Microsoft Issues out-of-band Patch

Jan 4, 2018
2 min read

Reports from Tom Warren, writing for The Verge, revealed that the long known about CPU security bug has prompted Microsoft to release patches at 5pm on January 3 of this year.

This week, new details have "emerged on how severe and far reaching the vulnerability truly is" writes Russell Brandom. "ZDNet and the New York Times are reporting that two critical vulnerabilities — dubbed “Meltdown” and “Spectre” — affect nearly every device made in the past 20 years. The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. " I have located a website with more details on Meltdown and Spectre.

Although Intel chips have been the primary focus of reporting on the vulnerabilities, however, Intel said “many different vendors’ processors and operating systems... are susceptible to these exploits.” In a statement tweeted on January 3, 2018 from AMD, they have denied any of its processors are vulnerable, although Google researchers say they’ve demonstrated a successful attack on AMD’s FX and PRO CPUs".

Microsoft says the "update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won’t automatically be updated through Windows Update until next Tuesday." Windows 10 will be automatically updated January 3. Even with Microsoft's quick addressing of the issues, keep in mind that the fixes will also rely on firmware updates from Intel, AMD, or other vendors impacted.

Some anti-virus vendors will also need to update their software to work correctly with the new patches, as the changes are related to Kernel-level access. MWL Technology, LLC has partnered with TrendMicro and their product development team "conducts pre-release compatibility testing with Microsoft security releases." Howerver, due to the early emergency deployment of Microsoft's patch beginning on January 3, "Trend Micro's complete compatibility testing has not been finalized. However, Trend Micro has completed testing on the endpoint and server security products listed below: