It’s time again: with Patch Tuesday in sight, I always recommend pausing or delaying updates, and this month is no different. But the second Tuesday of May also brings to an end support for Windows 10 1909. If you want to receive updates for Windows 10 after May 11, you’ll need to make sure you’re running Windows 10 2004 or 20H2.
So my first request on this Patch Tuesday week is that you check to see what exact version of Windows 10 you have installed, so you know you are still supported.
Typically, there is a window of time when we can safely defer or delay updates and when businesses can test patches before rolling them out. The days of worm attacks where we had to immediately patch systems have long since passed. These days, attacks are typically done using phishing lures to gain access to a system; the weakest link isn’t necessarily software, it’s us,opening Office docs or other files that harvest credentials. If you are even a slightly savvy user, give yourself time to ensure that there are no patching side effects.
(A continuing issue for some users: Microsoft still has not delivered the greatest update experience to those whose systems rely on Conexant audio drivers. As noted on the Windows Health release dashboard, those systems will be offered 2004 or 20H2 but during the upgrade process may roll back to 1909. Microsoft recommends you try the installation again. I recommend proactively removing the audio drivers, doing the upgrade with the audio drivers removed, then reinstalling the drivers.)
In terms of patching, we’ve gotten into this better state of risk because of the overall advances of Windows 10. But it’s key to stay one step ahead of attackers. Ransomware is becoming so much more common that not only are major pipeline infrastructure targets being hit, but we are seeing governments recognize the risks and establishing task forces to look into them.
Currently, Microsoft includes some of its best anti-ransomware protections with Windows 10 E5 licenses (Microsoft’s most expensive). I’m hoping some of these features will move to other, less-expensive tiers, as we all need some of these protections. Until then, the best way to protect yourself is to not blindly click on files and do not enter passwords on websites unless you are certain you know they’re safe.
For typical users, I recommend a more measured means of getting updates. For the base version of Windows 10, I recommend two actions to avoid inadvertent updates. First, select Start>Settings>Network & Internet, and then Wi-Fi or Ethernet (depending on how you connect to the internet). Next, click Manage known networks, select the network you use, choose Properties and turn on “Set as metered connection.” This tricks the computer into thinking your Internet bandwidth is limited, meaning it will only download patches that you approve.
The second action is to pick a deferral date later than May 11. Click on Start>Settings>Update & Security>Advanced Options. Pick a date far enough in the future to give you comfort.
I also recommend you review the installation settings for the Edge browser. Now that Microsoft has released the Chrome-based Edge, it receives updates independently from Windows 10. Thus, you’ll want to click on the three dots on the upper right of a browser windows, then on Settings, then on “About Microsoft Edge.” Review your settings for Edge updates and ensure it will update over a metered connection, even if you are using Wi-Fi or wired connections.
There’s a more measured way to receive Office click-to-run updates, as well. Recently, Office users on the monthly release schedule were hit by a bug where Version 2104 (Build 13929.20296) from April 29 that causes the “To:” field autocomplete dropdown to go up off screen instead of down. Not everyone was impacted and the theory is that it depends on screen resolution and text scaling. You can follow this guidance from Diane Poremsky to roll yourself back to a version that doesn’t have this problem. Going forward, I suggest moving to the semi-annual channel; you won’t have the nearly weekly changes to Office and should have fewer unpleasant Office surprises.
Remember, we’re close to the full release of Windows 10 21H1. By now, you know I’m a fan of delaying Windows 10 feature releases so I recommend using the TargetedFeatureRelease process to enter a registry key that will defer the Windows 10 releases until you are ready. You can download it here. Once installed, it will keep your machine on 20H2.
Finally, starting with the May releases, Windows 10 gets a new feature that will be slowly rolling out: “News and Interests,” which will appear on the taskbar. Microsoft is taking a measured approach starting with the April 2021 Cumulative Update Preview for Windows 10, with broad availability occurring in phases. Devices running Windows 10 1909 (and later) that have installed the May 2021 Windows monthly update (or later) will be included in this phased rollout. To block this, you can follow this Tenforums post to use a local group policy or download the provided registry keys if you don’t want changes to your taskbar.