[German]Once again I pick up an unpleasant topic here. It's about the fact that Microsoft is now releasing monthly preview updates for their .NET frameworks to fix the numerous vulnerabilities and bugs in the stuff. But these optional preview updates are installed by force if the user is not careful enough.
Credo: Previews are optional updates
While up to Windows 8.1 you still have control over updates, with Windows 10 Microsoft has taken control of the update installation. Because with Windows 10, Microsoft decides which updates are rolled out and when. Users of unmanaged systems such as Windows 10 Home (or Windows 10 Pro without WSUS, SCCN or Windows Update for Business) then have no way to block updates – security updates are always installed promptly in all Windows 10 versions. There is only the possibility to suspend the update installation for a few days.
In 2016 there was an interview with Brad Anderson, Corporate Vice President of Enterprise Client and Mobility at Microsoft, which also dealt with the installation of updates in Windows. His tenor: Users should no longer release individual updates, but rather have all updates downloaded and installed, as offered by the Microsoft update servers. His argumentation: The protection of the systems has become quite complex and Microsoft can take over the updating. It would be a change in the update culture, but he is optimistic that this will work. I had covered this interview within my German blog post Anwender: Überlasst Microsoft die Verwaltung der Updates …
However, Microsoft also had the credo: Preview updates are actually always optional and should only be installed if the user explicitly wants that. In Windows 10, Microsoft had also created a nice mechanism that allowed the user to control whether an optional update was installed. Optional updates are displayed in a separate group when searching for updates and must be explicitly triggered via a download and installation link.
NET Framework Preview updates are installed unsolicited
There were already indications in July 2020 that .NET Framework Preview updates would be installed without being asked. Ex-MVP colleague and blog reader Olaf had contacted me and told me about the observation of unintentionally installed .NET Framework Preview updates. He wrote:
On several customer systems with Windows 10 1909 and a Windows Server 2019, I now had the .NET Framework Preview update installed just like that, after I checked for updates from Microsoft in the settings. It is especially fatal that this also happens with Windows Server 2019. It is the update KB4567327 from July 21, 2020, which Microsoft only recommends to install here.
I had discussed this in the article Windows 10 installs .NET Framwork Preview Update KB4562902 withouth user consent (was confirmed by other users) and hoped for a bug that would be fixed quickly. Especially as some users reported that the preview update was not installed automatically. In the blog post Windows 10: User control of Windows Update – some inconsistencies? from August 2020 I showed the following screenshot:
There the dilemma becomes immediately clear when searching for updates: The optional cumulative update KB4566116 must be explicitly triggered by a link to download and install. But in the above dialog box there are also two updates where the user can only click the download button to trigger the download and installation. However, one entry is a preview update for .NET Framework 3.5 and 4.8, so if the user wants to install the updates, he has no choice but to have the other offered updates installed as well.
In the German blog post .NET Framework Preview Updates (16. Sept. 2020) from September 2020, blog reader Martin takes up the issue again in this comment from November 3, 2020 and writes
Tested from yesterday to today – maybe somebody is interested: If you click on "Check for updates" and "Continue updates" if they were paused, I will be happy with the current preview (KB4580419). You can also use "wushowhide.diagcab" to see that it is "in the starting blocks".
If I don't trigger an update, i.e. wait the 17-22 hours until the automatic search, I get the last CU (KB4578968) installed.
What is installed during a "natural" update pause, I have not tested now.
Martin then refers to this Computerworld article by Woody Leonhard, which discusses the different update variants.
- There Woody writes that on a computer with Windows 10 version 1909 with an update pause by clicking on Resume Updates the .NET Framework Preview Update was installed automatically, no matter if the user wanted it or not. .
- On a machine with Windows 10 version 1909 without set update pause the .NET Preview update appears in the list of updates when using the tool "Wushowhide". This allows users to manually block the installation of the .NET Framework Preview updates (if the trick is known, see How to block Windows 10 updates).
Woody also wrote: When the Check for Updates button is clicked in Windows Update, the preview update is installed and the user can't do anything. So this is exactly the behavior of Windows 10, which we know from the beginning. Blog reader Martin writes about it:
What a mess… one has the feeling it is getting worse and worse. Is it the same for others, or am I just getting too old for this?
Everything becomes more complex, arbitrary, overloaded, opaque, not documented at all or badly documented…
As sad and sad as it is, with regard to your own mental hygiene, it will probably make more sense in the medium term if you don't want to understand/understand/question so much, but just let Stumpf keep the stuff going somehow.
It's not just Martin – Windows 10 users are simply guinea pigs unless an administrator in a managed environment blocks updates in WSUS & Co. And that brings us to one of the reasons why I don't switching to such a messed up product.
Cookies helps to fund this blog: Cookie settings
There are reports of this on answers.microsoft.com as well.