Microsoft said to withdraw Meltdown fix


By Dylan Bushell-Embling
Monday, 15 January, 2018

Microsoft said to withdraw Meltdown fix

Efforts to patch the Meltdown and Spectre kernel memory vulnerabilities have hit a hitch after multiple security updates were reportedly put on hold.

The Australian Cyber Security Centre (ACSC) has advised that reports are circulating indicating that Microsoft is no longer offering important security patches for the two vulnerabilities following reports that multiple antivirus products are incompatible with the updates.

The reports suggest that Microsoft is withdrawing the patches until security vendors certify their wares as compatible.

The centre is recommending that Australian organisations consult both Microsoft's support website and that of their OEM device manufacturers and security product vendors for advice relating to patching the vulnerabilities.

Meanwhile Intel has reportedly been forced to tell some customers not to apply the patches it has issued to fix the vulnerabilities due to bugs in the microcode updates.

These customers include PC makers and large cloud providers and the warnings were issued after feedback indicating that the updates had caused some machines to reboot unexpectedly, according to the Wall Street Journal.

At least one Intel partner has expressed concern that the disclosure of bugs in the updates had only been issued to Tier-1 companies, leaving smaller players to deal with the fallout.

The developments follow last week's disclosure of Meltdown, a vulnerability that can allow malicious programs to access the memory storage of other programs and the operating system of an Intel device, and Spectre, a vulnerability allowing access to protected memory of other applications running on Intel, AMD and ARM chips.

Earlier this week the ACSC affirmed its advice that organisations should patch the two vulnerabilities as soon as possible.

Despite speculation that certain patches for the vulnerabilities adversely impact system performance, the ACSC insisted that for everyday users, the impact of applying patches is unlikely to be noticeable. Any performance hit is also justified by the improved security.

Image credit: ©stock.adobe.com/au/lucadp

Follow us on Twitter and Facebook

Related Articles

The AI regulation debate in Australia: navigating risks and rewards

To remain competitive in the world economy, Australia needs to find a way to safely use AI systems.

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

Content from other channels on our network

Enhancing broadcast reliability with remote telemetry systems

Brilliant made simple — fibre and network solutions

Keller pressure sensors from Bestech Australia

Powertec's next-gen comms trailer walkaround

Have your say: proposed reforms to improve infrastructure rollout

Phishing‍-‍resistant MFA: elevating security standards in the public sector

Government funds mobile coverage boost for regional Vic, NSW

Local governments need to improve digital services: report

Pegasystems completes IRAP assessment

SA school staff to receive cybersecurity awareness training

Mt Piper BESS approved for development

Sunshine Coast to play key role in connecting Australia

WA trials long-duration storage for remote communities

Powering data centres in the age of AI

Bringing geospatial tools to infrastructure planning

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd