Content, Breach

Microsoft: Windows Devices Need Meltdown, Spectre Bug Security Patches

Microsoft has advised Windows users to update their device software and firmware to address the Meltdown and Spectre security vulnerabilities, according to the company's latest statement about the vulnerabilities. The company added software coverage for x86 editions of Windows 10 and plans to provide updates for other supported versions of Windows.

In addition, Microsoft has released Intel microcode updates for some Skylake devices running Windows 10 via the Microsoft Update Catalog; the updates come after Intel last month announced microcode updates for its Skylake processors. Microsoft will offer additional microcode updates from Intel as they become available, the company said.

Microsoft also announced Windows Analytics now helps IT professionals assess Meltdown and Spectre update status by providing device-level insights at scale.

Most Windows Devices Now Support Updated Antivirus Software

Microsoft and its antivirus partners have ensured that the majority of Windows devices are now compatible with antivirus software designed to address Meltdown and Spectre, the company stated. Together, Microsoft and its antivirus partners will continue to help Windows device users manage the risk of compatibility issues, including those that result from antivirus software that makes unsupported calls into Windows kernel memory.

Furthermore, Microsoft requires that Windows device software is up to date and antivirus-compatible. It plans to continue to require that an antivirus compatibility check is performed before the latest Windows security updates can be applied via Windows Update. The company also recommends that Windows device users check with their antivirus software provider to verify compatibility.

Are Meltdown, Spectre Still Alive in the Wild?

Intel first commented on Meltdown and Spectre in January, and in a two-week period ending January 22, the research team at antivirus and security software testing firm AV-Test discovered 119 new malware samples associated with the security bugs. However, AV-Test indicated that most of these samples were proof-of-concepts rather than actual malware.

Initial Meltdown and Spectre microprocessor security bug patches caused higher system reboots after end users applied firmware updates. Intel later identified the source of the issues and offered recommendations to help organizations address the faulty patches.

Meltdown and Spectre are found in modern processors produced in the past decade and allow administrator and user programs to identify the layout or contents of protected kernel memory areas. To date, the security flaws likely impacted billions of devices worldwide, CNN reported.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.