What really happens if you don’t install Microsoft updates

What really happens if you don't install Microsoft updates

On the second Tuesday of every month Microsoft releases a series of security updates for Windows and its other software. They are otherwise called qualitative updates because they are patch which improve the quality of the software, making it more robust and removing any gaps that could be exploited to conduct a real cyber attack.

In the default configuration of Windows 10 e Windows 11, the operating system downloads and installs security updates monthly from Microsoft servers. This often interferes with the work you are doing with your device and takes up network bandwidth. On the other hand, Microsoft has been focusing on the distribution of for years cumulative updates.

The latter are “all-encompassing” packages that contain not only the patches released in the current month, but also the previous ones. There is no need to install each patch separately because everything boils down to applying a single (large) update. We say “full-bodied” because, depending on the Windows operating system, a cumulative update can weigh from 700 MB to over 1 GB. Just take a look at the Microsoft Update Catalog page to realize this. THE Dynamic Cumulative Update they are a story in themselves and concern the Windows installation procedure: we talked about it in a dedicated article.

Microsoft looks at lighter updates but monthly patches remain an onerous burden

Of course, Microsoft has invented various “gabbles” to make the lighter updates or in any case more easily manageable: think of the introduction of Unified Update Platform (UUP) and the possibility of receiving i update packages from local systemsconnected to the same network, rather than tapping into remote Microsoft servers.

Try typing simply recapito in the Windows search box and choose Windows Update delivery settings in Windows 10 oppure Delivery optimization settings: Allow downloads from other PCs on Windows 11. In both cases you will find the option that allows you to receive updates of security already downloaded from the other systems connected on the LAN instead of referring to the Microsoft servers (with the possibility of installing them more quickly and without consuming bandwidth on the Internet).

Microsoft updates to be installed on the local network

Installing Microsoft updates uses system resources

The download process and installing Microsoft patches carried out on a monthly basis, it is however burdensome and can use system resources (processor, RAM, disk) significantly, subsequently requiring a restart of the machine. Everything can be verified with the help of the Task Manager which highlights relevant activity by the processes connected with the operation of Windows Update.

If for a private user it is a procedure that is, all things considered, sustainable, who administers it workstation and systems based on Windows Server may find it inappropriate to restart each system at least once a month.

Applying updates almost always requires a system reboot

Yes because for the cars mission-critical, used in production, which provide services in real time, a restart of a few minutes can still represent a problem. In larger realities, a scheme based on load balancing allows you to divert requests to “online” machines, temporarily making up for the lack of systems being rebooted for the application of Microsoft updates. In the case of smaller businesses, however, the downtime of a group of machines for a few minutes could be felt and be more complex to deal with.

A suggestion for Microsoft: focus onhotpatching proposing it to a wide audience of users

For this reason, for years, we have been hoping for the large-scale activation of mechanisms by Microsoft hotpatching that is, they allow you to install Windows security updates without restarting the machine. It’s not a chimera: companies like 0patch have shown that it can be done.

Rather than forcing users to reboot every single system after applying fix updates, they can apply them patch in-memory: they act in memory and protect the system without requiring a change at the file system level (in any case applied after the next reboot, in the case of Microsoft).

Unfortunately the company led by Satya Nadella is looking athotpatching only for a limited number of server configurations: we hope that the same approach can soon arrive on workstations and on a larger number of systems (at least on the Pro, Enterprise and Education editions of Windows…).

The consequences of failing to install Microsoft updates

No, if you neglect to install Microsoft updates for a month or if you deliberately postpone applying them to avoid a system reboot, you will not suffer an attack and the system in use – generally – will not immediately be at risk . Apart from a few, however rare, exceptions.

However, it is good to do some important things straight away I distinguish. Every user must be well aware of the attack surface regarding your systems. If you administer a server that exposes a number of open communications ports on thepublic IP addresson the Internet, it is essential to immediately or promptly install Microsoft updates that correct any problems that can be exploited remotely.

Protection of machines that expose one or more ports on the public IP

Let’s take some examples: if you administer a Web server, if the machine is running a remote desktop server, an instance of Microsoft Exchange, obviously you will have to take care to download and install the patch Microsoft which put an end to vulnerabilities discovered in IIS, in the implementation of RDP, in Exchange Server… We talk about it in the article which talks about how to protect a server so as not to be remotely attacked.

In any case, on the WAN port you must never, for any reason, expose communication ports that are not strictly necessary for establishing remote connections.

Our advice is to examine, month by month, the patches released by Microsoft and ascertain how any failure to apply them can impact (negatively) your systems. Above all for the benefit of systems administrators Windows Server, for specific security problems, the Redmond company releases updates Security only. It’s about small packages which allow you to resolve the individual security vulnerability, with the possibility of postponing the application of an entire cumulative update to a later date.

We’ll reveal a trick: connect to the page February 2024 Security Updates. Here you will find the complete list of security updates for the month (in this case, February 2024). If edited in the URL bar 2024-feb con 2024-mar, 2024-apr, 2024-may and so on, you will find – as soon as they are available – the patches for the following months. The page allows you to study the updates distributed by Microsoft every month and allows you to find references to any lightweight packages (Security only) for the specific version and edition of Windows you are using.

Installing Microsoft patches on workstations and devices connected to the local network

If, on the other hand, you were using a system or workstation connected to the local network, behind a router equipped with firewall SPI (stateful packet inspection) integrated and in one LAN “nattata” (even if the NAT, network address translation cannot be considered a real security measure), it is understood that the risks are more limited because none of the device ports are exposed to the Internet (unless port forwarding or UPnP is activated).

In these cases, user side consumer or professional who does not use machines exposed on the Internet, installing patches for applications such as Office, Microsoft 365for the browsers used, for the messaging clients (such as Outlook) and so on. The risk is in fact that some vulnerability remedied during one of Microsoft’s monthly Patch Tuesdays, which recently turned 20 years old, could be exploited by an attacker or cyber criminal. As? By sending an email or document…

Leave a Reply

Your email address will not be published. Required fields are marked *