Patch Tuesday: The rules of updating Windows (and Microsoft apps)

Patch Tuesday week is that time of the month when I get verklempt, — excited,and in a tizzy over the release of this month’s raft of security updates. Will we get fixes for remote code execution attacks? Fixes for privilege escalations? Will we get…? Oh, you don’t get verklempt, excited, and in a tizzy? You actually dread Patch Tuesday?

Let me help you out. When you install updates from Microsoft there are some fundamental rules to keep in mind.

First, when patching you should never ever lose data. Several years ago, when Microsoft rolled out the feature release version of Windows 10 1809, some users reported losing files and folders during the process. The problem caused Microsoft to pause the feature update to investigate what was triggering the issue. As it turned out, the root cause was not the update — it was the timing and rollout of a feature in One Drive. As Microsoft noted in a blog post at the time, the culprits involved three different scenarios with Onedrive — in particular, a setting called known-folder redirection. Although the issues were not widespread, the damage and loss of trust in the Windows update process was immense; even now, users remember that issue when updates arrive. Microsoft revised the 1809 release to deal with the problem and loss of data did not recur afterwards.

I’ve also seen “race condition” issues that trigger what appears to be a loss of data, when it’s really not. This happens after an update is installed and, upon reboot, your user profile folders are locked; that leads the machine to boot into a temporary user profile, effectively hiding normal user files. For many of these machines, a second reboot allows the locked files to be accessed again and the system now boots normally. (Browsing the user directory while the system is in a temporary user condition allows you to see that your files are still there.)

The ultimate resolution for this problem? Review third-party software to figure out what’s triggering the issue. Often, multiple security tools are the culprits; paring down to just one often helps clear up the problem.

One thing to remember about how Microsoft handles updates: It has to make patching decisions for Windows in a very different way than Apple. The Apple ecosystem is vastly smaller in comparison and has fewer legacy hardware and apps. Many Windows users and businesses think nothing of keeping printers and software for years — assuming it will all work. Testing for patching side effects has never been Microsoft’s strength, and even as it moves toward telemetry as a way to gain feedback, users are still forced to be reactionary when it comes to patches.

What’s a proactive patcher to do?

Microsoft always urges users to patch immediately once Patch Tuesday updates are released. I urge a more measured approach; the risk of side effects is not zero. (Conversely, the risk of doing nothing isn’t completely zero either.) Figuring out when one outweighs the other, therein lies the rub.

So what can users do to ensure that their PCs survive the next week?

First, treat Patch Tuesday week as if it were any other computer such as a ransomware attack, a dead hard drive, or some other catastrophe. What’s the recovery plan? Got a backup from which to restore data? When was that recovery plan last tested?

If the answer to any of these questions is, “I don’t know,” Patch Tuesday isn’t your worst concern. Having a backup is key to navigating Patch Tuesday week safely. With a backup, you ensure you can roll back and recover from any sort of update issue. Microsoft assumes users all store documents on one drive and can reinstall Windows at the drop of a hat; I prefer to use third-party backup software that provides for a full restoration of the operating system.

Next, keep your machine prepped for updating and take a cue from Apple users. There comes a time when you have to let older things go. I can point to issues I’ve caused on my own machines by trying to keep older versions of software running past its prime. I have a rule I call “keeping the kids on the playground the same age.” As much as I can, I try to keep the software and hardware roughly in sync. I don’t try to install an outdated QuickBooks 2007 on Windows 10, nor do I try to install QuickBooks 2021 on Windows 7. PDF software should be updated to match the operating system, as should printers and scanners.

So as we move into June’s patching week, you can best prepare for patching by ensuring you’re also  prepared for ransomware, viruses, loss of hard drives, motherboard failures, and any number of issues, including Patch Tuesday side effects.

Make sure to have a tested backup close by. Then, and only then, are you truly ready for Patch Tuesday.