Microsoft's decision to block security and non-security updates on customer PCs running Windows 7 or 8.1 (or the server variants) with "next-generation silicon" is as customer unfriendly as it gets.
What makes this all the more problematic is the fact that Microsoft's detection routines, those that identify the processor of a PC to determine whether updates will be blocked or allowed, is flawed.
We already talked about some "old generation" processors being caught in the crossfire before. Windows users reported that PCs with AMD Carrizo processors were blocked from installing updates even though that should not have happened according to Microsoft.
It was clear then that Microsoft screwed up the identification of processors. Now, a story on Infoworld highlights that AMD Carrizo systems are not the only ones caught in the crossfire.
Woody reports cases of Dutch computer users whose machines were updated-blocked by Microsoft.
The processors of these machines? A nearly decade old Intel Pentium Dual Core E5400 2.70GHz CPU, and a Celeron J1900 from 2013. There is even a report from another user who got updated-blocked by Microsoft after replacing a graphics card with an AMD Radeon RX480. If true, it would suggest that the detection cannot even get that right, or includes graphics cards as well in determining which customers to serve with updates, and which to block even though Microsoft did not mention that at all.
Microsoft lists only the following three processor generations when it comes to update-blocking:
As time goes by, more and more Windows users will upgrade the processors in their machines. While the number of users who will upgrade the processor of a PC is relatively small when compared to users who purchase new PCs instead, it is still a sizeable number that will run into the update-blocking issue.
Microsoft's decision to block its customers from receiving updates on supported machines is as customer unfriendly as it gets especially since the block includes security updates and patches as well.
The situation is even more dire for users whose PCs are falsely flagged as next generation processors when they are clearly not. Without security patches, PCs remain vulnerable to vulnerabilities that could have been patched.
Who is responsible then for any damage done when attackers manage to exploit these already patched vulnerabilities on PCs that are update-blocked by Microsoft?
Customers are not informed by Microsoft, through Windows Update for instance, that installation of a particular patch will break updating on the PC deliberately. Microsoft should at least inform users about that prior to enabling the blocking on the PC.
Windows users who experience the issue -- that their PC won't receive any more patches despite its operating system being supported by Microsoft for years to come -- have two options right now to deal with the issue.
First, there is a bypass for Windows Updates being blocked which requires you to patch a system file. The method seems to work right now, but may require further patching when Microsoft alters files responsible for identifying processors, or adds more protection mechanisms to the whole process.
Second, Ask Woody lounge member Mr Brian highlights a manual option on how to install patches on blocked systems. This involves some uninstalling and installing of updates, and may take a bit of time and research on your part to get right.
There is also the option to switch to another operating system, for instance a Linux flavor.
I think that Microsoft went too far with this, and should reconsider the whole approach. Considering that Windows 7 and 8.1 operating systems are still supported by Microsoft, the company should honor this by providing patches to all customers on those systems for as long as the operating systems are supported.
Yes, this may require more testing and maybe some tweaks for some of the patches, but it is the right thing to do.
Now You: Should Microsoft reconsider, or can you understand the company's decision?Advertisement
If you like our content, and would like to help, please consider making a contribution: