Windows patches for Total Meltdown, bluescreens, an IP stopper — and little documentation

Topic

New Reply

Last week ended with a bang. Several bangs, in fact, including an enormously confusing and potentially damaging fix for the Win7 Total Meltdown hole,
[See the full post at: Windows patches for Total Meltdown, bluescreens, an IP stopper — and little documentation]

10 users thanked author for this post.

geekdom, Great Lake Bunyip, JDeC, lawrenceB, AJNorth, Microfix, MrBrian, Heavenly, SueW, Elly

Reply | Quote

Replies

If I’m reading this correctly, the Total Meltdown mess should not affect my Windows 7/AMD CPU computer at all. Is that correct, or have I gotten lost again in Microsoft’s latest patching maze?

Reply | Quote

Have you installed any Windows security updates (rollup or sec-only) since December?
If you have, you are affected – it’s not inclusive of Intel processors.
You can either uninstall all those patches, leaving December as the last security updates you’ve installed, or, you can install this new update which supposedly plugs that hole.

1 user thanked author for this post.

Great Lake Bunyip

Reply | Quote

If you installed any of the 11 updates mentioned in Woody’s article on any of the Windows operating systems listed in the Affected Products section at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038, and you didn’t install KB4100480, then you have the Total Meltdown vulnerability (CVE-2018-1038).

8 users thanked author for this post.

SueW, Great Lake Bunyip, JDeC, Geo, Elly, OscarCP, Demeter, woody

Reply | Quote

Odd….

All indications are that Total Meltdown is a flaw in 64-bit Windows 7 and Server 2008 R2.

But I don’t see any official confirmation from Microsoft that AMD processors are exempt. Ulf, in his initial report, called out Intel processors.

3 users thanked author for this post.

Great Lake Bunyip, JDeC, HiFlyer

Reply | Quote

The PML4 (page map level 4) that Ulf mentions was introduced by AMD (and copied by Intel) according to https://www.pagetable.com/?p=14.

5 users thanked author for this post.

woody, Great Lake Bunyip, HiFlyer, Elly, Microfix

Reply | Quote

Woody

This is what is confusing. According to your article, the Total Meltdown Mess refers to 64 bit processors. (If you installed any of those 11 patches on your Intel 64-bit Windows 7/Server 2008 R2 computer, you opened up a gaping hole known as “Total Meltdown,”)  Many of us are still using the 32 bit processors with Windows 7. I  am using a 32bit older AMD. From what I have read, the 32bit is not affected by this “Total Meltdown gaping hole” mess and installing KB4100480 is not required. Am I right?  Can this be explained to a confused 72 old man? Regardless, I will watch your Defcon rating and follow your instructions then. Thanks for your invaluable help.

Edit to remove HTML. Please use the “text” tab in the entry box when you copy/paste.

Reply | Quote

This is confusing me too. Woody’s article specifically referenced 64-bit Intel processors/Windows 7 combos as being at risk, with no mention of potential AMD vulnerability. Yet most of the posts here seem to say the same problems apply. Does anyone have the definitive answer to whether this is an Intel-only problem?

Reply | Quote

Since you’re using a 32-bit processor, you can’t run a 64-bit Windows operating system. And since you’re not running a 64-bit Windows operating system, you won’t have the Total Meltdown vulnerability. 🙂

2 users thanked author for this post.

woody, Elly

Reply | Quote

I must have misled you… My Windows 7 desktop uses both a 64-bit AMD A4 series CPU and a 64-bit copy of Win7.

Reply | Quote

“Does anyone have the definitive answer to whether this is an Intel-only problem?”

I’m pretty sure that AMD 64-bit processors that run the affected 64-bit Windows operating systems can be affected by Total Meltdown.

1 user thanked author for this post.

woody

Reply | Quote

Guess I’ll roll everything back to December then… Maybe Microsoft will finally figure this out before Windows 7 hits EOL!

Reply | Quote

Jim,

Are you sure you are using a 32-bit CPU (processor)?  The newest of those was introduced in 2004 on the desktop or 2005 for laptops, and they were all single-core, as far as I have been able to gather.  It’s not impossible, but my gut tells me that maybe 32-bit CPU and 32-bit OS are being confused.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

woody

Reply | Quote

I think this [several months’ long] fiasco should cause everyone to reconsider the notion that Group W is not an option. 🙂 I think this goes to prove that it is, now more than ever.

I’m not advocating it – yet. But I do think that Susan’s advice of rolling back all sec updates to December is a sound one, for sure. From that point, you’re basically Group W until MS fixes their c**p. (And you’re definitely better off.)

I’m surprised Woody hasn’t done an article yet about the reorg of MS and the shift coming which takes the weight and priority away from Windows (desktop and server) and seems to place it more on cloud products and services (Azure, O365). Where do we go from here? Unfortunately I think things are going to continue to get worse, especially with updates.

17 users thanked author for this post.

anita.yk, SueW, Great Lake Bunyip, JDeC, AJNorth, HiFlyer, Karlston, Elly, Sessh, OscarCP, Microfix, Cousinjack, wdburt1, Bill C., The Surfing Pensioner, Cybertooth, Seff

Reply | Quote

Group W is indeed an option, and perhaps may very well be the best, dare I say that. Sure, it’s bad for security, but then again, what better way to improve security than to install a patch that *reduces* your security so greatly that an amateur could hijack your computer?

The concept of automatically updating software is NOT a good thing in and of itself; it is only a good thing if the people behind the patches are able to ensure that only the correct patches are released and that the patches are not over-the-top problematic. Only then can automatic updating be a good thing.

Chrome updates itself automatically, and the reason why it’s able to do it is because the updates don’t completely screw everything up. Automatic updating, as of the present, is a bad idea for Windows because Microsoft has clearly shown that their patches often throw a monkey wrench into the works and gum everything up. I don’t know exactly how Google does it, but they surely must have better quality control than the kerfuffle with Windows patching right now!

People should *never* trade away their logic and blindly assume that automatic updating is automatically a good thing. The developers behind that button should have a good record of testing their patches and making sure they work properly before that option should ever be checked. Manual updating is not a sin, and sometimes you really do need to hold off on updates because of something critical that needs to be done now. With Windows updates, installing patches seems to be like playing Russian roulette. This sort of gambling is not what most people need.

2 users thanked author for this post.

Seff, The Surfing Pensioner

Reply | Quote

Anon #180627 said:

Chrome updates itself automatically, and the reason why it’s able to do it is because the updates don’t completely screw everything up. […]  I don’t know exactly how Google does it, but they surely must have better quality control than the kerfuffle with Windows patching right now!

Google conducts what is known as staged (ie. progressive) rollout for Chrome browser & its Play Store apps. The stable version of Chrome or Android app is released to a subset of users over an extended period of time, “so that any issues can be detected early and addressed before they reach all users“. [Ref: Chrome Release Cycle]

For instance, Chrome Desktop may follow this release plan: 5% of users => 15% => 50% => 100% of users. A more cautious rollout plan may proceed as follows: 1% of users => 5% => 15% => 50% => 100% of users.

The various subsets of users are randomly selected for each stable release, & their respective percentages, as well as the total rollout time can vary from version to version. And note that it could take weeks for 100% of the user-base to get the latest stable release via automatic update.

A disadvantage of Google’s staged rollout strategy is that the initial subset of “lucky” users selected to receive the latest stable release are basically (unpaid) guinea pigs. (Sound familiar ?)  Such users are typically the first ones to pop up on Google & Chromium forums, Google Play Store pages, random discussion forums, etc. to query or report about new bugs in the stable (not beta) version.

Google & Android app developers also monitor the reception of the latest stable release via telemetry, & may halt the rollout if necessary.

Release Updates Progressively to Ensure a Positive Reception

Staged rollouts help ensure that the smallest number of users are affected by any issues you may have missed during testing. During a rollout, the Release Dashboard lets you monitor a range of information about the health of your rollout and compare it to previous releases. You can monitor crashes, ANRs, installs, uninstalls, and ratings, including the number of ratings provided. If you see anomalies in your app’s behavior, you can suspend the rollout, make corrections, and release an app update if necessary before continuing the rollout.

Developers Can Now ‘Halt’ A Staged Rollout To Minimize The Fallout Of A Bad Update

This is the reason Google introduced the alpha and beta channels, and then added staged rollouts. These features give developers a way to steadily release new versions into the wild, discover their bugs, and fix them before a wide release. However, all of this still relies on treating some of your users as guinea pigs. If you’d like to keep them around, it’s best to minimize the fallout of a bad release as soon as it’s discovered. To make things a little easier, Google has added a new button to the Developer Console that stops a staged rollout immediately.

Even so, Google does not always succeed in catching all bugs, especially those occurring on less common system &/or hardware configurations. For example, the stable & beta versions of Google Chrome since v64 (stable: 24 Jan 2018) all display a black screen for streaming videos, if the user has a dual-GPU system & if hardware accleration is enabled. To date (more than 3 months later), Google & Chromium devs still have not figured out what is causing the issue.

A more serious disadvantage of Google’s staged rollout strategy is that only a small minority of users would receive security fixes in a timely fashion — even if there is nothing wrong per se with the said security fixes. This can be detrimental where critical security vulnerabilities with active exploits are concerned — although Google does try to mitigate this by delaying the descriptions of known security vulnerabilities, whenever a new stable version is released.

Likewise, only a small subset of users will quickly receive fixes for non-security problems that might nevertheless be affecting one’e workflow.

Chrome Destop users (ie. those who keep up with security news) can work around the above issue somewhat by running a manual update check via a chrome flag, or manually downloading & installing the latest version over the old one.

However, it is not possible for Chrome Android users to install the latest version via a manual check or by clicking ‘Install’ at the Google Play Store — unless they happen to fall within the subset of users selected to receive the release at that particular moment in the rollout timeline.

So which rollout strategy is better or worse is perhaps debatable. Right now, for WinOS users, if Windows Update is set to any other value except automatic download & install, you get to decide if , when & how  you want to install the updates.

Or would you prefer a mandatory staged rollout where:

• We will neither be offered nor allowed to install Windows Updates (via the console or after a manual download from MS’s catalog) — including critical security & functional fixes — on Patch Tuesday week (or even 1-2 weeks later), unless we happen to fall within the first 1% or 5% subset of users randomly-selected for the current month’s updates ?
• And all subsets of users will sequentially be forced to install updates via automatic update (whether we want the updates or not), because Microsoft’s rollout plan is to hit 100% of users by a certain deadline ?

Note: If you do a cursory web search, you will find lots of user queries on how to disable  Google’s automated mandatory updates. Google does not offer such an option, so one has to resort to trying out various indirect methods that Google might kill off with the next version update. Is this what WinOS users want wrt Windows Updates ?

2 users thanked author for this post.

anita.yk, MrBrian

Reply | Quote

In defense of Google,  there is a difference between Microsoft and Google

The guinea pigs in the case of microsoft is like 70% of its user base since most people use the home version.

In Google case, the guinea pigs are like 20% of the user base

Just someone who don't want Windows to mess with its computer.

Reply | Quote

Woody’s article has been posted (see original post).

Regarding KB4099950, actually it appears to run (once) a file it contains named PCIClearStaleCache.exe. After PCIClearStaleCache.exe is run, log file \windows\logs\PCIClearStaleCache.txt is created (example).

abbodi86 analyzed the contents of KB4100480 and KB4099467 at https://www.askwoody.com/forums/topic/patch-lady-more-updates-released-to-fix-march-patches/#post-179329. I analyzed the contents of KB4100480 at https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179396.

5 users thanked author for this post.

SueW, Great Lake Bunyip, flackcatcher, Elly, woody

Reply | Quote

What do i do if I have already installed the March monthly rollup patch KB408875.  Do I just go ahead and install the KB4099950 patch or is it even needed as it is not checked in windows update.  This is all getting very confusing.

Reply | Quote

Please read Woody’s article in ComputerWorld here.

I esplains which patches make you vulnerable to Total Meltdown and what you should do.

Reply | Quote

Thank you for your reply, I did install the KB4100480 patch for the total meltdown, it’s the 4000050 patch I don’t know what to do with.

Reply | Quote

If it’s unchecked, do nothing.

4 users thanked author for this post.

SueW, Great Lake Bunyip, AJNorth, woody

Reply | Quote

I don’t think KB4099950 can fic the NIC issue (if present) after KB4088875 rollup is already installed and rebooted, because pci.sys version would be higher than KB4099950 check version

in this case you may need to run the older vbs script than don’t check pci.sys version
or this powershell command as admin

Get-ChildItem "HKLM://System/CurrentControlSet/Enum/PCI/*/*/Device Parameters/SlotPersistentInfo"|Remove-Item

1 user thanked author for this post.

woody

Reply | Quote

Frankly, I haven’t a clue what to do at the moment with my two Windows 7 x64 home desktops. I have the January and February monthly rollups installed and should, therefore, on balance probably install KB4100480 which at least is checked unlike the March monthly rollup KB4088875.

Then again, we’re supposed when we do get to install that March monthly rollup to install KB4099950 first – yet that is listed as both optional and unchecked so the normal rule would be to ignore it.

Given that the next few days are both immensely busy for me and also in part dependent on having working machines, I’m inclined to take the easy option and do nothing until we get the DefCon rating reviewed. Hopefully I shall have a clear mind and a bit of spare time by then!

Incidentally, one point does concern me both in the light of the recent arrival of Susan “Patch Lady” Bradley (hugely welcomed!) and also the growing mess that is Windows Updates, and that is the need for those here who are issuing firm recommendations to ensure that they are all singing the same tune.

In particular, I think Woody needs to make it clear on specific occasions if he endorses the advice to take action on a particular issue while the focal part of the site – DefCon ratings – is saying to do nothing at the moment. Otherwise there is a danger that different team members are pointing us in different directions and we all end up none the wiser as to which direction to take. All the advice is greatly appreciated, but if it is contradictory then it creates its own problems, and Microsoft are creating enough problems on their own!

12 users thanked author for this post.

anita.yk, rhp52, SueW, Great Lake Bunyip, flackcatcher, JDeC, LH, HiFlyer, OscarCP, Cybertooth, zero2dash, MrBrian

Reply | Quote

I ended up uninstalling the Jan & Feb sec-only updates from my Win7 x64 Group B VM just to be on the safe side (even though it’s Hyper-V so I have snapshots and it’s somewhat of a ‘throwaway’ machine anyway).

It’s sad that computing on Windows has come to this. Whether you update or not, it doesn’t matter because you’re screwed either way. At least most of us are behind NAT/routers/firewalls and Windows even out of the box is inherently more secure than it used to be, especially everything post-XP, so, being in Group W (or at least behind on updates) isn’t as critical as it used to be.

1 user thanked author for this post.

anita.yk

Reply | Quote

Either roll back the January and February 2018 updates, or install KB4099950 (fix for network card settings) first, then install the March update, and then install KB4100480 after installing the March update. The last update must be installed to resolve an escalation of privilege vulnerability which was introduced in the March update.

Reply | Quote

Seff: I second that, and add that I think it would be a good idea if the Patch Lady’s Patch List on the status of her update recommendations had its link included in all her postings. So one does not have to rifle through her successive postings to find the one with the link to that list which, kept reasonably up to date, can help mitigate the confusion some of us have trying to follow the present barrage of announcements of new problems on top of old problems.

A barrage that a number of signs and portents indicate might be the new normal for users of Windows that need it to be in good order to get their work done.

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

Reply | Quote

There is a button at the top of the webpage called “Master Patch List.” Is that what you are asking for?

3 users thanked author for this post.

SueW, Great Lake Bunyip, woody

Reply | Quote

Still confused here over this mess. I would be glad to roll back, except my use of Disk Cleanup seems to have removed all my Add/Remove entries with the exception of the Feb. updates. I installed KB4100480 and I am now being offered via WU KB4099950, which I wasn’t being offered before I installed KB4100480. Unless I’m misunderstanding, I’m NOT supposed to install KB4099950 that is showing up in WU ???  I have not installed the March updates.

1 user thanked author for this post.

JDeC

Reply | Quote

“Those who use Disk Cleanup to clean up Windows Updates should note that […]”

1 user thanked author for this post.

woody

Reply | Quote

Those of us who used disk cleanup, and lost all the roll up`s back to Sep.;  then reinstalled the Dec. roll up.  Can we ever again use disk clean up?

Reply | Quote

Yes you can.

To use a ladder analogy, when you use Disk Cleanup of Windows Updates, it removes all of the intermediate “steps” below the “step” that you’re on with regard to Windows monthly rollups. When you install a newer Windows monthly rollup (and reboot), a “step” is added right above the one you’re on, and then you move up to the newly added “step.” When you uninstall the currently installed monthly rollup (and reboot), your system goes back to the closest “step” below the one you’re on, or to the “ground” (no Windows monthly rollup installed) if there are no intermediate “steps” below the “step” that you’re on now. Whether you use Disk Cleanup of Windows Updates or not, the “ground” is always there :).

1 user thanked author for this post.

SueW

Reply | Quote

I’m confused (like everyone else at this point).  I’m Windows 7 – Group A.  I installed both the Jan and Feb updates and both installed with no difficulties.  After reading Susan’s latest recommendations to roll back to Dec – I checked and in Windows Update both Jan and Feb show as installed.  Where I go to rollback (Control Panel – Programs – View Installed Updates), only the Jan update is listed – no February update is showing but I know it was installed with no issues.  So – since I can’t apparently roll back February (since it isn’t showing) – what do I do now?  Install 4100480 or leave well enough alone until the dust settles?  I should add I’ve noticed no problems with my laptop – all seems to be running well.

Reply | Quote

I would roll back – uninstall the Jan sec updates.
Yes that means you’ll only be patched through and including December, but I wouldn’t install March’s updates yet either because they seem to cause a lot more problems than they fix.

To be honest with you I wouldn’t be surprised if Woody suggests skipping March’s updates altogether, unless he (and some of the wiser MVP’s like MrBrian and abbodi86) come up with a working ‘patch plan’ that walks people through the updates to install. Right now, it’s a minefield, with a lot of live ones and only a few duds.

7 users thanked author for this post.

anita.yk, Great Lake Bunyip, JDeC, HiFlyer, GoneToPlaid, woody, Seff

Reply | Quote

I also agree that, at least as things stand now, it is preferable to roll back to December and wait. I have done this on all of my Win7 computers.

2 users thanked author for this post.

JDeC, HiFlyer

Reply | Quote

If I’m correct, for an individual having installed the January and Fébruary patches, Woody says (now) to do nothing : don’t roll back and don’t install 4100480. You have to wait for MS-DEFCON to change and follow the new instructions.

1 user thanked author for this post.

JDeC

Reply | Quote

That’s correct. I’m still at MS-DEFCON 2.

We may see a Total Meltdown attack in short order. If we do, I’ll change my tune quickly and try to figure out how to thread this crazy needle. But for most people — ones who are using Chrome or Firefox or one of the other major browsers, who don’t have itchy clicking fingers — I figure your best bet is to sit pat.

Businesses and organizations are a different kettle of worms. I’ve always recommended Susan’s advice, and if she’s scared into rolling back, that’s something admins should take to heart.

8 users thanked author for this post.

SueW, StruldBrug, Great Lake Bunyip, JDeC, HiFlyer, Bill C., GoneToPlaid

Reply | Quote

TotalMeltdown requires no malware whatsoever. It can even be executed via simple Javascript in any web browser since the January and February 2018 updates expose all memory to any running program. I strongly recommend that if the January or February 2018 updates are installed, that users either uninstall these updates or install the March update. In this particular scenario, sitting tight really is not an option.

Reply | Quote

Good points, but what I’m betting on is that there aren’t any widespread attacks before Microsoft gets its act together.

The minute there’s a sizable attack against individuals, I’ll change my tune.

6 users thanked author for this post.

SueW, Cascadian, Great Lake Bunyip, flackcatcher, JDeC, HiFlyer

Reply | Quote

Woody, in you Computer World article, you say to install KB4100480 if you have previously installed Jan-Mar patches.  Then in the article’s Bottom Line, you say sit tight, don’t install any March patches.  That would include 4100480.  Where does that leave us that installed at least Jan-Feb patches?  Install 4100480 now, or sit tight?

iPhone 13, 2019 iMac(SSD)

Reply | Quote

If you have installed the March update, then you must install KB4100480 in order to resolve a kernel escalation of privilege vulnerability which was introduced by the March update.

Reply | Quote

I’m talking to two different audiences. Forgive me for adding to the confusion!

For individuals who are reasonably savvy and watching the news, I recommend that you sit tight.

For organizations with members with itchy clicking fingers, follow Susan’s advice and roll back all of this year’s updates.

 

 

9 users thanked author for this post.

SueW, pkoryn, Cascadian, flackcatcher, JDeC, twbartender, HiFlyer, Elly

Reply | Quote

Aha, didn’t understand that from Patch Lady’s ‘To patch or not to patch’ post and comments.
No hard feelings though, didn’t feel like uninstalling security updates anyway and went to give KB4100480 a try: all’s fine on my Group B stand-alone work & play pc.

LMDE is my daily driver now. Old friend Win10 keeps spinning in the background

Reply | Quote

Hi everyone,

Below are my saved notes about installing Group B updates post July 2016. These notes also apply to Group A except that the KB numbers are slightly different. More important and with relevance to this thread are my notes about the 2018 updates. Those notes about the 2018 patches are shown further below. Hopefully my notes will be helpful for all of you who are trying to make sense of the 2018 Windows Update mess.

Best regards,

–GTP

GROUP B SECURITY ONLY UPDATE INSTALLATION NOTES

Notes about the 2016 through 2017 updates…

The October 2016 through March 2017 updates are installed, but the January 2017 update KB3212642 does not show up as installed because it was depreciated by the March 2017 update. This depreciation is not documented by Microsoft.

NOTE: There was no February 2017 update.

Install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from being blocked on some older CPUs. This was Microsoft’s way of saying “thanks” to users who installed Windows 7 on newer generation hardware.

Install the September 2017 update before installing the August 2017 update since the September 2017 update includes newer updates for kernel mode drivers and the Windows kernel.

The October 2017 update may cause Jet DB issues with older apps. A fix is available at:

Microsoft Access Database Engine 2010 Redistributable

The November 2017 update may break printing for some Epson dot matrix printers. Update KB4055038 is available to fix this issue. This update is documented by Microsoft as being available via Windows Update, yet this Windows Update never showed up on my Win7 computers after I installed the November 2017 update

The April 2017 through December 2017 updates are installed.

Notes about the 2018 updates…

NOTE: The January 2018 through March 2018 updates for Meltdown and Spectre fail to protect against BranchScope which is a new variant of the Spectre (CPU speculative execution) class of vulnerabilities.

The QualityCompat regkey must be set before installing any 2018 updates. This regkey should only be set if ALL installed antivirus software has been updated to be compatible, regardless of whether or not the antivirus software automatically runs when booting Windows or is manually run, because antivirus software installs low level I/O drivers which are loaded when Windows starts.

********************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat]
“cadca5fe-87d3-4b96-b7fb-a231484277cc”=dword:00000000

********************

NOTE: The 2018-03-29 KB4100480 Windows kernel update must be installed immediately after installing any of the 2018 updates in order to address a kernel escalation of privilege vunerability. This update may be installed after installing the 2018 updates and rebooting.

The January 2018 update is not installed. This flawed Meltdown update exposes all kernel and program memory to any program.

The February 2018 update is not installed. This flawed Meltdown update exposes all kernel and program memory to any program.

The March 2018 security only update KB4088878 (cumulative Meltdown and Spectre patches) is not installed. This update still has issues (SMB server memory leaks and stop errors). KB4099950 (fix for network card settings) must be installed before installing this update, and KB4100480 Windows kernel update must be installed immediately after installing this update.

The March 2018 KB4100480 Windows kernel update is not installed.

2 users thanked author for this post.

jburk07, Geo

Reply | Quote

One has to wonder if there will be any compelling reason to upgrade the MS-Defcon level and recommend patch installation either before or after Microsoft drops its April load down the update chute in the next few weeks.

Reply | Quote

An easter egg, other than the obvious chocolate type, was also a term for a hidden gem inside a computer or console game. Now it seems microsoft has adapted it to what most are encountering over this last week in their computers.

Windows - commercial by definition and now function...

Reply | Quote

hello, im new here, what i want to know about this KB4100480. My PC only install security rollup update. my last update is January security rollup and from what i read its affected by this Total Meltdown.

is it okay if i install KB4100480 to my PC, or should i update to February rollup first before installing KB4100480?

Reply | Quote

“is it okay if i install KB4100480 to my PC”

If you’re using 64-bit Windows, then yes. See https://www.askwoody.com/forums/topic/windows-patches-for-total-meltdown-bluescreens-an-ip-stopper-and-little-documentation/#post-180583 for more info.

Reply | Quote

Is it still ok for that to be the only patch installed at this point?

Reply | Quote

In my opinion, it’s ok indeed.

1 user thanked author for this post.

Moonbear

Reply | Quote

kinda new at this windows update thing, sorry if i ask too much

so i guess there’s no need for me to install february rollup for now. so my update will be :

1.  january rollup (already installed)
2.  kb4100480
3.  upcoming april rollup (if its a good patch of course), or is it better to wait to update only april rollup since kb4100480 fixes is gonna be included in april rollup right? since i look and it said we’re at MS DEFCON 2 in this website

any info about how this total meltdown can be exploited?or what can i do if i planning to wait for april rollup to patch everything at once?

i tried ask some people and someone said “that the risk of being affected by this is fairly low. The attacker needs some way of running arbitrary code on your computer to begin with, so this exploit essentially just makes a bad situation (your PC is /already infected with a virus) worse (the virus can now read anything stored in RAM). but it can also be accomplished in a wide variety of other ways such as through another vulnerability, a Trojan Horse or other malware.” so i think practicing safe browsing can lower the chance to get this exploited?

Reply | Quote

The KB4100480 fixes should be included in the April 2018 Windows monthly rollup. You’ll have to decide if you want to install KB4100480 before then.

