Skip to main content

This Windows 10 update fail has a fix that could cause more harm than good

(Image credit: Shutterstock)

A recent Windows 10 update is causing problems for Lenovo ThinkPad devices, with Blue Screen of Death errors and broken Windows Hello biometric logins, and a fix that could work around these issues may actually cause even more problems for owners – at least, according to Microsoft.

The issue concerns the cumulative August Windows 10 update, KB566782 (also known as Windows 10 version 2004), and affects Lenovo ThinkPads from 2019 and 2020, as well as the KB4568831 Windows 10 preview launched on July 31.

It seems the Lenovo Vantage app, which updates drivers, uses the Intel Management Engine (as reported by ZDNet) to alter firmware – something that the update blocks – and this appears to be the cause of the problem.

Lenovo suggested to avoid the issue, users should disable the ‘Enhanced Windows Biometric Security’ setting in the BIOS – something that Microsoft has strongly advised against.

Is the risk worth it?

As Microsoft states in an in-depth article on the issue, the work around can be applied by editing “the device UEFI configuration (in the Security > Virtualization section) to disable Enhanced Windows Biometric Security. This change disables the restrictions that are enabled by the SDEV table and VBS.”

However, Microsoft warns that “this workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion.”

Scary stuff, and it leaves Lenovo ThinkPad owners with a dilemma. Do they apply the fix so they can use their devices without issue, but put their security at risk, or do they continue to suffer with Blue Screen of Death errors, which make the device crash and become unresponsive?

It’s a tricky choice that hopefully people won’t have to make for long, as Microsoft claims that it is working with Lenovo to come up with a fix that won’t have implications on ThinkPad owner’s security. Let’s hope this proper fix arrives soon.