Microsoft is yanking patches already. Make sure automatic update is disabled.

The year is yet young, and Microsoft has already issued, then plucked, four bad patches. Do yourself a favor and let the cannon fodder test the patches before you put them on your machine.

broken window with windows logo in clouds
Thinkstock/Microsoft

With Patch Tuesday coming tomorrow, now’s a good time to make sure you have Windows Automatic Update throttled. Yes, you need to patch sooner or later. No, you don’t need to do it in lockstep with Microsoft’s, uh, exuberant pace.

Case in point: On Jan. 3, Microsoft released 14 non-security Office patches. (Those are patches for the “perpetual” installed “MSI” versions of Office, not the Office 365 Click-to-Run versions. You gotta love the terminology.) The bug fixes covered a range of bugs, most notably including errors in the way Japanese dates are displayed.

A few hours later, the Japanese-language blogs erupted with reports that four of the new patches — the ones for Office 2010 — caused Excel to throw a Stop error when it was opened. The bad patches:

Update for Microsoft Excel 2010 (KB4461627)
Update for Microsoft Office 2010 (KB4032217)
Update for Microsoft Office 2010 (KB4032225)
Update for Microsoft Office 2010 (KB4461616)

Microsoft subsequently pulled the patches, and rewrote the Knowledge Base articles to include this admonition:

After you install this update, you may experience difficulties in Microsoft Excel or other applications. To resolve this, uninstall the update by following the instructions in the “More information” section.

This update is no longer available.

Sound familiar? We had exactly the same scenario — yanked bad Office patches with buggy Japanese date routines — in November and December.

The solution? If you installed the patches, uninstall them. Lucky you.

Yes, Office 2010 is off mainstream support, but it’s still getting patches. Bad ones, at that. Susan Bradley discovered an email market-share report from Litmus that says that in 2017, fully 23% of all tested Outlook emails were opened in Outlook 2010. The world isn’t as advanced as you think.

It’s a jungle out there. Time to bring Windows Update to heel.

Blocking automatic update on Win7 and 8.1

People tend to forget that Windows 7 originally shipped with an automatic update feature that was turned off by default. We’ve come a long way.

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the "Turn automatic updating on or off" link. Click the "Change Settings" link on the left. Verify that you have Important Updates set to "Never check for updates (not recommended)" and click OK.

Blocking automatic update on Win10 Pro

If you’re using Win10 Pro version 1709, 1803, or 1809 I recommend an update blocking  technique that Microsoft recommends for “Broad Release” in its obscure Build deployment rings for Windows 10 updates — which is intended for admins, but applies to you, too. (Thx, @zero2dash)

Step 1. Using an administrative account, click Start > Settings > Update & Security.

Step 2. On the left, choose Windows Update. On the right, click the link for Advanced options. You see the settings in the screenshot.

1809 advanced updates Woody Leonhard

Step 3. To pull yourself out of beta testing (or, as Microsoft would say, to delay new versions until they’re ready for broad deployment), in the first box, choose Semi-Annual Channel.

Step 4. To further delay new versions until they’ve been minimally tested, set the “feature update” deferral setting to 120 days or more. That tells the Windows Updater (unless Microsoft makes another “mistake,” as it has numerous times in the past) that it should wait until 120 days after a new version is declared ready for broad deployment before upgrading and reinstalling Windows on your machine.

Step 5. To delay cumulative updates, set the “quality update” deferral to 15 days or so. (“Quality update” = bug fix.) In my experience, Microsoft usually yanks bad Win10 cumulative updates within a couple of weeks or so. By setting this to 10 or 15 or 20 days, Win10 will update itself after the major screams of pain have subsided and (with some luck) the bad cumulative updates have been pulled or re-issued.

Step 6. Just “X” out of the settings pane. You don’t need to explicitly save anything.

Step 7. Don’t click Check for updates. Ever.

If there are any real howlers — months where the cumulative updates were irretrievably bad, and never got any better, as they were in July of last year — we’ll let you know, loud and clear.

Tired old approach for Windows 10 Home

Here’s the thing about Windows 10 Home. Microsoft considers Home customers fair game. It really should call it Win10 Guinea Pig edition. Microsoft has no qualms whatsoever in pushing its new, untested (perhaps I should say “less-than-thoroughly-tested”) updates and upgrades onto Windows 10 Home machines.

This isn’t a mistake or an oversight. Win10 Home customers by design are Microsoft’s extended beta-plus testing force. Cannon fodder. It’s unconscionable, and it’s been that way since day one. As Susan Bradley says, “Every version of Windows should be able to defer and pause updates. … Microsoft, your customers deserve better than this.”

If upgrading to Win10 Pro isn’t an option — and I sympathize if you’d rather not hand over another $100 to Microsoft for something that should come standard — your only other option is to set your internet connection to “metered.” Metered connections are an update-blocking kludge that seems to work to fend off cumulative updates, but as best I can tell still doesn’t have Microsoft’s official endorsement as a cumulative update prophylactic.

To set your Ethernet connection as metered: Click Start > Settings > Network & Internet. On the left, choose Ethernet. On the right, click on your Ethernet connection. Then move the slider for Metered connection to On.

To set your Wi-Fi connection as metered: Click Start > Settings > Network & Internet. On the left, choose Wi-Fi. On the right, click on your Wi-Fi connection. Move the slider for Metered connection to On.

If you set your internet connection to metered, you need to watch closely as the month unfolds, and judge when it’s safe to let the demons in the door. At that point, turn “metered” off, and just let your machine update itself. Don’t click "Check for updates."

Perhaps the next (“19H1”) version of Win10 Home will get real update-blocking capabilities. I wouldn’t count on it. More about that later.

If you’re really serious about blocking updates at all costs, check out Michael Horowitz’s "Killing Windows Update on Windows 10 - a cheat sheet."

We’re at MS-DEFCON 2 on AskWoody.

Related:

Copyright © 2019 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon