It's Patch Tuesday time; make sure you pause Windows Updates

Credit to Author: Woody Leonhard| Date: Mon, 13 Jul 2020 03:56:00 -0700

Yes, with Windows you have to get patched sooner or later. No, you don’t have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we’re admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

A handful of machines – sometimes a large handful of machines – have problems digesting the patches. And the Chicken Little security skies don’t fall, in spite of the many clickbaity headlines.

We do occasionally get an emergency patch, but they’re exceedingly rare, and always well known, generally within hours of release. We saw that with Eternal Blue, with Sasser, and a small handful of lesser-known security holes. Even in those cases, it took the cretins weeks or months to turn a known vulnerability into a mainstream attack.

You have to get patched, but you don’t have to follow Microsoft’s timetable. Let the unwashed masses act as cannon fodder. Wait until we’ve had a chance to see what problems arise.

Fortunately, starting with Windows 10 version 1903 it’s easy to temporarily pause Windows Update. It’s also easy in Win7 and 8.1 – but not so much for versions in between. 

Here’s how to get your updates paused and keep it things intact until the coast is clear. 

Those who paid for Windows 7 Extended Security Updates should be cautious about installing patches immediately. Those who didn’t will either ignore the patches (large majority there), or wait to see whether free alternatives appear — and 0patch has filled in several cracks. We cover both intently on AskWoody.com.

If you’re running Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.

By now, almost all of you are on Win10 version 1903 or 1909, and some of you are in the unpaid beta testing phase of the painful Win10 version 2004 rollout. Not sure which version of Win10 you’re running? In the Search box, near the Start button, type winver, then click Run command.

The version number appears on the second line.

If you’re using Win10 1803 or 1809, I strongly urge you to move on to Win10 version 1909. If you insist on sticking with Win10 1809 (hard to blame ya!), you can block updates by following the steps in December’s Patch Tuesday warning. Be acutely aware of the fact that Microsoft won’t be handing out any more security patches for 1809 Home or Pro after Nov. 10 — less than four months from now. The end is near.

In version 1903, 1909 or 2004 (either Home, Pro, Education or Enterprise, unless you’re attached to an update server), using an administrator account, click Start > Settings > Update & Security. If your Updates paused timer is set before Aug. 2 (see screenshot below), I urge you to click Resume Updates and let the automatic updater kick in – that’ll reset the Pause limit – and do it now, before noon in Redmond on July 14, when the Patch Tuesday patches get released.

If Pause is set to expire before the end of July, or if you don’t have a Pause in effect, you should set up a patching defense perimeter that keeps patches off your machine for the rest of this month. Using that admin account, click the Pause updates for 7 days button, then click it again and again, if necessary, until you’re paused out into early August. (Note that the next Patch Tuesday falls on Aug. 11.)

If you see a message that says “The Windows 10 May 2020 Update is on its way” for Win10 version 2004, be of good cheer. The message doesn’t signify anything, really, but it means Microsoft won’t try to push you onto version 2004 in the near future. And if you see an invitation to “Download and install” version 2004, resist the urge to click the button. There’s nothing in 2004 that you want or need.

Don’t be spooked. Don’t be stampeded. Don’t click “Check for updates.” And don’t install any patches that require you to click “Download and install.” 

If there are any immediate widespread problems protected by this month’s Patch Tuesday – a rare occurrence, but it does happen – we’ll let you know here and at AskWoody.com, in very short order. Otherwise, sit back and watch while our usual monthly crowdsourced patch watch proceeds. Let’s see what offal hits the fan.

We’re at MS-DEFCON 2 on AskWoody.

http://www.computerworld.com/category/security/index.rss