Microsoft Distributing Spectre, Meltdown, Antivirus Updates

Microsoft Distributing Spectre, Meltdown, Antivirus Updates

As Intel has rolled out fixes for Spectre and Meltdown, it’s worked closely with Microsoft to make the required microcode updates available to as wide a group of hardware as possible. Newer motherboards might receive an update, but older systems, including the Ivy Bridge rig of this author, aren’t exactly getting UEFI updates these days. Luckily, those of you running Windows can get the required updates via Windows Update.

Intel recently announced that it had completed microcode updates for CPUs stretching back into the Sandy Bridge era, and Microsoft has made those updates available via an expanded version of the same KB4090007 it’s been using for this purpose to-date. We’ve checked the Microsoft Update Catalog to confirm — the version of the patch we linked in our earlier story was dated 2/28, while this new flavor is dated 3/13. Microsoft’s notification, however, only mentions more recent chips like Skylake, Kaby Lake, and Coffee Lake. This implies there may be a longer lag time between when Intel finishes its updates and when they’re incorporated into the KB patch.

At the least, installing KB4090007 should patch up sixth-generation and later Intel CPUs, with the Sandy, Ivy, and Haswell KB update arriving later. Intel is still working on microcode updates for Nehalem and certain chips in the Core 2 Duo family. To the best of ET’s knowledge, there’s no plan to extend any patches to systems earlier than Core 2 Duo.

Microsoft Distributing Spectre, Meltdown, Antivirus Updates

The other major news is that Microsoft has resumed offering security updates to customers who use certain AV products. Yes, we know that’s vague. The explanation behind this is that MS had paused its security updates for certain customers after identifying compatibility issues between said applications and Windows 10. The company’s initial disclosure read:

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent these stop errors, Microsoft is currently only offering the January and February 2018 Windows security updates to devices that are running antivirus software that is from antivirus software vendors who have confirmed that their antivirus software is compatible by setting a required registry key.

MS has apparently reached out to the companies in question and has resolved the issue. Updates for these systems will now be pushed out normally. Those of you still on the Windows 10 Anniversary Update should be advised that security updates for your version of Windows end on April 10. It’s all part of Microsoft’s new Windows-as-a-service model, in which specific versions of Windows are supported for much smaller amounts of time.