December Patch Tuesday round-up: Winding down for the year

At last, we have the final updates for 2020 from Microsoft. For anyone keeping count, we ended up with 1,250 CVEs (Common Vulnerabilities and Exposures) for the year. That’s almost 50% more than the 800 we had to deal with in 2019. Given the way we get updates delivered in a cumulative fashion, I don’t think of it as about the number of vulnerabilities; I think more about how many times I had to deal with post-release issues in 2020. I’ll recap the year’s major patching issues later this month. For now, I’ll summarize the issues to watch out for in December.

First, a reminder if you’re running Windows 10 1903: This is the last official release for that version. You must be on Windows 10 1909 (or later) to continue to receive security updates. In the past, I have recommended setting the deferral for feature updates for 365 days. Now, I recommend using the targetreleaseversion setting to specify the exact feature release version you want. So if you set the value at 1909, you’ll receive 1909; if you set it at 2004 — even if you are on 1903 — you’ll get offered 2004, not 1909. (For Windows 10 Home users, I continue to recommend you upgrade from Home to Professional to better control updates.) 

As always, before installing any updates, make sure you backup your computer to ensure you are protected from any failure of a hard drive, ransomware, issues with updates or myriad other problems that can crop up.

For those running Windows 8.1 or Server 2012 R2, as always, there are two sets of updates: the monthly rollup in the form of KB4592484 and the security-only update, KB4592495, which is only available from the Microsoft catalog site or other corporate patching platforms. For nearly an entire year the one known issue of “renaming  files or folders that are on a Cluster Shared Volume (CSV)” has never been fixed, which means it’s such a minor issue Microsoft never prioritized fixing it. While I don’t anticipate issues on this rock-solid platform, I don’t recommend you install updates until we can be sure we are again trouble free. This week the week I watch for issues and test on spare machines only. 

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the “Turn automatic updating on or off” link. Click the “Change Settings” link on the left. Verify that you have Important Updates set to “Never check for updates (not recommended)” or “Download and do not install” and click OK.

Windows 7 patchers need to decide whether they want to again repurchase the Extended Servicing Update package or migrate to a supported platform. It’s expected to double in price and will need to be reapplied to the operating system. (Remember what a hassle it was to use the command line to enter the product key the last time? Well, you need to redo it again in January to keep the operating system patched. If you did purchase Windows 7 ESUs last year, you should get an email in 2021 to remind you to repurchase them to keep your machines patched after January.  Alternatively, you can use the 0patch service to ensure your machine is protected. 

Copyright © 2020 IDG Communications, Inc.

Source link