Windows 11 24H2 Safeguard Holds Lifted: Dirac Audio and Camera Fixes

Microsoft has quietly lifted two more targeted compatibility holds that kept a noticeable slice of Windows PCs from being offered Windows 11, version 24H2 through Windows Update — a change that reopens the upgrade path for affected users but also highlights the brittle dependencies between modern OS updates, vendor drivers, and third‑party middleware. Microsoft’s Release Health entries show the two recent removals were driven by vendor-supplied driver updates: one resolving a Dirac Audio / cridspapo.dll regression and the other addressing a camera / face‑detection freeze in certain imaging stacks.

Background​

Windows feature updates are staged and controlled by Microsoft’s rollout infrastructure so that not every device receives a major update at once. When telemetry or partner reports reveal a real risk (BSODs, missing devices, app hangs), Microsoft applies safeguard holds (also called compatibility holds) that block the Windows Update offer for narrowly defined device/driver/software fingerprints. Those holds remain until Microsoft and the relevant vendor(s) validate and distribute fixes, typically delivered as driver or cumulative updates via Windows Update itself. This process is intended to protect users from widespread breakage — but it creates a staggered, sometimes confusing upgrade experience for many.
In the case of Windows 11, version 24H2, Microsoft documented a number of targeted safeguard holds during the rollout: audio middleware (Dirac cridspapo.dll), camera/object-detection freezes (impacting Camera app and Windows Hello), and several gaming/driver-related issues (Easy Anti‑Cheat, Intel Smart Sound Technology variants, and other vendor drivers). Over the past year Microsoft and its partners have been systematically resolving these, and the recent removals — which were reflected in Microsoft’s Release Health dashboard in mid‑September — reopened the update path for many machines once the necessary driver updates reached affected devices.

---

What Microsoft removed — the technical summary​

Dirac Audio (cridspapo.dll) — safeguard ID 54283088​

• Symptom: On some OEM systems that included Dirac Audio middleware (the cridspapo.dll binary), upgrading to Windows 11, version 24H2 could cause complete loss of audio endpoints — integrated speakers, Bluetooth speakers, and headsets could disappear and applications would not detect audio devices.
• Fix: The audio vendor and OEMs rebuilt compatible driver/middleware packages and Microsoft distributed an updated driver via Windows Update. Microsoft marked the issue resolved and removed the safeguard hold as of September 11, 2025. Eligible devices that have received the corrected drivers should now be offered 24H2 via Windows Update, subject to the usual 48‑hour propagation window.

Camera / face/object detection (app hangs) — safeguard ID 53340062​

• Symptom: On a limited set of devices, integrated camera scenarios using on‑device object or face detection (including Windows Hello facial sign‑in) could cause the Camera app or other dependent apps to hang or become unresponsive after installing 24H2.
• Fix: OEMs and imaging driver vendors issued updates and Microsoft validated the remediation. The safeguard was removed in mid‑September 2025; affected devices that install the necessary driver and cumulative updates should see the Windows 11, version 24H2 offer appear within roughly 48 hours.

Both removals were driver‑level remedies: Microsoft did not change the 24H2 feature payload itself but waited for vendor updates to enter the Windows Update delivery pipeline and for telemetry to confirm the fix was effective for the targeted device populations. That’s the typical pattern for third‑party driver regressions.

---

Why this matters to users and administrators​

• For consumers: If you were blocked from upgrading to 24H2 because Windows Update never offered it, these safeguard removals may finally let your PC see the update — but only after the updated vendor driver appears on your device and the system has been restarted. Microsoft warns the offer can take up to 48 hours to propagate after the corrected driver is installed. Installing all pending quality and driver updates first is the recommended sequence.
• For IT admins: The removals reduce one layer of friction for broader rollouts, but they don’t eliminate the need for pilot rings, driver inventory, and pre‑deployment testing. Safeguard holds are device‑specific; even after a vendor publishes a fix, some models may still be held if OEMs haven’t published a compatible update for that SKU. Use Windows Update for Business reports and the Release Health safeguard IDs to verify which endpoints were affected and whether the hold has cleared for each device.
• For gamers and specialized app users: Other holds — for example, those tied to Easy Anti‑Cheat drivers — were removed earlier (Easy Anti‑Cheat-related hold removed July 24, 2025), but remaining third‑party kernel drivers (anti‑cheat, protection drivers, DRM components) can still cause devices to be excluded. Confirm game vendor and anti‑cheat updates before upgrading.

---

How to check whether your device is now eligible (step‑by‑step)​

• Install all pending updates
• Go to Settings → Windows Update → Check for updates.
• Install offered cumulative updates and any driver updates; reboot when prompted.
• Confirm driver presence and version
• For Dirac Audio issues: check Device Manager under “Sound, video and game controllers” or OEM‑specific audio entries, or inspect the file cridspapo.dll in the appropriate vendor folders to confirm an updated binary is present.
• For camera issues: open Device Manager → Cameras or Imaging Devices, confirm driver package date and vendor; check the Camera app / Windows Hello behavior after installing updates.
• Check Windows Update messaging
• If a safeguard is still active, Windows Update will show a message like: “Upgrade to Windows 11 is on its way to your device… Once the update is ready for your device, you’ll see it available on this page.” Follow the “Learn more” link when present to see the specific safeguard ID affecting your device.
• Wait up to 48 hours and restart
• Microsoft notes that after a corrected driver reaches a device, it can take up to 48 hours for the 24H2 offer to appear. A restart often accelerates the appraiser check that governs the rollout.
• If you still don’t see the offer
• Check your OEM’s support site for model‑specific driver packages (OEMs sometimes publish fixes to their own update channels before Microsoft pushes them broadly).
• For managed fleets, use Windows Update for Business reports and the Release Health dashboard to query the safeguard ID and GStatus values.

---

Practical guidance and recommended upgrade sequence​

• Backup first: Always back up critical data and, for enterprise fleets, stage image and rollback plans before a broad upgrade wave.
• Don’t force upgrades while a relevant safeguard is in place: Using the Installation Assistant, media creation tool, or manual ISO to bypass a safeguard may produce the exact failures the hold was designed to prevent. Microsoft and OEM guidance consistently warns against circumventing targeted holds.
• Use pilot rings: Deploy 24H2 to a representative pilot group that mirrors your most common hardware and workloads. Validate camera, audio, DRM playback, and business‑critical apps.
• Inventory vulnerable drivers: Maintain visibility of kernel drivers and middleware that historically cause problems (anti‑cheat, DRM/protection drivers, specialized audio stacks). Track file names and versions (for example, IntcAudioBus.sys, cridspapo.dll, sprotect.sys) so you can quickly identify affected endpoints.
• Allow automatic driver flow: Where possible, let Microsoft Update deliver vendor‑validated drivers to endpoints; doing so is what allows safeguards to be cleared safely at scale.

---

Strengths of Microsoft’s safeguard model — why it worked here​

• Targeted protection: Safeguard holds block only the specific device/driver signatures that cause a problem rather than halting a deployment globally. That reduces the blast radius while the vendor fix is developed.
• Vendor coordination: Where third‑party drivers are implicated, the remediation path is usually straightforward — the vendor rebuilds the driver and Microsoft distributes it through Windows Update. The Dirac and camera fixes followed this pattern.
• Telemetry‑driven validation: Microsoft waits for telemetry and field validation before removing a hold, reducing the chance that a premature removal will cause a new wave of failures.

---

Risks, weaknesses, and operational friction​

• Long resolution times: Some holds can remain active for months while OEMs, middleware vendors, and Microsoft coordinate fixes. The Dirac hold was applied in December 2024 and only cleared in September 2025 — an unusually long period for an audio regression. Extended holds increase user frustration and extend the window where devices remain on older, potentially less secure builds.
• Opaque impact scope: Microsoft’s Release Health entries often do not list definitive device model lists, which leaves many users unsure whether their machine was affected. This opacity increases support call volume and user confusion.
• OEM dependence: Some fixes require OEM‑specific driver packages; if an OEM delays publishing a corrected build for a particular model, that device may remain blocked even after Microsoft removes the global hold. That situation forces organizations to maintain OEM engagement and drives a need for manual intervention in some cases.
• New regressions can appear: The September 2025 cumulative rollout that included the Dirac fixes also coincided with a DRM/EVR playback regression impacting protected‑content apps, demonstrating how remediation work can sometimes expose or coincide with other regressions. This underscores the importance of controlled pilots and careful predeployment validation.

---

Case studies from the 24H2 rollout (concise)​

• Easy Anti‑Cheat (safeguard ID 52325539)
• Issue: Older Easy Anti‑Cheat drivers (pre‑April 2024) could cause MEMORY_MANAGEMENT BSODs in games after upgrading.
• Outcome: The hold was removed July 24, 2025 after anti‑cheat vendors deployed updates; Microsoft noted some devices might still show warnings and advised updating games to obtain the vendor fix.
• Intel Smart Sound Technology (Intel SST)
• Issue: Specific IntcAudioBus.sys driver file versions (10.29.0.5152 and 10.30.0.5152) on 11th‑Gen Intel systems were linked to BSODs after 24H2 installs.
• Outcome: Intel and OEMs produced corrected builds (files with trailing subrevision 5714, e.g., 10.30.00.5714), Microsoft validated distribution via Windows Update, and the safeguard was removed in September 2025. Checking Device Manager for the Intel SST entry and the file version is the recommended diagnostic step for affected users.
• Dirac Audio and Camera holds (safeguard IDs 54283088 and 53340062)
• Issue: Total audio loss on systems with Dirac cridspapo.dll; app freezes and Windows Hello failures on some camera imaging stacks.
• Outcome: Vendor and OEM driver updates were published; Microsoft removed the holds in mid‑September 2025 after validation. Users must install the updated drivers and may need to wait up to 48 hours for the update offer.

---

What to watch next​

• Release Health updates: Administrators should monitor Microsoft’s Release Health dashboard for any newly opened or recently removed safeguard holds and for official remediation dates and safeguard IDs.
• OEM driver rollouts: For models that remain blocked even after a hold is removed, check your OEM’s support pages for model‑specific driver packages and notes.
• Windows servicing cadence: Microsoft will continue to push cumulative updates and quality fixes; some fixes relevant to 24H2 are distributed via LCUs and SSUs rather than a feature update itself. Installing those KB updates remains critical before attempting a feature upgrade.
• New or related regressions: Patch windows that bundle many fixes sometimes surface new regressions (for example, DRM/EVR playback issues reported alongside September 2025 fixes). Plan for pilot windows and maintain rollback options.

---

Final assessment — balanced perspective​

Microsoft’s use of targeted safeguard holds is a pragmatic compromise: it mitigates catastrophic, widely distributed failures while allowing the majority of users to proceed with feature updates. The recent removals for Dirac Audio and camera object‑detection regressions are good news for affected users and show that vendor coordination and the Windows Update driver pipeline can resolve complex third‑party incompatibilities.
However, the protection model has real operational costs. Long waits for vendor fixes, inconsistent OEM publishing schedules, and opaque impact lists create friction for home users and administrated fleets alike. The pattern of “fix one thing, expose another” during fast servicing cycles underscores why cautious staging, an accurate driver inventory, and conservative pilot strategies remain essential. In short: Microsoft’s safeguards are effective at preventing mass breakage — but they transfer the complexity of remediation and verification onto OEMs, ISVs, and IT organizations.
For now, the practical path is clear: install all Windows quality and driver updates, reboot, check Windows Update over the next 48 hours, and use Microsoft’s Release Health and Windows Update for Business reporting to confirm your device’s eligibility before moving a fleet or a critical workstation to Windows 11, version 24H2.

---

Conclusion
The two recently lifted compatibility holds remove significant obstacles for users who were previously blocked from receiving Windows 11, version 24H2 via Windows Update, but they also serve as a reminder that platform upgrades now depend on a complex supply chain of OS, OEM, and third‑party drivers. Successful upgrades will come from disciplined patching, careful pilot testing, and close coordination with OEMs and application vendors — not from forcing updates past safeguards designed to protect devices from real harm.

---

Source: LinkedIn Microsoft lifts more safeguard holds blocking Windows 11 updates | The Cyber Security Hub™