News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The morning after — I recommend that you hold off on installing this month’s patches

    Home Forums AskWoody blog The morning after — I recommend that you hold off on installing this month’s patches

    Viewing 16 reply threads
    • Author
      Posts
      • #2085230 Reply
        woody
        Da Boss

        Yes, I know that everyone + brother is now chanting, “Patch, patch, patch!” in response to the NSA-revealed Win10 Crypt32 security hole. I say it’s st
        [See the full post at: The morning after — I recommend that you hold off on installing this month’s patches]

        5 users thanked author for this post.
      • #2085242 Reply
        abbodi86
        AskWoody_MVP

        Take the leap of crypt 🙂

      • #2085247 Reply
        Seff
        AskWoody Plus

        Thanks Woody.

        I’ve seen the MS EOL notification for Windows 7 now, it appeared on switching both my machines on today. Let’s see if telling it not to appear again worked!

        1 user thanked author for this post.
        • #2085253 Reply
          woody
          Da Boss

          Keep me posted on that. I’ll have a bull-debunking article coming in Computerworld.

          4 users thanked author for this post.
          • #2085340 Reply
            Pim
            AskWoody Plus

            Woody, I have some input here as I have been looking into this thoroughly today. I had not changed or set any setting before today so I got the full experience. As of today every user on a Windows 7 computer will get the nag screen. I believe the only exceptions are when the computer is on a domain server or one has an ESU license installed.
            Because every user on the same system will get the nag screen, if you click on “Don’t remind me again” other users will still get the nag screen. For every user that selects “Don’t remind me again” there is a registry setting “DiscontinueEOS” with a DWORD value of 1 added to the newly created key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\EOSNotify. One could manually change that key to prevent the nag screen, but now that it is January 15th, one gets the nag screen before being able to set that registry setting. And if one selects “Don’t remind me again” it is already set, so there is not reason anymore to do that manually.
            Changing this HKEY_CURRENT_USER is the most commonly mentioned method on the internet to prevent the nag screen. However, Patch Lady has a better suggestion in the AskWoody Plus Newsletter Issue 17.1.0 – 2020-01-06: to set the same registry setting but not for HKEY_CURRENT_USER, but for HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\EOSNotify. I had not seen that suggestion elsewhere, but this one prevents the nag screen for all users on a system. Setting this registry key still makes sense today. If one has more than one computer my suggestion is to export the key (right click > export) and then import it on other machines by double-clicking it and confirm the import. Note: one has to be logged in as an administrator to be able to import a registry key.

            Another option is to disable in Task Scheduler under Microsoft > Windows > Setup both the tasks EOSNotify and EOSNotify2. I did this also, next to setting the HKEY_LOCAL_MACHINE key. For me it was not preventing the nag screen anymore, but to prevent those tasks from running. These tasks can run multiple times a day, which I think is a waste of time, energy and processor use. Some people only disable these tasks and do not set the registry setting. If one only wants to do one thing to get rid of the nag screen and only on one computer, this is the best way IMO. If one really wants to be certain that the nag screen does not appear again in case a circumstance or Microsoft enables the tasks again, then setting the HKEY_LOCAL_MACHINE key is a good addition. If one has more than one computer, then setting the HKEY_LOCAL_MACHINE key might be the easiest, because one can export it and then easily import it on other computers.

            ASRock Beebox J3160 - Win7 Ultimate x64
            Asus VivoPC VC62B - Win7 Ultimate x64
            Dell Latitude E6430 - Win7 Ultimate x64
            Dell Latitude XT3 - Vista Ultimate x86 (still...)
            Asus H170 Pro Gaming - Win10 Pro 1809 x64

            • This reply was modified 8 months, 2 weeks ago by Pim.
            3 users thanked author for this post.
            • #2085475 Reply
              OscarCP
              AskWoody Plus

              Pim writes: “If one really wants to be certain that the nag screen does not appear again in case a circumstance or Microsoft enables the tasks again, then setting the HKEY_LOCAL_MACHINE key is a good addition.” (This if one has only disabled the two EOSNags in the Task Scheduler, as I already have.

              Question: after EOS there will be no more patches coming from MS, other than for Office (but only until October in the case of Office 2010, the version I have) and, according to Woody (in his “Separating the Bull from the horns” blog) perhaps also for .Net. Given that, how is MS going to override the disabling, in my PC, and enable once more the two EOSNags? And if MS does re-enable them by way of the January patches, and I disable the Nags once more after I finally apply those final patches, never again to repeat such action other than for Office 2010 and (maybe) Net, what could MS do then? If it uses the Office, or the .Net updates to restart the nagging, I’ll just disable it once more and never again accept any patches other than those that might, very occasionally, still be released for Win 7, because some serious bug is afoot.

              What, if anything, might be a problem with this approach?

              Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

              • #2085655 Reply
                Pim
                AskWoody Plus

                Nothing, if that is your desired approach.

                ASRock Beebox J3160 - Win7 Ultimate x64
                Asus VivoPC VC62B - Win7 Ultimate x64
                Dell Latitude E6430 - Win7 Ultimate x64
                Dell Latitude XT3 - Vista Ultimate x86 (still...)
                Asus H170 Pro Gaming - Win10 Pro 1809 x64

      • #2085255 Reply
        Win7and10
        AskWoody Lounger

        Disabled the EOS  Notify tasks (2) in the task scheduler yesterday.

        For those who did, let us know if this was successful as won’t know until later! 🙂

        Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
        Win 10 Home 1909 (HP ENVY i7)

        • #2085301 Reply
          fernlady
          AskWoody Lounger

          I disabled the EOS Notify tasks (2) in the task scheduler yesterday and it worked for me.

          eosnotifytasks

          Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

          Attachments:
          3 users thanked author for this post.
          • #2085315 Reply
            Win7and10
            AskWoody Lounger

            YAY for the disabled tasks! Shine a light! 🙂

            Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
            Win 10 Home 1909 (HP ENVY i7)

          • #2085320 Reply
            Tex265
            AskWoody Plus

            @fernlady

            I disabled the EOS Notify tasks (2) in the task scheduler yesterday and it worked for me.

            In Task Manager, what is the path to follow to get to those specific tasks?

            Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
            • #2085324 Reply
              fernlady
              AskWoody Lounger

              I searched for task scheduler, and when the page came up they were listed under active tasks at the bottom of the page (scroll down till you find them). I right clicked on disable and closed the task scheduler.

              When I went back in I couldn’t find them till Win7and10 said they were under windows setup. lol

              Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

      • #2085260 Reply
        Mr. Natural
        AskWoody Plus

        If there is an issue we should know soon since news outlets including national TV news channels are telling everyone (as usual) to update immediately! (Warning! Danger Will Robinson!) We’ll have a bunch of beta testers in no time.

        Red Ruffnsore

        • #2085262 Reply
          woody
          Da Boss

          Exactly. Your hairdresser’s boyfriend’s precocious but smelly nine-year-old, too.

          It’s another made-for-TV script, with lots of Chicken Littles running around.

          Mind you, that could change. But as things stand right now, it’s better to wait to install the January patches. All of ’em.

          2 users thanked author for this post.
      • #2085267 Reply
        anonymous
        Guest

        Yesterday I patched 4 home computers, 2 Windows 7 and 2 Windows 10 1903. One of the laptops I patched I bought in 2008 and originally had Vista on it. Anyway no issues so for me it’s Defcon 5 patch reliability very clear. I suspect millions of other people had the same results.

        1 user thanked author for this post.
      • #2085321 Reply
        anonymous
        Guest

        The general news media as well as most of the online technology press are mostly in the mind-share for hire business. So folks have to ignore that noise and rely on Askwoody and a few other reputable sites where actual journalism still exists.

        All of the artificial alarm bells and klaxons going off in the news media and some of the not so reputable online “Technology” news sources really needs to have anyone with a mind of their own looking towards the DEFCON levels and a more rational level of threat awareness.

        I’m sure that MS has some vested interest in letting the misinformation reign supreme and more folks scared towards installing Windows 10. But really 7 may be EOL but the Sky has not fallen and there is still 8/8.1(Retail channel license keys) around for consumers wanting a path forward from 7 that does not include Windows 10, and security updates on 8/8.1 until 2023.

        And if the security vulnerability was severe enough then even Windows 7 past its EOL will still get some patch from MS the very same way that it has been for XP long past XP’s EOL. If it’s bad enough 7 will get a patch anyways as MS still has its paid for 7 Extended Support Clients to cater to until 2023. So if that threat is severe enough look for 7 to still get some attention even for those not qualified for the paid until 2023 Windows 7 security patches.

      • #2085369 Reply
        bbearren
        AskWoody MVP

        Yesterday I patched four installations of Windows 10 1909 on three machines without issue.  Today I updated the B side of my dual boot Dell Latitude E5420, no issues there, either.

        Throughout my years of using these five installations, I have not had a single issue caused by any update at any time on any installation.  I always have drive images at the ready, never more than a week old, just in case, but I’ve never had to restore a drive image because of a bad update experience.

        I tinker quite a bit, so I have indeed used my drive images on numerous occasions after getting myself elbow deep in Windows’ innards and pooching something, but that’s it.  Task Scheduler creates new images weekly in the wee hours of Sunday morning.

        As a home user with a home network, it has always been my contention that a fully-patched Windows installation is more stable, reliable and protected than a Windows installation in need of patching.  In over two decades of Windows use, I have never had a problem caused by a patch.  I have caused countless problems myself, hence my firm dedication to regular drive imaging.

        For me, MS-DEFCON has no real meaning; it’s always a 5 as far as I’m concerned.  My advice would be, instead of locking down updating before “Black Tuesday”, get your fresh drive images created and safely stored by Monday.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        4 users thanked author for this post.
      • #2085401 Reply
        anonymous
        Guest

        bbearren, that is an interesting view.  When we talk about backup images, and not running as root (mostly using a second standard user account), we point out how these are ways to deal with bad software updates or viruses.  But, often, having a backup or not running as root is really the best at saving us from the damage that we did or would have done if the extra password prompt didn’t give us a minute to think.  Looking back, I have had to recover from my mistake, or a hardware failure, several times.  On my own computer I haven’t had to recover from a virus or a bad update, at least not in a long time.

        • #2085763 Reply
          bbearren
          AskWoody MVP

          I routinely run as a Standard User.  I have a couple of utilities that require being logged into an account in the Administrators group, but I use those only rarely, and as soon as I’ve completed those tasks, I log out of the Administrators group account and right back into my Standard User.  I haven’t disabled or edited UAC; I like having that extra reminder and as you put it, “minute to think” about what I’m doing.

          Running Windows Defender and Malwarebytes Pro, I’ve not had any virus or malware on my machines in more than to two decades (Security Essentials before Windows Defender became available).  I had one virus in the Windows 95 days, and I got that from a floppy disk that an IT Pro had given me with a utility program.  He was sorely embarrassed.  And I got rid of that one by restoring an image from a Colorado Tape Drive backup.

          Regular, conscientious imaging and common sense internet use are the cornerstones of worry-free computer use, as far as I’m concerned.

           

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          • This reply was modified 8 months, 2 weeks ago by bbearren.
      • #2085540 Reply
        cyberSAR
        AskWoody Plus

        Just ran Windows Update on 2 1809 test machines. 3 updates available – .NET, Cumulative Update and KB4535547 – Update for Microsoft Edge.

        Hung on both machines for over an hour with KB4535547 “Getting things ready” 0% and the other 2 pending install. Rebooted with no changes. Finally downloaded the new Edge, installed it, set quality update deferral to 6 days, rebooted and set quality updates back to 0 days. After re-scanning the 2 updates installed without further issues.

        • This reply was modified 8 months, 2 weeks ago by cyberSAR. Reason: added screen capture
        Attachments:
        1 user thanked author for this post.
      • #2085675 Reply
        anonymous
        Guest

        W10 Pro 64 & W10 Home Premium 64 & W10 Home Premium 32.
        All UPDATED. CURRENTLY, ISSUE FREE.

      • #2086070 Reply
        Pixie
        AskWoody Lounger

        I’m running HP Home Edition with Win 10 v 1903.  Just didn’t want to chance the risk  to my computer.  Installed the January updates today. Nothing broke, install and reboots went smoothly and no issues with updates noted.    I’ve never had any issues with Windows 10 updates but I usually wait for Defcon to update and let them settle for awhile before applying but this patch seemed more urgent given warnings by NSA and in light of recent events with Iran.

        • #2086123 Reply
          Paul T
          AskWoody MVP

          Just didn’t want to chance the risk  to my computer

          What risk? At present we know of no holes patched by the January updates that are actively exploited.

          cheers, Paul

          • #2086973 Reply
            Pixie
            AskWoody Lounger

            Norton Lifelock sent notification to it’s users to apply the Windows 10 updates.  My opinion is a patched system is  better than one not patched.  I know and have read all the arguments to wait to apply and I usually hold off.  As I stated I have never had any issues with Windows 10 updates in the 3+ years I’ve had Win 10.  No problems with Jan. updates to date.  Threat or no threat, I’m patched and no worries.

      • #2086077 Reply
        rick41
        AskWoody Plus

        Group A here.  Three Win 7 Pro machines (2 Lenovos & a Dell) with ESU (just added yesterday).  90% of the time I wait for MS-Defcon 3 or better.  But yesterday, for reasons I won’t recount here, I took the leap early, installing the January Rollup, the .NET updates and the MSRT.

        Basically no problems except that the updates were S-L-O-W, starting with the downloading.  Pre-reboot, it was the .NET update installs that were painfully slow, using  about 95% of the total pre-reboot time.  Post-reboot, of course, I couldn’t tell which update was slowing things down, but again it was painfully slow, with one machine stuck at 67% for a half hour.  (Interesting how one of the Lenovos was even slower than the other machines pre-boot, while the other Lenovo was the laggard post-boot.)

        Then came the SSU’s — 9mb updates that took about 15 mins (!) to download (including about 7 minutes at 0%).

        No new problems evident with any of the machines today.

        2 users thanked author for this post.
      • #2086196 Reply
        dgreen
        AskWoody Lounger

        Keep me posted on that. I’ll have a bull-debunking article coming in Computerworld.

        FYI
        I had the EOS nag screen once on my computer.  The day in went into effect.
        Have not seen it again.
        I didn’t do anything to the task schedule either. (shrugs shoulder)

        Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
        Windows 7 Home Premium 64 bit SP 1 GROUP A
        Processor: Intel i3-3240 (ivy bridge 3rd generation)
        chipset Intel (R) 7 series/C216
        chipset family SATA AHCI Controller -1 E02
        NIC Realtek PCLE GBE Family Controller
        Bitdefender (free version) installed 12/6/19 (replaced MSE)
        Chrome browser
        DSL via ethernet (landline)

         

        • This reply was modified 8 months, 2 weeks ago by dgreen.
        • #2086204 Reply
          Myst
          AskWoody Plus

          I had the EOS nag screen once on my computer.  The day in went into effect. Have not seen it again. I didn’t do anything to the task schedule either.

          Did you check the box “Don’t remind me again” when the nag screen first popped up? If so, this should automatically set everything to never seeing the notification again, as if you had actually gone in and disabled the task in Task Scheduler.

          Win7 Home x64 MacOS Chromebook

          “If you obey all the rules, you miss all the fun.” Kate Hepburn
          1 user thanked author for this post.
      • #2086257 Reply
        geekdom
        AskWoody Plus

        Beta Test
        Windows 10 1909 Updates
        Installed January 17, 2020

        2020-01 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4528760)
        Documentation here shows release date: January 14, 2020
        https://support.microsoft.com/en-us/help/4528760/windows-10-update-kb4528760

        Windows MSRT x64-January 2020 (KB890830)
        Documentation here shows release date: January 14, 2020
        https://www.microsoft.com/en-us/download/details.aspx?id=9905
        ——–

        2020-01 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB4532938)
        Documentation here shows release date: January 14, 2020
        https://support.microsoft.com/en-us/help/4532938/kb4532938-cumulative-update-for-net-framework

        ———
        I was not aware the Servicing Stack Update had been installed until after I checked installed updates:
        2020-01 Servicing Stack Update for Windows 10 Version 1909 for x64-based Systems (KB4528759)
        https://www.catalog.update.microsoft.com/Search.aspx?q=4528759

        G{ot backup} TestBeta
        offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 WindowsDefender
        online▸ Win10Pro 1909.18363.1082 x64 i5-9400 RAM16GB HDD Firefox82.0b3 WindowsDefender
        TargetReleaseVersion=1909
        WUMgr
        • This reply was modified 8 months, 2 weeks ago by geekdom.
        • This reply was modified 8 months, 2 weeks ago by geekdom.
      • #2086390 Reply
        dgreen
        AskWoody Lounger

        I had the EOS nag screen once on my computer.  The day in went into effect. Have not seen it again. I didn’t do anything to the task schedule either.

        Did you check the box “Don’t remind me again” when the nag screen first popped up? If so, this should automatically set everything to never seeing the notification again, as if you had actually gone in and disabled the task in Task Scheduler.

        Myst
        Yes I did check the box!

        • This reply was modified 8 months, 2 weeks ago by dgreen.
        1 user thanked author for this post.
        • #2086414 Reply
          Myst
          AskWoody Plus

          Perfect, then you should be ‘nagfree’ here on, as we all hope to be!

          Win7 Home x64 MacOS Chromebook

          “If you obey all the rules, you miss all the fun.” Kate Hepburn
          1 user thanked author for this post.
      • #2086470 Reply
        anonymous
        Guest

        UPDATE: Saleem Rashid has posted a working Proof of Concept for the Chrome (and presumably Chredge) browser. It throws a NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED error.

        If “presumably Chredge” then presumably Opera and any other Chromium based browser?

    Viewing 16 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The morning after — I recommend that you hold off on installing this month’s patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.