• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
HP Recommended
EliteBook 735 G5
Microsoft Windows 10 (64-bit)

February 2020 security update for Windows 10 version 1607 to 1903 KB4524244 could cause my notebook to completely freeze when installing this update at 99%. Then the system rebooted with an alert of "SecureBoot key changed". If I tried again and rebooted, the computer would stuck at BIOS screen and lose responsiveness. My OS is Windows 10 version 1903 and my BIOS version is 01.09.01. SecureBoot is disabled. The KB4524244 security update is related to UEFI firmware fix (and maybe SecureBoot certificate update). https://support.microsoft.com/en-us/help/4524244/security-update-for-windows-10-february-11-2020

Here're some attempts to address this issue:

1. Updating to Windows 10 version 2004. Windows 10 version 2004 has already included this security update since September 2019. This is suggested by the September 2019 timestamp of files inside the KB4524244 update package. The computer stopped working after one reboot, completely hung. After forced reboot it showed "SecureBoot key changed". I posted the problem on December 2019: https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Windows-10-v2004-incompatibilit... but they looked down upon the importance of beta testing. But this KB4524244 security update is NOT beta, it's for EVERYONE.

2. Downgrading BIOS version. I tried to downgrade my BIOS version to 01.08.00 and it didn't work.

3. Clearing CMOS settings. I removed CMOS battery and reinstalled after 1 minute. Then the computer wouldn't stuck at BIOS screen.

4. Using legacy mode. I switched to legacy (CSM) mode and fresh installed with MBR partition, the system worked fine but alerted "no operating system found" every boot.

5. Searching on the Internet. I noticed this post: https://www.windowsphoneinfo.com/threads/2020-02-updates-kb4524244-locks-up-my-computer-and-fails-in... This HP customer had exactly the same problem as me. I've also noticed that we have the same Raven Ridge processor and maybe similar HP custom UEFI firmware.

In conclusion, I believe that HP custom UEFI firmware is to blame. I hope you can solve this problem as soon as possible.

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

An HP Customer Support - Knowledge Base article has been released concerning this issue.

 

https://support.hp.com/us-en/product/hp-elitebook-735-g5-notebook-pc/18804892/document/c06572866

 

Joel

I am an HP Employee.

If you like my post, click the thumbs up.

View solution in original post

12 REPLIES 12
HP Recommended

Update:

I solved this problem by switching off HP Sure Start SecureBoot key protection in BIOS settings. KB4524244 was meant to fix UEFI vulnerability by replacing SecureBoot key, however, it triggered HP Sure Start SecureBoot key protection mechanism, which consequently caused the system to hang up. I suggest that for every regular user it's better to turn off this protection feature and disable SecureBoot. This is still a compatibility problem, though, and I think HP should solve it for enterprise users.

HP Recommended

I think Secant1006 is right but...how can any user easily turn off and disable SecureBoot feature before installing KB4524244 security update ? 🤔

Any help would be greatly appreciated.

HP Recommended

There are threads going on the HP site and on the Microsoft site regarding this.  So far nothing official from either of the suppliers.  However, the common thread seems to be this is heavily affecting the HP machines with AMD processors, (most seem to be Ryzen processors).

 

The general consensus at this time seems to be to block the update (KB4524244) and don't try working around it until Microsoft/HP figure this one out.  There have been reports (few) of success by turning off Sure Start but the majority of the respondents are finding the system locks up after you have attempted the update the first time, even when Sure Start is disabled.  I am among those and sweated through a Windows recovery that ultimately worked.

 

If you are on managed systems, the Admins should block the update through their utilities.  If you are an unmanaged system, there is a utility on the Microsoft site you can use to "Hide" the update and prevent it from coming down with the stream of updates.

 

URL for utility:

     https://support.microsoft.com/en-us/help/4026726/windows-10-hide-updates-or-driver-updates

 

Hope that helps and Microsoft/HP can figure this out soon or get the update removed.

HP Recommended

My laptop (HP Pavilion x360) has the same problem after a Windows update. It couldn't reboot. I am stuck in a system restore that has taken an hour with no end in sight. 

 

Microsoft and device manufacturers should work together to resolve issues with updates before releases. This is a shame.

HP Recommended

So there're general steps to solve the problem:

1. If you haven't install KB4524244, go right into BIOS settings by pressing F10 immediately after powering on the computer and turn off Sure Start SecureBoot key protection (in Security -> Sure Start).

2. If you already installed KB4524244 and the computer can't boot, open up the computer and unplug CMOS battery. Keep it unplugged for at least 1 minute, and then the computer will be able to boot up again. Remember to turn off Sure Start SecureBoot key protection.

3. If you're experiencing problems with Windows Update, you need to perform an "upgrade" to the same version of Windows.

HP Recommended

Microsoft has recently updated support KB article 4524244 to indicate that they have pulled the update and has stopped offering it:

https://support.microsoft.com/en-us/help/4524244/security-update-for-windows-10-february-11-2020

 


Important

This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.


 

HP Recommended

Good News Noelgp21!!!!

 

Definitely the right move.  This thing has been wreaking havoc with a lot of system support folks, knocking down big chunks of their support bases and even servers.  

 

Appreciate the update

HP Recommended

An HP Customer Support - Knowledge Base article has been released concerning this issue.

 

https://support.hp.com/us-en/product/hp-elitebook-735-g5-notebook-pc/18804892/document/c06572866

 

Joel

I am an HP Employee.

If you like my post, click the thumbs up.
HP Recommended

More fallout from the KB4524244 update mess.

 

Read this recent Computerworld.com article titled "The mess behind Microsoft’s yanked UEFI patch KB 4524244"

https://www.computerworld.com/article/3528302/the-mess-behind-microsoft-s-yanked-uefi-patch-kb-45242...

 

Bottom line - KB4524244 was a buggy update.  'nuff said

If that update was already installed, remove it regardless of whether the problems occurred with it or not

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.