Reply | Quote

Unfortunately, the WSUS ‘update needed’ logic for 4100480 seems broken. I have 115 x64 Win7 machines, patched using WSUS, which have the Jan,  and then the Feb, Security rollups installed, and only 4 of them show up as needing 4100480.

Two other users report similar findings in comments at https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179324

2 users thanked author for this post.

woody, MrBrian

Reply | Quote

I think KB4100480 is made available only to those who have already installed one of the March 2018 CU or Security Only, as it is meant to fix one of them. If none is installed, then KB4100480 is not offered.
Unless you work for an organisation with high compliance requirements, you may want to wait until next Tuesday and apply the regular monthly update instead of intermediate emergency patches/hotfixes which are known to be tested less then the regular ones.

2 users thanked author for this post.

flackcatcher, AJNorth

Reply | Quote

@ch100 It’s not my experience that KB4100480 is only offered to those with the March rollup or security-only update installed, rather it’s designed to fix the security flaw with all the monthly rollup and security-only updates issued between January and March 2018 inclusive.

I have installed both the January and February monthly rollups but not the March one, and I am being offered KB4100480.

 

Reply | Quote

According to the 4100480 kb at https://support.microsoft.com/en-us/help/4100480/windows-kernel-update-for-cve-2018-1038 and everything else I’ve read, any of the monthly rollups, and security-only rollups, from jan, feb, or march are sufficient to introduce the vulnerability on an x64 win7 machine.

So it should be ‘needed’ in WSUS. But it’s not.

Do you have information that contradicts this?

Reply | Quote

This is MrBrian’s take on whether KB4100480 is offered by Windows Update and to whom. There is also some surrounding discussion that may be relevant. I only have security only updates through February and I have not been offered 4100480.

https://www.askwoody.com/forums/topic/patch-lady-new-update-for-windows-7-kb-4100480/#post-179844

1 user thanked author for this post.

MrBrian

Reply | Quote

There’s a report on SevenForums that installing KB4100480 on a Windows 7 x64 machine with an older AMD processor caused the machine to slow down, uninstalling it via system restore restored normal performance.

https://www.sevenforums.com/news/413818-kb4100480-windows-kernel-update-cve-2018-1038-windows-7-a-2.html

2 users thanked author for this post.

HiFlyer, MrBrian

Reply | Quote

Yes I have the older Win 7X64 AMD processor and installed 480 and it really slowed it down.  Guess I`ll have to uninstall it.

Reply | Quote

I’m in group B running 64 bit. I’ve installed the Jan/Feb security only updates. I’ve installed KB4100480. I haven’t installed the March only security updates yet. Waiting for defcon level to change first. Is all ok with my current order?

1 user thanked author for this post.

Northwest Rick

Reply | Quote

Ditto.  Win7 64b, Group B, Lone Ranger (not enterprise), no updates since Feb 2018 security-only group.

The lounge itself has become a maze!  Patiently waiting for the Chief Tracker to chart a way out of the morass:

Rollback to Dec or not?  If yes, all or just non-IE?  If no, partial/selective rollback or forward only?  Which stepping stones?

Or is it time to chuck it all, pretend that Win7 support termination date effectively has been reached & “You’re on your own, mate!”?  Inquiring minds want to know!  Thanks!

5 users thanked author for this post.

anita.yk, HiFlyer, flackcatcher, JDeC, Cybertooth

Reply | Quote

Question:
If and when I install March’s Security Only for Windows 7 x64, SP1 KB4088878, should I, before doing that, also install KB409950 and KB4100480, in that order?
Thanks.
Group B, no rollups.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

See this link and @mrbrian ‘s answer below it.

Reply | Quote

PKCano,

The entry by MrBrian you’ve gave me a link to in your answer is about installing the rollout:

2. Install KB4088875

Mine is about the Security Only KB4088878

Is there a difference in what one is supposed to do, or is his a one-answer-fits-all?

Thanks.

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The sequence would be the same. Substitute the SO for the Rollup.

2 users thanked author for this post.

HiFlyer, OscarCP

Reply | Quote

Hoo-boy. I must be the only person here who’s installed all three Jan/feb/mar security updates. Upon installing the March update, however, I did install KB4100480 as soon as it was offered. This is just a hot mess – any redemption for me?!

More confused than you 🙁

2 users thanked author for this post.

anita.yk, HiFlyer

Reply | Quote

Regarding Windows 10 March Updates:

Could one of the MVP’s start a separate thread regarding where we are with Windows 10 March updates> Ver 1709 in my case.  KB4088776 and KB4089848.

There was a previous update from MS for Windows 10 regarding the Meltdown – is there any concern over that?

I still have my Windows 10 Pro x64 updates on 30 day delay, but running short on time.

Reply | Quote

Help Please!!!     I just got through rolling back to Dec 2017 and reinstalling the Dec. monthly KB4054518. After uninstalling Feb monthly my Add/Remove showed Jan. monthly KB4056894 which I then uninstalled. I reinstalled Dec. monthly KB4054518 and then I ran WU. Here’s what I’m being offered:

KB-4074598 Dated Feb. 2018

4091290 ( unchecked ) , 2862152 , 3022777 , 3076895 , 3084135, 3101722 , 3092627 , and optional update 4099950. After uninstalling Jan. rollup and reinstalling Dec. I would think it would be offering the March rollup or at the very least January..not Feb. Really got a mess here, any help would be greatly appreciated. Windows Minitool is showing last rollup installed was Dec.        Thanks

 

Reply | Quote

The March Rollup has been unchecked or has not shown up at all on Win7 computers.

Hide the Feb Rollup, check for updates, hide the Jan Rollup, check for updates.

There will be a bunch of old patches offered. Watch out for the telemetry patches and install whatever old patches are checked by default.

Reply | Quote

I hid the Jan and Feb rollup…do you see any others in that list that I need to hide before installing all the rest ???

Reply | Quote

If you don’t want the telemetry patches, see the list at the top of AKB2000003 to hide (if they appear).

1 user thanked author for this post.

bobcat5536

Reply | Quote

Thank you for the help…much appreciated..all looking good here so far.  Windows update now bringing up 2 important updates KB-4088875 March monthly and KB-4091290 ( both unchecked ) and 1 optional KB-4099950 ( also unchecked ).

Reply | Quote

After reading through the other posts here I decided to erase my question and start over. Following the advice I received from @MrBrian Saturday night I installed KB4100408 on its own. Now it seems like I may have misunderstood what I was told. Just about everything I’ve read talks about installing KB4099950, KB4088875 and THEN installing KB4100408 if you don’t plan to roll the updates back. Which is where my problem lies, should I go ahead and uninstall 4100408 then install the other 2 in order or sit tight and wait for more information?

Reply | Quote

As long as you had at least one of the 11 updates mentioned in Woody’s article installed before  you installed KB4100408, you should be fine. You don’t need to uninstall KB4100408 before installing KB4088875 when Woody gives the go-ahead.

1 user thanked author for this post.

Moonbear

Reply | Quote

Thank you @MrBrian, since I have both KB4054700 and KB4074598 installed you’ve taken a massive weight off my mind. I’m still a little fuzzy one one thing though, what about KB4o99950? How will that come into play once Woody gives the green light?

Reply | Quote

You’re welcome :).

When Woody gives the go-ahead to install the March 2018 updates (if it ever happens), you’ll want to install KB4099950 by itself before installing either KB4088875 or KB4088878.

2 users thanked author for this post.

woody, DrBonzo

Reply | Quote

That’s the easiest thing I’ve been told to do since this whole mess started! Should I restart after installing KB 4099950?

Reply | Quote

You probably only need to reboot after installing KB4099950 if the system asks for a reboot. It’s probably best to wait to install KB4099950 until right before you intend to install either KB4088875 or KB4088878.

Reply | Quote

That was my plan, so now I’m settling in to wait for the dust to settle. (If, as you said, it ever does.)

Reply | Quote

I’m wondering if the March Rollup or Security Only updates will reintroduce the Total Meltdown hole that KB4100480 fixed, and therefore require that KB4100480 be reinstalled after the March Rollup or SO patches are installed.

2 users thanked author for this post.

HiFlyer, Cascadian

Reply | Quote

@DrBonzo: That shouldn’t happen, because the Windows servicing system is “smart” enough to not do such a thing. In fact, I tested this aspect today with one of the monthly rollups, and the behavior was as I expected and hoped; the newer version of file ntoskrnl.exe installed by KB4100480 was still in effect after installing a Windows monthly rollup containing an older ntoskrnl.exe (and rebooting).

5 users thanked author for this post.

woody, Moonbear, AJNorth, Cascadian, DrBonzo

Reply | Quote

I have windows 7 64 bit, and have installed the march monthly rollup kb4088875 and then was offered the kb4100480 patch which i also installed.  I was then offered the kb4099950 patch which is unchecked and have not installed.  Is is safe to install this patch it or should i just wait. I seem to be out of the recommended sequence for installing all of these patches.  I only got the kb4099950 patch after the kb4099950 patch was offered and installed.

Reply | Quote

If it is UNCHECKED do not install it. See @abbodi86 ‘s information here.

1 user thanked author for this post.

anita.yk

Reply | Quote

@moonbear +1 i did the same waiting for answer from experts

Reply | Quote

Yes I am Group B, and have installed all the Security Only updates including March. Consequently I installed KB4100480 but haven’t installed KB409950.

Is this OK to do? My computer is running fine but should I start uninstalling updates or sit tight.

Many users are on different pages trying to follow the same story.

Reply | Quote

Let me see if I have this straight. Windows 7 x64 computers with AMD processors were not vulnerable to Meltdown. Microsoft then pushes patches to these computers and makes them vulnerable to Total Meltdown. Microsoft then pushes a patch to fix the Total Meltdown vulnerability that they caused and it slows computers with AMD processors noticeably. So, for those of us that have AMD processors, what we end up with is a slower computer to fix a vulnerability that we didn’t have in the first place.

I have a headache.

2 users thanked author for this post.

anita.yk, HiFlyer

Reply | Quote

Most patches, most software packages, never uninstall cleanly and there are always remnant files and registry entries. Uninstalling and reinstalling portions of the operating system and patches are recipes for gradual system degradation. Decide, really decide if you wish to install patches. Make sure you have working backups at hand. Install patches once. If the system doesn’t bork, leave the patches alone. Forge onward.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I already decided to avoid KB4088875/KB4088878 altogether and the fixes after those for Win7 until either the April or May updates come out. I do have at least the KB4054518 Dec. 2017 update for those Win7 PCs installed. too many patches to fix Microsoft’s patching mess in March, making me dizzy.

Reply | Quote

Lets see if I’m summing things up right :

when defcon changes, first thing is installing kb4100480

Then kb4099950  (but why this one is marked optional in windows update? seems it should be required)

Then the march updates (group b), aka Mar 2018 KB 4088878 – Mar 2018 (IE11) KB 4089187

Then kb4099467

Correct ? (chances that they re-release kb4088878 to include the 4099467 fix inside?)

Edit Removal of HTML: Use the ‘text’ tab in the post entry box when you copy/paste.

Reply | Quote

Side question..

my win7 windows update:

1) doesn’t show KB4100480 offered

2) is no more showing march security quality rollup.. totally vanished ( being group B, February one reappeared )

3) still shows the malicious software removal etc for march

>>> looks like they pulled entirely march patches ?

 

Reply | Quote

If you just WAIT until Woody raises the DEFCON number, he will give you guidance on which updates to install (or not install), in what order they should be installed, and what bugs are still not fixed. The recommendations have been changing and he will clarify the options at that time.

Anything before that is just guessing.

8 users thanked author for this post.

Demeter, SueW, anita.yk, HiFlyer, Cascadian, StruldBrug, Cybertooth, Elly

Reply | Quote

Yeh well, i guess that’s option B indeed.
Still there’s a curious fact that I’m able to replicate daily since over 2 weeks, and I guess was induced by january or february patches.
I have discussed it with other engineers I know, and they are all baffled.

The fact is that my dual xeon setup ( 52×0 ) has effectively 20% less cpu cycles and around 1 to 2 GB less ram usage if I launch thunderbird portable 17.0.8 and only then I start the same programs I use daily since months.

Right now, instead of being at 100% , I’m at 83%. Skype is way less aggressive, chrome too, etc. and just 15.5GB of real ram used, instead of 17.

Reply | Quote

They said the Meltdown/Spectre mitigation could cut resources by as much as 20%. That would be the Jan and Feb updates – both Rollup and security-only.

Reply | Quote

It happens only if I keep thunderbird on, and that specific version. Until that day I had the exact same usage as before meltdown patches. The thing changed, in my situation, only with that program running, and in that specific order after boot.

Aka if I don’t launch it, there’s no % change caused by the ms patches… 100% was before the patches, 100% was after them

Reply | Quote

@Mazzinina:
KB 4100480 only applies to Win7 64 bit. If you have Win7 32 bit, you were not at risk concerning Total Meltdown & therefore you do not need the KB 4100480. At least, that is what I understand.

~ Annemarie

Reply | Quote

x64 , didn’t explicitly mention it

Reply | Quote

anonymous wrote:

Hoo-boy. I must be the only person here who’s installed all three Jan/feb/mar security updates. Upon installing the March update, however, I did install KB4100480 as soon as it was offered. This is just a hot mess – any redemption for me?! More confused than you 

Well, at this point you are protected against Meltdown, Spectre and Total Meltdown. You are also protected against the recently disclosed Windows kernel vulnerability. Given that you are here and haven’t lost your networking connections, I would say that at the moment you are good to go since you obviously did not encounter either of the two potential blue screen issues when rebooting your computer.

I also figure that you also must be running fairly new hardware if you haven’t noticed any obvious slowdown of your computer after installing these updates. My Win7 computers have Haswell CPUs. I had very obvious performance degradation after I installed the January update.

Reply | Quote

About the slowdowns, personally I think they are also related to the mix of cpu/chipset/drivers/etc etc.
i’ve an older cpu than you, being a xeon 52×0, and i was ready to yell after installing january updates. But for some weird reason I could see no differences, including data transfer… actually I think I gained some performance in this sense.

What are the chances that they put together some slightly different codes, chipset/cpu test based, to affect enterprise class hw differently from consumer hw ?

Reply | Quote

Oh great, my old friend KB2952664 is back again – I wish I had a fiver for every time I’ve hidden it!

Funny how figures showing a decline in Windows 10 usage are immediately followed by the re-release of an update designed to facilitate upgrading to Windows 10!

1 user thanked author for this post.

SueW

Reply | Quote

Well here is another bang Woody, with regards to Meltdown /Spectre..

the register

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

ouch!

Windows - commercial by definition and now function...

3 users thanked author for this post.

Elly, GoneToPlaid, woody

Reply | Quote

I really need to re-visit this. Haven’t harped about it since late February.

https://www.computerworld.com/article/3257225/microsoft-windows/intel-releases-more-meltdownspectre-firmware-fixes-microsoft-feints-an-sp3-patch.html

Care to take an initial swing at a writeup?

Reply | Quote

I’m getting twitchy again Woody! I don’t think my tourettes could cope.

Windows - commercial by definition and now function...

1 user thanked author for this post.

woody

Reply | Quote

Steve Gibson has updated his ‘Inspectre’ Meltdown check utility.

Release date 11th April 2018

‘Utility now determines and displays whether Intel has produced
a microcode update patch for the Spectre vulnerability.’

More info and download: GRC.com

Windows - commercial by definition and now function...

3 users thanked author for this post.

columbia2011, amraybt, MrBrian

Reply | Quote

the new Inspectre v8 tool is great for Intel CPUs. I won’t be surprised if it will be updated again but will determine if a microcode update is available for AMD CPUs as well.

Reply | Quote

v8 also tells you if intel EVER plans to release a fix for that CPU.

Reply | Quote