News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 4 – It’s time to Patch for Nov

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog MS-DEFCON 4 – It’s time to Patch for Nov

    Viewing 36 reply threads
    • Author
      Posts
      • #2313788
        Susan Bradley
        Manager

        My advice: If you have a zoom call coming up this week for a Thanksgiving get together – ensure that you do that Zoom call FIRST – then update your co
        [See the full post at: MS-DEFCON 4 – It’s time to Patch for Nov]

        Susan Bradley Patch Lady

        7 users thanked author for this post.
      • #2313796
        anonymous
        Guest

        Just curious, is it safe to press the “Check for Windows updates” button? And under what conditions?

        • #2313808
          dmt_3904
          AskWoody Plus

          I was just going to ask the same question.  I have GP Edit set to stay on 2004 and had quality updates set to 30.  I just changed it to 0.  But I should be able to check for updates under these circumstances, correct?

          • #2313813
            PKCano
            Manager

            Take a look at AKB2000016 about using Group Policy deferrals settings AND TargetReleaseVersion settings at the same time.

            • #2313829
              anonymous
              Guest

              I have an important question about this.

              A lot of people have been manually setting TargetReleaseVersion at: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

              But your guide says to also do it via Group Policy, what I want to know is when you set it via Group Policy, where in the registry does it make the change? I assume it’s a different registry location than the first method, but need to know where, so I don’t get the two registry locations confused.

              • #2313843
                PKCano
                Manager

                If you have Home Edition, you do not have Group Policy available and you have to use the manual settings in the Registry or the commands mentioned in AKB2000016. There is no other way to make the settings.

                But, if you have the Pro Edition with Group Policy available, the settings can and should be made through Group Policy and mentioned in AKB2000016

              • #2313978
                anonymous
                Guest

                I have it set in the registry and group policy, but when you set in group policy where does it make a registry entry? I assume it’s a different registry location than the first one.

          • #2313826
            Susan Bradley
            Manager

            Ask PK says “check for updates” should be titled up “you will get updates”.

            Susan Bradley Patch Lady

            2 users thanked author for this post.
        • #2313812
          PKCano
          Manager

          Clicking “Check for updates” is not recommended.
          The updates should appear in the Windows Update queue according to your GUI or Group Policy settings.

          2 users thanked author for this post.
          • #2314061
            dmt_3904
            AskWoody Plus

            You know, MS keeps making it more difficult for us to control updates.  IMHO – going into GP Edit is more effort than settings Advanced Options in WU.  And that is more effort than in prior years when you could simply check a box to hide the updates you didn’t want and click install!  I hope they are not going to eventually take away our option to install updates or not, but it seems to me that is the direction MS is moving toward.

            2 users thanked author for this post.
            • #2314062
              PKCano
              Manager

              There are no more deferral settings in Advanced Options in v2004 Pro. You have to use Group Policy to do the settings that control Windows Update.

              1 user thanked author for this post.
              • #2314064
                dmt_3904
                AskWoody Plus

                Yes I know, I learned that here, thank you!  I was just commenting that MS is making it more difficult for us since with 2004 there are no more advanced settings and it was even easier prior to that.  My comment probably belongs in the Rant forum 🙂

              • #2314464
                Charlie
                AskWoody Plus

                You’re fine, rants are rants and facts are facts.  No need to go to Rants IMHO.

      • #2313798
        cyberSAR
        AskWoody Plus

        I’d also suggest updating Zoom before making that call. Seems Zoom has an update almost every week based on the machines we maintain.

        1 user thanked author for this post.
      • #2313893
        Ricard
        AskWoody Plus

        I do miss the specific paragraph for Windows 7 on ComputerWord – I’m still hanging on – even if it’s just a note to say “all clear” or to refer to any problems cropped up.  Just in case I’ve missed something here on AskWoody.

        And, congratulations on taking over the helm. When I first read that Woody was retiring I thought “Oh, no!” Then I saw that “Susan Bradley” was taking over and I went “Whew! That should be OK, then.”

        Win 7 Pro, 64-Bit, Group B ESU,Ivy Bridge i3-3110M, 2.4GHz, 4GB, XP Mode VM, WordPerfect
        6 users thanked author for this post.
      • #2313919
        dph853
        AskWoody Plus

        Does the ok to patch include the office 2016 C2R patches also? I currently have updates disabled in the office account section. Just curious, why patch windows so early? Lots of time still before next month’s patches are released.

        • #2313936
          Susan Bradley
          Manager

          Because of the holiday week I consider this a bit of a weird week and I’ve scheduled migrations, upgrades, etc during this week.  So for me Thanksgiving week is my “do maintenance on computers” week.  Maybe I’m the weird one 🙂

          Susan Bradley Patch Lady

          1 user thanked author for this post.
      • #2313920
        Erik
        AskWoody Lounger

        Welcome Susan and good to see your first defcon article. One question: I didn’t see anything in your computer world article about Windows 8.1. Do you plan on writing about that version too as was done previously or was there just nothing to write about? I plan on keeping it until end of service and have relied on this site to keep it smooth. I saw a similar question below from a windows 7 user as well. Thanks!

        Windows 8.1 Group B, Firefox ESR, Duck Duck Go & Protonmail

        • #2313925
          PKCano
          Manager

          I’ve patched four of my Win8.1 machines without any problems.

          5 users thanked author for this post.
        • #2313939
          Susan Bradley
          Manager

          I will and you’ll still see the full listing of updates coming up in patch watch later this week.  For the computerworld article I just didn’t list all versions and was calling out the unusual items of note.

           

          Susan Bradley Patch Lady

          6 users thanked author for this post.
      • #2313923
        PerthMike
        AskWoody Plus

        So… “…especially if you are on 1909.” You say that, but you don’t point out why 1909 should so critically be patched…?

        No matter where you go, there you are.

        • #2313937
          Susan Bradley
          Manager

          Meaning that’s the stable one right now and thus I’ve seen less issues reported with it.  Less issues means I’m more comfortable in saying go ahead.

          Susan Bradley Patch Lady

          3 users thanked author for this post.
      • #2313938
        anonymous
        Guest

        For over a week and no followup on anything. No woody only susan. No insights on Nov updates coming. But bamm Nov updates are here. Something not right here. Im not updating

        • #2313945
          Elly
          AskWoody MVP

          You missed Woody’s announcement- see Changing of the guard at Askwoody.com!

          All of us are getting used to the changes. Susan isn’t Woody, but she knows her stuff.

          If you prefer, wait to update until just before December’s Patch Tuesday… but most of the problems have been with managed business environments… or Malwarebytes (see Computerworld article).

          Susan didn’t use the exact same format as Woody… she has her own voice… but she isn’t going to abandon us home users, either. If there is something you still need to know after reading her Computerworld article, post back here… and we’ll see if we can help you.

          PS- Woody has a special place in many hearts here… he’s guided us reliably for years… but he’s taught us well, and we should be able to continue updating reliably and safely under Susan’s guidance.

          Non-techy Win 10 Pro and Linux Mint experimenter

          10 users thanked author for this post.
          • #2314040
            Tex265
            AskWoody Plus

            As well as the always knowledgeable and extremely helpful PKCano “Da Boss”.

            Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
            4 users thanked author for this post.
      • #2313942
        anonymous
        Guest

        Okay I’m very confused from that article…..So is it safe to install Windows 2004 or just install the usual Cumulative Monthly update and safe updates and don’t install the update with 57 at the end that contains the new WIndows 2004 version update.

        I can’t make heads or tails or the article. When Woody wrote safe levels on what to install, he was precise on what updates to install, but I can’t tell heads or tails in this article on what to install. Should I install the usual or should I install the usual with 2004? Is Windows 2004 safe to update windows 10 to?

        1 user thanked author for this post.
        • #2313948
          Elly
          AskWoody MVP

          My recommendation at this time for general use is to be running Windows 10 1909 or later. Its predecessor, 1903, will reach end of servicing on Dec. 8. I have not noted any issues with Windows 10 version 2004, but that’s not true for all users — especially those that use third-party antivirus.

          No, Susan didn’t say it was time to upgrade to 2004, just that one should at least be on 1909…

          Since there hasn’t been an announcement that it is time to upgrade to 2004, I take this as regular monthly upgrade advice… but it could be that Susan doesn’t realize that we are waiting for such a specific cue, and maybe she could clarify. In the US, with a long, four day weekend, it might be the perfect time to upgrade, if not planning to wait until close to 1909’s end of life.

          Non-techy Win 10 Pro and Linux Mint experimenter

          • #2313950
            anonymous
            Guest

            Yeahhh~Because 1909 doesn’t expire until May 2021. So I am just installing the usual updates that Woody would always tell us to install, but for new windows versions I wait for a specific cue on when to do it.

            And when it comes to 3rd party software-Do you have to uninstall before installing 2004. Like for example, i have advanced systemcare. So I would have to uninstall the software before installing 2004 in the future so nothing goes wrong?

            Again-quite confused on the article. I need clarification and simplification because I understand simple stuff so I can grasp it for me to understand. I have mild autism (aspergers).

            • #2313956
              Elly
              AskWoody MVP

              It’s only third party antivirus, if you are running one, that had any problems.

              Advanced system care isn’t an antivirus, but I might make sure the AI mode is turned off before updating. I don’t know enough about it, but when I see it detects threats.. well, it takes little time to turn it off, and then back on (if you are using it)… but that is for going to 2004, not regular updates…

              Non-techy Win 10 Pro and Linux Mint experimenter

              • #2313963
                anonymous
                Guest

                I keep it on manual mode because I scan and fix anything that I know needs scanning and fixing than having AI on the job.

                ANyway I’ll wait until I get the official word on 2004. I got until May 2021, so come March or April I’ll update to 2004, BUT only when I am home to handle the update and I’M THE one giving my laptop the update. Not come home and find Windows took control to update while I was away.

          • #2313954
            WCHS
            AskWoody Plus

            it might be the perfect time to upgrade,

            I am going to wait to upgrade to 2004 until all year-end matters are taken care of, including electronic tax returns. 🙂

            • #2313962
              Elly
              AskWoody MVP

              I am notoriously slow in applying updates myself… and since retiring, it is all one long weekend for me… but for people in the US with jobs, the four day Thanksgiving holiday may be one of their few long breaks, giving ample time, just in case.

              I’ve recommended that several family members go ahead and install 2004 because it suits their schedules. They have time to do back ups and imaging… and then install… and then have time to deal with any problems before they need their computers for work.

              Non-techy Win 10 Pro and Linux Mint experimenter

        • #2313976
          Susan Bradley
          Manager

          I’m sorry if I made it confusing.  The normal patch watch on askwoody’s newsletter is coming this week and I was trying to make sure that I wasn’t giving the same content for both articles.  I wanted to focus in on the problem patches and issues, not to list each update like I do for askwoody’s newsletter.  I do the full listing of updates for the Patch watch.

          Apologies if I confused anyone!  I was hoping that I was giving you a holiday break and extra time to install updates on your schedule.

          Susan Bradley Patch Lady

          6 users thanked author for this post.
          • #2314131
            anonymous
            Guest

            So there’ll be an article on what updates to install for November soon right? I just want to know what to install on my computer. Will it be posted before or after thanksgiving?

