Report: Forced Windows 10 version 1709 upgrades that bypass Windows Update
Reports are coming in that Windows 10 systems running an earlier feature version of the operating system are upgraded to Windows 10 version 1709 forcefully in some circumstances.
The issue seems to be related to KB4023814, "Some versions of Windows 10 display a notification to install the latest version", which Microsoft updated on March 5, 2018 the last time.
Update: Microsoft added note to the KB article that confirms that the issue existed and has been fixed as of March 8.
Microsoft is aware that this notification was incorrectly delivered to some Windows 10 Version 1703 devices that had a user-defined feature update deferral period configured. Microsoft mitigated this issue on March 8, 2018.
Users who were affected by this issue and who upgraded to Windows 10 Version 1709 can revert to an earlier version within 10 days of the upgrade. To do this, open Settings > Update & Security > Recovery, and then select Get started under Go back to the previous version of windows 10.
It informs customers that notifications may be displayed on devices that run older versions of Windows 10 that state that the devices need to be updated to "have the latest security updates installed".
If you're currently running Windows 10 Version 1507, Version 1511, Version 1607 or Version 1703, you can expect to receive a notification that states that your device has to have the latest security updates installed. Windows Update will then try to update your device.
Microsoft reveals furthermore that only the latest version of Windows 10 offers protection from the latest threats.
Windows 10 version 1607 and version 1703 are not yet at "end of service." However, they must be updated to the latest versions of Windows 10 to ensure protection from the latest security threats.
It is unclear what Microsoft means by that. Won't it provide (some) security updates for Windows 10 version 1607 or 1703 despite the fact that these versions are still supported? Or is it merely a reminder that Windows 10 version 1709 includes additional protective features that previous versions don't include?
The former would invalidate Microsoft supporting any version of Windows 10 for 18 months while the latter would pose the question why Microsoft enforces upgrades to the new version of Windows 10.
Windows 10 version 1607 reaches end of support in April 2018, Windows 10 version 1703 in October 2018.
The reports indicate that Microsoft ignores user update settings and even installs the update on devices on which Windows Update is turned off.
If Windows Update is turned off, Microsoft uses the Update Assistant to deliver the update.
Woody suggests that the forced upgrades have something to do with the Diagnostic Data level setting of the system. Microsoft collects Telemetry on all consumer versions of Windows 10.
Tip: The next version of Windows 10, version 1803, includes options to view the Telemetry data.
If it is set to 0 (Security), an Enterprise-only value, update policies have no effect. This is confirmed on the Microsoft Docs website for Windows Update for Business clients.
For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to 1 (Basic) or higher. If it is set to 0 (Security), Windows Update for Business policies will have no effect.
Windows 10 users should check the Telemetry level in the Windows Registry if they are unsure what it is set to:
- Tap on the Windows-key, type regedit.exe, and hit the Enter-key. This opens the Windows Registry Editor.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
- Check the AllowTelemetry value. If Data is set to 0, the Diagnostic Data level is set to Security.
You may roll back to a previous version using Settings > Update & Security > Recovery, or restore a backup image if you have one. Note that the Recovery option is only available if you have not run Disk Cleanup yet to remove old Windows installation files from the device.
It happened to my workstation with Windows 10 Enterprise 1703.
Hapend to me before and anti-virus stopped working. I have the whole company on Windows 10 enterprise LTSB now jsut because of this shit.
Install open source Simplewall and Enable Filtering in Whitelist Mode, it will prevent Windows 10 from making unauthorized connections to Microsoft servers. Windows 10 will be forced to ask your permission to access the internet.
I was able to observe such unwanted update, and after killing all tasks/services connected to microsoft update servers, it started to download a lot of data from different, generic servers (IP lookout showed it was owned by Akamai). After that, Update Assistant locked me off, saying I need “system privileges” to kill it (I had to crash it by disabling dependant services). After the update, I found out it left more than Update Assistant.
It left three suspicious things behind (they seems to be independent on each other – triple redundancy). Update Assistant, remsh.exe with some scheduled tasks (resurrecting other update repairng tasks) and OS Remediation System Service, “A lightweight service for understanding and remediating OS update issues”. Windows Update service was disabled all the time. One would say it’s specifically designed to baypass update disablers.
MS has no problem resetting tasks and services admin modified, deleted or disabled. It’s only matter of time they will add feature to disable firewall services as well in order to update.
windows_update_toggle.bat – https://pastebin.com/gNsLEWJe
Conveniently toggle Windows Update on/off from the new Desktop right-click context menu entry (status
is written right next to entry). While Windows Update is disabled, Installing apps from the Store works!
And so does Defender internal check for definitions (more reliable after March Cumulative).
