Search begins for workarounds to Microsoft's Win7/8.1 on Kaby Lake/Ryzen patch ban


Microsoft is carrying through on its threat to actively  on the latest Kaby Lake and Ryzen processors. Some folks are looking for ways to get around the block, and they appear to have had some success.

We knew this day was coming. A  from Microsoft that “Windows 10 will be the only supported Windows platform” on Kaby Lake and Ryzen processors re-emerged last week. A  reported that folks who had the nerve to use Windows 7 or 8.1 would be blocked from updates if their PCs had the latest Intel Kaby Lake or AMD Ryzen processors. 

The blogosphere understandably went wild, even though nobody at that point had actually seen the block in action. That has now changed. Yesterday  on AskWoody submitted screenshots of his attempts to install the “March 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems” (KB4012218) on his Kaby Lake PC.

no more windows 7 updates 2InfoWorld

Of course I’ve long railed against installing Previews, and you’d be well-advised to avoid them, but the deeper question is what actually happened?

says this Preview:

Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.

This is all well and good, but how does the detection work? Has Microsoft effectively blocked all security updates on Kaby Lake and Ryzen processors, or is it making life difficult for those users of the new hardware who want to stick with Windows 7 or 8.1?

Poster :

The Preview Rollup itself block future usage of Windows Update on these processors, not that WU blocked Preview Rollup 🙂. All future rollups will have this restriction, so i guess it’s a lost cause. Manual installation (through dism, not msu) seems to be working fine

In other words, by installing this Preview Rollup (and presumably all future Monthly Rollups), Windows Update itself has been changed, so it won’t work on Kaby Lake and Ryzen systems. Once the Preview Rollup is installed, Windows Update turns belly up, with a “could not search for new updates” message.

”). It isn’t clear to me what will happen when you try to run an MSU file directly, after installing KB 4102218 (or 4102219, the analogous Preview for Win 8.1). We probably won’t know for sure until the security-only patch for April appears.

Using the DISM command to install security patches would be a bit convoluted, , if worse comes to worst.

It also isn’t clear to me if the Windows Update MiniTool (see ) will continue to work, or if it can be modified to work. Poster :

This is an excellent question and the implications are very subtle.  WUMT uses the Windows Update agent already installed, but can use any agent, without forcing an upgrade, as WU would do for example with 7.6.7600.256 being upgraded to 7.6.7600.320. I do not endorse this approach of not allowing the normal WU mechanism to complete, but it is a very interesting path to investigate. 🙂

If you’re thinking about using WUMT, please note .

Finally, it also isn’t clear to me if uninstalling KB 4012218 (or KB 4012219) will restore Windows Update to its original functionality. For years I’ve resisted disabling Windows Update and the wuauserv service. Windows Update and Microsoft Update pick up patches that manual scans frequently overlook, including IE and .Net patches, and many more subtle fixes. Updating Office without Microsoft Update would take the patience of Job.

Some folks disable Windows Update to shut off the flow of unpredictable patches. But if Microsoft itself is going to disable Windows Update, who am I to argue?

Look for the latest test results and head-scratchings on the .