Intel Meltdown bug – MS fix and your Anti-Virus may cause your system to crash!
Over the past few days Microsoft have released patches for the Intel Meltdown bug, we have already had 5 customers PC’s that have crashed during the update – all PC’s were running Kaspersky – Today the Kaspersky Endpoint software forced an update, hopefully one that will stop this from happening.
From The Register:
Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes.
The Redmond giant issued the out-of-band update late yesterday for Windows 10 version 1709.
While the documentation for the fix does not name Chipzilla’s CPU-level vulnerability specifically, a Microsoft spokesman told El Reg it will hopefully protect Windows users from Meltdown exploits, and more patches are in the works. Meltdown is a design flaw in Intel’s processors going back at least 2011 that allows normal user programs to read passwords, keys and other secrets from the operating system’s protected kernel memory area. To prevent this from happening, the kernel has to be moved into a separate virtual address space from user processes.
The software giant is also deploying updates to its Azure cloud service to protect customers from attack. AMD processors are not affected by Meltdown.
Before rushing to install the patch, however, users and admins should note one important issue: the fix may not yet be compatible with your antivirus software.
Microsoft noted that, unless a registry key is updated by the antivirus package, installing the security patch can result in a blue screen of death (BSoD). For that reason, Microsoft said it has set the update to only apply when the registry key has been changed. In other words, antivirus tools must set the key when they are confirmed to be compatible with the operating system update. The patch introduces a significant change to the design of Windows’ internal memory management, and this is probably tripping up anti-malware tools, which dig into and rely on low levels of the system.
Some AV vendors have already issued updates to change the key, and allow the fix to be applied without causing any cockups, while others have an update in the works to be released this week or early next week. The malware hunters expected the Windows patches to be released next week, and were caught out when Microsoft brought its patches forward after Meltdown exploit code emerged on the web.
Mobile PC Rescue advise you to wait a few days before installing the updates, and ensure you have the latest version of your AV software – This may involve downloading the latest version from their website, most AV solutions will only update the Virus definitions and NOT the actual core program, that is up to you to do!