition can only pause updates for seven days.
Cannon fodderChumpDaft gluttonIdiotSuckerMore intrepidCrazy/ignorantToxic drinker"Saluted blockhead" (Group ASAP)-
IMO It makes no sense delaying updates in a preview/ insider ring, it’s what people opted in for..beta testing!
OTOH this could well be a trial which may be removed completely.
As for the 35 day grace period/ pause once RTM, I’ll believe it when I see it.| W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7/ XP Pro x64 O/L -
My peers here are betting it will be 30 days, and in the same UI as Pro where you can defer updates and feature upgrades, just minus the feature upgrade control.
Crossing our fingers . . .
~ Group "Weekend" ~
-
Man, I hope you and NetDef are right.
I’ve been watching closely to see if the beta builds get modified…
Oh, somewhere in this favored land the sun is shining bright;
The band is playing somewhere, and somewhere hearts are light,
And somewhere men are laughing, and little children shout;
But there is no joy in Mudville- mighty Casey has struck out.
-
-
-
Why does that make Pause useless? That’s what Woody is advising everyone to do every month; pause for a few weeks, unpause and update last month’s, then re-pause before the next month’s patch day.
Cannon fodderChumpDaft gluttonIdiotSuckerMore intrepidCrazy/ignorantToxic drinker"Saluted blockhead" (Group ASAP)-
Does Woody recommend “Pause“?
-
No, pause.
Cannon fodderChumpDaft gluttonIdiotSuckerMore intrepidCrazy/ignorantToxic drinker"Saluted blockhead" (Group ASAP)-
I see his recommendation for “deferral” but not for “pause.” As I read it, he says:
All of which makes Win10 Home “Pause updates” a really nifty marketing setting (“Look! You can pause updates in Win10 Home!”) that’s basically useless. Unless you’re Carnac the Magnificent.
-
It appears that for complete clarity I should have said, “In effect…”, but I was hoping that the “every month” would have been a hint as we’re discussing an unreleased feature here (as far as Home users are concerned).
Cannon fodderChumpDaft gluttonIdiotSuckerMore intrepidCrazy/ignorantToxic drinker"Saluted blockhead" (Group ASAP)
-
-
Does Woody recommend “Pause“?
To quote Woody (3rd. Ed, Windows 10 All-in-One, p. 619):
“Don’t move the slider marked Pause Updates unless you absolutely have no other way to keep Windows Update’s filthy hands off your machine.”
1 user thanked author for this post.
-
Yeah, I was working under something of a handicap at that point. Writing for version 1803….
-
-
-
If I’m not mistaken (and I very well could be), Pause is useless because…. At the end of the “pause” period, what you get is updated, whether you like it or not. Automatic updates – just “pause”-period days later.
A key question about the “Pause” functionality.. how does it apply to current updates in the queue?
Is this a case of “I’m going to wait and not download any updates for 7 days”, or is it going to say “I’m going to download everything, and then not install for 7 days”?
The first is great to avoid potentially bad patches, but the second could potentially have you install broken updates even if they’ve already been pulled from release in that 7 day period.
Either way, now I can’t shake the image of hitting the “Pause” button, and immediately getting a phone call with a creepy voice saying “Sevennn daaayyyssss…”
-
A key question about the “Pause” functionality.. how does it apply to current updates in the queue?
Is this a case of “I’m going to wait and not download any updates for 7 days”,
Yes:
If you’re using Windows 10 Pro or Windows 10 Enterprise, you can choose to temporarily pause updates from being downloaded and installed:
Cannon fodderChumpDaft gluttonIdiotSuckerMore intrepidCrazy/ignorantToxic drinker"Saluted blockhead" (Group ASAP)1 user thanked author for this post.
-
Disclaimer, we are talking about a feature that’s not yet final, is on Insider builds only, and may or may not change or be yanked. Given the nature of Insider builds, the seven day pause may be increased on general release. Or not.
Here’s the way it’s supposed to work.
When you hit pause (for seven days):
All pending updates that have not yet been installed are stopped.
All released updates that come out during the seven day period are ignored. They are not downloaded, nor presented to you. (Unless you are a seeker . . .)
If you are a seeker, which means you manually click the check for updates button – we think you just might get more than you thought you were asking for – but that’s not been confirmed on the pause feature yet. (I plan to try to test this tomorrow!)
Once the pause expires, on this new model (not to be confused with the old deferral setting in Windows 10 Pro) the system is supposed to do the following:
1) Re-run a live online check for updates – this means that if MS yanked a bad patch from WU during your pause; you won’t see it at all.
2) Install all pending updates found that you have not received since the pause (minus the ones MS yanked, see above.)
And that’s the “simple” explanation . . .
~ Group "Weekend" ~
2 users thanked author for this post.
-
-
-
Oy. As we speak, I’m backing up my other (Win7) computer to make it safe to update.
I tried to back it up last week, but I broke my old backup drive and had to buy a new one.
Can I still safely get the January updates?
-
-
Although, I’m fairly sure 17763.292 is having memory management problems.
I’ve seen loss of all graphics output when there’s a low-memory condition on that build version, which is sort of nasty… not getting graphics back either even after going back and freeing memory (killing processes) by remote.
I mean, sheesh, I’ve heard Microsoft loves Linux these days, but I could’ve done without this particular failure mode… computer running but no graphics output… especially as it doesn’t look like we got text-mode virtual consoles either.
Would be nice to get a fix for that in this week’s updates. (And the Access file format problem too, but no one cares about Edge much…)
-
-
-
That’s true for the spectacular bugs.
The other ones can crawl around for a bit before they’re identified… but you’re probably right in that the number of bugs that appear between 7 days and 15 days isn’t great.
Assuming MS yanks the patches. They don’t always do that.
-
-
Normally I use ” check for up dates but let me choose” This time I’ll be setting it to ” Don’t check” because of Microsoft’s insistence on trying to force you to update Silverlight even when you try to hide it. It comes back everyday.
-
Even if you uninstall Silverlight?
Cannon fodderChumpDaft gluttonIdiotSuckerMore intrepidCrazy/ignorantToxic drinker"Saluted blockhead" (Group ASAP)-
Yes, I uninstalled Silverlight but still get unchecked updates daily. I keep trying to hide it.
-
Even when Silverlight has been removed, apparently there is/are trace/s in the computer. There are a dozen or more updates that Windows will attempt to download. If you look at each one offered you will see that the KB numbers are different. Just keep hiding them; once the queue has regressed to the oldest one, they will stop being offered.
Except: I just did a new Updates test, and KB4481252, for the new Japanese calendar eras, was offered. Hid it.
-
-
-
May I ask where we stand on the outstanding January Office updates (KB2553332 – Security office 2010, KB44461623 – Security Outlook 2010, KB44461625 – Security Word 2010, KB4462157 – Update Office 2010 and of course the “unchecked” KB4461614 – Security office 2010. Are some or all safe to install or should I wait? I now have the February updates which are unchecked as well but I know we are still in wait mode for those. Thanks for your advice in advance.
-
I hid KB4462157 and KB4461614. I installed the rest of Jan 2010 updates. That is not a recommendation, but only what I did personally. I’ll probably pull those two out when MS gets the Japanese calendar thing sorted out (if they are not superceded by then).
1 user thanked author for this post.
-
-
Bwahahahah, you guys on 10 actually accept someone telling you what to do in your own house with your own equipment?
I mean what the heck is this c***, really?:
“You can only Pause once, and only for seven days
You can’t Pause again without accepting all backed-up updates in the interim”Why is it not YOUR decision, are you not the admin? The customer? Did you pay for this OS at all? If yes, then why is this ok?
-
You have purchased a license to use Windows according to the terms of use. You agreed to the terms of use. If you don’t like switch to a different Windows SKU or a different OS platform.
--Joe
-
None of us really happy about this whole “Pause” situation….. but it’s built this way to avoid machines getting significantly out of date.
Out-of-date machines are the #1 largest contributor to botnets. It’s vanishing rare on machines that are 1-2 weeks behind the bleeding edge of patches, but after 6 weeks or so, you’re really starting to take unnecessary risks.
If you’re really concerned about “your equipment”, then you do need to keep up with the fixes. All the machismo in the world along the lines of “I don’t need updates, I know how to protect myself!” won’t help f an attack uses a novel vector you aren’t watching out for, such as web fonts, an exploit on your ISP-provided router / switching equipment, or DNS hijacking. Attacks take some time to be developed and get into circulation in an automated fashion, but they do get out there eventually.
-
This reply was modified 4 days, 1 hour ago by warrenrumak.
1 user thanked author for this post.
-
This reply was modified 4 days, 1 hour ago by
-
-
It seems ver 1809 Cumulative Update for this month can be fetched early with Media Creation Tool
17763.316 (KB4487044)
1 user thanked author for this post.
