Search begins for workarounds to Microsoft's Win7/8.1 on Kaby Lake/Ryzen patch ban

As threatened, Microsoft is actively blocking Windows 7 and 8.1 updates on newer hardware, but users report some success in getting around the ban

Microsoft is carrying through on its threat to actively block Windows 7 and 8.1 updates on the latest Kaby Lake and Ryzen processors. Some folks are looking for ways to get around the block, and they appear to have had some success.

We knew this day was coming. A year-old threat from Microsoft that “Windows 10 will be the only supported Windows platform” on Kaby Lake and Ryzen processors re-emerged last week. A thread on Reddit reported that folks who had the nerve to use Windows 7 or 8.1 would be blocked from updates if their PCs had the latest Intel Kaby Lake or AMD Ryzen processors. 

The blogosphere understandably went wild, even though nobody at that point had actually seen the block in action. That has now changed. Yesterday poster dave1977nj on AskWoody submitted screenshots of his attempts to install the "March 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems" (KB4012218) on his Kaby Lake PC.

no more windows 7 updates InfoWorld
no more windows 7 updates 2 InfoWorld

Of course I’ve long railed against installing Previews, and you’d be well-advised to avoid them, but the deeper question is what actually happened?

The Win7 update history page says this Preview:

Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.

This is all well and good, but how does the detection work? Has Microsoft effectively blocked all security updates on Kaby Lake and Ryzen processors, or is it making life difficult for those users of the new hardware who want to stick with Windows 7 or 8.1?

Poster abbodi86 sheds some light:

The Preview Rollup itself block future usage of Windows Update on these processors, not that WU blocked Preview Rollup 🙂. All future rollups will have this restriction, so i guess it’s a lost cause. Manual installation (through dism, not msu) seems to be working fine

In other words, by installing this Preview Rollup (and presumably all future Monthly Rollups), Windows Update itself has been changed, so it won’t work on Kaby Lake and Ryzen systems. Once the Preview Rollup is installed, Windows Update turns belly up, with a “could not search for new updates” message.

Abbodi86 also says that in the future, Kaby Lake and Ryzen customers won’t be able to install the regular monthly security-only patches by manually downloading the month’s MSU file from the Microsoft Catalog and running the MSU file (an approach I call “Group B”). It isn’t clear to me what will happen when you try to run an MSU file directly, after installing KB 4102218 (or 4102219, the analogous Preview for Win 8.1). We probably won’t know for sure until the security-only patch for April appears.

Using the DISM command to install security patches would be a bit convoluted, but possible, if worse comes to worst.

It also isn’t clear to me if the Windows Update MiniTool (see Martin Brinkmann on ghacks) will continue to work, or if it can be modified to work. Poster ch100 says:

This is an excellent question and the implications are very subtle.  WUMT uses the Windows Update agent already installed, but can use any agent, without forcing an upgrade, as WU would do for example with 7.6.7600.256 being upgraded to 7.6.7600.320. I do not endorse this approach of not allowing the normal WU mechanism to complete, but it is a very interesting path to investigate. 🙂

If you’re thinking about using WUMT, please note this caution.

Finally, it also isn’t clear to me if uninstalling KB 4012218 (or KB 4012219) will restore Windows Update to its original functionality. For years I’ve resisted disabling Windows Update and the wuauserv service. Windows Update and Microsoft Update pick up patches that manual scans frequently overlook, including IE and .Net patches, and many more subtle fixes. Updating Office without Microsoft Update would take the patience of Job.

Some folks disable Windows Update to shut off the flow of unpredictable patches. But if Microsoft itself is going to disable Windows Update, who am I to argue?

Look for the latest test results and head-scratchings on the AskWoody Lounge.

5 tips for working with SharePoint Online
Shop Tech Products at Amazon