Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way

    Posted on January 3rd, 2018 at 16:59 woody Comment on the AskWoody Lounge

    UPDATE: 4:00 am ET: @teroalhonen just noted that Yammer is down. The reason given:

    After reviewing the logs, we determined that recent maintenance is causing a portion of cloud network infrastructure to be in a degraded state. We’re reconnecting users to a to a healthy portion of infrastructure to mitigate the impact while we address the cause.

    Does “recent maintenance” encompass deployment of the Meltdown patches? That does not bode well.

    UPDATE 3:00 am ET: The Meltdown fix is getting pushed out Windows Update, but many people haven’t seen it yet. I haven’t seen either the 1709 or the 1703 update coming down the chute.

    We now have patches — both Monthly Updates and Security-only Updates — for a wide array of Window versions, from Win7 onward. See the Update Catalog for details. (Thx, @Crysta). Note that the patches are listed with a “Last Updated” date of Jan. 4, not Jan. 3. The Win7 and 8.1 patches are Security Only (the kind you have to install manually). It looks like the Monthly Rollups will come out next week.

    BUT… you won’t get any patches installed unless and until your antivirus software sets a specific registry key. If you’re running third party antivirus, it has to be updated before the Meltdown patch installer will run. It looks like there are known problems with bluescreens for some AV products.

    There are also cumulative updates for Internet Explorer 11 in various versions of Win7 and 8.1 listed in the Update Catalog. The fixes for Win10, and for Edge, are inside the respective Win10 cumulative updates. Microsoft has also released fixes for SQL Server 2016 and 2017.

    Note that the Windows Server patches are NOT enabled by default. Those of you who want to turn on Meltdown protection have to change the registry. (Thx @GossiTheDog)

    Windows XP and Server 2003 don’t yet have patches.

    There’s an official Security Advisory, ADV 180002. One sobering comment:

    In addition to installing the January 2018 Windows security updates, you may also need to install firmware updates from your device manufacturer for increased protection. Check with your device manufacturer for relevant updates.

    Which means you, as a Windows user, aren’t fully protected until you’ve installed the Windows patch, turned it on if you’re running Windows Server, and applied the latest firmware update. According to @teroalhonen, Dell, Microsoft and HPE have yet to push firmware patches.

    Microsoft has released official installation guidance for Windows Server, for non-server versions of Windows, and also for Edge and IE. Mozilla has posted its analysis for Firefox. Chromium also has details for Chrome, which should be patched later this month.

    There’s a great deal of knowledgeable speculation that Meltdown may not be fully fixed, even with firmware updates. It may require completely new processors. Expect that debate to continue for the next decade.

    We’re likely to see exploits published in fairly short order, but as of this writing, there are NO known in-the-wild exploits that take advantage of the Meltdown holes.

    It would be a very good idea to make sure that your Windows machine has auto update turned off. Kernel changes are always, always tricky. Far better to sit and wait for a few hours, or even a day or two, than to get blindsided by a bad kernel patch.

    It’s happened before. Many times.

    UPDATE: There appears to be a working exploit, purportedly on a Mac, from Michael Schwarz. “we are publishing demo code as soon as patches are available, so I guess next week.”

    I’m moving us to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it

    If that helped, take a second to support AskWoody on Patreon

    Home Forums MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way

    This topic contains 73 replies, has 17 voices, and was last updated by  anonymous 1 week, 6 days ago.

    • Author
      Posts
    • #155770 Reply

      woody
      Da Boss

      Tom Warren at the Verge reports Microsoft would be patching the “Meltdown” kernel memory vulnerability for Win10 at 5 PM ET on Wednesday, Jan. 3. It’s
      [See the full post at: MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way]

      3 users thanked author for this post.
    • #155775 Reply

      anonymous

      Hey Woody – did you mean JAN 3rd instead of DEC 3rd on this post ?
      Thanks, Ken

      1 user thanked author for this post.
      • #155782 Reply

        PKCano
        AskWoody MVP

        Got it. Thanks

        1 user thanked author for this post.
    • #155787 Reply

      anonymous

      Dunno if this is part, all or none of it. But my WSUS servers received IE updates. KB4056568. The link is not yet active.

      https://support.microsoft.com/en-us/help/4056568

      Jim

    • #155798 Reply

      geekdom
      AskWoody Lounger

      What of other Windows versions?

      • #155805 Reply

        PKCano
        AskWoody MVP

        Supposedly Win7/8.1 are coming. Haven’t heard if there will be emergency relief for XP and Vista.

        1 user thanked author for this post.
    • #155828 Reply

      anonymous

      WSUS just keeps having them roll in. There’s even more. Notice the last one for ARM architecture.

      Critical and Security Updates
      2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4056892)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Update for Windows Server 2016 (1709) for x64-based Systems (KB4058702)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-01 Update for Windows 10 Version 1709 for x86-based Systems (KB4058702)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-01 Update for Windows 10 Version 1709 for ARM64-based Systems (KB4058702)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-01 Update for Windows 10 Version 1709 for x64-based Systems (KB4058702)
      Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

      2018-01 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4056892)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4056892)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      Regards,

      Jim

      2 users thanked author for this post.
    • #155819 Reply

      anonymous

      Now WSUS has synchronized the following in addition to the IE patch:

      Critical and Security Updates
      2018-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4056890)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4056890)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4056890)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Security Only Quality Update for Windows 7 for x64-based Systems (KB4056897)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4056897)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Security Only Quality Update for Windows 7 for x86-based Systems (KB4056897)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4056891)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4056891)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4056898)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4056898)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      2018-01 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4056898)
      A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

      Regards,

      Jim

      5 users thanked author for this post.
    • #155837 Reply

      MrBrian
      AskWoody MVP

      Updates for Windows 10 (all 5 versions), Windows 7, and Windows 8.1 have been released today. All of the articles for these updates have this note: “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.” It therefore seems that if your antivirus program isn’t reasonably up-to-date (and also compatible with the relevant update), or if you don’t use antivirus, then you will not receive these updates via Windows Update.

      • This reply was modified 2 weeks, 2 days ago by  MrBrian.
      • #155841 Reply

        alpha128
        AskWoody Lounger

        Updates for Windows 10 (all 5 versions), Windows 7, and Windows 8.1 have been released today. All of the articles for these updates have this note: “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.” It therefore seems that if your antivirus program isn’t reasonably up-to-date (and also compatible with the relevant update), or if you don’t use antivirus, then you will not receive these updates automatically.

        So how are we supposed to know if our antivirus programs are compatible?

        • #155845 Reply

          MrBrian
          AskWoody MVP

          “So how are we supposed to know if our antivirus programs are compatible?”

          If the update isn’t available via Windows Update, then perhaps your antivirus is incompatible with the update.

          2 users thanked author for this post.
      • #155843 Reply

        MrBrian
        AskWoody MVP

        Note: “then you will not receive these updates automatically” in my previous post was changed to “then you will not receive these updates via Windows Update”.

    • #155842 Reply

      anonymous

      What an absolute [*] this is gonna turn out to be. I’m not going anywhere near this update until I read extensively what sort of an impact it’ll have on older systems. How is this vulnerability even exploited in the first place? Nobody knows yet. I assumed I would have dodged the bullet like I did with the management engine exploit but it’s looking increasingly unlikely.

      -T

    • #155851 Reply

      MrBrian
      AskWoody MVP

      All of this month’s Patch Tuesday updates might have been or will be released today or very soon. Cumulative security update for Internet Explorer: January 3, 2018 has been released. Six security updates for Windows Server 2008 have been released. Release Notes – January 2018 Security Updates has been posted.

      3 users thanked author for this post.
    • #155854 Reply

      abbodi86
      AskWoody MVP

      What a way to start 2018 patching 🙂

      3 users thanked author for this post.
      • #155860 Reply

        MrBrian
        AskWoody MVP

        Microsoft may not have originally intended to release the updates today, I infer from this article.

        • #155863 Reply

          abbodi86
          AskWoody MVP

          Yes, it seems they rushed the schedule for obvious reason
          all Win 10 updates are literally built 2018/01/02

          Win 7/8.1 monthly rollup seems not ready yet 😀

          • #155865 Reply

            MrBrian
            AskWoody MVP

            The security-only updates for Windows 7 and 8.1 are supposed to be available via Windows Update, so perhaps there will be no monthly Windows rollups for this month.

            • This reply was modified 2 weeks, 2 days ago by  MrBrian.
          • #155867 Reply

            abbodi86
            AskWoody MVP

            No they are not reaching WU, that’s why they got released today

            WU will only get the Monthly Rollup

            1 user thanked author for this post.
            • #155869 Reply

              MrBrian
              AskWoody MVP

              “No they are not reaching WU, that’s why they got released today

              WU will only get the Monthly Rollup”

              If that’s true, then Microsoft’s documentation for the Windows 7 and 8.1 security-only updates is incorrect.
              • This reply was modified 2 weeks, 2 days ago by  MrBrian.
            • #155871 Reply

              MrBrian
              AskWoody MVP

              Since the article Woody linked to states that the Win 7 and 8.1 updates will be available on Patch Tuesday, and various other Win 7 and 8.1 security-only updates are also incorrectly documented as being available on Windows Update, I think that the Win 7 and 8.1 monthly rollups indeed won’t be available until Patch Tuesday, and the Win 7 and 8.1 security-only updates that were released today indeed won’t be available via Windows Update.

            • #155922 Reply

              woody
              Da Boss

              Looks like the Win7 and 8.1 Security Only patches are in the Catalog, but the Monthly Rollups haven’t been released. As of this moment, anyway.

              2 users thanked author for this post.
    • #155873 Reply

      abbodi86
      AskWoody MVP

      Yes, you read that correctly. The 18-month end of life for both 1507 and 1511 has been blown away again

      1507 CU is for Enterprise 2015 LTSB (eol 2025)
      1511 CU is for Enterprise/Education (eol 2018-04)

      nothing blown 🙂

      2 users thanked author for this post.
      • #155915 Reply

        RamRod
        AskWoody Lounger

        Yeah, my 1511 home doesn’t ‘qualify’ for the fix – yet?

      • #155923 Reply

        woody
        Da Boss

        I screwed that up in all the excitement….

        Got. To. Get. Some. Sleep.

        • #155929 Reply

          abbodi86
          AskWoody MVP

          No worries 🙂

          yes, what happened was too much in short period, too many reports 😀

    • #155850 Reply

      anonymous

      I can say that Comodo isn’t compatible yet, they mean to release a fix next week apparently: https://forums.comodo.com/news-announcements-feedback-cis/does-cfw-interfere-with-the-meltdown-patch-t121297.0.html But I sure didn’t want to switch to v10! Darn it! Now what?

      Also, the whole thing is a worse mess than it appeared even, summary at https://twitter.com/nicoleperlroth/status/948684376249962496 with the NYT article linked there too. So Meltdown affects all Intel CPUs since ’95 bar pre-2013 Itanium and Atom, and the software fix results in a significant performance drop, if you can install it at all due to the security software thing, while Spectre is harder to exploit but affects EVERYTHING and is a hardware issue with no foreseeable fix bar basically a complete redesign of CPU architecture and replacement of all CPUs in existence, so hackers will have a field day for a decade to come, as researchers say there.

      4 users thanked author for this post.
    • #155891 Reply

      ViperJohn
      AskWoody Lounger

      Slow Down and Breath folks – Intel Speaks on the subject.

      https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

      Intel Responds to Security Research Findings

      Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

      Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

      Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

      Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

      Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

      Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.

      Viper

      • This reply was modified 2 weeks, 2 days ago by  ViperJohn.
    • #155893 Reply

      MrBrian
      AskWoody MVP
    • #155895 Reply

      ViperJohn
      AskWoody Lounger

      Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software

      Ya gotta love MicroBrain.  They gave ya everything except what to set the

      “cadca5fe-87d3-4b96-b7fb-a231484277cc” REG_DWORD  value too (0 or 1)

      • This reply was modified 2 weeks, 2 days ago by  ViperJohn.
    • #155899 Reply

      ViperJohn
      AskWoody Lounger

      0 This is documented in the articles for today’s updates, such as https://support.microsoft.com/en-us/help/4056897.

      Yeah I saw that but with a Key Name of “QualityCompat” then logically setting it to “0” would mean it is incompatible.  It may be that just having the registry entry present is the ticket and the actual value is moot.  Something to be aware of.

      • This reply was modified 2 weeks, 2 days ago by  ViperJohn.
      • #155901 Reply

        MrBrian
        AskWoody MVP

        It might be true that any data for the value cadca5fe-87d3-4b96-b7fb-a231484277cc would work.

        • This reply was modified 2 weeks, 2 days ago by  MrBrian.
    • #155905 Reply

      PerthMike
      AskWoody Lounger

      Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

      Not surprised they said this, because I can see an even bigger lawsuit from this than over the Apple battery fiasco.

      This is Corporate Cover-your-butt 101.

      No matter where you go, there you are.

    • #155907 Reply

      PerthMike
      AskWoody Lounger

      My WSUS just lit up like a delayed Xmas tree. So many patches, including a Windows 7 Security Only Quality update (4056897).

      https://support.microsoft.com/en-hk/help/4056897/windows-7-update-kb4056897

       

      No matter where you go, there you are.

    • #155908 Reply

      PerthMike
      AskWoody Lounger

      It might be true that any data for the value cadca5fe-87d3-4b96-b7fb-a231484277cc would work.

      Indeed. The page at: https://support.microsoft.com/en-hk/help/4056897/windows-7-update-kb4056897

      points out that the item only needs to be present, no value needed.

      No matter where you go, there you are.

      1 user thanked author for this post.
    • #155906 Reply

      anonymous

      Why isn’t this on the front page?

      • #155914 Reply

        Kirsty
        AskWoody MVP

        We are aware of an issue where some are not seeing all the posts on the home page, but it is there! No idea of when to expect it will be fixed, sorry.

        Check out the links in the right hand panel under Recent Blog Posts which gives direct links to all topics that are on the home page. However, for admin purposes, please click on Comment on the AskWoody Lounge before posting a reply (this preserves the topic’s search tags).

        2 users thanked author for this post.
        • #155968 Reply

          anonymous

          There’s some way overzealous caching going on here, the problem described can be hacked around by clearing your browser cache and/or CTRL+F5.

          • #156072 Reply

            Kirsty
            AskWoody MVP

            If caching is a problem on a clean OS build with a newly downloaded browser going to the site for the first time, I struck it yesterday!
            Cynically, I suspect that wasn’t a caching issue (which may mean a longer fix time-frame)… 😉

    • #155939 Reply

      anonymous

      “In the immediate term, it looks like most systems will shortly have patches for Meltdown. At least for Linux and Windows, these patches allow end-users to opt out if they would prefer. The most vulnerable users are probably cloud service providers; Meltdown and Spectre can both in principle be used to further attacks against hypervisors, making it easier for malicious user to break out of their virtual machines.

      For typical desktop users, the risk is arguably less significant. While both Meltdown and Spectre can have value in expanding the scope of an existing flaw, neither one is sufficient on its own to, for example, break out of a Web browser.

      Longer term, we’d expect a future Intel architecture to offer some kind of a fix, either by avoiding speculation around this kind of problematic memory access, or making the memory access permission checks faster so that this time interval between reading kernel memory, and checking that the process has permission to read kernel memory, is eliminated.” (Peter Bright, Arstechnica).

      I think Woody is right, wait a while before doing anything.

      2 users thanked author for this post.
    • #155943 Reply

      anonymous

      Just installed KB 4056897 on my Win 7 Pro SP1 x64 and not noticing any slowdown in performance (till now).

      BUT it gives a problem with Sandboxie’s automatic start-up: (I have to translate this into English) “This programm is being blocked due to compatibility problems. [SbieCtrl.exe]. Sandboxie is incompatible with this version of Windows. …jada jada jada.”
      Nor am I able to start Sandboxie from \Sandboxie\Start.exe.

      I’ll try to reinstall it.

      • #155951 Reply

        anonymous

        “Just installed KB 4056897 on my Win 7 Pro SP1 x64 and not noticing any slowdown in performance (till now).

        BUT it gives a problem with Sandboxie’s automatic start-up: (I have to translate this into English) “This programm is being blocked due to compatibility problems. [SbieCtrl.exe]. Sandboxie is incompatible with this version of Windows. …jada jada jada.”
        Nor am I able to start Sandboxie from \Sandboxie\Start.exe.

        I’ll try to reinstall it.”
        ————————-

        Decided to uninstall KB 4056897 instead. Took two restarts to get rid of it. (Restore Point did not remove it.)
        Sandboxie runs as intended again.

        I’ll try to be more patient. :-\

        1 user thanked author for this post.
    • #155945 Reply

      PKCano
      AskWoody MVP

      UPDATE: 1/4/2018

      Group B Security-Only and IE11 Cumulative patches for Win7/8.1, issued 1/3/2018, have been added to AKB2000003.

      11 users thanked author for this post.
    • #155948 Reply

      anonymous

      In addition to installing the January security update, a processor microcode update is required. This should be available through your OEM.

      No idea what they mean by this??? If this was fixable via microcode updates, there’d be no OS patches required.

      Edit : HTML to text conversion.

    • #155957 Reply

      anonymous

      I cannot see any such requirement for microcode updates with Linux kernel patches.

      And yes, “your OEM may not issue a BIOS update” is what makes these OS patches essentially useless for vast majority of Windows users (unless MS finally provides a way to update the CPU microcode on boot for everyone, exactly as it can be done on Linux/BSD etc.) I cannot see an average Joe to massively start using unsupported third-party hacks to accomplish the task, such as https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#summary)

    • #155973 Reply

      geekdom
      AskWoody Lounger

      Since I don’t have a death wish for my computer, I will wait until the Monthly Rollup is issued.

      • Windows 7 Professional
      • Service Pack 1
      • 64-bit Operating System

       

    • #155976 Reply

      jescott418
      AskWoody Lounger

      I guess we have two issues the Meltdown and the Spectre . I think the Spectre one is more problematic to fixing then Meltdown? Fingers crossed I guess.

    • #155981 Reply

      David F
      AskWoody Lounger

      Interesting article from Bleeping Computer, it looks like Firefox already has a form of protection and I would imagine if you’re using something like NoScript to block javascript you should be reasonably okay for the moment (touch wood)

      https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

       

      2 users thanked author for this post.
    • #156005 Reply

      Mr Chewbacca
      AskWoody Lounger

      A funny thing happened to one of my locked down windows 7 boxes today, it crashed during a power outage, when it rebooted it started a major update. Interesting because updates are turned off, always have been. I went in and checked, still are, and it does not have any record of the updates it ran. I assume this has something to do with Meltdown, hopefully, but forcing updates still seems a bit off. If its not Meltdown what the heck was it?

      1 user thanked author for this post.
      • #156015 Reply

        PKCano
        AskWoody MVP

        Driver updates don’t always show up in Win Update history. Could it have been a driver update by OEM/hardware mfg? Many have system checkers.
        Could it have been an update for some non-Windows software?

        • This reply was modified 2 weeks, 1 day ago by  PKCano.
        1 user thanked author for this post.
      • #156134 Reply

        amraybt
        AskWoody Lounger

        If your PC was performing some kind of critical task or just writing data to the drive when it abruptly lost power and crashed, perhaps your data became corrupted as a result of the outage? Maybe that would cause Windows to do some “strange” things afterward.

        -- Lifelong member of Group B --
        Win 7 x64 desktop (Haswell CPU, AMD GPU)
        Win 8.1 x64 laptop (Haswell CPU, Nvidia GPU)

      • #156452 Reply

        anonymous

        Firefox 57.0.4 is released: https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/?utm_campaign=whatsnew&utm_medium=firefox-browser&utm_source=firefox-browser

        It includes security fixes to address the Meltdown and Spectre timing attacks.

        ~Annemarie

         

    • #156061 Reply

      anonymous

      So three questions I have regarding the upcoming browser patches:

      -Once we have OS-level and BIOS level patches installed, do we still need the browser patches to be secured?
      -What about other browsers, say, Safari for iPhones if specially crafted Javascript can be used, and do iPhones use affected ARM processors?
      -If we need to keep special browser patches what about other connected applications like Skype or SQL?

      • #156070 Reply

        MrBrian
        AskWoody MVP

        A tweet that I think is probably accurate (at least the second sentence): “I doubt Meltdown is exploitable from javascript so not really applicable to personal computer users. The side-channels used by spectre are exploitable by javascript, but the countermeasures probably have to be in the browser rather than the kernel.”

        1 user thanked author for this post.
        • #156420 Reply

          anonymous

          Very interesting. So if you use say NoScript and/or uBlock Origin in Firefox and related browsers and, in Windows, use Sandboxie , you could be quite ok if so. Waterfox is getting an update asap and Pale Moon has addon First Party Isolate. (Chrome has been updated allready).

          Be very careful everyone of going for a kernel update. (And if that went well?????, you need a firmware update also?!?)… Wait. Seriously, wait…..

    • #156146 Reply

      anonymous

      After installing the windows6.1-kb4056897-x64_2af35062f69ce80c4cd6eef030eda31ca5c109ed.msu standalone patch on a couple win7 pro x64 PCs I found that there is a problem creating new folders on the desktop. to duplicate right click on the desktop choose New / Folder then type a name and hit enter. On my PCs I get a file not found error.

      Can anyone reproduce this?

      • #156149 Reply

        PKCano
        AskWoody MVP

        I had no problem creating new folders on the desktop.
        Win7 Ultimate x64

    • #156174 Reply

      abbodi86
      AskWoody MVP

      Win 7/8 Monthly Rollups are released, Win 8.1 not yet

      2018-01 Security Monthly Quality Rollup for Windows 7 (KB4056894)
      2018-01 Security Monthly Quality Rollup for Windows Embedded 8 Standard (KB4056896)

      1 user thanked author for this post.
    • #156184 Reply

      geekdom
      AskWoody Lounger

      January 4, 2018 KB4056894 (Monthly Rollup)

      This update just showed for Windows 7, SP1, 64-bit.

      Install or ignore?

       

      • This reply was modified 2 weeks, 1 day ago by  geekdom.
    • #156284 Reply

      amraybt
      AskWoody Lounger

      I’ve read that if you have 7 and only use Windows Defender, not Microsoft Security Essentials, you will not have the registry key since Defender on 7 only provides spyware protection.

      In that case someone like myself* would have to install MSE first (or another AV) to get the registry key added? As a Group B member is there anything with MSE that I would have to be concerned about in terms of telemetry or other unwanted features? Will installing MSE screw with my WU setting to never check for updates or anything else like that? I know I could change that back but just want to see if there’s anything else to consider.

      *I regularly scan with Malwarebytes Anti-Malware and Defender

      -- Lifelong member of Group B --
      Win 7 x64 desktop (Haswell CPU, AMD GPU)
      Win 8.1 x64 laptop (Haswell CPU, Nvidia GPU)

      • This reply was modified 2 weeks, 1 day ago by  amraybt.
      • This reply was modified 2 weeks, 1 day ago by  amraybt.
    • #156425 Reply

      AceOfAces
      AskWoody Lounger

      Well… I installed the patch on my only machine (I know, but I have far fewer things that can break and I am cynical at the moment). So far, the patch went smooth and I haven’t noticed any issues. Not even a slowdown (although, I have installed 8GB of RAM on my laptop in dual-channel mode, so any loss was mitigated or lessened). I’m keeping an eye out for any issues.

      Something of interest: HP has released a BIOS update a month a few days after the Intel ME fiasco (F.40 on my machine) which is supposed to improve the firmware’s security, but when I ran Microsoft’s utility, there isn’t any protection in the hardware yet for the CPU vulnerabilities. My best guess was to fortify the ME chip or fixed some security issues that the BIOS had.

    • #156737 Reply

      abbodi86
      AskWoody MVP

      Security Only Update for Windows 8.1 (KB4056898) got v2 in MS catalog

      maybe that’s why the Monthly Rollup is delayed

      4 users thanked author for this post.
      • #156803 Reply

        woody
        Da Boss

        The KB article for the Monthly Rollup is posted – but there’s nothing in the Update Catalog.

    • #156929 Reply

      anonymous

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: