• MS-DEFCON 3: Windows 10 22H2 may leave you blue

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 3: Windows 10 22H2 may leave you blue


    ISSUE 19.52.1 • 2022-12-27 By Susan Bradley I have a favorite Christmas song titled “We need a little Christmas,” from the Broadway musical “Mame.” Th
    [See the full post at: MS-DEFCON 3: Windows 10 22H2 may leave you blue]

    Susan Bradley Patch Lady/Prudent patcher

    7 users thanked author for this post.
    Viewing 33 reply threads
    • #2511935

      As always, thank you Susan! You recommended an option to defer updates until January. So, I tried setting my advanced windows update settings to later in January, but can only go as far as January 4, since I deferred December and pause settings will only allow 35 days until I update again. Doubtful that MS will fix the issues by then, but I guess I’ll have to take my chances. I do always back-up before updating, and I don’t run any games hardware or software, so fingers crossed.


      1 user thanked author for this post.
      • #2512151

        That happened to me once, and what I did out of desperation was to click on “Resume Updates”, but before it really had time to do anything besides begin checking for updates, I clicked on “Pause Updates”.  It let me click on it 5 times, to delay another 35 days.  I am in nearly the same boat as you, because I am paused until January 6, so I will be trying this strategy again.

        2 users thanked author for this post.
      • #2512122

        It’s been my (limited) experience with Win10 — and I learned this trick from Susan — that you can further extend your existing pause by disconnecting from the internet, then opening Windows Update and clicking Resume (which will fail, because no internet), and then setting a new pause date.

        1 user thanked author for this post.
      • #2512198

        See my How to unpause Windows updates “without” using the Resume updates button topic.

        None of the described methods require a reboot. They simply remove the date the pause is scheduled to end and change the update status back to active (without triggering a Windows update check) which then allows you to then go back and pause your updates for up to another 35 days!

        1 user thanked author for this post.
    • #2511948

      Thanks Susan – MS should get a lump of coal in their stocking this year not you or AW.

      Custom Build - Intel i5 9400 5 Core CPU & ASUS TUF Z390 Plus Motherboard
      Edition Windows 10 Home
      Version 22H2
      OS build 19045.3693

    • #2511961

      Based on the “theory” of the root cause of this issue, it doesn’t appear that I should have a problem. However, the I will skipped the update this month risk versus the benefit is clear to me.

    • #2511964

      FYI – the update for office 2021 retail should be:

      December 13, 2022 Version 2211 (Build 15831.20208)


      November 8, 2022 Version 2210 (Build 15726.20202)


    • #2511976

      Susan wrote, “ensure that you have a full backup of Windows 10 22H2, 22H1, or 21H1 and can thus restore your system”. “What if” I HAD done the full backup and HAD received the blue screen, how would I get the full backup into my PC since the PC would be dead with the blue screen and without an operating system? I will also have to search the forum “Backup” to see how to do a “FULL” Window 10 backup.

      • #2511981

        If you have a full disk image backup, you boot from the backup program’s Recovery USB drive and restore the image which should be on an external USB hard drive.

        You do not boot from the computer’s HDD/SDD.

        2 users thanked author for this post.
    • #2511988

      Thank you for the update.

      The knowledge of it will be used at work.

      Personally I got so tired of the MS b.s. that I installed Linux about 3 months ago. I haven’t seen an app crash, BSOD, faulty driver or any other issues since then.

      Had a couple of corrupted initramfs errors after updates but nothing a fsck or dpkg –reconfigure couldn’t resolve in about 1 minute.

      Even all my games play flawlessly.

      I am SO impressed by the state of Linux I am going to, time permitting, convert all my PC/Srv’s this year.

      1 user thanked author for this post.
    • #2512011

      A couple of weeks ago I was trying to install some audio-processing software I’d purchased about a decade ago onto my fairly new Dell Windows 10 PC and suddenly got the blue screen of death and demand for a BitLocker recovery key, which I’d never heard of. I was able to find the key, but the slot for it on the screen wouldn’t allow me to type it in, so I ended up resetting my PC. Something that surprised me was that you can no longer do a safe boot by pressing F8. I guess I’ve not had problems to solve by doing that for quite a while.

    • #2512041

      image which should be on an external USB hard drive.

      How large of a drive do I need for a Win 10 22h2 Home image? 4TB enough?? Is Western Digital or Seagate a better choice? Thanks so much for your help as it just keeps getting more complicated trying to stay current!!

      Edit: Thought of 2 more questions. Can you put more than one image on the external drive as I have 2 Win 10 PC’s?  Also, the drives seem to need the USB C connector and my laptop only has the older larger USB port (A??). Will a converter cable work? Thanks again.

      • #2512044

        My Win10/Win11 images run from upper 20’s GB to around 50GB. It will depend on how much is on your main drive. If you have a lot of pics/movies or other files, it could vary.

        I usually do a full image once a month, then differentials once a week in between. I also run a data file back whenever I make a lot of changes (to to my documents or add holiday pics, for example) for quick access.

        1 user thanked author for this post.
      • #2512199

        Also, the drives seem to need the USB C connector and my laptop only has the older larger USB port (A??). Will a converter cable work? Thanks again.

        Yes, a USB A to USB C converter cable will work, as long as it’s not a “charging only” cable for a cell phone (those only include the 2 leads needed to transfer power, not the other leads needed to transfer data.) If you use a charging only cable (which are much thinner that a normal USB cable) your PC won’t recognize the drive when you plug it in.

        Just FYI, “most” external backup drives that use a USB C connector will include a USB A to USB C cable were thumb drives don’t.

        1 user thanked author for this post.
    • #2512056

      Was leery but decided to install anyways as I have recent backups to fall back on. Installed both .NET and the cumulative update for December without issue. Two systems running fine so far with a couple of manual reboots to to make sure.

      W10 22H2

    • #2512068

      This is silly. Why change it one number? You should leave it as is.

      BTW,  I installed all updates for Windows 8.1 with no problems other than those caused by an aging computer. And yes, I have backups.


      • #2512070

        Aging computer? I have a 1998 computer with Win 95B on it and a computer built in 2000 with Win 98 SE on it. Both computers run well and I use them mainly to play old games. Those are, in my opinion, what I consider “aging computers”.  🙂

        Have you seen the price of Tums? It's enough to give you heartburn.
        2 users thanked author for this post.
    • #2512071

      Usually I’m not in these, however, being years end it gives me a chance to express my thanks for all youses do to keep us informed. It is much appreciated. Cya next year everyone.

      Rollup – Hidden
      MSRT – Hidden
      5021093 – NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 x64 – Installed
      5021296 – Security Only – Installed
      IE/Edge – Not Applicable
      5012170 – Security update for Secure Boot DBX – Not offered, would’ve hidden.

      Win 8.1 (home & pro) Group B, Linux Dabbler

    • #2512138

      Aging computer? I have a 1998 computer with Win 95B on it and a computer built in 2000 with Win 98 SE on it.

      I guess you didn’t buy Samsung. I bought a top-of-the-line gaming computer from them in 2013, and have had nothing but trouble with it from the first week when it wouldn’t shut off.

      Now the the battery is swollen and is pushing up the keyboard. It takes ten minutes to fully boot. It won’t completely recharge and discharges quickly.

      Foolishly, I bought a Samsung printer shortly afterwards and I had so much trouble with it that I had to junk it and buy a new printer.

      Wisely, I think, Samsung doesn’t make computers any more. 🙂

      I intend to get another Windows computer in the new year, but I dread getting Windows 11 with it.


      2 users thanked author for this post.
      • #2512171

        Buy it from a company that builds it to order, rather than getting it off the shelf. If in the UK, I’d strongly recommend PC Specialist, but I’m sure there are equivalent companies in the US or elsewhere that others can recommend. That will enable you to specify Windows 10 rather than 11.

        1 user thanked author for this post.
    • #2512200

      Installed the December updates on my HP Home Win 10 22H2. Updated without incident and rebooted fine.

      2 users thanked author for this post.
      • #2512318

        Same here. No issue for my two 22H2 Pro and one 22H2 Home for more than a week. Note that none of them has hidparse.sys in \System32, only in \drivers.

        1 user thanked author for this post.
    • #2512336

      Installed December updates without problems on four Windows 10 21H2 computers, two of which had the duplicated hidparse.sys file in the Windows\System32 directory and two that didn’t. That file was last updated with the November updates and didn’t change for December. Afterwards was able to apply the 22H2 feature update to all computers without incident-much less involved than the monthly update as has been the case recently with feature releases.
      It’s not obvious from a hardware/software view what leads to the duplicated hidparse.sys file. Three of the four computers were Dell desktops and a laptop, and the fourth was a Surface laptop. The Surface laptop and one of the desktops were the ones without the duplication. I had previously reinstalled 21H2 (not replacing apps and data files) on the desktop last summer to resolve update problems stemming from some corrupted files-maybe that knocked out whatever was doing the duplication? I have two more Dell desktops to update and will see what holds for them, but clearly, the reported December update problems are not driven solely by the presence of that file in the System32 folder, and previous monthly updates appear to have been updating it.

      2 users thanked author for this post.
    • #2512404

      As to, “The easiest ghost to prevent is the patch KB5012170…”.

      I have four Win10 Pro 22H2 machines to shepherd. I am using WUMgr, InControl (on 3 of them), Group Policy Editor (both – Select Target Feature Update [Win 10 22H2] and Configure Automatic Updates [Set to 2 – Notify download and install]) on all. Ethernet connections are all set to metered and I used WUMgr to hide KB5012170 on all 4 PCs.

      Magically KB5012170 installed by itself on the next to oldest desktop. My only alert was the shutdown screen indicated shutdown/reboot to install updates which, as I was in a hurry, only registered with me after I had clicked. I immediately checked installed updates and uninstalled KB5012170.

      On the oldest desktop I “caught” an update trying to install and chose reboot without updating. At this point I didn’t know how to see exactly which update was trying to install, so I used WUMgr to unhide Windows Update and paused all updates as far into the future as allowed. I then restarted WUMgr and did not find that KB5012170 had been installed. Both of these older machines were WinXP Pro =>Win7 Pro =>Win10 Pro in place upgrades. The other 2 machines are a 10 yr old Lenovo Y580; also originally Win XP but Win 10 was a fresh install to SSD, and a newly built ASUS x570 loaded with Win10 Pro 21H2 and updated to 22H2.

      So how do I see what is going to install on shutdown and have I missed something else?

      Thank you Susan! You’re the best! -J

    • #2512448

      re: MS-DEFCON 3: Windows 10 22H2 may leave you blue

      Yet on December 5, 2022:
      It’s time to install Windows 10 22H2

      Did I miss something?

      • #2512456

        Become a plus member and you’ll see that the December update is causing bsods on SOME but not all 22H2.

        Susan Bradley Patch Lady/Prudent patcher

        • #2512465

          Thank you for your polite and prompt reply.

          As I am only an occasional visitor, plus membership is not on my to-do list, but I do think the failure warning should be appended to the original article for the benefit of us cheapskates.

    • #2512475

      The alerts honestly are not behind a paywall and detail out the situation.  The situation is NOT 22H2 rather some computers have two mismatched files.  Read the alert here and the details are listed.

      I have installed the December updates on all of my 22H2 with no issues.  So it’s not EVERY machine impacted.  I think it’s third party/gamers most impacted.

      Susan Bradley Patch Lady/Prudent patcher

      4 users thanked author for this post.
    • #2512488

      HP Elite Desktop, Win 10 Pro, 21H2. Home user.  Took all the December updates. No problems. Allowed me to keep my Classic Shell START. Was able to delete the news  icon being offered.

      1 user thanked author for this post.
    • #2512518

      OK after re-reading the successes with people who only had one copy – PC#1 did the update.  No issues.  PC#2 – no issues.

      2 users thanked author for this post.
    • #2512626

      Are you ever been “caught between a rock and a hard place”?

      After reading this thread, the risk of the blue screen of death scared me so I went shopping for a backup external hard drive so as to do a full image backup before doing this month’s update.

      But then the hard place appeared when I read the hard drive reviews. Every drive I found such as Western Digital, Seagate, and Samsung had many, many reviews that said in part,

      “Broke after 6 months”, “PC would not recognize”, “Warranty service terrible”, “Destroyed and lost all my data”, “Could not return”, “Would not work on Mac or Chrome”, “Would not copy after 80GB”, “Would backup but not restore”.

      So what is a person to do as apparently all the newer electronics seem to be garbage?

      Thank goodness for all the successful updates reported above so now I can update with some confidence since doing an image backup seems impossible.

      • #2512652

        The external hard drive onto which I back up my laptop was left at my place about 10 years ago by a friend who bought it second-hand on Ebay. He used it to download and save films. I came across it in my cupboard earlier this year, formatted it and have been using it ever since for the full image backup. Works fine – had it checked by my PC technician when he was last round.

        They just don’t make ’em like that any more.

        1 user thanked author for this post.
      • #2512940

        “Broke after 6 months”, “PC would not recognize”, “Warranty service terrible”, “Destroyed and lost all my data”, “Could not return”, “Would not work on Mac or Chrome”, “Would not copy after 80GB”, “Would backup but not restore”.

        I usually select a known name for hard disk drives. Every hard disk drive will fail eventually and occasionally some much sooner than others. Get three hard disk drives, at least 1TB each, and rotate them in your backup schedule. If one hard drive fails, you have two remaining good hard disk drives.

        Day1 HDD1
        Day2 HDD2
        Day3 HDD3
        Day4 HDD1

        Get a backup program and make your backups regularly. Backups are the safety alternative to reinstalling all software including your operating system and losing your personal files and folders. A backup can restore system files and folders, software, and personal files and folders.

        On permanent hiatus {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
        offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
        online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender
      • #2512983

        BTW, a backup doesn’t help if you can’t restore from it so make sure you “test” the restore function to ensure you understand exactly how to use it and that it really works!

    • #2512655

      Susan Bradley wrote, “… ensure that you have a full backup of Windows 10 22H2, 22H1, or 21H1 and can thus restore your system before attempting to install the December updates.”. Surely, 22H1 doesn’t exist?

      I believe Susan is referring to 21H1, 21H2 and 22H2 here.

    • #2512663

      Spent yesterday updating our fleet of Windows 10 Pro laptops and workstations including our backup PCs that are in storage.

      Bottom line, we experienced no issue with our computers running Windows 10 Pro 22H2, 22H1, or 21H2.

      Updates for our in-service computers included:

      • KB5021233,
      • KB5021088, and
      • KB890830 as well as
      • Western Digital Technologies – WDC_SAM –

      The only problem we experienced was with an old Windows XP workstation – it had problems booting.  We are now preparing it for the recycle bin by wiping its drive and removing reusable components.

      1 user thanked author for this post.
    • #2512666

      I updated my HP desktop yesterday and all went well.  As usual I waited for the DEFCON status to change before updating.  I kept the Microsoft mitigation instructions for KB5018410  BSOD handy just in case.  What annoys me the most is that this issue is still listed as “mitigated” on Microsoft’s dashboard.  How hard would it be for Microsoft to either resolve the issue, or at least be more specific about the details of the problem?  I feel bad for all those people who are impacted and don’t have the technical savvy to apply the suggested “mitigation”.

      • #2512748

        I kept the Microsoft mitigation instructions for KB5018410 BSOD handy just in case.


        I looked at the KB you mentioned, and it doesn’t say anything specific about any BSOD in its list of known issues. It does admit to issues with OneDrive and other items, but no claims of a BSOD.

        Sure you didn’t mean to say KB5021233?

    • #2512765

      Taking the plunge seeing I only have one copy, I’m happy to say my Windows 10 computer installed the updates with no problems. 🙂

      Win 10 ver. 22H2 x64

      3 users thanked author for this post.
    • #2512929

      Full Macrium backups on 5 Win10 Pro 22H2 Family PC

      4 had only the one file in Win32/Drivers – no problems with update – 3 of these were full up Gaming PC

      1 PC has the two files and both are radically different in date and version – it does have two games installed (SIMS and ESO) many months ago but can’t verify where the second file came from

      This PC is primary Work-from-Home for Health Professional – will defer as cannot afford any possible downtime issues

    • #2513068

      What are the reasons I SHOULD install the December patches? I don’t see any listed or explained anywhere.

      I only see reasons why I shouldn’t install them, as it seem more trouble than it’s worth. I also question why the change to Defcon-3? With the possibility for the dreaded BSOD, the status seems worthy of remaining at 2, or even changed to 1, not 3.

      With the given informaton, I plan to wait.

      • #2513097

        Windows SmartScreen Security Feature Bypass Vulnerability

        PowerShell Remoting Session Configuration and run unapproved commands on an affected system. Threat actors often try to “live off the land” after an initial breach – meaning they use tools already on a system to maintain access and move throughout a network. PowerShell is one such tool, so any bug that bypasses restrictions is likely to be abused by intruders. Definitely don’t ignore this patch. (you may not use powershell remoting but once attackers get on your system they will use this to gain access)

        spoofing bug in Microsoft Edge (Chromium-based) receiving a patch this month. This bug allows an attacker to change the content of the autofill box that overlaps an error message on a specially crafted website.

        Are just three of the ones that by the end of the month I’m nervous about not installing updates.

        I don’t close the month without installing updates for that month unless I have a really good reason to do so.

        Again this is NOT widespread, and you can see if you have two files, or just the one and thus can confirm you won’t have a problem.  If it was widespread Microsoft would have pulled the patch and fixed it. Thus this is showcasing it’s not widespread.

        Also and more importantly, you should have a backup and thus be able to handle any computer issue ranging from hard drive crash, ransomware, bsod etc.

        Susan Bradley Patch Lady/Prudent patcher

        • #2530793

          hi Susan, sorry for if its wrong to ask this in this post
          about powershell remoting session, based on your example that means the attacker need to get access to our pc first, either by us downloading or clicking some websites and then they can exploit the powershell right? not right away exploiting the powershell?

          i did skip december update, and only using it for some online game and youtube. sorry if the question kinda weird. its just that i dont really understand the terms used in microsoft website


    • #2513252

      With only 1 update remaining after this update of Win 8.1 🙁

      December patches installed with no problems to report on Win 8.1. 🙂

      Installation Successful: Windows successfully installed the following update: 2022-12 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 for x64 (KB5021093)

      Installation Successful: Windows successfully installed the following update: 2022-12 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5021294)

      With the issues going on with Windows 10, for instance the hidparse.sys issue this month, I am sure going to miss the stability of Windows 8.1 when it is eol next month. 🙁

      Win 10 ver. 22H2 x64

      2 users thanked author for this post.
    • #2513299

      I just (a week ago) moved a WIN10 HDD owned by my son, to a new AM4 motherboard from a failed FM2+. Although it is locked in 21H2, windows update deferral must have expired and KB5021233 seems to have been installed with no issues other than a rather slow restart after updating chipset drivers.

      I’d like some opinions on whether it would be wise to continue to defer 22H2 at this point. Again, just asking for opinions. This old brain logic would lead me to go ahead with the feature release update since KB5021233 is already installed without issue.

      Thanks for everything all of you do. I just wish I could keep up with all of this stuff as I have gotten much older!

      • #2513321

        Being as you have a new board maybe give it another week or month so if issues pop up you won’t have to wonder if it is from the upgrade. That said, almost everything I maintain (about 50-60 systems) is on 22H2 for a couple months or so and have no reported issues.

        Never Say Never

        1 user thanked author for this post.
        • #2513717

          Thanks so much for the opinion.  This is the only machine I maintain (occasionally) that is still on 21H2 – and it just happens to be the only machine with mismatched files.  Murphy’s Law strikes again.

