Microsoft’s April security roll-up blocks Windows update in 7 & 8.1 for new CPUs

Just a month after Microsoft’s website confirmed that new CPUs will not receive support, Microsoft appears to be actively blocking Windows update in its April 2017 security update (KB4015546) and April 2017 roll-up (KB4015549).  Users with newer processors such as Kaby Lake and AMD’s Ryzen are reporting that updates are being blocked following the installation of either update.  When the user tries checking for updates, the following message appears:

Windows 7 unsupported hardware on Kaby

Kaby Lake, Ryzen processors and all new processors going forward will only be supported in Windows 10.  Only some of Intel’s 6th Generation Core processors (Skylake) from 16 specific OEMs will be supported, according to Ars Technica.  Other Skylake users will need to upgrade to Windows 10 to receive upcoming updates.  The 16 OEMs that will receive on-going support have committed to additional testing, including publishing drivers and firmware for Windows 10 on Windows update.

Windows 7 has ended its mainstream support such as functionality improvements since January 2015.  As a result, Microsoft will only be releasing security related updates for those with earlier processor models.  Although Windows 8.1 is still in mainstream support, Microsoft has for some reason chosen to discontinue support for new processors even though it remains in mainstream support until January 2018.

Users that tried spoofing a Kaby Lake processor inside a VirtualBox running Windows 7 were able to trigger the same issue.  Once they install the April 2017 security only or roll-up update, Windows will no longer check for updates.  Each time the computer is booted, it displays the “Unsupported Hardware” after a few minutes.  It appears that manual standalone updates are also blocked, such as the following screenshot MrBrian posted on AskWoody:

Windows Update Standalone Installer error

Based on his testing, once he uninstalled the April 2017 security update or roll-up, he was able to install other updates again, including standalone updates.  One workaround another user suggested is to install the monthly/roll-up update last.  Then when Microsoft releases the next monthly roll-up, uninstall the last roll-up update, then install the other security updates and finally install the new monthly roll-up.