News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2: Make sure Windows Update is locked down

    Home Forums AskWoody blog MS-DEFCON 2: Make sure Windows Update is locked down

    This topic contains 14 replies, has 9 voices, and was last updated by  anonymous 4 days, 20 hours ago.

    • Author
      Posts
    • #2084031 Reply

      woody
      Da Boss

      Patch Tuesday arrives tomorrow. Good reason to make sure Automatic Update doesn’t strangle your machine. Full step-by-step details coming in Computerw
      [See the full post at: MS-DEFCON 2: Make sure Windows Update is locked down]

      3 users thanked author for this post.
    • #2084333 Reply

      b
      AskWoody Plus

      A couple more hints at KrebsonSecurity:

      “… sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.
      According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a core Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.”

      NSA’s Director of Cybersecurity Anne Neuberger is slated to host a call on Jan. 14 with the news media that “will provide advanced notification of a current NSA cybersecurity issue.”

      Cryptic Rumblings Ahead of First 2020 Patch Tuesday

      Microsoft Edge, Win 10 Pro 1909: Group ASAP (pioneer)

      4 users thanked author for this post.
      • #2084422 Reply

        woody
        Da Boss

        Yep. But Kevin Beaumont says it’s overblown.

        Guess we’ll know tomorrow….

    • #2084344 Reply

      abbodi86
      AskWoody_MVP

      I first took Will Dorman tweet as warning about possible bugs in tomorrow’s patches 😀

    • #2084363 Reply

      chilton
      AskWoody Plus

      I’m trying to update from 1809 to 1903.  Is it possible to set parameters so that will happen while at the same time avoid tomorrow’s updates?

      • #2084421 Reply

        woody
        Da Boss

        Do it any time before 10:00 am Redmond time on Tuesday.

        • #2084559 Reply

          anonymous

          if by “it” you mean update to 1903 I’ve had parameters set to encourage update (per your Computerworld articles) for more than a few days but it hasn’t happened.

          Thanks.

          • #2084568 Reply

            PKCano
            Da Boss

            In Pro Edition, set Feature deferrals to 120 days, Quality deferrals to 0. After the upgrade to 1903, reset your deferrals to whatever you want.

            1 user thanked author for this post.
    • #2084429 Reply

      anonymous

      Hi, This is my first time posting and I am having a problem with my update to 1903.  I have followed Woody’s instructions previously about how to set my windows update and I have it set for 360 days under the Advanced and “feature update to be deferred.”  Well, when it was advised to set it to 180 days, I went in to change it and it’s grayed out and I cannot find a fix so I can change the number of days.  The fixes I have found to do to my group policy section are not letting me change that grayed out box.  And Windows update says I’m up to date and I’m on 1809!   I need to be on 1903.

      Any help?  Thank you, Shirley

      • #2084485 Reply

        doriel
        AskWoody Lounger

        I found this solution, should take about few minutes to try:
        1. run gpedit from Win+R shortcut
        2. change setting Computer configuration-> Windows Components->Windows Update -> Defer Upgrades and Updates to Disabled
        3. reboot
        4. defer updates box is cleared but still grey
        5. set the policy to Not Configured
        6. reboot
        7. Check for updates
        8. Box should be accessible again

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        2 users thanked author for this post.
        • #2084853 Reply

          shirleylb
          AskWoody Plus

          Thank you. I tried something very similar to this twice and it didn’t work, but I am going to do this exactly as it says and I’ll let you know if it works this time. The instructions weren’t exactly like this, so hoping this will help. Thanks again, Shirley

          • #2084856 Reply

            PKCano
            Da Boss

            You will also have to check the settings for “Windows Update for Business” in the same location in Group Policy, if the deferral time is set there.

            1 user thanked author for this post.
        • #2084868 Reply

          shirleylb
          AskWoody Plus

          Just a follow-up on the deferred updates.   The directions you posted above did not work for me and so I kept digging around and it seems, for some reason, even though I have a personal laptop, I had to go into Windows Update for Business section and, lo and behold, there was the 365 days to defer and it had an arrow to change it to whatever I want!!  I changed it to 120 days and rebooted.  I went back into the updates on my computer and it was changed in the feature area and I hit the update button and 1903 is now downloading!

          Thank you very much for taking the time to help me!  Shirley

          1 user thanked author for this post.
    • #2084626 Reply

      Win7and10
      AskWoody Lounger

      Thanks for all the information here. I “closed the hatch” for my Win 10 machine for the updates and paused the updates for the max amount of time.

      When I set up the new Win 10 I followed the directions here and sure enough, had to disconnect from the internet as not to set up a MS account. ( WHAT A PAIN!) Was able to set up a local account as the administrator of my PC. I digress….

      Have not patched for December yet, partially because I want to monitor the PC on 1/15/20 in case the computer explodes when the nag patch starts (ok, being silly here), and partially because I was waiting until the end of the week. Was one of those that installed the December SSU first, so have my suspicions about the whole thing.

      Not a fan of Win 10, still exploring and will post those comments in another forum here to keep on topic.

      Keep on Trucking and have your Captain America and Wonder Woman shields out today.

      Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5)
      Win 10 Home 1909 (HP ENVY i7)

    • #2085898 Reply

      anonymous

      KB4534310 Destroyed my windows 7 VM. Tried installing it twice. After reboot it goes into windows recovery mode.

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 2: Make sure Windows Update is locked down

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel