Where we stand with the January 2020 patches

Topic

New Reply

All in all, it’s been a relatively benign month. If you got stampeded into installing the Chain of Fools/CurveBall CVE-2020-0601 patch, well, I won’t
[See the full post at: Where we stand with the January 2020 patches]

4 users thanked author for this post.

geekdom, abbodi86, Lars220, rontpxz81

Reply | Quote

Replies

Hey Woody,

Didn’t get stampeded to install the patch, but I note that in your post on January 17 you advised that “Unless your system, specifically, triggers a “You Are Vulnerable” warning in the SANS test, I recommend that you wait to patch” and after getting the You Are Vulnerable warning on my system (Windows 10 1809 patched up to December 2019, running Firefox 72.0.1) I sucked it up and installed the January 2020 cumulative patch and the Windows MSRT January update for good measure.

So far so good and I did not have any issue with these two updates (didn’t install the January .NET updates and Office patches though).

2 users thanked author for this post.

jburk07, woody

Reply | Quote

You should be fine, if it installed properly.

Reply | Quote

Seeker/cannon-fodder here, always MS-DEFCON 6 for me.  On any given Tuesday, I have a set of drive images created in the wee hours of the preceding Sunday morning, so I always download any and all patches Microsoft offers for my systems on patch Tuesday.

No issues to report, other than the search box at the top right of File Explorer won’t accept Right-click Paste, but it still accepts Ctrl + V Paste, and search still works (though I don’t use it except for testing purposes).

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

2 users thanked author for this post.

jburk07, woody

Reply | Quote

Further on the Win10 version 1909 installation problems, from Mayank Parmar at Windows Latest:

It turns out that the installation issues are widespread with more than a hundred reports from registered users on Microsoft forum. Windows 10 owners have also documented the problem on Feedback Hub

Reply | Quote

[bbearren]

How in the world can 100 reports, out of 900+million installations, equate to “widespread”?  That’s utterly ridiculous.  One of the main reasons I stay away from techie sites.

Yes, I know that not all 900+ million are running 1909, but I would suspect it’s still a considerable number, more than enough to make 100 reports less than “widespread”.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

• This reply was modified 3 years, 8 months ago by bbearren.

2 users thanked author for this post.

b, Microfix

Reply | Quote

..and of those 900+ million, wonder how many PEBCAK’s are to blame.

No problem can be solved from the same level of consciousness that created IT- AE

2 users thanked author for this post.

bbearren

Reply | Quote

Over a hundred reports is in fact, widespread. Why? Because the overwhelming majority of users who notice a problem won’t bother reporting. Plus, users who don’t specifically seek out updates probably won’t even notice they have a problem.

1 user thanked author for this post.

Perq

Reply | Quote

I’ve updated about 30 1909 systems without the problem and connect has been removed from all of them.

Never Say Never

Reply | Quote

Installed January kb4528760 and .net kb4532938 for W10 1909 x86 and no issues here.(not a VM)
Can’t comment on the search bug as I don’t use windows search nor indexing, I know where my files are on the SSD 🙂

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

jburk07

Reply | Quote

Tried to go from 1809 to 1903. I set my days to 180 from 365, hit check for updates and it came back with your up to date.

Reply | Quote

If you want 1903, set your Feature deferral to 140 days and try aagain.

Reply | Quote

Will Do…..Thank You

Reply | Quote

Really strange, it keeps going from installing to getting things ready to downloading to installing again. It just keeps going back and forth and it been doing this for quite awhile now.

Reply | Quote

I’m sure this has been discussed somewhere, but I can’t find anything. So please bear with me.

Short version: can vulnerabilities in programs / services that are DISABLED put my system at risk?

Long version: I have never had any need for remote access options to my PC and I have banned IE a long time ago. So both of these have been disabled, via services and unchecked windows options. (Same holds true for things like homegroup, service computer browser, sidebar, etc.)

Is there a chance that any vulnerabilities found in those two areas could still affect my system in any way? I’ve seen updates and patches for IE presented via WinUpdate in the past, but I assumed they were there because Micro$oft assumes everyone runs IE, not because I actually needed them.

Thank you VERY much in advance for your help!

 

[4 computers, all running Win7 Home Premium – and not about to change that]

 

Reply | Quote

IE is an integral part of the Widows Operating System. If you turn it off, what you are doing is simply making it inaccessible from the GUI. It cannot be uninstalled, and other System processes still use it.
If you have been patching with Rollups through Windows Update up to the last ones Jan 14th, you are safe for vulnerabilities those patches cover. Anything found after that – you are not protected.
If you have not been patching OR if you have been patching with the Security-only updates and not including the IE CUs, then IE (and your computer) is vulnerable even if you don’t use it for your browser and you have it turned off in the GUI.

3 users thanked author for this post.

woody, SilenceIsG0lden, jburk07

Reply | Quote

Thanks for the info. (Even if it’s really not what I wanted to hear…)

Are there any other components that act the same way as IE? As in I think they’re gone/disabled, but turns out they’re only hidden?

Reply | Quote

If IE or IE 11  is disabled and your default Internet browser is set for say Firefox then you won’t be at risk by IE vulnerabilities like the latest J script flaw. Any connecting to the net will be done by the default browser. Also if you have have remote desktop disabled and better still the port deactivated then you aren’t at risk of remote desktop flaws.

The problem with Windows 10 is this could be re-enabled by a later upgrade whereas in Windows 7 you can fully disable any updates.

 

Reply | Quote

anonymous wrote:

you won’t be at risk by IE vulnerabilities

The specific situations you describe are protected if you don’t use IE.

Unfortunately, the general situation is more complex. IE can be used by various pieces of Windows at unexpected times. It isn’t supposed to happen that way, but it does. I still recommend that people set a different browser as their default, get the IE icon off the Taskbar (if it’s still there), and install updates when they’re shown to be relatively problem-free.

Reply | Quote

woody wrote:

Of course, Microsoft disavowed any use of the bafflegab phrase “Semi-Annual Channel” a year ago. Consistency. Hobgoblins. Little minds.

Nope. Didn’t happen. No truer today than it was two weeks ago.

Semi-Annual Channel has been the correct Microsoft terminology since August 11th, 2017.

ALL of us, who are not running Insider Preview rings or Enterprise Long-Term Servicing Channel, are using the Semi-Annual Channel.

Semi-Annual Channel has been a clear heading and column on the Windows 10 release information for 2.5 years.
It’s also right there on the top line; “Feature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel.”

Isn’t it time to finally get over this, now it’s been nearly a year since “Targeted” disappeared?

woody wrote:

Microsoft continues to honor 1803 deferrals
Remarkably, tests by @PKCano show that Microsoft is still honoring the “Defer feature updates” setting in Win10 version 1803 Pro. It looks like the methods for staying on 1803, 1809, and 1903 as documented in How to block the Windows 10 November 2019 Update, version 1909, from installing still work.

There’s nothing at your link about staying on 1803, only your encouragement to get off it.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

woody wrote:

Still no ‘optional, non-security’ patches
I would conjecture that the January Patch Tuesday crop is relatively well-behaved because, at least apparently, they only contain security patches. Normally, Microsoft releases dozens of “optional, non-security” patches every month – bug fixes – but those annoying little gnats haven’t made an appearance since October.

I expect that will change shortly. We’ll no doubt see dozens – if not hundreds – of smaller patches out in the usual “C Week/D Week” cadence soon. Since we’ve seen no such infestation in three months, you’d be smart to avoid the “optional” patches, once they arrive, until they’ve been well vetted.

Updates are now listed as released today for 1607, 1709, 1803, and 1809 (but not yet 1903/1909):

e.g. January 23, 2020—KB4534321 (OS Build 17763.1012)

Between 14 and 34 fixes each.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

woody

Reply | Quote

So.. Do the Jan W7 patches contain telemetry or nagware? 3 I’ve had to miss in the past now, irritating.

Reply | Quote

No telemetry, but they do carry the nagware.

Reply | Quote

Cheers. Might want to note it on your AKB20000000 article with the “Contains KB4493132 Windows 7 EOS nagware)” tag. Was just checking as only December’s is flagged.

1 user thanked author for this post.

PKCano

Reply | Quote

@ PKCano….What settings should I use for 1903 to defer 1909 for the longest time possible ?

Reply | Quote

The maximum Feature deferral in Win10 Pro is 365 days. That will be after 1903 goes EOL, I think. So you will have to change it when you want to upgrade/move on.

1 user thanked author for this post.

jburk07

Reply | Quote

I have Windows 7 and two questions:

(1) Is the January Security Only patch for Win 7 afflicted by the same wallpaper-killing bug as the S&Q Rollout?

(2) The pictures in the “BleepingComputer” article (the link is in Woody’s Computerworld one) illustrating the problem has been made using the “Classic” GUI, not the “Air” one. So is this problem affecting only people using the “Classic” view?

Note: as always in the past, I am not planning to install any of the January patches for at least several more weeks. Right now, I am being curious about this “black screen” problem and those two seemed like good questions to ask, that’s all.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Charlie

Reply | Quote

The Problem is an easy fix. It affects the aero.
You can either right-click on the desktop and choose “Personalize” or access the same thing from Control Panel\Personalize.
On the lower left, click on Desktop Background

In the pulldown, if it is set to “Stretch” it will cause the problem. If it is set to “Fill” or something else, you’re good.

9 users thanked author for this post.

Lori, SueW, LHiggins, jburk07, woody, abbodi86, KWGuy, Lars220, OscarCP

Reply | Quote

Thanks, PK, for taking the time to answer and illustrate the answer very clearly.

As to my first question: is it known if the black-wallpaper bug is also in the Security Only patch (and maybe in the IE11 Cumulative?), or is it just in the S&Q Rollup, as the BleepingComputer and Computerworld articles seem to imply?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Don’t know the answer to that one, sorry.

1 user thanked author for this post.

OscarCP

Reply | Quote

Well, not to worry: either someone here will learn the answer and pass it on to the rest of us before too long, or one is going to have to find out the hard way and then, if the SO and, or IE11 patches tests positive for  the Black Wall Paper Blight by turning one’s wallpaper a solid black, one will just have to do the simple trick appropriate to the view, “Classic” or “Aero”, that one is using and, with any luck, that should be that.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Hi OscarCP,  Woody says he likes  Mayank Parmar over at the  Windows Latest  website, here is a quote from Mayank Parmar:

“Users are claiming that uninstalling the offending update (KB4534310 or the security-only update KB4534314) resolves the problem.”

I can not confirm this, only sharing some information.  Check out these two websites:

https://www.windowslatest.com/2020/01/22/windows-7-kb4534310-black-screen-wallpaper-bug/

https://www.techradar.com/news/even-in-death-windows-7-cant-escape-microsofts-buggy-updates

 

 

Computers become slow when they sense that their servants are in a hurry.

2 users thanked author for this post.

woody, OscarCP

Reply | Quote

Update “C” Thursday is up 🙂

2 users thanked author for this post.

jburk07, woody

Reply | Quote

But not for 1903 or 1909. I wonder what surprises await….

1 user thanked author for this post.

jburk07

Reply | Quote

Yes, not even a release preview CU

on the other hand, they updated the date on 1909 status page
https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1909

1909 reoffered again as optional update, after almost a week of disappearance 🙂

2 users thanked author for this post.

jburk07, woody

Reply | Quote

Using the link to TechRadar provided by Lars220 one comes across the following:

“There’s speculation that this bug is caused by Microsoft’s activation server thinking the Windows 7 device is not activated or is using an illegal product key. In the past, if you were using Windows 7, you were unable to change the desktop background until you activated it.

So, Microsoft’s servers could be having problems, and it’s likely this is a genuine mistake, and not a sneaky way to get any holdouts still using Windows 7 to upgrade to  Windows 10.”

Come again? Windows 7 is out of the game, as far as MS is concerned, but they are still checking if the version one has is a legitimate one, not a made-in-Hong-Kong knockoff? Even if one kept one’s PC off the grid? (As I plan to start doing as soon as we are done patching for ever and a day in a few more weeks, after the final “all clear” has been sounded.)

“In fact, some people who have upgraded to Windows 10 are also reporting the problem.”

Oh, yes! Misery loves company.

“It appears that the only way to fix this problem for now is to uninstall the update – either KB4534310 or the security-only update KB4534314.”

Well, the nuclear option should do it. Or else tying a rock to the PC and dropping it from a great height.

“To do this, open the Start menu and go to Programs > Programs and Features > View installed updates. You should see those two updates there. Click either one, then select ‘Uninstall’.”

Nothing to it. Still, I would like to use the simpler trick of fiddling with the wallpaper display mentioned by PK and in that Bleeping Computer article. Always assuming the fix is permanent, and the problem is not back the next time I boot up the computer. TechRadar, again:

“It seems that users can reinstate the wallpaper, but after a reboot of the PC, the solid black background returns. Very annoying.”

And last, but not least, the ironical summation:

“There’s something almost grimly amusing about the fact that Microsoft’s last update for Windows 7 contains a bug, as it’s been having a bit of a nightmare recently with Windows 10 updates, with each new update seemingly introducing new bugs and problems while trying to fix older ones.”

One might say that.

“Still, let’s hope Microsoft fixes this soon, rather than leaving Windows 7 to end on a rather embarrassing note.”

And so it goes. And goes, and goes, and…

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

4 users thanked author for this post.

Lars220, jburk07, David F, Cybertooth

Reply | Quote

I don’t understand how this could be an activation server bug. When the activation server fails, you get a black screen with a warning — and, as you say, you can’t change the wallpaper. The Win7 systems only turn back to black if they use Stretch, and even then you can change the wallpaper.

2 users thanked author for this post.

Lars220, jburk07

Reply | Quote

Then there is this from Martin Brinkmann over at gHacks:

Someone found a way to bypass Windows 7 Extended Security Updates checks
by Martin Brinkmann on December 07, 2019 in Windows

<  continued  >

https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/

Which in turn directs the reader to:

My Digital Life

Saturday at 11:57

 #Bypass Windows ESU

A project to bypass Extended Security Updates eligibility check for Windows 7 and Windows Server 2008 R2.

– Win7/Win2k8R2 official support and updates ended on 14 January 2020.

However, Microsoft will provide additional 3 years of security updates to the organizations and businesses which have paid the license for the ESU.More details: https://support.microsoft.com/en-us/help/4527878

This project helps bypassing this restriction and install ESU updates without purchasing a license, as a proof of concept, non-profit, consumer-targeted.https://forums.mydigitallife.net/threads/bypass-windows-7-extended-security-updates-eligibility.80606/

https://forums.mydigitallife.net/threads/bypass-windows-7-extended-security-updates-eligibility.80606/

Needless to say, evaluations and comments would be most welcome.

2 users thanked author for this post.

jburk07, woody

Reply | Quote

MDL is the Mother of All Sources – so I have no doubt it works and/or it will or will continue to work.

But for most people, 0patch should be good enough. I think.

2 users thanked author for this post.

AJNorth, jburk07

Reply | Quote

Thanks Woody!

A question (which I previously posted, but perhaps at the wrong thread):

For Win 7 Pro x64 machines, if KB4534314 (JAN 2020 Win 7 Security Only Quality Update) and KB4534251 (JAN 2020 Win 7 IE Cumulative Security Update) have already been installed, can KB4534310 (JAN 2020 Security Monthly Quality Rollup) be installed over them to allow for the upcoming Extended Support patches, or must they first be uninstalled?

Again, many thanks.
AJN

Reply | Quote

You can install the Rollup over the SO and IE patches. no need to uninstall.
Be sure you have the other required patches installed as well.

1 user thanked author for this post.

AJNorth

Reply | Quote

OUTSTANDING.  Thank you, PKC!

Life has just become a tad bit easier (and may even have taken on some new meaning — well, at least for the next three years…).

AJN

Reply | Quote

[EP]

I hate to burst your bubble AJNorth & woody but the newly released KB4537829 2020-02 servicing stack update seems to have shut down or close the “Bypass Windows ESU” loophole. newer rollup updates like KB4537820 will fail to install on those Win7 systems using the “Bypass Windows ESU” loophole if the newest SSU like KB4537829 is installed.

so it’s now a “cat & mouse” game between Bypass-ESU and MS releasing newer Win7 SSUs to “defeat” any ESU bypass hacks/cracks

• This reply was modified 3 years, 7 months ago by EP.

4 users thanked author for this post.

AJNorth, woody, PKCano, Microfix

Reply | Quote

I saw that coming. They don’t want another hack like the one that kept XP going safely for years. (Maybe the onmicrosoft account has something to do with it too?)

1 user thanked author for this post.

woody

Reply | Quote

Naw, my bubble isn’t burst.

I never did talk about the bypass, clever as it may be. I didn’t expect MS to sit idly by.

They didn’t. No surprise. The geniuses at MDL will come up with another hack, which will work for another month.

Reply | Quote

No real surprise; OPatch it is (for substantially less cost), or Win 8.1 Pro with Open-Shell (Classic Shell) and other customizations — then ultimately Linux (running various flavors of Windows off-line as virtual machines).

Reply | Quote

I have Win 10 1909 installed and a new PC as of December 2019.

I have all the updates on pause for max amount of days, 2/2020.

This Windows 10 mess is interesting to say the least.

I have not installed any Windows 7 Monthly Security Rollups, and the MSRT and SSU yet….

Every day there is vulnerabilities….it is just mind boggling!

 

Win 10 Home 22H2

Reply | Quote

Make your backups and forge on.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

anonymous wrote:

If IE or IE 11 is disabled

How do you disable IE?  I have Windows 10 Pro x64, version 1909.

Is Microsoft Edge vulnerable, too?  Could/should I disable that too?

Firefox is my default browser, but sometimes a search in the search field on the task bar brings up something  from BING that initiates IE or Edge, don’t remember which.

Reply | Quote

WCHS wrote:

How do you disable IE?

Start, Settings, Apps, Apps & features, Optional features, Internet Explorer 11, Uninstall.
(Requires restart.)

WCHS wrote:

Is Microsoft Edge vulnerable, too?

No.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

Reply | Quote

b wrote:

Updates are now listed as released today for 1607, 1709, 1803, and 1809 (but not yet 1903/1909):

I need some specific instructions on how to hold off on cumulative updates but I still want to get the Definition Updates (i.e., Windows Defender Anti-Virus) t0 augment my McAfee Anti-Virus updates.   I am now on Windows 10 Pro, 1909.  I am up-to-date with the Jan 14 Patch Tuesday updates, i.e.,  KB4528760 and KB4532938.

In the past, not having been a reader of these posts, I’ve been quick to do the Tuesday patches, but now that I’m aware of the risks in doing that, I think I need to be more patient and wait to do the monthly patches.

I had sifted through lots and lots of posts and thought I had understood Deferrals and Pauses, but clearly I did not, because yesterday, having been on version 1903 and “experimenting” with a click on “Pause for 7 days, ” I thought that the next screen that said “Resume updates” meant that I would be back to where I was with the “Download and install now” link.  But, instead “Resume updates” propelled me further down the path towards an automatic installation of Version 1909, i.e., no choice about it other than a delay in restarting, which was going to happen no matter what since I would be sooner or later powering down.

Fortunately, the installation of 1909 went well — none of the problems that others have reported (i.e, no break in Network Discovery, Network is still private, Pictures do not default to Paint, no windows.old folder, Cortana is still off, OneDrive is in the Start Apps list, but not an icon on the Start Menu, privacy settings are still the same, apps still have the right settings for accessing files, “Group by” is working correctly, File Explorer search box is working OK, including the right arrow  [right-click paste does not work, though] ).

I don’t want to press my luck any farther and want to be able to hold off on future cumulative updates, including any C week/D week patches coming down the pike, but as I said, I want Windows Defender definitions to keep installing.

Reply | Quote

That’s the disadvantage of putting updates on Pause; when you resume, the floodgate swings full open. But as you have Pro, you would be better off using Defer quality updates for a couple of weeks instead; that can be set once and will automatically apply to each month’s updates.

Setting Defer feature updates to a few months (e.g. 180 days) would have prevented 1909 arriving just yet; and that would apply to all future semi-annual updates.

Defender updates should keep flowing regardless of any update settings, usually about 1 to 4 times per day. As you’re running a third-party antivirus as your primary/real-time protection, you may already know about setting Windows Defender to perform Limited Periodic Scanning.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

2 users thanked author for this post.

Cybertooth

Reply | Quote

b wrote:

But as you have Pro, you would be better off using Defer quality updates for a couple of weeks instead;

Will I be able to see what’s been deferred (i.e., what quality/cumulative updates)? If so, how?

Reply | Quote

No. I’d forgotten then that you’re going with PKCano’s approach of setting 2 = Notify download/install in Group Policy. So leave Defer quality updates at 0 in that case.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

Reply | Quote

b wrote:

you may already know about setting Windows Defender to perform Limited Periodic Scanning.

I’ve check the link you offer and the screens there are different than what I see on my Windows 10 Pro, version 1909. Maybe, limited periodic scanning is the same thing as a Quick Scan? If so, yes, I have Virus and Threat Protection set for that.

Reply | Quote

If you go back one screen from there, or just click Home in Windows Security then Virus & threat protection; Can you find the “Manage providers” link? Or “Windows Defender Antivirus Options”?

I’m just trying to figure out if your McAfee antivirus is registered in Windows Security.

Is McAfee something you really want to use because you’ve paid for it?

If so, it should be showing up as primary in Windows Security.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

WCHS wrote:

I’ve been quick to do the Tuesday patches, but now that I’m aware of the risks in doing that, I think I need to be more patient and wait to do the monthly patches.

The other way is to make an image backup to USB disk just before patching. This takes less than 15 minutes on my machine and runs in the background. Any real issues with patches and you just restore.

cheers, Paul

1 user thanked author for this post.

Reply | Quote

[WCHS]

Paul T wrote:

The other way is to make an image backup to USB disk just before patching.

I don’t know how to do this. Do you mean a USB flash drive? Or do you mean a USB external disk? I’ve looked at a video on how to use Macrium Reflect Rescue and I abandoned that avenue because there was no sound and all of the screenshots went by really, really fast. I was lost. I can usually figure things out but it put me way over my head. If you can point me in a better direction on how to do this, I’d appreciate it.

• This reply was modified 3 years, 8 months ago by WCHS. Reason: typos

Reply | Quote

Get an external 2TB HDD.
Install the free Aomei Backupper, or EaseUS ToTo.
Connect the disk, run the backup software and follow your nose to create a system image on the external HDD and then create a backup rescue USB stick. (Cheapest insurance you will get.)

cheers, Paul

Reply | Quote

[WCHS]

b wrote:

No. I’d forgotten then that you’re going with PKCano’s approach of setting 2 = Notify download/install in Group Policy. So leave Defer quality updates at 0 in that case.

Yes, I’m looking into using the Group Policy Editor, but I have to read up on it, so that I know what I’m doing. I’ve received some posts that give me a better idea of where to find Windows Update there. But, I want to read completely and understand Woody’s article on Configuring Updates first. In the meantime, given that there may be Week C/Week D updates for 1909 on the horizon, I need to pin some strategy down sooner than later.

Thanks for remembering my earlier post.

• This reply was modified 3 years, 8 months ago by WCHS.
• This reply was modified 3 years, 8 months ago by WCHS.

Reply | Quote

[WCHS]

b wrote:

Start, Settings, Apps, Apps & features, Optional features, Internet Explorer 11, Uninstall.
(Requires restart.)

I read a post by PKCano

PKCano wrote:

IE is an integral part of the Widows Operating System. If you turn it off, what you are doing is simply making it inaccessible from the GUI. It cannot be uninstalled, and other System processes still use it.

that says it’s not possible to uninstall IE.

Or does the “uninstall” that comes up after following your directions actually “disable”??

• This reply was modified 3 years, 8 months ago by WCHS. Reason: found the post

Reply | Quote

Yes, same.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

[PKCano]

@KYKaren

Please create a Topic under your version of Win10, using a Title something about asking help for Win10.
This individual help discussion is off-topic for a general thread about “Where we stand with 2020 patches.”

• This reply was modified 3 years, 8 months ago by PKCano.

Reply | Quote

Some form of the Internet Explorer topic has been discussed recently. Consider pursuing the topic at this location:
https://www.askwoody.com/forums/topic/pros-cons-of-disabling-internet-explorer/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

PKCano wrote:

This … is off-topic for a general thread about “Where we stand with 2020 patches.”

So, if somebody makes a suggestion here (e.g., uninstalling IE or deferring), you shouldn’t be asking for further information or help about it here??

Reply | Quote

We try to keep topics on subject. Doesn’t always work, of course.

cheers, Paul

Reply | Quote

The topic here is “Where we stand with Jan 2020 patches.” If you need specific instructions on Defender, backups, how to set up Group Policy, removing IE, etc., you should create a topic for you individual help instructions.
The rules say:

4. Please stay on topic

Reply | Quote