-
Interesting. I wonder why. Maybe somebody just jumped the gun?
-
Yeah, apparently someone push the button for the Dynamiv Update variant too sooon
it seems pulled now
1 user thanked author for this post.
-
Too bad, would’ve been nice to be able to read the description already… but seems there’s nothing yet at https://support.microsoft.com/kb/4487044
-
-
-
-
Is it better to wait always (unless there is something that clearly requires urgent action) until after the third Tuesday following Patch Tuesday, in case off-band patches (such as patches to patches), come out and to give MS time to pull out some buggy ones?
-
anonymousIt is best for each individual to follow their own council after consulting the advisors they trust. But if you are seeking to define yet another argument in support of the MS-DEFCON system used here, that is one of the good reasons for waiting, yes. Woody’s own case can be read here: https://www.askwoody.com/ms-defcon-system/
3 users thanked author for this post.
-
-
AuthorPosts
Comments are closed.
-
-
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced.

Plus Membership
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
-
OscarCP on Pssssst… I still don’t believe the part about Microsoft testing 20H1, then jumping back to 19H225 minutes ago
-
GoneToPlaid on Pssssst… I still don’t believe the part about Microsoft testing 20H1, then jumping back to 19H252 minutes ago
-
Bluetrix on Testing Image Importing and then Deleting Post1 hour, 41 minutes ago
-
Kirsty on Testing Image Importing and then Deleting Post2 hours, 1 minute ago
-
Bluetrix on Testing Image Importing and then Deleting Post2 hours, 2 minutes ago
-
Woody Lounger on Testing Image Importing and then Deleting Post2 hours, 11 minutes ago
-
NightOwl on Testing Image Importing and then Deleting Post2 hours, 16 minutes ago
-
Kirsty on Testing Image Importing and then Deleting Post2 hours, 22 minutes ago
-
NightOwl on Testing Image Importing and then Deleting Post2 hours, 26 minutes ago
-
PKCano on Testing Image Importing and then Deleting Post2 hours, 32 minutes ago
-
GoneToPlaid on Testing Image Importing and then Deleting Post2 hours, 33 minutes ago
-
NightOwl on Testing Image Importing and then Deleting Post2 hours, 41 minutes ago
-
PKCano on Testing Image Importing and then Deleting Post2 hours, 42 minutes ago
-
Kirsty on Testing Image Importing and then Deleting Post2 hours, 47 minutes ago
-
PKCano on Testing Image Importing and then Deleting Post2 hours, 48 minutes ago
-
lurks about on Win10 updating terminology is changing again – but this time maybe it’s tied to a major improvement2 hours, 51 minutes ago
-
Lars220 on The Ultimate Malfunction/Windows Nervous Breakdowns2 hours, 58 minutes ago
-
GoneToPlaid on The Ultimate Malfunction/Windows Nervous Breakdowns3 hours, 1 minute ago
-
NightOwl on Testing Image Importing and then Deleting Post3 hours, 3 minutes ago
-
PKCano on Testing Image Importing and then Deleting Post3 hours, 3 minutes ago
Recent Topics
-
New to AskWoody from Windows Secrets Lounge (Awaiting moderation)
19 minutes ago
-
Testing Image Importing and then Deleting Post
1 hour, 41 minutes ago
-
Creating a list of Web sites on operating systems security.
6 hours, 21 minutes ago
-
The Ultimate Malfunction/Windows Nervous Breakdowns
2 hours, 58 minutes ago
-
Outlook calendars make me crazy
11 hours, 21 minutes ago
-
Still no "Select File" Box??
9 hours, 30 minutes ago
-
Pssssst… I still don’t believe the part about Microsoft testing 20H1, then jumping back to 19H2
25 minutes ago
-
advice regarding possible upgrade to win10
17 hours, 24 minutes ago
-
Win10 updating terminology is changing again – but this time maybe it’s tied to a major improvement
2 hours, 51 minutes ago
-
OneDrive Not Syncing
1 day, 5 hours ago
Search for Topics
Recent blog posts
- Pssssst… I still don’t believe the part about Microsoft testing 20H1, then jumping back to 19H2
- Win10 updating terminology is changing again – but this time maybe it’s tied to a major improvement
- Fred Langa: How do I unfreeze my laptop? I’ve pressed ctrl-shift-del but it did not work
- Miscellaneous, minor problems with the Patch Tuesday patches
- Patch Tuesday patches start rolling out