Lenovo’s recent BIOS update hiccup on Windows 11 (and even Windows 10) has set off a flurry of activity among tech enthusiasts and IT professionals alike. The issue stems from Microsoft’s decision to bolster security by updating the Vulnerable Driver Blocklist, known internally as DriverSiPolicy.p7b—a move that inadvertently ended up blocking Lenovo’s essential BIOS flashing utility, WinFlash64.exe.
In an ironic twist, Microsoft’s security enhancement—designed to keep potentially dangerous drivers at bay—has thrown a spanner in the works for Lenovo’s BIOS update routine. Lenovo typically relies on its BIOS update utility (most notably for ThinkPad computers) and delivers updates both via Lenovo Vantage and Windows Update. However, as early reports began to surface, several users noted that their attempts to update the BIOS ended in failure. The problems range from complete installation stoppages to cryptic “Flash Error” messages prompting users to reboot to reach the desktop once more.
Key insights from the reports include:
Affected updates include:
This episode highlights a recurrent theme in modern computing: the balancing act between enhanced security and legacy system compatibility. Microsoft’s tightened security may prevent certain legacy utilities from executing, thereby exposing hidden dependencies that hardware manufacturers must then address.
For Windows 11 users, particularly those on ThinkPad models, vigilance is key. Always check for the latest updates on both Windows and your BIOS. Staying up-to-date is not just about accessing new features—it’s a crucial factor in maintaining system stability and security.
In a world where every update is a double-edged sword, it pays to remain informed and proactive. Whether you lean on Lenovo Vantage or your system’s built-in diagnostics, keep an eye on official announcements and remember that sometimes the solution is just an update away. This is yet another reminder that in the realm of modern computing, security and usability must always walk hand in hand.
By staying ahead of these challenges, we can ensure our systems remain both secure and efficient—even when faced with unexpected hurdles like a blocked BIOS update utility.
Source: WindowsLatest Lenovo's BIOS updates are failing on Windows 11 after Microsoft made a change
How This Issue Unfolded
In an ironic twist, Microsoft’s security enhancement—designed to keep potentially dangerous drivers at bay—has thrown a spanner in the works for Lenovo’s BIOS update routine. Lenovo typically relies on its BIOS update utility (most notably for ThinkPad computers) and delivers updates both via Lenovo Vantage and Windows Update. However, as early reports began to surface, several users noted that their attempts to update the BIOS ended in failure. The problems range from complete installation stoppages to cryptic “Flash Error” messages prompting users to reboot to reach the desktop once more.Key insights from the reports include:
- Microsoft’s updated blocklist now explicitly prevents WinFlash64.exe from executing.
- The BIOS update fails often before Windows even completes the boot process.
- Users encounter messages like “Action blocked: Your administrator caused Windows Security to block this action. Contact your help desk” and alerts from the Windows Program Compatibility Assistant.
- Within Lenovo Vantage, errors are summarized as “Some updates were not installed correctly,” often hinting at issues such as low battery warnings or AC power not being plugged in—even though these are red herrings caused by the security block.
The Role of Microsoft’s Vulnerable Driver Blocklist
Microsoft regularly updates its Vulnerable Driver Blocklist to maintain the integrity and security of Windows devices. In this case, a recent update evolved the blocklist in a way that it now also catches WinFlash64.exe, the very tool Lenovo relies on for safely flashing updated BIOS firmware. The intent here was clear: to prevent potentially unstable drivers from running. But as any Windows expert will tell you, in the world of OS security there is often a fine line between protecting your system and inadvertently disrupting essential processes.Affected updates include:
- Windows 10 22H2: KB5050081, KB5051974, KB5052077.
- Windows 11 22H2/23H2: KB5050092, KB5051989, KB5052094.
- Windows 11 24H2: KB5050094, KB5051987, KB5052093.
Understanding the Error Messages
If you’ve encountered this issue, you might have seen a range of error notifications:- A Windows Security alert stating, “Action blocked: Your administrator caused Windows Security to block this action. Contact your help desk.”
- A message from the Windows Program Compatibility Assistant about a driver being blocked or unable to load due to a security setting.
- Lenovo Vantage’s error message indicating “Some updates were not installed correctly.”
- The WINUPTP screen showing “Flash Error. An unexpected error has occurred. The utility process has not completed.”
What Does the Fix Mean for You?
The good news is that Lenovo is already working on a remedy. A new BIOS version that circumvents this block is starting to roll out:- BIOS version 1.61 for UEFI BIOS.
- BIOS version 1.44 for ECP.
This episode highlights a recurrent theme in modern computing: the balancing act between enhanced security and legacy system compatibility. Microsoft’s tightened security may prevent certain legacy utilities from executing, thereby exposing hidden dependencies that hardware manufacturers must then address.
Actionable Steps for Affected Users
For those eager to avoid the dreaded BIOS update failure, here’s a concise roadmap:- Verify your current BIOS version using your system’s diagnostics or Lenovo Vantage.
- Check Lenovo’s support documentation and announcements to confirm if your model is impacted.
- Search for the latest BIOS update (look for version 1.61 for UEFI or 1.44 for ECP) that addresses the WinFlash64.exe block.
- If your system is still on an older release, consider postponing the update or using alternative installation methods recommended by Lenovo.
- If the error persists or you encounter unexplained warnings, contact Lenovo support or consult discussions on community forums like WindowsForum.com for additional troubleshooting tips.
Broader Implications and Final Thoughts
This incident serves as a reminder for both end-users and IT departments: even well-intentioned security upgrades can have unintended consequences. In striving for robust protection, sometimes essential utilities are caught in the crossfire. While Microsoft’s approach continues to evolve, ensuring maximum protection against vulnerable drivers, manufacturers like Lenovo must adapt their tools and workflows to stay compatible with these security policies.For Windows 11 users, particularly those on ThinkPad models, vigilance is key. Always check for the latest updates on both Windows and your BIOS. Staying up-to-date is not just about accessing new features—it’s a crucial factor in maintaining system stability and security.
In a world where every update is a double-edged sword, it pays to remain informed and proactive. Whether you lean on Lenovo Vantage or your system’s built-in diagnostics, keep an eye on official announcements and remember that sometimes the solution is just an update away. This is yet another reminder that in the realm of modern computing, security and usability must always walk hand in hand.
By staying ahead of these challenges, we can ensure our systems remain both secure and efficient—even when faced with unexpected hurdles like a blocked BIOS update utility.
Source: WindowsLatest Lenovo's BIOS updates are failing on Windows 11 after Microsoft made a change
Last edited: