Microsoft has pushed out a new set of Spectre (variant 2) security updates. For the moment, these are just for some devices running on Skylake CPUs and Windows 10 Fall Creators Update or Windows Server version 1709 (Server Core).
But, John Cable, Director of Program Management, Windows Servicing and Delivery, says that the company will continue to work with chipset and device makers as they offer more vulnerability mitigations.
The updates are available for download and manual installation from the Microsoft Update Catalog. It seems that, for now, this update will not be available via Windows Update.
“This update also includes Intel microcode updates that were already released for these Operating Systems at the time of Release To Manufacturing (RTM). We will offer additional microcode updates from Intel through this KB Article for these Operating Systems as they become available to Microsoft,” the company noted, and added that they are “not aware of any issues that affect this update currently.”
Fixing update implementation problems
As you might remember, users encountered problems with the implementation of the initial Microsoft Meltdown and Spectre patches in early January: those who had incompatible antivirus software had not been offered the security update.
In order to receive the update, the system must sport a specific registry key, and if it doesn’t, customers will not receive Meltdown, Spectre, or any future Microsoft security updates.
The key can be set up by compatible AV software or by users themselves (detailed information on how to do it is offered here). If you don’t use an anti-virus solution, you have to set up the registry key.
Cable says that Microsoft has also been working closely with their AV partners on compatibility with Windows updates and that the vast majority of Windows devices now have compatible AV software installed.
“The continued focus of our work with our AV partners and customers is to manage the risk of compatibility issues, especially those that result from AV software that makes unsupported calls into Windows kernel memory. Due to this potential risk, we require that AV software is up to date and compatible,” he noted.
“We will continue to require that an AV compatibility check is made before delivering the latest Windows security updates via Windows Update until we have a sufficient level of AV software compatibility. We recommend users check with their AV provider on the compatibility of their installed AV software products.”