News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2: Make sure Windows is locked down in preparation for the Feb 2020 patches

    Home Forums AskWoody blog MS-DEFCON 2: Make sure Windows is locked down in preparation for the Feb 2020 patches

    Viewing 10 reply threads
    • Author
      Posts
      • #2138050 Reply
        woody
        Da Boss

        If you’re running Win10 version 1903 or 1909 and followed my instructions last month, you’re in good shape – you have Pause Update in effect for sever
        [See the full post at: MS-DEFCON 2: Make sure Windows is locked down in preparation for the Feb 2020 patches]

        5 users thanked author for this post.
      • #2138097 Reply
        puggers
        AskWoody Lounger

        It is an indictment of the competence of those controlling Microsoft that all Windows 10 users must be tech savvy in order to preserve the continued functionality of their devices at update time.  It is beyond many users to be able to achieve this and they should not be expected to do so.

        1 user thanked author for this post.
        • #2138119 Reply
          zero2dash
          AskWoody Lounger

          You’re making an assumption that x amount of Windows Updates cause problems, when in reality, this is not the case. Even here, when Woody posts about a patch issue, the exposure level and amount of confirmed cases is usually anecdotal at best (ie a few users on reddit).

          It’s been this way in my experience going back to the 1703 days which is nearly 3 years ago now. The fact is, <1% of Windows 10 users have issues with updates when you account for 1 billion+ devices running the platform at this point in time.

          2 users thanked author for this post.
          • #2138344 Reply
            Alex5723
            AskWoody Plus

            You’re making an assumption that x amount of Windows Updates cause problems,

            Every single Windows 10 since the first Windows 10 had problems, bugs, rendering PCs useless…
            Windows updates damages amount in $Trillions…
            Only those technical enough know where/howto complain. 99% of home users just suffer running to the nearest Geeks or repair shops.

            1 user thanked author for this post.
            • #2138345 Reply
              jabeattyauditor
              AskWoody Lounger

              Windows updates damages amount in $Trillions…

              That’s absurd. Math isn’t that hard.

              1 user thanked author for this post.
              b
            • #2138413 Reply
              zero2dash
              AskWoody Lounger

              Win10 had issues on launch, but then again so have most versions of Windows.
              And there were lawsuits related to GWX but nothing awarded in millions or trillions.

              • This reply was modified 1 month, 3 weeks ago by zero2dash.
              2 users thanked author for this post.
            • #2138421 Reply
              bbearren
              AskWoody MVP

              zero2dash wrote: You’re making an assumption that x amount of Windows Updates cause problems, Every single Windows 10 since the first Windows 10 had problems, bugs, rendering PCs useless… Windows updates damages amount in $Trillions… Only those technical enough know where/howto complain. 99% of home users just suffer running to the nearest Geeks or repair shops.

              That is an outrageously untrue statement.  I have 5 Windows 10 installations without a single problem, bug, or being rendered useless.  My son has two laptops that are updated automatically without any intervention on his part.  No problems, bugs, or being rendered useless.

              I’m “the friend who knows computers” who gets called about PC problems.  Since Windows 10, I don’t get any calls.  If any one of those friends had bugs, problems or their PC’s rendered useless, I would hear about it immediately.

              Outrageous over-statement.

              Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
              "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
              "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

              2 users thanked author for this post.
              • #2138524 Reply
                EP
                AskWoody_MVP

                indeed Alex5723 is overreacting again with that outrageous statement
                from my experience I’ve only encountered few problems with many Win10 versions on the computers that run them

                1 user thanked author for this post.
                b
          • #2138414 Reply
            bbearren
            AskWoody MVP

            I began my Windows 10 experience as an Insider, before RTM, five years ago.  I’ve never had a bad update/upgrade.  The only updates I have blocked via group policy are driver updates.  It’s been all good.  The sky is not falling.

            For home users, creating a drive image the weekend before Patch Tuesday requires less tech savvy than getting all the obscure settings tracked down and set correctly, and provides a greater degree of protection.  With all the imaging software available, many free, together with the free advice from all the experienced users of these various imaging software here on these forums, getting imaging setup by a first time uses is a piece of cake.

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
            "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

            2 users thanked author for this post.
            • #2138618 Reply
              Michael Austin
              AskWoody Plus

              I began my Windows 10 experience as an Insider, before RTM, five years ago.  I’ve never had a bad update/upgrade.  The only updates I have blocked via group policy are driver updates.  It’s been all good.  The sky is not falling.

