alert banner

ISSUE 19.14.2 • 2022-04-07
MS-DEFCON 2: Deferring April


By Susan Bradley

Don’t let April showers rain on your PCs.

I love April. It’s the end of the busy tax season at the office, and it’s spring where I live — the tulips are in bloom. But what I don’t love is updates disrupting my business before the end of the busy season. So I urge you to do what I do at the office: defer those updates.

As usual, go to Start, Settings, Update and Security, Advanced Options, and then pick a date in the future. As always, I make a prediction about that future safe date and place it on the Master Patch List page; I’ll have an alert for you within that timeframe. At the office, I use Windows Server Update Services (WSUS) on some machines and Intune on others to control updates.

I’ve been pestering you about getting to Windows 21H2, but if you’ve ignored my entreaties, do not upgrade right now. Why? Because if you install after next Patch Tuesday, you’ll still catch the April security updates — because you aren’t in deferral mode. That means you’ll get updates before they’ve been vetted by me and others.

Windows specifications

Not sure what version of Windows you have? Click on Start, Settings, System, About, and then scroll down the dialog to the section titled Windows specifications. You’ll see the version designation as well as the OS Build version.

And remember, clicking the copy button places the info on the Windows clipboard, so you can easily paste it into a text file, email, forum post, support request, etc.

I’m telling you to delay, even though 20H2 Home and Pro drop out of support in just a few weeks, on May 10, 2022. I realize the window for updating is getting smaller, but stay out of the rain for now.

Consumer and home users

For consumer and home users, I recommend using such deferral tools as WUMgr or setting a deferral date in Settings, as described above.

Business users

There is heightened risk right now from overseas attackers, making it more difficult to decide the best time to update your environment. The best recommendation I have in these situations is to monitor your users carefully and educate them constantly about vigilance — hesitate before clicking, don’t open attachments unless the user is specifically expecting them and knows the sender, and so forth. Double your efforts to encourage users to call your support organization for assistance, and make sure they know there is no penalty (or shame) in doing so.

According to alert AA22-074A from CISA, the US Cybersecurity & Infrastructure Security Agency, Russia-based attackers are already discovering ways to bypass multifactor authentication by abusing some two-factor authentication (2FA) software’s configuration to “fail open.” This means that even if a workstation can’t access its normal means of getting 2FA from the cloud, the attacker can still gain access to the workstation! Check your 2FA solutions to make sure they are configured to “fail closed.” (This sounds like leftover debug code — shouldn’t production code always fail safe?)

As always, I’ll keep my ear to the ground and alert you to any trending issues.

Stay tuned!



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.