      • #2313977
        JD
        AskWoody Plus

        November patches installed with no problems to report on Win 8.1 🙂

        Installation Successful: Windows successfully installed the following update: 2020-11 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4586845)

        Installation Successful: Windows successfully installed the following update: 2020-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4586085)

        Group "A"- Win 8.1 x64
        Win 10 ver. 1909 x64
        Win 10 Pro ver. 2004 x64

        9 users thanked author for this post.
      • #2313980
        Bundaburra
        AskWoody Plus

        Successfully installed  KB4586864 (SSU), KB4586781 (CU), KB4580419(.NET), KB890830 (MSRT), and a bunch of Office 10 updates.  No problems with the installation or since.  I was not offered KB4589212 (Intel).  Also no problems with 20H2, installed in October.

        Windows 10 Pro 64 bit 20H2

      • #2313990
        PerthMike
        AskWoody Plus

        The Master Patch List also still shows all of the November Office 2016 updates as “Defer”. Are there still bugs, or has the list not been updated yet to reflect Defcon 4?

        No matter where you go, there you are.

        • #2313991
          Kirsty
          Manager

          As you will see on the list, it was last updated 2 weeks ago. I’m sure there will be a new update to it tomorrow (ok, the next day or so) 🙂

        • #2313994
          Susan Bradley
          Manager

          It’s coming out this week.  Clearly I’m still working out the kinks so if you would be to kind as to bear with me.  Clearly Woody’s shoes are not quite fitting just yet. 🙂

          I normally consider Thanksgiving week my week that I can blow up my computer and get it working by the following Monday, thus I normally install updates this week in all of my years of installing updates.  My apologies if I didn’t give you the heads up!

          I’ll do better next month!

          Susan Bradley Patch Lady

          10 users thanked author for this post.
          • #2314112
            RM
            AskWoody Plus

            Susan,  thanks for letting us know on master patch list.  I plan on waiting to do patches when you have updated the list.  Thank you also for taking over from Woody and providing the information on patches to the rest of us.  It is appreciated.

            5 users thanked author for this post.
            • #2315553
              RM
              AskWoody Plus

              Susan,  10-28-20:  Just downloaded the master patch list and it still shows DEFER for all of the versions of Windows and Office yet the the banner on Ask Woody shows a “4”.   My question is:  What updates are safe to install on  win 10, Win 8.1, Win 7 and Office 2016, 2013, and 2010?  Thanks for updating the master patch list so the rest of us have guidance on what to install and not install.  It is appreciated.

              • #2315568
                Susan Bradley
                Manager

                My apologies, I got my carts before my horses.  It will be out in tomorrow’s newsletter.   In the meantime the html version is here:  Master Patch list – November 30, 2020 @ AskWoody

                 

                 

                Susan Bradley Patch Lady

              • #2315571
                RM
                AskWoody Plus

                Susan,  thank you very much. I appreciate your quick response.  However,  I looked at the list but did not see KB4586083 Security and Quality update for .NET (for windows 7 64 bit).  Should this update be installed or deferred?  Thank you.

              • #2316315
                hmw3
                AskWoody Plus

                Susan:

                I have the same question as RM, regarding KB4586083. It shows up on my Windows 7 Pro computer update list. Should it be installed?

                 

                Harry

              • #2316468
                Paul T
                AskWoody MVP

                KB4586083

                This was last updated early November so it would be considered part of the November patches.
                This is OK to install – after you have made a backup.

                cheers, Paul

                • This reply was modified 1 month, 3 weeks ago by Paul T.
      • #2313992
        Elly
        AskWoody MVP

        Any time Microsoft comes out with a new feature release, it also has to re-release that old chestnut KB4023057. It ensures that your computer is ready for the release by making sure you have enough hard drive space and checks that your windows update is ready for the process. If you don’t see it, it’s a sign your machine is ready for 20H2. If it is offered up, take it as a sign that you need to check hard drive space and ensure that your machine is otherwise healthy and ready.

        Those of us intending to update on our own schedule, and not on Microsoft’s, would do well to avoid KB 4023057. It is designed to wipe out any way we may be blocking updating on their schedule.

        This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.

        This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows 10.

        My intention is to run 1909, now that it is stable, to its end of life… and that means avoiding KB 4023057. The language Microsoft uses to describe things I may have done to ensure updating on my schedule, and not Microsoft’s, shows their hostility to end user preferences.

        I’m sorry Susan… until Microsoft provides an absolute off switch for telemetry and demonstrates respect for end user’s needs and preferences, I absolutely intend to block updating any way necessary… and KB 4023057 is not my friend… Unless I have a problem I cannot diagnose that is interfering with updating when I decide to update, it is malware, pure and simple. Describing it as something that helps ready one’s computer for updating is as misleading as describing a car theft as helping me upgrade to a newer vehicle. Choice and consent is absent. (And for the compulsive who will reply that I agreed to the EULA, don’t bother… that is legal speak that covers Microsoft’s self entitlement, not something that is ethical in terms of real informed consent for end users… a way to legally defraud us, nothing more).

        So… KB 4023057 is never downloaded onto my machines. It installs Microsoft Update Health Tools, which are designed to ignore and over ride any end user preferences I may set… so… no… not going to happen…

        It did, by the way, show up this month, in wushowhide… and is safely hidden.

        Non-techy Win 10 Pro and Linux Mint experimenter

        5 users thanked author for this post.
        • #2313995
          Susan Bradley
          Manager

          It would not remove the group policy/registry key for the targetedreleaseversioninfo.  If you use that setting no matter what the intent of Microsoft you won’t get pushed to 2004. 🙂

          https://www.ghacks.net/2020/06/27/you-can-now-set-the-target-windows-10-release-in-professional-versions/

          Susan Bradley Patch Lady

          4 users thanked author for this post.
        • #2314045
          Umbongo
          AskWoody Plus

          I downloaded KB 4023057 (to my Windows 10 Home) and it was duly installed.  Then I uninstalled the app.  Unless someone can tell me to the contrary I assume that deals with the problem (absent MS re-sending re-installing on my next update)

           

          Umbongo

          • #2314047
            PKCano
            Manager

            You will definitely have to keep an eye out for it, because Microsoft will offer it again (and again, and again…..). You could hide it with wushowhide, but each time there is a new version, it will be back.

