Microsoft Patch Tuesday is nigh: Pause updates now.

Take a minute right now and make sure you have Windows Update paused. Every month we see problems with patches -- some rare and innocuous, others toxic to a specific subset of Windows users. Step out of the line of fire. It’s easy.

Windows logo with padlocks
Thinkstock/Microsoft

I call it crowdsourced beta testing. Here's how it works.

Microsoft releases its monthly patches. Headlines from the usual suspects scream that you need to get patched right now because of a known exploit – a zero-day.  “Microsoft warns hundreds of millions of users that Windows is at risk. Get patched now!”

You know the tune.

Folks who have seen this drama play out time and again wait to see what problems emerge. They know that you have to get patched eventually, but there's little upside and lots of downside in knee-jerk patching.

In fact, we do occasionally get an emergency patch that needs prompt attention, but they’re exceedingly rare, and always well known – generally within hours of release. We saw that with Eternal Blue, with Sasser, and a few lesser-known security holes. Even in those cases, it took the cretins weeks or months to turn a known vulnerability into a mainstream attack.

By contrast, every month we see problems with patches. Locked up systems. Missing files. Scrambled applications. Undocumented and unannounced updates. If you aren’t well-acquainted with Windows patching woes – and convinced you really shouldn’t expose your machine to Microsoft patches as soon as they’re available – take a look at three years’ worth of problem reports, filed monthly in my Patch Alert series

Fortunately, starting with Windows 10 version 1903 it’s easy to temporarily pause Windows Update. It’s also easy in Win7 and 8.1 – but not so much for versions in between. 

We’re working on reports that Pausing and Unpausing Windows Update may trigger an unexpected installation of Windows 10 version 2004 – which is a version too far for most Windows users, at least at this point. I hope to have a better feel for any oddities before it’s time to unpause this month’s patches. 

In the interim, get your system Paused and keep it that way until the coast is clear. Here’s how.

Blocking automatic update on Win7 and 8.1

Those who paid for Windows 7 Extended Security Updates should be cautious about installing patches immediately. Those who didn’t will either ignore the patches (large majority there), or wait to see if free alternatives appear – and 0patch has filled in several cracks. We’ll be covering both intently on AskWoody.com.

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the "Turn automatic updating on or off" link. Click the "Change Settings" link on the left. Verify that you have Important Updates set to "Never check for updates (not recommended)" and click OK.

Blocking automatic update on Windows 10

By now, almost all of you are on Win10 version 1903 or 1909. Not sure which version of Win10 you’re running? Down in the Search box, near the Start button, type winver, then click Run command. The version number appears on the second line.

If you’re using Win10 1803 or 1809, I strongly urge you to move on to Windows 10 version 1909. If you insist on sticking with Win10 1809 (hard to blame ya!), you can block updates by following the steps in December’s Patch Tuesday warning. Be acutely aware of the fact that Microsoft won’t be handing out any more security patches for 1809 Home or Pro after November 10. The end is near.

In version 1903 or 1909 (either Home, Pro, Education or Enterprise, unless you’re attached to an update server), using an administrator account, click Start > Settings > Update & Security. If your Updates paused timer is set before July 6 (see screenshot below), I urge you to click Resume Updates and let the automatic updater kick in – and do it now, before noon in Redmond on Tuesday, when the Patch Tuesday patches get released.

1909 updates paused 2020 07 Microsoft

If Pause is set to expire before the end of June, or if you don’t have a Pause in effect, you should set up a patching defense perimeter that keeps patches off your machine for the rest of this month. Using that administrator's account, click the "Pause updates for 7 days" button, then click it again and again, if necessary, until you’re paused out into early July. (Note that the next Patch Tuesday falls on July 14.)

If you see a message that says “your device isn’t quite ready” for Win10 version 2004, be of good cheer. The message doesn’t signify anything, really, but it means Microsoft won’t try to push you onto version 2004 in the near future. And if you see an invitation to “Download and install” version 2004, make like Lurch in The Addams Family and repeat, “Uhhhh.”

Don’t be spooked. Don’t be stampeded. Don’t click “Check for updates” (at least until we can confirm that doing so might install something you don’t want). And don’t install any patches that require you to click “Download and install.” 

If there are any immediate widespread problems protected by this month’s Patch Tuesday – a rare occurrence, but it does happen – we’ll let you know here, and at AskWoody.com, in very short order. Otherwise, sit back and watch while our usual monthly crowdsourced patch watch proceeds. Let’s see what problems arise.

We’re at MS-DEFCON 2 on AskWoody.

Copyright © 2020 IDG Communications, Inc.

  
Shop Tech Products at Amazon