Yesterday was the April 2017 Patch Day, and it marked the end not only of Windows Vista support, but also of the Security Bulletins system.
It was also the month where Microsoft's blocking of updates on devices running 7th generation silicon on Windows 7 or Windows 8.1 is up in full swing.
We talked about Microsoft's decision to block updates on Windows 7 or 8.1 machines with 7th generation Kaby Lake or Ryzen processors before.
Microsoft's reasoning is that the latest hardware requires the latest version of Windows for support. It should not come as a surprise that Microsoft recommends that users upgrade their PCs to Windows 10 for continued support of the new processor generation.
The company rolled out updates in March that would block Windows Update from working correctly on systems with 7th generation cpus.
Back to the April 2017 Patch Day. The first screw up by Microsoft on the aforementioned Patch Day was that the company's blocking of updates for systems with 7th generation processors suddenly blocked a 6th generation cpu as well as reported by Woody first.
If the PC uses an AMD Carrizo DDR4 processor, installing this update (KB 4015549 (the Win7 Monthly Rollup), KB 4015546 (the Win7 Security-Only patch), KB 4015550 (the Win8.1 Monthly Rollup), KB 4015547 (the Win8.1 Security-Only patch) will block downloading and installing future Windows updates.
Microsoft is working on a solution, apparently.
Microsoft's Lifecycle Policy Faq has this to say about AMD Carrizo processors. Under What is the support policy for prior generations of processors and chipsets on Windows 7 and Windows 8.1 it writes:
Windows 7 and Windows 8.1 will continue to be supported for security, reliability, and compatibility on prior generations of processors and chipsets under the standard lifecycle for Windows. This includes most devices available for purchase today by consumers or enterprises and includes generations of silicon such as AMD’s Carrizo and Intel’s Broadwell and Haswell silicon generations.
This is remarkable. Not only is Microsoft blocking a 6th generation PC (temporary or not), it also highlights that the update blocking patches are included in the security-only update as well.
The distinction between security and monthly rollup patches should be clear, but it is not. Security-only updates should only include security patches (and updates for those patches), while the monthly rollups should include everything. Microsoft pushes non-security updates to the security-only update packages however.
Microsoft's decision to include the cpu blocking update in the security-only update ensures that updates will be blocked for good on Windows 7 or Windows 8.1 machines running 7th generation processors.
Are workaround available to install future patches on affected systems? I don't have access to a 7th generation cpu, and cannot say therefore if third-party update solutions will continue to work. It is clear that you should not install the patches that include the blocking code obviously.
Now You: What is your take on this?