I ordered a workstation today to test this functionality, which is live now, since we're probably buying 100 computers in the next month or two and we may be highly affected by this change. I'm waiting to hear back from our external patching vendor (Dell K1000) to see if they'll circumvent this change. Additionally I'm waiting to test WSUS and it's ability to bypass the change but so far I've found that deleting KB4012218 should allow you to continue patching. I don't have a way to verify this right now but you can read the associated information with this KB here.
There's been no concrete evidence to state that so far. Our patching vendor may have the capacity to circumvent since they pull the patches apart and push them out individually. The WSUS may or may not, I'm leaning on not, but WSUS has helped circumvent other issues in the patch. I.e. atm after checking for additional approvals I'm not even seeing the above stated KB in our WSUS. I'm thinking it may only affect workstations that pull updates directly from microsoft.
So yes, uninstalling that update should allow you to keep installing security patches on Ryzen and Kaby ... until Microsoft figures out what everyone is doing and makes KB4012218 a prerequisite for any further security patches.
A member on LTT reported that he couldn't even log into Skype with the update installed. Once he uninstalled it, everything was fine again. If that's true, this goes way beyond just blocking updates. They really are trying to make life impossible for people who want the latest hardware on Win7 or Win8.1 .
Yeah users will find ways to keep fighting back for a while at least. Chances are Microsoft could be satisfied with scaring away the regular home users and won't spend too much resources on preventing this. On the other hand if one puts together a system for running some particular software under Windows 7 for a year or so, patches might not be very necessary in the first place? There are plenty of workstations out there already with updates disabled.