TheaterFire

Disable critical updates

Posted by jesuiscanard@reddit | sysadmin | View on Reddit | 26 comments

Found some PCs in part of an acquisition. They all had critical updates turned off. Any idea on the reasons for disabling this?

Reply to Post

26 Comments

BlackV@reddit

Why does it matter, surely you'd be reimagining them?
View on Reddit #18128926

jesuiscanard@reddit (OP)

Yes. Reset after swiping any useful data off them. If the data is at risk of compromise and/or malware, then either the data is not worth as much and/or our data becomes at risk.
View on Reddit #18133071

BlackV@reddit

You don't need the machine on for that, hard drives are movable, or take an image and mount it in a vm
View on Reddit #18138716

jesuiscanard@reddit (OP)

Live usb stick can also look through it
View on Reddit #18142545

BlackV@reddit

oh yeah also valid point, I dint really use usb these days
View on Reddit #18170440

jesuiscanard@reddit (OP)

Often a quicker way than taking things apart. Because the internal drives aren't mounted, you can do recovery and data copies.
View on Reddit #18204078

signed-@reddit

WSUS? WUfB?
View on Reddit #18065275

jesuiscanard@reddit (OP)

The latter, it looks like. Administrative policy by the old MSP.
View on Reddit #18065644

Key_Way_2537@reddit

Then very likely because the RMM was handling it.
View on Reddit #18067599

Technical-Message615@reddit

Second this. We have an RMM that turns off WU by policy and handles the updates. Regardless, it should be reported as part of the pre-acquisition discovery.
View on Reddit #18080055

Realpain84@reddit

<<< They all had critical updates turned off backdoor is up and running? ¯\\\_(ツ)\_/¯
View on Reddit #18066084

jesuiscanard@reddit (OP)

The RMM tool looks suspicious
View on Reddit #18066172

Realpain84@reddit

netstat -a and please active at least sec updates, those pcs might be part of botnet *duck & cover*
View on Reddit #18067834

jesuiscanard@reddit (OP)

No network. Reset PC and reset bios.
View on Reddit #18068098

azardo@reddit

They're afraid of WU breaking stuff. But its worse let security flaws available in my opinion. If they use WSUS, they can wait few days before apply the updates (I think its the best way to deal with it) You can block the upgragre to windows 11 by GPO if you want it.
View on Reddit #18067275

jesuiscanard@reddit (OP)

And why the down vote? I didn't disable the updates
View on Reddit #18066797

Bont_Tarentaal@reddit

If Win10 PC's then most probably to stop Win11 from installing. Also to prevent updates from breaking working stuff.
View on Reddit #18066477

jesuiscanard@reddit (OP)

Used to run only Sage. But people seem to hate windows 11
View on Reddit #18066629

autogyrophilia@reddit

\- Alternative update delivery systems (RMM). \- Incompetence at managing updates. Those are your two choices.
View on Reddit #18065852

jesuiscanard@reddit (OP)

Last update was 2021. Company taken in June 22 and powered down since then
View on Reddit #18066164

autogyrophilia@reddit

So there you have it. The thing with MSP work it's that : \- You need to please users more. It's harder to deny requests. \- Changes are not actively reviewed, it's fast paced. It may be that it was a perfectly reasonable choice of disabling updates on the wake of the print nightmare debacle. And then they just forgot . Still, as an MSP sysadmin I consider my first duty the patching and backing up of devices, right after procastrinating work on reddit.
View on Reddit #18066384

ProfessorWorried626@reddit

Things that do something important. 3rd party print gateways, and 3rd party app sync or other similar crap.
View on Reddit #18065720

jesuiscanard@reddit (OP)

Just a user PC. Wife of the owner.
View on Reddit #18066149

Obvious-Water569@reddit

User pandering?
View on Reddit #18065718

FuriousRageSE@reddit

I can take my side/view in automation. There is often old equipment (pci cards, usb, com ports what ever old stuff running) that will break if its updated or certain patches that breaks what ever they managed to get working, altho these systems are often not connected to any network except the machine it controls. I've been at places that still has windows 95 operator pc:s because upgrade will cost too much.
View on Reddit #18065370

jesuiscanard@reddit (OP)

A desktop PC in use till the day we took over
View on Reddit #18065622