A recently published Knowledge Base article suggests that Microsoft is going to block Windows Updates for owners of the latest Intel and AMD processors if they try to run Windows 7 or 8.1.
Last year, Microsoft announced a shift in the way it would support Windows. Going forward, new processors, including Intel’s Kaby Lake and AMD’s recently-released Ryzen, would require the newest version of Windows. Users of Windows 7 and 8.1 would be out of luck, with Microsoft having no plans to support the new chips on the old operating systems.
Take note.


It used to be fairly common to see BIOS configuration options to limit CPUID, maximum memory, or change PnP device initialization to support old operating systems including XP and OS/2. Who would ship a Kaby Lake system without such support today, noting that it would alienate a good fraction of potential users?
It also seems like a matter of time before hacks/shims are built to ensure Windows Update doesn’t see the native CPUID when checking for updates.
malxau,
Maybe, but I’m wondering if MS will actively update windows to reject the drivers or even revoke the signing keys? If they do, then it will be an eternal nuisance for legitimate owners using legitimate drivers.
The thing is it’s not the first time microsoft has used windows update as a weapon. Back when I was a windows kernel developer, microsoft revoked the keys of a legitimately signed tool that permitted owners to install & control drivers of their choice on their own systems. Microsoft didn’t want owners to have this control, so I abandoned windows kernel development. That was then, now we’re at risk of loosing userspace privileges too if MS gets it’s way – fortunately there’s been a lot of resistance and their locked down userpsace platform has not been popular.
Edited 2017-03-17 00:07 UTC
I think you’re suggesting that the hacks I’m suggesting require drivers, and I don’t think they do. Generally code running in the same process is sufficient to alter behavior, and there are plenty of ways to do that in Windows. Windows Update is particularly straightforward since it exists in a shared svchost process (on Win7 & 8), so creating a new service and configuring it to share with WU would allow that (unsigned) code to intercept everything WU is doing.
malxau,
Maybe a BIOS hack like you suggested would work then, I’m not really sure in what ways it’s possible to control CPUID. Maybe intel itself has taken steps to help ensure backwards compatibility under these scenarios. I don’t imagine intel is pleased with microsoft over this policy of CPU discrimination.
Hi,
For Intel CPU’s, to work around an ancient bug in Windows NT, you can limit CPUID to only report basic information (CPUID leaves 3 or lower). This will nerf various features (e.g. long mode/64-bit) and ruin a few other things that can help software improve performance (e.g. cache characteristics).
For AMD CPU’s, I’m not sure about Ryzen (they haven’t released a “BIOS and Kernel Developer Guide” for it yet). Normally you can change the CPU’s brand string, but not much else.
Note that these things are be done via. MSRs. You don’t need to modify the firmware – a “bootable middle-man” (something that boots, modifies MSRs, then starts the OS’s boot loader) would be enough. However, none of it changes the “family, model, stepping” that a CPU reports so it won’t help either.
A specially crafted micro-code update might be able to do it, but that is not a practical option.
A “somewhat practical” option would be a very thin hypervisor (where Windows runs inside a virtual machine), which can make CPUID say anything it likes. The only real downsides to this approach would be that you probably wouldn’t be able to use virtualisation inside Windows, and there’d be a small performance hit involved. Of course if Microsoft only block updates, then you’d only use the hyper-visor when you’re updating (and there wouldn’t be disadvantages during normal use).
– Brendan
Edited 2017-03-17 10:20 UTC
Brendan,
Using a virtual machine just when updates are needed is pretty clever, although I’m not sure how well it would work in practice. The virtualization might interfere with WGA activation, and windows update already disables itself in that case so one might not be able to perform the update anyways even with a permitted CPUID.
Also, even if WGA passed, windows update may never update the non-virtualized hardware drivers because it doesn’t see them under virtualization.
So it would be better to avoid running inside of virtualization all together assuming it’s possible to change CPUID – I don’t know if this is true on intel processors, but apparently it can be done on AMD and VIA processors in order to sidestep CPUID based discrimination, ironically at the hands of Intel itself:
http://www.osnews.com/story/22683
So maybe Intel has anticipated the need for users to change CPUID on the basis of discrimination against it’s own processors…although I haven’t found any tools to do this yet.
Hi,
I haven’t found anything that a tool like this could use in any of Intel’s documentation (including documentation primarily intended for firmware developers and OS developers).
