With Patch Tuesday arriving, get Windows Automatic Update under control

If you’re running Win7, 8.1, or Win10 1903 or 1909, putting on a temporary patching pause is quick and easy. Other versions, not so much. Here’s how to run to the sidelines, so you can watch while the pioneers engage in unpaid Windows update beta-testing.

putting on a band-aid patch with binary code
Thinkstock

December was a remarkable patching month. For those of you who use Windows Update, there were few surprises. (Manual updaters had it rough, though.) If you’ve been following along, you’ve already installed the December updates. Great. It’s time to get ready for January by temporarily turning off Windows Automatic Update.

If you’re a member of the “Get patched as soon as they roll out” team (a shrinking cohort, from my observation, anyway), my hat’s off to you. We need all the cannon fodder we can get. Be sure to keep us updated on AskWoody.

But if you figure there’s more danger from Pavlovian patching practices than from malware immediately following a Patch Tuesday, there are reasonably easy alternatives. Wait while we all watch the unpaid beta-testers take one for the Gipper.

Blocking automatic update on Win7 and 8.1

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the "Turn automatic updating on or off" link. Click the "Change Settings" link on the left. Verify that you have Important Updates set to "Never check for updates (not recommended)" and click OK.

Yes, this month’s Patch Tuesday brings the last free security patches for Win7. No, you shouldn’t let them install by themselves. We’ll have a lot of coverage of Win7 weaning worries in the coming weeks.

Blocking automatic update on Win10 1803 or 1809

Not sure which version of Win10 you’re running? Down in the Search box, near the Start button, type About, then click About your PC. The version number appears on the right under Windows specifications.

If you’re using Win10 1803 or 1809, I strongly urge you to move on to Win10 version 1903. Microsoft released it (to some consternation) in May of last year. It had a shaky start before plunging into a four-patch debacle in September/October, but now appears to be relatively stable. There are detailed step-by-step instructions for moving to Win10 1903 in "Why — and how — I’m moving Win10 production machines to version 1903."

If you insist on sticking with Win10 1809 (thrice bitten, thrice shy, eh?), you can block updates by following the steps in last month’s Patch Tuesday warning.

There’s a better way with Win10 versions 1903 or 1909

In version 1903 or 1909 (either Home, Pro, Education or Enterprise, unless you’re attached up an update server), using an administrator account, click Start > Settings > Update & Security. At the top, click the Pause updates for 7 days button. 

1903 pause 7 days 4 Woody Leonhard/IDG

That button changes so it says, "Pause updates for 7 more days." Click it two more times, for a total of 21 paused days. That defers all updates on your machines until 21 days after you click the button. Once set, you can’t extend the deferral any longer unless you install all the outstanding cumulative updates to that point.

Historically, 21 days has sufficed to avoid the worst problems, although the aforementioned Keystone Kops IE 0day patch bugs persisted for more than three weeks. 

If there are any immediate widespread problems protected by this month’s Patch Tuesday — a rare occurrence, but it does happen — we’ll let you know here, and at AskWoody.com, in very short order.

We’re at MS-DEFCON 2 on AskWoody.

Related:

Copyright © 2020 IDG Communications, Inc.

  
Shop Tech Products at Amazon