Microsoft earlier on Saturday released an out-of-band Windows security update. The latest update disables a patch that the Redmond technology giant has launched earlier this month. The primary purpose of the piece was to keep personal computers protected from possible Spectre vulnerabilities.
According to a report published by Computer World, Intel made an announcement last week, wherein they informed customers (manufacturers, users) to stop installing firmware updates that it consisted of a problem that could worsen the situation. The firmware update included significant fixes to Spectre and Meltdown flaws. In a blog post last week, Intel stated that the update “may introduce (a) higher-than-expected reboots and other unpredictable system behavior.” This would especially affect the Broadwell and Haswell processors, which are pretty much all the devices that were introduced between the years 2013 and 2015. Microsoft responded to the news by stating that avoiding the mitigations altogether. In a support document accompanying the surprise update, Microsoft confirmed, “Our own experience is that system instability can in some circumstances cause data loss or corruption. While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, which specifically disables only the mitigation against CVE-2017-5715 – ‘Branch target injection vulnerability.’ In our testing, this update has been found to prevent the behavior described.”
The report by Computer World further goes on to add details about how the update was written for all supported versions of Windows – including Windows 7, 8.1 and 10. This was also applicable to corresponding Server editions. The Redmond technology giant further went on to publish instructions for manually disabling the defenses against the vulnerability that Spectre posed. These guidelines were explicitly designed for IT administrators with keys that are required to be added to Windows registry while also enabling and disabling the same.