– Brendan
Such BIOS configuration options might still exist putting a new desktop motherboard into an older case.
They are not available to anyone purchasing a notebook. So, is there an option for these users?
I wondered about this last year when MS first made the announcement, and I don’t think the knowledgebase has cleared it up.
Traditionally, microsoft not supporting a piece of hardware was never a show stopper because A) x86 engineers have always taken backwards compatibility very seriously, B) manufacturers would release the drivers themselves, even if MS didn’t support it. My gigabyte motherboard today isn’t technically supported by microsoft, it’s supported by gigabyte, which means not everything works out of the box until I install gigabyte’s drivers manually.
So with that in mind, is microsoft simply going to leave out bundled support for these, such that third parties can support it themselves like they always have? Or is microsoft’s plan much more cynical, in that they’ll start to actively interfere with or block new 3rd party hardware drivers from working on windows 7?
If it’s the first, then whatever…it’s just a scare tactic. If it’s the second though, then that’s highly unethical and possibly even illegal against owners of retail licenses who are explicitly allowed to install on new hardware (even if said hardware isn’t supported by microsoft).
Edited 2017-03-16 23:45 UTC
Nothing to do with drivers… what is going to happen is u if you run Ryzen with win8 or below you get no updates…
Notebooks based on the 6th Gen CPUs can be purchased with Windows 7 Pro installed through downgrade rights from Windows 10 Pro. However, I remember something about Windows 7/8.1 Updates which “don’t work” on a 6th Gen or later system will not be fixed so that they do.
Notebooks based on the 7th Gen CPUs are coming to store without an option for Windows 7 Pro through downgrade rights.
So, soon, the only way for one to have a fully patched Win 7/8.1 system until its official end-of-support date will be to purchase a pre-owned one – if it was not previously updated to Windows 10!
My understanding is that they’re blocking *ALL* Windows Updates if you have a new CPU.
THANK GOD!!! I won’t have to worry about Windows Update trying to FORCE me to update my W7pro to W10 anymore! Sounds like a win-win proposition to me. 8)
Is known as “Forced Obsolescence”. If they can’t get you to come along with them, willingly, they will FORCE you to, one way or another. Enjoy the playground of Apple and Microsoft.
As soon as I can get Haiku or an alternative platform that doesn’t use this type of policy, that does what I need, I am jumping ship faster than you can blink your eyes… seriously!
Alternatives? There is. A lot. Come and pick: http://www.distrowatch.com
I understand the root problem is difficult to understand. But its not Forced Obsolescence, its microsoft not wanting to invest resources re designing old Operating systems for newer hardware.
Its much more of MS throwing up their hands at the changes Intel made to the cpu functionality.
As a keeper of unpopular opinions, I also don’t understand the desire to keep a hold of either of the older Operating sytsems. Yeah win 7 was better than Vista. If you need windows, I don’t understand the disdain for Win 10. The privacy issues can pretty much be avoided with judicious registry edits.
If you don’t understand the disdain for Windows 10, you’ve never used it in a corporate environment. Try it. You’ll comprehend it right quick!
i use it in a corporate environment, it’s fine
Okay, so you can explain why the Windows Store can no longer be turned off, violating our security in the process?
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
Create a new value REG_DWORD, name it RemoveWindowsStore. Set it’s value to 1
Finished
Security unviolated.
Edited 2017-03-18 15:33 UTC
BluenoseJake,
Let me know if my info is wrong or out of date, but otherwise it’s a legitimate gripe and we can see that there are many administrators complaining about it. Many/most companies do use windows professional edition for their employee workstations.
Edited 2017-03-18 19:47 UTC
So i spun up a win 10 pro vm, and tested it, and your info is correct. As we are using Enterprise, I had no idea, and it sucks.
Sorry To doubt you, and same you, Darknexus
Edited 2017-03-18 22:28 UTC
Windows 10 LTSB Enterprise comes without Windows Store in the first place. Without Cortana and other junk too.
It’s actually the only somewhat usable Windows edition; too bad normal people cannot purchase it.
People have been pirating Windows since forever so maybe they should just go that route if Microsoft doesn’t want to offer a version of Windows that isn’t hostile and abusive to the average user.
Bill Shooter of Bul,
(Emphasis Mine). Consider that for a moment, windows XP doesn’t “support” Skylake CPUs, yet XP still runs fine on them anyways, it’s simply missing the newer features. Heck, there’s even a good chance that windows XP works on Kaby Lake!! (Not that I want to, but it’s a valid point against microsoft’s position).
So this is more than microsoft simply throwing up their hands and refusing to add support to windows 7/8, this is microsoft making a deliberate decision to actually put in more work to make the update features stop functioning as it did on earlier hardware. Whether you understand the desire to shy away from windows 10 or not, you must concede that this is a deliberately anti-consumer move by microsoft.
Did you know that microsoft doesn’t officially support USB3 on windows 7 either? Yet here I am running windows 7 with USB3 on several machines. In my mind, there’s a very big difference between merely not having “support” versus punishing users who get it working anyways.
https://social.technet.microsoft.com/Forums/windows/en-US/acd63e62-0…
Edited 2017-03-17 17:34 UTC
This drew my attention:
How many of the Windows users have the knowledge and skills to feel comfortable enough to edit the Registry? 25%? 10? 5%?
It is valuable that the knowledgeable subset of a community “fights” for the privacy rights of all users of that community in addition to exploring (and publishing) ways to overcome them. One should not have to delve into the internals of an operating system to protect his/her privacy.
No, forced obsolescence means you can’t run new OS versions on older hardware. This is what Apple does. “Version X of the OS will no longer support systems made prior to 2012.” “Version X+1 of the OS will no longer support systems made prior to 2015.” And so on.
You can still install Windows 10 on older systems and get updates. You can still install Windows 8 on older systems and get updates. You can still install Windows 7 on older systems and get updates. Existing hardware will continue to work. No hardware has been obsoleted.
All that’s changing is if you buy new hardware today (Ryzen or Kaby Lake based), you have to install the latest OS version to get support and updates. Trying to run an older version (Windows 7 or 8) will work … you just won’t get any updates after Update X.
What really sucks about this is that Windows 7 is still in mainstream support … and Microsoft is cutting off support for it on current-gen hardware. Same for Windows 8.  If 7 or 8 were EoL’d, nobody would care, but they’re still supported OSes … but Microsoft isn’t going to support them.
   Same for Windows 8.  If 7 or 8 were EoL’d, nobody would care, but they’re still supported OSes … but Microsoft isn’t going to support them.
He means forced obsolescence of the OS, not the hardware. MS is forcing their old software into obsolescence so they can get everyone running the new software.
So…as far as I can figure out there were never any systems sold with these CPU’s and Windows 7. So technically you shouldn’t have any expectation that your new CPU would have worked on Windows 7.
Then again, these CPU’s work on 7 today and Windows 7 is in extended support mode for 2 years already so it only gets security fixes which shouldn’t require any change that would break currently working CPU’s. So blocking EVERY update because something MIGHT break seems completely unnecessary.
I am sure many businesses that are standardized on Windows 7 and want to buy new hardware are going to have issues with this!
Yeah, this is pretty much a non-issue for the average Joe as they don’t upgrade anything unless it’s an entirely new computer to begin with.
For small businesses, same thing, complete options via some business line from an OEM like Dell, and a contract with their specific business software provider for their business specific stuff, or all-in-one solution provider. It won’t be a major problem.
For large enterprises and contracted services, this won’t even be a blip on the radar. This is MS’s bread and butter. These customers deploy set solutions that include a hardware package, OS, and software platform that are integrated together and have contracts to supply these systems for years. When these customers upgrade anything they deploy a new integrated solution with new hardware, OS, and software platform rather than piecemeal. Take out the old hardware off the employee’s desk, place the new one in the same spot, plug it in, ready to go.
The business productivity sector is standardized on Microsoft Windows and that’s not going to change anytime soon.
The people that would be most irritated are enthusiasts and system builders that don’t buy complete systems like everyone else who are refusing to upgrade to 10. This segment of the market is tiny, if vocal, and they are at most a blip in MS’s bottom line. Solution here is obvious, don’t buy a Kaby Lake or Ryzen board/CPU unless you’re ready to upgrade to 10.
You can’t really say Linux, BSD, etc are any different than this because they aren’t. You have to move to an updated version of your $distro to support new hardware not covered in the old version anyway.
I can understand people’s privacy concerns, but for now they’re manageable with care on 10. For those that are concerned with MS’s shenanagans, remember we’ve all been warned since 7 (or was it Vista?) that Windows is calling home with telemetry (and no it couldn’t be turned off then either, just limited), and Microsoft can and does arbitrarily revoke license codes. Once 8.x was released the writing was already on the wall on what would happen with 10 especially since it was largely released for “free”. Frog meet pot.
Yes it will, these guys stayed on Windows XP until the very last moment, and they’ll stay on Windows 7 until the very last moment as well. Even with new hardware that comes with Windows 10, the first thing they do is wipe the disk and place their standardized OS image on it.
A lot of times, such businesses have no choice. I support an ERP package which does not run on Windows 10. It’s not only unsupported, but will not run at all no matter how you try to set the compatibility mode. It can run on 8.1, however that’s as high as it will go and we run it on Windows 7 for consistency. Even if we wanted to upgrade to 10 (which we don’t considering how many group policy settings Microsoft are deliberately ignoring) it would not be possible until or unless our mission-critical software is compatible. Period. Fortunately, we run a WSUS server internally.
stormcrow,
Do you have any evidence that this is the case? I’m genuinely curious because typically what happens is that older distros (like a knoppix cd from 2006) simply can’t take advantage of the newer features, but they still technically work and don’t have a kill switch to prevent them from running on newer computers.
Edited 2017-03-17 14:19 UTC
quote
You can’t really say Linux, BSD, etc are any different than this because they aren’t. You have to move to an updated version of your $distro to support new hardware not covered in the old version anyway.
Not altogether true. If you are using somethine like RHEL/SUSE/CentOS then the changes to support your new hardware is backported into your version. So you don’t need a new OS Version, just an updated kernel.
This might not be true for other Distros but as usual with Linux, you have a choice.
Windows 8.1, however, is still being sold, and doesn’t hit end-of-life for another year.
Microsoft is really showing its disdain for consumers (meaning not enterprise customers). I despise them more and more as time goes by.
Do I understand correctly that you can install Windows 7 on a PC with such CPU and it will work, except the Windows update service? If so, it sounds like a win-win situation: one can use a version of Windows without built-in “telemetry” spyware, and that spyware won’t be sneaked-in later trough an OS update. Still, it has potential for negative PR for Microsoft, another win.
That was my immediate thought. Silver lining: just buy a Ryzen system, install 7, and don’t worry about the telemetry being forced down your throat.
Pretty sure this update block thing was announced over a year ago, and it was going to apply to Skylake and newer. So grandfathering Skylake into Windows 7 updates had to be some sort of victory for those users.
Just don’t leave your ports open to the internet and even intranet. Windows 7 SP1 without updates can be pwned remotely if your have SMB ports open.
Also have a good AV installed because your system can be remotely hacked by feeding you with “bad” fonts which cause an overflow in the kernel.
Actually don’t browse the Internet using your Windows 7 then. It’s not safe because there are other attack vectors.
Edited 2017-03-17 20:55 UTC
Who even does use SMB these days? I personally have small ftp server made for file exchange and for printer, I have a Pentium MMX machine that boots into barebones Linux system and offer printers connected to it via CUPS (which can be mapped to Windoze as a network printer even if printer in question doesn’t have any network capabilities by itself).
darkhog,
I think network drives are terrific, I don’t even bother saving files locally because my NAS is always backed up and accessible from all my machines. It’s not that I’m particularly attached to the SMB protocol, but nothing else I’ve used seems to work as well.
I like SFTP, but I’m not willing to give up on having a locally mountable file system. Copying the files around using an ftp client would be a large step backwards for me. One of my criticisms of android is that it doesn’t support direct mounting of SMB (or SFTP), having to copy files between filesystems in order to use them is extremely annoying.
I’ve been considering something like AFS, but I haven’t really looked into it much. I’m open to alternative protocols, but mounting as a local file system is a requirement for me.
Edited 2017-03-18 00:04 UTC
SSHFS, lets you mount remote file systems over SSH. Pretty convenient if that’s all you want to do.
Darkmage,
Thanks for the suggestion, yea I’ve used it before. It’s a useful tool to have, but I found it lacking as an NAS protocol.
(At least when I was using it…) it did a very poor job keeping a persistent connection across network outages (ie WiFi, hibernation, etc). I tried combining SSHFS with the linux automounter. The initial connection worked great, but there were annoying timeouts and delays I could never resolve after intermittent dropouts. I frequently had to kill the old SSHFS process.
Secondly I really need it to work from windows. There was a time I might have ported it myself, but when vista took away the owner’s right to install their own drivers, that killed my windows kernel projects dead in their tracks. I wasn’t about to pay hundreds of dollars per year or two for a corporate code signing certificate just to use my own drivers on my own damn machine!
Haha, anyways, that’s why I don’t use sshfs
I think a signed kernel side of FUSE exists for Windows allowing other (non-Microsoft) file systems to be ported to Windows. Not sure how secure this would be for the context (SSH).
Providing the capability to extend Windows beyond what is allowed by Microsoft, such as one owner being able to install specialized drivers, could be a strong point in favor of ReactOS.
BlueofRainbow,
Good point, I hadn’t thought about that. I wish ReactOS were more production ready than it is, I’ll keep coming back to it every 5 years to try it again
I think there’s a tool that allows mounting an FTP share as a drive for Windows (for sure you can do it with Linux) and besides you can access ftp share directly from the Explorer (little known feature of it is that it acts as a basic FTP client, when you enter ftp protocol url in it it logs you as anonymous user, but just add user:password@ before the url (but after protocol identifier) and it connects as specified user).
darkhog,
Yep, it does. Plain FTP works in windows explorer, it was not a bad FTP client, however it just acts as a shell extension allowing explorer itself to access FTP, it does not technically get mounted insofar as the windows kernel and other applications are concerned. You are forced to copy files to and fro like an ordinary FTP client.
When I learned that windows had a builtin webDAV driver (aka the HTTP file transfer protocol used by ms-frontpage), I got my hopes up, but the windows implementations of it turned out to be extremely inconsistent. Some machines supported HTTPS yet not others. Some allowed webDAV on any port, others were hardcoded to 80 (which is typically already in use). It required registry hacking and some windows machines I couldn’t get to work at all no matter what I tried. Caveats aside, I think webDAV may be the closest thing windows has to a “FUSE” protocol and I had given serious thought to using it that way because of it’s simplicity. I still might, I just wish it were better supported by MS.
Edit: I practically forgot, but osnews had are article about FUSE for windows last year were we discuss some of the same things.
http://www.osnews.com/comments/29307
Edited 2017-03-20 18:29 UTC
Is there an agenda to keep most people on a close sourced operating system so that they can continue to spy on us through “updates”?
with the moves like that Year of Linux Desktop is not only inevitable, it will be quite soon too especially since certain AAA games (Mankind Divided, Witcher 3) are available on Linux already so gaming soon won’t be an issue (or rather an excuse to not use Linux since most of the new titles work just about fine via Wine/PlayOnLinux) either.
Edited 2017-03-17 22:40 UTC
This move is to force us to upgrade to Windows 10 for using those types of chips. However, I think that’s a good move.
Eh, in some ways – but there have certainly been some regressions in Win8/10 when compared to 7. The dumbest, most glaring example I’ve run into was a Catch-22 situation where I had installed the upgrade on an HTPC and it defaulted to the basic drivers and a resolution of 1360*768. “No problem,” I thought, I’ll just go online and download the drivers… except when I tried, I discovered that the network menu in Win10 has (or at least did on release) a fixed height/minimum height, and it top-aligns the list of networks, AND the height of the menu was greater than the height of the screen at that resolution. As result, the top of the network menu was cut off, making it impossible to connect to a network to download proper video drivers (short of downloading on another computer & resorting to sneaker-net).
Then there’s the idiotic lock screen that Microsoft insists on enabling everywhere, even though it’s utterly useless/pointless for any system where touch isn’t the primary input method. Any sane person would see the criticism of that “feature” and the popularity of method to disable it as a sign that it might be such a great idea – but not Microsoft, instead the doubled-down and made it even harder to disable with the anniversary update.
Or there’s the insane decision to force reboot for automatic updates AND provide no option whatsoever to disable it, even in the “Pro” version. With that one, I genuinely hope that Microsoft gets hit with a class action for willfully causing data loss.
And then there’s more mundane stuff, like bad UI design decisions/regressions. E.g. the way that “Screen Resolution” used to be an option when you right-clicked the desktop in Win7 – now in 10, it’s buried under “Display Settings”and then “Advanced display settings”. Ditto for the way that customizing the system tray icons was easier in 7, where you could just click the control to show the hidden icons & then click the “Customize” button – compared to 10, which hides that stuff under 2 separate text links, buried in the Taskbar settings.