|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
Intel releases more Meltdown/Spectre firmware fixes, while Microsoft unveils a new Surface Pro 3 firmware fix that doesn’t exist
You’d have to be incredibly trusting — of both Microsoft and Intel — to manually install any Surface firmware patch at this point. Particularly when you realize that not one single Meltdown or Spectre-related exploit is in the wild. Not one.
Computerworld Woody on Windows.
-
Yet another surprise patch, KB 4078130, for all versions of Windows, disables part of the Meltdown/Spectre patches
Follow-up article in Computerworld Woody on Windows.
More fun ‘n games.
Last night, Microsoft released KB 4078130, which is specifically designed to turn off the Intel-identified buggy code in the Meltdown/Spectre patches. Sayeth Microsoft:
‘Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption.
While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described.
The patch is only available from the Update Catalog, and it’s the same patch for all versions of Windows.
@MrBrian has taken a look and confirms:
This update indeed does set the registry values… documented weeks ago to disable CVE 2017-5715 mitigation in Windows.. This update doesn’t appear in the list of installed updates. This update needs admin privileges to function properly.
If you’ve avoided this month’s Meltdown/Spectre patches, there’s nothing you have to do. On the other hand, if you jumped into the trenches, this one might keep you from losing some data.
Microsoft goes on to say:
As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.
It’s highly likely that when Intel gives the all-clear for Spectre variant 2, it’ll be part of yet another patch.
Moral of the story: Wait.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Windows 11 Windows Updater question
by 6 hours, 46 minutes ago
-
Key, Key, my kingdom for a Key!
by 13 hours, 41 minutes ago
-
Registry Patches for Windows 10
by 18 hours, 11 minutes ago
-
Cannot get line length to NOT wrap in Outlining in Word 365
by 46 minutes ago
-
DDU (Display Driver Uninstaller) updates
by 11 hours, 34 minutes ago
-
Align objects on a OneNote page
by 23 hours, 39 minutes ago
-
OneNote Send To button?
by 1 day ago
-
WU help needed with “Some settings are managed by your organization”
by 1 day, 8 hours ago
-
No Newsletters since 27 January
by 1 day, 4 hours ago
-
Linux Mint Debian Edition 7 gets OEM support, death of Ubuntu-based Mint ?
by 9 hours, 29 minutes ago
-
Windows Update “Areca Technology Corporation – System – 6.20.0.41”
by 8 hours, 8 minutes ago
-
Google One Storage Questions
by 9 hours, 30 minutes ago
-
Button Missing for Automatic Apps Updates
by 8 hours, 50 minutes ago
-
Ancient SSD thinks it’s new
by 14 hours, 5 minutes ago
-
Washington State lab testing provider exposed health data of 1.6 million people
by 1 day, 23 hours ago
-
WinRE KB5057589 fake out
by 1 day, 17 hours ago
-
The April 2025 Windows RE update might show as unsuccessful in Windows Update
by 1 day, 7 hours ago
-
Firefox 137
by 10 hours, 29 minutes ago
-
Whisky, a popular Wine frontend for Mac gamers, is no more
by 2 days, 12 hours ago
-
Windows 11 Insider Preview build 26120.3863 (24H2) released to BETA
by 2 days, 12 hours ago
-
Windows 11 Insider Preview build 26200.5551 released to DEV
by 2 days, 12 hours ago
-
New Windows 11 PC setup — can I start over in the middle to set up a local id?
by 1 day, 8 hours ago
-
Windows 11 Insider Preview Build 26100.3902 (24H2) released to Release Preview
by 2 days, 15 hours ago
-
Oracle kinda-sorta tells customers it was pwned
by 2 days, 21 hours ago
-
Global data centers (AI) are driving a big increase in electricity demand
by 3 days, 8 hours ago
-
Office apps read-only for family members
by 3 days, 10 hours ago
-
Defunct domain for Microsoft account
by 3 days, 7 hours ago
-
24H2??
by 1 day, 8 hours ago
-
W11 23H2 April Updates threw ‘class not registered’
by 1 day, 3 hours ago
-
Master patch listing for April 8th, 2025
by 1 day, 7 hours ago
Remembering Woody
