In general, it is advisable to wait until the end of the month before installing patches in Patch Tuesday. However, this month, the patches seem to be working fine, and the CryptoBall CVE-2020-0601 Crypto API security hole is approaching. Administrators pay close attention to RD Gateway patches.
This month has seen a lot of hands waving and rhetoric, the caliber of the sky is declining, but the reality is much more prosaic. If you do not run a major network (and therefore you are not susceptible to imminent problems with Remote desktop gateway , Citrix network errors or the huge ones 334 patches in Oracle ), there were few reasons to install this month’s updates.
However, it works for solve the security hole a Ball with effect CVE-2020-0601 continues at a pace vertiginous . Some security companies use CurveBall to sell more products, but Microsoft Defender detects at least some affected programs; Firefox, Chrome and Edge will not fall; and previous versions of Windows Win10 (Seven Semper Fi!) have never been exposed.
With several functional routines to prove the concept, but no attacks and, indeed, no signs that a general attack is imminent, the CurveBall patch falls into the «plenty of caution» group. Since we saw some weird issues with the January patches, now seems like a good time to catch up.
Here’s how to upgrade your system (relatively) safely.
Make a full backup
Make a full backup of your system image before installing the latest patches.
There is a non-zero chance that patches, even the latest and greatest patches of patches, will stain your device. It’s best to have a backup that you can reinstall even if the device refuses to turn on. This, in addition to the usual need for system restore points.
There are many full-image backup products, including at least two free images: Macrium Reflect Free and EaseUS All Backup .
Patch Win7, Win8.1 or associated servers
This is the last month we will see free Win7 patches or so we were promised. (It’s hard for me to believe that Microsoft won’t fix it security hole Win7 Internet Explorer JScript CVE-2020-0674 , but Microsoft, right?)
As for those of you who stayed on Win7 worried about the appearance of black wallpaper due to Win7 «Stretch» bug in January , Microsoft now warn :
We are working on a resolution and will provide an update in a future release for organizations that have purchased Extended Security Updates (ESU) from Windows 7 .
Types of work.
The bottom line, for you Win7 – do yourself a favor and change your wallpaper so that it is not stretched before installing the January buggy patch. it follows Instructions of Lawrence Abrams on BleepingComputer .
Microsoft is blocking Windows 7 and 8.1 updates on recent computers. If you’ve been running Windows 7 or 8.1 on a computer for 24 months or more, follow the instructions in AKB 2000006 or @ MrBrian’s summary of the @ radosuaf method to make sure that you can use Windows Update to apply the updates.
For most Windows 7 and 8.1 users, I recommend the following AKB 2000004: How to apply Win7 and 8.1 packages per month . It should have a Windows patch from January 14 (Patch Tuesday patch). If you see a preview of the monthly set, ignore it.
If you insist on manually installing security-only patches for Win7 and Server 2008 (I call it the “Group B” approach in AskWoody), get the full list from @PKCano on the AskWoody website . When in doubt, ask questions on the site! It’s easy and free.
Please note that some or all of the patches expected for January may not appear or, if they do appear, may not be checked. DO NOT CHECK unmarked patches. If you are not very confident, DO NOT LOOK FOR ADDITIONAL PATCHES. In particular, if you install the January monthly set, you won’t need (and probably won’t see) the concomitant patches from December. Don’t mess with Microsoft’s mother.
Yes, go KB 4493132 , the patch annoying «Get Windows 10,» make sure it’s not checked.
Watch out for driver updates – it’s much better to get them from the manufacturer’s website.
After you install the latest monthly build, if you intend to minimize Microsoft espionage, follow steps from AKB 2000007: Disabling the worst espionage in Win7 and 8.1 . If you want to completely remove telemetry, see the detailed instructions of @ abbodi86 at AKB 2000012: How to neutralize telemetry and maintain the cumulative monthly model Windows 7 and 8.1 .
If you’re worried that Windows 7 is coming to an end, don’t worry. The first lost security patch is not until next month. It also has many alternatives and not all of them involve Windows. We look carefully at your options in Seven Semper Fi Series on AskWoody.
Patch Win10 and associated servers
If you are running Win10 version 1803, 1809, Server 1809, Server 2019 or any earlier version of Windows 10, I urge you to upgrade to Win10 version 1903. (You can find your version by typing winner in the search box in the lower left corner and pressing Enter.) There are detailed instructions in the article Why – and how – I move the Win10 production machines to the 1903 version .
Win10 1903 is far from perfect, but it seems to be relatively stable at the moment. The only big advantage of the 1903 version: it allows everyone to stop updating with just a few clicks. This feature has my vote for upgrade most importantly (maybe The only one important) for Win10 in the last four years.
If you insist on using Win10 version 1809, follow the steps in Everything is clear for the installation of Microsoft patches in November to update 1809. If you are on Win10 1909, I assume you jumped the gun, but the following instructions will work.
If you watched my usual advice , click «Pause updates for 7 days» three times, your device is probably waiting for additional instructions, displaying a «Discontinued updates» notification in the Windows Update panel (Start> Settings (wheel icon))> Update and security> Windows Update). If you see that the updates have stopped, click ‘Resume Updates’. Windows will come out and install the cumulative January update, plus any other ancillary patches (for example, for .Net) that you need.
I’m very happy to say that clicking «Resume Updates» won’t automatically move you to Win10 1909. To move to the next version, which continues suffering mistakes In particular the File Explorer search error, you should click on a link that says «Download and install now». Don’t click on it.
After updating and restarting, pause the updates for 28 days – click Start> Settings> Update and Security. Click Windows Update on the left, then click «Pause Updates for 7 Days.» Then click on the newly revealed link that says «Pause updates for another 7 days» and click on it again for the last time for a total of four clicks. It stops all updates for 28 days, until February 21st. Hopefully, it will be enough for Microsoft to fix the errors it made in February.
If you see an offer for an optional upgrade (screenshot), don’t click Download and install now. There is a reason why Microsoft considers these patches to be «optional».
Martia Patch in February is the 11th. This will be the first day that Win7 users will miss a security update (if they don’t pay for it). Expect a lot of handshake and noise, but not a lot of fireworks.