Karlston Posted May 4, 2016 Share Posted May 4, 2016 Blame Asus for the headache, which is apparently caused by a conflict with a Secure Boot setting in the Asus BIOS Many people who own machines with Asus motherboards are wondering why Asus turned on Secure Boot in UEFI. Windows 7 users with those motherboards didn't have any outward warnings of the setting -- Win7 doesn't support Secure Boot -- until BitLocker patch KB 3133977 appeared. KB 3133977, in turn, was a fix for an earlier bug in KB 2990184, which was a fix for a problem with backing up a Federal Information Processing Standard (FIPS) password to Active Directory in FIPS compliance mode. Got that? KB 3133977 went from Optional on March 15 to Recommended on April 12. Back when it was Optional, only a few people installed it, and a small percentage of them with the right (wrong?) Asus motherboard saw their machines freeze. The earliest report I can find of the freeze comes from Nick Baker, posted on March 19 on the Superuser forum: I have a PC with an Asus motherboard running Windows 7 Pro. Yesterday I installed latest Windows updates, restarted, and shortly afterwards hibernated the machine. This morning on un-hibernating I got a black screen with: "The system found unauthorized changes on the firmware, operating system, or UEFI drivers." On March 21, poster evilsofa on HardForum said: I'm dual booting Windows 10 on one SSD and Windows 7 on the other SSD; motherboard is the Asus Sabertooth Z170. Secure Boot suddenly stopped working for Windows 7 but not for Windows 10.... Booting up in Safe Mode was not possible, and the Secure Boot setting in the BIOS was greyed out and not changeable in a straightforward manner. I eventually learned how to disable Secure Boot on current motherboards by backing up then deleting the PK Secure Boot Key. For whatever reason, apparently Microsoft didn't see the problem reports and upgraded the patch to Recommended. Gradually, people saw the fix, then checked and installed the Recommended update; next thing you know, their machines wouldn't boot. I'm now seeing problems reported from all over the globe about Windows 7 machines that suddenly won't boot, showing a red box that says: Secure Boot Violation The system found unauthorized changes on your firmware, operating system or UEFI drivers. Press [OK] to run the next boot device, or enter directly to BIOS Setup if there are no other boot devices installed. Go to BIOS Setup > Advanced > Boot and change the current boot device into other secured boot device. It's a wonderful sentiment, but there's no indication that a Recommended Windows patch caused the problem. And if you don't have another secured boot device you're up the ol' UEFI creek without a paddle. Asus responded with FAQ 1016356, which describes a way to disable UEFI Secure Boot on their motherboards. (I can't tell when Asus posted its FAQ, because it's undated.) I'm also seeing reports that uninstalling the Recommended update will bring your PC back if you can boot to a different operating system, bypass Win7's lockup, and uninstall the patch. The KB article now helpfully notes: After you install update 3133977 on a Windows 7 x64-based system that includes an Asus-based main board, the system does not start, and it generates a Secure Boot error on the Asus BIOS screen. This problem occurs because Asus allowed the main board to enable the Secure Boot process even though Windows 7 does not support this feature. To resolve this problem, go to the following Asus support website to learn how to disable Secure Boot for Windows 7: http://www.asus.com/support/FAQ/1016356/ Note The Secure Boot feature is supported in Windows 10. To learn more about the security advantages of this feature and about the upgrade path from Windows 7 to Windows 10, go to the following Windows website: www.microsoft.com/windows I think of that Win10 shot as rubbing salt in the wound, but Asus appears to be at fault. Source: Recommended KB 3133977 patch can cause Asus PCs to freeze (InfoWorld - Woody Leonhard) Link to comment Share on other sites More sharing options...
heyyahblah Posted May 5, 2016 Share Posted May 5, 2016 ASUS is at fault yes, but also some little dipshit at Mircoshit is also. If they changed the update from from Optional to Recommended. I bet you its because someone on the "inside" found out about this ASUS BUG and told PR and they in turn thought "hey this is a good idea to tarnish & sabotage Win 7 reputation even more and make W10 more appealing". Lets force this optional download as recommended and see how many people we can screw up and piss off, prevent their computers from booting and forcing (recommending) them to go to W10. Would not surprise me at the least! Microshit is so desperate these days, so desperate to get people to adopt a BETA O/S as their main O/S, and letting all the fanboiis think they are special by dabbing in an "INSIDER PREVIEW" (aka code name for ALPHA version O/S), that act like its the holy grail. I'm looking at you cockboys @tenforums.com hahaha. So ASUS should release a fix, but Microshit should also move the patch back to "optional" where it belongs for W7 users as all it does is complicate things and create problems. There is no "security fix" by making this a recommended fix to download. Microsoft is so at fault here. 100% they knew about this. Deserate times to force an O/S on users, its so unreal. Link to comment Share on other sites More sharing options...
vibranium Posted May 5, 2016 Share Posted May 5, 2016 47 minutes ago, heyyahblah said: ASUS is at fault yes, but also some little dipshit at Mircoshit is also. With so much unprincipled corporate greed crap coming out of Redmond these days, I wouldn't be surprised if you're right. Link to comment Share on other sites More sharing options...
steven36 Posted May 5, 2016 Share Posted May 5, 2016 Quote Updategate: Microsoft suggests updating to Windows 10 to patch Windows 7 Borked your motherboard? Try this upgrade we've nagged you about repeatedly MICROSOFT HAS confirmed a potentially lappy-borking problem that it won't be fixing, because Windows 7. Woody Leonhard, the respected Windows columnist, points to a problem involving Asus motherboards, which also appear rebadged in a variety of other manufacturers' machines, and the activation of UEFI Secure Boot for Windows 7 in a patch KB3133977. Short version: install update, welcome to Borksville, population you. Both Asus and Microsoft acknowledged the problem. Microsoft entitled the article "BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2", but we prefer to just call it "Trevor for brevity." The firm's advice was that it's an optional update, leave well alone, you'll be fine, or alternatively turn secure boot off. Then Microsoft did a silly, silly thing. It moved the update from 'optional' to 'recommended' and anyone who reads this site regularly will know what happens when Microsoft does this. That's right boys and girls - it makes it automatically install, unless you've specifically told your machine not to. So now, if you have one of the affected motherboard and you keep your security updates automatic like wot Microsoft recommends, then your machine will stop working properly. We should add it's not permanently bricked, but it will take some mucking about in the BIOS to fix and that's a pain even for an experienced computer user. Microsoft has, by offering a workaround, suggested heavily that it won't be fixing the problem, though we have asked the question, so expect a response in about a fortnight. But the real kicker is this piece of advice: "Note The Secure Boot feature is supported in Windows 10. To learn more about the security advantages of this feature and about the upgrade path from Windows 7 to Windows 10, go to the following Windows website" Holy toledo, this company really knows how to rub people up the wrong way. After all - if the advice is to manually avoid the update or move to a version of the operating system where there's virtually no control over updates, then Microsoft is dealing in massive contradictions. A more cynical site would suggest that it's yet another example of Microsoft running Windows 7 into the ground and adding built in obsolescence to encourage quicker updates. But we're not that sort of site. To whit, rock, hard place, user. Our heads, hard place, bang repeatedly http://www.theinquirer.net/inquirer/news/2457031/updategate-microsoft-suggests-updating-to-windows-10-to-patch-windows-7 Link to comment Share on other sites More sharing options...
heyyahblah Posted May 5, 2016 Share Posted May 5, 2016 ^ Hahahaha, I f**ken knew it !!!!!! Right on schedule, thanks for the post @steven36 Link to comment Share on other sites More sharing options...
BimBamSmash Posted May 6, 2016 Share Posted May 6, 2016 I imagine a poor system admin walking into the office and being told not a single system boots beyond the first beep. Ooh, the tension. It is easy to tell from the error message that it has something to do with Secure Boot, but I doubt this is something Admins can handle remotely, in batches, like they normally do. Turning off secure boot just to get Windows booting so that the update can be removed should be... fuuuuun! Link to comment Share on other sites More sharing options...
Maxhedroom Posted May 7, 2016 Share Posted May 7, 2016 Glad I heard about this b4 I updated. Thx to MS's relentless douch-baggery since the launch of Win 10 I have disabled updates completely. Every time patch tuesday comes round I WAIT 1 WEEK b4 I install them...this allows time for any bullshit to be discovered and avoided, Anyone who lets updates install automatically is insane or is at very least asking for trouble imo. The 1 Week rule is a wise choice. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.