We’re starting off 2018 with a bang — a big patching bang. All supported versions of Windows are getting an emergency patch to fix flaws in Intel CPU chips that could lead to attackers gaining more information about your systems including passwords and other confidential information. You’ll have read about this — the press have already labeled the flaws as the Meltdown and Spectre bugs.
As Microsoft said in “ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities:”
Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.
Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services.
Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.
Because this is a kernel update that interacts with antivirus utilities, there is a big “BUT” in how you might get this update: You’ll receive it once your antivirus vendor has proven that it can handle the update. The proof will be adding a registry key to the operating system. If this registry key is not added, you won’t get the update offered up to you.
If you want to visually see if your systems are prepared for this update, you can click on Start, type in
regedit and click to approve the elevated prompt. Then you’ll need to drill down to review the following registry key. Note that each bullet point represents a level you’ll need to drill down to:
In the right-hand side in the registry, look for the value as shown below: