Microsoft screws up Windows patching even more

Martin Brinkmann
Apr 12, 2017

Yesterday was the April 2017 Patch Day, and it marked the end not only of Windows Vista support, but also of the Security Bulletins system.

It was also the month where Microsoft's blocking of updates on devices running 7th generation silicon on Windows 7 or Windows 8.1 is up in full swing.

We talked about Microsoft's decision to block updates on Windows 7 or 8.1 machines with 7th generation Kaby Lake or Ryzen processors before.

Microsoft's reasoning is that the latest hardware requires the latest version of Windows for support. It should not come as a surprise that Microsoft recommends that users upgrade their PCs to Windows 10 for continued support of the new processor generation.

The company rolled out updates in March that would block Windows Update from working correctly on systems with 7th generation cpus.

Back to the April 2017 Patch Day. The first screw up by Microsoft on the aforementioned Patch Day was that the company's blocking of updates for systems with 7th generation processors suddenly blocked a 6th generation cpu as well as reported by Woody first.

Microsoft notes:

If the PC uses an AMD Carrizo DDR4 processor, installing this update (KB 4015549 (the Win7 Monthly Rollup), KB 4015546 (the Win7 Security-Only patch), KB 4015550 (the Win8.1 Monthly Rollup), KB 4015547 (the Win8.1 Security-Only patch) will block downloading and installing future Windows updates.

Microsoft is working on a solution, apparently.

Microsoft's Lifecycle Policy Faq has this to say about AMD Carrizo processors. Under What is the support policy for prior generations of processors and chipsets on Windows 7 and Windows 8.1 it writes:

Windows 7 and Windows 8.1 will continue to be supported for security, reliability, and compatibility on prior generations of processors and chipsets under the standard lifecycle for Windows. This includes most devices available for purchase today by consumers or enterprises and includes generations of silicon such as AMD’s Carrizo and Intel’s Broadwell and Haswell silicon generations.

This is remarkable. Not only is Microsoft blocking a 6th generation PC (temporary or not), it also highlights that the update blocking patches are included in the security-only update as well.

The distinction between security and monthly rollup patches should be clear, but it is not. Security-only updates should only include security patches (and updates for those patches), while the monthly rollups should include everything. Microsoft pushes non-security updates to the security-only update packages however.

Microsoft's decision to include the cpu blocking update in the security-only update ensures that updates will be blocked for good on Windows 7 or Windows 8.1 machines running 7th generation processors.

Are workaround available to install future patches on affected systems? I don't have access to a 7th generation cpu, and cannot say therefore if third-party update solutions will continue to work.  It is clear that you should not install the patches that include the blocking code obviously.

Now You: What is your take on this?

Microsoft screws up Windows patching even more
Article Name
Microsoft screws up Windows patching even more
Yesterday was the April 2017 Patch Day, and it marked the end not only of Windows Vista support, but also of the Security Bulletins system.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Bretton said on July 29, 2017 at 5:17 am

    Thanks WacoJohn for your reply. I did have a look at what you mentioned. There did not seem to be things related to Windows Updates that I should delete.

    Kind Regards,

  2. Bretton said on July 18, 2017 at 6:14 pm

    I have a laptop at home that I bought new in January 2015 with Windows 8.1. For the last 5-6 months I keep getting failures on the Monthly Security Quality rollup updates.

    I have also tried downloading them one at a time and manually installing. I have also used Windows Update Troubleshooter, which supposedly fixed some stuff. Only to have the Security Quality Rollup Updates for that month fail still and again every month.

    Some other updates do get through and are successful. Every month after patch Tuesday when I apply them, invevitably it says Windows could not install updates, rolling back. That takes approximately 20 minutes. When I check the Update History, I see some have been applied, but always a failure on the Security Quality Rollup Updates for that month or any previous. I had tried upgrading to Win 10 twice before, had to rollback both times. First time wifi connectivity stopped. Second time I could not back up to my portable hard drive – it churned away for hours. Now it’s past the time for the free upgrade.

    Is there anything to do to fix this issue with Security Quality Rollup Updates? Thank you for any help or advice.
    Kind Regards,

    1. WacoJohn said on July 19, 2017 at 5:20 pm

      Not sure if this applies to your specific problem, but I suspect it does. Go to Control Panel/Programs and features. Click VIEW INSTALLED UPDATES. See if you can find any INSTALLED updates that relate to the one that is failing .. such as in the description or ??? UNinstall that/those updates. Reboot. Run Windows Update again, and search for updates. Any needed updates should successfully install.

      What I am trying to say is on some failures … i.e. UPDATE FOR XXXXX fails and if you uninstall XXXXX then boom, no more update failures. The orig will come up again if needed and then, so will the failing UPDATE to it.

      Hope this makes sense. Good luck.

  3. primate said on June 30, 2017 at 6:28 pm

    Microsoft’s solution is to uninstall KB890830 & reinstall it fresh. However, it cannot be uninstalled because it does not appear in the list of installed updates, although WinVista history shows that it has installed the same dated publication on top of itself 5 times in the past 2 months. And you can neither uncheck it nor hide it because Windows Update keeps reopening with the item already checked saying it needs to be installed. It would appear that the Malicious Software Removal installer has itself become malware.

  4. Tony B said on April 20, 2017 at 1:01 pm

    Hi All
    After I Installed April Rollup KB 4015549 and security updates, unable to uninstall any of the update’s, not able to install updates, AVG Internet Security will not scan, will not update. Any suggestions?

    1. Tom Hawack said on April 20, 2017 at 1:25 pm

      Forget WinUpdates :

      sc config wuauserv start= disabled
      sc config BITS start= disabled

      And forget the company as well.

  5. coakl said on April 20, 2017 at 1:36 am

    No other business could get away with what MS does:
    a. Force customers into a product that they don’t want, and which MS can’t even give away for free!
    b. Refuse to sell and support a product (win 7), that people do want and are willing to pay for.
    c. It would be more profitable to continue selling Win 7, than keep destroying the company brand by pushing 10.

  6. Antipsycho said on April 17, 2017 at 6:25 pm

    Microsoft’s use of the “unsupported hardware” scam is but further proof that Microsoft hires psychopaths to force the use of Windows 10.

  7. Maddoc said on April 14, 2017 at 5:41 pm

    My computer is not a 7th generation processor it is an E7300 dual core 2.6ghz processor from 2008 and i inadvertently installed this update. what it did was delete my restore points so i couldn’t roll back prior to this update and now tells me i will no longer receive security updates as i should be running windows 10, go figure they cant even get processor identification right and anyone with a processor with a 7 in it will be blocked from receiving future security updates, slick move from Microsoft to force people to upgrade to windows 10.

    1. coakl said on April 20, 2017 at 1:35 am

      That’s gotta be a Poster Child for how stupid and foolish Microsoft has become.

      Satya Nadella, MS CEO, is so typical of the H-1b programmers imported as cheap technology labor.
      They are arrogant and secretive. They believe little or no user acceptance testing is needed, because, in their opinion, their work is always perfect at initial release.
      They refuse to admit mistakes, They refuse to document their work in plain English, They refuse to look at problems from the user point of view. They refuse to listen to differing opinions.
      They are stubborn, to the point that they feel everyone else should simply shut up and comply.

      It wasn’t so bad when the H-1b attitudes were limited to the drones on the shop floor. But once they were promoted and reached the CEO’s office, *real trouble* would result.

  8. Mola Ram, CEO Microsoft said on April 14, 2017 at 2:32 am

    How can any professional, or government agency continue to use this ridiculous mess of an operating system? Microsoft is humiliating, and their hardware extortion is borderline illegal. A business that just bought thousands of PCs with assurance they would be supported for years now has to buy new hardware to get security updates!? What kind of lunatic is running Microsoft these days?

  9. Mikhoul said on April 14, 2017 at 12:38 am

    HERE’S THE FIX: Use the WSUS Offline Update tool to download new updates for your unsupported system.

    WSUS doesn’t run the same hardware checks and it bypasses all of the usual restrictions because it receives updates directly from Microsoft’s servers.


  10. Anonymous said on April 13, 2017 at 9:37 pm

    Since the 5 April downloads installed I suddenly had a pop-up saying I am not activated. I activated days ago. I was unable to remove the updates, even after doing system restore. Have now reinstalled from System Image made a few days ago. And Windows update is now turned to NEVER. Before I turned it to Never, I checked which updates came through and there are only three now, not five (same on our other Windows 7 laptop) so have they pulled two of them?

    The three now showing are KB4014981, KB4015549 and KB890830 (Malicious software tool).

    The original five that installed were

    KB4015549 April 2017 Security Quality monthly roll-up

    KB973688 Update for Microsoft XML Core services 4.0 Service pack 2 for x64 based systems

    KB954430 Security update for Microsoft XML Core Services 4.0 Service pack 2 for x64 based systems

    KB4014981 April 2017 Security and Quality roll-up for .NET framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008R2 for x64

    KB890830 Windows Malicious Software removal tool x64 – April 2017

  11. Mystique said on April 13, 2017 at 5:13 pm

    For as long people keep supporting Windows over Linux this will continue to be an issue. That not only goes for users but developers.
    I’m still on Windows per necessity.

    Honestly windows 7 is rubbish if you have invested into a top end GPU and run any sort of resolution above 1080p, god forbid you run a large 4k monitor with decent ppi then get used to squinting because that’s what you’ll be doing the rest of the time.

    Microsoft have been failing it up since windows 8, they are basically forcing you to update and you gotta ask yourself why?
    Microsoft has a lot to gain from you updating to windows 10 and is not just the initial outlay to buy the OS. Ask yourself why Microsoft gave it away for “free” for a fair while and why they tricked people into downloading by force.

    I sincerely wish Linux could step up or even ReactOS but that’s a pipe dream at best. :(

  12. Hazel said on April 13, 2017 at 12:24 pm

    Ok. So I had just done a clean install of Windows 7 and all the updates (before the April ones appeared) – except some optional telemetry ones and KB 4012218. Luckily I made a system image immediately. But yesterday 5 Important updates for April appeared in Windows update. Having read this I decided not to install them. Laptop was still set to download but let me choose whether to install (I find this speeds up clean install).

    Windows has installed them WITHOUT MY PERMISSION!!!!!! Last night I turned it off and it said it was installing 5 updates. I turned it back on, checked what had been installed, and the last updates installed were the ones I did a few days ago, with the 5 updates still sitting there waiting to be installed.

    I then turned the laptop off for the night. This morning I started it up and had a black screen with white writing telling me Windows was installing updates. This went on for a few minutes, with mention of registry keys, then Windows started up with the normal start screen and asked me to wait while it installed updates.

    The April updates are now installed. WTF!!!! I did not opt to install them. I have never had this happen before. As it happens I have a 1st generation processor, but I am not happy! I haven’t noticed any issues (yet) but had not finished installing all my programs yet.

    1. SubgeniusD said on April 17, 2017 at 4:41 pm

      Same here. I was aware of the new update gimmick of re-checking unchecked selections.

      So I first inspected the update window to ensure nothing was selected.

      After hitting shutdown the “installing updates don’t power off” text popped up. All 5 were installed.

      So this is taking “strong arm tactics” to a new level.

      Fortunately no adverse reactions this time.

      Haven’t restarted this (secondary) mobile workstation for over 8 weeks, have to sooner or later…….oh well.

    2. Clairvaux said on April 13, 2017 at 3:00 pm

      Yes, that’s funny, isn’t it ? Isn’t it cute to have Microsoft do something on you that’s not exactly what you thought you had agreed to ? Well, that’s expected behaviour (and the new normal). Says Windows update guru Woody Leonhard at AskWoody blog :

      “Download updates but let me choose to install them gives Microsoft carte blanche to install any recommended or important updates when you restart your machine.
      If you want to control updating on your machine, you should choose the Never Check option or Notify but don’t download.” (December 2016)

