The error you get when doing updates on the Kaby lake is obvious. Extremely obvious. The WSUS option should get you squared away.
My Ryzen system pulls it windows update whenever there is one.
Apparently they haven't stopped them yet, but they did announce they will stop it some time (for 7 and 8/8.1 only obviously).
It is fine.
Hey, I learned how to inject drivers into ISOs in the process of building this rig.
2 Likes
Yeah, stop that Windows Update and start the WSUS.
1 Like
This has been the status quo for quite some time. It's as simple as those OSs are at the bottom of the priority for their update servers. Keep trying, if it doesn't eventually work you may need to manually install some key updates before the update function will work.
I should note that it can take 3-4 days...
They've stopped them. I have a full thread here somewhere about testing patching on an affected processor. After you install the malware KB.
1 Like
Ah well good to know, but just out of curiosity, the updates keep coming if you don't install the update responsible?
/edit
OK found it
The patch can be uninstalled as well but we don't have any post-KB4012218 patches to see if those will patch without KB4012218 installed or not.
guess that answers it 
Well that's my preliminary findings. I'm assuming,m since Patch tuesday last week, that the new patches will not install without KB4012218 installed (I call it malware KB.) It's been on my list of things to test but I've been swamped with other things.
Here's the more detailed spiceworks thread:
Edit: It's also worth noting that MS seems to be strong arming 3rd party patching companies to support their stance as well.
1 Like
I had the same issue with Windows7, searching for updates is searching forever.
This issue is allready there since the launch of Windows10 in 2015.
MS does indeed cripple the update services in other Oses.
You have to install an update for the windows update service.
Unfortunatlly allot of telemetry gets backported aswell.
Basiclly the best way of creating an up to date Windows 7 or 8.1 OS,
is simply download all the security related KB updates manually,
and then slipstream into a fresh iso.
But thats a shit ton of work.
1 Like
Just went through this with my own fresh new install of 8.1. Give it about a day or two to just download the updates on it own just set it to 'Check for Updates but to allow you choose updates'. Now when you do get a notification to install updates DON'T install them all one at time one of those dam updates left my system hanging for a day.
Also before you install anything just make a system restore just in case.
Lucky for me, I made a system restore ahead of time then installed 5 updates at a time.
You have a guide for that? I wanna try that
Installing updates is a pain the ass if you want to check each one bye hand and that just takes too long.
I think with the Optional Updates i might just go F it and not bother with them even tho Microsoft claims some of those updates are "Recommended Update" so i'm not really sure about those ones if there the only ones worth updating in the Optional Updates.
Thanks all for passing on some advice.
http://www.nliteos.com/index.html The software to customize windows based OS.
And then follow this guide: https://www.youtube.com/watch?v=NEAHuHbwzxA
I did some more modifications, but that is basically it. Then Win7 knows how to USB 3.1 and you are golden.
1 Like
Teah all of my systems non-10 can't update either except on the old update system for xp and 2k. Its more thank likely that thisbis just more shit they are pulling. Everyone wants to argue that you can use an older version of wjndoss, and yeah, you can, but its only a matter of time before that install explodes or gets ransomeware or some other stupid shit. If they really have killed the updates for the older systems now then I wonder what people will do when steam isn't on 10 in a few months that will be hilarious.
Optional updates dont really matter that much.
Security updates is what mainlly matters.
I think there is a certain update you could install manually,
that should fix the long search for updates issue.
But i forgot the exact KB number, i have to look it up.
No problem and thanks for that.
Yeah that's what i thought about the Optional updates.
So it seems that the update blocking aren't affecting only the newest processors.
1 Like
I have a Z97 motherboard as well which multiboots from Windows 7/8 and Mac and never had any issues retrieving updates on that platform. I highly doubt M$ is blocking updates on that platform.
I have not tested it, but it looks like there is a workaround on github that involves xdelta patching the windows update engine DLL (wuaueng.dl) to bypass the processor detection code.
It is actually just a batch script. Here is the core logic:
net stop wuauserv
takeown /F "%WUAUENG_DLL%" /A
icacls "%WUAUENG_DLL%" /save "%ACL_TEMP_FILE%"
:: Administrators group SID
icacls "%WUAUENG_DLL%" /grant *S-1-5-32-544:F
move "%WUAUENG_DLL%" "%BACKUP_FILE%"
"%XDELTA3_EXE%" -d -s "%BACKUP_FILE%" "%DELTA_FILE%" "%WUAUENG_DLL%"
if errorlevel 1 (
set "THERE_WAS_AN_ERROR=%errorlevel%"
move /Y "%BACKUP_FILE%" "%WUAUENG_DLL%"
)
:: "NT Service\TrustedInstaller" SID
icacls "%WUAUENG_DLL%" /setowner *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
icacls "%SYSTEM32_DIR%" /restore "%ACL_TEMP_FILE%"
net start wuauservSo stop Windows Update service, take ownership of the file, patch it, restore permissions and then start WUS again. There's some error detection to improve reliability as well. The .bat could easily be modified to make patching automatic instead of requiring user input since it soft-fails.
So... maybe running the code in a .bat every time the computer starts up would negate the existence of KB4012218 in a way that is transparent to the end user?