Full Report
Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues. [...]
Analysis Summary
# Vulnerability: Windows 11 Upgrade Block Lifted Due to Safe Exam Browser Fix (Compatibility Issue/Non-Security Focused)
## CVE Details
- CVE ID: Not explicitly provided in the context. This appears to be a compatibility hold disclosure rather than a specific security vulnerability with a CVE.
- CVSS Score: N/A
- CWE: N/A (Relates to upgrade compatibility issues)
## Affected Systems
- Products: Windows 11 (specifically concerning upgrades to version 24H2)
- Versions: Devices attempting to upgrade to Windows 11 24H2 from Win 11 22H2/23H2.
- Configurations: Systems running Safe Exam Browser, or potentially systems with Intune policies blocking Win 11 upgrades, or systems with specific ASUS hardware, AutoCAD, Asphalt 8, integrated cameras, Dirac audio improvement software, or Easy Anti-Cheat.
## Vulnerability Description
The primary focus of the article is the lifting of a compatibility hold (safeguard hold) preventing certain devices from upgrading to Windows 11 version 24H2. One specific hold was related to the **Safe Exam Browser** application. Another resolved issue involved a "latent code issue" causing some PCs to incorrectly bypass **Intune policies** intended to block Windows 11 upgrades.
*Note: These issues are compatibility/stability blocks, not traditional security vulnerabilities, although the Intune bypass could have a security implication regarding configuration adherence.*
## Exploitation
- Status: Not applicable/Not exploited as a remote code execution flaw. The Intune issue relates to an unintended upgrade path bypass.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Low risk (related to unintended OS upgrade bypassing configuration).
- Integrity: Medium risk (potential for unintended system configuration changes via forced upgrade).
- Availability: Minor risk (disruption during upgrade process if compatibility issue triggers a failure).
## Remediation
### Patches
Microsoft has taken action to lift compatibility holds:
- Fix implemented concerning **Safe Exam Browser** compatibility causing the block.
- Fix implemented resolving the **latent code issue** that ignored certain Intune upgrade blocks.
### Workarounds
The main workaround described is waiting for the patch/fix which has now been applied, lifting the block. No specific temporary user-facing workarounds are detailed for the resolved issues, only the resolution of the issue itself.
*Note: Blocks related to other issues (ASUS hardware, AutoCAD, Easy Anti-Cheat, Dirac audio) may still be in place.*
## Detection
- Indicators of Compromise: The primary indicator was an upgrade being blocked or an unintended upgrade occurring despite policy.
- Detection methods and tools: Status checks on Windows Release Health Dashboard related to device eligibility for 24H2.
## References
- [Article Link](https://www.bleepingcomputer.com/news/microsoft/windows-11-upgrade-block-lifted-after-safe-exam-browser-fix/)
- [Windows 11 24H2 Status - Integrated Cameras](https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3412msgdesc) (defanged link)
- [Windows 11 24H2 Status - Dirac Audio Issues](https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-upgrades-blocked-on-some-pcs-due-to-audio-issues/) (defanged link)
- [Windows 11 24H2 Status - Easy Anti-Cheat Issues](https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/) (defanged link)