Microsoft has in any case revealed a reinforce record detailing its workaround for the August 2020 Patch Tuesday replace for Home windows 10 model 2004 that brought about blue displays of deaths (BSODs) on more moderen Lenovo ThinkPads and broke Home windows Hi biometric login.
Customers began reporting problems after the cumulative August replace KB566782 for Home windows 10 model 2004 and affected Lenovo ThinkPads made in 2019 and 2020. Alternatively, Microsoft notes that the problem if truth be told seemed within the July 31, 2020 KB4568831 (OS Construct 19041.423) Preview.
Lenovo introduced a workaround that concerned disabling the Enhanced Home windows Biometric Safety surroundings in BIOS Setup within the safety and virtualization settings segment.
The problem befell when Lenovo’s Vantage app for updating hardware drivers tried to make use of the Intel Control Engine to interface with firmware, which were given blocked by way of the BIOS surroundings within the safety replace.
Microsoft has now revealed an in depth rundown of the malicious program, its signs, reason and its workaround. It is the identical as Lenovo’s previous workaround however comes with a stern safety caution from Microsoft. Microsoft additionally explains how Lenovo Vantage violates Microsoft’s safety controls in Home windows.
Customers would possibly bypass the BSOD display screen, however they’re endangering their computer systems by way of enforcing the workaround, in step with Microsoft.
The workaround additionally impacts a few of Microsoft’s newest safety features for Home windows 10, similar to Hypervisor Code Integrity for safeguarding the OS from malicious drivers, in addition to Home windows Defender Credential Guard.
“This workaround would possibly make a pc or a community extra at risk of assault by way of malicious customers or by way of malicious device similar to viruses. We don’t counsel this workaround however are offering this data with the intention to enforce this workaround at your individual discretion. Use this workaround at your individual chance,” Microsoft states.
Microsoft explains that gadgets with the July 31, 2020 KB4568831 (OS Construct 19041.423) Preview or later updates “limit how processes can get admission to peripheral part interconnect (PCI) tool configuration house if a Safe Gadgets (SDEV) ACPI desk is provide and Virtualization-based Safety (VBS) is working”.
“Processes that experience to get admission to PCI tool configuration house will have to use formally supported mechanisms,” it provides.
In step with Microsoft, the brand new restrictions goal to stop malicious processes from enhancing the configuration house of safe gadgets, similar to peripherals. Home windows restricts tool drivers from converting the configuration house of those gadgets to its personal bus interfaces.
“If a procedure tries to get admission to PCI configuration house in an unsupported way (similar to by way of parsing MCFG desk and mapping configuration house to digital reminiscence), Home windows denies get admission to to the method and generates a Prevent error,” Microsoft explains.
It provides: “When Lenovo Vantage device runs, some variations would possibly attempt to get admission to PCI tool configuration house in an unsupported way. This motion reasons a Prevent error.”
The excellent news for affected ThinkPad customers is that Microsoft and Lenovo are running in combination on a repair. Alternatively, Microsoft hasn’t mentioned when that shall be to be had.
The mistake codes affected customers would see come with: ‘SYSTEM_THREAD_EXCEPTION_NOT_HANDLED’ within the Prevent error message display screen, and ‘0xc0000005 Get admission to Denied’ in reminiscence dumps recordsdata and different logs. The related procedure is ldiagio.sys.