              For home users, creating a drive image the weekend before Patch Tuesday requires less tech savvy than getting all the obscure settings tracked down and set correctly, and provides a greater degree of protection.  With all the imaging software available, many free, together with the free advice from all the experienced users of these various imaging software here on these forums, getting imaging setup by a first time uses is a piece of cake.

              A home user should *never* even have to think about creating a drive image under any circumstances. Maybe if Microsoft renamed its Home version to, “Amateur Geek” version, that might fly. Complex computer operating systems are not do-it-yourself affairs.

              Finance, social and tech founder. My new, planet-wide talk show, Casual Saints, is being readied for an April/May 2020 debut.

              • #2138676 Reply
                b
                AskWoody Plus

                That’s why File History is an available feature in Windows 8 and Windows 10:

                Use File History to backup and restore in Windows 10

                Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

              • #2138708 Reply
                bbearren
                AskWoody MVP

                A home user should *never* even have to think about creating a drive image under any circumstances.

                I’m a home user.  Drive images have come to my rescue (from my own tinkerin’ and piddlin’, not because of Windows) countless times.  Creating drive images is one of the first things I learned how to do back in the days of Windows for Workgroups v3.11.  It was easy then, it’s a piece of cake now, with lots of solid, free software available for download, and loads of free help available from AskWoody and many, many other sites as well.

                Are you not aware that your statement is directly contradictory to virtually everyone who participates in these forums?

                Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
                "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
                "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          • #2138613 Reply
            Michael Austin
            AskWoody Plus

            You’re making an assumption that x amount of Windows Updates cause problems, when in reality, this is not the case. Even here, when Woody posts about a patch issue, the exposure level and amount of confirmed cases is usually anecdotal at best (ie a few users on reddit).

            It’s been this way in my experience going back to the 1703 days which is nearly 3 years ago now. The fact is, <1% of Windows 10 users have issues with updates when you account for 1 billion+ devices running the platform at this point in time.

            I’m not necessarily buying those numbers of users. Why? My very 1st 10 machine put into service in September 2019 has *always* had annoying bugs which interrupt my work. And like many others this past week, Windows had broken its own search and indexing functions several times. I now place Microsoft in the same league of programmed mediocrity and obsolesence as Apple’s stupid churning of iOS releases, which is now approaching 5 years in length.

            It looks every bit to me like Microsoft is trying to deepen its own role as a company practicing surveillance capitalism at the expense of a reliable software user experience.

            Finance, social and tech founder. My new, planet-wide talk show, Casual Saints, is being readied for an April/May 2020 debut.

            • #2138617 Reply
              b
              AskWoody Plus

              Please explain how Microsoft practices surveillance.

              Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

            • #2138668 Reply
              zero2dash
              AskWoody Lounger

              You’re making an assumption that x amount of Windows Updates cause problems, when in reality, this is not the case. Even here, when Woody posts about a patch issue, the exposure level and amount of confirmed cases is usually anecdotal at best (ie a few users on reddit).

              It’s been this way in my experience going back to the 1703 days which is nearly 3 years ago now. The fact is, <1% of Windows 10 users have issues with updates when you account for 1 billion+ devices running the platform at this point in time.

              I’m not necessarily buying those numbers of users. Why? My very 1st 10 machine put into service in September 2019 has *always* had annoying bugs which interrupt my work. And like many others this past week, Windows had broken its own search and indexing functions several times. I now place Microsoft in the same league of programmed mediocrity and obsolesence as Apple’s stupid churning of iOS releases, which is now approaching 5 years in length.

              It looks every bit to me like Microsoft is trying to deepen its own role as a company practicing surveillance capitalism at the expense of a reliable software user experience.

              It’s elementary math.
              The last report they gave was in mid-September of last year and they were over 900 million devices. Surely in the last several months including the push and EOL of 7, they’ve added another 100 million devices, which means 1 billion is a formality.

              Now, let’s address the amount of users who complain about Win10 issues in the largest public soundboard available, which is reddit. Yes, people complain of issues (and usually it’s driver-related, but I digress).

              1% of 1,000,000,000 is 10,000,000.
              Do you see 10 million new posts day to day on reddit for Win10 issues? I’ll admit I don’t monitor it that much, but I know that I don’t see that many posts. Hence my claim of <1% holds water.