            3 users thanked author for this post.
            • #2314164
              davinci953
              AskWoody Plus

              Yep, I hid it last month (and maybe the month prior), and it was back again this month.

        • #2314344
          WSaltamirano
          AskWoody Lounger

          I don’t understand how some people can hide KB4023057 with WUshowhide because

          it is not working if the updates are paused ! And if it is not paused, it will dowload

          automatically on patch Tuesday. ? (WIN 10 Home).

          • #2314414
            Elly
            AskWoody MVP

            Do read PKCano’s Guide for Windows Update Settings for Windows 10, section 2, Home. The registry changes are reported to be working for now.

            The trick regarding wushowhide is to set your internet to metered, unpause, and immediately run wushowhide… being on metered may allow you to block some updates before they are downloaded.

            It is very much easier to control updating on Pro… you might look for Black Friday sales, but go through a legit vendor.

            Non-techy Win 10 Pro and Linux Mint experimenter

      • #2313997
        Paul T
        AskWoody MVP

        when you set it via Group Policy, where in the registry does it make the change?

        Group policy is simply an automated way to set registry values – it can do other things as well, but automation is its remit.
        If you set Group Policy, it does the same thing as manually editing the value in the registry.

        cheers, Paul

        2 users thanked author for this post.
      • #2314030
        ram5thwheel
        AskWoody Plus

        Good morning,

        With regards to this months patches, I am not seeing the normally displayed format.  Last month I updated to 2004 and this months patches normally keep nagging me that updates are ready.  I DO NOT hit check for updates.  I do have the appropriate settings in Group Policy set to keep this version until ready to update to 204Q.  My question is why am I showing what appears to be several drivers ready to install on the Windows Update nag screen? (See attached)  I have not seen this before.

        Normally I can see the updates listed in Susan’s “Patch Watch” when checking the database file.

         

        Updates-ready

         

         

        Attachments:
        • #2314035
          PKCano
          Manager

          There is a setting in Group Policy under Windows Update “do not include drivers in Windows Update.” Enable it and see if it helps.

        • #2314121
          geekdom
          AskWoody Plus

          SAMSUNG Electronics Co., Ltd. – AndroidUsbDeviceClass – 2.16.14.0
          SAMSUNG Electronics Co., Ltd. – Modem – 2.16.14.0
          SAMSUNG Electronics Co., Ltd. – USB – 2.16.14.0

          I’ve received these three updates over the last several days and let them install.

          You may want to hide them.

          Beta Work {Got backup and coffee}
          offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
          offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
          online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr
      • #2314085
        280park
        AskWoody Plus

        Re: Feature Deferral in version 1909

        My laptop is running Windows 10 Pro version 1909 build 18363.119. KB4023057 was installed on October 5th.

        I have never used Group Policy or registry edits to control updates. Feature deferral under advanced options is currently set at 365 days.

        Can someone confirm that so long as I remain on version 1909 the feature deferral option will continue to prevent feature updates?

        • #2314088
          PKCano
          Manager

          The deferral option will continue to prevent Feature Updates until:
          + v1909 approaches EOL in May 2021. When it is upgraded will be when you decide to do so OR when MS decides to push an upgrade as v1909 approaches EOL or shortly thereafter.
          OR
          + v2004 (the next version being deferred) reaches 365 days deferral after it’s release on 5/27/2020

          2 users thanked author for this post.
      • #2314084
        Scotttv66
        AskWoody Lounger

        Taking your advice I downloaded patches. Was essentially forced to go from 1903 to 2004.

        So far the main issue is getting this error message:
        Intel® Optane™ Memory Pinning Error: ‘Unable to load DLL ‘iaStorAfsServiceApi.dll”
        This apparently is an issue since Intel addresses it here:

        https://www.intel.com/content/www/us/en/support/articles/000056299/memory-and-storage.html

        Their fix is a little bit above my level of expertise so any feedback appreciated.

        • #2314091
          b
          AskWoody Plus

          You only need to download and run the driver update in the first sentence after “How to fix it:”.

          The rest of the instructions will probably not be required.

      • #2314068
        anonymous
        Guest

        i’m on 1909, when i press check for updates, it auto installs 2004 as one of the updates.

        • #2314090
          PKCano
          Manager

          Yes, that is correct.
          Because “Check for updates” doesn’t really mean CHECK for updates. It means download and install anything that is available for the PC – including monthly updates, Preview updates, Feature updates, drivers, etc.

          We do not recommend clicking on “Check for updates.”

          2 users thanked author for this post.
          • #2314094
            Scotttv66
            AskWoody Lounger

            fyi I didn’t click “check updates” . As Susan instructed I had paused them and clicked on resume and it force fed me 2004.

            • #2314096
              Elly
              AskWoody MVP

              When pause expires, or you click to resume, you then receive all available updates, just as if you clicked check for updates at that time.

              Non-techy Win 10 Pro and Linux Mint experimenter

            • #2314097
              PKCano
              Manager

              The only way to prevent that is to set Metered connections before you click Resume Updates. That way you can use wushowhide to hide the ones you don’t want before the rest download.

              2 users thanked author for this post.
              • #2314116
                WCHS
                AskWoody Plus

                1. Is this the order of operations, before clicking on Resume Updates?
                a. Set metered connections to “on”
                b. Use wushowhide to hide the ones you don’t want
                c. then click on “Resume Updates”

                2. Do you have to wait until the WU queue renews, before taking step c?

                3. Would setting airplane mode to “on” subvert any download (i.e., make the download fail) and thus do the same thing as Step a?

              • #2314255
                Paul T
                AskWoody MVP

                c. then click on “Resume Updates”

                You have to wait for the queue to clear before resuming or you will get them all. This may take Windows days.

                Would setting airplane mode to “on” subvert any download

                Yes and it will also prevent WU phoning home and updating the queue – much like pausing updates. In other words, “don’t do this”.

                You may want to try WUmgr for more granular control of the updates.

                cheers, Paul

                1 user thanked author for this post.
            • #2314105
              Susan Bradley
              Manager

              This is why you want either the deferral set or the targeted setting set. It keeps 2004 and 20h2 from installing.

              Susan Bradley Patch Lady

              3 users thanked author for this post.
          • #2314109
            anonymous
            Guest

            On Nov10, I used wushowhide to hide the offered kb’s. WU que took forever to clear. But finally did. Today I opened the ‘hidden’ KB’s only to find nothing there! I then tried show updates nothing there. According to settings, wu checked yesterday and nothing was needed. I manually installed kb4586786. Are there other patches I need?  win10 Pro, 64 bit,ver1909 bld 18363.1198 (Nov2020)
            Aspire E15 intel core i5 8250u
            8Gb RAM 256 GB SSD

            On another laptop, I had hidden the Nov1o offerings. Today they were still there so I “unHid” expecting installation to proceed since I removed the blocking mechanism provided by wushowhide. Nothing happened. I did NOT click check for updates but now I am still on Oct bld. Any suggestions? How do I get wushowhide to go ahead and install?

            Many Thanks

            Nice to see you at the helm Susan!!

            Happy Thanks giving to All and Stay safe

            • #2314120
              PKCano
              Manager

              For the first v1909 PC – You need the Servicing Stack (SSU) KB4586863. Technically, the SSU should be installed first before the CU. It doesn’t ever show up in Windows Update as a separate update (it is bundled with the CU) but it will show up in “Installed Updates” (NOT Update History).
              You need to look on the Support page for the CU to see what the current SSU is and install it first.
              You probably need the .NET CU also KB4580980.

              On the second PC, wait until Windows Update scans for updates again and the ones you unhid will show up. wushowhide is a dynamic (current) scan. The Windows Update queue is a cache that is not updated/refreshed between Windows Update scans, therefore is static.

              1 user thanked author for this post.
              • #2314236
                anonymous
                Guest

                The .net has no new security updates so it’s not mandatory to get KB4580980

      • #2314134
        TJ
        AskWoody Plus

        Just installed on my Win10 Pro x64 1909:
        4586863 SSU 2020-11
        4586786 Cum 2020-11
        4580980 Cum 2020-11 .NET Framework 3.5 and 4.8

        No problems so far.

        3 users thanked author for this post.
      • #2314224
        JohnH
        AskWoody Plus

        Be very nice to get this one fixed sooner rather than later because the issue also stops me using 2TB LaCie Thunderbolt backup drives. The workarounds  are dramatically more cumbersome.

        Screen-Shot-11-25-20-at-03.00-PM

        Attachments:
      • #2314273
        Berserker79
        AskWoody Lounger

        Windows 10 1909 Home here, just reporting successful update and no issues after allowing the following patches through Windows Update:
        – KB4586786 – 2020-10 Cumulative update for Version 1909
        – KB890830 – Malware removal tool Windows x64 v5.84
        – KB4484520/KB4486730/KB4486725/KB4486734 – Security Updates for several Office 2013 products.

        I have skipped KB4585878 (2020-11 Preview CU for .NET Framework) since it is a preview and manually installed KB4580980 (regular “2020-11 CU for .NET Framework) obtained through the MS Update catalog, since it’s no longer offered to me through WU.

        Also, I was offered the pesky KB4023057 in its 2020-10 flavor and promptly hid this patch with wushowhide when it showed up some days ago. Interestingly, I note that Susan’s Computerworld article states the following regarding this patch:

        If you don’t see it, it’s a sign your machine is ready for 20H2. If it is offered up, take it as a sign that you need to check hard drive space and ensure that your machine is otherwise healthy and ready.

        However, it seems my machine is ready for 20H2, since 20H2 is offered as “Download & Install” in the WU window, there’s plenty of hard drive space and no “health issues” are reported by Windows. My guess is that MS pushes KB4023057 to all machines running a version of Windows 10 they regard as “close” to EOL (and I assume that by MS standards the 1909 EOL on may 2021 is “close”) regardless of whether it’s ready or not for the next Feature Update.

        • This reply was modified 2 months ago by Berserker79. Reason: corrected typo
        1 user thanked author for this post.
        • #2314991
          WCHS
          AskWoody Plus

          and manually installed KB4580980 (regular “2020-11 CU for .NET Framework)

          I have been wondering why CU .NET KB4580980 (2020-11), released Nov 10, has never appeared in the WU queue. I know that, of late, a .NET CU will not appear, if the superseded one has not been installed. But this is not the reason because in this case, the superseded one, KB4578974, was installed on Oct 31.

          I have FU=0 in order to prevent Previews from showing up, so a possible reason is that KB4580980 is a Preview. But MS-Catalog, KB4580980 2020-11 does not list it as a Preview and History of CUs for .NET-1909 does not list it as a Preview, either. So, it should have shown up in the WU queue. Or is this an error at both of these URLs and is it in fact a Preview??

      • #2314297
        dph853
        AskWoody Plus

        I have followed Susan’s advice and updated two surface pro systems and a older desktop all running Windows v1909. No apparent issues. I used wushohide to hide 4023057 as I don’t think I have ever installed that. I sort of remember it changes a bunch of update settings and I do not wish to hunt for what it changes. I also updated office 2016 c2r without any apparent update issues. My question is this: I still have not installed the Cumulative update for .net from October. What is the consensus here. Should I install the .net CU patch or just leave it hidden and forget about it? .Net patches confuse me as I often see advice not to install them and then there is no subsequent post advising to go ahead and install them.

         

        Thx.

        1 user thanked author for this post.
        • #2314303
          PKCano
          Manager

          I install the .NET CUs issued on Patch Tuesday.
          I do not install the Preview .NET CUs issued otherwise.

          2 users thanked author for this post.
      • #2314314
        Win7and10
        AskWoody Lounger

        So I have KB 4023057 installed as of 10/10/20 without issues.

        I still have Home v 1909 installed.

        The 2004 feature update is still there, and still has instructions to download and install, however, I have not done so.

        Not sure if I should take action and uninstall KB 4023057.

        Also I always go back before the pause expires and resume the updates and NEVER check for updates.

         

        Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
        Win 10 Home 1909 (HP ENVY i7)

        • This reply was modified 2 months ago by Win7and10.
        • #2314339
          Paul T
          AskWoody MVP

          Why not set TRV to 1909 and then you don’t have to worry. When you want to update to 2004, change TRV to 2004.

          cheers, Paul

      • #2314388
        KP
        AskWoody Plus

        Master Patch List minor edit on 2020-11-10-Windows10-Updates.xlsx

        Line 4 of worksheets 1909, 2004 and 20H2 needs an edit. I only looked at 1909, and it should be

        https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1909

      • #2314420
        280park
        AskWoody Plus

        Re: Meet Now

        Microsoft Update installed the following:

        KB4023057 (displayed in update history)
        KB4586786 (displayed in update history)
        KB4586863 (displayed in installed updates)
        Malicious Software Removal Tool (displayed in update history)

        No .NET update was offered.

        Upon completion of the update process a “Meet Now” icon appeared in the task bar. Apparently this is some sort of video conferencing tool from Microsoft.

        • #2314422
          PKCano
          Manager

          See #2308167– Meet Now

          2 users thanked author for this post.
        • #2315070
          CADesertRat
          AskWoody Plus

          Microsoft Update installed the following: KB4023057 (displayed in update history) KB4586786 (displayed in update history) KB4586863 (displayed in installed updates) Malicious Software Removal Tool (displayed in update history) No .NET update was offered. Upon completion of the update process a “Meet Now” icon appeared in the task bar. Apparently this is some sort of video conferencing tool from Microsoft.

          I received the same updates on the 2 desktops I have updated so far and no .NET either but I did not get the “Meet Now” in the Task Bar. Evidently some do and some don’t.

          Don't take yourself so seriously, no one else does 🙂
          4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

          2 users thanked author for this post.
          • #2315120
            CADesertRat
            AskWoody Plus

            Update: I updated my HP laptop this morning that has a camera and it DID get the “Meet Now” icon on the Taskbar. Evidently MS searches to see if you have a camera on your computer before it adds the notification.

            Don't take yourself so seriously, no one else does 🙂
            4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

            2 users thanked author for this post.
          • #2315139
            WCHS
            AskWoody Plus

            ..but I did not get the “Meet Now” in the Task Bar. Evidently some do and some don’t …

            I didn’t get the MEET NOW icon in my system tray on my Skylake device, which has a web camera, but no Skype was ever downloaded from the MS-store.

            My Whiskey Lake does have Skype on it, but I haven’t updated that device yet. Will report back, if I get the icon.

            1 user thanked author for this post.
            • #2315145
              CADesertRat
              AskWoody Plus

              no Skype was ever downloaded from the MS-store.

              I’ve never downloaded Skype either, it just came with windows. I’ve never used Skype.

              Don't take yourself so seriously, no one else does 🙂
              4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

              • #2315556
                CADesertRat
                AskWoody Plus

                Just updated the last Desktop this morning with no camera and it GOT the “Meet Now” icon. So now I’m not sure what in the heck it’s looking for to put that icon in the taskbar. Seems to be random.

                I did “hide” the notification so it’s not showing on the 2 computers now though. So it basically showed up on 2 out of 4 computers with only the laptop having a camera. The settings are the same on all computers.

                Don't take yourself so seriously, no one else does 🙂
                4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

              • #2316533
                CADesertRat
                AskWoody Plus

                I started updating for Nov. on 11/24/20 and didn’t get the “meet now” on the first 2 desktops but this morning on 1st boot I now have the “Meet Now” icon (which I hid). So maybe it’s not coming with the cum. update, it must be coming in separately.

                Don't take yourself so seriously, no one else does 🙂
                4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

      • #2314472

        OK, reporting in from the hinterlands of Win 7 ESU…(yes, we’re still here)…

        Installed:

        1. 2020-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4586827)

        2. Windows Malicious Software Removal Tool x64 – v5.84 (KB890830)

        …but the PC got to 65% on the reboot, then rebooted itself again, this time with no MSE icon in the lower right tray! I did another reboot, and it showed up again. It’s getting twitchy with these WIN 7 patches.

        ..but “so far, so good,” (said the guy as he passed the 50th floor of the Empire State Building after jumping from the top)

        (And at 439MB worth-man, these rollups are getting to be quite a beast!)

        Happy Turkey Day, everyone!

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that can have least four legs and no brain."

        -Robert Heinlein

        2 users thanked author for this post.
        • #2315118
          Charlie
          AskWoody Plus

          And then you’re paying them a lot of money for this continued grief and anxiety.

      • #2315065
        mazzinia
        AskWoody Lounger

        Installed the november set of patches, win 10 2004 pro for workstations.

        There’s a problem I’m now having… I had the displays set to go in power save after 10 minutes, but after this month patches they are not going in power save.

        I’ve tried changing the value to “resave” the setting, and then put back to 1o minutes… but didn’t help.

        Is this a known issue with this month cumulative ? If yes, any tip to fix it ?

        • #2315113
          mazzinia
          AskWoody Lounger

          Replying to myself.

           

          Fixed the issue :

          Instead of using Display settings (new win 10 setting part) , I went to the old control panel, power options, display > saved a random setting, resaved my preference.

          now works as intended

          1 user thanked author for this post.
      • #2315077
        glnz
        AskWoody Plus

        Happy Turkey, everyone.

        Question for my Win 10 Pro 64-bit v1909 PC, which also dual-boots Win 7 Pro 64-bit: There is also a new update for Intel microcode – KB4589211 – and my CPU (Ivy Bridge i5-3470) is on the list on the MS explanation page. So, should I run it?

        Thanks.

        • #2315084
          Bob99
          Guest

          I just looked at the bulletin from MS for KB4589211, and it doesn’t list Ivy Bridge anywhere in the list of affected processors. Click on the individual blue links in the bulletin that list the affected CPU’s by date, and you’ll see that Ivy Bridge isn’t listed under any of the individual dates by MS.

          The latest round for November only affects Avoton, certain versions of Sandy Bridge, and Valley View/Baytrail processors from Intel according to the latest version of KB4589211, which is why it was re-released. If you’ve previously installed it because of having been offered it before by WU, then you’re all set for now.

          If you’ve seen your processor listed on one of the Intel security advisories, then see if your system or motherboard manufacturer has any BIOS updates that include the new microcode released by Intel for your Ivy Bridge processor.

          R/

          Bob99

          • #2315092
            Bob99
            Guest

            Ok, mea culpa, I didn’t look far down enough in MS’s bulletin. Ivy bridge is indeed listed, but what MS did was copy/paste a select portion of the table from one or more of the Intel security bulletins into their own advisory.

            Please look through the  following Intel security advisories to find exactly which one lists your processor: SA00233, SA00389, and SA00381. My money is on your processor being listed in SA00233, which is a biggie that came out earlier this year and is what prompted MS to initially issue KB4589211 in the first place, I believe.

            To go back to my initial statement in the post #2315084 above, though, Microsoft doesn’t list your processor’s family at all in their drop-down lists that you get by clicking on the blue links labeled “Intel CPU products updated on (a given date)”, you have to dig down through the rest of the bulletin to find it listed (surprise, surprise), and then they’ve merely copy/pasted a select portion of a chart from who knows which one or ones of the Intel security advisories I listed above.

            My sincerest apologies for the oversight.

            R/

            Bob99

            • #2315100
              bob99
              Guest

              @glnz , I have a further update for you! After looking through Intel security advisory SA00233, I found a listing in the chart in that advisory stating that your processor’s entire family will not be getting any new microcode updates after June 2020:

              2. Ivy Bridge
              3. Ivy Bridge Xeon E3
              (2,3. RETIRED: No new MCU updates starting June 2020)

              That note is very early on in the expansive chart’s listings.

              The chart’s first column lists a type of processor Id that Intel assigns to its processors (in your case 06_3AH). The second column lists the stepping of the processor (9). The third column lists the processor’s code name or microarchitecture (1. Gladden, 2. Ivy Bridge, 3. Ivy Bridge Xeon E3). The charts 4th column lists the actual processor’s Product Family (1. Legacy Intel® Core™ Processors Legacy Intel® Pentium® Processors Legacy Intel® Celeron® Processors Intel® Xeon® Processor E3 Family,  2. 3rd Generation Intel® Core™ Processor Family Intel® Pentium® Processor Family Intel® Celeron® Processor Family, 3. Intel® Xeon® Processor E3 v2 Family). Finally, the chart’s 5th column lists the exact processor numbers covered by all the technospeak in the previous four columns, and that’s where your exact processor is listed as being affected by this security bulletin.

              So, in a nutshell (albeit a big one in this case 😉 ) after June of this year, Intel hasn’t released any more microcode updates for your processor’s entire family.

              What this means is that if this bulletin gets updated in the future because Intel finds more security holes, your processor won’t receive the fixes, unfortunately. Since this bulletin covers a lot of ground, you may wish to see if there are indeed any BIOS updates available from your system or motherboard manufacturer and install them. That way you’ll be as protected as you can get.

              Wish I had better news!

              R/

              Bob99

              • #2315125
                glnz
                AskWoody Plus

                Ok, bob99 – I think you mean I should NOT run KB4589211 – correcto?

                Happy T.

              • #2315171
                Bob99
                Guest

                Yep, at least that’s my interpretation of the bulletin from MS. Since they didn’t list your chip in the lists under the “clickable” listings with the release dates, I’d say that they don’t have any microcode for your CPU. If you look under the listing for November 10th, you’ll see that only four or five different families are listed, none of which is Ivy Bridge.

                To top it off, by their own admission in bulletin SA00233, Intel isn’t going to release any more microcode updates for your CPU’s entire family anyway.

                If anyone else has a different point of view, please feel free to chime in, as these words (and the ones in the posts above) are just my interpretation of what I’ve found for information related to @glnz ‘s original question about KB4589211.

      • #2315083
        anonymous
        Guest

        I have sort of a related update question.  I am currently sitting with

        Win 10 Pro
        1903
        12/7/2019
        18362.1139

        I am basically a noob to this Win 10 universe.

        The computer is now offering (read: demanding) a Feature Update, which I had set to be delayed the longest time possible (365 days) when I got the computer about this time last year.

        The update lists as: Feature update to Windows 10, version 1909

        Are there any precautions I need to do before allowing the Feature Update to process (other than the normal backup operations)?

        Many thanks,

        -Mark

        • #2315086
          PKCano
          Manager

          Versions 1903 and 1909 have the same core, receive the same CU and SSU.
          V1903 will be EOL on Dec Patch Tuesday.
          You will probably not even notice the difference between the two versions.
          I would recommend going ahead and upgrading to v1909 at this time.

          1 user thanked author for this post.
          • #2315089
            anonymous
            Guest

            Thanks for answering on Thanksgiving!

            I guess i should probably also create emergency recovery media based on the current system before updating, correct?

