For those of you planning to run Windows 7 SP1, Windows 8.1 Update 1, Windows Server 2008 R2 or 2012 R2 on your shiny new Intel Kaby Lake, AMD Ryzen or Bristol Ridge processors, Microsoft’s update to block updates on these systems has just gone live. Available as an optional update through Windows Update or through the Windows Update Catalog, KB4012218 and KB4012219 will block online update scans as soon as they’re installed, even if applicable updates are available for your system. Hit the jump for more.
KB4012218 and KB4012219 are update rollups, including several other updates in a single package to be downloaded on systems that haven’t updated since the last available rollup. Because they are optional updates, it is possible to block them in Windows Update by hiding them, or by disabling their installation in group policy or via WSUS configuration options on Server 2008 and 2012.
The catch from here on out is that if you install an update that doesn’t explicitly state support for your processor, you run the risk of system failure if it does something that is unexpected or not supported. While Windows 7 and 8.1 no longer receive feature upgrades, they are both in the support window to receive critical security updates, which includes patches for zero-day exploits. This is why the update is optional for now – if a critical security update still works on your system, and if you’re currently vulnerable, applying that update to stay protected should be possible.
This makes it easy for system administrators to continue applying updates to systems that run unsupported processors, but keep in mind that you need to be extremely careful with testing these updates before rolling them out to your supported network.
Microsoft has not announced any plans to make this update compulsory, but that might be their intention in the future to avoid people staying on these older operating systems for longer than they would like.