Tomorrow’s Patch Tuesday — time to block Windows automatic update

Tomorrow’s Patch Tuesday — time to block Windows automatic update

If you haven’t patched your Windows machine since May, you’re in harm’s way and need to get your BlueKeep inoculation right away. That goes for PCs running Windows XP (!), Vista, Win7, Server 2003, Server 2008 or Server 2008 R2. There’s a working-but-not-yet-fully-armed exploit for the BlueKeep hole making the rounds right now, and it’s only a matter of time before it’s fully weaponized. With 700,000+ machines unpatched and immediately accessible, BlueKeep is a disaster waiting to happen. Tell your friends.

With that very notable exception, now would be an excellent time to make sure Windows automatic update is reined in. I call it crowdsourced bug hunting, and describe it in “The case against knee-jerk installation of Windows patches.”

Blocking automatic update on Win7 and 8.1

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” and click OK.

Blocking automatic update on Win10 Pro 1803 or 1809

Not sure which version of Win10 you’re running? Down in the Search box, near the Start button, type “About,” then click “About your PC.” The version number appears on the right under Windows specifications.

If you’re on Win10 Pro version 1803, you have three options: Stick with version 1803 a while longer (the last scheduled patch for 1803 arrives on Nov. 12); upgrade to version 1809; or go for 1903, which has had teething problems lately. I have details on the options, what they entail, and how to pursue them in last month’s column, “Is Windows pushing you to upgrade? Don’t be bullied. There’s a middle path.”

If you’re using Win10 Pro version 1809, or if you’re on 1803 and want to stay there a bit longer, I recommend an update blocking technique that Microsoft recommends for “Broad Release” in its obscure Build deployment rings for Windows 10 updates — which is intended for admins, but applies to you, too. (Thx, @zero2dash.)

Copyright © 2019 IDG Communications, Inc.


Leave a Reply

Your email address will not be published.