Microsoft halts security updates for select AMD devices
Microsoft released an out-of-band security update for Windows on January 4, 2018, to fix vulnerabilities known as Spectre and Meltdown.
It turns out that the update caused a blue screen of Death on Windows 7 machines running specific AMD hardware. The PC would not boot anymore, and even SafeMode was not accessible. We published a workaround to regain access to affected devices (by removing the update using the repair console).
Microsoft published KB4073707 today which confirms the issue. The company notes:
Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates.
The investigation revealed that affected AMD chipsets did not "conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown".
Microsoft halted update delivery for affected AMD processors as a consequence to work with AMD on a patch for affected devices that resolves the issue without putting devices in the boot loop.
Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible.
The company added a new "known issue" to each of the patches that inform customers of this. The following Windows updates are blocked for affected AMD devices:
KB4056897 (Security-only update)
- KB4056894 (Monthly Rollup)
- KB4056888 (OS Build 10586.1356)
- KB4056892 (OS Build 16299.192)
- KB4056891 (OS Build 15063.850)
- KB4056890 (OS Build 14393.2007)
- KB4056898 (Security-only update)
- KB4056893 (OS Build 10240.17735)
- KB4056895 (Monthly Rollup)
The support article links to guides for Windows 7, Windows 8 and Windows 10 to resolve blue screen errors on the systems. The guides are generic and don't address the issue at hand specifically.
It is interesting to note, however, that all supported versions of Windows are affected and not Windows 7 exclusively.
Microsoft identified incompatibilities with a small number of antivirus programs as well. Incompatible products may cause blue screen errors on patched systems, and Microsoft paused update delivery for systems with incompatible antivirus solutions.
Windows PCs with affected AMD processors will remain unpatched until Microsoft releases a working patch for these devices. It will be interesting to see how Microsoft handles today's Patch Day considering that updates are cumulative in nature.