Microsoft pulls the security update KB4524244 for Windows 10
Microsoft published a standalone security update for Windows 10, KB4524244, on the February 2020 Patch Tuesday. The security update addressed "an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability" according to Microsoft.
The update was released for Windows 10 versions 1607 to 1903. Cumulative updates installed on February 11, 2020 or any other update installed on that day are not affected by the issue according to Microsoft.
Confirmed user reports about system freezes, boot problems, and installation issues started to emerge after the release of the standalone update; Microsoft made the decision on February 15, 2020 to pull it from Windows Update, WSUS, and the Microsoft Update Catalog website.
Tip: we have published a guide on installing Windows updates manually.
The company updated the support page on February 15, 2020 to inform its customers about the decision:
This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
Microsoft does not detail most issues that users may experience. The known issues section is vague as well but it highlights one issue that users may run into. According to the description, the operating system's "Reset this PC" feature may not work correctly after installation of the update. Affected users get "there was a problem resetting your PC" error messages during the process.
Reset this PC is used to reset the PC to a baseline. Customers are asked to remove the update KB4524244 from devices if they are affected by any of these issues.
- Select the start button or Windows Desktop Search and type update history and select View your Update history.
- On the Settings/View update history dialog window, Select Uninstall Updates.
- On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
- Restart your device.
Reset this PC should work again after the problematic update has been removed successfully from the machine.
Note that Microsoft has not updated (some?) localized versions of the support page yet. The German page does not contain the update; this once again shows that users and administrators need to consult the English version of support pages to make sure the information is up to date.
Now You: did you install the update? Are you affected by the issue? (via Bleeping Computer / Born)
Offering a rootkit posing as a security update is nothing short of a security breach and cause everyone to re-evaluate using M$ product.
Microsoft says:
Reset this PC is used to reset the PC to a baseline. Customers are asked to remove the update KB4524244 from devices if they are affected by any of these issues.
1. Select the start button or Windows Desktop Search and type update history and select View your Update history.
2. On the Settings/View update history dialog window, Select Uninstall Updates.
3. On the Installed Updates dialog window, find and select KB4524244 and select the Uninstall button.
4. Restart your device
Just exactly how do you “Select the start Button” when the system freezes at bios level?
You cannot uninstall KB4524244 until you reboot after the original installation…. if this patch is going to blow away my user profile, this doesn’t seem like a reasonable solution.
I successfully installed KB4524244 on February 12, and since then, my PC froze on two different days, leaving me with a blue vertically-lined screen the first time and a blank white screen the second. This never happened before, and I hope it’s not the computer breaking down. I will uninstall the update, hoping for the problem to be solved.
Thanks, Martin, for all the great professional advice you are giving to keep us safe out there in cyberspace!
Following the latest F ups by our favorite trillion dollar cap company on Ask Woody is rather funny. I totally give up on MS, they’re too big and too old to get out of their own way, may as well laugh over them existing for themselves.
I have lots of sympathy for general users who just want their devices to work for two months in a row but MS’s regard for customers is so pathetic, “Put it out there, they’ll find the problems,” followed by excuses that make no sense at all, I doubt their garbage can out the window approach will change.
Exact on February 12nd, 2020.
I been wondering why my Motherboard got destroyed.
1. [Me] Turn on.
2. [Computer] Shutted down for 2 secs.
3. [Computer] No Boot option, No Message, Display is fine, No BIOS.
Thanks, Microsoft.
If you have no BIOS it is more than likely not Microsoft.
I’m still on hold waiting to speak with Microsoft tech support for Windows 3.1
Tick….tick….tick…tick…
Losers. Just disable win10 update
Thanks, Great BUG10.
And they wounder why lots people are moving to linux what a joke.
My windows search is not working. Today right arrow key and down arrow key also stopped working. Don’t what Microsoft keeps on doing with windows 10.
I have problem with shutdown, picture and sound, video card, not PC, but after, start reboot, fans, lights stay on???
Well this is such a frequent occurrence anymore I just come to expect it.
I have the real fix guys…to all your problems..really: Uninstall Windows 10 and all your problems should be solved.
Smartest thing i ever done. I enjoyed it also.
Glad I still use Windows 7. Windows 10 is a disaster.
@Anonymous
Windows 8.1 + Classic Shell > Windows 7 > Windows 10
Microsoft has removed KB 4502496 too and should remove the horribly buggy KB4532693 as well.
In short, Microsoft should scrap the whole Feb. 2020 update.
I like cake.
neowin.net re KB4524242 says “It might not be worth uninstalling though. If your PC installed it automatically and you didn’t notice, then you’re not experiencing the installation issues. And if you go to reset your PC, you can always uninstall the update at that point if you need to. Either way, this fix will end up being bundled into a future update.”
I chose to uninstall KB4524242 even though it was causing no obvious problem on Win10 1909 for me.
Wouldn’t install for me, even manually. I figured it was because I was dual booting and didn’t have an MSR partition. Backed up my linux partition, wiped the whole disk and a fresh install saw the install go through flawlessly.
So, my linux install gets its own nvme SSD.
I thought my laptop had a hardware failure. Froze while using it. Had to reboot it 3 times before it loaded Windows. Then I looked at the settings and saw that it was trying to install an update.
Installed the update, rebooted, no problems. The problem was when it tried to download it automatically (for me).
HP laptop
Oh, great, it got installed automatically without asking me, then worked fine (Intel-processor). Do I really need to unistall this creepy patch now?
Oops, I checked my ‘update history’ to see if I had this particular update…aw shucks…80% of the patch Tuesday updates it listed a few days ago have vanished into thin air, so I don’t know whazzup now. Open ‘uninstall updates’?…no dice…just lists definition updates starting days and days ago. Dis microsoft windows updates bicycle done be broke…and buyer he left holding a screwed up bunch of pieces in his hands.
I’m confused as to why people had that update installed in the first place. It seems to me to be only common sense to delay installing updates for as long as Microsoft allows it (or then use the various delaying tactics such as saying you have a metered connection to postpone them even further) except perhaps in the very rare case that the update actually has something useful. Why be a beta tester if you don’t have to be one?
WU installed KB4524244 for me on 2020-02-14 without apparent ill effect for Win10 1909. I uninstalled it and manually restarted 2020-02-16 per this post without apparent ill effect.
Edge Chromium was freezing on me.maybe this is why.
LOL @ BadToad.
Everyone here is stupidly not patching their systems (newsflash, the moment Microsoft patches a security vulnerability, everyone on the web is free to talk about the security vulnerability & post proof of concept [if it’s not already being exploited in the wild]), but they’ve stupidly installed Blink Edge & then complain about problems with Blink Edge (when they should have let other tards beta test it for a few morre months).
If Microsoft thought Blink Edge was ready to release to the plebs, they would have released it to everyone, instead to keeping the majority of Windows 10 users on EdgeHTML Edge. But they haven’t. Let that sink in.
Meanwhile, to everyone who doesn’t patch their systems, good luck when you’re malware infested computer becomes the “cloud” storage for some pedo & the police raids your home, arrests you, & confiscates your computer. Hopefully, the police will eventually figure out that you’re not a pedo, but everyone will label you a pedo until your name is cleared.
Fearmongering much do You ?
I run by default the latest Edge DEV under Win10 1909 and have no problems.
I don’t have this update on LTSC ¯\_(ツ)_/¯
I’m so envious of you Enterprise/Volume licensing and LTSC folks and those Windows 10 variants where updates can actually be end user managed, and that includes telemetry/bloatware management as well. I’m on a brand new laptop and on W10 home and have not yet learned how to even delay KBs for the minimal amount of time.
So I was unable to follow any of Woody’s DEFCON guidance for that month as the laptop was purchased just one day after the Feb 2020 patches dropped. Now I kept the laptop offline to get that local login account but I did connect after the complete first start up/initialization was complected and once connected that the start menu lit up line that alien scout ship’s controls once the alien mothership was in range.
But I still have the patch installed but I do not think that that patch is behind any of the install issues that I’m having as that’s more to do with the laptop OEM’s terrible system management software where some of the OEM’s system management software packages have a UWP App front end that has to be installed separately from any underlying service that the UWP App requires to interact with the OS/System.
I suspect that it’s more than likely it’s related to the end users being required to download a package and then extract the files and manually install the service via the command line before installing the UWP front end that provides the UI/Interface for the user to access the back end service such as laptop keyboard’s LED back-lighting management features(Change color/etc and other non essential features).
But I did make a full Windows 7 Style System Image backup of the laptop’s Windows 10 OS/Related partitions and everything else as well and I also made the Windows 10 USB flash stick recovery media that took a little over 14GB space on the USB stick’s 16GB total capacity. So if things do not boot properly I can remove that KB from a recovery session and fix any collateral damage. I just hope that the USB drive recovery media at least contains copies of my laptop’s needed OEM/Hardware drivers even if the usual user folders/file are not included on the recovery media and that the System Image backup that I made(Windows 7 style) will have everything though so I’m safe there.
@Tux
Can’t be done, upgrade to Pro. Seriously. Cheap, real, licenses on ebay.
Unless you can legally use LTSB or similar.
Trying to fix Home, especially with a number of utilities, comes with a high chance of wrecking it, followed by a reinstall, back to square one.
After an upgrade to Pro, learn gpedit and the firewall; the difference is (used correctly for a change) amazing!
The author wrote, “The update was released for Windows 10 versions 1607 to 1903”.
However, the update also apparently affects 1909 as well.
Well that explains the issue on one of the rigs. Didn’t bother the others. Pulled from all though.
Thanks for the info Martin
HaHa. I use Arch BTW.
As I have stated in the past, I avoid installing MS’ awkward security fixes (something *might* happen and it *could*…) that will do little to improve our actually security but always come with the risk to blow up your system.
Given how frequently it happens I don’t understand why MS has never expanded the shadow copy feature of NTFS into a proper, easy-to-use snapshot system. If it fails to boot, it could just offer you to load a previous state of Windows. All it would take is a separate Windows partition, and a OS-level seperation between the OS/drivers and application, including the registry data.
Microsoft always has the technology to make things work, and refuses to use it. In XP, you could tag any file with metadata attributes (stored in an NTFS alternate stream); starting with Vista, Explorer heavily uses such meta information (title, date taken etc) but the ability to tag every file wasn’t merely removed, the built-in property handler even doesn’t allow you to edit a PNG’s information. Which makes tagging JPEGs almost useless because the second-most common image format won’t show up in the library folders anyway. You can tag JPEGs with “Windows 10” and access these files; any screenshot or other pictures saved as PNG won’t work.
Oddly enough, this is why I never install updates the moment they are released. Wait a week first of all to let any bugs emerge, and if there’s no reports of any issues after a week then the update is allowed onto my PC.
@Davey–Amen! At least one reader figured it out. The XP days are long ago and, most likely, will never return. During the halcion era of XP and even Windows 7, a user could download and install updates; the mind set then was to make sure the system was updated.
Now, however, tech sites like Ghacks and Beta News and even Lifehacker push users into thinking their systems are vulnerable to all sorts of malware if the current patch Tuesday or emergency patch isn’t installed.
And that’s the problem; anyone running Windows 10 knows, automatically, to not install any updates for at least one week if not longer–say two or three. In the meantime, make sure other security software is up-to-date and working.
I think Martin may be the only tech writer who lists the updates but mentions in “blazing sunset red” to make a system image, not a system restore point, but a full system backup if a user trusts MS enough to install patches.
In fact, Martin may be the only writer who says to do the same thing before trying any software.
This update blacklist some Kaspersky bootloader, which allow to silently bypass SecureBoot.
More info: https://habr.com/post/446238
Wait… Microsoft released a buggy patch for a known security issue, then pulled the patch, and now won’t release a fixed version, thus knowingly leaving Windows 10 users vulnerable?
And if you don’t happen to read English (like most of the world), Microsoft doesn’t even inform you of this in a timely manner?
It’s not a Windows 10 vulnerability, or Windows vulnerability at all. Read my comment below.
MS signed a shitty Kaspersky bootloader which allows you to bypass SecureBoot.
Thus, UEFI forum should to block this bootloader, and operating system vendors are the fastest way to deliver blacklist to user PC.
Unfortunately, the UEFI forum did not respond even after 10 months….
.ÑŽÑŽ
“Unfortunately, the UEFI forum did not respond even after 10 months….”
They don’t respond to to requests to remove government backdoors.
“They don’t respond to to requests to remove government backdoors.”
Wow, you’re buying into all the Russia bad BS. Well done you.
Loyal to only you, up your sleeve
I want some, of all of you, trickin’ me
First it giveth then it taketh away
First it giveth then it taketh away
First it giveth then it taketh away
First it giveth then it taketh away
I had this update on my 3 computers and not problem but i unistalled it
Not very smart. If it causes no problem no need to uninstall.
Even smarter, if you don’t have any bugs affecting you or compatibility issues don’t update at all. The new “features” MS has released over the past two years have either been useless for most people, half finished and broken, or self serving to MS and bad for the customer. Windows update is like playing Russian Roulette.
Aww, poor Mikey messed up again… Which time is it now? The 82,719,274th?
Great:
The first thing we are always told is : ” always keep your updates current” which I have done religiously . Now I hear that its not a good idea and in some cases its not worth the risks to update . How is the average computor user suppose to be able to seperate the wheat from the chaff? I have yet to experience any ” obvious “problems resulting from this update or any of the others for that matter .
You were never told to update blindly…EVER. This goes all the way back to their first Windows NT Server. You ALWAYS need to proceed with caution. Have ACTUAL working backups. Always run the update on one server first, to see if the update has any issues, and then when you are finally confident (week, weeks, months), THEN you update the rest of your servers. Having a test server is recommended by Microsoft, so that you can test the update “IN YOUR ENVIRONMENT”, and see if it is stable, etc.
Don’t ever update blindly, that’s a mistake.