02-11-2020 10:54 PM - edited 02-11-2020 11:22 PM
February 2020 security update for Windows 10 version 1607 to 1903 KB4524244 could cause my notebook to completely freeze when installing this update at 99%. Then the system rebooted with an alert of "SecureBoot key changed". If I tried again and rebooted, the computer would stuck at BIOS screen and lose responsiveness. My OS is Windows 10 version 1903 and my BIOS version is 01.09.01. SecureBoot is disabled. The KB4524244 security update is related to UEFI firmware fix (and maybe SecureBoot certificate update). https://support.microsoft.com/en-us/help/4524244/security-update-for-windows-10-february-11-2020
Here're some attempts to address this issue:
1. Updating to Windows 10 version 2004. Windows 10 version 2004 has already included this security update since September 2019. This is suggested by the September 2019 timestamp of files inside the KB4524244 update package. The computer stopped working after one reboot, completely hung. After forced reboot it showed "SecureBoot key changed". I posted the problem on December 2019: https://h30434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Windows-10-v2004-incompatibilit... but they looked down upon the importance of beta testing. But this KB4524244 security update is NOT beta, it's for EVERYONE.
2. Downgrading BIOS version. I tried to downgrade my BIOS version to 01.08.00 and it didn't work.
3. Clearing CMOS settings. I removed CMOS battery and reinstalled after 1 minute. Then the computer wouldn't stuck at BIOS screen.
4. Using legacy mode. I switched to legacy (CSM) mode and fresh installed with MBR partition, the system worked fine but alerted "no operating system found" every boot.
5. Searching on the Internet. I noticed this post: https://www.windowsphoneinfo.com/threads/2020-02-updates-kb4524244-locks-up-my-computer-and-fails-in... This HP customer had exactly the same problem as me. I've also noticed that we have the same Raven Ridge processor and maybe similar HP custom UEFI firmware.
In conclusion, I believe that HP custom UEFI firmware is to blame. I hope you can solve this problem as soon as possible.
02-14-2020 12:17 AM - edited 02-14-2020 12:18 AM
I solved this problem by switching off HP Sure Start SecureBoot key protection in BIOS settings. KB4524244 was meant to fix UEFI vulnerability by replacing SecureBoot key, however, it triggered HP Sure Start SecureBoot key protection mechanism, which consequently caused the system to hang up. I suggest that for every regular user it's better to turn off this protection feature and disable SecureBoot. This is still a compatibility problem, though, and I think HP should solve it for enterprise users.
02-14-2020 03:36 PM
There are threads going on the HP site and on the Microsoft site regarding this. So far nothing official from either of the suppliers. However, the common thread seems to be this is heavily affecting the HP machines with AMD processors, (most seem to be Ryzen processors).
The general consensus at this time seems to be to block the update (KB4524244) and don't try working around it until Microsoft/HP figure this one out. There have been reports (few) of success by turning off Sure Start but the majority of the respondents are finding the system locks up after you have attempted the update the first time, even when Sure Start is disabled. I am among those and sweated through a Windows recovery that ultimately worked.
If you are on managed systems, the Admins should block the update through their utilities. If you are an unmanaged system, there is a utility on the Microsoft site you can use to "Hide" the update and prevent it from coming down with the stream of updates.
URL for utility:
Hope that helps and Microsoft/HP can figure this out soon or get the update removed.
02-14-2020 08:14 PM
My laptop (HP Pavilion x360) has the same problem after a Windows update. It couldn't reboot. I am stuck in a system restore that has taken an hour with no end in sight.
Microsoft and device manufacturers should work together to resolve issues with updates before releases. This is a shame.
02-14-2020 08:39 PM - edited 02-14-2020 08:39 PM
So there're general steps to solve the problem:
1. If you haven't install KB4524244, go right into BIOS settings by pressing F10 immediately after powering on the computer and turn off Sure Start SecureBoot key protection (in Security -> Sure Start).
2. If you already installed KB4524244 and the computer can't boot, open up the computer and unplug CMOS battery. Keep it unplugged for at least 1 minute, and then the computer will be able to boot up again. Remember to turn off Sure Start SecureBoot key protection.
3. If you're experiencing problems with Windows Update, you need to perform an "upgrade" to the same version of Windows.
02-15-2020 11:43 AM
Microsoft has recently updated support KB article 4524244 to indicate that they have pulled the update and has stopped offering it:
This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.
02-20-2020 08:56 AM
An HP Customer Support - Knowledge Base article has been released concerning this issue.
If you like my post, click the thumbs up.
02-20-2020 11:30 AM - edited 02-20-2020 11:38 AM
More fallout from the KB4524244 update mess.
Read this recent Computerworld.com article titled "The mess behind Microsoft’s yanked UEFI patch KB 4524244"
Bottom line - KB4524244 was a buggy update. 'nuff said
If that update was already installed, remove it regardless of whether the problems occurred with it or not