MS-DEFCON 2: Deferring that upgrade

By Susan Bradley

It’s always a bit awkward to know when a major feature release should be accepted.

I do not recommend installing a feature release on or soon after the second Tuesday of the month — Patch Tuesday. That’s because the upgrade hits the Internet, looking for any uninstalled patches that the feature release needs.

It’s a good reason to pause updates, which is why I’m raising the MS-DEFCON level to 2.

However, if you’re ready to install Windows 11 24H2, do it now — before Monday evening. As soon as that update is in, use Windows Settings to pause updates. This avoids Tuesday’s security updates, which we obviously have not yet examined.

On the other hand, you may not be ready for 24H2 (and I don’t blame you). If that’s the case, set your phaser on stun — pause updates now for at least a couple of weeks. By that time, I’ll have further guidance in my Patch Watch column.

Consumers

Windows 10 May security updates will include a long-awaited fix. As Microsoft notes in KB5055612, the System Guard Runtime Monitor Broker service has been fixed:

The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025, or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’.

The update also includes an updated Windows Kernel Vulnerable Driver Blocklist in the form of the file (DriverSiPolicy.p7b). Additions have been made to blocklist drivers with security vulnerabilities that have been used in Bring Your Own Vulnerable Driver (BYOVD) attacks. That said, some security researchers have not been impressed with Microsoft’s implementation of this protection. We’ll see whether Microsoft got it right this time.

If you have a qualifying Copilot+ PC, Microsoft will begin to dribble out Recall this month. If you recall (with your brain, not your PC), this is a Windows feature that takes screenshots automatically, recording what you’ve been working on. It remains to be seen how much it will be used, but it’s going to be pushed to you.

Businesses

Microsoft has released a fix that was causing machines receiving the April security update to block the installation of Windows 11 24H2 via WSUS or SCCM. As Microsoft notes in its Learn article Windows 11, version 23H2 known issues and notifications:

Devices which have installed the April Windows monthly security update, released April 8, 2025, or later (starting with KB5055528) might be unable to update to Windows 11, version 24H2 via Windows Server Update Services (WSUS). WSUS allows Servers with the WSUS role to defer, selectively approve, and schedule updates for specific devices or groups across an organization.

As part of this issue, the download of Windows 11, version 24H2 does not initiate or complete. Windows updates log can show error code 0x80240069, and further logs might include text similar to “Service wuauserv has unexpectedly stopped”.

To fix the issue, install the msi from the Microsoft link and then configure the Group Policy at Computer Configuration | Administrative Templates.

Resources

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend