Microsoft has finally released a document help detailing a solutionion for a bug caused by the installation of Patch Tuesday August 2020 for Windows 10 version 2004. This update causes blue screens (BSOD, or "Blue Screen of Death ") on new Lenovo ThinkPads and makes the biometric login via Windows Hello unusable.
An issue affecting Lenovo devices
The issue was reported shortly after the August cumulative update, KB566782. However, Microsoft noticed that the problem actually appeared in the preview version of July 31, 2020, KB4568831 (OS Build 19041.423) .
Lenovo has provided a workaround that is to disable the " Enhanced Windows Biometric Security "setting in the configuration BIOS, in the Security and virtualization.
The problem occurs when the Lenovo Vantage application, used for updating hardware drivers, tries to use the Intel Management Engine to interface with the firmware, and is blocked by the BIOS setting of the security update.
A dangerous workaround
Microsoft has just released a detailed rundown the bug, its symptoms, its cause and its workaround. The solution is similar to that offered by Lenovo, but comes with a severe security warning. The American giant also explains how Lenovo Vantage bypasses Windows security checks.
So it is now possible for users to solve their BSOD problems, but putting their computers at risk, according to Microsoft, s 'They decide to implement this workaround.
The proposed workaround also affects some of the latters Microsoft security features for Windows 10, such as "Hypervisor Code Integrity ", which helps protect the OS from malicious drivers, as well as "Windows Defender Credential Guard ".
“This solution can make a computer or network more vulnerable to attack by users or by malicious software, such as viruses. We do not recommend this solution, but we provide this information so that you can apply it knowingly. Use this workaround at your own risk, warns Microsoft .
Microsoft and Lenovo are working together on a solution
Microsoft explains that devices with the preview of July 31, 2020, KB4568831 (OS Build 19041.423) or later updates "limit how processes can access peripheral component interconnect (PCI) device configuration space if an ACPI table Secure Devices (SDEV) is present, and whether virtualization-based security ( VBS ) is running.
"Processes that need to access the PCI device configuration space must use officially supported mechanisms," Microsoft adds. These new restrictions are intended to prevent malicious processes from modifying the configuration space of secure devices, such as peripherals. Windows prohibits drivers from modifying the config space of these devices for its own bus interfaces.
"If a process attempts to access the PCI configuration space in an unsupported way (for example by parsing the MCFG table and mapping the configuration space to memory virtual), Windows denies access to the process and generates a Stop error, details Microsoft. “When Lenovo Vantage software is running, some versions may try to access PCI device configuration space without being supported. This action causes a Stop error.
The good news for affected ThinkPad users is that Microsoft and Lenovo are working together on a solution. However, Microsoft has not yet announced when the fix will be available.
The error codes that affected users may see are: "SYSTEM_THREAD_EXCEPTION_NOT_HANDLED " in the message screen of "Stop " error, and "0xc0000005 Access Denied " in core dump files and other logs. The associated processé is ldiagio.sys.