March security updates expand Meltdown-Spectre protection for Windows

Microsoft's Patch Tuesday updates for March include a variety of security updates for all supported Windows versions, as well as removing a compatibility check for antivirus software. A separate release significantly expands available microcode updates for affected Intel CPUs.
Written by Ed Bott, Senior Contributing Editor

Video: Microsoft fends off mining malware attack

The long, slow process of patching more than a billion PCs worldwide against the Meltdown and Spectre attacks continued today, with Microsoft's release of an assortment of software patches for multiple Windows versions as well as an expanded release of Intel microcode updates.

Today's Patch Tuesday release includes security updates that defend against the Meltdown vulnerability on PCs running x86 versions of Windows 7 and 8.1. With those updates, all currently supported Windows releases now include defense against this vulnerability.

Also: Windows RDP flaw: 'Install Microsoft's patch, turn on your firewall'

For devices running Windows 10, today's security updates also remove the antivirus compatibility check that had blocked earlier cumulative security updates. In a companion blog post, Microsoft noted that it will continue to block security updates on PCs running antivirus drivers that are known to have compatibility issues.

In a separate but related release, Microsoft announced it is significantly expanding the number of Intel-validated microcode updates it's making available through the Microsoft Catalog site. The new updates mitigate against Spectre Variant 2 (CVE 2017-5715) and apply to a broad set of Skylake, Kaby Lake, and Coffee Lake Intel processors.

Read also:Intel's new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode

The full list of firmware updates is available in "KB4090007: Intel microcode updates." As with the first round of updates released several weeks ago, these new updates must be downloaded separately and can be installed only on machines running Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core).

In addition to installing the microcode updates, full protection requires modifications to the Windows registry, as described in a pair of technical articles that cover Windows client software and Windows Server releases.

Microsoft says it plans to continue issuing software and microcode updates as they become available, which means that IT managers will need to continually monitor their vulnerability to these attacks for months or even years to come.

Previous and related coverage

Intel's Spectre fix for Broadwell and Haswell chips has finally landed

Chips that sparked Intel's recall of microcode for Spectre Variant 2 attack now have stable fixes.

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

Customers accuse the chip maker of charging premium prices for a faulty product.

Editorial standards