As The Register points out, this is pretty remarkable advice from Sophos as this leaves the computers of Sophos clients wide open to attacks, possibly of a WannaCry-style worm:
Its advice on what to do is pretty blunt: uninstall the Windows update. Specifically, revert KB4499164 (May's full-fat Patch Tuesday) and KB4499165, the security-only update. As regular readers know, the latest Patch Tuesday is intended to mitigate a pretty nasty vuln (CVE-2019-0708) which permits unauthenticated remote code execution through the medium of Remote Desktop Services. Sophos itself opined that it was "so serious that Microsoft has even released patches for its long-unsupported operating systems, Windows 2003 and XP".