Internet Explorer fixes are included also.

Are you using MSE? It is supposed to be compatible with the Jan patches already.

If you are not offered the Rollup through Windows Update, your Anti-Virus vendor may not have tested that your AV program is compatible and put the RegAllow subkey in the Registry. You may be able to install the patch manually, but doing so may leave you open for a BSOD.

Woody is using a test machine. If you manually install the patch now on a production machine, you may find you are a Guinea Pig.
Use caution. And we are still under DEFCON 2.

Not that i’m about to install any patch (certainly not the monthly rollup) but I’m only being offered December’s monthly rollup despite checking and seeing I already have that registry key. Unless it’s because I’m in the uk and the update hasn’t been rolled out here yet, we’re usually a day behind. But if it is indeed checking for the registry key (which I have) surely I should be offered January’s update? In that case I’ll avoid installing security only until it’s offered through the traditional update channel.

-T

I noticed any help on the Microsoft website is written in Japanese, is this patch safe/necessary?

I just want to know 100% what it does

In her 2018.01.04 Patch Watch column for Windows Secrets, Susan Bradley offers this additional advice:

“While you are there patching your workstations, review whether you have any additional overdue firmware updates that need to be installed. This isn’t the first bug in the Intel chipset; in November, Intel posted about a series of chip bugs that the company has since fixed through firmware updates available via their advisory page. Please review whether you need firmware patches as well by downloading Intel’s testing tool.”

I  was in group B for quite a while, but I have had many personal health issues that made me switch to group A.
Late last night (1/4/2018) I forced a Windows update check (I have Win7-pro-32bit) and the cumulative update for January showed up. I didn’t install it as per the DEFCON level here.
My CPU is an AMD Athlon 64×2 Dual Core processor 6000+ 3.00 GHz

So, I can NOT take a hit on performance.  It is very slow now and I can’t afford to upgrade to a new computer.  Do I have ANY hope?

Thanks Woody and everyone else here who keep or try to keep us peons up to date!

EDIT html to text – contents may not appear as intended

I posted anonymously at 12:44am on January 5.  I only registered because I got tired of waiting for anything I posted to pass the “moderation” phase. (smile)

Thanks Woody et al, for the site and all the helpful comments!

Just when I think I am out, they PULL ME BACK IN! (sigh)

This is so annoying. Windows 8.1 is still in mainstream support but is neglected completely. The article Microsoft published on the issue:

https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

does not even mention 8.1. That’s why I encourage all the ones that are not too keen to embrace Windows 10 to move to 8.1. The more of us, the more support MS will be (hopefully) forced to provide to us. I’m afraid that with such low market share, when W7 support is ended in 2020, there will be no other option but Windows 10 for W8.1 will be completely dead (something like W10M now – you get monthly updates, but that’s just patching holes).

I haven’t received any of the updates on my Win7 or Win10 systems. The registry key is there and Avast is compatible. What could be wrong?

I’m searching Windows Update right now and there is no new patch for me :/ (Win 7)

I’m Group B and note that there is a Security Only Update for Jan 2018 (KB4056897) which also requires the registry key. This update is dated Jan 3.

Norton (Symantec) anti virus has automatically updated for me – the required registry key is present and eraser64.sys has been updated to version 117.3.0.358 (dated Jan 4).

As we are still at Defcon 2, how long to wait before installing?

Win7 Pro x64, Intel i7 860

GossiTheDog, aka Kevin Beaumont, is trying to keep track of compatible AV for the MS Meltdown/Spectre mitigation patches here.

I can confirm the alleged Sandboxie issue, what IS strange though is that I haven’t even patched my system and Sandboxie still stops working, it must be something to do with the Antivirus and not necessarily the patch. I had to uninstall Sandboxie temporarily.

Side-topic

it seems .NET 4.7.1 will be published through Windows Update, mostly on next tuesday
https://support.microsoft.com/en-us/help/4052152/how-to-temporarily-block-the-installation-of-net-framework-4-7-1

Is this rollup patch safe for Windows 7?  Notice appeared on my PC this morning.

Anyone that has installed it with or without system problems after please post.

Concerned as it came out so quickly and that it makes changes to Windows kernel.

Installed updates yesterday so I could start testing before rolling out to clients at a later time.

2 Win10 machines (older i5 models for kids and grand kids use) with no slowdowns or issues reported so far.

1 Win7 machine I7. On login this morning the mouse cursor was not visible. Never did that before. Right-click desktop and refresh restored it. No noticeable slowdowns or issues other than that.

1. AMD CPU and Windows 7 Pro x86. MSE, key in registry present. BSOD after install of kb4056894.

2. AMD CPU and Windows 7 Pro x64. 360 TSE, key in registry added manually. Normal boot after install of kb4056894.

I received the KB4056894 windows update today for my Windows 7 computer.  Tried to install, and after half way thru it failed, so the computer reverted back to original status before install attempt. 
I have Norton Internet Security.  They say my Registry Key has been updated. 
I think there may be something wrong with this Microsoft patch.  Will wait a few days before trying again to update. Or will wait to to see what Woody has to say about this patch.

“I’m installing it right now on my “Group A” test Win7 machine, using Windows Update.”

How is your test machine behaving?

Have there been any difficulties?

Installed KB4056894 from windows update had no problems.  Win 7 pro x64 and  using MSE. I checked the registry but I’m not sure if anything was changed with the mse anti virus.

AMD CPU with NVIDA video (Dell Optiplex 740) and Windows 7 Pro x86. MSE, key in registry present.

Boots to System Repair after install of kb4056894 on two diffrent systems.

I am not a techie, I am a simple users. My first PC was a 386 machine a friend built for me in 1988. I know less today than I did then about what makes things work. I also know I was many 100s of times safer when I first began online than I am today.

I have never done the Windows Monthly Security and Quality Roll-ups. I do not trust Microsoft enough for that. However, I do the monthly Security only roll-ups. I usually wait 7 – 10 days after they are released to determine if they do anything harmful. I do not use any of the mainstream browsers, I use Pale Moon which was secure from these two attacks already. Plus it is non-invasive and privacy respectful.

I also have not had an Intel cpu for the past 15+ years. AMD has been my preference staring with Windows XP. I have never visited an app store. I have used the same 5 browser extensions for many years (first on FireFox and now on P M). I changed Ad-blockers to use the one most compatible with my current browser. Flash player does not automatically run anywhere and I have the final ESR version when I must use it.

What I have learned is one stays safe in the digital age by moderating their own behavior moreso than anything else they might try in terms of hardware or software.

One important trick is not to use anything that makes you the actual product. AKA, “There ain’t no such thing as a free lunch.”

I now have KB4056894 offered but unchecked on my Windows 7 x64 home gaming desktop – an AMD machine with MSE running in the background, and MBAM ver. 2.x free installed for manual scans only. I don’t have my other home desktop (Intel Core i7 from 2011 with Office 2010 installed and otherwise similar specs) on at the moment but imagine that will also be offered the update. No action to be taken of course.

Hi Woody and Group:

I have a Dell Inspiron 1501 running a Windows 7 SP1 platform.

When I tried to apply the above Windows Automatic Update, it caused my computer to crash.  The system rebooted to the Windows Start screen and crashed.  Then it kept rebooting in a continuous loop.

I had to insert my installation CD and selected, “Repair My Computer” and then selected System Restore to the last previous restore point to get my computer back to a normal state of operation again.

Apparently, the above update is not compatible with my computer although it states the update is compatible with, “Windows 7 SP1.”  Or the entire update file is corrupt?

That’s my observations of the above update.  I e-mailed Woody,and he suggested I post this for everyone to see.

Thank you!

AMD Athlon 64 X2 4200+, MS Windows 7 Ultimate x64.

Installed KB4056894 and BSOD at reboot; recovered system at last restore point and all ok.

Re-installed KB4056894 and BSOD at reboot; recovered system at last restore point. Now I have hidden the update.

Fufu

I’m running Windows 7 Ultimate on a Gigabyte motherboard (LGA 2011) with a 3rd generation i7-4960X processor. I have updated my Symantic definitions, which I think has taken care of the registry update. Beyond that, I’ve not yet done anything to mitigate any vulnerability to either “Meltdown” or “Spectre”. I downloaded the Intel-SA-00086 detection tool which ostensibly determines a system’s vulnerability to this —-. I expected to be vulnerable, but to my surprise, it came up with “This system is not vulnerable.”

Does anyone know whether I can rely on that result?

Something odd has happened.

I’m Group B Win 7 x64 SP1 Intel core i3, current through December updates/patches and running up to date MS Security Essentials.

Until yesterday Windows Update was showing me the December Rollup. Then yesterday evening I was offered the January Rollup. Now, this evening the January Rollup isn’t showing, but the December Rollup is back. I haven’t installed or even attempted to install any of the December or January Rollups or the January Security Only patch.

I don’t understand why I would be offered the January Rollup only to have it “taken away” the next day. Has anybody else seen this or can explain this? I understand I need to wait before attempting an installs, but it seems like this is a step in the wrong direction.

Installed MS 2018-01 KB4056894 on my Win7 SP1 with Norton AV. At Restart got message “Your computer was unable to start”. After startup repair, got message “can not repair this computer automatically.  The Startup repair diagnosis and repair log said “Root cause found: A patch is preventing the system from starting”.  
Win7 SP1 with Dec 2017 update.  Norton AV.  Dell Optiplex 740.

KB4056891 has just auto-installed without any warning/information .. even though I have Windows Updates/ quality updates deferred for 23 days – Win 10 #1709

Ardvark here… Total novice at this… checked virus scan list & found my virus SW (Avast) was designated as fixed… So, I installed kb 4056897, which is the Security Update only (from MS Catalog) on my W7 64bit Asus PC… assume/hope it included update for IE 11… understand it only has a possible Meltdown fix (I never install the complete ‘Rollups’ like kb4056894 – don’t trust them) – assume I will need to contact Asus at some point for Firmware & BIOS update…no issues & no BSOD with PC so far – no issues with IE 11 either… wonder when we will see W7 update to handle Spectre? Can anyone confirm same process/results?

Ardvark her again…Thanks PKCano! One question…I have installed all of the individual Security Only Patches each month as they were released, in order. Since the IE 11 Patch is Cumulative, do I need to install each of those that are listed at AKB200003 individually also like the Security Patches, or just the latest one? Best regards & thank you for your patience & help!

Thanks PKCano… assumed that was the case but hate to assume things! Will download the latest IE update as directed…Best regards, and thank you again!

Have you updated Malwarebytes?  That needs to be updated as well, and they have already got their update out to be compatible with the Windows patch.