There’s Good News & Bad News When It Comes To Microsoft’s Response To The Epic Intel CPU Bug

Good news #1: If you’re running the latest version of Windows 10 which is build 1709, Microsoft is rolling out a fix that addresses the Meltdown vulnerability as I type this. There’s a support document related to this fix that strangely does not speak to this specifically. But the fix has to be in there as Microsoft is rolling out this fix outside their normal “Patch Tuesday” schedule which is something that they only do in emergency situations.

Good news #2: If you use Microsoft’s cloud based services, Microsoft is also updating them with the latest firmware and software patches, and these updates are rolling out now as well.

Bad news #1:  There’s another support document from Microsoft that says that unless a registry key is updated by the antivirus package that you’re using, installing the security patch can result in a blue screen of death. For that reason, Microsoft said it has set the update to only apply when the registry key has been changed. In other words, antivirus tools must set the key when they are confirmed to be compatible with operating system update. The patch introduces a significant change to the design of Windows’ internal memory management, and this is probably tripping up anti-malware tools, which dig into and rely on low levels of the system. Some AV vendors have already issued updates to change the key, and allow the fix to be applied without causing any issues.  While others have an update in the works to be released this week or early next week. In other words, you might want to check with your antivirus vendor to see if you’re good before installing the patch. Failing that, you can check this list to see if you’re good.

Bad news #2: If you’re running an older version of Windows, say Window 7 or 8.1, then you won’t get this fix until next week when “Patch Tuesday” rolls around. I guess that’s a hint from the folks in Redmond that you should really be running Windows 10.

Bad news #3: If you have anything older than a Skylake processor in your PC, it could run slower with the patches installed. Intel has said that any performance hit would be “workload dependent” without saying what exactly that means in real terms.

Bottom line: Install the patches after you sanity check to see if they won’t blue screen your PC. But don’t be surprised if the PC runs a touch slower. But at least you can sleep week knowing that you’re protected if it does.

UPDATE: A reader pointed me towards another Microsoft support document that speaks to how to install these patches on Windows Server. Just reading through it suggests that I am going to be busy for the next little while because the person running the server has to follow what’s in this document to the letter to mitigate this issue.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: