Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Widespread reports of blue screens (0X000000C4 and 0x800f0845) with Meltdown/Spectre patches for Win7 (KB 4056894) and Win10 1709 (KB 4056892)

    Home Forums AskWoody blog Widespread reports of blue screens (0X000000C4 and 0x800f0845) with Meltdown/Spectre patches for Win7 (KB 4056894) and Win10 1709 (KB 4056892)

    This topic contains 62 replies, has 19 voices, and was last updated by  anonymous 7 months ago.

    • Author
      Posts
    • #157343 Reply

      woody
      Da Boss

      Several AMD processor series – Athlon, Sempron, Opteron and Turion — seem most at risk, but others are reporting problems. Can somebody explain the d
      [See the full post at: Widespread reports of blue screens (0X000000C4 and 0x800f0845) with Meltdown/Spectre patches for Win7 (KB 4056894) and Win10 1709 (KB 4056894)]

      2 users thanked author for this post.
    • #157344 Reply

      abbodi86
      AskWoody MVP

      Nothing changed in binaries, the revision was for metadata

      Win 10 1709 CU is KB4056892

      2 users thanked author for this post.
    • #157351 Reply

      alpha128
      AskWoody Lounger

      After what seemed like a long delay, the Win7 2018-01 Rollup (KB 4056894) is now being offered to me via Windows Update. Now I can wait to install it. =)

      • This reply was modified 7 months, 1 week ago by  alpha128.
      4 users thanked author for this post.
    • #157366 Reply

      jescott418
      AskWoody Lounger

      Think maybe these patches needed more evaluation. I guess blame The Register for posting the story early which forced the updates to get released early. Guess we have all become beta testers for this stuff now.

    • #157368 Reply

      anonymous

      The stampede is underway – lawyers and investors are clamoring to gulp down what’s on offer at the glutton’s trough au jour d’aujourd’hui Today’s specialty is Intel and AMD ta tare.

      The meltdown vulnerability patch from Microsoft managed to melt down several AMD Athlon systems. Intel manged to stuff both feet in their mouth while madly making slashing attempts at AMD. The stocks for both AMD and Intel are up and down like an amusement park ride and lawyers are savaging and scavenging at will.

      Spectre will be the final banquet. All you can eat.

      What a gong show.

      2 users thanked author for this post.
    • #157371 Reply

      MrToad28
      AskWoody Lounger

      Given that there are no reported exploits in the wild, the patches will likely slow the PC’s and reasonable good practice will protect cautious users since malware must be delivered to the PC for this vulnerability to be exploited…there is no good reason to patch until they get it fixed.

      The worse threat to PC health continues to be bad patches and bad patching practices…beta testing for Microsoft..pioneers wear arrow shirts.

      • This reply was modified 7 months, 1 week ago by  MrToad28.
      9 users thanked author for this post.
      • #157382 Reply

        MrBrian
        AskWoody MVP

        There are JavaScript proof-of-concept exploits for Spectre that run in a Web browser. One is included in the Spectre paper.

        1 user thanked author for this post.
      • #157509 Reply

        lurks about
        AskWoody Lounger

        OS vendors are not an enviable position. The problem is not of their making but they can mitigate against some of its worst aspects. The balancing act they face is to get reliable patches out last month before they get dragged into the muck. Since MS does not properly test patches anyway, these patches will be more problematic as they are affecting large swaths of Windows. A proper QA group with a little less haste would probably less the carnage.

        2 users thanked author for this post.
    • #157377 Reply

      CraigS26
      AskWoody Lounger

      https://www.ghacks.net/2018/01/08/fix-windows-7-bsod-0x000000c4-after-installing-kb4056894/

      Above is for Removing KB4056894 IF you got BSOD and can’t access W7 .

      WU Grp A - Win 7-64 Hm Prem / Hm-Stdnt Office '10 / i5 Sandy Bridge Gen 2 / NO Java or Flash

      5 users thanked author for this post.
    • #157390 Reply

      MrJimPhelps
      AskWoody MVP

      I’m guessing that I don’t need to worry about this if I run Windows 7 and 8.1 in virtual machines in a Linux Mint host.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      • #157392 Reply

        MrBrian
        AskWoody MVP

        See attack scenarios at https://github.com/marcan/speculation-bugs.

        3 users thanked author for this post.
        • #157492 Reply

          anonymous

          Oh thanks for this information.

        • #157591 Reply

          anonymous

          Have you been able to see the linked proof of concept code work?

          • #157673 Reply

            MrBrian
            AskWoody MVP

            I haven’t tried any of the proof-of-concepts. However, there are proof-of-concepts on github in which multiple users report their results.

            • #157892 Reply

              anonymous

              After trying the linked proof of concept, I was able to see the message after changing the timing from its default. However, it isn’t certain if this is confirmation of vulnerability, if it is real then AMD needs to be more forth coming about all of their classes of CPUs.

              What a mess…

              1 user thanked author for this post.
    • #157391 Reply

      anonymous

      Is windows 8.1 and AMD Radeon affected?

      • #157397 Reply

        PKCano
        AskWoody MVP

        To my knowledge, the Rollup for Win8.1 has not been released yet.
        When it is, I would hold off on installing it until things are sorted out. Particularly considering you have AMD components.

        3 users thanked author for this post.
        • #157421 Reply

          EP
          AskWoody Lounger

          the KB4056895 rollup for Win8.1 is still not yet available until most likely tomorrow January 9

          my father’s Toshiba touchscreen based Satellite C55dt laptop with Win8.1 uses an AMD A6-5200 Kabini APU (an integrated CPU/GPU kind) and will definitely not rush to apply the January 2018 rollups. MS should seriously fix their buggy patches first.

          • This reply was modified 7 months, 1 week ago by  EP.
          1 user thanked author for this post.
    • #157412 Reply

      Geo
      AskWoody Lounger

      Group A,  Win 7X64,  Sempron  145.   No problems, no slow down so far.

      • #157455 Reply

        Geo
        AskWoody Lounger

        My anti virus is Microsoft Security Essentials.  Win 7×64
        The update had no negative effect.

    • #157419 Reply

      abbodi86
      AskWoody MVP

      2018-01 Security Monthly Quality Rollup for Windows 8.1 (KB4056895) published

      Edit:
      it’s removed just few minutes later! 😀

      • This reply was modified 7 months, 1 week ago by  abbodi86.
      4 users thanked author for this post.
      • #157424 Reply

        EP
        AskWoody Lounger

        yea, on and off again with KB4056895 (MS Update Catalog searches with KB4056895 still come up empty as of today)

        MS will re-publish it on patch Tuesday 1/9 for sure

        2 users thanked author for this post.
        • #157548 Reply

          anonymous

          I just received the KB4056895 Quality Monthly Rollup on Win8.1 and I hide the update.  Safe to say I’m in no rush to install it.

          2 users thanked author for this post.
          • #157559 Reply

            abbodi86
            AskWoody MVP

            Right

            and Windows 7 Monthly Rollup got another metadata revision, still same binaries

            2 users thanked author for this post.
            • #157575 Reply

              woody
              Da Boss

              Yep, it’s up to revision 3 (at least), dated Jan 9.

              I wonder if they’re trying to change the metadata to prevent it from installing on AMD machines?

            • #157644 Reply

              anonymous

              I think so. On my AMD Athlon x64 the update (win7 32bit) is not longer available via windows update (it was half an hour ago). As i see they pulled it off for AMD FX too (win7 64bit).

              They had to read Woodys article in order to mobilize

              2 users thanked author for this post.
            • #157628 Reply

              Pim
              AskWoody Lounger

              And now it is checked again, after having been unchecked (v2) and checked (v1).

    • #157414 Reply

      anonymous

      Responding to Woody’s Computer World article when he says: “…The manual-download Security Only update hasn’t had as many problems. Or, at least, as many reported problems…” That is my experience too; no prob w/ Secur Only KB4056897.

      From Speccy: Windows 7 Pro 64-bit SP1, 2.5 year-old mass market desktop PC, AMD64, Intel64 Family 6 Model 60 Stepping 3, PROCESSOR_LEVEL 6, PROCESSOR_REVISION 3c03, Intel Pentium G3220, Cores 2, Threads 2, @ 3.00GHz, Family 6, Extended Family 6, Model C, Extended Model 3C, Stepping 3, Revision C0, Haswell 22nm Technology; Installed Secur Only KB4056897 Late morn. Fri. 1/5/2018, along w/ IE 11 Cumulative Secur Update for x64 KB 4056568. Consistently have applied only IE 11-x64, and secur-only x64 updates. Result now: IIRC, a v/e/r/y slow reboot, appx. 4 minutes of black screen; but it did come on, and since that, reboots/ boots normally, and maybe even slightly quicker. No degradation in normal system performance experienced, genlly for word processing, ordinary Net surf, etc.

      PS: I have learned to install the secur and IE 11 updates the “old way”: that is, one at a time, genlly security first; then reboot, and install IE 11 one. YMMV. Woody: Continuing: Kudos for everything you do, and have done; without your work, these M$ debacles would be an un-fathomable swamp.

      5 users thanked author for this post.
      • #157457 Reply

        anonymous

        PPS:  Sorry to have omitted following from my original post:  This is re my own No. 157414, above:  Before I installed the Secur. only and the IE 11 patches, I *did* find the HKLM key, IIRC, in registry.  The first thing I had done that morning was update my virus defns. for Avast Free, recent edition of that program; dunno if Avast had inserted it in there, or not; but presumably so.

        1 user thanked author for this post.
    • #157440 Reply

      anonymous

      Is no one paying attention to Microsoft where they state to verify any AntiVirus product you have installed or else it can cause a BSOD?   There is no mention in this article about that.  People need to read the information that is out there before just blindly patching.

      4 users thanked author for this post.
      • #157466 Reply

        Seff
        AskWoody Lounger

        The average user shouldn’t be expected to dig into the registry to check whether a patch is safe or not, and won’t have an opportunity to do so before the patch installs if WU is set to “automatic”.  It’s a key part of the WU process that Microsoft checks which patches are appropriate to your machine before offering the appropriate patches to you. However,  if a user checks the patch information note it simply states that “this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY” so the clear implication is that if you’re offered the patch then it’s intended for your machine.

        The evidence thus far suggests that the system failures aren’t due to people patching a machine that doesn’t meet the requirements, they are due to the particular AMD version that you are running regardless of your AV and whether it meets the registry requirements. So far as I have seen, Microsoft haven’t even acknowledged that there’s a problem with AMD machines, which I find extraordinary given the many hundreds of reports on their own forums.

        • This reply was modified 7 months, 1 week ago by  Seff.
        9 users thanked author for this post.
        • #157511 Reply

          anonymous

          The only way to see and answer is to click REPLY to someone then you will see the answer you posted. Otherwise it is missing.

      • #157484 Reply

        anonymous

        Hello, While it is true that people should read the MS articles and known issues, only people who are here at Woody’s  or technically inclined will do so. Do you really feel “mom and pop” are going to do that? The average user will install any update offered by MS because that is what they are supposed to do and with Windows 10, you can’t stop it (unless you are technically inclined).

    • #157491 Reply

      anonymous

      The Answers forum link is broken in the article.

    • #157508 Reply

      anonymous

      Downloaded delta KB4056890 for W10 1607 x64 installed without problems and stable for 2 days.

    • #157514 Reply

      anonymous

      Is Google affected by Meltdown/Spectre, and has Google issued the patches?

    • #157530 Reply

      anonymous

      I am a little thrown off by what Microsoft is implying here …

      https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

      Until Anti-Virus makers add this registry key, you don’t get any security fixes.

      Please note not only does this impact Windows Update, it also impacts Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM).

      Ouch! No more Windows Updates for the unwashed.

      2 users thanked author for this post.
    • #157568 Reply

      Bill C.
      AskWoody Lounger

      I just saw that iPhones are getting iOS 11.2.2, which is the Spectre security fix. I will apply a bit of the old Woody DefCon with it.

      I am waiting to see what Linux Mint serves up tomorrow, January 9, the cooperative patch day.

    • #157595 Reply

      anonymous

      @Bill C. I don’t think Mint will serve up anything yet. If you go to the github link posted up-thread, it says the Linux kernel patch shipped with 4.14.11, which I believe is for Meltdown. My version of Mint is up to date and is running kernel 4.10.38. Mint is very cautious about what they push out. From that github link:
      “[PRIV-LOAD] Linux: KPTI

      Linux kernel page-table isolation. Shipped in Linux 4.14.11 and will ship in 4.15. 4.14.11 version is rough around the edges; future versions should fix further issues.”

      I know that the FF mitigation for Spectre was in the repo yesterday.

      justaned

      1 user thanked author for this post.
      • #157598 Reply

        anonymous

        Allow me to add this : to Ubuntuwicki in reference to kernel patches.
        https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

        just an ed

      • #157613 Reply

        Bill C.
        AskWoody Lounger

        The caution level in the Mint updates is outstanding. It givea a good deal of preventive steps to take for each level and explains the risks in “plain English.” I believe it is more explanatory than my Ubuntu is, even though they are both using Ubuntu base. I was primarily expecting something on the Community day.

        And I do say I am patient to wait.

    • #157608 Reply

      anonymous

      Haven’t found any comments on this, so I’ll toss it out there:

      TLDR: I applied the stand-alone x86 patch KB4056897 on a Win7-32bit VM on an Intel Sandy Bridge host.  Everything normal, no bluescreen, etc.  I then ran a following validation script (from https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050) which reported that support for kernel VA shadow (Meltdown) was not present nor enabled.

      Additional details:

      Going through the same patching process on a Win7-64bit VM on the same host resulted in the validation script reporting that kernel VA shadow was both present and enabled.  Both systems were stock Win7 SP1 with no anti-virus installed, and no registry key set.  For good measure, I tried setting the registry key on the 32bit VM, installing the 4056894 rollup, installing all windows updates, all with the same result – the validator script reports no Meltdown mitigation present on Win7-32.

      The patch did do something though, because after patching the validation script did indicate that branch target injection (Spectre) mitigation was present, but not enabled due to lack of hardware support.  (This was expected).

      So…  it’s not clear to me if the x86 version of the patch actually patches for Meltdown on Win 7-32 systems.  It could be the validator script doesn’t work properly, though the fact that it reports a change for Spectre, and reports the expected Meltdown patch state on Win 7-64 seems to argue against that.  It could be the Meltdown portion of the x86 patch doesn’t work on Win7-32 in a VM (VirtualBox) configuration.  I haven’t found any other references to this.  Can anyone duplicate my observations?  From what I can tell, folks are just happy if the patch applies without a BSOD… but what if the patch doesn’t work as intended?

    • #157611 Reply

      AJNorth
      AskWoody Lounger

      For those who use Firefox ESR, this from Mozilla (2018.01.04):

      We have released the two timing-related mitigations described above with Firefox 57.0.4, Beta and Developers Edition 58.0b14, and Nightly 59.0a1 dated “2018-01-04” and later. Firefox 52 ESR does not support “SharedArrayBuffer” and is less at risk; the “performance.now()” mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018. (https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/)

    • #157617 Reply

      anonymous

      Microsoft is aware of the issue with AMD.  They have paused sending out updates for win 7/ 8.1/10 with AMD Processors. All in the Link Below.

      https://support.microsoft.com/en-us/help/4073707/windows-operating-system-security-update-block-for-some-amd-based-devi

      3 users thanked author for this post.
    • #157624 Reply

      anonymous

      Woody:  Martin Brinkmann is reporting that Microsoft has halted patches for selected AMD devices:

      https://www.ghacks.net/2018/01/09/microsoft-halts-security-updates-for-select-amd-devices/

      MikeFromMarkham

      2 users thanked author for this post.
    • #157736 Reply

      anonymous

      CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility:

      https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

    • #157779 Reply

      anonymous

      TRY A RECOVERY DISC to get to the command prompt if the builtin recovery does not work after running the command.

      We have found that some of our computers were not able to be repaired when running the command from the in builtin  Windows recovery options

      dism /image:d:\ /remove-package /packagename:Package_for_RollupFix~31bf3856ad364e35~amd64~~7601.24002.1.4 /norestart

      However, using a repair disc worked 100% of the time even on the computers that that had problems when using the builtin repair tools

      1 user thanked author for this post.
    • #157832 Reply

      anonymous

      Just to make sure… I have KB 4056892 installed, and haven’t experienced any issues. No slowdown or bluescreens, using Windows Defender as my AV. Should I just leave well enough alone?

      • #157842 Reply

        PKCano
        AskWoody MVP

        I would check to see if you have any other updates offered – like Office, IE11 Flash Player, .NET. But you can wait till DEFCON 3 or above to install them.

    • #157980 Reply

      anonymous

      I’m running a PC with Windows 8.1 &AMD and I received the KB4056895 Rollup update along with 4 other updates today for patch Tuesday. Didn’t Microsoft say they stopped  the release of the KB4056895 rollup update for AMD users yesterday.  I hid the update but I’m disappointed I received it.

      • #158002 Reply

        abbodi86
        AskWoody MVP

        Not all AMD cpus are affected/excluded

        what’s your processor family?

        • #158034 Reply

          anonymous

          I have the AMD A10-7300 with Radeon™ R6 Graphics

          EDIT This reply did not reference @abbodi86‘s response, but this seems to be where it fits (this may be incorrect though)

    • #158329 Reply

      Cartoonist Aaron
      AskWoody Lounger

      Hey, if you can’t turn your computer on, it can’t be hacked! #featurenotabug

      1 user thanked author for this post.
    • #158375 Reply

      anonymous

      Intel PCs damaged by KB4056892.  Damage severe if some legacy apps are executed.  Lists of installed updates vary per how the lists are accessed.  Some installs continue to be reported after removal.   Damage includes “Settings” won’t run.  Whatever to do about this?  Only known fix is to do a clean install of Windows.
      This type of damage seems not well known/publicized.
      I have to know if others have the same experience?
      Or are we the only ones in the world with this problem?

      Next: hiding updates only works for updates that are already on the way.  One can hide KB4056892 but what about protecting from what comes next?   Turn off Windows Update service seems extreme.  But the damage MUST be prevented as impacts are great.
      Any comments?  Ideas?

    • #158834 Reply

      anonymous

      I’ve been asked if any of the computers had AMD video cards.  I don’t know for sure.  There are so many that it’s possible I suppose – depending on the intended meaning of the question. BUT, all of the computers are (mostly Dell) minitowers that are very likely running on-board video and wouldn’t have been purchased with any add-on video “card”.

      • #158837 Reply

        PKCano
        AskWoody MVP

        The reason you were asked about the AMD video cards is because the Jan updates have been causing problems with some AMD video as well as AMD processors. Microsoft has blocked certain AMD devices from receiving updates because of BSODs.

    • #159345 Reply

      anonymous

      Hello.  I am here to report that the two patches KB4056568 and KB4056897 when installed in VirtualBox 5.1.30 or 5.2.4 with a Windows 7 x64 guest OS will cause the guest OS to hang at restart. 8-(

      https://forums.virtualbox.org/viewtopic.php?f=2&t=86244

       

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Widespread reports of blue screens (0X000000C4 and 0x800f0845) with Meltdown/Spectre patches for Win7 (KB 4056894) and Win10 1709 (KB 4056892)

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.