      1. eles said on April 16, 2017 at 2:04 am

        My win7 box is set to ‘Check for updates but let me choose whether to download and install them’. These April updates downloaded themselves and checked the boxes selecting themselves for install. NOTHING was supposed to download. I did apply the Malicious Software tool on 4-12 and unchecked the remaining boxes. I was waiting to hear if there were any problems.
        More than once a day, since then, I got a pop-up from the notification area telling me to install updates. Each time I looked at them, they had been rechecked for installation and I unchecked them again. After reading Hazel’s post, I hid the updates. I guess I’m lucky I stopped this before M$ decided to install them also. I changed the setting to ‘Never Check’, rather than ‘Let Me Choose’. My box will reject M$ packets if I did not initiate the conversation, so updates will never arrive. I’m very close to choosing to never install another update.
        M$ went to the new roll-up format without individual kbs for updates in October 2016.
        I’ve not installed anything (except the malicious software tool) since October.
        I don’t know how it works with the new update format, but Aegis / Ancil had been a wonderful alternative to blindly accepting whatever M$ sent my way.

  13. Chris said on April 13, 2017 at 9:13 am

    “Microsoft’s reasoning is that the latest hardware requires the latest version of Windows for support.”

    That’s complete horsecrap, and we all know it.

    Do we really want to use an OS written by a company we can’t trust?

  14. John said on April 13, 2017 at 3:25 am

    I’ve used linux in various forms. none come close to the ease of use of windows unfortunately. I’ve used an apple, even worse. Gaming … while linux and apple’s are supported by some games, it’s by no means common. Emulator is often limited.

    I don’t see any company sticking their neck out to make a new OS that would compete with Windows, with a better philosophy. The only solution I’d see is improving one of the better linux GUI’s, and make that native instead of the “windows 9x/ME” idea of running on top of a “DOS” kernel….

  15. WacoJohn said on April 13, 2017 at 1:10 am

    I’m on an Intel Core i3 ….. which I believe is 7TH GEN. It’s a pretty old Toshiba Satellite laptop running W7-64 Pro. This update appeared today … kb4014981 and it will not install. From what I can tell, this article explains why (I ain’ no CPU expurt). I don’t plan to put Linux on it until W7 goes off support. So … I guess the best thing for me to do is hide this update(?) Some of this article is a bit over my head.

    1. WacoJohn said on April 13, 2017 at 4:23 pm

      Nope .. it’s a 2nd GEN. Would that be why this update will not install?

      EDIT: Read article again. Apparently my CPU is NOT why that update will not install. Learn something everyday.

  16. Ben said on April 12, 2017 at 11:46 pm

    Well seems like the new W7 Laptop I will configure tomorrow for someone will run without updates then.

  17. Peter (NL) said on April 12, 2017 at 11:31 pm

    I am happy that I don’t face this issue. It is a very sad story, but it’s also a bloody shame to Microsoft. Typical behavior of a monopolist. It has become time to invest more in Linux distributions and software. Less fragmentation and more focus on distros with great potential for a big user base. Maybe the European Commission and big European companies can play a role in this funding of further development.

  18. kevin said on April 12, 2017 at 7:31 pm

    Windows 8.1 is still under mainstream support. New features are supposed to be implemented. And any reasonable person would also expect the mainstream support in Windows 8.1 to mean that the latest generation of hardware will be supported, too.

    So somebody needs to sue Microsoft.

  19. Anonymous said on April 12, 2017 at 6:29 pm

    This might be useful for clean installs in the future. Like you can uncheck all the Telemetry stuff. Gaming is the only reason I keep Windoze around.

    1. lehnerus2000 said on April 13, 2017 at 5:27 am

      Thanks for that link. :)

  20. Jeff said on April 12, 2017 at 6:12 pm

    Everyone just stay with whatever hardware you have, avoid these patches and stay with Windows 7 or 8.1. Wait till Windows 10 blows over and a new management is in place at Microsoft.

  21. Norm said on April 12, 2017 at 5:54 pm

    I find it hard to understand how so many intelligent people can put up with this MS crap for so long. I’d have more
    trust in security updates coming from a troop of macaque monkeys than what’s coming from MS.

    1. 420 said on April 13, 2017 at 12:58 am

      The answer they will tell you over and over again is, “I can’t live without (insert name) program”. Whether that is reality or laziness depends on the person I guess. MS will only continue to get worse, that is a certainty.

  22. Colem said on April 12, 2017 at 5:35 pm

    There is a reason that I used a Linux disk to remove the windows update files from my laptop after uninstalling the update service. funny thing is, my computer has had none of the issues plagueing others that get raped with the updates.

  23. P said on April 12, 2017 at 5:06 pm

    M$, pushing sys admins and users to linux one windows update at a time. Stay classy M$!

  24. dante said on April 12, 2017 at 5:03 pm

    I haven’t bought a windoze product for years now. All Android and Chrome. Microshaft wants to putz around, they can putz around by themselves.

  25. bogey said on April 12, 2017 at 4:32 pm

    So only newer CPU’s are not supported anymore but older ones still are?

  26. karlo2105 said on April 12, 2017 at 3:23 pm

    Does it work with renaming CPU name into older processor still supported ?

    I am sure there should be a way to workaround it as nothing is impossible in computer science.

  27. dark said on April 12, 2017 at 12:45 pm

    M$ even has vulnerability called AtomBombing that cannot be patched.

    Google: “AtomBombing: The Windows Vulnerability that Cannot be Patched”

    So choosing Windows for businesses and high security environments is a big No.

  28. Andrew said on April 12, 2017 at 12:26 pm

    Your comp isn’t yours. … you can’t run whatever OS you want … that would be madness … MADNESS, I say!

  29. Yuliya said on April 12, 2017 at 10:43 am

    “Microsoft screws up Windows patching even more”
    Uhm, my Enlgish not good :( Can you keep it simple?

    “Microsoft screws up”
    Oh, now I understand! :)

    Seriously, don’t buy WIndows for personal use anymore. Pirate it. And make sure it’s the LTSB, which is a big middle finger for Micro$oft. Because screw Micro$oft, just like they screw their users for not providing support for an OS which is still in “mainstream support” phase (8.1). The sooner Windows dies the sooner we can all move to something else.

    1. Gary D said on April 12, 2017 at 4:51 pm

      Change “Microsoft screws up” to “Microsoft screws us”.

    2. Tom Hawack said on April 12, 2017 at 11:47 am

      Decency forbids me to explain what screwing “even more” means, but I guess we get the idea.

  30. zund said on April 12, 2017 at 10:07 am

    microsoft: now under new management, but the same shit show since the 1990s.

  31. Anonymous said on April 12, 2017 at 10:00 am

    In France now Microsoft is in partnership with Renault-Nissan. Be sure I will NEVER buy another Renault.

  32. Tom Hawack said on April 12, 2017 at 9:57 am

    Moving to Linux is as if you were playing chess with Microsoft, hear it declare “Checkmate dear user!”, to what you would answer “I check your wife, mate!”.

    That was my morning allegory to handle increasing exasperation. A bit childish but it relieves.

  33. said on April 12, 2017 at 8:26 am

    I just received this shitty updates on newly installed ryzen system. Oh, this bastards worked hard to make installation nearly to impossible, but I make it. Fuck to all of them. I hope that in future somebody will make the patch which substitute cpu id to trick freaking windows update..

    1. Anonymous said on July 3, 2017 at 6:32 pm

      Just move to Linus. I have been using Ubuntu 16.04 for more than a year and have no regrets.

  34. Gary said on April 12, 2017 at 7:47 am

    I hope someone with a lot of money decides to sue Microsoft over its refusing to allow more powerful computers to run the operating system the user wants and receive updates. If a computer will run the system, it should be the users prerogative whether or not it gets installed.

    The only thing Microsoft should do is update their software and make the updates available for all legal users of their operating system. The hardware is quite frankly none of their business. Just like its none of their business how someone uses their computer. If they want data, then the operating system should be completely free. And offering a free upgrade to a paid operating system does not change the fact the software was still paid for.

    Microsoft has gone off the deep end with their strong armed tactics to get people to upgrade to 10.

    1. ilev said on April 13, 2017 at 8:10 am

      ” software was still paid for”..
      No. software was not paid for, you paid for the (license) privilege to USE Windows OS. The OS is still Microsoft’s property and Microsoft has the right (EULA) to block it, wipe it, change it…

      1. Mr Fuddled said on May 3, 2017 at 7:39 pm

        You see, THAT”S the whole crutch of the matter. With the rediculous “intellectual rights” laws, MIcrosoft and others can legally ask consummers to pay, pay again, pay again… To me, the bottom line is that if $200 goes from my pocket to someone else for an operating system, I own it. I’m not “renting” it or “borrowing it”. As such, after the initial purchase, Microsoft, and others have no business in my computer trying to control it or how I use it. Period.

  35. beemeup4 said on April 12, 2017 at 7:24 am

    Microsoft knew full well that security patches were the last haven for people who wanted a secure system AND a stable system and often opted NOT to install “feature” updates that seem to have a growing trend of breaking things like a certain rollup package that completely killed Intel bluetooth devices and I’m not sure if they (MS) or Intel ever released a fix for that claiming that fault lay with the other party or some such nonsense, meanwhile users were just left hanging.

    So of course Microsoft started attaching non-security elements to security patches which were completely unrelated to the security flaw being fixed, and… surprise surprise once very reliable security updates became potential system breakers just like their feature update brethren.

    if you think for a second that this wasn’t completely intentional, you are naive. That “X” button being changed from “Cancel” to “Accept” on the Windows 10 upgrade box was no accident. Now there’s this fiasco with “unsupported CPUs”, which should be for many the last straw especially for those with even an inkling of computer history.

    Back in “the beginning” operating systems were written for specific hardware so there was no interoperability and even upgrading hardware required a system rewrite. Extremely quickly they realized this was completely impractical and could not scale, so they eventually standardized on the X86 instruction set which we use to this day. But now Microsoft goes “fvck decades of history, let’s tie software with hardware again because users are idiots”. Fvcking DOS can run on Kabylake but MS wants us to think Windows 7 and 8.1 somehow “doesn’t”?! Just another maddeningly transparent attempt at shoving Windows 10 down people’s throats.

    This kind of practice goes against everything I stand for, so I won’t use Windows 10 out of pure principle. It is the ONLY meaningful way to say “NO”, or in more polite terms, “FVCK YOU MICROSOFT”..

    1. Clairvaux said on April 12, 2017 at 2:47 pm

      “DOS can run on Kabylake but MS wants us to think Windows 7 and 8.1 somehow “doesn’t”?!”

      That’s funny.

      1. Tony said on April 14, 2017 at 9:23 am

        In my opinion, it’s obvious Microsoft cannot be trusted.

    2. Gary D said on April 12, 2017 at 1:35 pm

      This update appeared today in my Windows Updates.

      “April, 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB4014981).”

      In view of the skullduggery MS is employing with “Security” updates, I’m not sure that I should install this.
      Who knows what might be hidden inside it ?

      NB Auto Update turned off in Win 7. Lucky me :)

      1. Tom Hawack said on April 12, 2017 at 4:58 pm

        Same here. I’ve disabled Windows Update totally and the idea was to update only .net Framework. Confronted to the determination of a company to impose its OS by what has already appeared as all means I really hesitate. I mean I wouldn’t want to be screwed, even more :)

  36. M$Spy said on April 12, 2017 at 7:08 am

    That’s it, time to permanently turn off updates.

    1. Bobby Phoenix said on April 12, 2017 at 4:50 pm

      You don’t have to. If you want to turn them off to not get the blocking update you’re doing the same thing. If you allow the update to block updates then you won’t get any more updates anyway, so no use in blocking the blocking update. :p

      1. bill said on May 4, 2017 at 11:23 am

        i have 1,5 week now ,every time taht want to close my laptop have the =shut-down and update and every time i open have a delay=could suceed update a secont restart to go to previus state and after searchig i desided to turn off update and is ok=windows push us to get windows 10

  37. D.C. said on April 12, 2017 at 6:55 am

    I’ve converted one more of my old Windows boxes to Linux because of follies like this.

    1. Lurking About said on April 12, 2017 at 4:56 pm

      Out of 5 computers, 2 are dual boot Windows/Linux with Windows not connected to the Internet. The rest are pure Linux. Windows lingers because of a couple programs that are occasionally used. I have burned by MS a couple of different ways with W10 and do not wish more aggravation.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.