    • #2513988

      After researching the BSOD problems on Win10 PC’s, I followed advice on this thread to resume updates and then quickly pause to 2/6/23. Hoping Microsoft gets it right by then

      Found this article discussing mitigations: https://windowsreport.com/kb5021233-windows-10-22h2-hidparse-blue-screen/ Downloaded their Rec’d Restore.exe but not installed

      Are Windows 11 PC’s immune to the hidparse blue screen problem?  Thanks

      This article implies Win11 are susceptible but not mention in this thread:



    • #2514051

      The hidparse.sys BSOD problem happens on “some” systems when KB5021233 is installed.

      KB5021233 only applies to Windows 10!

      1 user thanked author for this post.
    • #2514118

      Older Dell, Win10 Pro  21H2, GP edit stgs ‘2’ etc, using winshowhide via local Admin acct

      Installed  yesterday:

      KB 5021088

      KB 5021233

      KB 890830

      -had only one hidparse in C:/windows/System32/drivers. Folder untouched by this update, still ver. 10.0.19041.2251, last accessed Nov 26 when I did Nov updates.

      -hid KB 5012170; kb4023057 & kb5005463 have been hidden all year

      As per usual in last few mos. updates,  .Net installed and prompted ‘restart now’ before CU had finished ‘downloading & installing’.  Did NOT restart until CU had finished installing, took two rounds of watching downloading/installing, probably SSU -shows now as installed in Programs and Features as 10.0.19041.2300. (I also did not get a notification to restart 2nd time in panel post CU install, had to watch for it.)

      Took 20 min, not unusual as I keep my a/v on. Restart incl ‘Cleaning Up’ was longer than usual, but no BSOD.

      Now successfully on 21H2 ver. 19044.2364 Win Feature Pack 120.2212.4190.0. Sfc /scannow clean.

      Note: in checking post update, some settings were changed. Notably: Notifications & Actions were all on again, and Accounts|Sync Settings were all on (I switched off as I have local accounts only, have never used a Microsoft account, nor do I have other PC’s…no Syncing required. Not sure why Updates always set those to default ‘On’)

      Am holding on 21H2 until 22H2 is sorted. All functioning well.

    • #2514641

      For Win 10 21h2, I see only one hidparse file.

      Is it safe to update for Win 10 home or just defer until next month.

      Addendum: I have paused updates until 1/14/23.

      Win 10 Home 22H2

      • #2514652

        If you don’t have the file in the C:\Windows\System32\ folder (the only one is in the C:\System32\drivers) or they are identical in both folders (same date/version), you are OK.

        1 user thanked author for this post.
        • #2514817

          This is all I’ve got on both my desktop P.C. (W10 Professional, 22H2) and my laptop (W10 Home, 22H2). Am I good to go? With many thanks.

          • #2514821

            Yep, you’re good to go!  👍

            Like you, I only have the one version number ending in .2251 in the \drivers folder on both of my computers, and neither one of them had any problems related to that file. I.E. no Blue Screens Of Death.

            1 user thanked author for this post.
    • #2515613

      Single Computer – Windows 10 – 21H1 Personal User (Non-technical User)

      I had Windows Updates paused.  I just completed my data back-ups including system image back-up and unpaused Windows Updates.  The December Windows Update did not appear and did not install.  I checked Windows Update History and Control Panel Program History to see if the December Windows Update was already installed without my knowledge and indicates that KB5021233 was installed.  Is this the December Windows Update?  I was looking for KB5022155 because I thought it is the December Windows Update.  I read that KB5021233 has caused blue screen problems.  I don’t have any problems.  Should I keep KB5021233 installed if it is not causing problems?  Thank you.

    • #2515636

      KB5021233 is the Dec update for Windows 10 20H2, 21H1, 21H2 & 22H2.

      KB5022155 is the Dec update for Windows 11 22H2.

      And no, if you didn’t experience the BSOD problem (which only happens to some users) , there’s no reason to remove the update.

      1 user thanked author for this post.
    Viewing 33 reply threads
    Reply To: MS-DEFCON 3: Windows 10 22H2 may leave you blue

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: