Microsoft Issues Warning for Meltdown Fix

Microsoft Issues Warning for Meltdown Fix

Microsoft has been forced to issue an emergency fix in order to address the newly discovered Meltdown vulnerability in Intel CPUs, but warned it may cause compatibility problems with some AV tools.

In a sign of the criticality of the bug, Redmond issued the Windows 10 update this week despite the monthly update round coming next Tuesday.

However, a day after the out-of-band fix was released, Microsoft warned that it was incompatible with a “small number” of AV products.

An advisory explained:

“The compatibility issue is caused when anti-virus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.”

Those users which are affected can fall back on Windows Defender for Windows 10 devices or Microsoft Security Essentials for Windows 7 devices, the firm claimed.

The advisory also details the registry key AV vendors need to set in order for their customers to receive the updates.

Fixes for earlier versions of Windows are expected on Tuesday, while the computing giant said it is also “in the process of deploying mitigations to cloud services”.

It’s just one of many vendors issuing fixes in response to the discovery of a serious flaw in Intel CPUs.

Meltdown (CVE-2017-5754) is said to allow normal applications to read the contents of private kernel memory, potentially exposing the most sensitive data running on your desktops, laptops and in the cloud.

Unlike the two Spectre flaws, which are harder to exploit but currently impossible to patch, Meltdown apparently represents a more imminent risk to corporate data.

Source: Information Security Magazine