Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Microsoft has begun rolling patches out for 32-bit Windows 10 computers and will also be adding Intel firmware patches to Windows Updates.
- Windows will continue to block Spectre/Meltdown updates on machines that are running antivirus software incompatible with the patches. Check with your AV provider and be sure you’re running compatible software.
Microsoft has announced updates to its handling of Spectre and Meltdown patching. The company will expand its patching efforts to include x86 (32 bit) Windows 10 machines, as well as including firmware updates for affected Intel processors directly in Windows Updates.
There are limits to Microsoft’s patch expansion efforts, however: While Intel updates are now bundled directly into Windows Updates, they are only available for a select few chipsets for now.
As our sister site ZDNet points out, only Windows 10 machines running the Fall Creators Update (version 1709) that have 6th Generation Intel Core and Core m processors will be capable of getting the patch, and not all 6th gen Intel Core/Core m either. Only Skylake H/S (CPUID 506E3) and Skylake U/Y and U23e (CPUID 406E3) are compatible.
Microsoft has stated that it will add other Intel firmware updates to Windows Update as they are made available to it from Intel.
A word of warning on antivirus software
Those not covered by Windows updates for Spectre and Meltdown are in an unfortunate position where all they can do is wait. Not all those who can get these essential security updates are getting them, however, and the reason is somewhat unexpected: Antivirus software may be stopping updates from applying.
Microsoft mentioned the problem in its latest update to Spectre and Meltdown patching, but it’s not the first time the company has mentioned the issue.
SEE: Securing Windows policy (Tech Pro Research)
The problem stems from an incompatibility in some antivirus software that can cause Windows to crash after patches for Spectre and Meltdown are applied. The affected antivirus software, which Microsoft stressed is a small portion, makes unsupported calls to the Windows kernel memory, which can cause blue screen errors and render a device unable to boot.
Windows Update now checks for a registry key from the antivirus software provider to see if it is compatible. If the key isn’t present then Spectre and Meltdown updates won’t be installed. If you’re wondering why those updates aren’t visible you may want to contact your antivirus provider.
It’s worth noting two things here: First, a savvy user could drop the registry key in themselves, which is a very poor idea. Doing so could very well result in a computer that won’t boot, leaving you to do a fresh reinstall of Windows.
Second, If your antivirus software is preventing you from receiving Spectre and Meltdown updates you need to get rid of it. Windows Defender, Microsoft’s built-in antivirus platform, is compatible and more than capable of protecting your machine.
Keeping an incompatible third-party antivirus app installed on your Windows 10 computer isn’t worth preventing Spectre and Meltdown updates. Check this spreadsheet, built by security researcher Kevin Beaumont, to see if your antivirus is compatible.
Note: The spreadsheet was last updated in January when Microsoft first notified users of the problem. If your AV software is listed as incompatible on the sheet it may be worth reaching out to your provider to see if the information is correct.
- IT pro’s guide to effective patch management (free PDF) (TechRepublic)
- New Spectre attack variant can pry secrets from Intel’s SGX protected enclaves (ZDNet)
- Spectre and Meltdown: Cheat sheet (TechRepublic)
- Microsoft delivers free Meltdown-Spectre assessment tool for IT pros (ZDNet)
- Intel patches older Broadwell, Haswell chips against Spectre and Meltdown (TechRepublic)