[German]A short patchday addendum: Microsoft has released several UEFI security updates after the patchday. Among others there is the security update KB4524244, which causes serious trouble on AMD devices and some notebooks. Addendum: The update has been pulled due to serious isses – see text for details.
In the blog post Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020) I pointed out that an UEFI update KB4502496 for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 and Windows Server 2012 has been released. But there is more.
Update KB4524244 for Windows 10
Security update KB4524244 is also an UEFI update. According to Microsoft, this security update will result in quality improvements in the supported versions of Windows 10. It is intended to fix a UEFI problem:
Resolves an issue where a third-party Unified Extensible Firmware Interface (UEFI) start manager might expose UEFI-enabled computers to a security risk..
Microsoft does refer to the security page for more information. However, I did not find an entry for the update there. The patch is available for the following Windows 10 versions according to the KB article.
- Windows 10 Version 1903
- Windows 10 Version 1809
- Windows 10 Version 1803
- Windows 10 Version 1709
- Windows 10Version 1703
- Windows 10 Version 1607
What is noticeable in the above list: Windows 10 version 1909 is missing. Forgotten, because the update was listed in the Microsoft Update Catalog also for this Windows 10 build, and also the WSUS gets the package, as Woody Leonhard notes here. But within the Microsoft Update Catalog for KB4524244 the KB article KB4504418 has been linked for details (I doubt if this makes sense). The update is distributed via Windows Update, via Microsoft Update Catalog and via WSUS. A reboot is not necessary after installing the update.
Trouble on AMD machines?
Shortly after the update was released, a user reported on reddit.com serious issues with his hardware.
Anyone having trouble with KB4524244? It hangs and then when I force reboot, HP BIOS says it detected an unauthorized change to the secure boot keys and had to restore.
The user claims to have installed the update on an HP Elitedesk 705 G4 micro. In the corresponding thread other users report a ‘boot hanging’ of the machine after installing the update.
BIOS recognized an unauthorized secure boot key change
After the HP BIOS complained about an unauthorized change to the secure boot key and refused to start, it helped some people to disable secure boot. In the meantime more users have confirmed that issue on reddit.com. One of them recommends that affected people postpone the update installation for 30 days – in the hope that there is a fix.
Installation error 0x800f0922
Within this reddit.com thread a user with nick name LordDeath86 claims that the update install ends with error 0x800f0922:
After installing the update for 1909 I got a new pending security update KB4524244 and it always fails with error 0x800f0922.
And again Google and Bing are failing me here because that error code can mean anything from bad VPN software (don’t have any) to a too small system partition (also not the case here) to a bad star constellation that sends cosmic rays into my PC and let the update fail.
On Microsoft Answers there is this forum post from February 12, 2020 in which a user also reports serious issues:
2020-02 Updates KB4524244 Locks Up My Computer and Fails Install
I received the Patch Tuesday releases today. KB4532693, KB4537759 and KB4538674 dropped in the first wave and all installed successfully. On a subsequent “Check for Updates” KB4524244 downloaded and installed but on the reboot, it rebooted the first time but froze hard on the second re-boot with Step 2 information and a frozen spinner on my screen, no keyboard or any access. After about 15 mins I finally forced the system down. On the reboot, my Secure Boot flagged me that the keys were corrupted. I was able to get those repaired and reboot into the system. I rebooted a couple more times but no updates attempted to install. On a third “Check for updates, the same (KB4524244) update attempted to download but freezes the system at 94% on the download. Again freezes hard requiring a hard re-set. I tried flushing the Software Distribution cache but get the same results.
FYI: I am running Windows defender with VBS (Credential Guard and Hypervisor enforced Code Integrity on an HP EliteDesk 705 G4 MT with a AMD Ryzen 5 PRO 2400G with Radeon Vega Graphics. I also have a similar set up running on an HP laptop (Intel i5), but the update installed fine on it.
A second user in the thread mentions HP Sure Start Recovery, which prevents booting on several machines with AMD Ryzen CPUs (see picture above). Also Dell servers seem to be affected according to another post in this thread. Apple machines with Bootcamp are also affected.
AMD Threadripper Processor Kernel Limiting
Within this post a user states that the patch limits the use of the AMD Threadripper processor to 20 cores:
If you are running a 3970x threadripper, it limits you to only using 20 cores, I uninstalled it and went back to using all 32 cores.
In this blog post somebody summarized that. Anyone affected?
Addendum: This update has been withdraw due to it’s issues – see my article Windows 10: Update KB4524244 pulled.
Adobe Flash Player 188.8.131.520 released
Microsoft Office Patchday (February 4, 2020)
Microsoft Security Update Summary (February 11, 2020)
Patchday Windows 10-Updates (February 11, 2020)
Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020)
Patchday Microsoft Office Updates (February 11, 2020)
Internet Explorer Security Update KB4537767 (Feb. 20202
Windows 10: Update KB4532693 kills user data/profile
Cookies helps to fund this blog: Cookie settings