Sign in / up

back to article Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes. The Redmond giant issued the out-of-band update late yesterday for Windows 10 version 1709. While …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

  1. MrT

    Meanwhile, on Windows 7...

    ... KB4056894 is causing BSODs (blue and black) on restart after installation. That's on W7Pro-64bit, with Microsoft Security Essentials installed. Okay, so not a stellar setup, but you'd think it would have the least hassle since it's all MS. It even gives different error codes in each crash (80242016, 800F0816, etc.) and a slightly different fix each time as well.

    KB4056894 is now blocked and hidden, because I've got better things to do than nurse borked laptops back to life each time it gets a toe-hold in.

    Will wait to see if the AV trick registry key works, but not yet.

    4 3 Reply
    1. MrT
      Reply Icon

      Re: Meanwhile, on Windows 7...

      And I've just seen the 12/2017 version of the Quality Roll-up update arrive - KB4054518, but that's late (issued 12 December?).

      It's only 00:47 - I wonder if it fixes things...?

      Hmm, it hasn't broken anything, but I'll still hold off with the Jan 2018 one for now...

      0 0 Reply
    2. MrT
      Reply Icon

      Re: Meanwhile, on Windows 7...

      ... KB4056894 is the Win7 version of KB4056892. The details of **94 state Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics Component, Internet Explorer, and Windows Graphics. The notes mention the same registry key details. **94 installs automatically, and leaves one laptop with a STOP error seconds after trying to start Windows.

      Solutions mostly involved the Windows Repair tool, which auto-recovered one time (2nd or 3rd), but required two system restores on a later fix, which is why the December Quality Roll-up reappeared - I'd applied that one late and restores after that date failed to stick.

      YMMV, but that's been my experience so far with this out of step patch.

      From a Meltdown perspective, it's an older laptop (Toshiba SatPro A300D) running an AMD Turion64 X2 CPU, and Radeon graphics. I haven't tried other Intel/Nvidia and Intel/Intel laptops yet, Win10 or Win7-32bit may also have a different ride, which might also be affected by the rest of my PCs running different AV - the A300D really stands apart from the others.

      2 0 Reply
      1. MrT
        Reply Icon

        Re: Meanwhile, on Windows 7...

        Win7-32bit laptop on Intel CPU and discrete Nvidia GPU, with Zonealarm Extreme Security - **94 patch installed with no problems. ZA had set the registry entry itself.

        Win10-64bit laptop on Intel CPU and on board graphics, same ZA AV etc. doesn't list the **92 patch - registry key not set.

        YMMdefinitelyV - mine has, going from no probs to no go, passing not there, in just three laptops.

        0 0 Reply
        1. MrT
          Reply Icon

          Re: Meanwhile, on Windows 7...

          KB4056892 now applied to the Win10 laptop, and has slowed disk br down to between half and fifth of what it used to be...

          Intel 1000M CPU (approx 4 years old), Win10-64bit, Crucial MX200 0.5TB, 8GB RAM.

          On the CrystalDiskMark v6 benchmark the results are between 15% and 60% of what they used to be, probably due to the way the drive caches R/W access through a chunk of system RAM. Subjectively, overall the PC feels more in the 70-95% estimated range from the article, but the workaround has definitely hit this PC's file I/O speed.

          0 0 Reply
  2. Grade%

    Someone cue the goddamn carousel music.

    Please. Thanks. I'll bring enough voodoo rattles so everyone can get in on the dance.

    9 0 Reply
    1. hplasm
      Reply Icon
      Happy

      Re: Someone cue the goddamn carousel music.

      "Please. Thanks. I'll bring enough voodoo rattles so everyone can get in on the dance."

      Thanks! I'll bring the dead chickens from the Unix fridge.

      2 1 Reply
  3. Brian Miller

    Check Twitter for info??

    Check Twitter for updated info?? Might as well use Wikipedia as an authoritative reference.

    Oh wait...

    2 0 Reply
  4. a_yank_lurker

    Chipzilla it was nice to know you

    As bad as this cock up is I suspect there will a series of patches for all OSes that will be rushed more than normal. This is one time I will not criticize Slurp or anyone else for wonky patches to fix Chipzilla's screw up.

    3 2 Reply
  5. Anonymous Coward
    Anonymous Coward

    No Mention of AVG!

    :-[

    I may dust off my pre-speculative execution PII 266 for browsing in future.

    3 0 Reply
    1. Anon
      Reply Icon

      Re: No Mention of AVG!

      AVG, 2018-01-04: "Thank you so much for bringing this to our attention."

      https://support.avg.com/answers?id=9060N000000TrZgQAK

      1 0 Reply
    2. Anonymous South African Coward Bronze badge
      Reply Icon

      Re: No Mention of AVG!

      I also have two P2's - one @ 266MHz and the other at 350MHz.

      Only need a case, got everything for a fine and purdy compootah.

      1 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: No Mention of AVG!

      It's coming to that. One computer for browsing with everything else disconnected from it. That'll make it tough to run a mail server effectively, but what with NICs and Bluetooth not having hard shutoff switches and ME/UEFI there's probably no real extra risk, I guess. To be honest, it feels like most, maybe all, Governments approach to proprietary OSs and software is an extended play in graft and corruption. It's probably a lack of knowledge on Politicians part, but it certainly plays into the deepening distrust people have of Government.

      0 0 Reply
  6. Flocke Kroes Silver badge

    Has anyone checked if existing malware is compatible with the meltdown update?

    Presumably malware uses details of how Windows organises virtual memory and changes in this area may cause malware to crash the OS. Have malware authors provided updates so normal uses can enjoy the benefits of keyloggers and RATs without risk of BSODs?

    18 0 Reply
    1. Korev Silver badge
      Reply Icon
      Coffee/keyboard

      Re: Has anyone checked if existing malware is compatible with the meltdown update?

      Love it! -->

      4 0 Reply
  7. Anonymous Coward
    Boffin

    FUD

    This confirms to me that using 3rd party AV on 1709 build of Windows 10 creates more problems than solutions.

    1 6 Reply
    1. hplasm
      Reply Icon
      Gimp

      Re: FUD

      This confirms to me that using 1709 build of Windows 10 creates more problems than solutions.

      There you go.

      13 9 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: FUD

        This confirms to me that using Windows creates problems.

        Even better.

        11 4 Reply
  8. Joe Montana

    Disabled by default?

    If this update is disabled by default, how many people will install it and assume they're good to go without even realising that it needs to be enabled?

    7 2 Reply
  9. Mike_JC

    I have just checked Regedit and that DWORD above has been set already on my superb but not new Intel Core i3 desktop workstation.

    0 0 Reply
    1. xenny
      Reply Icon

      It's set automatically if your AV including Defender is compatible

      1 0 Reply
  10. Anonymous Coward
    Anonymous Coward

    Intel to provide Chips for Tesla?

    Ok, ok, so what happens when my Tesla Model Z articulated truck suffers a "meltdown" attack while I'm touring the Norwegian Atlantic Coast Road while "Kindling" a book from Amazon on my Samsung Galaxy Note 7?

    Sounds like ARMageddon.

    8 0 Reply
    1. stewski
      Reply Icon

      Re: Intel to provide Chips for Tesla?

      Or even cARMageddon if you follow the kick starter campaign...

      1 0 Reply
  11. Scroticus Canis
    Trollface

    I'm felling like a smug git right now.

    "Apple has quietly patched the Meltdown bug in macOS 10.13.2 in December."

    Is schadenfreude bad karma?

    1 4 Reply
    1. Spacedinvader
      Reply Icon
      Trollface

      Re: I'm felling like a smug git right now.

      Hopefully landing like one...

      1 0 Reply
      1. Scroticus Canis
        Reply Icon
        Pint

        Re: Hopefully landing like one... - Your wish is granted!

        I just felt like a down vote Friday when I posted :) Didn't hear of any hassle with the macOS patch and had no AV problems with Sophos.

        However, karma has had its revenge as I find my beer has evaporated whilst I wasn't paying attention and I now have to get up and get another one. I will however dedicate it to all who won't make it to the pub at lunchtime due to this M$ SNAFU.

        4 1 Reply
  12. Anonymous Coward
    Anonymous Coward

    SYMANTEC SEP

    Symantec have updated SEP and once rolled out the Registry Key is set so the system is offering the MS Patch - however the fix is flawed with users reporting issues - https://support.symantec.com/en_US/article.TECH248552.html

    We are now at the point where the MS patch is installed, the Symantec Update is installed on the PC but SEP is reporting multiple issues.

    1 0 Reply
  13. jason 7

    Done...

    ...the patches and done all the benchmarks.

    No change.

    0 0 Reply
    1. Roland6 Silver badge
      Reply Icon

      Re: Done...

      >...the patches and done all the benchmarks.

      No change.

      Are you sure the patches have actually been installed and enabled and not left in the "off by default" setting?

      2 0 Reply
  14. MrBoring

    Not just AV

    It's not only AV that it breaks. Applying this update will break other applications.

    We've had reports already, Numecent’s CloudPaging solution https://www.numecent.com/cloudpaging/ stops working.

    With such a fundamental change to how Windows works, there will no doubt be many applications that fail and will need updating. This is why this patch needs the reg edit before it installs, as MS know this could potentially break loads of stuff.

    7 0 Reply
    1. Bob Camp
      Reply Icon

      Re: Not just AV

      Which is why nobody should be forcing the update. Just let it happen naturally. Some systems may be vulnerable for several more days, but whats that compared to 22 years?

      0 1 Reply
      1. stewski
        Reply Icon

        Re: Not just AV

        Happen naturally?

        "We're planning on having a home patching, we've even bought a patching pool, breathe, breathe"

        2 0 Reply
  15. Anonymous South African Coward Bronze badge

    We need a Mustrum Ridcully. Or somebody like Vetinari.

    1 0 Reply
  16. LeahroyNake

    Sophos

    I have checked with Sophos and they are rolling out updates today / Jan 5th that set the registry key so that the MS patch should be downloaded and applied etc.

    Fingers crossed it works.

    1 0 Reply
    1. psychonaut
      Reply Icon

      Re: Sophos

      good luck sir, i hope all is well. i hope all is well with trend too....for my sake...

      1 0 Reply
  17. MrReal

    And another way to take out a Win8 and 10 PC...

    Hopefully Microsoft will get around to fixing their giant File Explorer bug too one day.

    1. Get FLAC file and mess with a meta-data length field with a binary file editor.

    2. Put it on a Windows machine.

    3. View it in File Explorer. Note how each broken FLAC you view adds nearly 400MB to File explorers memory footprint. Copy it in File Explorer to watch it each another 400MB per copy made.

    4. As the machine runs out of memory and crashes, make a note to delete them from the command shell as File Explorer can't even look at them.

    I have no idea how File Explorer got this far in the world with this type of schoolboy error.

    4 3 Reply
    1. MrReal
      Reply Icon

      Re: And another way to take out a Win8 and 10 PC...

      People are thumbing this down, I agree, it's a terrible bug.

      Lets hope they fix it too, bugs that can take down a PC just by looking at files are serious.

      1 1 Reply
  18. John Brown (no body) Silver badge

    Free BSD popped up a message yesterday.

    "4 January: About the Meltdown and Spectre attacks: FreeBSD was made aware of the problems in late December 2017. We're working with CPU vendors and the published papers on these attacks to mitigate them on FreeBSD. Due to the fundamental nature of the attacks, no estimate is yet available for the publication date of patches."

    Looks like they'll be late to the party with any fixes since they weren't deemed important enough to be told about it months ago like the big boys.

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Free BSD popped up a message yesterday.

      I suppose that don't pay enough Intel/AMD/Arm tax to be considered important.

      0 1 Reply
  19. Anonymous Coward
    Anonymous Coward

    What a laugh...

    Microsucks has released the most insecure O/S, aka Spyware, aka Malware code on the planet under the guise of "Win 10" so I'd really count on them to mitigate execution of rogue code on Intel CPUs as much as I trust them to NOT release defective code and Spyware.

    0 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like