It’s a given user has the responsibility to check for updates manually / re-enable automatic updates at a
later time, so please don’t spam about how this might be a bad idea in your view. This is about having a
choice as a power user (that Microsoft has taken away) for fringe cases where automated forced update
fails in a loop / incompatibility arises / simply user choice to not update at the moment .
windows_update_notification_only_toggle.bat – https://pastebin.com/4tPPDWtc
Notification-only subset to block just the annoying notifications and reboot tasks, leaving update function enabled.
*To undo changes and resume windows update / notification, simply run the respective script again.*
Preview – https://i.imgur.com/06bIiWf.gif
And people keep complaining about Apple. At least I can disable updates completely in macOS, and this setting has always been honored so far. I decide what updates are applied. This doesnâ€˜t seem to be true for Windows anymore. Good thing it is banished to Parallels Desktop here.
Appster, perhaps Win 10 should be banished to a Parallel Universe ??
@Appster: I just lost two hours of work time because I had to reboot my Win 10 machine and an update was waiting to be installed.
That’s just one of the reasons that I think Win 10 is perhaps the most infuriating version of Windows in the history of Windows.
@Gary D and John Fenderson:
I used to be a huge Microsoft fan in the past, up to and including Windows 8. I owned a PC, an Xbox One, and Office. So basically a whole range of things they offer. Except the phones, I used an iPhone for that purpose. Guess what? Only the Xbox One and Office (now for Mac) are still being used daily! The much cursed Windows 8(.1) could still be made into a decent operating system once Classic Shell was installed… How am I supposed to do that with Windows 10? Their spyware features are literally everywhere, their forced updates are unacceptable.
Hence why I jumped ship in 2015 and bought a Mac. At least Apple still gives me the option to disable updates. In Windows 10’s case, it’s hard to grasp that the PC would restart unexpectedly amidst of your work. Yes, security updates should be applied, but not when I am creating a document or revising business data at the moment. In my humble opinion, the person at Microsoft responsible for that decision should be sacked immediately. I am sorry to hear what happened to you, John Fenderson. The Microsoft policies are truly the worst.
Not even the Pro version of Windows can disable those updates, just the Enterprise one. And as comment #1 suggests, they also sneaked this update in on Enterprise versions! This is ridiculously daring. Who do they think they are? The customers should vote with their wallet at this point, but I know that some just can’t (even if they would like to), as some software they might need is Windows-only.
I solved the problem by installing Windows 10 as a Parallels Desktop VM on my Mac, for a single Windows-only program I still need. As a VM, Windows 10 can do no harm to the documents I store with macOS. In order to stop the updates, I usually turn off the WiFi connection for the VM entirely. This way I can get the job done without Windows 10 acting up on me. Once or twice a year (the VM is not the host OS, mind you) I apply the updates that are available, before turning the WiFi connection off again. This method should be bullet-proof. Still, it’s sad that those measures have become a necessity these days.
I would never use Windows 10 as the natively installed, main OS on any machine. The risk that it breaks documents via unexpectedly updating itself is far too high for my liking.
I should have known that Microsoft is in a bad state when they introduced things like Office 365. Never mind, my former PC will remain at Windows 8.1 as long as this OS is still supported, and will then be put to rest considering its age. The Mac is now my main machine. Should Office 365 become the only option for acquiring Office, then hello LibreOffice.
I just got an attempt to “update and upgrade” Microsoft Office 2013 to something called MYOFFICE, a thinly veiled attempt to force me onto Office 365. With all of this Creators update crap going on and now this, I think I am switching to Zorin for good. I have an Older Lubuntu, LXLE and a Zorin OS running on my old hardware just fine and using Libre Office is not a hardship. I am getting ready to drop my Windows 7 laptop to Zorin and this Windows 10 desktop is not far behind. Be not afraid of Linux for it is just an Operating System.
This may create a whole new level of headache for rural people in the US that have slow DSL. Many are moving to Macs and Chromebooks because of Microsoft’s apparent disdain for the “common folks” using 10 Home and Pro.
DSL? I’m sure these rural people have more problems than a Windows 10 auto upgrade. Can you image how long it would take to download?
Sir Pixelot: It takes about three days. So, an installation failure becomes a nightmare, while the downloading itself slows the computer to a crawl when checking email or doing anything online.
Probably few days.
Maybe this is Microsoft’s way of indirectly telling people to switch to Linux.
Yet sadly, most of them won’t…
I don’t run Windows at home. But I have to at work.
You can always use Windows at work by installing Windows inside VirtualBox on Linux.
Well, maybe. I’d have to come up with a solid business case for making an exception to the configuration of my work machine.
Recent research by me shows none of linux is yet up to the tasks I require. (jan 2019) I will never own another primitive overpriced apple product either. My solution sadly means a new machine never to connect on line next to another that does. F#@k you micros#!t
Each one of these in-place build updates comes with significant down-time. It’s not like patching a Debian or Ubuntu machine, where you can continue working (or gaming) while it does it’s thing and then you’re good to go. On Linux, there’s no long delay during subsequent shut down or start-up, either.
Got this on a freshly bought laptop. Caused 100% CPU and HDD usage, failed twice in a row and finally installed the third time it tried. Wouldn’t go away, despite there being 2 buttons one for allowing the upgrade and one for postponing it IIRC. The person I helped chose the laptop was not to pleased to say the least. What is worse, the 100% HDD usage and ~20% of CPU usage persisted for over 8 hour later as windows was installing updates with no option to stop them without risking file corruption on the home version.
They are doing a great job encouraging people to switch to Linux.
I wouldn’t wish the Home version on my worst enemy. Updates on it are mandatory.
They can certainly shove windows 10 up their *** now that they’re removing/changing whatever they want!!!!!!!! ðŸ™„
Good. This will keep idiot people from getting some virus… mostly. I can have my mind at peace knowing my chances of not getting asked to help with xyz problems have increased.
“I can have my mind at peace knowing my chances of not getting asked to help with xyz problems have increased.”
You are really a miserable misanthrope. Just hope and pray that YOU don’t get a virus infection.
On second thoughts, I hope that you do get a virus and all the “idiot people” give you the middle finger.:)
this. 100% this. Spoken like a person with data in hand.
Why do you care? If people ask you for help and you don’t want to give it, you can always say no.
You won’t get Malware…you are already using Malware. Windows Spy 10!
Windows update has been ‘rejecting’ my portable device for ages stating the processor is incompatible with 1709. Irrespective, it installed the “Thank you for…” nag screen. The nag screen appears after sleep, after restart and sometimes during work. Twice is has hogged focus leaving me unable to do anything with programs under the window (not even Ctrl/Alt/Esc). Effectively, this forced a hard restart.
I put my machines issues down to incompetent programmers. Microsoft no longer supporting 1703 users who cannot upgrade after all those urges to switch is a major betrayal of trust. Microsoft has lost whatever edge it may have had. The machine is still doing what I want but I was thinking about replacing both high spec Win7 desktop and portable to simplify my life. Eighteen months ago I was contemplating Surface as a way forward when the time came. Now I’m considering the major time investment to learn iMac and unlearn what I know of Windows from Win 3 onwards.
can confirm, had a VM with windows updates disabled, which i just use for a single application. Suddendly it enabled windows update, started downloading stuff (using my data cap), and started the windows upgrade advisor, all automatically without user intervention
This happened yesterday.
You should install Simplewall on your Windows 10 VM. Enable Filtering with Whitelist mode. It would stop Windows 10 from downloading stuff cuz Windows 10 would be forced to ask your permission to access the internet with Simplewall.
Yet more incentive not to upgrade to W10. It’s a clusterfuck from the get go.
I don’t understand the problem. Everyone is collecting data about you.
I prefer windows to Android or iOS. The former is a total clusterfuck and the latter is the biggest control freak ever seen.
When it come down to spending money online, which OS do you trust the most?
“When it come down to spending money online, which OS do you trust the most?”
I second that. Linux. There is no other mainstream OS that I actually have an amount of trust in.
@Dave: “Everyone is collecting data about you.”
While, sadly, that is common, it’s not true that everyone is collecting data about you — at least not in the OS space. There are still non-spying options, and many options where the spying can be disabled. I believe that Windows is the only one that actually forces you to be spied on whether or not you’re OK with it.
Oh, “everyone is doing it, so that means it’s okay”, right? You fucking imbecile. And haven’t you JUST been proven wrong about iOS, by the way? Windows is BYPASSING ITS OWN SOFTWARE to force you to install updates. You’re just whining about “not” having the level of customization you want in iOS.
I thank my lucky stars that I have a super old install of Windows 10 on which I have SOMEHOW managed to block all updates and all connections to Microsoft servers. Even these new updates aren’t affecting me. The worst part is that I forget how I did it, so I can’t help anyone else do what I’ve done.
“I can have my mind at peace knowing my chances of not getting asked to help with xyz problems have increased.”
Then again, you can bet you will eventually be asked to repair a broken OS. As it happened to me in all 6 business desktops running Windows 10, that got the Inaccessible Boot Device error after updating. Re-installing everything in two of them, spent hours and hours trying to resolve the damn thing in the rest.
Much of an improvement!
Maybe “updated to have the latest security updates installed” means that the latest version, security-wise, has more to do with Redmonds own interpretation of antivirus rather than the OS as a whole..? They have a point, unless you use a real antivirus program. You know, one that actually works, doesn’t slow down your computer and doesn’t brag about itself while scoring abysmally low in every AV test since forever. I am no programmer, but I would assume that a built-in antivirus/security solution baked deep deep inside an OS would have the upper hand performance-wise over any third party antivirus. This is not the case with Windows 10. Using a top of the line million dollar supermonster computer you will not notice it, but use a low end 300 dollar laptop and switch to another antivirus, the craptop is all of a sudden usable. I guess Redmond baked their security so deep no one there knows how to trim/slim it down anymore. So instead we get 4D paint, more Candy Crush and soon your blind dog can communicate with Cortana via bluetooth. I would like to see Redmond rethink their strategy of world domination, we don’t need 2 bad OS upgrades per year, I could settle for one good upgrade every 4-5 years.
I never understood Windows 10 from a user perspective. Microsoft clearly doesn’t care about anything but getting every Windows user on the same OS version. Forcing crappy apps on your device no matter if you want them or not. Basically these app developers pay Microsoft to push this stuff out to every device. Then you have the rigid update process which gives most users very little option in controlling updates or upgrades. Frankly other then a bit more stability what has Windows 10 done since 1511? Just added more crap I could care less about, and have seen more failed and broken attempts at keeping Windows 10 working and secure. Much of what we complained about Firefox rapid release platform, goes deeper in Windows 10 as a service. Its a broken mess, moving too fast to fix what’s broken and introducing more stuff that takes up space and does little to stabilize the OS. If I was in enterprise Windows 10 would be the last OS I would embrace for the future.
This is the way to remove the changes done by 23814 , it’s a very trojan way to force updates but its very easily removed.
Wait till they force one of those PCs which can’t go above 1607 and they start to BSoD, lol. How can any one sane claim that this is a good practice? I think they just don’t know how to use a PC, they require babysitting, and refuse to even believe the capable ones who are able to properly use a PC.
It’s come down to a one size fits all approach. It’s a Windows version of Chrome OS where its automatically updated, upgraded, and dummy proof. Windows 10S mode will take that a step further preventing you from installing bad software unless Microsoft approves and places it in their app store. I’ve used Windows since 3.11 and this approach does rub me the wrong way simply because Windows to me has always been the most flexible OS. So once you start taking that away from me Microsoft I begin to wonder if I really need Windows anymore?
“… where its automatically updated, upgraded, and dummy proof.”
It’s a pity W10 isn’t “MS proof”. :(
I have concluded that my Windows 10 PC is not my own anymore. I must have missed something in the EULA that completely turned over control to Microsoft. I get apps I never wanted, updates I cannot stop installing and upgrades I cannot decline to install. I cannot just stay with what works for me. But I must accept whatever Microsoft deems appropriate. Other then Chrome OS I know of no other OS that forces version upgrades onto a device. Even Apple gives you a choice. I personally do not think its good PR to do such upgrades and it could also significantly damage a system not capable of accepting the upgrade. I must say, I am digging deep these days to find a good reason to stick with Windows.
Is anyone surprised? This is from the same people who reversed years of convention with the “X button” deception.
You’re right. https://www.youtube.com/watch?v=DChm2CpWr0U
“Users were rejecting the offer, but it was about to expire, so we just did it anyway.” That’s literally the excuse they gave in the video.
The enterprise (the bigly ones) could issue a protest with Microsoft over this, but overall they will not. The top brass in bigly usually keeps a light year’s distance from IT because they do not understand or want to understand their mandate. In essence, they are an expense, not an asset. Microsoft have the ability of convincing bigly executives that issues with IT are always internal.
Microsoft maintains that windows updates are a service, and it appears that some updates (like this one) can be elevated to an ‘essential service’. Compare that to how the government regards essential services. Essential services will persist and resistance will not be tolerated.
Windows 10 is an interesting experiment. It is a rat in a maze.
Here’s an effective, convenient solution:
windows_update_toggle.bat – https://pastebin.com/gNsLEWJe
Just run the script again to block or enable update notifications and diag
So far, I haven’t seen this blocker reverted by Windows – it actually passes any update troubleshooter since services are not blocked.
Those who set AllowTelemetry to 0 without WSUS are stupid.
Change the account that the update service runs to guest and it will not run anymore. Works like a charm
I stuck with W7. Updates are disabled and the service, with it. Firewall set to block everything Windoze.
WSUS Offline Update, when I can be arsed (Which is very, very rarely).
No W10! :)
If Micro$oft want to fuck their business, let them! What do I care, since W10 (Which proved that they can’t even count) is such a pile of donkey poo?
I know what Windows 10 is. I never used nor seen Linux, I use a “version” of Linux and on the Linux chat sites no one can agree on what is the best “version” of Linux to use. Most canned software requires Windows to run their software and they wright it to require you to load updates. Yes loading updates are not fun, but they are like taxes, you have to take care of them.
Windows 10 1507 fixes all that and Microsoft complain but cannot update its all the unmovable files. I run two 1507, 1803 and 1903 with success I’m still fixing office debacle office 2010, 2013, and 2016. Simple fix although Microsoft keeps trying. Happy computing all.