By Susan Bradley
Patch Tuesday is only a few days away. As usual, caution is in order.
I’ve therefore raised the MS-DEFCON level to 2. Make sure your system is backed up and you have deferred updates.
In addition, I urge you to take stock of the other software that is installed on your system. Often, it’s this third-party software that may result in side effects.
Sometimes patching and the resulting reboot will expose a condition you weren’t expecting. For example, a post in the forums noted that installing the preview update KB5036979 for Windows 10 22H2 caused systems to be unbootable. It’s always concerning that the code in this update will be rolled into the May updates, so I’ll be keeping a sharp eye on these patches.
However, this time it appears that the side effect may be triggered by third-party software from ManageEngine, a Zoho company that provides tools for business networks. As user EvilWizard notes, “It appears to be a ManageEngine update that, when applied alongside 19045.4353, causes a change in the BCD registry key that then causes the OS to fail to load.”
Although Microsoft needs to up its game and prepare better updates, we shouldn’t forget that we don’t run operating systems all by themselves and that there are often interactions. Make sure you always have a backup and can restore, should anything occur. Remember that when you have a backup, you can recover from not only a bad patch but also hard drives that die, malware and viruses, and anything else that may impact your computer.
I recommend that you let your browsers update automatically at the same time you limit patches to your operating systems. In addition, review the search-engine settings in your browsers, on both your computers and your phones.
I have been less than thrilled with the recent behavior of the Google search engine on the Safari browser on an iPhone. The Google search engine is the default on iPhones; lately, it’s been offering to switch to Chrome when providing some (but not all) search results. I’m hoping the behavior I saw was an outlier and a side effect of something I was searching for. Remember, these days you can change the search engine on both iPhones and Android phones to something other than the defaults. Make sure that you’ve chosen the search engine you want on every technology device you have.
For those who used GRC’s InControl app to hold off Windows 11 23H2 and are wondering whether they need to disable the control setting before installing the Windows 11 enablement package, the answer is no. Although you can reset the InControl setting to say 23H2, you do not need to do so ahead of time. Clicking on the enablement link and launching it will easily upgrade you to 23H2.
I’m hoping May will be a much better-behaved month for patches for businesses. We’re still waiting for resolutions from April updates, issues that include additional NTLM traffic and failed business VPN connections. It remains to be seen whether these will be fixed in the May releases. For now, ensure you have deferred updates and working backups — and that you can recover, no matter what the situation.
Resources
- Susan’s Master Patch List
- The MS-DEFCON System explained
- BlockAPatch — Tools to help you hide or block updates
- Steve Gibson’s excellent InControl to manage feature releases
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.