Microsoft said to withdraw Meltdown fix


By Dylan Bushell-Embling
Monday, 15 January, 2018

Microsoft said to withdraw Meltdown fix

Efforts to patch the Meltdown and Spectre kernel memory vulnerabilities have hit a hitch after multiple security updates were reportedly put on hold.

The Australian Cyber Security Centre (ACSC) has advised that reports are circulating indicating that Microsoft is no longer offering important security patches for the two vulnerabilities following reports that multiple antivirus products are incompatible with the updates.

The reports suggest that Microsoft is withdrawing the patches until security vendors certify their wares as compatible.

The centre is recommending that Australian organisations consult both Microsoft's support website and that of their OEM device manufacturers and security product vendors for advice relating to patching the vulnerabilities.

Meanwhile Intel has reportedly been forced to tell some customers not to apply the patches it has issued to fix the vulnerabilities due to bugs in the microcode updates.

These customers include PC makers and large cloud providers and the warnings were issued after feedback indicating that the updates had caused some machines to reboot unexpectedly, according to the Wall Street Journal.

At least one Intel partner has expressed concern that the disclosure of bugs in the updates had only been issued to Tier-1 companies, leaving smaller players to deal with the fallout.

The developments follow last week's disclosure of Meltdown, a vulnerability that can allow malicious programs to access the memory storage of other programs and the operating system of an Intel device, and Spectre, a vulnerability allowing access to protected memory of other applications running on Intel, AMD and ARM chips.

Earlier this week the ACSC affirmed its advice that organisations should patch the two vulnerabilities as soon as possible.

Despite speculation that certain patches for the vulnerabilities adversely impact system performance, the ACSC insisted that for everyday users, the impact of applying patches is unlikely to be noticeable. Any performance hit is also justified by the improved security.

Image credit: ©stock.adobe.com/au/lucadp

Follow us on Twitter and Facebook

Related Articles

Managing third-party cybersecurity risks in the supply chain

Third-party cybersecurity breaches occur when the victim's defences are compromised through a...

Countering MFA fatigue demands a rethink on user authentication

While MFA remains effective, highly motivated threat actors are using tactics that seek to...

Four common zero-trust misconceptions derailing cybersecurity success

John Kindervag, creator of the zero-trust concept, explores the four most common zero-trust...

Content from other channels on our network

World's southernmost base station operating in Antarctica

Ultra-precise motion sensor could enable GPS-free navigation

Australian CubeSats successfully launched into space

Kordia leaves JV delivering NZ PSN's LMR network

Nokia enters partnership to bring 5G to Egypt

Comprehensive fluid power training from HYDAC

A method that paves the way for improved fuel cell vehicles

Stretchy gel sensor detects solid-state skin biomarkers

Smart fabric powers self-sustaining electronics

Computer chips have the potential to become even smaller

Boomi completes comprehensive IRAP reassessment

Trustwave appointed to Department of Defence ICTPA panel

Government services failing to engage younger Australians: report

New policy released for the use of AI in government

Call for investigation of TP-Link amid cybersecurity fears

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd