News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • WSUS and Meltdown

    Posted on Threezees Comment on the AskWoody Lounge

    Tagged: 

    This topic contains 5 replies, has 3 voices, and was last updated by  MrBrian 1 year, 7 months ago.

    • Author
      Posts
    • #156591 Reply

      Threezees
      AskWoody Lounger

      I have a question in regards to a WSUS and the Meltdown/Spectre security update patches released by Microsoft.  It is understood that a specific registry key need be present in order to avoid blue-screens due to antivirus (in my case, Symantec EPP).  My question is – if I approve the security patches on the server, will the WSUS server be intelligent enough not to push the patch out to the clients that are lacking this key?  Or will it be pushed out regardless? 

      Furthermore, if it is pushed out regardless, will it fail installation if the key is missing?  Any input would be greatly appreciated.  I don’t want to cause BSODs to every PC on my network that hasn’t yet updated to the latest AV definitions (which we all know should be zero but this is real life).  Thanks!

    • #156606 Reply

      PKCano
      Da Boss

      I am not behind a server. But I can tell you that lack of the Registry key on individual PCs keeps the update from being offered by WU, but does NOT prevent the manual installation of either the Security-only or Rollup on Win7/8.1 or the Cumulative update on Win10 1709. So you can set yourself up for a BSOD if your anti-virus (or other program that makes the call) is not compatible.

      2 users thanked author for this post.
      • #156627 Reply

        Threezees
        AskWoody Lounger

        Thanks for the quick reply.  Honestly, I am not too worried about manual installations – I doubt many of my users will try doing this on their own.  I am worried more about the updates that are being pushed from the server for automatic installation and how the client will handle the update.  It may be that we’re not really sure yet.

    • #156645 Reply

      MrBrian
      AskWoody_MVP

      You could also ask at this thread.

      2 users thanked author for this post.
    • #157386 Reply

      MrBrian
      AskWoody_MVP

      From https://twitter.com/GossiTheDog/status/950345442155524097: “There are multiple long threads on MS website saying SCCM and WSUS aren’t applying the patch without the AV reg key… oh boy, patching is going to stop for many orgs.”

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: WSUS and Meltdown

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.