![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security5-100734739-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Mon, 10 Feb 2020 12:13:00 -0800<\/strong><\/p>\n Remember the frenzy after last month\u2019s Patch Tuesday? How everybody and his twice-removed cousin \u2014 even the N forkin\u2019 SA\u00a0\u2014 told you to get patched immediately because of this big, spooky <\/span>Crypto API security hole<\/span><\/a> that was supposed to bring down\u00a0 Windows As We Know It, like, right now?<\/span><\/p>\n Guess what. <\/span>It never materialized<\/span><\/a>.<\/span><\/p>\n To its credit, Microsoft never said the Chain of Fools\/CurveBall CVE-2020-0601 fix was a \u201cCritical\u201d patch. That didn\u2019t keep most of the increasingly echo-like Windows blogosphere from crying, \u201cFire!\u201d<\/span><\/p>\n If you prefer to wait and see if the latest Windows patches turn to dreck, there are a few simple steps to take right now.<\/span><\/p>\n The last free, pushed Win7 patches arrived a month ago. <\/span><\/p>\n If you paid for Win7 Extended Security Updates\u00a0\u2014 yes, <\/span>even a business of one can get them<\/span><\/a>\u00a0\u2014 you\u2019re due a patch tomorrow. One little problem: We haven\u2019t seen the patch and don\u2019t know absolutely, for sure, how it\u2019ll arrive.<\/span><\/p>\n If you haven\u2019t paid for Win7 Extended Security Updates, we also don\u2019t know what the morrow will bring. Windows 7 already has one manually downloadable patch to fix the bad patch last month (which introduced the \u201cStretch\u201d black wallpaper bug) and I expect we\u2019ll see a patch at some point to fix the <\/span>\u201cYou don\u2019t have permission to shut down this computer\u201d bug<\/span><\/a>. For now, there\u2019s nothing pressing. See Patch Lady Susan Bradley\u2019s <\/span>Feb. 9 podcast<\/span><\/a> for more details.\u00a0<\/span><\/p>\n I suggest you keep your powder dry by following the usual steps: Click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.<\/span><\/p>\n We\u2019ll watch for any goofiness and alert you, as usual.<\/span><\/p>\n If you\u2019re using <\/span>Windows 8.1<\/strong> (believed by many to be the most stable version of Windows currently on offer), click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.<\/span><\/p>\n Not sure which version of Win10 you\u2019re running? Down in the Search box, near the Start button, type About, then click About your PC. The version number appears on the right under Windows specifications.<\/span><\/p>\n If you\u2019re using Win10 1803 or 1809, I strongly urge you to move on to Win10 version 1903. Microsoft released it (to some consternation) in May of last year. It had a shaky start before plunging into a four-patch debacle in September\/October, but now appears to be relatively stable. There are detailed step-by-step instructions for moving to Win10 1903 in “<\/span>Why \u2014 and how \u2014 I\u2019m moving Win10 production machines to version 1903<\/span><\/a>.”<\/span><\/p>\n If you insist on sticking with Win10 1809 (thrice bitten, thrice shy, eh?), you can block updates by following the steps in <\/span>December\u2019s Patch Tuesday warning<\/span><\/a>. Be acutely aware of the fact that Microsoft won\u2019t be handing out any more security patches for 1809 Home or Pro after the May Patch Tuesday.<\/span><\/p>\n In version 1903 or 1909 (either Home, Pro, Education or Enterprise, unless you\u2019re attached up an update server), if you <\/span>followed my instructions last month<\/span><\/a>, you already have “Pause Updates” set so patching resumes near the end of February (screenshot).\u00a0<\/span><\/p>\n Not sure if you\u2019re sufficiently paused? To check, using an administrator account, click Start > Settings > Update & Security. If you\u2019re paused until the end of the month or so, you don\u2019t need to do anything. That\u2019ll give you three weeks after Patch Tuesday to see if there are any bad bugs.<\/span><\/p>\n On the other hand, if pause is set to expire before the end of February, or if you don\u2019t have a pause in effect, you should set up a patching defense perimeter that keeps patches off your machine for the rest of this month. Using that administrators account, click the “Pause updates for 7 days” button, then click it again and again, if necessary, until you\u2019re paused out into March. (If you have a partial pause already in effect, you may need to click “Resume updates,” then reboot.)<\/span><\/p>\n For those of you who have been wondering about the \u201coptional, non-security, C\/D Week\u201d KB 4532695 patch for Win10 1903 and 1909, it\u2019s there, but you shouldn\u2019t install it. For weeks I\u2019ve been wondering why I didn\u2019t see KB 4532695 offered on my 1903 machines as an additional update to \u201cDownload and install now.\u201d <\/span>@abbodi86 on AskWoody.com <\/span><\/a>finally figured it out: If you\u2019re running Win10 1909, you\u2019ll see KB 4532695 offered as an additional update, as one would expect. But if you\u2019re running Win10 1903, you have to have a specific combination of hidden and blocked patches before the optional\u00a0KB 4532695 is offered.<\/span><\/p>\n Don\u2019t be spooked. Don\u2019t be stampeded. And don\u2019t install any patches that require you to click \u201cDownload and install now.\u201d They\u2019ll be minimally tested and available soon enough.<\/span><\/p>\n If there are any immediate widespread problems protected by this month\u2019s Patch Tuesday\u00a0\u2014 a rare occurrence, but it does happen\u00a0\u2014 we\u2019ll let you know here, and at AskWoody.com, in very short order.<\/span><\/p>\n We\u2019re at MS-DEFCON 2 <\/span><\/i>on AskWoody<\/span><\/i><\/a>.<\/span><\/i><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Mon, 10 Feb 2020 12:13:00 -0800<\/strong><\/p>\n Remember the frenzy after last month\u2019s Patch Tuesday? How everybody and his twice-removed cousin \u2014 even the N forkin\u2019 SA\u00a0\u2014 told you to get patched immediately because of this big, spooky <\/span>Crypto API security hole<\/span><\/a> that was supposed to bring down\u00a0 Windows As We Know It, like, right now?<\/span><\/p>\n Guess what. <\/span>It never materialized<\/span><\/a>.<\/span><\/p>\n<\/p>\n