[German]Users of Lenovo ThinkPads with Windows 10 Version 2004 and Lenovo Vantage software have been annoyed by BlueScreens (error SYSTEM_THREAD_EXCEPTION_NOT_HANDLED in ldiagio.sys) caused by updates since August 2020. Now Microsoft has confirmed the issue
Short review: BSODs on Lenovo ThinkPad
I had pointed out the problem in early September 2020 in the blog post August 2020 update causes BSODs on ThinkPads – Upgrade suspended on LTE systems. The August 2020 cumulative update KB4566782 for Windows 10 version 2004 caused problems. In the Lenovo Forum there is a post Win10 2004 KB4566782 breaks Intel ME, causes Vantage BSoD from August 24, 2020 which reports nasty problems with the August 2020 update KB4566782 for Windows 10 version 2004 machines.
Launching Lenovo Vantage results in a BSoD within a few seconds after the loading animation completes. This is 100% reproducible. The BSoD is always "SYSTEM_THREAD_EXCEPTION_NOT_HANDLED", and most of the time, it implicates ldiagio.sys.
Lenovo gives the advice to uninstall the update KB4566782.
Confirmation by Microsoft
Through this tweet, I became aware of the latest support post from Microsoft titledStop error on Lenovo ThinkPad that has KB4568831 or a later update and Enhanced Windows Biometric Security enabled in UEFI. In this document Microsoft confirms a problem with Lenovo Thinkpad systems running Windows 10 version 2004.
ThinkPad devices running Windows 10 version 2004 that have received the July 31, 2020 preview update KB4568831 or a later update and Enhanced Windows Biometric Security enabled in UEFI are dropping blue screens. A condition for this error is, the device must also have Windows Advanced Biometric Security enabled in the UEFI and use Lenovo Vantage software. Then there is the stop error "SYSTEM_THREAD_EXCEPTION_NOT_HANDLED" ("0xc000000005 Access Denied"), caused by the ldiagio.sys.
The reason is that under certain conditions the mentioned updates restrict the possibilities of how processes can access the PCI device configuration space (Peripheral Component Interconnect). Processes that need to access the PCI device configuration space must now use officially supported mechanisms.
Enabling the Enhanced Windows Biometric Security option in the UEFI of Lenovo ThinkPad devices manufactured in 2019 or 2020 should meet the conditions. When running Lenovo Vantage software, some versions may attempt to access the configuration space of PCI devices in an unsupported manner. This will trigger the BlueScreen. The solution that Microsoft suggests is to disable Enhanced Windows Biometric Security in the device UEFI configuration (in the Security > Virtualization section).
Cookies helps to fund this blog: Cookie settings
in our case the affected model is T540p. Up to now 5 systems are affected. After upgrade to 20H2 when starting the integrated camera in Chrome browser we receive a BSoD.
The recommended solution does not work for us because I could not find the Enhanced Windows Biometric Security in the security -> virtualization section of the UEFI neither anywhere else. It seems that these older models and their aged UEFI does not support this feature.
The last affected system was completely installed new with formatting the disk. OS was 1903. No Lenovo Tools are installed not even Vantage. After upgrade to 20H2 -> BSOD.
Any suggestions how to solve this issue ?