Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Patch Tuesday: Caution for Windows 11 Users

May 10, 2023

Once a month we go through the drill. Patch Tuesday is when Microsoft releases a package of updates. Bleeping Computer reports that the May 2023 Patch Tuesday fixes 38 flaws and three zero-day vulnerabilities. That means you should be updating your systems as soon as you can to help fix any discovered vulnerabilities. However, Paul Thurrott has a post identifying a new “feature” for Windows 11 users that you may want to disable.

Microsoft stated that “This update adds a new toggle control on the Settings > Windows Update page. When you turn it on, we will prioritize your device to get the latest non-security updates and enhancements when they are available for your device. For managed devices, the toggle is disabled by default.” Sound like good enhancement? Not so fast. As Paul warns, “Microsoft is using a technology called Controlled Feature Rollout (CFR) to push non-tested new features to mainstream users in Windows 11 stable. It is skipping the Windows Insider Program and using its normal customers as guinea pigs. And it’s secretly been doing so for months: the Search pill that mysteriously started appearing on some Windows 11 PCs last November was an early probe in this campaign.”

“The problem is that Microsoft is introducing new, untested features into stable when it has a formal process for testing them first in the Windows Insider Program. Rushing something to market may be required in some cases—like a security issue—but there’s no justifiable reason to introduce potentially unstable code into Windows before it’s been broadly tested by the people who agreed to do that testing in the first place. But even those who do opt-in to CFRs via the new toggle aren’t doing that: Microsoft does not explain clearly what that toggle does.”

Hmm. Sounds like you need to jump over to Settings > Windows Update and make sure the toggle is turned off.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology