Jump to content
  • MS-DEFCON 4: Wrapping up a short month


    Karlston

    • 566 views
    • 4 minutes
     Share


    • 566 views
    • 4 minutes

    defcon-digit-4-so.png

    February’s patches affected you either severely, or not at all.

    The good news: If you are a consumer, home user, or business that does not use Windows Server 2022 or any version of on-premises Exchange server, you will be just fine installing the updates at this time. Therefore, I am very comfortable with lowering the MS-DEFCON level to 4.

    However, if you are a business patcher with Windows Server 2022 hosted in VMware, you may have been significantly impacted. In addition, patch administrators are still dealing with the side effects of the Exchange updates.

    Consumer and home users

    Both Apple and Windows patches have been relatively well behaved this month. I always say “relatively” because with any updating experience, someone somewhere may have a hiccup.

    For those of you maintaining a Windows PC that is capable of receiving an update to Windows 11 but don’t want it, remember that you can use registry keys, group policy editing, Intune, or the InControl app to edit the settings so that Windows 10 remains without nagging. Also remember that you can specifically set the feature releases to stop at a specific release number. If you aren’t as fussy about that, but still want control on the basics of the operating system version, that is easily done.

    If you have a Windows 10 Professional, enter “edit group policy” into the search box and launch the resulting editor. Click Computer configuration | Administrative Templates | Windows Components. Scroll all the way to the bottom and select Windows Update | Windows update for Business, then click Select the target feature update version. (see Figure 1.)

    ALERT-2023-02-28-bradley-fig-1.jpg
    Figure 1. You can use the local Group Policy Editor to control which Windows version and feature release you wish to remain with.

    Click the Enabled radio button (if not already selected), then look for the text box labeled “Which Windows product version would you like to receive feature updates for? e.g., Windows 10.” Enter Windows 10. Leave the second box, “Target Version for Feature Updates,” blank. Click the Apply button, then exit the policy editor.

    This will keep your system at Windows 10 indefinitely. If you would prefer a Registry link, use this download.

    Finally, beware of disabling applications. Folks on Reddit are often gamers or those who love to tinker with their operating systems. One such poster disabled the Microsoft Defender/Antimalware Service Executable and now, after installing KB5022360, he found that other applications would not run or would start slowly. Always keep in mind that if you install another antivirus software program, it will promptly disable Microsoft Defender. One AV program at a time, please!

    It is wise not to disable services unless you understand the ramifications fully and have a good backup. If you have any issues after an update, come and ask in our forums — don’t start following advice in a random post you found at the top of a Google search.

    Business users

    For businesses with an on-premises Exchange server, the way forward is murkier. For those on Exchange 2013, remember that its window of support is coming to a close and there will be no extended support updates. You may also see a crash in the Exchange Web services. Microsoft has released a specific KB article with registry fixes.

    If you had Windows Server 2022 in VMware — specifically, versions older than ESXi 8.0 — you found your servers unable to boot after the February updates. ESXi 6.7 will not be patched. However, a patch has been released to VMWare ESXi 7.0 U3k, released on February 21.

    For those who still patch Windows Server 2012 R2 Essentials (not the plain server, but a specific SKU for small businesses), you won’t be able to install February’s updates until Microsoft fixes detection. Seems the company forgot to include the Essential SKU in its updating build, so it fails to detect that server version. I’ll let you know when the detection is fixed.

    Our next Patch Tuesday is March 14, giving you plenty of time to update your VMware and your servers.

     

    MS-DEFCON 4: Wrapping up a short month


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...