There's a way to undo the damage caused by Microsoft's update blocker

GitHub poster releases patch files that repair Kaby Lake and Ryzen PCs that Microsoft blocked from Windows Update

Last week Microsoft released a series of patches for Windows 7 and 8.1 that disabled Windows Update on certain computers. The stated intent is to force those with newer hardware to use Windows 10. Unfortunately, a few older PCs were also caught in the dragnet. Now there’s a movement afoot, led by a GitHub poster, to bypass that Update block.

Let the whack-a-mole begin.

As I explained last month, this situation started when Microsoft declared it wouldn’t support Windows 7 or 8.1 on computers running Intel’s Skylake processors. A few weeks later, Microsoft backed down and said it would support Win7 and 8.1, but only on a specific subset of Skylake-based PCs—and only until this year. Faced with more jeers from the peanut gallery, Microsoft backed down again and said it would require Windows 10 on newer Kaby Lake and Bristol Ridge processors, but left open the question of which older Intel and AMD processors would get zapped.

Last week we got an answer of sorts. Windows 7 and 8.1 customers with newer Kaby Lake and Ryzen processors who installed this month’s patches were greeted with an announcement that Windows Update on those computers was disabled entirely.

unsupported hardware IDG

There were two little problems.

First, as Microsoft has since admitted, some PCs that weren’t due for this special treatment got shut off as well. It seems that computers identified by Microsoft as “AMD Carrizo DDR4” weren’t supposed to get slammed, but were.

known issues IDG

There’s some question about that “Carrizo DDR4” nomenclature, as AMD calls the analogous DDR4 APUs Merlin Falcon. Still, if you run Speccy on one of the mistakenly gutted PCs, I'm assured it’ll report a Carrizo DDR4 chip.

Second, users aren't told in advance which computers are going to be hit with the update blockade. The only way to find out if your recent PC is affected is by running the update and seeing what happens. Keep in mind, Microsoft is summarily blocking Windows Update on these PCs even though many people report that Windows 7 works fine on them. Intel even has official USB 3 driver support for Win7—a commonly cited reason for restricting newer processors to Win10.

Take that, update blocker

Now a GitHub user named Zeffy has posted a detailed analysis of the way Microsoft implemented the blockade, along with a collection of patch files that undo the damage. The patch files work by directly modifying the Windows Update engine, wuaueng.dll. Binary modifications to system files is a time-honored but risky way to circumvent Microsoft’s restrictions. 

Initial reports on the AskWoody Lounge universally declare that Zeffy’s hack will undo the damage wrought by this month’s patches. But as Zeffy warns:

You have to apply a new patch whenever wuaueng.dll gets updated.

SFC scan errors will most likely occur as it will believe the integrity of the system has been compromised.

In other words, if you run a System File Check it’ll detect the changes made to wuaueng.dll and, if given the chance, “repair” the program by substituting an older, intrusive version.

Why is all this such a big deal? Many advanced Windows users don't trust Windows 10 and want to run Windows 7 (or rarely 8.1) on newer, faster hardware. Microsoft has instituted a draconian procedure—cutting off Windows Update—to "entice" those users to get the Win10 religion. Innocent bystanders are unlikely to get caught up in this conflict: Those who buy new machines get Win10 automatically, and installing Win7 on newer hardware can be a difficult exercise. But there's a vocal and very educated minority who want their Win7 stability at high speeds.

We still don't know which processors pass muster. Microsoft has passed the buck, by listing manufacturers that supposedly support Win7 on their older Skylake PCs. I haven't (yet) heard of any Skylake machines that ran afoul of the Windows Update block, but there's no written guarantee that Skylake will remain immune. AMD-based systems continue to be a mystery.

In my opinion, this is another manifestation of the "Get Windows 10" syndrome: Microsoft's heavy-handed approach to forcing Win7 and 8.1 users to Win10. The approach works with naive users, but more experienced Windows customers need to be wooed, not pushed.

As Lounger abbodi86 notes:

Next Patch Tuesday will most likely have newer WUA version (to solve that AMD Carizzo thing) and running SFC check will revert to the original file. I think a more “professional” approach would not be hard to create/implement, e.g. using an in-memory patcher without altering the Windows Update files. You can use a well-known Windows feature to redirect Wuaueng.dll through registry, with HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

A look at the new May 2017 Monthly Rollup preview, released two days ago, reveals there is a new wuaueng.dll ready to be rolled out.

So the whack-a-mole goes on.

Discussion continues on the AskWoody Lounge.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon