Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations PDF Print E-mail
Written by Wayne   
Monday, 29 January 2018 11:05
meltdownMicrosoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update —KB4078130— targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption." As a response, Microsoft decided to disable Spectre Variant 2 mitigations until Intel develops a more stable fix. In cases where these updates can't be rolled out to affected computers right away, Microsoft is also providing instructions on how to manually disable the Spectre Variant 2 mitigations via registry keys. Separate instructions are available for Windows desktop and server users. Microsoft is not the first company to roll back Spectre Variant 2 patches. After Intel's announcement, Dell advised customers to "revert back to a previous BIOS versions" that did not include Spectre patches. HP also took a similar step. After it previously made available BIOS updates containing Meltdown and Spectre (Variant 1 and Variant 2) patches, HP reissued BIOS updates this week that only contained Meltdown and Spectre Variant 1 patches, but not Variant 2. Red Hat Enterprises also decided to revert Spectre Variant 2 patches last weekend, even before Intel's formal announcement. Complete details can be found on OUR FORUM.