Microsoft pulls KB 4524244, the infamous UEFI patch, from the Catalog

Topic

New Reply

The count of “2020-02” patches in the Catalog went down by eight overnight. One of them is KB 4524244, the UEFI patch that we’ve all been wondering ab
[See the full post at: Microsoft pulls KB 4524244, the infamous UEFI patch, from the Catalog]

5 users thanked author for this post.

r1ma, geekdom, rontpxz81, Fred

Reply | Quote

Replies

Seeker/cannon-fodder report.

I already have KB4524244 successfully installed on all my installations, with nary an issue to report.  The B side of my laptop got it yesterday.  All installations are operating smoothly as expected.

I waited for the push from Microsoft on my NAS and on the B side of my laptop.  The process went smoothly in both cases.  The laptop is a 2011 vintage Dell Latitude E5420 that shipped with both BIOS and UEFI, and was originally setup using BIOS/MBR.  A few years ago I converted it to UEFI/GPT.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

Fred

Reply | Quote

[Alex5723]

bbearren wrote:

I already have KB4524244 successfully installed on all my installations, with nary an issue to report.

And the question is : what exactly was wrong, if anything and what exactly did it “fix” ? Have you compared the UEFI code before and after the patch ?

Installing an update/fix that does nothing doesn’t mean that everything is ok. Down the road you may receive a BIOS/UEFI firmware update from DELL that will lock your PC forever due to this fix…

• This reply was modified 3 years, 7 months ago by Alex5723.
• This reply was modified 3 years, 7 months ago by Alex5723.

Reply | Quote

[bbearren]

And the question is : what exactly was wrong, if anything and what exactly did it “fix” ?

With the exception of driver updates, I don’t block any updates offered to my systems by Microsoft at any time.  Since I’ve been running Windows 10 starting with 1507, nothing has been wrong, I’ve had no issues with any updates, and there are no issues to report now, either.

Have you compared the UEFI code before and after the patch ? Installing an update/fix that does nothing doesn’t mean that everything is ok.

If everything runs normally, that does means that everything is OK.

Down the road you may receive a BIOS/UEFI firmware update from DELL that will lock your PC forever due to this fix…

Dell does not push firmware updates.  The last BIOS/UEFI (the E5420 has both) update Dell issued was in 2014, when my E5420 was 3 years old, and I already have that one installed.

I have no HP products, no AMD products.  I also have no fear of Microsoft Updates, because I always have fresh drive images at the ready.  I’ve never had to use one, because I’ve never had a problem with any Windows 10 Updates, no Windows 7 Updates before that.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

• This reply was modified 3 years, 7 months ago by bbearren.

2 users thanked author for this post.

Barry, Fred

Reply | Quote

bbearren

Let me first say i totally agree with your philosophy on windows patches however under the circumstances since Microsoft has acknowledged the patch is faulty dont you think it would be prudent to uninstall it whether it affects you or not?

Barry
Windows 11 v22H2

Reply | Quote

Barry wrote:

Let me first say i totally agree with your philosophy on windows patches however under the circumstances since Microsoft has acknowledged the patch is faulty dont you think it would be prudent to uninstall it whether it affects you or not?

No.  How many, many blog posts and replies have we read here on AskWoody about how Microsoft is not fulsome enough in information/explanation about updates/patches?

From what I’ve read here, users of HP and AMD products are the main anecdotal reporters of problems.  I have neither.  I’m not one to uninstall an update/patch because “the sky is falling”.  I’m able to use my systems without issue, I have no impetus to uninstall an update that is giving some other people problems.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

b

Reply | Quote

As i said i agree with you completely and i have always installed all of Microsoft patches as soon as they come out going back to my WIN7 days and i can count on one hand the number of times i have had any problems. The one exception is if Microsoft pulls a patch completely from Windows update (and that rarely happens) i will uninstall the patch and wait for them to reissue it.

 

Barry
Windows 11 v22H2

Reply | Quote

Admittedly my logic is probably faulty, but everything I’ve read so far about this particular update is related to HP, a fairly large Microsoft OEM partner, and AMD, which would involve even more Microsoft OEM partners.

I’m just guessing, but it would seem to me that Microsoft would be much more inclined to facilitate good relationships with their OEM partners than they would pay attention to rants from individuals on various platforms on the internet.  And just another guess, it could well be that some of the effected machines are still being supported by the OEM’s, and not directly by Microsoft.  I’m almost willing to bet that OEM complaints about updates have a much higher ranking and carry much more weight than general consumer complaints.

And as I stated previously, none of my systems are HP or AMD.  I don’t think Microsoft pulled that update for me.  I think they pulled it for HP/AMD/etc..  I remain unconcerned with the update being installed on my systems.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

Barry

Reply | Quote

I have that installed on my new ASUS laptop with an AMD 3000 series Ryzen APU/Windows 10 1809 Home edition and am having no issues but should I uninstall it.

Since it’s been pulled will Windows 10’s Update it try and reinstall the patch after it’s been uninstalled. I’m asking  as I am not up to speed yet  on delaying 10’s(Windows 1809) patching?

Reply | Quote

See the main article. The documentation says it will not be reissued.

