- Update
The latest version of Windows, Windows 11 24H2, is still experiencing some issues. As a result, we have decided to continue shipping XMG laptops and desktop PCs with Windows 11 23H2 for the time being, which will continue to receive updates and security patches from Microsoft. However, for those eager to access the latest features, the update to 24H2 can be manually triggered at any time. The reasons behind this decision, along with details of the current issues, are outlined in the following article.
Introduction
Windows 11 was launched in 2021 and has since received major updates roughly once a year—the latest being Windows 11 24H2. These updates are named after the release year, such as ‘23H2’ for the second half of 2023. While they often introduce new features, as with all major software updates, they can also bring new bugs or compatibility issues. This is why reports of related problems frequently surface following a release.
Users can manually trigger a major update after its release. Later, it will be automatically offered via Windows Update. However, there is no immediate urgency to update, as Microsoft continues to provide security updates for older versions. A full overview of supported versions and their end-of-support dates can be found here:
- Windows 11 Home und Pro – Microsoft Lifecycle [microsoft.com]
Windows 11: Current status at XMG & SCHENKER
We are currently pre-installing version 23H2, including all security updates up to a specified cut-off date. Once users power on their desktop PCs or laptops, further security updates will be installed. Windows Update then continuously and automatically provides all additional updates.
Users can opt to upgrade to version 24H2 on their own.
Windows 11 24H2
The latest version, Windows 11 24H2, was released on October 1st 2024. Since then, various headlines and concerns have emerged, prompting some users to hesitate before updating. Here, we summarise our current perspective on the most significant points:
Issue | Status | Description |
---|---|---|
Update from 23H2 to 24H2 fails on certain devices | Unclear | We have received some reports that the automatic update from 23H2 to 24H2 failed and left two separate boot entries (one with 23H2, one with 24H2), which were offered to users on every boot from then on. The cause is still unclear – we will look into the problem. |
Variety of system instabilities (Bluescreens, BSOD) | Unclear | There are numerous reports of a variety of Bluescreens on multiple hardware configuration (source). We have also reproduced such issues during stress tests on internal hardware with an up-to-date 24H2 installation, while not being able to reproduce them with an equally updated 23H2 installation. This is unrelated to the previous Intel Smart Sound (Intel SST) driver issue, which has already been updated and solved on these machines. |
Installation issue with KB5044384 | Unclear | Some users report that the installation of Windows update KB5044384 fails at various completion percentages, displaying multiple error codes (source). This only seems to affect 24H2 installations. |
System File Checker issue | In progress | The SFC tool, which is sometimes required to check the integrity of software and windows installation, can be caught in a loop of false positives, repeatedly indicating that certain files are corrupt and need repair despite previous fixes. Microsoft announced an update with a solution for November 2024 (source). |
Incompatibility with anti-cheat engines of some PC games | In progress | Will most likely be solved by updating the anti-cheat drivers in the respective games. For online games that are still actively supported, the updates are expected to be rolled out soon. |
Issues with fingerprint sensors | Affects only a few devices; in progress | Some devices had problems with fingerprint sensors after unlocking. Microsoft initially recommended a firmware update as a possible solution. In the meantime, the problem is said to have been generally resolved with Windows Update KB5044284 (source). Fingerprint sensors are only installed in a few older laptops models. Most current models support biometric login via the ‘Windows Hello’-enabled webcam, which was not affected by this problem. |
System crashes related to Intel Smart Sound drivers | Solved | Only affects older versions of the Intel Smart Sound driver. The issue has been resolved by a driver update (version 10.30.00.5714 or newer). |
Incompatibility with SSDs from Western Digital | Solved | There have been reports of blue screens in connection with certain Western Digital SSDs (source). In the meantime, Sandisk (owner of Western Digital) has provided a firmware update (source). This update must be installed before installing Windows 24H2 if possible. |
Deactivation of Microsoft’s ‘Recall’ feature | No need for action | |
VR headsets with ‘Windows Mixed Reality’ are no longer supported | No solution in sight | Microsoft has discontinued support for ‘Windows Mixed Reality’ with 24H2 (Quelle). WMR headsets such as the HP Reverb G2 no longer work. There is a petition against this decision. Suitable alternatives are not yet in sight. The Monado project (OpenXR Runtime) is working on an alternative implementation (source: YouTube comment), but the project is not a priority as Monado is primarily being developed for Linux. |
Beyond these larger issues, there are also minor incompatibilities affecting certain users. For example, there have been reports of difficulties with the ‘Safe Exam Browser’ used by educational institutions. Microsoft provides a full list of known issues on their website:
- Windows 11 24H2 knows issues and notifications [microsoft.com]
When will XMG & SCHENKER switch to 24H2?
We are closely monitoring the situation and waiting for the main issues, particularly the remaining stability issues, to be resolved. For the time being, we are continuing to ship systems with Windows 11 23H2, but users can easily upgrade to Windows 11 24H2 if they wish.
Should I update to Windows 11 24H2?
Currently, we recommend postponing the Windows 11 24H2 update until the remaining issues are resolved. Security updates for Windows 11 23H2 will be available until November 2025, so Microsoft still has at least a year to address 24H2 issues. Our main concern lies with system stability, as there are cases where Blue Screens (BSOD) may occur unexpectedly on certain hardware configurations.
If Windows proactively offers you the 24H2 update in the Windows Update dialog, we recommend declining for now. Simply click the “X” in the update notification or select a button like “Skip” or “Decline.”
We also suggest disabling the option “Get the latest updates as soon as they are available.” See screenshot:
The deactivation of this setting will still allow critical security updates to install automatically, while feature updates are not automatically installed anymore. Critical patches keep your system secure, while feature updates, which can sometimes affect stability, are delayed until you choose to install them.
How can I make sure to avoid Windows 11 24H2 on a fresh installation?
We normally recommend the “Windows Media Creation” tool, which Microsoft offers free of charge, for new Windows installations. However, this tool now automatically creates an installation medium with version 24H2. Users who prefer an installation with version 23H2 have to take a somewhat more complicated route.
Microsoft no longer provides a direct download link for Windows 11 23H2. Even a backup of the 23H2 version of the media creation tool (MediaCreationTool_Win11_23H2.exe
from November 2023) does not help. The tool itself is only a few megabytes in size and relies on downloading the complete Windows installation medium from Microsoft’s servers. And what it downloads now—is Windows 11 24H2.
In conclusion: Microsoft currently does not offer a simple method for performing a Windows reinstallation with Windows 11 23H2.
Do-it-yourself creation of official install media with Windows 11 23H2
Introduction
To obtain a Windows 11 23H2 installation medium (ISO file) after the introduction of Windows 11 24H2, the following methods are prominent:
Official:
- Membership of the Windows Insider Program
Unofficial:
- https://dl.os.click
- https://uupdump.net (“uup-dump”, recommended)
Membership of the Windows Insider Program is primarily aimed at IT administrators and is subject to a number of hurdles and conditions. We will not dive deeper into this method here. Instead, we will look at the unofficial, more convenient methods.
How does it work exactly?
The two unofficial methods are independent web applications with which you can create your own personal ISO file directly from the Microsoft sources.
The following instructions are based on the “uup-dump” project, as this is largely open source software. The “dl.os.click” project is supposed to work in a similar way, but did not work in our tests and also offers less transparency about the background of the project.
The projects mentioned do not host the ISO files themselves, but offer scripts that download the various components of the Windows installation medium from Microsoft’s own servers and then create the installation medium from them. Basically, these projects only replicate the function of the “Windows Media Creation” tool – except that they give the user the freedom to decide for themselves which version of Windows they prefer.
You can choose between different variants, such as different languages and the choice between Windows 11 Home and Windows 11 Pro. The ISO files created with default settings also already contain all the latest recommended security updates from Microsoft.
Thanks to the mechanism of using only official Microsoft sources to generate the ISO file (instead of hosting them on third party servers), it is presumed that the provision and use of these projects does not constitute an infringement of Microsoft’s copyright.
The finished ISO file can then be transferred to a USB thumb drive using the free open source program Rufus, which will make the drive bootable. All files on the USB thumb drive will be overwritten or deleted during this process.
Verification via checksum impossible due to lack of comparison reference
As described above, the “uup-dump” project creates a bootable ISO file from official sources. A checksum of the ISO file can be displayed on the Windows command line using standard tools:
certutil -hashfile "[path to ISO file]" SHA256
Alternatively, you can use a free utility such as “Hasher” from den4b: https://www.den4b.com/products/hasher
As the ISO file is very large (over 6 gigabytes), it takes some time to calculate the checksum. It is therefore advisable to uncheck all other checksums (except SHA256) in Hasher beforehand, as otherwise a large number of checksums will be calculated with great effort, even though only SHA256 is required.
The only problem is that there is no public directory to compare this checksum with.
Reason: the ISO file that is ultimately created can have countless possible variations – each with their own checksum. As the default settings of uup-dump also include all the latest security updates, the checksum changes at least once a month. In addition, there are numerous variants such as language, Windows version and much more, each of which leads to a large number of additional checksums. By definition, every updated bit or byte completely changes all of the checksum.
Microsoft does not provide a directory of checksums for these countless variants of possible ISO files. An independent check is therefore not possible in practice.
Why we still recommend building your installation medium over these semi-official methods is explained in the section “How trustworthy is this method?” further down below.
Step-by-step instructions
Phase 1: Downloading the components
- Go to this page: https://uupdump.net/known.php?q=category:w11-23h2
- The relatively long link already leads to the category “23H2” for Windows 11.
- Select the latest version for x64 architecture (amd64, not arm64).
- Select your preferred language and click on “Next”.
- Windows Home and Windows Pro are selected by default. We recommend that you do not change the selection, as the selection does not significantly affect the size of the download.
- Click on “Next”.
- On the following page, we also recommend leaving all standard options unchanged.
- Click on “Create download package”.
- A small ZIP file will be downloaded.
- Extract the ZIP file in your download folder. This will create a new subfolder. This folder contains the script that will create your ISO file.
- Make sure that you have a stable and fast internet connection. If possible, connect your laptop or PC with a LAN cable (Ethernet cable) rather than over Wi-Fi.
- Double-click the file “
uup_download_windows.cmd
“.
The script now starts to download the components required to create the installation medium from Microsoft’s official servers. Depending on the speed of your internet connection, this may take some time.
Phase 2: Creation of the ISO file
Once all components have been successfully downloaded, the script immediately moves on and proceeds to create a bootable ISO file.
Unfortunately, this step is slowed down considerably by a Windows security scan being performed at the same time. This can be recognised by the relatively high CPU load of the “Antimalware Service Executable” process in Task Manager, while the “Dism Image Servicing Utility” process (which is supposed to build the ISO File) can only utilise very little resource and barely makes any progress.
This process can be massively accelerated by temporarily deactivating real-time protection monitoring on the system on which this process is being carried out.
If you want to be on the safe side, you can also disconnect the system’s Internet connection from here on (unplug the LAN cable, deactivate Wi-Fi), as an Internet connection is no longer required for the rest of these instructions.
In the section “How trustworthy is this method?” below, we explain why we believe that temporarily deactivating real-time protection monitoring does not pose a security risk at this stage of the process.
As soon as the creation of the ISO file is complete, the uup-dump console window closes automatically. The ISO file is then located in the folder in which the “uup_download_windows.cmd
” script was previously located. The ISO file can be recognised by the fact that it is the newest and by far the largest file in the folder.
From here on, we recommend reactivating the real-time protection deactivated above.
Phase 3: Transfer to USB thumb drive
- Plug in a fast/reliable USB thumb drive with at least 8GB capacity to your computer.
- Make sure that there are no relevant files on the USB thumb drive.
- If you have connected other external storage media (USB thumb drives, external hard drives, SSDs), remove them to avoid confusion.
- Open the “Rufus” program. Download: https://rufus.ie/
- Drag the generated ISO file into the Rufus interface (drag & drop).
- Make sure that Rufus displays the drive letter of your USB thumb drive at the top under “Device”. All files on the selected drive will be deleted or overwritten in the next step.
- Click on “Start” at the bottom.
Rufus now proactively offers a few more options that can be used to customise settings on the Windows installation medium. These are simple text-based tweaks in the configuration files inside the ISO.
In our opinion, the two options selected by default are harmless:
- The first option allows Windows 11 to be installed on older PCs. In the laptop sector, this mainly affects models that are more than 10 years old. The required technology “TPM 2.0” was introduced to most Windows laptops via “Intel PTT” and AMD equivalents around 2013. If you intend to install Windows 11 on a modern PC or laptop, you can simply remove this tick.
- The second option makes it easier to set up an “offline account” after reinstalling Windows. It is still possible to log in with a Microsoft account afterwards without any problems. We describe an alternative method for setting up an offline account in this FAQ article (keyword: Shift+F10; oobe\bypassnro).
You can deactivate both options to leave the medium in its original state. We would tend to advise against using any of the other options on display here, as we cannot rule out the possibility that they could have unintended side effects. The functions subsumed under “data collection” can also be deactivated during the normal installation process or when setting up Windows for the first time.
Now, for the final steps with Rufus:
- After confirming the dialogue shown above, the program will take some time to write the contents of the ISO file to the USB thumb drive. If errors occur, we recommend that you try again using a different USB slot or a different USB thumb drive.
- After the success message: safely remove the USB thumb drive using the usual function in the Windows systray (next to the clock).
Phase 4: normal installation on target system
You can now boot from this USB thumb drive on your target system and start the Windows installation. To do this, hold down the F7 key while booting until a selection menu such as this appears:
If several partitions are offered on the USB thumb drive, as shown here on our screenshot, then it does not matter which of the two partitions you select. Both lead to the official installation dialogue. Then follow the usual on-screen instructions.
For further information, please refer to our general FAQ articles:
How trustworthy is this method?
Open-source, auditable scripts
The method we recommend using uup-dump is based on open-source scripts, which then download the components of the Windows installation medium directly from Microsoft’s servers. The method does not require administrator rights.
The ZIP file offered by uup-dump is only 8 kilobytes in size and contains mainly console scripts (i.e. text files), which can be inspected and verified without special tools or prior knowledge: after extracting the ZIP files, you can simply open and read these script files in the Windows Notepad.
The file “uup_download_windows.cmd
” (the main script in the package), which is only 6 kilobytes in size, will refer to URLs such as this one, from where the script then parses over 3000 links to components on official Microsoft servers. It then downloads the respective components from these links and assembles them like a mosaic into an ISO file. The URLs with these long download lists are generated dynamically, depending on which Windows versions and variants were previously selected.
Basic components
The only binary components in the script package are 7-Zip for handling ZIP archives and the archive “uup-converter-wimlib.7z
“, which ultimately creates the bootable ISO file from Microsoft’s UUP packages.
- 7-Zip is clearly open source and a standard tool in the IT industry.
- uup-converter-wimlib.7z consists of several components, most of which are also open source.
The identity of the binary components can be validated using the checksums provided. These binary components are unchangeable – they remain identical regardless of which Windows version is selected. The supplied SHA256 checksums validate that the packages are unchanged compared to previous releases.
Safety check of the binary components
An independent security report shows that 2 out of 64 engines currently classify the uup-converter-wimlib.7z
file as questionable. The two engines (MaxSecure and Zillya) are rather unknown and obscure, while market-leading engines (including Microsoft’s own engine) declare the file to be harmless. It is therefore presumed that the reports from the 2 minor engines are false positives.
Such “false positive” messages often occur when open-source base components are also used or misused by unrelated malware. It is not surprising that this could happen with a base component that was programmed for the creation of Windows installation media: file-sharing platforms and the darknet are full of cracked or otherwise modified installation media – which certainly sometimes come with a Trojan horse or worse. The bad reputation of that malware may also affect the reputation of the underlying base components. However, 62 out of 64 security software vendors (including Microsoft) agree: the uup-converter-wimlib.7z
package is safe.
Test it yourself
If you want to see for yourself, you can easily check the files offered by uup-dump yourself by dragging and dropping them on this website.
Summary
We consider the creation of Windows install media via uup-dump as safe based on the analysis carried out:
- The method downloads all Windows components exclusively from Microsoft servers. This can be verified by reading the scripts before executing the method.
- The original Microsoft components are not modified, but merely put together like a mosaic.
- The method preserves copyright, licence conditions and system requirements from Microsoft.
- The standard tools used for the composition are open source or are categorised as safe (virus-free) by leading providers of security software, including Microsoft itself.
- No administrator rights are required.
The uup-dump method is therefore preferable to other, unofficial procurement options. Nevertheless, we do not provide any guarantees or warranty for the implementation of this method. For further questions, please refer to the FAQ of uup-dump, their Discord server or their source code directory.
Our comment: Microsoft’s approach is problematic from the user’s point of view
We consider the above method to be secure, trustworthy, and straightforward to follow. However, it requires more steps than should be necessary, relying on the voluntary efforts of the open-source community to address a gap left by Microsoft.
The fact that end-users have to go to such lengths at all is ultimately in the sole responsibility of Microsoft:
- With the release of version 24H2, Microsoft has removed all official download links for version 23H2.
- Microsoft does not provide a public archive with download links for older versions – not even in small print with hidden links for advanced users.
- Microsoft is doing this despite the fact that it is well known that incompatibilities have occurred again and again within major version jumps, some of which sometimes take months to be completely resolved.
- Microsoft does not provide checksums to verify the authenticity of alternatively generated installation media, although the generation of these media relies solely on components from Microsoft’s download servers.
This approach suggests that Microsoft aims to push as many users as possible to upgrade to the new major version, even at the cost of user convenience, productivity, and system stability. It seems users are being ‘forced into satisfaction,’ so to speak.
Given that Windows 11 23H2 will continue receiving security updates until November 2025 (source), before being forced to update to 24H2, there seems to be no practical reason for such an aggressive deployment strategy. It would be prudent for Microsoft to keep official download links for older installation media available for at least six months after a new release to allow time for resolving any issues or uncertainties with the latest version.
Your feedback
If you have any questions or concerns about the new Windows versions or the recommendations in this article, please let us know. Feel free to write us an email or a comment on Reddit or Computerbase, or stop by on our Discord server. We are looking forward to your feedback!