Return to Level1Techs.com

W7 Updates on Kaby Lake post KB4012218

I've got a long post on this while I'm testing this on spiceworks and I'd be more than happy to migrate all the images and such over here so anyone interested can review what I've done so far, but the TL;DR (for now) is:

WSUS does not appear to circumvent the requirements

3rd Party patching may circumvent (using K1000 for testing)

KB4012218 is a recommended (for now) patch so if you do not install recommended you may or may not be affected by this (for now)

The patch only affects detecting patches from WSUS, not installing

The patch can be uninstalled as well but we don't have any post-KB4012218 patches to see if those will patch without KB4012218 installed or not.

2 Likes

2 weeks until Patch Tuesday. We'll know then.

Even if you can still get security updates without KB4012218, it's only a matter of time before MS notices that too many people are doing so. At that point they'll either make KB4012218 a prerequisite to all security patches or they'll quietly put the processor identification part into a security patch.
They already put Win10 ads in a security patch (KB3139929) before, so I really wouldn't be surprised if they handled it that way.

off-topic : I just realized that I didn't even have to look at your post to write the KB number. It's like 3035583 all over again.
You know it's bad when people remember the KB numbers off the top of their head.

Yeah I completely agree, which is why I said "for now". MS is either going to be satisfied that the majority of the home community will be forced to move up or they are going to be pissed that -some- people are circumventing the process and close it down. I think there will probably always be a way to circumvent though.

Edit: And I think 3rd party solutions will always be able to install correctly. I don't think those will be able to get locked down.

1 Like

Well they allready backported telemetry tracking as in Windows10 back to Windows7 with those rollup patches.
So people who are sticking to Windows7 because they dont want anything to do with the telemetry sheninigans of Windows10,
it will get them just as far.

Oh absolutely, but telemetry is just one of the many reasons why people prefer to stick to Win7.

Yes of course, i personally have manny reasons to stick with Windows7.
But yeah MS is doing everything to get people on Windows10.
Like locking newer systems out of updates and that kind of bullshit.
Technically they should get sued for this.
People who have boaght retail licenses of Windows7 and 8.1, should get their extended support they have payed for, regardless on which hardware they are.
I think that Windows7 and 8.1 still has extended support until 2020 or so?

Well, windows 7 has lost mainstream support but 8.1 still has it. So MS is not legally bound to provide support for win 7 but it is for 8.1. As for security patches MS can most likely say that Ryzen or kaby lake are new systems so they can't provide it (irrespective of whether the processor is actually relevant). It has to for 8.1 but the 8.1 userbase is not big so maybe that's why no one has yet filed a case against MS.

Yeah fair enough.

I suppose MS will have their ways arround it.
Never the less its still a shitty move i think.
But from their marketing standpoint i get it.

Just some clarification:

My 3rd party patching solution (K1000) was patching the workstation perfectly fine until I stopped it. After removing the KB I was able to check for patches and install them from my WSUS successfully.

For now this issue appears to be easily worked around by removing KB4012218 or by using 3rd part patching solutions.

1 Like

You will know soon enough, wenn the next patch day comes in.
If that works, then that would be good news.

I can confirm now that virtual machines are not affected by their hosts processors. I have a W7 Enterprise VM loaded up on the same machine tested above with KB4012218 installed and it's still detecting patches correctly from WSUS. I'm waiting to see if it'll detect from MS servers. This is a smart move on MS' part.

Additionally it appears this is only affecting detection of patches and not installation. Not sure if I mentioned that above or on spiceworks but that's an important distinction.

1 Like

Please keep this thread updated as you learn more about this or if there is anything to add and as updates come out. I appreciate the research you are doing on this issue.

1 Like

I won't have any updates until at least next week when patch Tuesday rolls around to see if MS is going to force KB4012218 to exist before further patches can be deployed. If not then and it works without it than the solution is as easy as not installing the KB.

Patch Tuesday was yesterday. So we should know by now.

Any updates, @Yockanookany ?

I think he is testing this in a VM.
Which could be a reason why updates still install.

I'm out on paternity leave. I'll give it a shot tomorrow.

Paternity leave? What the hell? Get your priorities in order, man.

:stuck_out_tongue:

Just kidding, I forgot that it was you with the new-born.

1 Like

Computers are high on that lost but Windows updates can burn in hell.

1 Like

ive done some testing but wont know for sure untill next patch tuesday but i replaced the updated windows update files in the system32 folder with a computer that hasn't installed april update and it allowed the pc to check for updates again. because i noticed it actually updated the windows update client from .23452 to .23735 its abit of a hassle to take ownership of each of the windows update files then replace them and reset ownership i have to test if it is possible to just replace the exe and not the dll's