Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Microsoft has updated its Windows Analytics service to give IT pros an overview of how well protected their IT estate is against the Spectre and Meltdown security vulnerabilities.
- A dashboard details which firmware, operating system, and AV compatibility updates are installed, disabled or need to be put in place.
Mitigating the Meltdown and Spectre security vulnerabilities has turned into a major headache for IT admins.
New patches to offset the risk from these flaws have introduced problems of their own, causing computers to slowdown, as well as to both randomly reboot or to stop booting at all, which in turn has resulted in fresh updates to disable earlier problematic fixes.
The difficulty is that the Meltdown and Spectre security vulnerabilities are potentially too serious for any IT admin to ignore. Meltdown and Spectre are vulnerabilities in modern chip design that could allow attackers to bypass system protections on nearly every recent PC, server and smartphone, allowing hackers to read sensitive information, such as passwords, from memory.
SEE: Incident response policy (Tech Pro Research)
To help IT pros navigate the minefield of working out which Meltdown and Spectre patches they should and shouldn't install on Windows machines, Microsoft has updated its Windows Analytics service.
The updated Windows Analytics dashboard, shown below, will break down which Meltdown and Spectre patches have been installed across an IT estate, in a Windows group or on an individual machine. The overview details which firmware, operating system and AV compatibility updates are installed, disabled or need to be put in place.
The service is available on Education, Enterprise and Pro editions of supported desktop versions of Windows: Windows 7 with Service Pack 1, Windows 8.1, and Windows 10, and requires an Azure Active Directory account to set up.
Microsoft also announced it has rolled the latest operating system and firmware updates to mitigate against Spectre and Meltdown-related attacks into its February Patch Tuesday update.
While Microsoft released an out-of-band update earlier this month to disable Intel's buggy Spectre-related firmware update, this emergency patch is not included in the February bundle.
The fixes in the Patch Tuesday update will be automatically installed on most Windows PCs but will need to be manually enabled on Windows servers.
Intel has also updated its guidance on which systems are safe to apply its microcode updates to mitigate variant 2 of the Spectre vulnerability, broadening its advice to cover older Intel processors.
- Use Microsoft Outlook? Update now to fix these two dangerous bugs (ZDNet)
- Microsoft delivers free Meltdown-Spectre assessment tool for IT pros (ZDNet)
- Spectre patch: New Intel update released after earlier fix caused random reboots (TechRepublic)
- Intel: Don't install our Spectre fix, risk of unwanted reboots is too great (TechRepublic)
- Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems (TechRepublic)
- 26% of organizations haven't yet received Windows Meltdown and Spectre patches (TechRepublic)
- Meltdown-Spectre: More businesses warned off patching over stability issues (ZDNet)
- Intel halts some chip patches as the fixes cause problems (CNET)
- Spectre flaw: Dell and HP pull Intel's buggy patch, new BIOS updates coming (ZDNet)
- Spectre-Meltdown glitches: Intel warns that new PCs, servers also risk unexpected reboots (TechRepublic)
- How to protect yourself from Meltdown and Spectre CPU flaws (CNET)
Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.