Puget Systems print logo

https://www.pugetsystems.com

Read this article at https://www.pugetsystems.com/guides/1937
Article Thumbnail

Patch Day Is Here; Blocking Third Party Installs

Written on October 21, 2020 by Chad Warmenhoven
Share:

Patch days this year have been fairly stressful and repeatedly caused significant problems. Unfortunately, Tuesday 10/20/2020 wasn't much different, and there are already some reports of some issues with audio, BSODs, applications, etc. Thankfully, for most of our users, it's been a pretty uneventful update and came with a slew of pretty neat fixes and updates.

Microsoft has released a patch (and patch notes) that will affect Windows 10 and Windows Server users when attempting to install third-party drivers.

When installing a third-party driver, you might receive the error, 'Windows can’t verify the publisher of this driver software' - Microsoft

The why

The change has been introduced with the latest cumulative update for Windows 10 as Microsoft starts to block some third-party drivers from being installed. It also means that when you try to view driver signature properties you may see the error message "No signature was present in the subject".

Microsoft explains that: "This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690".

Not all bad news

Starting October 20, Windows users who are running "select devices" with Windows 10 1903 or later can proactively seek it out by going to Settings > Update & Security > Windows Update and checking for updates. Once the update appears, users can select Download and Install.

For those running Windows 10 2004, the 20H2 update will be minor and quick to install. That because the 20H2 update is meant to be a small update to 2004, activated with an "Enablement Package," which looks and feels a lot like a Cumulative Update. For anyone running a version older than 2004, the 20H2 update will feel and update like a regular Windows 10 feature update. (This is the same way Microsoft rolled out Windows 10 1909, which was a minor update to 1903.)

Conclusion

The most recent changes to third-party application and driver signatures is a jarring change for many. Users of older systems will notice more of a difference but it's likely to effect a large number of users regardless. This change affects Windows 8.1, every version of Windows 10 from 1607 up to 2004, and Windows Server 2012 R2 to Windows Server 2004, there is no workaround. If you find that you are unable to install a driver, or see any of the two error message listed above, Microsoft's advice is to "contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue".

Unfortunately, your device manufacturer in this situation is not Puget, so we aren't able to provide a solution. Microsoft is referring to each component inside the systems respective manufacturer, so checking their sites for updated drivers is the best place to start. Puget Support absolutely CAN help you locate those pages and even guide you through some of the processes but unfortunately we don't write drivers...yet.

Thankfully, the third-party signatures are not the only change and we can thoroughly enjoy the 20h2 update.