Lenovo BIOS updates are broken on Windows 11 (and Windows 10) after Microsoft made a security change that blocks WinFlash64.exe from executing. Microsoft updated the Vulnerable Driver Blocklist (DriverSiPolicy.p7b) to improve security, but it blocks WinFlash64.exe, which is required by the BIOS utility developed by Lenovo. As a result, BIOS updates fail.
Lenovo frequently releases BIOS updates using its software or Windows Update, but some of our readers told me that recent BIOS updates are failing. Either the installation fails before Windows boots, or you might land on a “Flash Error” page, which requires you to reboot to go back to the desktop.
In a support document first spotted by Windows Latest, Lenovo confirmed that it’s aware of reports that its BIOS updates could fail on Windows 11/10 and is working on a solution.
This change particularly affects ThinkPad machines and the device’s built-in BIOS Update Utility. While you can also grab updates via Windows Update, Lenovo recommends using its Update Utility because it’s more reliable. However, that’s not the case anymore.
“The ThinkPad BIOS Update Utility may fail to update the BIOS and display the following errors when using Lenovo Vantage or the BIOS Update Utility (Windows) methods,” Lenovo noted in a support document.
As shown in the above screenshot, if you use ThinkPad BIOS Update Utility, you’ll run into multiple errors when updating BIOS. You might receive Windows Security errors such as, “Action blocked: Your administrator caused Windows Security to block this action. Contact your help desk.”
This particular error is being reported because Microsoft changed the Vulnerable Driver Blocklist file (DriverSiPolicy.p7b) to improve security on Windows 11, but the change also blocked WinFlash64.exe.
All recent Windows Updates ship with this security change for the good, but Lenovo wasn’t prepared for it, which is why the BIOS updates are failing. You’ll run into errors updating BIOS if you’ve installed any of these updates:
- Windows 10 22H2: KB5050081, KB5051974 and KB5052077.
- Windows 11 22H2/23H2: KB5050092, KB5051989 and KB5052094.
- Windows 11 24H2: KB5050094, KB5051987 and KB5052093.
In addition to Windows Security alert, you’ll notice another alert, but this time, it will be from Windows Program Compatibility Assistant, stating “A driver cannot load on this device. A security setting is detecting this as a vulnerable driver and blocking it from loading. You’ll need to adjust your settings to load this driver.”
Within Lenovo Vantage, the error displayed is “Some updates were not installed correctly”, specifying, “Canceled by user or the update installation could not proceed due to AC power not plugged in, low battery or other reason.”
Lastly, the WINUPTP screen also shows “Flash Error. An unexpected error has occurred. The utility process has not completed.”
The good news a fix is already rolling out with BIOS version 1.61 (UEFI BIOS) and 1.44 (ECP).
A Lenovo official told Windows Latest that it fixed issues where BIOS updates were blocked by Microsoft’s “Vulnerable Driver Blocklist,” but remember – older BIOS release still won’t install, so make sure you look for newer versions.
The same goes for people having similar issues but with a different OEM. Look for a newer BIOS version, and install.
The post Lenovo’s BIOS updates are failing on Windows 11 after Microsoft made a change appeared first on Windows Latest
Source: Read MoreÂ