            • #2315094
              PKCano
              Manager

              Not only a rescue disk, but a full disk image using backup software, so you have something to fall back on if it goes pear shaped.

              But that upgrade should be easy after you make the image.

              • #2315484
                MarkF
                AskWoody Plus

                Interesting or odd??

                After doing backups, etc., I allowed the feature update to run.  When I checked the About section after the update, it now shows

                Win 10 Pro
                1909
                12/7/2019
                18363.1198

                The only things that changed was the version and build… but the date didn’t change… is that a result of 1909 being just a “variant” of 1903?

              • #2315490
                PKCano
                Manager

                1903 and 1909 have the same core (base), hence the same date. The difference is, that the Feature pack is turned ON in 1909 but not in 1903. So the upgrade is basically flipping the switches.

      • #2315198
        WCHS
        AskWoody Plus

        After running the Windows 10 November patch(es) – version 1909, has anyone run into a) any problems with opening Office 2016 or b) problems when Office 2016 tries to update?

        I can’t get 2016 Word or Excel to open … a full description of the problem is at Office 2016 Home and Student Word and Excel will not open .

      • #2315213
        DrBonzo
        AskWoody Plus

        Minor glitch to report for a Win 8.1 Pro x64 computer:

        After installing the .NET rollup (KB4586085), upon restart the computer failed to connect automatically to wi-fi. When I connected manually I saw an unchecked box for ‘automatically connect’as well as a ‘connect’ box. I ignored the former and clicked on the latter, after which I as connected without issue. I waited a few minutes, shut down, then started (as opposed to another restart), and wi-fi was connected automatically.

        Exactly the same thing happened with the November Rollup (KB4586845).

        Everything seems fine now.

        1 user thanked author for this post.
      • #2315427
        agoldhammer
        AskWoody Plus

        I always set the updates to take place on the last Saturday of the month.  Today everything went smoothly on my Win 2004 Pro machine including the Intel CPU microcode update.  I was offered the 20H2 feature update as a separate download and did not select it.  I’ll wait on that one.

      • #2315793
        anonymous
        Guest

        Installed the updates over the weekend. I downloaded KB4586786 and KB4586863 from the Update Catalog. Since there were no .NET security patches I decided to skip them this month. I updated a Parallels Desktop virtual machine on my Mac and then went on to update my Acer laptop. Both are running Windows 10 v1909. Both updated with no problems.

        I did notice that, this time around, Disk Cleanup didn’t show “Windows Update files” when I ran it. Normally they appear after installing updates from the catalog. Other than that though, nothing caught on fire.

        Hope 2020 ends on a quiet note.

      • #2316073
        anonymous
        Guest

        Hey guys-is it safe to install KB4586878 or not? Need clarification on that update because gonna install the cumulative nov update tonight-the safe updates.

      • #2316190
        L95
        AskWoody Plus

        I have Windows 7 with Extended Security Updates.   I just finished installing all the Updates for November,  but no Servicing Stack Update (SSU) showed up at the end.   Was this another month where there was no SSU issued for Windows 7 ESUs?  (see posting for September by Microfix on October 2, 2020).

      • #2316344
        rebop2020
        AskWoody Plus

        One of the reasons I subscribed to AskWoody is topics like this:) I’m sure there are many discussions on updating and read some, but forgive me for asking what is likely not the first time asked.

        I am on 1909 Pro. For the most part everything works well. I have three things that do not but none mission critical. I have started threads on each here in the last day.

        I hate, rather abhor that M’soft forces, or tries to force UPDATES that break things. Horror stories are everywhere on 2004 and 20H2. For that matter I have done two updates from 1803/1903/1909 and I have a list of 60 things the updates change from my choice of icons, adding “shortcut” back to icons, reset my disabling of the touch screen, enables some telemetry again, disabling system restore, gpedit changes, regedit changes, etc. Last update was the least invasive with only 26 things I needed to revert / redo. I hate this. Happy to post a list somewhere isf anyone interested.

        So, I have hidden KB4023057, the Feature Update to 2004 and this wonky 2006 Printer Update that failed to install anyway (see another topic).

        I know I will be forced to update features some day (true?) so question is should I be doing 2004 now? Wait. What is the expert recommendation?

        PS. I never see a feature update separate from others in Windows Update as I have seen others post. I have never seen an update show as “optional” either. Could something there be amiss?

        • #2316349
          PKCano
          Manager

          If you have Quality deferrals set, you may not see the Optional list. If you have Feature deferrals set you won’t see the Feature Updates till the deferrals run out. If you set Pause you won’t see anything until the Pause runs out or you Resume updates.

        • #2316377
          Susan Bradley
          Manager

          1909 doesn’t drop out of support until 5/11/2021

          Windows 10 Home and Pro – Microsoft Lifecycle | Microsoft Docs

          I’d like to see Microsoft fix the Conexant issue first before the masses move to 2004.

          Susan Bradley Patch Lady

      • #2316355
        rebop2020
        AskWoody Plus

        If you have Quality deferrals set, you may not see the Optional list. If you have Feature deferrals set you won’t see the Feature Updates till the deferrals run out. If you set Pause you won’t see anything until the Pause runs out or you Resume updates.

        I don’t think that is quite it, but maybe. My workflow is wait until I get an Alert that I need Some Updates. I click that. It will show all together whether it includes a Feature, a Driver, an Office Update. When there are , no separated Feature nor anything shown as Optional.

        I close.

        I go to wushowhide and hide the feature if there and anything I choose not to update based on searching the KB# and finding the consensus experience. Like for ‘057 where most if not all say treat like the plague.

        The next day I will get a new Alert I Need Some Updates and I click the alert. Now ONLY what I want to install is there.

        So even though a GPEdit to delay CU 7 days and Feature 45 (I recall). No pauses set.

        This is why I am suspect there is something else going on.

    Viewing 36 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 4 – It’s time to Patch for Nov

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×