Make sure Windows auto update is temporarily turned off, and watch out for SMBv1 fixes
Credit to Author: Woody Leonhard| Date: Mon, 11 Jun 2018 13:12:00 -0700
In May, we saw a host of bugs introduced by the Patch Tuesday “security” patches. By the end of the month, patches for those patches killed almost all of the bugs – even the inability of Win10 version 1803 to run on certain kinds of solid-state drives, including the one in some Surface Pros.
We also saw Microsoft push Win10 version 1803 onto machines that were specifically set to avoid it. I haven’t seen any official response to Microsoft’s inquiry into the reports, but we now have a sighting of a Win7 machine being pushed onto Win10, in spite of its settings.
Be careful out there.
By now, I hope you’ve eliminated version 1 of the protocol known as SMB from your machine and your network – even if you had to throw away old scanners or printers or other worse-than-senseless things. I have a step-by-step review of the problem and its solution in a FAQ from last year.
Unfortunately, some odd peripherals are still using SMBv1, and some odd Windows computers are still set up to use SMBv1. Many of us are anticipating widespread axing of SMBv1 in this month’s round of Windows updates. (It’s long overdue, in my opinion. SMBv1 is a wide open security hole.) Günter Born has a detailed analysis of the current state of the problem, and the effects of its possible solution, on his Born City blog.
If you have Win10 version 1803 and you don’t want it, roll back as soon as you can. Click Start > Settings > Update & Security. On the left, choose Recovery. On the right, under Go back to the previous version, click Get Started. When asked why you want to roll back, you might want to construct a particularly poignant response about half-baked bugs, but I’ll leave that up to you. Click Next, No Thanks, Next, Next (yes, again), and Go back to earlier build.
If you’re part of the unpaid Win10 1803 beta testing crew, bless your heart, I suggest you turn off Automatic Updates as well. For those running Win10 Pro, Microsoft kindly eviscerated the easy way to set it to defer cumulative updates, but you can still dig into the belly of the machine and turn them off. Unfortunately, you need to revert to the manual Group Policy method that worked in Win10 1607, which I describe here in Steps 3C, E and F.
Susan Bradley has some pithy observations about 1803 removing the easy-to-use GUI that’s available in 1703 and 1709. Yet another reason to avoid the 1803 version.
If you’re running Win10, and you don’t want to deal with Win10 version 1803 anytime soon, you’d be well advised to follow the detailed steps in How to block the Windows 10 April 2018 Update, version 1803, from installing. Yes, Microsoft has ignored those settings on some machines, but using all of the tricks – even setting Pro machines to metered connection – seems to block the forced march.
If you’re using Windows 7 or 8.1, the Automatic Update block is easy: Click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.
If you’re using Windows 10 Pro version 1703, or Pro 1709, and Microsoft doesn’t change its mind again, you can use Windows’ built-in tools to hold off on the looming patches – just follow Steps 7 and 8 in 8 steps to install Windows 10 patches like a pro. Other Windows 10 users, including all Win10 Home owners, aren’t quite so lucky, but the general “metered connection” approach is detailed in Woody’s Win10Tip: Block forced Windows updates.
A few minutes now could save you hours of headache. Get Automatic Update turned off, then watch here, or on your favorite bug-reporting site, to monitor for widespread pandemonium.
We’re at MS-DEFCON 2 on AskWoody.