              Again, this is elementary math here.

              You claim you have (or had) issues. I had issues and didn’t particularly like Win10 RTM, but that was 5 years ago. Since 1703, I’ve had no issues, and in fact, have grown fond of the OS to the point that anything but 10 feels archaic to me at this point in time. (And I say that as someone who held on to Win2K with bloody stumps for fingers long after XP was released.)

              2 users thanked author for this post.
      • #2138098 Reply
        geekdom
        AskWoody Plus

        Prior to suspected patches:

        • Make a full backup including system image
        • Make a rescue disk and make sure you can boot from it.
        • Create a system restore point.

        Despite all the best efforts and precautions, patches may still be installed on a system.

        G{ot backup} TestBeta
        offline▸ Win7Pro SP1 x64 InUse
        online▸ Win10Pro 1909.18363.752 x64 i5-9400 RAM8GB HDD Firefox75.0 Windows{Image/Defender/Firewall}
        1 user thanked author for this post.
      • #2138116 Reply
        WildBill
        AskWoody Plus

        Still following MS-DEFCON cues… & also keeping a sharp eye out for any problems with Windows 8.1 patches from now on. Since Win7 users only get MS patches now if they’re on ESU, any hanky-panky from Micro$oft is aimed at Win8.1. I’m hoping to upgrade to v2004… in October!

        Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V2004. As long as it's a Lot Less Buggy!
        Wild Bill Rides Again...

      • #2138155 Reply
        bbearren
        AskWoody MVP

        1909 (OS Build 18363.628), only driver updates controlled via group policy, nothing paused.  But it’s locked down in the drive images Task Scheduler used Image for Windows to create early Sunday morning that I have stored in an air-gaped 3TB HDD.

        That’s my version of  preparedness, and most of it is accomplished automatically.  I’ll be clicking on Check for updates tomorrow until I get them downloaded and installed.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        1 user thanked author for this post.
      • #2138201 Reply
        KYKaren
        AskWoody Plus

        For version 1909 Windows 10 Pro users,

        is Woody’s Pause recommendation here, on the one hand,

        and @PKCano‘s recommendation for Feature Update Deferral set to 365, Quality Update Deferral set to 0, Group Policy Editor>Automatic Windows Update Configuration set to #2 -“Notify Download/Install”, Use Wushowhide to hide updates in the queue, on the other hand,

        leading to the same goal of locking down Windows in preparation for Patch Tuesday?

        Offline: Win7Pro ∙ SP1 ∙ x64
        Online: Win10Pro ∙ 1909.18363 ∙ x64 ∙ i7-6500U ∙ RAM 12GB ∙ SSD ∙ Firefox ∙ McAfee Internet Security ∙ Windows Defender
        Online: Win10Pro ∙ 1909.18363 ∙ x64 ∙ i7-8565U ∙ RAM 16GB ∙ SSD ∙ Firefox ∙ McAfee Internet Security ∙ Windows Defender

        1 user thanked author for this post.
        • #2138263 Reply
          b
          AskWoody Plus

          Yes.

          Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

        • #2138784 Reply
          PKCano
          Da Boss

          For version 1909 Windows 10 Pro users, actually  Woody’s Pause recommendation here and @pkcano‘s recommendation for Feature Update Deferral set to 365, Quality Update Deferral set to 0, Group Policy Editor>Automatic Windows Update Configuration set to #2 -“Notify Download/Install”, Use Wushowhide to hide updates in the queue both lead to the same goal of locking down Windows in preparation for Patch Tuesday.

          The difference is this:
          If you use Pause, when the pause period has ended, the patches download and install. You can’t use pause again till they are installed. This is the tool that Home users have to lock down updates.

          If you use Defer and the “2” (notify download/install), the patches will still sit there pending when the deferral period has ended, and won’t download until you click the “Download” button. This is available to the Pro Edition, as well as Pause.

          1 user thanked author for this post.
          • #2139172 Reply
            Win7and10
            AskWoody Lounger

            I’m a Win 10 home user, new to Win 10 and on pause until 2/17.
            When the pause ends, what happens?
            Do the updates appear and tell me I can install them?
            Does it check for updates and auto install or tell me that they are there and I can choose?
            Thanks for your assistance! 🙂

            Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
            Win 10 Home 1909 (HP ENVY i7)

            • #2139177 Reply
              PKCano
              Da Boss

              When the Pause ends, the pending updates will appear in Windows Update and install unless you have set Metered connections on. You can’t use Pause again until the updates install, but you can delay them further by setting Metered connections in the Settings App under Network. When you want to update, you have to turn the metered connections off.

              1 user thanked author for this post.
              • #2139229 Reply
                Win7and10
                AskWoody Lounger

                You may have answered this before, from what I understand the optional updates will be separate and not be automatically installed?

                In order to do this, let the laptop check again on the date that the pause expires?

                So when the laptop checks on the pause date or I undo the pause the updates will show as ready to install. Can I do any wushowhide at that time or down the chute they come…:)

                Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
                Win 10 Home 1909 (HP ENVY i7)

              • #2139232 Reply
                PKCano
                Da Boss

                Down the chute they come UNLESS you have turned Metered connections ON.

                1 user thanked author for this post.
      • #2138256 Reply
        PerthMike
        AskWoody Plus

        Ooooh, just had this update come down the WSUS chute.

        2020-01 Update for Windows 7 for x64-based Systems (KB4539602)

        Love how they still call it a “2020-01” update, even though it is a post-January fix delivered in February… Wouldn’t want to upset the ESU-paid-up customers.

        No matter where you go, there you are.

        • #2138260 Reply
          geekdom
          AskWoody Plus

          Pleased read here before you consider installing KB4539602 as there are potential boot issues:

          Win 7/Server 2008 R2: Boot issues with Update KB4539602

          G{ot backup} TestBeta
          offline▸ Win7Pro SP1 x64 InUse
          online▸ Win10Pro 1909.18363.752 x64 i5-9400 RAM8GB HDD Firefox75.0 Windows{Image/Defender/Firewall}
          • This reply was modified 1 month, 3 weeks ago by geekdom.
          1 user thanked author for this post.
          • #2138264 Reply
            PerthMike
            AskWoody Plus

            Pleased read here before you consider installing KB4539602 as there are potential boot issues:

            Win 7/Server 2008 R2: Boot issues with Update KB4539602

            • This reply was modified 1 month, 3 weeks ago by geekdom.

            Hilarity ensues… So they need to post a fix for a fix for a bug that they introduced in January…

            I guess Microsoft really is trying to destroy any remaining trust in Windows 7/2008R2.

            No matter where you go, there you are.

            1 user thanked author for this post.
      • #2138329 Reply
        Alex5723
        AskWoody Plus

        Just got this a minute ago out-of-the-blue.

        Attachments:
        • #2138518 Reply
          EP
          AskWoody_MVP

          that was the optional .NET KB4534132 update in late Jan. 2020, which I also got on a test machine running Win10 v1903 several days ago

      • #2138585 Reply
        EP
        AskWoody_MVP

        ok – new security updates are out.

        it appears the KB4537820 rollup is the first Win7 ESU based update

        and there are new Adobe Flash security updates – KB4537759:
        https://www.catalog.update.microsoft.com/Search.aspx?q=kb4537759
        https://support.microsoft.com/help/4537759
        https://helpx.adobe.com/security/products/flash-player/apsb20-06.html

      • #2138774 Reply
        mentallo
        AskWoody Plus

        If you have a partial pause already in effect, you may need to click “Resume updates,” then reboot.

        I didn’t read this article yesterday and my three 1903 machines are only paused through 2/25.

        Probably not a good idea to resume updates and reboot today though, 2/11, huh?

      • #2140147 Reply
        SoCalBB
        AskWoody Plus

        After following your advice on how to stop Windows 10 from auto updating, I recently read elsewhere a different way to turn off Windows 10 updating:

        1. Press the Windows logo key + R or right click on Start.
        2. Select Run.
        3. Type services.msc and press Enter.
        4. Scroll down to Windows Update, and double-click it.
        5. In Startup type, select Disabled.
        6. Click Apply and OK to save the settings.
        Is this a valid way to do the same thing as you detailed in previous emails?
        Bill B
        • #2140176 Reply
          PKCano
          Da Boss

          That may stop the Windows Update Service temporarily, but Windows Scheduled Tasks in Win10 will just turn it back on.

    Viewing 10 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 2: Make sure Windows is locked down in preparation for the Feb 2020 patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.