Full Report
Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology's sprotect.sys driver. [...]
Analysis Summary
# Vulnerability: Windows 11 24H2 Upgrade Block Due to Code-Obfuscation Driver BSODs
## CVE Details
- CVE ID: Not explicitly assigned or detailed in the provided context. This issue appears to be a **compatibility safeguard hold** rather than a documented CVE vulnerability.
- CVSS Score: N/A (Compatibility Issue)
- CWE: N/A
## Affected Systems
- Products: Windows 11 (specifically the 24H2 feature update)
- Versions: PCs running versions susceptible to incompatibility issues with code-obfuscation drivers causing Blue Screen of Death (BSOD) during the 24H2 upgrade.
- Configurations: Devices utilizing specific drivers that employ code obfuscation techniques are being blocked from upgrading to Windows 11 24H2.
## Vulnerability Description
Microsoft is applying a "safeguard hold" to block the Windows 11 24H2 feature update installation on systems where certain third-party drivers utilizing code obfuscation methods trigger Blue Screen of Death (BSOD) errors. This is a compatibility block implemented by Microsoft to prevent system instability caused by these specific drivers interacting poorly with the new OS version.
## Exploitation
- Status: Not applicable. This is a system stability/compatibility issue, not an active exploitation vulnerability.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: None (System compatibility issue)
- Integrity: Moderate (Potential for BSOD during upgrade attempts)
- Availability: Moderate (Prevents access to the 24H2 feature update)
## Remediation
### Patches
- No specific patch is mentioned for the driver issue itself, but Microsoft is managing the rollout via safeguard holds.
- End-users should ensure their current Windows installation is healthy via standard Windows Update channels.
### Workarounds
1. **Check Update Status:** Users on Windows Home or Pro editions can check for safeguard holds by navigating to `Start > Settings > Windows Update`. A block will be indicated by a waiting message, not an error, along with a "Learn More" link regarding PC safeguards.
2. **Avoid Manual Installation:** Affected users are advised **not to manually update** impacted PCs using the Windows 11 Installation Assistant or the Media Creation Tool until the known issue is resolved by Microsoft or driver vendors.
## Detection
- **Indicators of Compromise (IoCs):** Blue Screen of Death (BSOD) errors occurring specifically during the Windows 11 24H2 upgrade process.
- **Detection Methods and Tools:** Checking the Windows Update settings for safeguard hold notifications, or reviewing Windows Update for Business (WUfB) reports (for enterprise environments).
## References
- Vendor Advisory (General Health Status): learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2 (Defanged)
- News Article Source: bleepingcomputer.com/news/security/windows-11-24h2-blocked-on-pcs-with-code-obfuscation-driver-bsods/ (Defanged)