By , Columnist, Computerworld | PT
With a few lingering holes plugged in the past couple of days, it looks like the coast is clear for applying the February 2019 Windows, Office and Net patches. But there are some troubling reports of bluescreens with the Win 8.1 Monthly Rollup.
Microsoft’s February patches have been relatively benign, for all except those running Windows 8.1. Since I wrote about the outstanding problems last week, we’ve had a few interesting new developments:
- Microsoft released the second February cumulative update for Windows 10 version 1809, KB 4482887. It has three dozen bug fixes, including a fix for the Access95-era Jet database bug, but appears to be quite solid.
- There’s a mysterious new “Compatibility update for upgrading to and recovering Windows 10, version 1809: March 1, 2019” KB 4489491 that’s so poorly documented it could do just about anything. I often wonder how admins with regulatory responsibilities can install stuff like this.
- The “Access 95 Jet database bug” introduced by this month’s Win7 and 8.1 Monthly Rollups and Security-only patches now have standalone fixes in the Microsoft Catalog -- KB 4490511 for Win7 and KB 4490512 for Win8.1.
- I’m seeing reports of bluescreens after installing this month’s Win 8.1 Monthly Rollup, KB 4487000. If you’re using Windows 8.1, you should be prepared to roll back the Monthly Rollup.
All of this comes in addition to the “Internet Explorer doesn’t understand the backslash” bug I described last week. @PKCano further admonishes, “Watch out for the KB 4491113 hotfix Cumulative update for IE 11, which can cause additional problems. Unless you are having that specific problem – and you can’t avoid using IE 11 – avoid the fix.”
Susan Bradley’s detailed Master Patch List shows that we’re ready to go – even with this month’s NET patches.
Win10 1809 rolling out slowly, slowly
If you have any version of Win10, you’re in the crosshairs for Microsoft’s latest version pushed with the help of a new, improved, extraterrestrial superintelligent next-generation machine-learning model.
People ask me why I’m so cynical about 1809. I’m not really all that cynical – in fact, it looks like Microsoft’s trying very hard to make this one better than all that came before. My skepticism stems from the fact that 1809 doesn’t bring anything I want to the table: A new clipboard that’s almost as good as decade-old free plugins; better screenshots with markup; Storage Sense improvements that are disabled by default for good reason; and a handful of ho-hum features. Should you upgrade your machine for that?
Bottom line remains the same: Unless you want Win10 version 1809 on your machine, you need to proactively block it until you’re comfortable with moving on to the next, arguably better version of the last version of Windows.
Here’s how to get your system updated the (relatively) safe way.
Step 1. Make a full system image backup before you install the February patches.
There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This is in addition to the usual need for System Restore points.
There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free and EaseUS Todo Backup. For Win 7 users, If you aren’t making backups regularly, take a look at this thread started by Cybertooth for details. You have good options, both free and not-so-free.
Step 2. For Win7 and 8.1:
Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s 18 months old or newer, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.
If you’re very concerned about Microsoft’s snooping on you and want to install just security patches, realize that the privacy path’s getting more difficult. The old “Group B” — security patches only — isn’t dead, but it’s no longer within the grasp of typical Windows customers. If you insist on manually installing security patches only, follow the instructions in @PKCano’s AKB 2000003 and be aware of @MrBrian’s recommendations for hiding any unwanted patches.
For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Realize that some or all of the expected patches for February may not show up or, if they do show up, may not be checked. DON'T CHECK any unchecked patches. Unless you're very sure of yourself, DON'T GO LOOKING for additional patches. In particular, if you install the February Monthly Rollups or Cumulative Updates, you won’t need (and probably won’t see) the concomitant patches for January. Don't mess with Mother Microsoft.
Watch out for driver updates — you’re far better off getting them from a manufacturer’s website.
After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. If you want to thoroughly cut out the telemetry, see @abbodi86’s detailed instructions in AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model.
Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines. But I’m starting to believe that information pushed to Microsoft’s servers for Win7 owners is almost as extensive as that pushed in Win10.
Step 3. For Windows 10:
If you’re running Win10 version 1709, or version 1803 (my current preference), you definitely want to block the forced upgrade to Win10 1809. Don’t get caught flat-footed: Microsoft is pushing 1809 slowly, but you don’t have to go when that superintelligent deployment program says you’re ready. Follow the advice in How to block the Windows 10 October 2018 Update, version 1809, from installing. Of course, all bets are off if Microsoft, uh, forgets to honor its own settings.
Those who run Win10 Pro/Education and followed my advice in February – to set “quality update” (cumulative update) deferrals to 15 days, per the screenshot – don’t need to do anything. Your machine already updated itself on the 27th. Don’t touch a thing and in particular don’t click Check for updates.
For the rest of you, including those stuck with Win10 Home, go through the steps in "8 steps to install Windows 10 patches like a pro." Make sure that you run Step 3, to hide any updates you don’t want (such as the Win10 1809 upgrade or any driver updates for non-Microsoft hardware) before proceeding.
If you really want to hide everything, including the mysterious KB 4023057 patch I mentioned last week, you need to go through @PKCano’s steps to wring every last update out of your update queue. Microsoft hides some of them.
Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86, and many others.
We’ve moved to MS-DEFCON 4 on the AskWoody Lounge.