Developer lifts Windows 7's update blockade with unsanctioned patch

'Zeffy' figures out a way to undo Microsoft's no-support-on-new-silicon policy; posts results on GitHub

How to hold on to Windows 7 for the long haul
Credit: Pixabay, Microsoft

An anonymous developer has published a patch that negates Microsoft's barring of security updates from Windows 7 and 8.1 PCs equipped with the very newest processors.

The developer, identified as "Zeffy," posted the patch and accompanying documentation on GitHub, the code repository.

"I was inspired to look into these new rollup updates that Microsoft released on March 16 [after reading about the processor-related blocking of Windows Update]," wrote Zeffy. "[That was] essentially a giant middle finger to anyone who dare not 'upgrade' to the steaming pile of garbage known as Windows 10."

Zeffy's hostility was directed at the policy Microsoft prepared in March and executed earlier this month that bar Windows 7 and Windows 8.1 PCs equipped with the newest Intel and AMD processors from receiving security updates. Those rules were announced but not implemented last year.

In January 2016, Microsoft said that making Windows 7 and Windows 8.1 run on the latest processors was "challenging," and mandated that Windows 10 would be the only supported edition on seventh-generation and later CPUs. The impact on Windows 7 and 8.1 -- the former remains the most popular version of Microsoft's OS by far -- was to significantly shorten their support on the latest silicon, a first for the Redmond, Wash firm.

There is no foolproof way for customers to verify which Windows 7 or 8.1 desktops and notebooks will be targeted by the support stoppage. While Microsoft maintained a web page with links to OEMs' supported "Skylake"-equipped PCs, it has acknowledged at least one false positive after machines powered by AMD's "Carrizo" CPU line was mistakenly put on the "No Patch" list.

If a PC is blocked by Microsoft from receiving future security updates via Windows Update -- or in a corporate environment, through Windows Server Update Services (WSUS) -- customers cannot easily break the blockade, whether because of an error on Microsoft's part or because they don't agree with the company's policy.

Zeffy's intention was to change that.

After downloading Microsoft's March 14 cumulative updates for Windows 7 and 8.1, Zeffy came up with a list of files most likely to contain the processor detection code, then compared them with those already on a test system in the hope of identifying the pertinent file. Zeffy's conclusion was that wuaueng.dll harbored the detection-and-ban code.

Zeffy created a collection of patched files and scripts to install them, then dumped everything on GitHub last month. After Microsoft issued this month's cumulative updates on April 11, Zeffy revised and reposted the patched files.

Woody Leonard, a noted Windows patch expert and popular columnist on Infoworld, said that users had told him Zeffy's patched files worked as advertised. (Like Computerworld, Infoworld is an IDG publication.)

One problem with Zeffy's patches is that they must be modified each time Microsoft changes wuaueng.dll for a month's updates, or does so on the fly after the user runs System File Checker (SFC). (Zeffy said that SFC would finger the changed file as corrupted, then instruct Windows to replace it with a "good" copy.)

Today, Zeffy released a simplified all-in-one patch that included just one script, which automatically detects which version of the changed wuaueng.dll file needs to be applied.

And two days ago, Zeffy said he or she was investigating a way to patch wuaueng.dll in memory, which would eliminate the need to replace the actual file within Windows. "This would be much safer and also enable other possibilities that would otherwise be impractical with the xdelta/batch script setup I have now," Zeffy wrote in a message on GitHub.

Third-party patches intended to work around Windows have a rich history, but depending on Microsoft's stance, have sometimes been resisted, ending up in a tit-for-tat-for-tit-for-tat back and forth between corporate behemoth and solitary programmer. Microsoft could easily take that position here with Zeffy's work.

In almost every case in the past, Microsoft has discouraged users from applying unsanctioned patches, warning that they risk crippling the operating system and thus their computers.

Zeffy declined an interview request today when contacted via GitHub.

This story, "Developer lifts Windows 7's update blockade with unsanctioned patch" was originally published by Computerworld.

New! Download the CIO March/April Digital Magazine