Patching meltdown: Windows fixes, sloppy.NET, warnings about Word and Outlook. It appears as if this is the first 32-bit version of Windows that has a patch for the Meltdown vulnerability. This entry was posted in Windows 7, Windows 8.1 and tagged Meltdown Flaw, Spectre Flaw on January 4, 2018 by Sergey Tkachenko. About Sergey Tkachenko Sergey Tkachenko is a software developer from Russia who started Winaero back in 2011.
Windows PCs running anti-virus software that is incompatible with the recent Meltdown and Spectre patches will no longer receive any security updates, Microsoft has warned.
Spectre and Meltdown are design flaws in modern processors that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.
Microsoft has rolled out a series of patches for the flaws since January 3rd, but last week said these patches would not be pushed to computers running incompatible third-party AV.
Meltdown Windows 7 Update Download
SEE: Incident response policy (Tech Pro Research)
Now Microsoft has updated its support notice to say that Windows computers will not receive any security updates at all until their AV software is certified compatible with the Spectre and Meltdown patches. Windows systems will not be certified as compatible until the AV vendor sets a specific key in the Windows registry.
More about cybersecurity
'Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key,' says Microsoft.
Security researcher Kevin Beaumont has put together a list of antivirus products that are compatible with Microsoft's Spectre and Meltdown updates, and which have set the Windows registry key.
Compatible anti-virus products include those from Avast, AVG, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec. Systems running McAfee, TrendMicro, and Webroot software are also expected to be eligible to receive the updates soon.
Various other security providers, including Cylance, FireEye and Palo Alto Networks, have not yet set the registry key, but claim their products are compatible.
Beaumont says that companies whose AV products are designed to be used alongside other security software say they are loathe to set the key, in case other software on the system clashes with the fix.
System admins can manually set the registry key, however, Microsoft warns that doing so may cause serious problems that 'require you to reinstall your operating system'. To manually update the registry, follow this guide.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
For list of changes read included patchnotes.txt. This patch requires: Fallout 4-CODEX Fallout 4 Update v1.7 incl DLC-CODEX Fallout 4 Update v1.8-CODEX. Automatron and Wasteland Workshop DLCs are. Fallout 4 1.94 patch download download.
Sign up today Sign up today Also see Skyrim 1.8 patch download.
- Spectre and Meltdown: Insecurity at the heart of modern CPU design (ZDNet)
- Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches (ZDNet)
- zHow the Meltdown and Spectre chip flaws will impact cloud computing (TechRepublic)
- Windows Meltdown patch: Find out if your PC is compatible (TechRepublic)
- Emergency Windows Meltdown patch may be incompatible with your PC (TechRepublic)
- Massive Intel CPU flaw: Understanding the technical details of Meltdown and Spectre(TechRepublic)
- Critical flaws revealed to affect most Intel chips since 1995 (ZDNet)
- Nope, no Intel chip recall after Spectre and Meltdown, CEO says (CNET)
- Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems(TechRepublic)
- Special report: The future of Everything as a Service (free PDF) (TechRepublic)
- Linux security: Google fuzzer finds ton of holes in kernel's USB subsystem (ZDNet)
- How to upgrade the Linux kernel with a handy GUI (TechRepublic)
- Intel: We've found severe bugs in secretive Management Engine, affecting millions (ZDNet)
- PowerShell: The smart person's guide (TechRepublic)