Yet another surprise patch, KB 4078130, disables part of the Meltdown/Spectre patches

D

Deleted member 65228

rockstarrocks said:
Okay, this is just ridiculous. Should I install this update or not? If YES then why the hell it's not shown in Windows update and if NO then why are they providing it on the update catalog.
Click to expand...
You only need to install the update if you're experiencing issues after installing the recent Intel BIOS/firmware update. If you're not experiencing issues (or have not updated to Intel's latest patch) then you don't need to download it from the Update Catalog and install it.

This is why it is only available on the Update Catalog. Not everyone needs it.
 
  • Like
Reactions: Azure, harlan4096, LASER_oneXM and 2 others
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
here are some more informations (date of the article: Jan 29, 2018 12:23 PM PT ) about microsofts
emergency update KB4078130:

Microsoft releases emergency Windows update to hamstring earlier 'Spectre' defense
Intel urged customers not to deploy firmware updates aimed at the Spectre and Meltdown flaws because the updates caused system instability; Microsoft reacted with its own release – KB4078130 – on Saturday.

Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the "Spectre" vulnerabilities.

The weekend release was Microsoft's response to an announcement seven days ago by Intel, which told customers of all stripes - from computer makers to end users - to stop deploying the firmware updates it had offered after disclosures of the Spectre and Meltdown flaws. According to Intel, the new firmware "may introduce [a] higher-than-expected [number of] reboots and other unpredictable system behavior" on Broadwell and Haswell processors. Those silicon families were introduced in 2015 and 2013, respectively.
Click to expand...

Microsoft reacted to that disturbing news by voiding mitigations for one of the three areas of vulnerability posed by Spectre and Meltdown.

"Our own experience is that system instability can in some circumstances cause data loss or corruption," Microsoft confirmed in the support document accompanying the surprise update. "While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 - 'Branch target injection vulnerability.' In our testing this update has been found to prevent the behavior described."
Click to expand...
 
  • Like
Reactions: brambedkar59, XhenEd and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
Replies
2
Views
1,679
Security News
SeriousHoax
SeriousHoax
upnorth
    • Like
    • Applause
    • Wow
Intel Fails to get Spectre, Meltdown Chip Flaw Class-Action Tossed Out
Replies
0
Views
626
News Archive
upnorth
upnorth
Gandalf_The_Grey
    • Like
The September 2021 Security Update Review
Replies
3
Views
1,517
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top