July 17, 2019.
When I decided to let my Windows 1809 update to 1903, I knew I needed to reinstall Windows anyway after two years of manipulating and hacking Windows for my Cyber Security MA. So I let it upgrade itself to 1903. I'm use to doing fresh Windows installs at least once a year and I knew the probabilities were that I'd have to do a fresh install after the upgrade didn't work.
The upgrade went fine but afterward, VMWare wouldn't run any of the many Virtual Machines I use. They would mostly start and then cause the entire system to BSOD and reboot--even if I deselected "Graphics Acceleration" in VMWare options as suggested on forums. So I followed VMWare instructions for getting Workstation to work on 1803 as well as turned off all other Windows Security lock-downs and tried all the other myriad of options posted on forums around the net.
Still, Workstation Pro 15 could not run the VMs. So I tried again by making sure any Windows features dealing with containers, sandboxes OR Hyper-V were uninstalled. After that, VMs still would not run without the BSOD.
Next, like I've done many times after a Windows update caused problems, I started going backwards down the update list and uninstalling them one by one to see if I could isolate the bad update (was it a security update or the 1903 update?). Which Windows did not let me do. I uninstalled 3 updates at least 3 times each and after each reboot the updates were still there (or reinstalled at boot). I even flushed the software distribution and update cache folders so they wouldn't be there for Windows to install at reboot, but this didn't work either. Uninstalling updates is not guaranteed to work. Disabling the net adapter didn't work either.
Next, I figured I'd click the roll-back update in the Start Control Panel. So I followed the instructions, filled out the feedback form with choice words and rolled back to 1809.
After the reboot and long roll-back, I attempted to run the Virtual Machines with Workstation 15 Pro once more. BSOD (which isn't always blue any more). Even after re-installing Workstation, Windows wouldn't let it run without crashing.
So, from this experience, significant flaws can be found in Windows: 1) Uninstall updates doesn't work. 2) Roll back update doesn't work. 3) Yearly updates can break Windows functions. Microsoft continues to lock out competitors in the name of "security".
Other issues I came across with my test installs of fresh 1903 ISOs. 1) VMWare Workstation 15 Pro will run fine with a fresh install of 1903. I turned off all the extra/new security options before successfully trying Workstation. 2) Downloads of 1903 ISOs (from Microsoft) to running 1903 versions get corrupted and won't install on Metal or VM. None of the ISOs I downloaded from Microsoft on my 2 PCs (running 1903) would install without fatal errors. That's 2 Microsoft ISOs downloaded on 2 different 1903 machines. The ISOs wouldn't install to VMs and when written to different USBs using Rufus, the same failure would occur on install, showing that 1903 has a feature preventing data transfer or a consistent error when writing data to discs. I downloaded a Linux ISO on each machine and neither had any problems installing as VMs. It's evidently a Microsoft iso issue (or less likely, Rufus). Windows 1809 had to be used to download 1903 ISOs and flash them to the USBs using Rufus.
The important lesson? Do not let Windows update if you have mission-critical non-Microsoft software. How? --Open Control Panel (type Control Panel in Cortana), then Windows Defender Firewall.-- Then, on the left, click Advanced Settings. Next, right click on Inbound Rules and choose New Rule. Choose Custom then Next. Down near Services choose Customize. Choose Apply to this service then scroll down to Windows Update and highlight it. Then click ok, then next. Leave Any and All chosen for Ports & Protocols then click next. At Scope choose next again. Under Action select BLOCK then next. Under Profile, leave all 3 selected and choose next. At name, Enter "Windows Update BLOCK" and choose Finish.
But that's not all, repeat the same procedure except block Windows Update Medic SaaS service under Customize Service Settings/Apply to this service. This Medic service will attempt to repair problems that prevent Windows from updating so follow the same procedure, just choose Windows Update Medic Service.
Now, do the same thing for the Outbound rules, underneath where you right clicked Inbound Rules above. Now that you're familiar with the Windows Firewall, you can go through the list of Rules and block services you don't use. Double click on a name and choose Block the connection. I don't use Xbox with my PC so all the Xbox communication is blocked. I also don't use Skype, so it is blocked along with a few other programs that waste bandwidth. Telemetry and other Windows "phone home" services can be blocked similarly.