The December 2019 Microsoft patches get the all-clear

There was – and is – no pressing reason to install the December 2019 patches, other than the imminent arrival of January’s Patch Tuesday on Jan. 14. The only major hiccup lies in wait for those who install Win7 patches (or .NET patches) manually.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths
Pashaignatov / Getty Images

With most of Microsoft out on vacation, the December 2019 crop of Windows, Office, .NET and other patches left us blissfully unscathed, unless you’re installing Win7/Server 2008 patches (or .NET patches) manually. In that case, a poorly documented, odd installation sequence for Servicing Stack Update KB 4531786 has led many a manual patcher (and admin) to drink.

One big change this month: If you’re running Windows 10, I figure it’s a good idea to move to Win10 version 1903. The last time 1903 had a major meltdown was three months ago, and things have stabilized since then.

As usual, Patch Lady Susan Bradley has a detailed analysis in her Patch Watch column, with a full patch-by-patch reckoning in her Master Patch List (paywall, donation requested).

Here’s how to get your system updated the (relatively) safe way.

Make a full backup

Make a full system image backup before you install the latest patches.

There’s a non-zero chance that the patches — even the latest, greatest patches of patches of patches — will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points.

There are plenty of full-image backup products, including at least two good free ones: Macrium Reflect Free and EaseUS Todo Backup. For Win 7 users, If you aren’t making backups regularly, take a look at this thread started by Cybertooth for details. You have good options, both free and not-so-free.

Patch Win7, Win8.1, or associated Servers

Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s 24 months old or newer, follow the instructions in AKB 2000006 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.

For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. You should have one Windows patch, dated Dec. 10 (the Patch Tuesday patch), maybe an Office patch, and possibly a .NET patch. 

If you insist on manually installing Security-only patches for Win7 and Server 2008 (I call that the “Group B” approach on AskWoody), there’s a complex series of interactions with the November and December Servicing Stack Updates. You’ll have to reboot at least twice – details from @PKCano on the AskWoody site. If in doubt, ask questions on the site! It’s easy and free.

Realize that some or all of the expected patches for December may not show up or, if they do show up, may not be checked. DON'T CHECK any unchecked patches. Unless you're very sure of yourself, DON'T GO LOOKING for additional patches. In particular, if you install the December Monthly Rollup, you won’t need (and probably won’t see) the concomitant patches for November. Don't mess with Mother Microsoft.

If you see KB 4493132, the “Get Windows 10” nag patch, make sure it’s unchecked.

Watch out for driver updates — you’re far better off getting them from a manufacturer’s website.

After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. If you want to thoroughly cut out the telemetry, see @abbodi86’s detailed instructions in AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model.

If you’re worried about Windows 7 hitting end-of-support later this month, don’t be alarmed. About a quarter of all Windows users will blissfully blow beyond the end-of-support date, just like you. Win7 won’t suddenly stop working on Jan. 14. You have many options – and not all of them end with Windows. We follow the alternatives intently in the Seven Semper Fi series on AskWoody.

Patch Win10 and associated Servers

If you’re running Win10 version 1803, 1809, Server 1809, Server 2019, or any earlier version of Windows 10, I urge you to upgrade to Win10 version 1903. (You can find your version by typing winver in the Search box in the lower left corner and pressing Enter.) There are detailed upgrade instructions, with suitable caveats, here: Why — and how — I’m moving Win10 production machines to version 1903.

Win10 1903 is far from perfect, but it seems to be relatively stable at this point. The one huge advantage: It lets everybody pause updates with a few simple clicks. That feature has my vote for the most important (perhaps the only important) upgrade to Win10 in the past four-plus years.

If you insist on using Win10 version 1809, go through the steps in All’s clear to install Microsoft’s November patches to get 1809 updated. If you’re on Win10 version 1909, I figure you’ve jumped the gun if not the shark, but the instructions here will work.

If you’ve been following my usual advice – to click “Pause updates for 7 days” three times – your machine should’ve installed the December patches around the end of the month. You’re in good shape.

If you haven’t been following that advice, it’s time to start using your Redmond-Given Rights: Click Start > Settings (the gear icon) > Update & Security. Click Windows Update on the left side, then click “Pause updates for 7 days.” Next, click on the newly revealed link, which says “Pause updates for 7 more days,” and click it again. That pauses all updates for 21 days which, historically, has been long enough for Microsoft to fix its most egregious bugs. (Notable recent exceptions: The File Explorer Search bug in Win10 version 1909 and the Keystone Kops IE 0day patch bugs in September/October 2019.)

1909 download and install now Microsoft

If you see an offer of an Optional update (screenshot), don’t click Download and install now. There’s a reason why Microsoft deems such patches “optional.”

The January updates should appear next week. With the Win10 dev crew back from a well-deserved holiday nap, expect some significant changes. Some of them (fixing the Win10 1909 File Explorer Search bug?) may actually be worthwhile.

Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86 and many others.

We’ve moved to MS-DEFCON 5 on the AskWoody Lounge.

Copyright © 2020 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon