{"id":17104,"date":"2019-12-05T08:30:04","date_gmt":"2019-12-05T16:30:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/12\/05\/news-10840\/"},"modified":"2019-12-05T08:30:04","modified_gmt":"2019-12-05T16:30:04","slug":"news-10840","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/12\/05\/news-10840\/","title":{"rendered":"All\u2019s clear to install Microsoft\u2019s November patches"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Thu, 05 Dec 2019 07:46:00 -0800<\/strong><\/p>\n

The November passel of patches didn\u2019t include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.<\/span><\/p>\n

If you install patches manually one by one (\u201cGroup B,\u201d which I don\u2019t recommend for mere mortals), you need to make sure you have the <\/span>proper Servicing Stack Updates<\/span><\/a> in place. They\u2019ve all changed in the past month.<\/span><\/p>\n

For those of you manually installing Win7 and 8.1 (and related Server) Security-only patches to avoid Microsoft\u2019s pernicious snooping\/telemetry, I have good news. For November, we haven\u2019t detected the <\/span>full-monty telemetry packages<\/span><\/a> that were lurking in the July and September \u201cSecurity-only\u201d updates.\u00a0<\/span><\/p>\n

As usual, Patch Lady Susan Bradley has full patch-by-patch details in her <\/span>Patch Watch column<\/span><\/a> (paywall).<\/span><\/p>\n

Here\u2019s how to get your system updated the (relatively) safe way.<\/span><\/p>\n

Note: If you install any Office updates, you may start seeing spurious \u201cQuery xxx is corrupt\u201d error messages that look like the screenshot.<\/span><\/p>\n

Should those start appearing, realize that they\u2019re caused by a bug in the latest Office patches. You\u2019ll have to manually download and install a fix for the bad patch. Microsoft has a list of the buggy patches and their fixes on the <\/span>Office Support site<\/span><\/a>.<\/span><\/p>\n

Step 1.<\/strong> Make a full system image backup before you install the latest patches.<\/span><\/p>\n

There\u2019s a non-zero chance that the patches \u2014 even the latest, greatest patches of patches of patches \u2014 will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points.<\/span><\/p>\n

There are plenty of full-image backup products, including at least two good free ones:<\/span> Macrium Reflect Free<\/span><\/a> and<\/span> EaseUS Todo Backup<\/span><\/a>. For Win7 users, If you aren\u2019t making backups regularly, take a look at this<\/span> thread started by Cybertooth<\/span><\/a> for details. You have good options, both free and not-so-free.<\/span><\/p>\n

Step 2. <\/strong>For Win7 and 8.1<\/span><\/p>\n

Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that\u2019s 24 months old or newer, follow the instructions in<\/span> AKB 2000006<\/span><\/a> or<\/span> @MrBrian\u2019s summary of @radosuaf\u2019s method<\/span><\/a> to make sure you can use Windows Update to get updates applied.<\/span><\/p>\n

If you\u2019ve been relying on the Security-only \u201cGroup B\u201d patching approach to keep Microsoft\u2019s snooping software off your PC, this month you\u2019re in luck \u2014 we haven\u2019t detected a repeat of the full telemetry packages hidden in the July and September patches. That means you can install the June, August, October and November patches without covering Microsoft\u2019s messy tracks.<\/span><\/p>\n

For most Windows 7 and 8.1 users, I recommend following<\/span> AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups<\/span><\/a>. You should have one Windows patch, dated November 12 (the Patch Tuesday patch).\u00a0<\/span><\/p>\n

Realize that some or all of the expected patches for November may not show up or, if they do show up, may not be checked. DON’T CHECK any unchecked patches. Unless you’re very sure of yourself, DON’T GO LOOKING for additional patches. In particular, if you install the November Monthly Rollup, you won\u2019t need (and probably won\u2019t see) the concomitant patches for October. Don’t mess with Mother Microsoft.<\/span><\/p>\n

If you see<\/span> KB 4493132<\/span><\/a>, the \u201cGet Windows 10\u201d nag patch, make sure it\u2019s unchecked.<\/span><\/p>\n

Watch out for driver updates \u2014 you\u2019re far better off getting them from a manufacturer\u2019s website.<\/span><\/p>\n

After you\u2019ve installed the latest Monthly Rollup, if you\u2019re intent on minimizing Microsoft\u2019s snooping, run through the steps in<\/span> AKB 2000007: Turning off the worst Win7 and 8.1 snooping<\/span><\/a>. If you want to thoroughly cut out the telemetry, see @abbodi86\u2019s detailed instructions in<\/span> AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model<\/span><\/a>.<\/span><\/p>\n

If you\u2019re worried about Windows 7 hitting end-of-support in January, don\u2019t be alarmed. About a quarter of all Windows users will hit the end-of-support date,<\/span> just like you<\/span><\/a>. Win7 won\u2019t suddenly stop working on Jan. 14, 2020. You have many options \u2014 and not all of them end with Windows. We follow the alternatives intently in the <\/span>Seven Semper Fi series<\/span><\/a> on AskWoody.<\/span><\/p>\n

Step 3.<\/strong> For Windows 10 prior to version 1903<\/span><\/p>\n

If you\u2019re running Win10 version 1803, the November cumulative update is your last. You need to move on\u00a0\u2014 but not necessarily in the direction Microsoft is pushing you. I have a full discussion of your options and step-by-step instructions for getting to the version that you want in <\/span>Running Win10 version 1803 or 1809? You have options. Here\u2019s how to control your upgrade.<\/span><\/a><\/p>\n

If you\u2019re using Win10 version 1809\u00a0\u2014 my production machines are still on 1809\u00a0\u2014 you should start thinking about moving to 1903. Microsoft has issued rivers of patches for 1903 in recent months, and 1903 may be approaching some semblance of stability. I’m going to take a close look at the December patches before jumping ship, and suggest you do as well.<\/span><\/p>\n

Once you\u2019re running the version of Win10 that you want\u00a0\u2014 there\u2019s no reason to install patches until you\u2019re running the right version\u00a0\u2014 and you have Win10 Pro (or Education or Enterprise), you can follow my<\/span> advice from February<\/span><\/a> and set \u201cquality update\u201d (cumulative update) deferrals to 15 days, per the screenshot. If you have quality updates set to 15 days, your machine already updated itself on Nov. 27 and will update again on Christmas Day.\u00a0<\/span><\/p>\n

If you\u2019re stuck with Win10 1803 or 1809 Home, it\u2019s time to move to version 1903 (or even 1909). The potential disruption of a version change is worth that one key new feature\u00a0\u2014 probably the single best new feature ever introduced in Windows 10\u00a0\u2014 which allows you to defer updates, giving Microsoft a chance to test its patches before they roll onto your system. See <\/span>Running Win10 version 1803 or 1809? You have options. Here\u2019s how to control your upgrade<\/span><\/a> for full details.<\/span><\/p>\n

Step 4. <\/strong>For Windows 10 version 1903 and 1909<\/span><\/p>\n

Windows Update in Win10 version 1903 went through a <\/span>major makeover<\/span><\/a> in September\u00a0\u2014 the documentation didn\u2019t change, but the behavior did. The result is a major step forward in Windows 10 patching.<\/span><\/p>\n

You may find that you can tell Win10 to delay quality updates by 15 days, as shown in the preceding screenshot, but you have a much simpler tool at your disposal.<\/span><\/p>\n

If you\u2019re on Win10 version 1903 or 1909 (either Home or Pro), click the link on the Windows Update page that says \u201cPause updates for 7 days,\u201d then click on the newly revealed link, which says \u201cPause updates for 7 more days,\u201d then click it again.<\/span><\/p>\n

By clicking that link three times, you\u2019ll defer cumulative updates for 21 days from the day you started clicking\u00a0\u2014 if you do it today, you\u2019ll be protected until Dec. 26\u00a0\u2014 which is typically long enough for Microsoft to work out the worst bugs in their patches.<\/span><\/p>\n

There are several group policies and a handful of registry settings working in the background when you click Pause updates. You may even be able to see the settings if you\u2019re using Win10 Pro. But the \u201cPause updates\u201d approach has proven itself to work reliably for everybody, 1903 or 1909, Pro or Home. Use it.<\/span><\/p>\n

If you see an offer of an Optional update (screenshot), don\u2019t click Download and install now. Even more bugs await.<\/span><\/p>\n

The December updates should appear next week. Realize that a large percentage of experienced Windows devs take vacations through much (or all!) of December. Expect the December patches to be minimal and\u00a0\u2014 cross your fingers\u00a0\u2014 relatively benign.<\/span><\/p>\n

Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86 and many others.<\/span><\/i><\/p>\n

We\u2019ve moved to MS-DEFCON 4 on the<\/span><\/i> AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Thu, 05 Dec 2019 07:46:00 -0800<\/strong><\/p>\n

\n
\n

The November passel of patches didn\u2019t include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.<\/span><\/p>\n

If you install patches manually one by one (\u201cGroup B,\u201d which I don\u2019t recommend for mere mortals), you need to make sure you have the <\/span>proper Servicing Stack Updates<\/span><\/a> in place. They\u2019ve all changed in the past month.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,714,10525],"class_list":["post-17104","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17104"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17104\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17104"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}