Reply | Quote

As of 8:33 AM CST, KB4502496 (Win8.1 standalone) is no longer in Windows Update. Maybe it’s your machine… check again.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Just checked again. It’s gone now.  2/15 8:45am server time.

2 users thanked author for this post.

woody, WildBill

Reply | Quote

The patch was first created in September 2019, so it was in testing for almost 5 months

and that still was not enough to get it right

6 users thanked author for this post.

Nibbled To Death By Ducks, Bluetrix, Cybertooth, woody, PKCano

Reply | Quote

Now THAT’S a classic!

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

Yes, it is…now, if someone could explain what “…a subset of devices…” constitutes, in this case. WHICH devices? What devices?  The phrase “a subset of devices” is wide enough for the late Melvin Belli to drive a 747 through….(Oh, my head…)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Nine out of 10 doctors say Acid Reflux is mainly caused by computers."

Reply | Quote

I hid the update on windows 8.1. It’s no longer there.

Reply | Quote

big phat fail for KB4524244 and KB4502496 by MS

Reply | Quote

My impression is that a “UEFI boot manager” is the boot loader that your OS places in the EFI system partition of a GPT partitioned boot drive.  So it wouldn’t be part of the UEFI firmware from your motherboard/PC manufacturer.  A stock Windows installation would have a Microsoft boot manager installed in that location.  But in a dual-boot scenario with Linux or other OS, you could have GRUB or another third party boot manager.  Perhaps the issue that Microsoft is trying to fix is related to one of those?

Reply | Quote

I have unistalled It on My computers Even if i have t any issue with it

Reply | Quote

I had the 44 update but apparently was never offered the 96 patch. I had no problems with it but went ahead and uninstalled it. But i am very curious what problems these patches were supposed to be causing. I do not remember seeing anything other than the curiosity of what they were patching.

Barry
Windows 11 v22H2

Reply | Quote

KB4524244 contain KB4502496, in addition to other two dummy updates

2 users thanked author for this post.

Barry, geekdom

Reply | Quote

Based on what I read here and https://borncity.com/win/2020/02/15/windows-10-update-kb4524244-pulled/, I have uninstalled KB4524244 patch.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

My CarbonX1 had a bunch of patches installed Feb 13, 14, 15 and developed the same problem.  Unfortunately no directory *.000 with (optimally) old settings….    I uninstalled a couple but it didn’t seem to solve the problem – I can try changing the desktop but it goes back to generic when I reboot.   I think I will uninstall all updates from Feb and then perhaps make a new login too…   Unfortunately this is a real screw-up but fortunately this is my laptop and I can recover from this.  But hiss or something rude to Microsoft.

Reply | Quote

Relating to Patch Lady AKA @SBSDiva: If this is a Kaspersky “UEFI bootloader”, why does M$ even give Kaspersky update access? Windows Defender is my antivirus & I don’t use or need Kaspersky. Fortunately, the update was pulled by Micro$oft.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

1 user thanked author for this post.

Fred

Reply | Quote

Does uninstalling the patch put back in Kaspersky loader?  Take it out?  Does it depend on some other factor?

Reply | Quote

PKCano wrote:

KB4524244

“Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update.”

https://www.zdnet.com/article/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs/

 

Reply | Quote

anonymous wrote:

Does uninstalling the patch put back in Kaspersky loader?  Take it out?  Does it depend on some other factor?

According to this post the bug has nothing to do with the regular Kaspersky loading but with Kaspersky Rescue Disk :

Update 15-Feb-2020: The mess gets messier: Judging from a series of cryptic tweets by security experts, this update and its revocation are tied to a situation involving Kaspersky Rescue Disk and a signed bootloader that can circumvent the Secure Boot feature that is the bedrock of security on modern PCs.

https://longroom.com/discussion/1798986/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs

Reply | Quote

It’s now gone from my laptop as I read that it’s affecting AMD based systems, and others as well. But at least I do not have to worry about Meltdown/many others and only a single Spectre issue AFAIK. But really MS for that key signing and its certification/vetting process maybe that needs more staffing in the actual human  based department. Bootloaders really need an actual person looking at what’s being signed.

Reply | Quote

For your further reading edification from BleepingComputer:
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-10-kb4524244-issues-and-pulls-the-update/

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I have always deferred from purchasing AMD processors for some reason. I was able to update yesterday and saw that this patch was pulled. That made it a little easier.

Win 10 Home 22H2

Reply | Quote

Great, it was installed on all systems here. Should I uninstall it? Or even restore an older image because some damage is already done? Will be a time consuming process then :-((( We do use Kaspersky though, so maybe better to leave it? So terribly tired of Windows 10, problem after problem after problem. They should pull this whole Windows and start from zero again.

Reply | Quote

[rc primak]

Still not understanding why Kaspersky would install ANY bootloader on a Windows single-boot PC. Why should a Rescue Disk be installed on a System Drive in the first place? Isn’t the whole point of a Rescue Disk that you boot it from USB or DVD?

That said, I use Macrium Reflect, which can also boot into a Rescue Mode, and that capability is installed on the System Drive of my Windows 10-Ubuntu (18.04 LTS) Linux dual-boot all-Intel PC.

Since we were on MS-DEFCON-2 the whole time, I missed the “opportunity” to “beta-test” this patch. Yet another case of letting the pioneers catch the arrows, eh?

-- rc primak

• This reply was modified 3 years, 7 months ago by rc primak.

Reply | Quote

woody wrote:

The count of “2020-02” patches in the Catalog went down by eight overnight. One of them is KB 4524244, the UEFI patch that we’ve all been wondering ab
[See the full post at: Microsoft pulls KB 4524244, the infamous UEFI patch, from the Catalog]

Now is this okay to resume the Windows Update and then run an update?

Thanks.

Reply | Quote

We are still on DEFCON-2, which means WAIT until the DEFCON number is 3 or greater. At that time Woody will publish instructions for safe patching in an article in ComputerWorld.

1 user thanked author for this post.

r1ma

Reply | Quote

Ok, I have ComputerWorld at my RSS.

Reply | Quote

AskWoody also has an RSS feed. Click the RSS icon in the upper right corner.

1 user thanked author for this post.

r1ma

Reply | Quote

PKCano wrote:

We are still on DEFCON-2, which means WAIT until the DEFCON number is 3 or greater. At that time Woody will publish instructions for safe patching in an article in ComputerWorld.

This is new post:

“Whatever the case may be, if you’re one of the users who didn’t install the latest cumulative update and now thinking of installing it on your PC, you should wait until Microsoft finds a solution to fix these bugs.”

https://mspoweruser.com/windows-10-kb4532693-update-creates-fresh-torubles-for-users-but-you-can-expect-some-good-news-soon/

Reply | Quote

[woody]

I’m quite sure MS is aware of the problems with KB 4532693. I’m also quite sure that there’s been no official announcement – either detailing the problems, pulling the patch, or offering a fix.

It’s been beating up on peoples’ machines for almost a week now. I don’t know how they’re going to fix it, but they need to.

• This reply was modified 3 years, 7 months ago by woody.

Reply | Quote

I had to re-uninstall KB4524244 from my laptop as I had to do System Image Restore(Windows 7 style) of my windows 10 1809 laptop with that system image done on Feb 13. That image backup still has corrupted files and I count that as related to the laptop being updated to 1809 from an earlier end of support build/version of Windows 10 that came preinstalled on the laptop at the factory. And the laptop was probably manufactured sometime in Oct 2018 to early 2019 as that laptop exact make/model was introduced/demonstrated at CES 2019.

So I’m keeping KB5424244 around in that system image backup only to have to be removed once again if my system gets any more corrupted but I may have the system image backup that I made when the system was just started for the first time but I’ll bet that the OEM’s shipped windows 10/laptop factory image may even have some corruption as well.

But I had have messed up some permissions associated with my administrative account and things where not working out after some system restores as well as some other tinkering that went awry. So looking at the CBS logs it appears to be mostly corrupted text files and one JSON file.

With Windows 10 and that rapid update cadence I gladly pay the Laptop OEM extra for a DVD/USB based laptop’s specific drivers/installer media similar what the MB/CPU/GPU and other device makers supply with their COTS parts for folks that build their on PC systems. Laptop’s only ship with the OEM’s custom slip-streamed factory image and the drivers are included with that. That way I’d be able to do a generic Windows 10 install and install the drivers from the provided media without the hassle of going online to search for individual drivers.

Reply | Quote

[geekdom]

Here is a “lesser-evil” repair:

Open an administrator command prompt (cmd).

• Type or copy: DISM /Online /Cleanup-Image /RestoreHealth
  Watch it grind through percentages.
• When it finishes, type or copy: sfc /scannow
  Watch it grind through percentages. Reboot

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

• This reply was modified 3 years, 7 months ago by geekdom.
• This reply was modified 3 years, 7 months ago by geekdom.

Reply | Quote

Is DISM available on Windows 10  Home edition?

Reply | Quote

It is available on both Home and Pro.

Reply | Quote

DISM fixed the corruption my laptop’s  Win 10(1809) Home version’s image and after fixing that I ran sfc /scannow and that was able to fix the unfix-able stuff that sfc was unable to repair in its previous runs. I also made a new System Image backup as well and KB 4524244 was uninstalled again so it’s no longer present. So at least I have a clean System Image backup to fall back to if needed,

I’ll be checking things once again in 3 months time as 1809 goes EOL and doing a pre-1909 system image backup just in case the transition causes serious errors.  I guess that it’s time to get one of those 4TB+ external backup hard drives as I have System Images for 5 laptops scattered across 3 different 1 to 2 TB backup hard drives and they say that it’s good to have at least one backup of the original backup/backups as well.

1 user thanked author for this post.

geekdom

Reply | Quote

Just found one of our new small HP EliteDesk 705 test systems locked up hard this Monday morning. Lost a whole weekend of testing on it.

Upon reset, it reported “unauthorized changes to the secure boot data”, reported that HP had reverted it, then proceeded to boot up and report that “There were problems installing some updates”.

Upon another check for updates the error message vanished and the system reported “You’re up to date”.

-Noel

Reply | Quote