(Meltdown and Spectre) Windows antivirus patch compatibility

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,634
i have used a trial of kaspersky antivirus... I got no update !
then i kicked kaspersky from my pc and...surprise...win update KB4056892
Compatibility of Kaspersky Lab solutions with the Microsoft Security update of January 9, 2018

Probably You will receive automatically the patch on 9th January, so don't get panic :)

Many users still are not getting the Windows patch having or not their antivirus enabled, so it is being delivered gradually...

I have KTS2019 beta 903 and got the patch automatically in my W10FCU yesterday night (AMD Athlon II X3 450) , but in my laptop (Intel Pentium Dual Core T4300) with W10FCU + KTS2018f still no patch, and I'm not going to force it manually...
 
Last edited:
D

Deleted member 65228

I have KTS2019 beta 903 and got the patch automatically in my W10FCU yesterday night (AMD Athlon II X3 450) , but in my laptop (Intel Pentium Dual Core T4300) with W10FCU + KTS2018f still no patch, and I'm not going to force it manually...
This is responsible. Everyone, read the part I quoted.

I will wait for it to be rolled out for me as well, and then I will update. I'll neither force it. If I force a cab driver to speed up so I am not late for a meeting, the car might crash and both or one of us might die, as well as the other individuals related to a car crash. If I force selling of stocks, I might lose out on a massive opportunity to make 10x the amount of money I made from selling early (Intel CEO definitely didn't LOL). If I force my CPU to run at a clock speed a lot more than it should be, it may overheat a lot faster and have a reduced life-span.

In my opinion, rushing never really gets you anywhere. It might work out well, but never count your chickens because rushing can make you overlook potential problems. For that reason, I'll wait for the update to be rolled out for me, and then apply it.

You have people on the news talking about how we should force update ASAP, but it won't be a walk in the park for it to be deployed. It still requires user-interaction. I still need to actually visit a malicious URL which can deploy the malicious JavaScript payload to exploit the vulnerability, or download a fresh sample from the wild by accident and be legitimately infected for the attack to take place (for Meltdown). And the Spectre vulnerability, which is not patched in the recent update as far as I am aware, cannot be deployed from online as far as I am aware.

Not to mention in the mean-time there is isolation features in Google Chrome, there's also an update for Microsoft Edge now.
 
D

Deleted member 65228

I love how Crowdstrike needs until next Monday to change a registry key....
It's not because they don't know how to change a registry key. They can't just change the registry key, that would be extremely inappropriate, irresponsible and unacceptable. Some vendors did this, and then they caused all sorts of hassle for people who could update allegedly.

CrowdStrike need to make sure that their software works as intended after the recent patch, fix any issues into their code-base for support for after the update, and then they can change the registry key. Only, and not a second before, testing, testing and testing to make sure there are no problems.

Imagine a business using a solution of theirs, who updates because they changed the registry key without caring and doing proper checks. Now they get hit with a bunch of random BSODs and this crash causes data corruption on their system, potentially causing a lot of money being lost.

I don't understand what people expect here. A patch is released, vendors have hardly any days to prepare for the upcoming changes, all they were told in advance was that they needed to change a registry key. Security software can do all sorts of things depending on the functionality, both high and low level. Some solutions are built on millions of lines of code. They can't just magic out a fix for their software the same few days a patch is released out of thin air, it can take weeks or longer sometimes when big changes are made to built-in parts of Windows close to the software, in this case, the Windows Kernel itself being changed for various things.

Microsoft are to blame for this rubbish with AV products IMO. Microsoft should not have kept security vendors in the dark until it was too close. They should have notified the vendors at least a month in advance and let them know what exactly the changes were.
 

Faybert

Level 24
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
My machine with G Data installed was updated yesterday:
0eS4yoB.jpg
sl2QSXj.jpg
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,634
Finally today I got the patch in my laptop with Intel, and in Kaspersky forum many users are reporting They are also receiving the Microsoft patch since yesterday :)
 
P

plat1098

When kb4056892 first released, one machine didn't get it for hours afterward. So I impatiently installed it from the Update Catalog. :oops: This was before the revelation that the registry key for third party antivirus was required. The machine runs Windows Defender. Very lucky break, right? Microsoft doesn't care to accommodate the various third party security, everyone should be running Defender, right? Wow, thumbs-down, Microsoft. (n)
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Updated Qihoo 360 and installed the patch successfully on Windows 7. Seems 360 has no issues with the update. I downloaded it manually from the MS catalog, so I am not 100% sure about this. Confident any issues will be worked out quickly though, and the system is stable with the patch for now. I looked for information from Qihoo but could find none before locating and installing the patch manually. Guess I'll have to deal with the repercussions if anything goes wrong.

Ran the SA-00086 tool on an unpatched i-5 2400 PC, and, curiously, the tool reports that the system is not vulnerable. An older i-3 540 system was vulnerable. I have a post up at the HP site to find out if the test is reliable. Also, have another HP system with an i-5 2500 which the test findings stated may be vulnerable. Hope to know more soon. No idea why an unpatched system with this type of processor is not vulnerable.

Ran several benchmarks with and without the patch. Inconclusive, although the first one with the patch was very bad on one system. Others were up and down, so...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top