After last week’s news broke on the Intel’s security flaw, developers and cloud based supporters have been scrambling to adjust and create patches to help secure a single fix against the Meltdown and Spectre exploit. As the issue continues to affect other operating systems such as Android, Chrome, iOS and MacOS, provider’s such as Microsoft have already begun releasing several updates and patches to help mitigate the vulnerabilities.
Microsoft began beta-testing Meltdown protection as of late November last year, and as of January 3rd they have released Security-only Updates. Below you will find a complete list of all Microsoft Security fixes as well as additional Microsoft resources to help you protect your server against future vulnerabilities.
As of January 31st, Microsoft has released its third cumulative update for the Windows 10 Fall Creators Update (version 1709) for the month of January. The update takes Windows 10 build 16299.214 and resolves issues in KB4056892 that was pushed out earlier in January in response to help fix the Meltdown and Spectre exploits. There are no new features in this update, just a range of bug fixes, quality improvements and fixes for compatibility issues.
The KB4056892 fixes are
There are three known issues in this update.
Use the following steps to install and run the test:
These improved security updates and increased quality control will substantially increase the difficulty of browser-based attacks such as password theft.
Microsoft Has Blocked a Number of Security Updates for Some AMD Based PC’s after discovering that installing the security updates (stated above) has left some devices unable to boot.
Some supports claim that the compatibility with some set Microsoft fixes is freezing some PCs with AMD chips. As a result, Microsoft will temporarily pause sending the following Windows system updates devices with AMD processors:
If you are unable to install the Meltdown patch at this time. It is essential that you update your browser. Firefox, Chrome, Internet Explorer, and Edge have all been updated with protections against the exploit. In addition, be sure to keep an eye on your security software when working without the Patch. Keeping an up to date software can keep malware off your PC.
Security Advisory ADV180002 | A Microsoft Security Update Guide
Windows Security Update | Released January 3, 2018, and antivirus software
Windows Client Guidance for IT Pros | To protect against speculative execution side-channel vulnerabilities
Windows Server Guidance | To protect against speculative execution side-channel vulnerabilities
Microsoft Edge and Internet Explorer | How to mitigate speculative execution and side-channel attacks
Microsoft Cloud Protections | against speculative execution side-channel vulnerabilities
Guide to protect SQL Server | against speculative execution side-channel vulnerabilities