Microsoft Finally Acknowledges Windows 10 v2004 BSOD Errors on Lenovo ThinkPads


Earlier in the month, Lenovo had published a support document notifying its ThinkPad users that they might get BSOD and Device Manager issues after installing the August 2020 cumulative update for Windows 10 version 2004. The company had advised to disable the Enhanced Windows Biometric Security setting in BIOS Setup > Security > Virtualization menu.

After over two weeks, the Windows maker has now issued its own support document detailing what causes the problems and adding a warning that the Lenovo-suggested workaround "may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses."

Halo Infinite Campaign Co-op and Mission Replay Testing July Kickoff Date Locked In

What's the latest Windows 10 BSOD issue

Microsoft clarifies that the issue wasn't brought through the August Patch Tuesday update, but with the July KB4568831 (Build 19041.423) Preview update. Lenovo ThinkPad devices, after installing the July or a newer update, experience a Stop error aka bugcheck or blue screen error.

The codes that are associated with the error are “SYSTEM_THREAD_EXCEPTION_NOT_HANDLED” (in the Stop error message screen) and “0xc0000005 Access Denied” (in memory dumps files and other logs). The associated process is ldiagio.sys.

Microsoft explained that these latest Windows 10 cumulative updates restrict "how processes can access peripheral component interconnect (PCI) device configuration space if a Secure Devices (SDEV) ACPI table is present and Virtualization-based Security (VBS) is running." The company said that these new restrictions are there to prevent malicious processes from modifying the configuration space of secure devices. Lenovo ThinkPad manufactured in 2019 and 2020 meet the conditions that trigger these errors.

"When Lenovo Vantage software runs, some versions may try to access PCI device configuration space in an unsupported manner," the company wrote. "This action causes a Stop error to occur."

Microsoft has also offered the same temporary workaround that was shared by Lenovo earlier.

To temporarily mitigate this problem, edit the device UEFI configuration (in the Security > Virtualization section) to disable Enhanced Windows Biometric Security. This change disables the restrictions that are enabled by the SDEV table and VBS.

However, the company added the following warning that has since been removed:

This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Microsoft said that both the companies are working on a fix but didn't share when to expect it. More details about the problem can be found in this support document.

- Earlier: New W10 Build Brings Dark Mode Support for Search