Yeah I know what you mean.
I have mine set to download and wait, as I prefer to let updates happen while I am shutting down.
I usually install them after a few days of not seeing the tech press freak out 
Windows 10 updates I also have wait for my say-so.
Google are also pushing an update.
And Firefox still uses its own certificate checking, it doesn’t use the OS Crypto API.
The SANS Institute has a writeup that goes into plenty of detail, mainly covering what we’ve already discussed:
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
What might be of interest in that article is that they’ve created a test website at curveballtest.com that is signed with a spoofed certificate and gives an indication of whether the system you’re using to access it is vulnerable or not. It also offers the opportunity to download a binary signed with a spoofed cert to see if that’s picked up, and offers some additional detail about how the various browsers behave when seeing spoofed certs.
I tried this on a patched system. Using Chrome the site reported “not vulnerable” and the download was blocked. Using Edge (old version not Chredge) the site reported “not vulnerable” but the download was permitted; however the file was immediately blocked and removed by Norton, classed as WS.reputation.1 malware. The article says that Windows Defender is also able to block this.
I already class the SANS Institute as trustworthy but you should do your own checks before accessing any links. Links given above actually come from the show notes for today’s (Friday) SANS Institute Internet Center Stormcast podcast if you want to check.
Quick update: all my systems are now on 1909 with the latest patches: no problems found and the File Explorer search field problem (stopped working for me on 1903) has been fixed.
Awesome thanks for the update!