Bypass for Windows Update lock for next-gen processors found
Microsoft blocked the delivery of Windows Updates recently to Windows 7 and 8.1 devices powered by a next-generation processor.
The company announced the support change in January 2017. Broken down to the essentials, it means that Intel Kaby Lake and AMD Bristol Ridge processors are only support by Windows 10, and not older versions of Windows.
To hammer that home, Microsoft made the decision to block Windows Update on Windows 7 or 8.1 PCs with those next generation processors.
The company introduced patches, KB4012218 and KB4012219 for instance, which introduced process generation and hardware support detection on Windows 7 and 8.1 systems.
Windows users who run Windows Update get the unsupported hardware error prompt when they try to scan for and download the latest patches for their -- still supported -- operating system.
Bypass for Windows Update lock for next-gen processors
GitHub user zeffy made the decision to take a closer look at how the actual blocking is done on the operating system level.
What he did was the following:
- Download the Patch KB4012218 from Microsoft.
- Extract the content of the MSU file using the expand command line tool. Expand basically extracts all files that are part of an update file so that you can analyze each individually.
- This resulted in a long list of files. He used PowerShell to filter the files for anything starting with "wu" to filter out Windows Update related files.
- He then ran diff tools to compare the binaries of the files in the new update file with those on the actual operating system.
- He discovered the dynamic link library wuaueng.dll, and found the two functions IsCPUSupported(void) and IsDeviceServiceable(void) in it.
Now that he found the culprits that blocked the installation of updates on machines with next generation processors, he came up with a solution for that.
His preferred solution jumps over the whole "IsDeviceServiceable(void)" body so that Windows Update is notified that the CPU on the machine is supported.
The solution requires the patching of the dll file. He has uploaded the patched files for 32-bit and 64-bit versions of Windows 7 and Windows 8.1 to the GitHub project page. The source code has been made available there as well for you to check.
The patches come as scripts that you just need to run to make the necessary changes. Windows Update should work just like before then even on Windows 7 or Windows 8.1 systems with next generation processors
Attention: it is recommended that you create a backup of the wuaueng.dll file before you patch it. Even better, create a backup of the system partition just to be on the safe side of things.
One caveat of the method is that any new version of wuaueng.dll that Microsoft releases requires new patching. Microsoft may devise other means to block updates on those systems as well in the future. (via Sergey)
Now You: What's your take on Microsoft blocking updates for customer systems?
Does it work by Cpu spoofing?
I hope there will be simplier way to get over this stupid lock down.
No. The patch reverts the DLL file by patching out the CPU check (it always returns “1” instead of “0” on an unsupported CPU).
“What’s your take on Microsoft blocking updates for customer systems?”
Borderline fraud. Their excuse is you can always “upgrade”. IDK if it’s free anymore though.
Yes, you can still get it for free, just use the assistive technology link here:
https://www.microsoft.com/en-us/accessibility/windows10upgrade?tduid=(14c348e893a91089cb2980533c6ee123)(256380)(2459594)(TnL5HPStwNw-0FBZfNm6YPFXNhiu3o52rA)()
>Microsoft may device other means to block updates on those systems as well in the future. (via Sergey)
devise*
Microsoft knows better than us that newer hardware should only be supported with Newer Windows OS,
Yeah Right, like i trust M$soft to have my interests be of any consideration.
That is why I use Linux, MINT and all my 125 people in my company use Linux Mint here in California
it’s either Mac or Linux Windoze is just a drag on the economy
MY company, and it’s cooperative entities also DO NOT WANT TO BE TRACKED
Every one now uses several different VPN within the company
From little 65 year old Grandma’s to the latest hipster employee who handles
Going from station to station asking if everything is OK, and how things could be made better.
Easier method. I switched from Windoze machines to Android and Tails Linux. Microshaft can play with itself.
What do i think of it ha ha ha ha , Microsoft is losing and will continue to lose customers by the truckload and they certainly deserve it . An awful company that enjoys giving their customers the hardest time possible .
Maybe if Win 10 wasn’t so ridiculously bad they wouldn’t have to force people to accept their garbage and Win 10 in every sense of the word is pure garbage.
Wow, M$ is actually forcing me to move from Windows.
Bear in mind that in a year or two, most new OEM computers on sale will come with Intel Skylake or Kabylake processors that will not allow Win 7/8.1 to receive updates because of processor-blocking by M$ thru Windows Update’s mandatory monthly Patch Rollups. Consumers buying new OEM computers will then be forced to make a decision, ie to submit to M$ or reject Win 10.
……. “Resistance is futile, you will be assimilated”.?
P S – Only new high-end business OEM PCs running Skylake and built-in vPro(= Remote Management Engine) technology are not being blocked by M$.
Turning off automatic updates and using WSUS Offline will bypass all this.
hey wait, everybody told me that only linux-users tinker constantly with their machines…
Not a perm fix, when MS decide to update and patch the .dll files again this ends. So you need to review each update otherwise you might get locked out when you restart when you ‘accidentally’ updated your OS. This needs to be patched in memory, which would be the better deal so that whenever it gets patched and overwrite right before the OS boots so that you never get locked out.
Of course when ms find out they might add additional checks to it and then this method wouldn’t work at all.
This only effects Windows update, people aren’t being prevented from booting their PCs only prevented from using Windows update and given Microsoft normally only issues updates once a month that gives plenty of time to figure out ways to circumvent it.
It’s probably safe to say preventing people from using Windows update wasn’t intended for tech savvy users, just like the GWX addware wasn’t, it’s intended to catch users who are knowledgeable enough to avoid the GWX addware but not confident/knowledgeable enough to attempt the replacing of Windows files with third party alternatives.
One things for sure Microsoft statements about keeping their customers safe isn’t helped by them denying security updates to paying customers.
M$ doesn’t want Windows 7 to be next XP, that’s why they blacklist the latest hardware.
That’s the only way for them to force people to use scam W10.
I stick with W7 as long as third part programs are supported on it.
Let’s see what shall happen after 2025 as M$ said W10 will be the last system supported.
I run Windows 7 on 1 of 4 computers (Debian on the rest). MeGUI and games, and decent graphics drivers for games, are the only reasons it’s still around. I will figure out PCI-passthrough (or more likely won’t have to because the recent GPU virtualization kernel additions will have a lot of time to mature before I need it!) and run Win 7 in a VM until I die before I run Windows 10 (short of a sea-change in Microsoft’s attitude/policies, not that such a thing could ever be trusted at this point).
The last couple times I have bothered to update my Windows box, I have used WSUS Offline Update, and I am curious what effect that would have on the CPU-lockout:
-Does WSUS download and install the patches that break Windows Update?
-Does the presence of the updates which break Windows Update prevent the installation of other updates through WSUS?
-If WSUS allows you to fully update your system, does anything else break (update-wise, I understand the scheduler and power management will probably always be issues)?
You should ask all that in their forums just to make sure…
http://forums.wsusoffline.net/
As always, this just reinforces the fact that for every Microsoft employee who thinks he is smart, there are probably a thousand more who do not work for Microsoft and who are much smarter and more talented.
When will Microsoft learn that they cannot stymie the masses?
Martin, this also blocks AMD Ryzen CPUs, as well as Bristol Lake APUs.
Stop supporting Microsoft. Switch to Linux. It’s 2017. FFS.
I am wondering how the CPUs that were misidentified by this blocking method are going to recover. The March updates prevented these users from receiving windows updates, so how will a fix be delivered to them? Also they can not use a msu file from the MS catalog because the blocking method prevents the file from installing.
The next worst thing that could happen to them would be making contact with Microsoft’s customer help line.
I assume the March update, if uninstalled, removes the block and the April update reinstates it.
Dear Intel and Amd
URGENT
Make chips that work with my software or I won’t buy your ******* hardware
thanks for your prompt attention
~The Customer
It’s not the hardware companies who are making this happen, it is Microsh!t using new hardware as a “justification” for extortion in forcing people to upgrade to Windows 10 so they (Microsh!t) can monetize their customers computer use data through “telemetry” and other spyware in their OS.
I work in acquisitions and have always wondered how the government has justified the acceptance of what amounts to a sole source selection of Microsh!t operating systems. I would love to see somebody challenge the government for acquisition fraud in that the operating system, just like the hardware, should be open to all bidders and should be evaluated for best value. Microsh!t has made multiple billions of dollars (our taxpayer dollars) as the default OS included with computers purchased by government organizations. A lawsuit filed on behalf of the people and the Linux community challenging the unjustified sole source acquisition of MS products on computers without competitive bidding is long overdue.
Discover freedom. Linux Mint. Join us.
Those touting a switch to linux are neglecting the fact that most software vendors of the business class have not and will not switch over to those platforms. Additionally, if you run a vendor application that requires something like SQL 2008 or higher, guess what? Your vendor has you over a barrel. You can’t switch OS and you can’t NOT use your application, or find one written for linux. So all you Linux people that whine about MS users, stop whining and start writing. Write more business oriented software. Write the applications to REPLACE MS with. Don’t just whine at us and do nothing, then wonder why people won’t switch. Business class software in Linux still has yet to be a viable replacement, and until it is, we’re stuck with MS.
Maybe you should stop whining about Linux users and open your checkbook, put your money where your mouth is and pay a Linux developer to write what you need. There are plenty of enterprise-class developers and database servers out there besides SQL2008 but people are too cheap to pay to get it done.
Love that the biggest whiners come to whine about others.. nice.
Better yet buy a book, learn how to code and do it yourself, save yourself a buttload of money that way. That’s the beauty of Open Source.
So, as others have stated this move makes up my mind to pull all MS boxes except for one box for some games I’m addicted to and turn them into Linux Mint boxes.MS just unwittingly increased the Linux user base even if folks like you won’t learn or pay developers to build what they need. If you would check into it more I would be willing to bet that Oracle or RedHat have what you need you just don’t want to fork out enterprise money for enterprise-class quality.
Open Source doesn’t mean free Henry, don’t be so tight.
Personally, I cannot switch to Linux. i would like to but i can`t. I have almost 1000+ games on Steam. About 100 of those work on Linux. What am I gonna do? Just play with what works a forget about the rest? I invested, like most people, a lot of time and money on my software library and until there is a magic way to make all of that work on Linux, most cannot make the switch.
Also being a musician, the software that was bought for 1000+ $ cannot be used in a vm environment. I cannot add lag to these type of software.
Again, I would like to switch but I cannot, and Microsoft know this.
Yoav April 19, 2017 at 6:33 am #
Wow, M$ is actually forcing me to move from Windows.
ומה חשבת, ×”× ×–×‘×œ
M$ will try to force everyone to accept their $#!+.
My issue: I got fed up with the QNAP interface on my 5 disk NAS so decided to build my own. Found a case which required a mini-itx motherboard. Originally, I wanted to use my existing hardware (atx or mini-atx motherboard and my sandybridge i5), but could find nothing to go with that case (fits 8 x 3.5″HDD and 3 x 2.5 HDD/SSD AND has an .m2 PCIE slot, to boot). So, I bought a new Gen 7 i5, RAM, and compatible motherboard. I wanted to install some Linux-based NAS software (FreeNAS, NAS4Free, Amahti, etc), but I couldn’t make the software “see” my .m2 boot disk. Since I still had an existing Win 8.1 license I decided to use it. That installed just fine – I wasn’t aware – yet – that there would be issues with this new hardware until the warning appeared following the initial massive updates. Since it is a NAS, though, I’m not overly concerned about the update blocking, but I’d like to find out if we can remove the warning message.
Just built a new machine with Windows 7 pro and a 7th gen Intel processor. Got the Unsupported hardware popup. Followed the postings and I don’t have the Update KBs listed. I suppose MS caught onto the work around and have issued another update with the update block. No mention on GOOGLE. Any thoughts?
*PLEASE* have the direct link to the program needed.
Ugh.
*PLEASE* don’t make 1000s of users hunt for it.
Ugh.
*PLEASE* don’t provide a link only to the source code.
Ugh.