There is another VERY IMPORTANT THING with Microsoft Meltdown patches like update KB4056892: –
Customers will not receive these security updates and will not be protected from security vulnerabilities unless their anti-virus software vendor sets the following registry key:
Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD" Data="0x00000000"
Verify whether this QualityCompat regkey is present using PowerShell:
PS C:\Users\jan> (Get-ItemProperty "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat")
You can create the Registry DWORD key yourself if it’s not present:
D:\Users\JanR>type v:\dev\qualitycompat.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat] "cadca5fe-87d3-4b96-b7fb-a231484277cc"=dword:00000000 D:\Users\JanR>reg import v:\dev\qualitycompat.reg The operation completed successfully.
Note: this registry key value is no longer required, since March 13th 2018.
You may find additional information regarding the Microsoft Windows security updates released here:
Microsoft has identified a compatibility issue with a small number of anti-virus software products.
The compatibility issue is caused when anti-virus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors caused by incompatible anti-virus applications, Microsoft is only offering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.
If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor.
Microsoft has been working closely with anti-virus software partners to ensure all customers receive the January Windows security updates as soon as possible.
Windows Server admins must enable the kernel-user space splitting feature once it is installed; it’s not on by default.
Install the emergency Windows patch
Microsoft has released a rare, out-of-band emergency patch for Windows 10 users. It should pop up and ask you to restart your machine so it can be installed, but if you have yet to receive such a notification, then head to Settings > Update & security see if there are updates waiting on the Windows Update page. If you are running Windows 10 version 1709 (Fall Creators Update), the patch you need is labeled Security Update for Windows (KB4056892).
For older versions of Windows 10, here are the patch numbers:CNet – How to protect your PC against the Intel chip flaw
Windows 10 version 1703 (Creators Update): KB4056891
Windows 10 version 1607 (Anniversary Update): KB4056890
Windows 10 version 1511 (November Update): KB4056888
Windows 10 version 1507 (Initial Release): KB4056893
Manual install route
If you have yet to receive the patch via Windows Update, you can manually install it by going to this Windows Update Catalog page. Odds are you are running a 64-bit version of Windows, so you’ll want to install the file for x64-based systems. For Fall Creators Update, for example, it’s the bottom-most option labeled “2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892).”
What are CVE-2017-5753 and CVE-2017-5715?
CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.
What is the CVE-2017-5754?
CVE-2017-5754 is the official reference to Meltdown. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.
See https://meltdownattack.com for more information.
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.
Install Windows Server Servicing Stack Updates (SSU) using PowerShell
Security baseline for Windows 10 v1903 and Windows Server v1903 – final release
Setting up Monit monitoring in Windows Subsystem for Linux WSL
How to verify SMBv1 is disabled in Windows and Windows Server