Bypass for Windows Update lock for next-gen processors found

Microsoft blocked the delivery of Windows Updates recently to Windows 7 and 8.1 devices powered by a next-generation processor.

The company announced the support change in January 2017. Broken down to the essentials, it means that Intel Kaby Lake and AMD Bristol Ridge processors are only support by Windows 10, and not older versions of Windows.

To hammer that home, Microsoft made the decision to block Windows Update on Windows 7 or 8.1 PCs with those next generation processors.

The company introduced patches, KB4012218 and KB4012219 for instance, which introduced process generation and hardware support detection on Windows 7 and 8.1 systems.

Windows users who run Windows Update get the unsupported hardware error prompt when they try to scan for and download the latest patches for their -- still supported -- operating system.

Bypass for Windows Update lock for next-gen processors

unsupported hardware

GitHub user zeffy made the decision to take a closer look at how the actual blocking is done on the operating system level.

What he did was the following:

  1. Download the Patch KB4012218 from Microsoft.
  2. Extract the content of the MSU file using the expand command line tool. Expand basically extracts all files that are part of an update file so that you can analyze each individually.
  3. This resulted in a long list of files. He used PowerShell to filter the files for anything starting with "wu" to filter out Windows Update related files.
  4. He then ran diff tools to compare the binaries of the files in the new update file with those on the actual operating system.
  5. He discovered the dynamic link library wuaueng.dll, and found the two functions IsCPUSupported(void) and IsDeviceServiceable(void) in it.

Now that he found the culprits that blocked the installation of updates on machines with next generation processors, he came up with a solution for that.

His preferred solution jumps over the whole "IsDeviceServiceable(void)" body so that Windows Update is notified that the CPU on the machine is supported.

The solution requires the patching of the dll file. He has uploaded the patched files for 32-bit and 64-bit versions of Windows 7 and Windows 8.1 to the GitHub project page. The source code has been made available there as well for you to check.

The patches come as scripts that you just need to run to make the necessary changes. Windows Update should work just like before then even on Windows 7 or Windows 8.1 systems with next generation processors

Attention: it is recommended that you create a backup of the wuaueng.dll file before you patch it. Even better, create a backup of the system partition just to be on the safe side of things.

One caveat of the method is that any new version of wuaueng.dll that Microsoft releases requires new patching. Microsoft may devise other means to block updates on those systems as well in the future. (via Sergey)

Now You: What's your take on Microsoft blocking updates for customer systems?

Summary
Article Name
Bypass for Windows Update lock for next-gen processors found
Description
A first workaround for the blocking of Windows Update on Windows 7 or 8.1 PCs with next-generation processors has been discovered.
Author
Publisher
Ghacks Technology News
Logo
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Bypass for Windows Update lock for next-gen processors found

  1. karlo2105 April 18, 2017 at 8:51 pm #

    Does it work by Cpu spoofing?
    I hope there will be simplier way to get over this stupid lock down.

    • Doc April 19, 2017 at 8:41 pm #

      No. The patch reverts the DLL file by patching out the CPU check (it always returns "1" instead of "0" on an unsupported CPU).

  2. ddk April 18, 2017 at 8:52 pm #

    "What's your take on Microsoft blocking updates for customer systems?"

    Borderline fraud. Their excuse is you can always "upgrade". IDK if it's free anymore though.

  3. autist April 18, 2017 at 11:47 pm #

    >Microsoft may device other means to block updates on those systems as well in the future. (via Sergey)

    devise*

  4. NAme Whitheld April 18, 2017 at 11:50 pm #

    Microsoft knows better than us that newer hardware should only be supported with Newer Windows OS,
    Yeah Right, like i trust M$soft to have my interests be of any consideration.
    That is why I use Linux, MINT and all my 125 people in my company use Linux Mint here in California
    it's either Mac or Linux Windoze is just a drag on the economy
    MY company, and it's cooperative entities also DO NOT WANT TO BE TRACKED
    Every one now uses several different VPN within the company

    From little 65 year old Grandma's to the latest hipster employee who handles
    Going from station to station asking if everything is OK, and how things could be made better.

  5. dante April 19, 2017 at 4:01 am #

    Easier method. I switched from Windoze machines to Android and Tails Linux. Microshaft can play with itself.

  6. Chris April 19, 2017 at 5:39 am #

    What do i think of it ha ha ha ha , Microsoft is losing and will continue to lose customers by the truckload and they certainly deserve it . An awful company that enjoys giving their customers the hardest time possible .

    Maybe if Win 10 wasn't so ridiculously bad they wouldn't have to force people to accept their garbage and Win 10 in every sense of the word is pure garbage.

  7. Yoav April 19, 2017 at 6:33 am #

    Wow, M$ is actually forcing me to move from Windows.

  8. Anorknee Merce April 19, 2017 at 8:32 am #

    Bear in mind that in a year or two, most new OEM computers on sale will come with Intel Skylake or Kabylake processors that will not allow Win 7/8.1 to receive updates because of processor-blocking by M$ thru Windows Update's mandatory monthly Patch Rollups. Consumers buying new OEM computers will then be forced to make a decision, ie to submit to M$ or reject Win 10.
    ....... "Resistance is futile, you will be assimilated".?

    P S - Only new high-end business OEM PCs running Skylake and built-in vPro(= Remote Management Engine) technology are not being blocked by M$.

    • www.com April 20, 2017 at 6:18 am #

      Turning off automatic updates and using WSUS Offline will bypass all this.

  9. zund April 19, 2017 at 9:22 am #

    hey wait, everybody told me that only linux-users tinker constantly with their machines...

  10. CHEF-KOCH April 19, 2017 at 9:31 am #

    Not a perm fix, when MS decide to update and patch the .dll files again this ends. So you need to review each update otherwise you might get locked out when you restart when you 'accidentally' updated your OS. This needs to be patched in memory, which would be the better deal so that whenever it gets patched and overwrite right before the OS boots so that you never get locked out.

    Of course when ms find out they might add additional checks to it and then this method wouldn't work at all.

    • Corky April 19, 2017 at 9:52 am #

      This only effects Windows update, people aren't being prevented from booting their PCs only prevented from using Windows update and given Microsoft normally only issues updates once a month that gives plenty of time to figure out ways to circumvent it.

      It's probably safe to say preventing people from using Windows update wasn't intended for tech savvy users, just like the GWX addware wasn't, it's intended to catch users who are knowledgeable enough to avoid the GWX addware but not confident/knowledgeable enough to attempt the replacing of Windows files with third party alternatives.

      One things for sure Microsoft statements about keeping their customers safe isn't helped by them denying security updates to paying customers.

  11. karlo2105 April 19, 2017 at 10:30 am #

    M$ doesn't want Windows 7 to be next XP, that's why they blacklist the latest hardware.
    That's the only way for them to force people to use scam W10.
    I stick with W7 as long as third part programs are supported on it.

    Let's see what shall happen after 2025 as M$ said W10 will be the last system supported.

  12. Geoff April 19, 2017 at 2:28 pm #

    I run Windows 7 on 1 of 4 computers (Debian on the rest). MeGUI and games, and decent graphics drivers for games, are the only reasons it's still around. I will figure out PCI-passthrough (or more likely won't have to because the recent GPU virtualization kernel additions will have a lot of time to mature before I need it!) and run Win 7 in a VM until I die before I run Windows 10 (short of a sea-change in Microsoft's attitude/policies, not that such a thing could ever be trusted at this point).

    The last couple times I have bothered to update my Windows box, I have used WSUS Offline Update, and I am curious what effect that would have on the CPU-lockout:

    -Does WSUS download and install the patches that break Windows Update?

    -Does the presence of the updates which break Windows Update prevent the installation of other updates through WSUS?

    -If WSUS allows you to fully update your system, does anything else break (update-wise, I understand the scheduler and power management will probably always be issues)?

  13. refgez April 19, 2017 at 2:38 pm #

    As always, this just reinforces the fact that for every Microsoft employee who thinks he is smart, there are probably a thousand more who do not work for Microsoft and who are much smarter and more talented.

    When will Microsoft learn that they cannot stymie the masses?

  14. Doc April 19, 2017 at 8:42 pm #

    Martin, this also blocks AMD Ryzen CPUs, as well as Bristol Lake APUs.

  15. rhY April 20, 2017 at 6:16 am #

    Stop supporting Microsoft. Switch to Linux. It's 2017. FFS.

  16. LD April 20, 2017 at 7:17 am #

    I am wondering how the CPUs that were misidentified by this blocking method are going to recover. The March updates prevented these users from receiving windows updates, so how will a fix be delivered to them? Also they can not use a msu file from the MS catalog because the blocking method prevents the file from installing.

    The next worst thing that could happen to them would be making contact with Microsoft's customer help line.

    I assume the March update, if uninstalled, removes the block and the April update reinstates it.

  17. FiredFixx April 20, 2017 at 8:33 am #

    Dear Intel and Amd
    URGENT
    Make chips that work with my software or I won't buy your ******* hardware

    thanks for your prompt attention
    ~The Customer

    • Anonymous April 27, 2017 at 2:54 pm #

      It's not the hardware companies who are making this happen, it is Microsh!t using new hardware as a "justification" for extortion in forcing people to upgrade to Windows 10 so they (Microsh!t) can monetize their customers computer use data through "telemetry" and other spyware in their OS.

      I work in acquisitions and have always wondered how the government has justified the acceptance of what amounts to a sole source selection of Microsh!t operating systems. I would love to see somebody challenge the government for acquisition fraud in that the operating system, just like the hardware, should be open to all bidders and should be evaluated for best value. Microsh!t has made multiple billions of dollars (our taxpayer dollars) as the default OS included with computers purchased by government organizations. A lawsuit filed on behalf of the people and the Linux community challenging the unjustified sole source acquisition of MS products on computers without competitive bidding is long overdue.

  18. me April 21, 2017 at 3:41 pm #

    Discover freedom. Linux Mint. Join us.

  19. Henry April 21, 2017 at 7:53 pm #

    Those touting a switch to linux are neglecting the fact that most software vendors of the business class have not and will not switch over to those platforms. Additionally, if you run a vendor application that requires something like SQL 2008 or higher, guess what? Your vendor has you over a barrel. You can't switch OS and you can't NOT use your application, or find one written for linux. So all you Linux people that whine about MS users, stop whining and start writing. Write more business oriented software. Write the applications to REPLACE MS with. Don't just whine at us and do nothing, then wonder why people won't switch. Business class software in Linux still has yet to be a viable replacement, and until it is, we're stuck with MS.

  20. Gavin April 26, 2017 at 12:02 pm #

    Yoav April 19, 2017 at 6:33 am #

    Wow, M$ is actually forcing me to move from Windows.

    ומה חשבת, הם זבל

    M$ will try to force everyone to accept their $#!+.

  21. acpiper April 27, 2017 at 4:27 am #

    My issue: I got fed up with the QNAP interface on my 5 disk NAS so decided to build my own. Found a case which required a mini-itx motherboard. Originally, I wanted to use my existing hardware (atx or mini-atx motherboard and my sandybridge i5), but could find nothing to go with that case (fits 8 x 3.5"HDD and 3 x 2.5 HDD/SSD AND has an .m2 PCIE slot, to boot). So, I bought a new Gen 7 i5, RAM, and compatible motherboard. I wanted to install some Linux-based NAS software (FreeNAS, NAS4Free, Amahti, etc), but I couldn't make the software "see" my .m2 boot disk. Since I still had an existing Win 8.1 license I decided to use it. That installed just fine - I wasn't aware - yet - that there would be issues with this new hardware until the warning appeared following the initial massive updates. Since it is a NAS, though, I'm not overly concerned about the update blocking, but I'd like to find out if we can remove the warning message.

Leave a Reply