Resources‎ > ‎All Windows versions‎ > ‎

Meltdown and Spectre

Meltdown is a hardware issue with various modern CPUs and some micro-controllers. The industry is taking a two step approach, patching both the OS and hardware.  You will need to apply the patch for the OS (regardless of Windows, Linux, etc.) and the firmware/bios to be fully protected.  Be aware, some hardware venders are not supplying updates for older motherboards.

DON'T PANIC
These are not drive by remote exploit attacks, they are local privilege escalation attacks.  Granted, it is technically possible that Spectre based attacks can be done through JavaScript, but current there are none known in the wild so chill out and patch your systems.

Some links from around the web that answer commonly asked channel questions


Microsoft links
(See above link for more details)
After you have installed the patch, you can check your status via PowerShell module.
PowerShell Verification using the PowerShell Gallery (Windows Server 2016 or Windows 10 with WMF 5.0/5.1)
Install the PowerShell Module (You should have this locally already, this will offer a chance to update)
PS> Install-Module SpeculationControl

Run the PowerShell module to validate the protections are enabled
PS> # Save the current execution policy so it can be reset
PS> $SaveExecutionPolicy = Get-ExecutionPolicy
PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser
PS> Import-Module SpeculationControl
PS> Get-SpeculationControlSettings
PS> # Reset the execution policy to the original state
PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser



If your anti-virus is not listed as compatible with the update, it will be blocked.
Microsoft has identified a compatibility issue with a small number of antivirus software products.

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.

If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.
If you have certain AMD chipsets you may not get the update.
Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time
Specific OS version security advisories with links to the patch if for some reason Windows Update hasn't already installed them

Comments