Not every system will be able to apply the patch, as Microsoft has blocked its installation on PCs running incompatible anti-virus software.
Microsoft has warned some PC users they will not be able to apply an emergency Windows patch because their security software is incompatible.
These vulnerabilities affect most PCs and servers, and can be exploited to allow an attacker to read sensitive information, such as passwords, from protected memory. The Spectre flaw also affects AMD chips, but is considerably more difficult to exploit, as well as a small number of Arm-based processors.
However, not every Microsoft system will be able to apply the patch, as Microsoft has blocked its installation on PCs running incompatible anti-virus software.
Microsoft says it was necessary to delay the update on these systems to avoid Blue Screen of Death errors that would leave the device unable to boot.
SEE: Incident response policy (Tech Pro Research)
The company has not provided a list of which anti-virus programs are incompatible with the update but says the patch will work with Microsoft's own Windows Defender security software on Windows 10 devices and Microsoft Security Essentials on Windows 7 PCs.
The security update will not be installed on PCs until the anti-virus software vendor sets the following key in the Windows registry:
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD"
Administrators can manually add this key to the registry so the update will install, however Microsoft cautions that doing so may cause serious problems that "require you to reinstall your operating system".
Microsoft says it is working with AV companies to "help all customers receive the January 2018 Windows security updates as soon as possible", but recommends customers contact their AV company if the update is not applied to their system.
Another unwelcome side-effect of the patch may be to slow down some systems.
"In testing Microsoft has seen some performance impact with these mitigations," says Microsoft in its security bulletin.
"For most consumer devices, the impact may not be noticeable, however, the specific impact varies by hardware generation and implementation by the chip manufacturer."
Microsoft says it is working with hardware manufacturers to reduce any performance impact.
The patch applies to all supported versions of Windows and Windows Server, Microsoft SQL Server and the Edge and Internet Explorer 11 browsers.
- Critical flaws revealed to affect most Intel chips since 1995 (ZDNet)
- Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems (TechRepublic)
- Special report: The future of Everything as a Service (free PDF) (TechRepublic)
- Linux security: Google fuzzer finds ton of holes in kernel's USB subsystem (ZDNet)
- How to upgrade the Linux kernel with a handy GUI (TechRepublic)
- Intel: We've found severe bugs in secretive Management Engine, affecting millions (ZDNet)
- PowerShell: The smart person's guide (TechRepublic)