ISSUE 19.08.1 • 2022-02-22 By Susan Bradley For the first time in an extremely long time, this month of patching has been so quiet that I’m changing t
[See the full post at: MS-DEFCON 5: A very quiet February]
Susan Bradley Patch Lady
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » MS-DEFCON 5: A very quiet February
ISSUE 19.08.1 • 2022-02-22 By Susan Bradley For the first time in an extremely long time, this month of patching has been so quiet that I’m changing t
[See the full post at: MS-DEFCON 5: A very quiet February]
Susan Bradley Patch Lady
A bug in 21H2 (both Windows 10 and Windows 11) leaves user data after the wipe/reset.
https://call4cloud.nl/2022/02/the-dark-and-the-windows-11-remote-wipe/
This blog will be about my experience when performing a remote wipe of Windows 10 and 11 devices in Intune! I noticed some weird and awful behavior when remote wiping Windows 10 and 11 devices in Intune..
More : https://www.ghacks.net/2022/02/21/windows-10-and-11-wipe-feature-leaves-data-behind-in-21h2/
I don’t rely on wipe/reset to remove data. If you really want to ensure your data is gone, either smash up the hard drive or do a dod wipe. Most corporate places do a redeployment of the operating system. Also if you scroll down the support folks indicate it’s expected behavior? It may not be a bug but a change in 21H2.
Susan Bradley Patch Lady
Microsoft confirms reset/wipe bug.
Windows 11 known issues and notifications
Files might persist after resetting a Windows device
Synced OneDrive files might not be deleted when selecting the “Remove everything” option when the device is reset.
Hi Susan,
Many thanks for your continuing advice. Could I please clarify one issue? For Windows 10 your master patch list still advises against installation of KB5010415 and KB4023057. Is that intentional and should we still defer them?
Hey Robert,
my understanding is that you should still defer both KB5010415 and KB4023057. This is because:
– KB5010415 is a preview update and Susan’s advice is to avoid previews unless you need to install one because it fixes any specific issue(s) you are having with Windows;
– KB4023057 is the pesky update that MS regularly drops to do some “maintenance” to facilitate Windows Update into upgrading your current version of Windows 10 to the latest version. You don’t need this for Windows Update to work correctly (I’ve been deferring all new instances of KB4023057 for years now without any ill effects).
Hope this is helpful!
Susan – thanks for everything.
Question re Gibson’s InControl:
As it seems to cover more registry keys than your manual version control hack, how does InControl interact with “Resume Updates” in Windows Update? (I’m Win 10 v 21H2.) Now that I’ve turned on InControl, what happens if I hit “Resume Updates”?
Will I get only your recommended 2022-02 updates (5010342 and 5009467), or more?
Thanks.
(PS – you say “see note below” for 5005463, but I could not find the “note below”.)
I must say (and I hope I won’t regret saying it) that Windows 10 Home 21H2 does feel like Microsoft has finally “finished” building this operating system (after six and a half years). I am happy and content with its performance, and glad my 7th generation processor doesn’t qualify for Windows 11 upgrade. I finally feel like it is worth purchasing SSD’s for my two Windows 7 x64 SP1 desktop PC’s so that I can install 21H2 on them, too. Now that Windows 10 is finally working in a stable and reliable fashion, I have zero desire to join the unpaid beta testers now helping Microsoft finish building Windows 11. How long will that take, another five years? Advance apologies to Manager b, Microsoft’s resident defender.
Anonymous – just in case you don’t already know how to do it, TenForums has a great tutorial on upgrading Win 7 to Win 10 while keeping your apps and files. It worked for me very nicely ten days ago. And it did not prompt me for a license code — it apparently accepted the existing Win 7 CoA license even though it was OEM, and the Win 10 is “activated”.
Then (if needed) TenForums has another great tutorial on changing from BIOS MBR to UEFI GPT, again without losing data (using MS’s native mbr2gpt.exe).
Obviously make backups first on each occasion!!!!
I also did a “before” screenshot of my Win 7 desktop because the upgrade to Win 10 does rearrange those icons . But nothing appears to have been lost.
Also, the website TachyTelic.net has interesting articles about upgrading your HDD to an SSD that is NVMe M.2 on older Dell PCs that normally cannot boot from an NVMe M.2. I will be trying that technique shortly, but a number of commentators indicate that it worked.
how does InControl interact with “Resume Updates” in Windows Update?
InControl doesn’t manage monthly updates. InControl, when on, just blocks feature updates and keeps Windows 10/11 at the set version 21H1, 21H2…
When we go to View update history on the Windows Update screen we get the following message,
“2022 – 02 Formative Update for Windows 10 Version 21H2 for x64 – based Systems (KB5010342) Failed to install on 2/22/2022 – 0x8007000d”
Just made an attempt to “Retry” the update and the progress was as follows:
The following is a summary of the workstation’s Windows installation:
We are not having the update problem on any of our other Windows 10 PCs.
From Error 0x8007000d installing windows updates – Microsoft Community:
Method 1: Windows Update Troubleshooter
I suggest you run the Windows Update Troubleshooter and check if you are able to install Widows updates.
Method 2: Clean boot
Try booting your PC in clean boot and attempt to install Windows updates. Refer to the article on How to perform a clean boot in Windows
Note: Clean Boot starts Windows with a minimal set of drivers and startup programs, so that you can determine whether a background program is interfering with your game or program. Also, you may not be able to use some programs in clean boot.
Note: Please refer the section Reset the computer to start normally after clean boot troubleshooting to boot the computer in to normal mode after troubleshooting.
Method 3: If the update has failed to installed, you may download and install the update manually by accessing the Microsoft Update Catalog and typing in the KB article number of the failed update.
Method 4: Reset Windows update components in Windows
I suggest you Reset Windows update components in Windows and check if you are able to install Widows updates.
Method 5: Fix Windows Update errors
I suggest you refer and follow the suggestion on how to Troubleshoot problems updating Windows 10
--Joe
Joep517
Thanks for helping us address our update problem.
Now we need to decide the most productive way to address the update error problem. As alternatives to your suggestions, we are considering:
According to Microsoft the error code you are receiving:
“Indicates data that isn’t valid was downloaded or corruption occurred. Attempt to re-download the update and start the installation.”
WU is pretty good about trying to figure out what has been downloaded already. If something is corrupt but WU itself may not detect the corruption it may not redownload. Based on that you ought to try resetting the WU components. That involved downloading and running a script. Make an image backup of the system before you run the script so you have a recovery point.
--Joe
We have “re-downloaded” the update and started the installation multiple times – the update downloads and installation begins reaches 100% and then the error is announced.
Is it a problem with the update or a problem with the 3existing Windows 10 installation?
It is not the SSD drive that has completed the two hour Western Digital Data LifeGuard Diagnostics tests.
Windows has now been updated. We reinstalled Windows from a HP recovery USB; updated windows; reinstalled software; imported document, downloads, and pictures from an external drive; imported Outlook pst files from an external drive; and tweaked windows.
Once we are comfortable that all is well, we will clone the C drive onto an external drive and do so monthly moving forward.
We spent a significant amount of time trying to install the February updates by:
Out of frustration we rebooted the HP work station by pressing the F11 key during startup and doing a full system recovery as outlined above.
Never again. While we run Acronis backups daily, we will not totally rely on them moving forward.
Instead, as soon as we are comfortable that the system that was giving us the problem is running the way we want, we will clone the C drive to a dedicated external drive and systematically copy data files to second external drive. We will do this for all of our PCs
Then, if we have a problem moving forward, we can use that machine’s external cloned drive to recover the systems SSD “C drive” and recover data files using Acronis or the copies stored on the second external drive.
We hope that by using this method, recovery will be quick and easy.
External drives are cheap. A 2 TB WD My Passport is available from Western Digital for $64.99 US.
InControl has 3 more registry keys than the AskWoody version:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DisableOSUpgrade = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
DisableOSUpgrade = 1
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeNotification
UpgradeAvailable = 0
SHould these be added or are the 3 keys we have already added definitely sufficient?
Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie
I regret to report that my today’s Windows update bricked my 2 year old high end Acer laptop. After the install, on reboot, it stalled on the Acer splash screen.
Out comes my 16 month old Reflect clone on a USB drive, and via the bios, I open Windows to see my just in-use c drive shown as “raw” by the Windows “Computer Management” screen, and if I try to open this drive, Windows says I need to format this drive.
After the windows update fail, I first tried many things, and one of them said “Unmountable boot drive” so I figured the update trashed some of the boot files. However, with this report of the drive now being “raw”, it seems one of two things happened. Either the Windows update turned my NTSC c drive to raw, or exactly at the time of the update, my c drive had a hardware failure.
Does anyone have any suggestions?
The rebooting process will often expose underlying hardware issues. That said, were you using any sort of ReFS file system?
If you have a spare machine, go to a store (or these days order from Amazon) an external usb enclosure. Place the hard drive in the enclosure and see if the drive is readable from another computer. Run tests on the drive in the external location.
My guess is your hard drive died, not that the update triggered the problem.
Susan Bradley Patch Lady
Thanks for the reply.
No, no ReFS.
In the laptop, my c drive was an Intel 660p 2TB M.2 ssd. If the HW failed, why would it show up now in computer manager asking to be formatted? I will wait to test it in the external enclosure before trying to reformat. Intel has dropped these ssd’s so perhaps that supports me having had a hardware failure.
Bill
That is the standard message when a disk drive is no longer recognised. It does not mean the drive is OK, just that it has changed since last used.
There are any number of reasons for that issue, hard drive failure being one.
This is why we suggest regular backups – pardon the Captain Hindsight moment. 🙂
cheers, Paul
Thanks for that info.
Regarding the need for backups, I had Reflect set up to do a daily backup so I thought I was ok.
When I booted from the 16 month old usb clone of the OS, Reflect showed my daily Reflect backup settings to backup-ed to drive F (one of two non-OS drives on my laptop), which should have been my way out.
For reasons not clear to me, I found on drive F only an empty Reflect backup folder.
I do not remember changing the backup settings over the last 16 months, but either I did, or the reflect backup files were lost in the update.
Thanks for the help and suggestions, in any case.
This is why I do an incremental backup before updating Windows, and then reboot. If that reboot fails, it is clearly nothing to do with the update! It also gives Windows a nice clean environment to update.
(If the reboot does fail, then restoring the whole system from the backup may simply restore the problem, but the backup will contain your current data files which can (with Reflect anyway) be restored individually after fixing the real problem, even if that involves new hardware and/or re-installing Windows.)
ISSUE 19.08.1 • 2022-02-22 By Susan Bradley For the first time in an extremely long time, this month of patching has been so quiet that I’m changing t
[See the full post at: MS-DEFCON 5: A very quiet February]
Why… “For those of you running Windows 10, I am now recommending 21H2 as the feature release that you should be on”?
Why… “For those of you running Windows 10, I am now recommending 21H2 as the feature release that you should be on”?
Because: why not? You’ll have to do it eventually, and now, while the monthly patches are stable, is as good a time as any. Backup first of course.
February patches installed with no problems to report on Win 8.1. 🙂
Installation Successful: Windows successfully installed the following update: 2022-02 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 for x64 (KB5010583)
Installation Successful: Windows successfully installed the following update: 2022-02 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5010419
Win 10 ver. 22H2 x64
Finally updated also my Windows 10 Home 21H2 PC with the following February patches. Download/installation performed through WUMgr, no apparent ill effects to report after installation:
– KB5010342 => 2022-02 Windows 10 21H2 CU
– KB5009467 => 2022-02 .NET Framework CU
– KB890830 => MSRT v5.98
– KB5002156, KB5002146, KB3172514 => Various Office 2013 patches
FIY, as regards .NET Framework update I installed the “regular” CU released on 8 February and skipped the “Preview” version released on 15 February. Also skipped the tedious KB4023057 (apparently now this get pushed even when you are on the latest Windows 10 versione, here 21H2).
either smash up the hard drive or do a dod wipe.
It may not be a bug but a change in 21H2.
I am sure this is a new bug.
Owners who want to pass their pc to family members or sell the PC usually run reset to get a clean windows OS. None want his personal data to stay on the PC.
Just for laughs, I did a search. Last time was January 19, 2020.
https://www.askwoody.com/forums/topic/ms-defcon-5-get-your-systems-patched/
A couple posts down Kirsty posted the time before that was March 2, 2017.
Win 8.1 (home & pro) Group B, Linux Dabbler
Sorry – dumb question for my Win 10 Pro 64-bit v 21H2 – with the Master Patch List “Install” suggestions, are we manually downloading those designated KBs from MS Update Catalog and installing them on our own, or do we just hit “Resume Updates” in our Windows Security?
If we’re manually downloading from MS Update Catalog, then how do we get the monthly Malicious Software Removal Tool?
Thanks.
If we’re manually downloading from MS Update Catalog, then how do we get the monthly Malicious Software Removal Tool?
MSRT is available for download at;
Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge
b – thanks. Your link led to a version from (apparently) August (or maybe the date convention is UK). But I followed various links and the current (US) version seems to be at https://www.microsoft.com/en-us/download/details.aspx?id=9905
But my first question above?
are we manually downloading those designated KBs from MS Update Catalog and installing them on our own, or do we just hit “Resume Updates”
Use whatever method you want. I prefer to hide the unwanted updates and either wait a couple of days for WU to catch up, or use WuMgr to install.
cheers, Paul
WuMgr will allow you to hide unwanted updates. See these threads.
https://www.askwoody.com/forums/topic/guide-to-using-wumgr-for-windows-10-updates/
https://www.askwoody.com/forums/topic/wumgr-options-panel-settings-for-win10-pro-what-do-you-use/
cheers, Paul
After spending hours and experiencing numerous failed attempts to install KB5010342 we are faced with a decision:
Your thoughts would be appreciated.
For background you can page up in this thread.
It is possible that waiting until the next cumulative update might work but I wouldn’t count on it.
You have a backup from January 28th. I believe you said that was before the January updates. Were those updates successful? You could try restoring to that backup and going straight to the February cumulative updates.
Did any of the fixes you tried include using DISM and SFC?
A fresh start would be the last thing I’d do. That always ends up taking longer than I think. Just make sure you have all the installation media for your software or that you can download the correct version. Make sure you have all the software keys for those apps that need it.
--Joe
On my 21H2 Home system, I am being offered “February 15, 2022-KB5010472 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10″ but cannot find it listed in the Master Patch List, nor in any forum posts here.
Am I just searching wrong?
Edit: Looking more carefully, I do see it mentioned in the #2427683 post above. But I don’t have any other .NET updates offered instead.
In more detail, I was trying to improve my record keeping of patches offered vs. what that Master Patch List status had, and what I did.
At the time I checked last month, “2022-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for x64 (KB5008876)” as set to “Defer” so I hid it. But later it got changed to “Install” but I could no longer see it offered. So I figured I’d catch up next (this) month. But now all I get is the next “Preview”.
From general forum reading over the years, I know that .NET updates have been problematic, so do not want to make any effort to get them, unless known to be safe.
(This behavior may be due to my using WuMgr, and not having the “Include superseded” option checked.)
I am Win10/Pro 21H2. I am using Firefox 97.0.1 as my browser. My GP settings do not permit the non-security Patch Tuesday Feb .NET CU to appear in the WU queue. (The GP settings WILL permit it to appear in the WU queue if it IS a security patch, though). But, I want to keep the reliability of .NET up-to-date, so I went to the MS-Catalog to get the file. When I tried to use (three times) the Standalone Installer, I get this security-risk message (attached).
I have also tried to save the file and install it that way, but Firefox will not download the file because it says, again, that it is a security risk.
What is going on here? Why is Firefox objecting? Should I use Chredge (not my usual browser) instead?
Hi WCHS, I noticed this happening also, awhile back, see this AskVG website for good information, basically it has to do with http and not https.
File Not Downloaded: Potential Security Risk Error Message in Firefox
– Last updated on October 9, 2021 by VG
https://www.askvg.com/fix-file-not-downloaded-potential-security-risk-error-message-in-firefox/
If you click on the error message, Firefox opens the message in details,
and you can click “Allow download” box to continue.
Check out Woody’s post from February 16, 2018:
https://www.askwoody.com/forums/topic/microsoft-using-insecure-http-links-to-distribute-security-patches-through-the-update-catalog/
This topic has 54 replies, 22 voices, and was last updated 4 years ago.
After reading your reply, I clicked on the MS-Catalog download button, clicked on the .msu file in the window that came up, and selected the Standalone Installer (since I didn’t want to bother with saving the file and executing it afterwards). I got the ‘risky’ message each time. Nevertheless, I went through this routine three or four times anyway. Eventually, Firefox changed its mind and let the Standalone Installer kick in.
While we run Acronis backups daily, we will not totally rely on them moving forward.
I take it that you tried to restore a disk image made by Acronis and that it didn’t work properly?
we will clone the C drive onto an external drive
Cloning to external is of little value as you can’t easily slot the disk to use the machine, can only have one backup and waste space on the external disk. A disk image is much more efficient.
cheers, Paul
Perhaps this is a timely thing to have a look at: Here is an article that explains clearly, in my opinion, what cloning a disk is like and what, making a disk image, and how are they different in nature, in purpose and in the situations in which one or the other is the correct choice:
https://blog.storagecraft.com/disk-imaging-vs-disk-cloning/
And the macOs built-in procedure for making a disk image, explained step by step, for those of us with Macs:
https://support.apple.com/guide/disk-utility/create-a-disk-image-dskutl11888/mac
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
In the event of a system failure we can boot the PC from a cloned external disk and then clone the new “C drive” from the external disk.
Or replace the defective “C drive” with a cloned drive from a HDD/SSD external enclosure.
Then all we need to do is recover our working files from a backup.
Can we do the same using an external drive containing a disk image?
Here’s a regime used by @bbearren – Hardened Windows (bbearren.com).
He has been using this for a long time. He says that he can recover from a disk failure in 6 minutes after he has replaced the drive. The whole regimen may be a bit over the top for you but I’m sure if you start a thread he will answer questions.
You can start at Unleash Windows (bbearren.com) on his site for more background and details.
--Joe
Drives are cheap.
Some examples from Western Digital:
For us, it is a matter of the cost of time to recover vs. the cost of hardware.
I reported that this update seemed to have trashed my OS SSD, either directly or by bricking the SSD.
I have replaced the SSD with a Cloned SSD based on an old Reflect clone. The laptop booted and everything seemingly works.
The exception is windows update. After booting with the new drive using the Cloned OS, I did a windows update. When I look at “View Update History”, I see many correct looking updates. There are three problems that make me worry.
1. When I performed the Windows update, the computer booted almost instantaneously, quite unlike most Windows update processes.
2. Windows update says, “Your device is missing important security and quality fixes”, in red. I have repeatedly done “Check for updates”, and no new updates show up, and nothing changes. Been waiting and hoping for 24 hours.
3. Windows “Reliability Monitor” shows one key update done & Successful (KB4589211). Windows update history but NOT this reliability monitor say the following have been installed: KB4535680, KB5001716, KB4601556, KB5003169. Maybe that is normal?
No setting is stopping Windows update from installing these or any Windows updates taking place.
Anyone know how I fix/get rid of the Update message saying I am missing fixes, and are these 4 KBs listed installed?
I have not mentioned many “security” and “Excel”, etc updates that also might still not be installed.
Thanks.
Bill Bane
2. Windows update says, “Your device is missing important security and quality fixes”, in red. I have repeatedly done “Check for updates”, and no new updates show up, and nothing changes. Been waiting and hoping for 24 hours.
Which version of Windows 10 (at Settings, System, About)?
3. Windows “Reliability Monitor” shows one key update done & Successful (KB4589211). Windows update history but NOT this reliability monitor say the following have been installed: KB4535680, KB5001716, KB4601556, KB5003169. Maybe that is normal?
Which are listed at Installed Updates (via Uninstall updates at the top of Update History)?
Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge
b,
Thank you.
In System Info, I have windows 10 home, version, 10.0.18363 build 1863.
In the attached PDF you will see all the “installed updates”, and you will see that they were supposedly installed yesterday over a reboot that was instantaneous. Thus, I really wonder if they are all installed. That plus the constant Windows update message saying there are fixes that are needed.
Bill Bane
Build 18363 is version 1909 which has been unsupported since May 11, 2021 (which would be shown as the Version number at Settings, System, About). That’s what the (misleading) warning is about.
If Installed Updates lists an update then it is installed.
You may need to review whether you have blocked feature updates (via the registry or some blocking utility).
Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge
B,
Thanks again, but I am a bit confused.
Are you saying I do not need to worry about the warning?
If I am on Build 18363, which is not supported, how do I move to a supported build? I thought that is what Windows update did?
If there is a download that will update me to a/the supported build, can you tell me where to find it and/or what to search for?
Thanks again,
Bill Bane
Been online chat with Microsoft for 3 hours. They gave me this, but it fails with a very strange message about me not being allowed to use a USB thumbdrive, which I do not have connected.
The error term is Oxc1900201. When I look this up, I see a proposed fix. At https://answers.microsoft.com/en-us/windows/forum/all/windows-update-error-0xc1900201/be6b04a7-99a5-419b-8efd-77d6c82acab4 Does this make sense to try?
That error suggests issues with your machine. The easiest solution may be to download a Windows ISO, burn it to USB, boot from the USB and reinstall keeping existing data.
I would run SFC and DISM first.
cheers, Paul
Server 2012:
Installed the January update and the fix for DC issues – worked fine and was stable.
After hearing the February updates were good, installed the security only update and the .net monthly rollup.
Broke one DC – in accessing AD would get messages that Active Directory server was unavailable and the server would either lock or reboot.
Second DC, print spooler continually crashing.
Exchange server, upon boot no Exchange services would start – had to start them all manually.
There weren’t any Exchange updates released in Feb. The services not starting is normal and just a symptom of slow start/Exchange-ism on servers. Always check those services are running after you reboot for any reason.
What exact error messages are you getting as I’m not tracking any side effects like this in the feb updates.
Susan Bradley Patch Lady
Susan, at what time will you be recommending users to upgrade from Windows 10 to 11 in order to install Windows 11 without needing a Microsoft Account? I don’t want to miss out on using a local account for the installation, even though I’m not excited to move off of Windows 10. Will you please address this in a separate article soon? Thanks!
I haven’t updated since fall when moved to Win 10 Pro. Are these updates safe to install ? And how do I defer KB4023057 ? Do I have to decide 1st to install 21H2 before installing Windows Updates?
Last I remember was 21H2 didn’t offer any worthy things for regular consumer users…so why is the new recommendation is to install it ?
List of Important Updates:
Windows Malicious Software Removal Tool x64 – v5.98 (KB890830)
2022-02 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5010342)
2022-01 Update for Windows 10 Version 21H1 for x64-based Systems (KB4023057)
2022-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1 for x64 (KB5008876)
2021-10 Update for Windows 10 Version 21H1 for x64-based Systems (KB5005463)
Optional Updates: None
A post I read in here ( MS-DEFcON 5: A very quiet February) of having serious PC issue after getting failed to install error for February Updates has me scared to install it because I don’t want same thing happen to me and I’m not tech savvy enough. Even though I see Feb. Updates is marked Defcon 5.
*I have done the group policy to keep PC on 21H1
Windows updates for my 2014 Custom Built PC with Win 10 Pro Intel i7-5820K 3.30Ghz on Version 21H1 10.0.19043 Build 19043
Are these updates safe to install
The updates are OK to install, but you should make a backup to external HDD beforehand – you can never have too many backups.
KB4023057 is a “health check” update from May last year, but seems to have been rereleased.
KB5005463 is another “health check” update.
You have done the group policy thing so they won’t make your machine update.
cheers, Paul
a) Do I have to decide 1st to install 21H2 before installing Windows Updates? What is the recommendation of what order to install first to ensure no issues?
I don’t know if I install and (defer when needed) current updates first then install 21H2, will this cause WU list populate with the same Updates(just installed) but with different KB number.
b) Deferring KB4023057 (like how I did in the Fall) & KB5005463 with wushowhide is an option too..right & in my not high tech skill brain will act as an extra layer of forced update your machine prevention (even with Group Policy in place) ?
b2) After installing the Updates, will the November 2021 and December 2021 Update appear in my WU List ??
c) And even before installing, I will be changing my Group Policy to 21H2, right.
d) Last I remember was this Fall or Summer, that 21H2 didn’t offer any worthy things for regular consumer users…so why is the new recommendation is to install it (even with the confirmed bugs in today’s DEFCON 2 post) ? I guess I’m just looking for re-sureness/ its going to be fine. Or should I still wait…
I read those, but question d) still stands/not fully answered that’s why last sentence I said I’m looking for re-sureness/ its going to be fine. Since I read Susan’s recent post/newsletter on front page saying about bugs found in 21H2 which makes me nervous since I am not tech savvy ( but don’t get me wrong I trust Susan).
Question d) expresses what my worries and hesitance…I’m always hesitant when it comes to installing. I just don’t anything to go wrong with my PC afterwards.
the ‘bugs’ in 21H2 have to do with ‘resetting’ the PC when you plan on turning your PC over to someone else because you don’t want the PC any longer. The data files on the PC are not completely wiped, as you might have thought they would be.
If you are not planning on turning your PC over to someone else because you don’t want it any longer, (in which case you might be thinking about ‘resetting’ it first before handing it over [not an advisable tack anyway]), don’t worry about those bugs.
It is my understanding that the level of “up-dated-ness” is the same, no matter whether you:
A) stay on 21H1, do Feb 21H1 updates, then upgrade to 21H2 by changing TRV from 21H1 to 21H2
OR
B) upgrade to 21H2 by changing TRV from 21H1 to 21H2, then do Feb 21H2 updates
I did A) because the Feb 21H1 updates were already waiting in WUSHOWHIDE to unhide and install. After the upgrade to 21H2, WU sent me KB5005463 and then later KB4023057, both of which I hid after WU gave me the ‘download’ button, but I did not download/install them, instead going to WUHOWHIDE to hide them, where I have kept them hidden ever since.
P.S. WU gives me the ‘download’ button, because in GP, I have ‘notify download/install’ set to 2
( Local Computer Policy | Computer Configuration | Administrative Templates | Windows Components | Windows Update | Configure Automatic Updates (enabled) Option 2-Notify for download and auto install )
I just don’t anything to go wrong with my PC afterwards.
Make a full backup to external HDD before the update and make sure you have a bootable rescue USB for the backup software.
I’m just looking for re-sureness
Reassurance is the word you are looking for.
We can reassure you that all will be well, as it has been for us.
cheers, Paul
The patches are cumulative. (If you look in WU’s Update History page, you will see “Cumulative Update” in the name of the updates. 🙂 ) That means that the current update (as of today, it is the February Cumulative Update [CU], released February 8) incorporates the Nov and December CUs.
I’m stuck.Trying to defer two updates, I can’t clear the WU cache by Clicking on “Pause updates” ONCE. After using wushowhide to hide the KB 5005463 and KB 4023057. but, the Pause Update for 7 days Text/option is greyed out and it says underneath it Get latest updates to pause again(also greyed out). I am following steps given to me as a reply in my past Topic in the past to follow every time when need to defer in the future by PKCano.
So, how do I clear my WU cache now?
I am also going to installing 21H2 and(as recommended in Susan’s recent post/newsletter, since we are under a rare DEFCON 5 after the updates.
I use group policy set to 2 and my Network Metered Connection has always been OFF.
If you have Win10 Pr0 and have the “2” set in Group Policy, and you have hidden KB 5005463 and KB 4023057 with wushowhide, then you Pause updates and as soon as it’s paused, you Resume updates. That will cause WU to search for updates. But the ones you have hidden will not be in the queue, only the ones you have NOT hidden.
It won’t let me Pause the updates. I can’t click on this Text,”the Pause Update for 7 days” Text/option because it’s greyed out and it has smaller text underneath it saying “Get latest updates to pause again” which is also greyed out.
I hope I don’t need to/forced to wait up to 36 hours for WU to check for updates and clear the queue before I can safely install the updates.
I have Win10 Pro and have the Group Policy set to 2 and have hidden those two KB with wushowhide.
Also, my Network Metered Connection has always been OFF. And the steps that you gave me in Oct. 2021 didn’t have anything about metered connection (just wanted to let you know).
I am also going to installing 21H2 and(as recommended in Susan’s recent post/newsletter, since we are under a rare DEFCON 5 after the updates.
If your “Pause Updates” is grayed out, it’s because you have clicked on it MORE than the maximum number of times (5). Once you reach that maximum of 35 days (one click represents 7 days on Pause, 5 = 35 days) you have to install updates before you can click on it again. All the procedure requires is ONE click on Pause.
If you have hidden KB 5005463 and KB 4023057, click on “Resume Updates” to cause WU to search for updates and install the unhidden updates.
a) The Pause Updates text was already greyed out when I got to the pause once step yesterday. Button hasn’t changed to Resume Updates ( I don’t have Resume Updates available).
Yesterday, I clicked on the greyes out Pause Updates Text anyways & waited a bit then clicked again & no indication that Pause worked.
I have not clicked Pause since I last upgraded to Win10 & updated PC in the fall when I followed your steps.
a 2) When I open my PC today, if WU doesn’t check for updates by itself in order to clear its Queue. Then what can I do to not install those two KB that I hid?.. like trying out something I heard about turning On Network Metered Connection…
b) Is it safe to update and then install to 21H2 with my new/never had before Wake issue which occurred yesterday? I left Desktop on for 3 hrs & it went to deep sleep/hibernation. But, when I clicked my mouse, PC tried 20 times in 20 seconds to fully wake up until after trying twice in holding down PC’s Power Button. Then it was able to wake up & I shut down quickly in fear that it’ll start acting up again.
In same Desktop when it was on Win7 Pro it went thru periods of time when it either won’t stay shutdown or will take 4 times trying different methods before staying shutdown. I fixed it before upgrading to Win 10 Pro.
Button hasn’t changed to Resume Updates ( I don’t have Resume Updates available).
Are you using Group Policy to Defer updates? You need to check that you are not doing so
Have you used wushowhide to hide the Cumulative Updates in addition to KB 5005463 and KB 4023057?
Are you using, or have you used in the past, any other third-party software to block updates or Windows update sites? Did you install WUMgr in the past and is it still installed?
If not, “Resume updates” should show up below the queue.
1) Yes, Group Policy has been set to 2 since I followed your Guide post/forum and was told in my Topic of being forced to upgrade to Win10 Pro.
I am confused…shouldn’t it be set to 2 to control when to update & your Reply from yesterday said “If you have Win10 Pr0 and have the “2”set in Group Policy, and you have hiddenKB 5005463 and KB 4023057 with wushowhide, then you Pause updatesand as soon as it’s paused, you Resume updates. That will cause WU to search for updates.”
Huh, I thought it was confirmed that February Cumulative Update KB 5010342 is safe since it was given DEFCON 5….why should I hide this one ??
2) Yesterday, I used wushowhide to only hide the KB 5005463 and KB 4023057 since I got a reply here saying Feb. CU update and the other Updates(listed in previous main post in here are safe to install. My post link (link below) with list of Updates in WU before any hiding https://www.askwoody.com/forums/topic/ms-defcon-5-a-very-quiet-february/#post-2428990
3) WUMgr was never installed since in the Fall I saw other people having learning issues with it.
4). I finished turning On my PC to see if the Resume Updates Update has appeared on its own or if WU will check updates by itself. What I see is WU has checked for Updates on its own and there’s still only a Download Grey Button right underneath list of available Updates.
No Resume Updates Grey Button right underneath list of available Updates.
Also, Pause Updates text still greyed out.
The “2” setting is NOT deferring updates. Defer Updates involves two OTHER settings in Group Policy. The “2” setting simply keeps the updates from downloading/installing until you click the “Download” button.
in the Taskbar search box, type winver and hit enter. What version and Build are you running? The Build will look like “1904x.nnn”
My Windows 10 Pro version is 21H1 and OS Build is 19043.1237
What are the other Settings in Group Policy that defers updates ?? What are the steps to get to those Settings ? I should check what they are set to.
Just to clarify that question, I’m not using now or in my few months old of a Past with Win 10 & No to when PC was on Win 7. Also, No ever using using any other 3rd party software or Windows Update Sites to block updates. Also, I have never even downloaded or installed WUMgr. I have only used wushowhide to hide Updates.
-Oh so, when you asked, “Have you used wushowhide to hide the Cumulative Updates in addition to KB 5005463 and KB 4023057?”
You didn’t mean that I needed to also hide the Feb. Cumulative Update (KB5019342) and the .Net Cumulative Update (KB5008876). Instead you were asking, if I had also hidden these updates.
I didn’t know that hiding the wrong Updates might cause the “Pause Updates” Text to be already greyed out when I got to the step of Click Pause Once…
*I haven’t checked today, to see if March Updates have appeared in WU queue list.*
Yeah, this Fall, this is the guide that I read and followed Steps of Post Section 5 Method 2 to set up WU Settings beginning with Win10 v2004 when I upgraded to Win 10 Pro. I read over again info and steps.
Under Section 5 Method 2:
I checked over my Deferral Related Group Policy Settings :
I Checked, “Select when Preview Builds and Feature Updates are received” and mine is Enabled and set to Zero. Would by any chance…setting to “not configured” instead will fix Pause Updates already grey out text??
I Checked the “Select when Quality Updates are received” mine is Enabled and Deferral is set to Zero
I picked to use TargetReleaseVersion settings Method
I never set a pause period.
Hi, @pkcano remember in early March when we were troubleshooting what is causing the Pause updates Button/Text to be already greyed out when I got to your step of need to clear the WU cache by clicking one time on Pause in order to get the Resume Updates Button to appear. Our conversation about this started post #2429717
Should I just click Download Button that’s right under the WU List (when it’s safe to install of course) ?
And just see if same issue happens the next time I do get around in installing Windows Updates in the future (I still end up not updating monthly). If it does, then start troubleshooting again ?
If you have “2” set in GP, hide the updates you don’t want (like the MS Health stuff) first.
The safest thing is to wait a day or two until WU searches on it’s own and the hidden updates will disappear from the list. Then click “Download” (NOT “Check for updates”).
If they don’t disappear, and you verify the hidden ones are still hidden, then you can click the Pause button ONCE (NOT double click), wait till it pauses, then click the Resume button. That will cause WU to search for updates and the hidden ones should not be in the list to download.
Ok, so you are saying Yes to my question of only option now to install updates is to click “Download” Button once I hide any updates that came in with March Updates ? Since we haven’t resolved, how the Pause button/text is still greyed-out without me clicking on it since the last time that I updated which was in the Fall (which is when I moved to Win10 Pro).
Hide the updates you don’t want.
Then wait a day or two until WU searches on it’s own.
The March updates should be in the queue and the updates you hid should be gone.
If that is the case, click the “Download” button.
If that is not the case (the updates you hid are still there in the queue), then you need to find out why Windows Update is not working (searching for updates), because if it does search for updates, the hidden ones will disappear.
Are you thinking/hoping that my Pause Button/it’s text already being greyed out without reaching max amount of clicks Issue will not happen again after install March Updates?
I wish I could manually clear hidden Updates from the WU queue by clicking once Pause button and so on, like how I did this Fall(when I moved to Win10 Pro) by following your guide instead of needing to wait for WU to search on it’s own.
Did you see my last March response/answer(full answer post #2430280 ) to what my deferral update group settings are set as? Which that they were enabled and set to Zero. Just like how guide said. And I never set a Pause period.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.