Meltdown and Spectre

Meltdown is a hardware issue with various modern CPUs and some micro-controllers. The industry is taking a two step approach, patching both the OS and hardware. You will need to apply the patch for the OS (regardless of Windows, Linux, etc.) and the firmware/bios to be fully protected. Be aware, some hardware venders are not supplying updates for older motherboards.


These are not drive by remote exploit attacks, they are local privilege escalation attacks. Granted, it is technically possible that Spectre based attacks can be done through JavaScript, but current there are none known in the wild so chill out and patch your systems.

Some links from around the web that answer commonly asked channel questions

Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs

Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch

Arstechnica article on the technical reason for performance impact across Windows, LInux and hardware

Microsoft links

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Windows Server guidance to protect against speculative execution side-channel vulnerabilities

(See above link for more details)

After you have installed the patch, you can check your status via PowerShell module.

PowerShell Verification using the PowerShell Gallery (Windows Server 2016 or Windows 10 with WMF 5.0/5.1)

Install the PowerShell Module (You should have this locally already, this will offer a chance to update)

PS> Install-Module SpeculationControl

Run the PowerShell module to validate the protections are enabled

PS> # Save the current execution policy so it can be reset

PS> $SaveExecutionPolicy = Get-ExecutionPolicy

PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

PS> Import-Module SpeculationControl

PS> Get-SpeculationControlSettings

PS> # Reset the execution policy to the original state

PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

Important Note Regarding the update and anti-virus compatibility.

If your anti-virus is not listed as compatible with the update, it will be blocked.

Microsoft has identified a compatibility issue with a small number of antivirus software products.

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.

If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.

Windows operating system security update block for some AMD based devices

If you have certain AMD chipsets you may not get the update.

Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time

Specific OS version security advisories with links to the patch if for some reason Windows Update hasn't already installed them

Windows 10 - KB4056892

Windows 8.1 - KB4056898

Windows 7 - KB4056897