Total Meltdown (not Meltdown!) exploit now available

Topic

New Reply

Remember Total Meltdown, the gaping 64-bit Win7/Server 2008R2 security hole introduced by Microsoft in all of these patches? KB 4056894 Win7/Server 20
[See the full post at: Total Meltdown (not Meltdown!) exploit now available]

19 users thanked author for this post.

MrBrian, MrToad28, Pepsiboy, Noel Carboni, jburk07, cesmart4125, Chessie, SteveTree, OldBiddy, ch100, SueW, laidbacktokyo, Frwin, columbia2011, Elly, FakeNinja, Mr. Natural, geekdom, Microfix

Reply | Quote

Replies

Thanks for the heads up Woody! Popcorn time..

From Ulf Frisk, the discoverer of the vulnerability, here is more info:  total-meltdown

Is my system vulnerable?
Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable. If your system isn’t patched since December 2017 or if it’s patched with the 2018-03 2018-03-29 patches or later it will be secure.

Updates Windows 2008R2 was vulnerable as well.

Other Windows versions – such as Windows 10 or 8.1 are completely secure with regards to this issue and have never been affected by it.

If debian is good enough for NASA...

10 users thanked author for this post.

AlphaCharlie, jelson, cesmart4125, Chessie, SueW, Fred, HiFlyer, laidbacktokyo, Elly, seamonkey420

Reply | Quote

Right.

The patches released on or after 2018-03-29 — the ones that fix the Total Meltdown bug — are these:

KB 4100480 The odd patch, with lots of problems, designed to fix Total Meltdown

KB 4093108 April Win7 Security-only patch

KB 4093118 April Win7 Monthly Rollup

as mentioned in my blog post.

BTW, the reason why Ulf modified his post (from 2018-03 to 2018-03-29) is that the original March patches didn’t fix the Meltdown bug — they installed it!

5 users thanked author for this post.

Charlie, Chessie, laidbacktokyo, Elly, Demeter

Reply | Quote

Just a note to say that I had the Jan. & Feb. Group B Security Only Updates installed and I left them installed.  I then went to the MS Update Catalog and got KB 4100480 which I installed before going on to the March Security Only Updates + Office 2010 WU updates.  I installed the March updates and have not had any problems at all (knock on wood).

I don’t have a network, and none of those other “4100480 problems” have appeared for me (an average, somewhat savvy, computer user).  For me at least, KB 4100480 did the trick.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

2 users thanked author for this post.

Cascadian, SueW

Reply | Quote

@woody
pls correct me if Im wrong…
SO for those who did not patch the list of KBs or has already rolled back
we stay put and do nothing??? is this right?
(obviously grp w has other risks)

back to fishing for better dreams

Reply | Quote

If you haven’t installed any of the patches listed at the beginning of the article, you’re fine. But then you’ve already implemented Susan’s approach….

1 user thanked author for this post.

Lori

Reply | Quote

Got it! Thanks boss 🙂
its getting very trick…. sad to say
though im in grp W I will still patch when absolutely and certifiably necessary 🙂
otherwise I just stay with KISS – aint broken dont fix (and accept the risk)
(but always keep updated good copy of backup everything and/or alternate OS computer)

what would the world of MS users w/o you, da Boss???
and susan and other experts 🙂
(hint: thanksgiving is always helpful to this site)

back to fishing for better dreams

1 user thanked author for this post.

Chessie

Reply | Quote

Am i right in thinking none of this applies to 32 bit W7?  As i did install Jan and Feb rollups, but not March (as i wasn’t offered that one).

Reply | Quote

That’s correct. It looks like Total Meltdown only applies to 64-bit systems.

Reply | Quote

I rolled back to Dec. and don’t have any of the KB’s you’ve listed at the beginning. I do have the newer version of KB4099950 installed 4/18/18 . Am I okay to assume that the April monthly (4093118) will bring me up to date and that since it’s cumulative, that KB4099950 should not cause a problem as long as it’s the latest version or would it be better to get rid of it and let the April update take care of it after we go to Defcon 3  ?

Reply | Quote

If I were you, I wouldn’t touch anything.

8 users thanked author for this post.

columbia2011, walker, HiFlyer, laidbacktokyo, The Surfing Pensioner, Elly, Heavenly, bobcat5536

Reply | Quote

I thought KB4100480 closed this hole if you had installed any updates starting in January???

If not, and April KB is an answer, and have not installed March KB4088875, do we need the new KB4099950 and last month’s KB4099467 installed?  (first?)

Reply | Quote

KB 4100480 does plug the hole. But it also has lots of problems.

1 user thanked author for this post.

Elly

Reply | Quote

It does although many of the issues that plagued the march updates don’t appear to affect this after reading mrbrian’s analysis since it doesn’t contain many of the same files.

1 user thanked author for this post.

MrBrian

Reply | Quote

Agreed :).

1 user thanked author for this post.

SueW

Reply | Quote

So this would be option 4 while awaiting the OK to install April KB4093118 which my understanding includes KB4100480, KB4099467, and KB4099950 (assume the new one – do you have to uninstall the old one?)

Reply | Quote

And for the poor folks using Windows server 2008 (non R2) for appliance-like devices, be prepared for the continued disappearing NIC act.

Reply | Quote

I hadn’t signed in above…

The manual vbs should fix the disappearing NIC issue in 2008 SP2.

KB 4089229

3 users thanked author for this post.

HiFlyer, Elly, woody

Reply | Quote

i’m groub b and as i’m still on february state (no buggy march updates installed) i’ll now have to rollback to december. in order to do so, is it enough to uninstall kb4056897, kb4073578 (january) and kb4074587 (february) windows security only patches?, what else do I have to uninstall in order to rollback? ie updates? are there any dependencies? and how often do i have to reboot during uninstalling this mess? after uninstalling every single patch, or is it enough to reboot once after all three january/february windows security only patches were uninstalled?

i hate this mess…

Reply | Quote

You just have to remove the Windows 2018 security-only updates.

Reply | Quote

and how do i reboot? after every uninstall or once?
and in which order? starting from february back to december?

in other words:
option a:
uninstall kb4074587 (february)
first reboot
uninstall kb4073578 (january)
second reboot
uninstall kb4056897 (january)
third reboot

or option b:
uninstall kb4074587 (february)
uninstall kb4073578 (january)
uninstall kb4056897 (january)
only one reboot after uninstalling all three patches?

and which ones were office 2010 patches for march?
so that i can install at least office patchus up to march?

Reply | Quote

Uninstall the security-only patches in the reverse order you installed them.
It is not necessary to reboot in between. But it won’t hurt anything if you do.

2 users thanked author for this post.

Bill C., woody

Reply | Quote

first of all i will greatly reduce browser activities on windows 7 machine, only visiting known sites like this one.
because still can’t decide whether to rollback to december patch state or installing updates following this:
1. kb4099950
2. kb4088878
2.a. kb4099467
reboot
3. kb4100480
4. kb4096040
reboot
office 2010, msrt, …
reboot

Reply | Quote

i just did rollback to december, uninstalled these three updates in this order:
kb4074587 (february), kb4073578 (january), kb4056897 (january)
but after reboot all of them still show up in update history.
of course, not available in “installed updates” section anymore.

remaining windows updates are:
kb4056568, kb4054998 (january) and kb4074736, kb4088835 (february), some of them ie, i assume;
office 2010 updates from january and february, 2018-01 security-/quality rollup for .net (january only),
and of course msrt from january and february. that’s it, i think.

so no i should be “safe” regarding total meltdown, i assume?

there are no march updates installed at all, even no updates for office 2010 or msrt…

Reply | Quote

Thanks to Woody and Susan.  Question:

Whenever I install any MS update to my Win 7 Pro 64-bit machine, before I reboot, I see that Trusted Installer runs 25% of the CPU for a really long time – anywhere between five and twenty minutes.  Since I don’t know what it’s doing, I usually wait for it to stop and THEN reboot.

What is it doing anyway?

Reply | Quote

TrustedInstaller is the process that installs the updates.

2 users thanked author for this post.

woody, Elly

Reply | Quote

TrustedInstaller.exe and TiWorker.exe if you have seen that program listed, have always been resource hogs. They sometimes have to process quite a large amount of data.

Reply | Quote

A side note: Today I took an ancient Win7 machine off the shelf to prepare it for its new task. Last updates were from 11-30-2017. WU was not functional so I needed to reset it.

When it started up, it showed… 12-2017 Cumulative Update at the top.

Just like they (MS) followed Susan recommendation 😉

2 users thanked author for this post.

RetiredGeek, Alice

Reply | Quote

“Welcome to the cesspool that has become Windows 7.”

Some of us consider Win 10 to be no better… 🙂

12 users thanked author for this post.

lurks about, mindwarp, wdburt1, Bill C., laidbacktokyo, Elly, Cybertooth, seamonkey420, Rick Corbett, HiFlyer, Seff, Microfix

Reply | Quote

woody wrote:

KB 4100480 does plug the hole. But it also has lots of problems.

I have win7 SP1  and use A roll ups

I have installed KB4054998 on 6th february

KB4074598 on 6th March

KB100480  on 4th April

I have KB 4093118 waiting to be installed or not

I have incurred no problems whatsoever – so far have installed them as and when you have told us to do so – do I have to remove anything?

 

 

2 users thanked author for this post.

patchadams, OldBiddy

Reply | Quote

No need to uninstall anything. Stay right where you are.

4 users thanked author for this post.

OldBiddy, HiFlyer, Elly, Heavenly

Reply | Quote

I think I did something similar to what Heavenly posted. I’m in Group A and installed January, February, and March updates and then kb4100480. No previews though. After that I installed kb4099950. Should I stay put as well?

Reply | Quote

If you installed KB 4099950 ON or AFTER April 17th, stay put.
There was a revision on Apr 17.
So if you installed before April 17th, you need to uninstall the patch, reboot, then download and reinstall it.

2 users thanked author for this post.

Chessie, OldBiddy

Reply | Quote

Thanks PKCano. It looks like I installed in on April 12, so I’ll uninstall it, reboot, and download and install the revised version. Hopefully it works ok.

Reply | Quote

So, I uninstalled, rebooted and reinstalled kb4099950, the April 17 msu file only and not the PCIClearStaleCache.exe which I recall Abbodi86 saying would run through the msu anyway. Although it seems to me he also mentioned there was so change in the revised kb4099950 file. So confusing! So I guess I just wait til we’re given the go ahead to install the April updates? Hope all this works ok…
Thanks again to everyone here for being so patient and helpful!

1 user thanked author for this post.

Chessie

Reply | Quote

@pkcano, Woody in his reply to “anonymous” here said that KB4100480 plugs the Total Meltdown hole, which seems to suggest that the new KB4099950 isn’t needed at all if you installed 4100480. Your answer, just above, to OldBiddy who had installed 4100480 is that one should (re)install 4099950 to make sure its 4/17 version is in place.

Who’s right — you, or Woody?  🙂

Note: there’s an excellent chance that I have missed some detail or nuance that erases any apparent contradiction. Just trying to keep a handle on this dismal, ongoing mess.

Thanks!

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

OldBiddy

Reply | Quote

KB 4100480 is the patch to fix Total Meltdown

KB 4099950 fixes the static IP/disappearing NIC problem
She mentioned she installed that update too, so I included the information about it as well.

4 users thanked author for this post.

Lori, woody, Cybertooth, OldBiddy

Reply | Quote

I don’t actually know why I installed KB4099950 (because it was there? ?) I really need to pay closer attention to the posts, but it’s impossible to keep track of everything! I think I’m jumping the gun too much so for now I’m going to sit tight and wait for DEFCON status to change.

Reply | Quote

Told ya! Grab a copy of Windows 8, while they’re still available :).

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

2 users thanked author for this post.

Elly, Microfix

Reply | Quote

woody wrote:

KB 4100480 does plug the hole. But it also has lots of problems.

Well, that probably depends on your pc’s current state (of updates).
I’m in Group B and was updated to February security only KB 4074587 when I installed 4100480 on April 1st. Never had a problem.
(I did NOT uninstall dec/jan/feb before doing that.)

I then followed PKCano’s advice on April 17 (see #185318):  install 4099950 > reboot > 4088878 > 4093108 > reboot > everything’s Hunky Dory.

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

2 users thanked author for this post.

Chessie, OscarCP

Reply | Quote

P.S. I’m on a 64-bit machine. Thank for clarifying that to others @twbartender.

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

1 user thanked author for this post.

twbartender

Reply | Quote

I went with Woody’s option #2 and #3 last week where all of the April updates are approved in WSUS and being pushed. So far I haven’t had any show stopping results. In another thread I mentioned updating server 2008r2 system on vmware that hadn’t been turned on since October 2017. I installed all the updates with no problems. CH100 pointed out that it appears the disappearing NIC only affects systems using vmxnet for their NIC. We are using E1000 and no changes to the NIC were observed.

Red Ruffnsore

1 user thanked author for this post.

ch100

Reply | Quote

Apologies to abbodi86 who I failed to acknowledge. There’s a lot of detail and documentation here from abbodi86 who did yeoman work on this.

Red Ruffnsore

2 users thanked author for this post.

ch100, woody

Reply | Quote

Windows 7 SP1, 64-bit, AMD A4 CPU, Group B here … I uninstalled all 2018 security only patches last month, so I’m currently patched through December 2017 only. I’m not touching another patch until there’s clear evidence that this mess has finally been cleaned up. In the meantime, I think I can rely on safe browsing practices and full time monitoring from Avast and Malwarebytes Pro and regular system image backups to keep me safe as usual. Otherwise, one of the Linux distributions I’m currently exploring will replace Windows on all 5 of my devices (including Win 8.1 and 10) sooner than I planned.

3 users thanked author for this post.

HiFlyer, GoneToPlaid, johnf

Reply | Quote

For those who choose Woody’s alternative solution to the Total Meltdown (not Meltdown!) exploit now available problem by installing KB4100480 should be aware that, KB4100480 is not intended for those who are running Windows 7 32-bit operating systems. As stated by @MrBrian in the following post: https://www.askwoody.com/forums/topic/sorting-through-the-patch-thursday-and-friday-offerings/#post-179744

When KB4100480 was initially issued just prior to the March updates, there was much discussion as to whether or not it should be installed verses rolling back your machine prior to January 2018. I chose the advice option to go ahead and install KB4100480 on my Windows7 x64 machine. Which I did without incident on 4/2. That was followed by installing KB4099950 and then the March Security Only Updates along with KB4099467, on 4/8, also without incident.

3 users thanked author for this post.

MrBrian, TJ, woody

Reply | Quote

Thanks for the prompt update Woody.

I’ve now installed KB4100480 and KB4093118 on my main Windows 7 x64 home desktop, all went seemingly smoothly after a longer than usual download – doubtless everyone is hitting the patch servers today! This is the machine that I have on most of the day, and if all goes well over today and tomorrow I’ll switch my admin machine on and run the updates on that as well. That will just leave the MSRT on both machines and the Office 2010 updates on the admin machine which I’ll get round to later.

Thanks as always to Woody and the team for their support on these things.

1 user thanked author for this post.

HiFlyer

Reply | Quote

I’m in Group B running Windows 7 64-bit on a home PC. As reported in another thread, I installed the March 2018 updates – namely KB4099950 > KB4088878 > KB4099467 > KB4100480 > KB4096040 – and have experienced no problems. So, like some others have reported in this thread, I am adopting the fourth option of doing nothing.

2 users thanked author for this post.

OscarCP, HiFlyer

Reply | Quote

I also didn’t roll back and I only have 2 from the list that were installed, Kb 4056894, Kb 4074598.  Others were never offered or they are in the hidden and are unchecked. I did install the Kb 100480 on April 7 and Kb 4099950 on April 18 (catalog).  Am I safe or not?

And I thought last week confused me.

 

Windows 11 Pro
Version 23H2
OS build 22631.4890

1 user thanked author for this post.

OscarCP

Reply | Quote

If you have KB 4100480 — and your machine is still working reasonably well — you’re safe from the Total Meltdown attack vector.

5 users thanked author for this post.

Demeter, SueW, OscarCP, HiFlyer, fernlady

Reply | Quote

Patched up to the Jan./Feb. Security Rollups, KB4056894 and KB4074598. Installed KB4100408 30/03 and the pre-April 17 version of KB4099950. Methinks I’ll just stay put for now and not uninstall back to Dec. 17 or uninstall re-install KB4099950 as I haven’t had any issues. Any advice as to doing something other than sitting tight? Thanks “Team Woody” for all of information. Win 7 Pro x64 i7 Haswell Core, Grp. A

1 user thanked author for this post.

OscarCP

Reply | Quote

Now there’s no doubt that Total Meltdown will get attacked (and there will be exploits in the wild) before Meltdown does.

Thanks, Microshaft! o.O

Reply | Quote

Hello – an “install all security updates asap” girl out of her depth about which advice might be best to follow here…

I have Win7 64-bit and have installed some of the patches listed at the top of the post. Pllleeeeasse forgive the cluelessness of a noob, but when Susan suggests “rolling back” to a pre-January state, is it as *simple* as uninstalling any of the offending patches that might be present?

Thanks – and apologies – in advance!

1 user thanked author for this post.

AlphaCharlie

Reply | Quote

Rolling back means to uninstall any of those patches listed in the reverse order you installed them. It will involve any Monthly Rollups, security-only, or Preview updates for Jan, Feb or Mar.

1 user thanked author for this post.

HiFlyer

Reply | Quote

OK, I understand that Total Meltdown applies only to 64 bit Win7. I’m running 32 bit Win7 and am holding off installing any post Dec 2017 patches because I’m confused. Should 32 bit users still be holding off? If not, what patches should we install? I’m on the “security only” side and generally follow Belarc Advisor – at least up to end Dec! Thanks for any advice!

Reply | Quote

Hold where you are. Total Meltdown doesn’t apply to 32-bit.

4 users thanked author for this post.

columbia2011, woody, The Surfing Pensioner, SusanA

Reply | Quote

Hi, I’m W7 64, group A, and hadn’t installed any patch since February.

With WU, I’ve just had 4100480 and 4093118. I’ve applied both (plus some Office patches and MSRT), and haven’t had, yet, any problem.

Thanks again to Woody.

Reply | Quote

You should be good for now

1 user thanked author for this post.

Frwin

Reply | Quote

Why am I not hearing outrage from the Enterprise Windows 7/64 crowd?

We as consumers have no sway with Microsoft but the enterprise guys do. I know that they can not walk away from Windows, but they can punish Microsoft by refusing to buy their cloud services. Well that is not happening. They are lining up like lemmings.

“Let them eat cake” – A saying that shows insensitivity to or incomprehension of the realities of life for everyone under authoritarian rule. Chow down enterprise, you cowards.

4 users thanked author for this post.

Bill C., David F, HiFlyer, woody

Reply | Quote

I imagine Susan will chime in here shortly…

Reply | Quote

My current employer has practically upgraded everyone from 7 to 10 (>2200 machines), and the few 7 machines still out there (<70) are behind SCCM and WSUS anyway so we can push out the patches we want when we want them.

My former employer has the whole domain of workstations on 7 Pro (roughly 125) and does not have any central patch management, and…well I’m glad I no longer work there. <:p

I would think most 7 customers (at least the Enterprise level that you specifically bring up) are either upgraded to 10 already, or are behind a SUS server, so MS borking patches left and right isn’t that big of a deal.

1 user thanked author for this post.

ch100

Reply | Quote

As IT in a medium business, we’re looking into moving away from Microsoft, at least on the desktop.

1 user thanked author for this post.

woody

Reply | Quote

This is a riot. I looked at the proof of concept code posted on GitHub by XPN. No malware techniques whatsoever were required, except simply replacing tokens for EPROCESS with SYSTEM. Yet this is done after the code has already located all computer memory to read in less than a second. The code doesn’t go through the process of actually reading the memory since XPN was merely showing everyone how quickly the code was able to gain access to all computer memory, and then to change the access rights to all computer memory.

Users should watch the YouTube video which was posted by XPN. It took the exploit code less than a second to have access to all 31 GB of RAM assigned to the virtual machine. I am not sure if all of this RAM was assigned to the virtual machine, or if some of this RAM is outside of the virtual machine.

Pay attention to the beginning and end of the video. At the beginning of the video, XPN types “whoami” (without quotes) into the command prompt window, resulting in user

vbox-win7\xpn

being shown. XPN is about to run his code in a VirtualBox virtual machine which has Windows 7 installed.

After the incredibly simple exploit code was run, user XPN again types “whoami” (without quotes) into the command prompt window, resulting in user

nt authority\system

being shown. This shows that XPN’s code changed the access rights to all of the memory page tables.

Here is the link for XPN’s YouTube video:

Total Meltdown (CVE-2018-1038) Exploit

 

7 users thanked author for this post.

Bill C., SueW, planet, geekdom, HiFlyer, columbia2011, woody

Reply | Quote

So, is this POC exploit local only, not remotely?

Group L (Linux Mint 19)
Dual Boot with Win 7
Former
Group B Win 7 64 bit

Reply | Quote

It probably could easily be done remotely since there are no timing issues involved. Perhaps you will recall that Meltdown could be exploited via Javascript code in a web browser which used rather precise timing within the code to exploit Meltdown. Mozilla and Google quickly updated their web browsers in two key ways:

— They reduced the accuracy of precision timing within their web browsers.

— They also disabled Javascript pooling.

 

Reply | Quote

@GoneToPlaid the JavaScript exploits were for Spectre, not Meltdown.  For “Total Meltdown,” I think JavaScript exploits will be hard to do on sandboxed browsers.  For others (eg Firefox) it might be a lot easier.  I’ve no proof of this, just what I think based on my current understanding.

Remote exploits will probably be focused around payloads delivered by phishing and malware.

Reply | Quote

No, the Javascript exploits were for Meltdown.

Reply | Quote

I’m going off of what I read on Askwoody, eg:
https://www.askwoody.com/2018/meltdown-and-spectre-from-a-windows-users-point-of-view/

Likewise from Spectre’s Wikipedia page:
https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)#Remote_exploitation

Reply | Quote

Heavenly wrote:

woody wrote:

KB 4100480 does plug the hole. But it also has lots of problems.

I have win7 SP1 and use A roll ups I have installed KB4054998 on 6th february KB4074598 on 6th March KB100480 on 4th April I have KB 4093118 waiting to be installed or not I have incurred no problems whatsoever – so far have installed them as and when you have told us to do so – do I have to remove anything?

I Did NOT do March at all BUT did ALL of April INCL’ing 4093118, a designated FIX for Meltdown. Ironically, my machine seems Faster than ever.

Had to return my 1st W10 laptop (1st forced Update was without error) BUT many senior friends who can barely spell Kumputer are Not having any issues with OEM Win 10’s (not W7-8  Upgrades). Here I need therapy after checking in.  Good Luck to all!!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

Reply | Quote

All — Does anyone have any guidance re obtaining the other thing M$ suggests: Getting Intel microcode updates. Mine is Win7 x64, SP1, Intel family 6, a type of Haswell processor. A review of some M$ support articles this morn. as to “microcode processor update”: M$ seems to have -0-, so far for my PC’s specs, Win 7 Haswell; Intel’s Microprocessor Guidance indicates keep using version 0x22; cannot tell what version I’ve got; and Intel refers users to the dealer, which, for me, dealer says support period expired for my 3-year old PC.

Reply | Quote

@anonymous

here is a good place to check cpu microcode updates yet available:

https://github.com/platomav/CPUMicrocodes

usually it’s not too much difficult to integrate/replace microcode into/in bios file although it depends on bios maker and appropriate utility – for instance AMI is an easy one, PHOENIX one isn’t so easy…

and here is official m$ cpu updating info page concerning Spectre/Meltdown (NOT Total Meltdawn):

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

pls check all info with highest care by yourself before apply anything.

rgds,

1 user thanked author for this post.

SueW

Reply | Quote

So I assume if I have NONE of the listed updates listed in the first post installed that means that I and my PC are covered and DON’T have to do anything???

Reply | Quote

Woddy, what known problems are there with April 2018 (KB4093118) patch?  I know of the SMB leak and constant prompt to reinstall if you had installed the March Preview, but are there others?

The prompts aren’t an issue since I don’t install previews on live systems, SMB leak isn’t an issue with clients.  Are there any other flaws I haven’t heard of?  I’ve stayed on January patches as I was hoping for the [mess] to be mopped up by April.  I’d like to keep the Meltdown patches for compliance reasons.

Reply | Quote

That’s exactly the question I’m researching right now.

2 users thanked author for this post.

jburk07, geekdom

Reply | Quote

anonymous wrote:

Woody, what known problems are there with April 2018 (KB4093118) patch?

Woody et.al. – Do we know if installing the April Rollup KB4093118 (Group A Win.7 64) will protect from the BSOD Session_has_valid_pool_on_Exit?  Or do we have to install the fix KB4099467 separately?

Thanks everyone — you are our lifeline!

Reply | Quote

Just tested on a VM, installed April 2018 roll-up from Jan 2018.  Downloaded KB4099467 from the Catalog and installed.  Installer doesn’t state that KB4099467 is already installed.

At the very least, April doesn’t supercede this update.  Reviewing the release notes; April doesn’t state it addresses the “Stop error 0xAB” issue.  It looks like you’ll need to install KB4099467 if you’re running into this issue.  The Preview for May doesn’t list it either, so I do not believe it’ll be in May’s monthly rollup.

1 user thanked author for this post.

Reply | Quote

Getting ready to rollback the 2018 patches on a Windows 7/64 bit/Group A machine.

Should the 2018 .NET and Office patches also be uninstalled?

I assume that uninstalling the 2018 rollups will also remove the 2018 IE11 patches. Should I download the latest Cumulative Update for IE11 from the catalog and install it after the 2018 rollups have been uninstalled?

Reply | Quote

pls leave all your ms .net & office patches installed as it is.

as for ie11 so you can remove all 2018 massive patches and then install this latest yet ie11 security fix available to be downloaded as standalone here:

http://catalog.update.microsoft.com/v7/site/search.aspx?q=KB4092946

rgds,

Reply | Quote

2018-03 Security Update KB4089229

We have some 2008 servers. After applying 2018-03 Security Update KB4089229 and reboot the physical NIC on this HP physical server looses it’s static IP settings. This stops services like DHCP, etc.. until the static info is put back in place.

Reply | Quote

The fix for that is KB4099950, but it needs to be installed before the Security Update.

1 user thanked author for this post.

walker

Reply | Quote

PKCano:  Do we assume that it is okay to install some of these updates, even though we’re still at MSDefcon 2?  It really gets confusing to the “computer illiterates” such as I am.   I appreciate your patience and courtesy.  Thank you, always!    🙂

Reply | Quote

Installed only security only patch in the months of January and February (2018) on a Windows 7 32 bit system. This brought me a series of problems in the PC: No boot. BSod, hang up system, … etc.

After reviewing a lot of information on the subject (Total Meltdown problem), when analyzing my processor AMD Athlon 64 X2 Dual-Core PC I realized that this was 64 bit (and was compatible with 32 Bit).
I removed the January and February patches (implemented Susan’s approach) and my problems were finished (Last update December 2017).
I give this information in case someone is operating with this processor on their PC.

My apologies for writing in Spanish since my written English is very bad. I appreciate all the information that you give, I am a faithful follower of several years.

Nelson Zárate
Chile

Moderator’s Note: Translation per Google

1 user thanked author for this post.

SueW

Reply | Quote

radosuaf wrote:

Told ya! Grab a copy of Windows 8, while they’re still available :).

Actually, I did try to locate a licensed copy of 8.1. No success from any recognizably legitimate source. I then came to my senses when a vivid flashback of re-fighting the privacy/telemetry battles and a massive updating session all over again, made me think again.

I was patched Win7Pro-64_SP1 Group B style, and was up date with the exceptiion of the April 2018 Security only patch KB4093108. Today I installed that one. All appears well. My most recent patching issues have been related to the inaccessible profiles and the MSE engine updates. That “appears” to have been fixed by removing MSE.

Now I am looking at the alternative WU Group L train schedule and Group W option (really NOT my cup of tea).

2 users thanked author for this post.

johnf, OscarCP

Reply | Quote

It’s a good possibility this has been mentioned before but I haven’t had the time to read over all the great information here.

Anyone know if Hyper-V systems are affected? I actually have some legacy systems running Server 2003 in Hyper-V on 2008r2 systems. I haven’t messed with any of those yet, so be advised.

Red Ruffnsore

Reply | Quote

I have one of these Hyper-v systems that are no longer in production. I’m going to run all the updates on the vm and physical side running 2008r2. We’ll see how it goes….

Red Ruffnsore

Reply | Quote

Alrighty then. Finished updating and everything is clear as mud. So what I was working with here was a Dell PE T320 running server 2008r2 which is running server 2003 in hyper-v. The system is running multiple xeon 1403 e5 i7 cpu’s. I later determined the microcode ID is 206D7 which is identified a Sandy Bridge server cpu on the Intel microcode status pdf document. Intel reports this cpu still as “Production” and this cpu is still supported and microcode is available through Microsoft.

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

I thought KB4093118 was the one doing this. This system did not have the anti virus registry edit to allow future downloads as I thought that was no longer required.

This system has been offline for over 6 months and windows update pulls updates from Microsoft and not a WSUS system. I shut down hyper-v and then started running windows update from server 2008r2. As with a lot of systems that haven’t been on in a while I had to keep running windows update multiple times to insure everything was installed and up to date. The first time it ran the only OS updates that were offered were kb4054518 dated 12/17 and kb4093118 dated 04/23 (newest update). 4054518 failed to install but 4093118 installed on the first go. No issues noted. Bottom line is this was the only OS update released in the past 6 months that got installed.

I decided to run Steve Gibson’s Inspectre utility and after everything was up to date Inspectre reported the system was still vulnerable to both Spectre and Meltdown. That nifty utility reported the Microcode ID of 206D7 and I was told there was a microcode update available. I went to the Dell site and there was a bios update available for the system dated February 2018 which claimed to fix the spectre issue. I updated the bios. I ran Inspectre again and the system is still reported as vulnerable to both spectre and meltdown.

So hyper-v was fine after installing kb4093118 but basically spent a lot of time and still have the issue.

On a side note my work pc is running 1709 16299.371 and is up to date and pulls updates from WSUS. I ran Inspectre on my pc and it reported protected from Meltdown but still vulnerable to Inspectre. There was a bios update and after installing that it said my system was fully protected.

So maybe I’m missing something but it doesn’t look like the microcode fixes from Microsoft are fixing the issue…at least on some systems.

Red Ruffnsore

1 user thanked author for this post.

columbia2011

Reply | Quote

OK we are good thanks goes to columbia2011 for mentioning that I still needed to install the manual download of KB4056897. I quick review of that article indicated I still needed to have the AV registry edit set before I could apply that update. (Since it was released in January)

I was hoping to avoid that, but after installing that I ran windows update again and was presented with KB4100480. After installing that, Steve Gibson’s Inspectre reports that this system is protected from Spectre, Meltdown, and I assume Total Meltdown.

A quick summary. I updated a server 2008r2 system running server 2003 in hyper-v. This system had not been turned on since October 2017. The system is patched and protected and no ill effects to Hyper-v or anything else that I can see at this time. So if you are updating a server 2008r2 system that has not been updated prior to January 2018. You will still need to enable the AV registry edit and manually install KB4056897. Run Windows Update again to complete updating the system and should be good to go. (provided the cpu is supported.)

Red Ruffnsore

Reply | Quote

My two cents, as they might help, perhaps, those overanxious after reading here some of the previous comments:

So far, being Group B, Win7 Pro SP1 x64, Intel I-7, I have installed neither rollups nor previews, ever.

So far this year, I have installed all patches declared as fit for the Group B to install, except for those of April. Among those installed: KB100480, weeks ago. No problems, again, so far.

At this point, I have seen no problems mentioned with the April updates to Office 2010 or the Security Only cumulative patch for E11. It looks, for what I have seen, that the Security Only has been mentioned in relation to it causing serious problems to relatively few people. It looks like that might have to do with what else one has installed in the PC.

So, and if nothing disturbing surfaces before, in coming weeks I’ll probably install the Office and IE11 patches, and hold off on Security Only for a while longer.

As to those wondering and soul-searching about installing KB100480 to defend from Total Meltdown’s now very real threat, then, after backing up your personal stuff to an external hard disk:

(1) Create a restore point. (*)

(2) Install KB 4100480.

(3) If something very bad happens then (don’t expect that, but I’d mention it here, just in case):

(3a) Restart the PC (or, failing that, crash it by pushing long enough on the power button — not recommended, but…)

(3b) When it restarts, be it directly after crashing the system, as above, or else in the more civilized way, by pressing on the appropriate key as the splash screen of the OEM shows before Windows’ logo comes up, a menu of options on rather crude white lettering on a black background will come up, with several options.

(3c) Choose “open in safe mode”. Then you’ll get a window where you can log in in the usual way, and a very basic desktop will open.

(3d) In there, click on “Start” and that will give you the usual access to the Control Panel.

(3e) In there go to “System Security” and choose “restore the machine to a previous state” by going back to the one it was just before the restore point created previous to installing the troublesome update. It will take a few minutes, then you’ll get a “success” message.

(3f) Restart the PC from the option in the Start button, as usual. Afterwards, with any luck, all shall be as it was before the fateful install.

Note: only the System files, including updates, are changed by this procedure; your own files won’t be affected in any way. Still, backing up is always a good idea…

(3g) Then, wait until the “all clear” from Woody… and stop worrying about this! If you need something worth worrying about, then read the newspapers, on paper or online. Satisfaction guaranteed!

(*) Look for information on the more technical aspects mentioned here on the Internet. Plenty in there to guide you in your forthcoming tech adventure! Good luck!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I check in here everyday to see the DEFCON level and then patch accordingly my  Win 7 64 bit desktop, my two 8.1 laptops and my parent’s old Win 7 laptop & desktop (they also have a Win 10 laptop they hate that I don’t touch)

I am in group B and my folks want to keep their Win 7 machines also group B. I waited until the go ahead was given at the appropriate times (as I always do) and installed the Jan & Feb security only updates. I should also add that my Win 7 desktop has an older AMD processor.

As advised here on askwoody earlier this month I installed on April 7 (when we were at DEFCON 3) these 4 updates in the following order: KB4099950, KB4096040 (IE11 March Security) KB4088878(March Security only) and finally KB 4100480.

So far all of our machines have been have been running fine and I see we are still at DEFCON 2.  Have I missed a critical patch or are we ok until DEFCON 3?

Thanks

1 user thanked author for this post.

OscarCP

Reply | Quote

The MS-Defcon 3 was for March 2018, MS-Defcon 2 (as of now) is for April 2018 patches.

You seem to be ok!

If debian is good enough for NASA...

Reply | Quote

just to be sure I will ask, 32bit win7 doesnt suffer from this hole right?

Reply | Quote

Hi
woody__Da Boss said,
>’That’s correct. It looks like Total Meltdown only applies to 64-bit systems.’

People with x86 are fortunate this time, but should we be on a clean slate as well regarding 2018 security patches for some new developments or uniformity?
I am of the B set, Win7 32, and have Jan-Feb-Mar security only with
KB4099950+KB4099467, IE KB4092946, and all of MSRTs.
Thanks.

1 user thanked author for this post.

TheSuffering

Reply | Quote

Thanks for the reply. I’m group A and I wanna know how to roll back on the roll up on my 64 machine, can anyone here indicate me on how to do this?

Reply | Quote

Rolling back means to uninstall the Rollups in reverse order that they were installed. In other words, if you have installed Jan, Feb and Mar Rollups, you uninstall Mar first, then Feb, then Jan. Not all may be present. But in the end, you should be offered Dec 2017 Rollup KB4054518 and that should be the last one you install.

Reply | Quote

My 64 machine is still on the February updates and I am offered the april roll up and a march security update. So all I have to do is search for the February and January updates and uninstall them right?

Reply | Quote

That is correct. But first, you have to hide the Apr and Mar Rollups so you won’t be offered them again. After you uninstall Feb, reboot, search for updates and hide Feb. If Jan is installed, uninstall it, reboot, then hid it. Then search for updates. If Dec 2017 Rollup does not show installed, install Dec 2017 Rollup KB4054518 and any other old updates (except the telemetry updates) that you want to install (the latter were superseded by the 2018 updates and you may need them).

3 users thanked author for this post.

jburk07, TheSuffering, MrToad28

Reply | Quote

Thanks for the easy to follow explanation, I will roll back on the weekend have the time to mess around with the updates. How exactly does this infection spread?

Reply | Quote

After reading this post I checked my system and the only patch on the list
installed was KB4074598.I decided to leave it and check out KB4093118 and it
installed in one try and so far I haven’t had any problems.

Computer: Win 7-64 and I never install previews.

I have a question about Spectre and the cpu microcode updates.I saw the comment by @laidbacktokyo above and rechecked my system with InSpectre. This time there was an update available for CPUID: 306C3.

Searching github for the cpuid I found several links but

Intel/cpu306C3_plat32_ver00000024_2018-01-21_PRD_FCD4700E.bin

seems the right one. Any thoughts? Also will a bin file install like an exe?

Thanks.
-firemind

Reply | Quote

There are no exploits for Meltdows/Spectre in the wild at this time – Only Total Meltdows. Personally, I’d let the microcode thing chill for a while. It should be around for a good time, and it’s a good idea to let others be the Guinea Pigs.

The first round of firmware updates that were published caused nothing but trouble. And these microcode updates have not had time to be tested yet.

Just saying….

3 users thanked author for this post.

SueW, Demeter, Elly

Reply | Quote

@PKCano – Thanks, I will hold off then.

Reply | Quote

Does anyone know: when InSpectre disables Meltdown(or Spectre) protection, will that protect against Total Meltdown as well??

Just curious…

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

Reply | Quote

I should have asked this before but when you say to “reboot” after installing updates do you mean on windows 7 to “restart” or to “shut down”?  Since I’m Group A I never thought about this distinction — the computer just did a “restart”.  When I installed KB4099950 from the catalog today the question came up.

Youth Wants To Know! 🙂

Reply | Quote

It means “restart”. Same as when you install something that came via Windows Update and you get the message that, to complete the installation of the patch or patches, you must restart the computer.

1 user thanked author for this post.

Reply | Quote

Reboot and Restart are often used interchangeably. Normally, shutdowns are never required for updates. However, there is a possible issue in the March OS update, where a stop error might occur on shutdown. You wouldn’t discover it, unless you shutdown after the update. If the error occurs, then you need to restart and install KB4099467. Otherwise, it isn’t necessary. I was lucky. I did the shutdown, but the stop error didn’t happen, although I did have the fix at the ready, just in case. So, I restarted and went back to installing the other updates, I needed, and deleted Kb099467. Usually, updates will tell you if they need a restart. Yet, some of us oldtimers tend to restart after each update, simply as a precaution. I always open the Task Manager before doing the restart. I check to see if Trusted Installer is running(busy with the previous update) or not. I wait for it to finish, then restart. W7x64 GrpB

2 users thanked author for this post.

Lori

Reply | Quote

Welcome to the cesspool that has become Windows 7.

Woody, this cesspool was created by none other than Microsoft itself, not us users. And now we users have to deal with this mess.

I have said this before but I cannot help but repeat it : Is this mess a plot by Microsoft to “persuade” users to move to Windows 10 by degrading the Windows 7 user experience?

As a Group B user, seeing that the 2018 security updates for Windows 7 are still full of problems, personally my Windows 7 x64 systems are staying at the December 2017 patch level for as long as necessary, while the Windows 8.1 x64 systems are patched to March 2018 patch level.

Hope for the best. Prepare for the worst.

3 users thanked author for this post.

MikeFromMarkham, The Surfing Pensioner, Bill C.

Reply | Quote

JamesBond, Woody’s article “Total Meltdown (not Meltdown!) exploit now available” mentions 3 routes for Windows 7 to take. Rollback to December, install 4093108 or 4093118.

For you and Noel that went back, this is good if you are pleased with that. Many here are very technical (as I) but others are not. People must do what they feel is best or what their IT person says to do. But, I do want to say that I did install the March/April updates as per Woody’s route #2 manually security only.

The computer runs fine. I did do several system restore points and installed one at a time except for the march & April security only updates.

Yes Noel, there is the slowdown from the meltdown patch, and we have waited weeks if not months for a better fix. I doubt one will come for us, but I do hope a better solution is made for Windows 7 users.

I installed in this order. This has worked for me for years with IE being first and MSRT being last. All patches are from the Microsoft Catalog and downloaded the day of the install.

4092946
reboot
4099950  new 17th msu
reboot
4088878
4093108
reboot
wait 3 minutes
reboot
(I always reboot one more time.)

I also tell people to let the computer sit unused for an hour so the Process Idle Tasks can run. This in itself has helped eliminate the odd sluggishness after an update.

I hope this helps others.

Windows 7 64 Group B

1 user thanked author for this post.

HiFlyer

Reply | Quote

Pre-January Windows 7 and 8.1 are not such a cesspool…

Total Meltdown aside, let’s not forget the performance degradations that were also introduced.

-Noel

2 users thanked author for this post.

The Surfing Pensioner, Kirsty

Reply | Quote

James Bond 007 wrote:

Welcome to the cesspool that has become Windows 7.

Woody, this cesspool was created by none other than Microsoft itself, not us users. And now we users have to deal with this mess.

I have said this before but I cannot help but repeat it : Is this mess a plot by Microsoft to “persuade” users to move to Windows 10 by degrading the Windows 7 user experience?

As a Group B user, seeing that the 2018 security updates for Windows 7 are still full of problems, personally my Windows 7 x64 systems are staying at the December 2017 patch level for as long as necessary, while the Windows 8.1 x64 systems are patched to March 2018 patch level.

To me, always examine the who, what, when, where, and why.

Are there any motivations involved?

The simple answer to your question has to be YES!!!

Reply | Quote

Group B, Win7 SP1 x64, rolled back to December updates and treading water until something positive happens.

My legs are getting rather tired..

Reply | Quote

The desire to update windows is like carrying a bag of bricks. Think about who gave you those bricks to carry, and whether you’re willing to keep accepting more bricks from them.

Put another way, why should we work so hard for Microsoft?

It’s possible we’ve already seen the best programming that will ever come out of Microsoft. Those of us in-the-know about how software engineering works have been complaining about Microsoft’s changes in policies. There are reasons for those complaints; we’re not just whiners.

-Noel

2 users thanked author for this post.

HiFlyer, SueW

Reply | Quote

Slightly off-topic for this thread, but several people above have suggested W8.1 as an alternative to W7, so here is a link to my latest update about the problem with the W8.1 32 bit only April 2018 Rollup and Security Only updates and Sandboxie which I have been reporting on the last few days on several AskWoody threads:

https://www.askwoody.com/forums/topic/patch-lady-business-view-of-updates/#post-184988

The Sandboxie developers have produced a Beta of a fix/work-around which gets round the problem and the above link provides a further link to the details on the Sandboxie site.

HTH. Garbo.

PS: In my limited experience comparing W8.1 and W7 (and W10) on an ancient 2006-era 32 bit laptop (given that the Linux developers are stopping support for 32 bit devices – so the so-called Group L will not be an option for this particular PC), is that W8.1 is less stable and slower than W7, but more stable and faster than W10 (which of course also has a number of other issues widely reported here and elsewhere). So my current thinking is stick with W7 for as long as possible before switching to W8.1, but I keep an open mind.

Reply | Quote

I know I have already asked this question but I did not get it answered.

If I have NONE of the above listed updates installed on my computer do I have to do anything or am I safe from the Total Meltdown exploit?

 

Reply | Quote

What is your Windows version and bit size?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

The Total Meltdown (NOT Meltdown) vulnerability was created by the installation of the Jan & Feb patches listed above. If you have not installed any of those updates, you are not vulnerable to Total Meltdown.

2 users thanked author for this post.

woody, KarenS

Reply | Quote

PKCano wrote:

The Total Meltdown (NOT Meltdown) vulnerability was created by the installation of the Jan & Feb patches listed above. If you have not installed any of those updates, you are not vulnerable to Total Meltdown.

Thank You PKCano, I really appreciate the clarity on this matter!

1 user thanked author for this post.

HiFlyer

Reply | Quote

KarenS wrote:

If I have NONE of the above listed updates installed on my computer do I have to do anything or am I safe from the Total Meltdown exploit?

Yes, if you have none of the above listed updates installed on your computer, then you are safe from the Total Meltdown exploit.

Suggest you do nothing now. Wait for MS patching to stabilize, then–when Woody advises–update your system per his instructions to get other (non-Total Meltdown) fixes that your system should have.

Hope this helps.

3 users thanked author for this post.

Lori, woody, KarenS

Reply | Quote

Hello,  I have two Win7 64 bit machines.  For the march update patching, on 4-7-18, I installed KB4100480 and KB4099950 which were checked in Windows Update (WU).  I did not install KB4091290 which was listed as an optional update on the master patch list ( I do not do smart cards), and did not install KB4088875 because it seemed have a lot of issues and  today, 4-24-18, the Master patch list for March still shows hold for now investigating.  I do not appear to be having any issues but then I am not an IT guru.   According to what I have read on Ask Woody, Kb 4100480 closes the hole for Total Meltdown and KB4099950 along with KB4074598 and KB4091290 are required to install KB 4088875 2018-03 Win 7 monthly rollup.  After the new patches for April came out, KB4088875 disappeared on WU.  The update shown is KB4093118.  Since KB4100480 closes the hole, do I need to install KB4093118.  According to Microsoft KB4093118, which shows as of today, 4-24-18, a last  update date of 4-13-18, supersedes the Kb4100480. Does it solve any other issues to make installation worthwhile?  Thank you to all those on Ask Woody for the help with the patching maze.

Reply | Quote

anonymous wrote:

After the new patches for April came out, KB4088875 disappeared on WU. The update shown is KB4093118

KB4088875 (March Rollup) disappeared from WU for you because the Rollups are cumulative and KB4093118 (April Rollup) superseded/replaces it. In other words, the April Rollup contains the March Rollup and all the updates before.

By installing KB4100480, You are protected from Total Meltdown, so you do not have to install anything else at this time – you can choose to wait.

However, the April Rollup KB4093118 and those released in following months, contain more than just the fix for Total Meltdown. They contain other fixes as well. So somewhere down the road you will need to install the updates to have the security protection they provide.

3 users thanked author for this post.

woody, geekdom

Reply | Quote

Just to clarify I have the following patches installed, that are on Woody’s bad patch list.

KB4074598 2018-02 Security Monthly Quality Rollup for Windows 7 for x64
KB4056894 2018-01 Security Monthly Quality Rollup for Windows 7 for x64

Would it be quicker to just uninstall the above installed patches, than to install all of the checked April patches, including the KB 4093118 Monthly Rollup ?

I updated the below also which I don’t think matters.
Office 2010 CTR  14.0.7197.5000, which was released on April 10, 2018.

Any Help Appreciated,

 

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

To be protected from Total Meltdown, you need to have KB4100480 installed (as minimum) since you have installed the Jan and Feb Rollups.

OR, you can uninstall the Jan & Feb Rollups and be sure your computer is up to date through Dec 2017, which includes Dec Rollup KB4054518 and any earlier updates that show up.

To me, it would be easier to just install KB4093118 (which contains KB4100480)  than to uninstall the earlier Rollups as well as being sure you has all the patches through Dec 2017

1 user thanked author for this post.

walker

Reply | Quote

PKCano,

If I decide to go the uninstall route, is there any order in which to uninstall the two patches?
KB4074598 2018-02 Security Monthly Quality Rollup for Windows 7 for x64
KB4056894 2018-01 Security Monthly Quality Rollup for Windows 7 for x64

As I see it, uninstalling does not require you to do a backup, where as a backup is required before installing the KB4093118 patch, correct?

Thanks,

 

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

Uninstall in reverse order of install – last first. But it is not just uninstalling. When you finish the first uninstall, reboot, scan for updates, hide the one you just uninstalled. Uninstall the next and repeat. When you finish uninstalling, you need to be sure you are up-to-date to the Dec 2017 patch KB4054518. and all the old patches (except telemetry) that show up in Windows Update.

And, yes, you should do a backup before you start all that!!!

2 users thanked author for this post.

jburk07, Lori

Reply | Quote

PKCano,

After reading the uninstall procedures, I think it would be easier to do a backup and Use Windows Update to install all of the checked April patches, including the KB 4093118 Monthly Rollup as you said.

PKCano wrote,
(To me, it would be easier to just install KB4093118 (which contains KB4100480)  than to uninstall the earlier Rollups as well as being sure you has all the patches through Dec 2017)

I did not know that it entailed such a undertaking.
I also do have the patches through Dec 2017.

Should I hide the .NET Framework patches and MSRT for now?

As always THX for the help!

Dell, W10 Professional, 64-bit, Intel Core i7 Quad, Group A

HP, W7 Home Premium, 64-bit, AMD Phenom II, Group A

Reply | Quote

The patches we are concerned with are the Windows patches. The MSRT and .NET have nothing to do with the Total Meltdown or the Meltdown/Spectre vulnerabilities. You can consider the latter however you do your normal patching

1 user thanked author for this post.

Sparky

Reply | Quote

On several Win7 64 PC’s I have Feb and Dec security roll-ups installed. I could uninstall the Feb roll-up and be safe from Total meltdown…or, since an exploit has just come out and I have multiple anti-malwares and practice safe computing..avoiding the badlands..I could just wait till Microsoft pushes out a safe patch…maybe a month..maybe never…or until the exploit appears to be really causing problems..a bet that I won’t be patient 0 =>10,000.

I’m leaning towards the latter, but this whole mess is really over my head so I’m open to other opinions or options.

Reply | Quote

Your dates are messed up. It is the Jan and Feb Rollups that make you vulnerable to Totam Meltdown, for which there is an exploit. Safe browsing and anti-virus are NOT enough.

To be safe, your choices are one of the following:
+ Uninstall Jan and Feb Rollups and be sure you are up to date as of Dec 2017 (KB4054518).
+ Download and install KB4100480
+ Install the April Rollup (KB4093118) or the April Security-only Update (KB4093108)

Reply | Quote

Noel Carboni wrote:

The desire to update windows is like carrying a bag of bricks. Think about who gave you those bricks to carry, and whether you’re willing to keep accepting more bricks from them.

Put another way, why should we work so hard for Microsoft?

It’s possible we’ve already seen the best programming that will ever come out of Microsoft. Those of us in-the-know about how software engineering works have been complaining about Microsoft’s changes in policies. There are reasons for those complaints; we’re not just whiners.

-Noel

Could be some of the best programing is still there focusing on the social engineering side getting the users all panicky to quickly update and thereby feed the beta testing…

2 users thanked author for this post.

Noel Carboni, HiFlyer

Reply | Quote

Quoting JamesBond_007:

“I have said this before but I cannot help but repeat it : Is this mess a plot by Microsoft to “persuade” users to move to Windows 10 by degrading the Windows 7 user experience?”

My own version of an oft repeated cliche: “Do not assume a conspiracy where incompetence suffices.”

Or lack of interest: Windows 10 seems now dearer to the top management at Ms than the pupils of their eyes. Supporting properly older versions of Windows takes expensive resources away from developing (and messing up and then fixing the messing up) Windows 10. So, if Windows 10 has anything to do with what is going wrong with the patching of earlier versions, it is not necessarily intentional, more likely just collateral damage.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Charlie

Reply | Quote

I definitely don’t think it’s mere coincidence that Windows 7 got clobbered with the Total Meltdown threat and all the rest didn’t.  Win 7 is Win 10’s main competition.  To me, it’s quite obvious that MS wants to make Win 7 look bad (not an easy task) so as to hornswaggle as many unsuspecting, trusting, loyal MS customers as possible into thinking Win 10 is the best thing for them.

We’re supposed to have until 2020 to be able to use Win 7 with MS support and unhindered. It sure doesn’t look like they are living up to their word, which isn’t worth much these days.  Note to Microsoft: start putting all that effort into making Win 10 better and more likeable, and less effort into trying to make Win 7 look bad.

 

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

@Woody:  I am in need of “big-time help”.     I have been unable to get on the computer other than to check for updates.    Running Win 7, x64,   MS Home Premium.  Group A.  Here is where I stand at the present time:

My latest update list is as follows as of today’s check:

IMPORTANT:
KB4091290:         Update for Win7x64, published 3-1-18.  NOT CHECKED.  Update for Win7x64.  The last note I have on this one is to “WAIT”.   So I’m still waiting.
KB4093118:          CHECKED.  Security Monthly Quality Rollup, Win7 x64,  Published 4-23-18.
KB4033342:        CHECKED.  MS.NET Framework.   Told to just “leave it there”, as it is for the present time.  Published  1-9-18.
MSRT: KB890830:  Published April 10, 2018.  Usually don’t install these, however if it you recommend it, I will do that.
WINDOWS DEFENDER.  Newest definition:  1.267.2320.   I usually don’t install these either, however if you recommend it, I will do that.

OPTIONALS:
2 Drivers (one for Brother Printer and one for Realtek Semiconductor.  I don’t know what to do with them, so just leave them where they are.
KB4093113:  NOT CHECKED.  PREVIEW of Monthly Quality Rollup, Win7x64, Published 4-23-18.
**********************************************
The above are all that I am showing for updates for March and April available for updating (except for the “old” one from January 2018).
*************************************************************************************
When I check the Windows History, these are all that I show installed in March and April 2018:
KB4074598:  Security Monthly Quality Update (2018-02) (Important).  Installed 3-8-18.
KB4076492:  Security & Quality Rollup, NET Framework (2018-02).  (Recommended) Installed 3-10-18.
KB4100480:  Security Update for Win x64. (2018-03). (Important).  Installed 3-31-18.
KB4099950:  Update for Win7x64.  (Recommended). Installed 4-9-18.
*****************************************************************
I only show 4 updates which are in the “hidden list”, as follows:
Intel Corp.Graphics Adapter.   Optional
KB2952664:   Important
KB3021917:    Recommended
KB3102429:  Optional
****************************************************
One update:  KB4088875, I was told to “hide” on 4-12-18, however it’s no where on the hidden list.  So I don’t know what happened to that one.    Another one which disappeared is KB40888811 (I think the word on that one too was to hide it).

Any clue as to what I should “do” next would be most appreciated.   I don’t “know” what to do.    I hope I can get myself “dug out” of this quandary.  It’s a “true NIGHTMARE.  Any and all help will be most appreciated.    I think that the KB4099950 was reissued, and think the one I installed should be uninstalled, and then hope that the later one is there.   There are so many messages it is difficult to try to find an answer.  I’ve never uninstalled an update, so I hope that if this is the recommendation that I can do it correctly.

As I stated, ANY AND ALL RECOMMENDATIONS WILL BE SINCERELY APPRECIATED.  Thank you to every member who has shared this/her experiences with us all.

Reply | Quote

Woody’s advice, from here is:

At this point, I figure Win7/Server 2008 R2 users have three options:

• Take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. That’s a massive, thankless, task, and it leaves you exposed to the (few) real security holes plugged this year.

• Download and manually install the KB 4093108 Security-only patch.

• Use Windows Update to install all of the checked April patches, including the KB 4093118 Monthly Rollup.

The easiest one for you is the third one – install all the CHECKED April patches including KB 4093118

3 users thanked author for this post.

woody, walker, columbia2011

Reply | Quote

@PKCano:  Thank you so very, very much for the guidance on this issue.   If I understand this correctly the following option is the best for me:

Use Windows Update to install all of the checked April patches, including the KB 4093118 Monthly Rollup.

That appears to be the easiest as my “mess” is a little more unusual from that of many others.

I will try to get to this today, if possible, and report back the results.  Thank you again for all of your invaluable help.   It is appreciated more than words can ever express.     🙂

Reply | Quote

@PKCano:   Here are the results of following the above directions:

KB4093118:  This was the ONLY update that was checked and it downloaded and installed without any problems.
*******************************************************************************
Nothing else was checked in the Important List other than the MSRT & WD which I did not install at this time.
Nothing was checked in the Optionals.
***************************************************************************
I then ran the “check updates” again and came up with the following:
****************************************************************************
I did install the current MSRT for April, however left the new WD alone for now.
HERE IS ONE NEW ONE CHECKED IN THE “IMPORTANT” , AND THAT IS THE FOLLOWING OLD ONE:
KB4033342:  MS. NET Framework for Win7 & Server issued January 9, 2018.  This is the first time I’ve ever seen it checked, however I wished to verify that it is “safe” to download and install this “old” one before I did it.

In the Under OPTIONALS, nothing was checked.   However KB4093113 was listed (2018-04), but NOT CHECKED.   It’s the Preview of Monthly Quality Rollup, dated April 23, 2018.

These are all that I have found.    No sign of the one I have seen mentioned previously:  KB4099950, which I installed on April 9, 2018.    It is showing in the “Windows History”.   I have never seen a “new one” to install, so I am wondering if this is something that I need to “try” to uninstall, and to find the new one.   Since the latest version did not appear when I did the “check for updates” two separate times, I am wondering what the current status is on this one.

Thank you once again for the helpful information.   I hope that this has resolved the problem of trying to get all my updates “current”.    Your help is invaluable and always, always very much appreciated.    🙂

Reply | Quote

You should be fine like that for now.
KB4033342 is the installer for .NET 4.7.1. You can hide it for now. We don’t need a new version of .NET to muddy the waters at this time.

Please do not include the UNCHECKED OPTIONAL updates in your list. The Optional updates are not checked and not installed.

2 users thanked author for this post.

walker, woody

Reply | Quote

@PKCano:  Thank you so much for your assessment of the outcome of following your detailed instructions on how to proceed with getting my updates installed.    Thank you as well for the other added detailed information which you provided.

I will hide the KB4033342 NET. update as you directed, and in the future not refer to unchecked Optionals.  It is a huge relief to know that the updating issue was resolved.  Thank you once again for taking the time to help with what was (for me) an insurmountable issue.   All who utilize this forum, benefit greatly from your help, and recommendations.   🙂  🙂

Reply | Quote

I’ve got a related question:

If I want to rollback my (desktop) PC to December 2017,   could I just uninstall all windows updates from 2018?   I never used the “system restore” so I can’t roll back that way.    I would not like that anyway,   because I have made a lost of adjustments (installed new software etc.)  during the last few month.    So rolling back the “easy” way would be looking for the installed updates in the control panel and just uninstalling them untill I am back in 2017.    Would that be sufficient?

I’ve got no real problems at the moment,  but I would like to know anyway,  just in case….

Running Windows 7 64 bit,    both on Intel and AMD.

Thanks!

Reply | Quote

Rolling back to Dec 2017 implies uninstalling any of the patches mentioned in Woody’s article here. In addition, after you do that, you need to be sure all patches are installed to the Dec 2017 level. That includes Dec Rollup KB4054518 (or the Dec security-only & IE11 patches) and any of the older patches that show up in Windows Update (excluding the telemetry patches).

Reply | Quote

I just rolled back 3 Win7-64 PC’s to Dec 2017.

https://www.howtogeek.com/206271/how-to-roll-back-or-uninstall-a-problematic-windows-update/

* DO RESTORE POINTS..before
* RE-Boot into Safe Mode Windows 7 users can just use the F8 key to get into the boot menu and switch to Safe Mode
* head to Programs and Features and then click on “View installed updates” in the left-hand pane of the window.
* UNINSTALL 2018-02 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4074598)
* select the problematic update and click the Uninstall button.

After doing this, the Feb 2018 will still show up in your Windows Update history, but in installed updates…where you do the uninstall, it will show the Dec 17  40545218 as being installed the day you do this.

Afterwards, reboot and create 2 restore points.

I’ve had no problems with the 3 PC’s I did this with…so far. The March & April patches look riskier than than the total meltdown vulnerability. I will wait till Microsoft gets there act together and kicks out a stable patch before updating again. Recently Microsoft patches have cause far more havoc than the problems they claim to address..especially for those that practice low-risk computing…multi-layer malware protection and avoiding dumb moves and the badlands.

1 user thanked author for this post.

Lori

Reply | Quote

Thank you PKCano.

I was hoping that was the right way.   I’ve never used Windows restore,  but make a weekly (!) image of my disk with Norton Ghost (Yes,  the 2003 version on a USB stick…..)   That way I am sure that when I restore,  results cannot be influenced by Windows.  It just lays down every bit where it came from and the Ghost program doesn’t care if it’s restoring Windows,  or the state secrets of the royal family.   It just puts the bits back where they came from.

But I’m happy not to have to reinstall all my recent new software again.

For now I will leave things as they are   (I’m up to date untill april’s Rollup)  and see what next month brings.    If it keeps messy,   I will step into the time capsule….

 

Reply | Quote

windows 7 64 bit group b, did rollback to december, uninstalled three updates:
kb4074587 (february), kb4073578 (january), kb4056897 (january)
but after reboot all of them still show up in update history.
of course, not available in “installed updates” section anymore.
but they still show up in update history.

remaining windows updates from this year (2018) are:
kb4056568, kb4054998 (january) and kb4074736, kb4088835 (february), some of them ie, i assume;
office 2010 updates from january and february, 2018-01 security-/quality rollup for .net (january only),
and of course msrt from january and february. that’s it, i think.

so now i should be “safe” regarding total meltdown, i assume?

there are no march updates installed at all, even no updates for office 2010 or msrt…

Reply | Quote

I had temporarily held off patching (group A) due to the mess and this had helped me avoid some of the problems that got fixed in the meantime, probably. In light of the recent developments, I applied all patches from Windows update. I didn’t experience any issue after on the network connected work computer. In other words, generally follow Microsoft advice to be current, but with some delay to let them fix the patches first. The problem is when they keep adding more bugs, this doesn’t work no more.

I feel that trying to patch fully first and then rollback to December if experiencing issues could be a good way to go for a lot of group A people?

Reply | Quote

Can someone enlighten me on where we stand with Server 2012r2 systems? I have quite a few 2012(r2) systems, both physical and on vmware (using vmxnet3 nic). They’re all showing as not secure to Meltdown and Spectre. The physical machines should have a bios update for Spectre but I’m not clear what the Total Meltdown situation is. Only update these systems are needing is KB4093114 the April security only update.

Red Ruffnsore

Reply | Quote