MS Security Update for Meltdown

[moroni]

UPDATE [Jan 9] Microsoft has pushed the update to Win 8.1 as well. Users of Avast should receive the updates automatically for all the supported versions of Windows.

--------------------------------------------------

UPDATE [Jan 8] Microsoft is the pushing security updates in stages. As of now, Avast users of Win 7, Win 10 RS2 and Win 10 RS3 are getting security updates automatically, other versions will follow soon.

--------------------------------------------------
Hi everyone,

Please be aware that AVAST is compatible with the MS Security Update for the Intel Vulnerability called "Meltdown" since December 2017, and is also storing the required registry key (since January 3rd 2018). Users of AVAST should not have any issues receiving the patch via Windows Update.

More info at https://support.avast.com/en-ww/article/253/

[pdkent2002]

Maybe I shouldn't be having trouble, but I am.  I'm using Win 10 Home, 1709 (build 16299.125), Avast Free Antivirus 17.9.2322 (Build 17.9.3761.0) with virus definition 180105-0.  My firewall is the Windows 10 built-in firewall left at the MS default settings.  Forcing a Windows update indicates that I'm up to date.  However, my last update was installed in mid-December.  Similarly, forcing updates to the Avast program and virus definitions also indicates that I'm up to date.  However, no sign of the MS patch for Meltdown.  Suggestions please!
Peter

[pdkent2002]

Further information, I checked my registry and do not have the key I'm supposed to have.  Please advise.  Peter
CORRECTION:  I was looking in the wrong place in the registry.  I do have the required key.  However, MS update isn't providing the patch.  Should I wait until Tuesday or manually download and install the patch now?

[suk]

It looks like Microsoft is pushing the patch quite slowly (it was not offered on my computer either).
If you want to install it manually without waiting, you can get the cumulative update for Win10 from https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 - there is a link to Microsoft Update Catalog website.

[TheOwner]

Hello, I expect this fix at patch tuesday (second tuesday in month).

[DavidR]

Hello, I expect this fix at patch tuesday (second tuesday in month).

This is more what I would expect of MS, whilst this is a vulnerability, in the past MS still waited until patch Tuesday and on occasion even longer before patching.  As has been mentioned the actual patch for this is within a KB that includes other stuff also.  So I'm not so sure how much urgency MS are putting into this.

Not to mention this isn't an immediate issue, first your computer would also have to be infected to take advantage of the vulnerability.

[Michal256]

The point is the vulnerability can be exploited using JavaScripts embedded in malicious sites. The patch from MS also contains fixes to IE and Edge, meaning MS should be interested in releasing it to all end users ASAP.

Mozilla have released a hotfix with adjustments for browser config to minimize the exploitation possibilities, and Google have published their settings recommendations. IE and Edge can't be updated separately though, given how MS now handles patching.

[pdkent2002]

I just discovered why some of us may not be getting the patch via MS Update even if we've verified that we have the required registry key.  I downloaded from the Intel web site their SA-00086 chip tester that they developed specifically to determine if a user's processor is vulnerable. I've attached the report for my Dell PC, which is approximately 5 yrs old.  Surprise:  I'm supposedly not vulnerable!!  Perhaps there's something my my registry that enables MS to detect that and determine that I don't need a patch.  You can download the tool directly from Intel at: https://downloadcenter.intel.com/download/27150?v=t   The page that provides documentation is:
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html  Maybe you'll be in luck also.   Peter

[schmidthouse]

Got tired of waiting.
Downloaded and Installed Cumulative Update for Win 10 64Bit from MS.
All went smoothly.

[DavidR]

@  pdkent2002
It isn't so much what you have in registry to determine your need for the patch, but that your AV would support the patch if issued.

The Intel tool is checking your CPU to see if it is vulnerable and it is in more 'modern' CPUs with the vulnerability/flaw.  I suspect your CPU, like mine (Core2Duo E8300) predates this determination of a modern CPU.

[Rundvleeskroket]

Surprise:  I'm supposedly not vulnerable!!

Yes you are!

This tool checks for a vulnerability in the Intel Management Engine. That is a completely separate problem from both Meltdown and Spectre.

[REDACTED]

Still not getting the Win10 patches for this security issue - on every PC I have Avast installed on. Avast is up to date on all of them. I have rebooted them multiple times. So, I take issue with your confidence that Avast is compatible!

I removed Avast from one of them and guess what - after rebooting the system (required to complete the uninstall of Avast) - UPDATES began immediately.

And for those with Malwarebytes installed as well (I have it on all my PC's), the computer I mention here has Malwarebytes installed and running before, during and after deleting Avast. No issues with that software preventing the update.

MS has no vested interest in putting people in a queue for this particular update. It was ready as of yesterday, your computer should have already downloaded and installed it. If yours did not, your antivirus is most likely getting in the way. I do not condone uninstalling any AntiVirus product as I did. I only did it to find out if Avast was stopping the update. You can draw your own conclusions.

EDIT: add additional info regarding Malwarebytes and remove some salty language
UPDATE: I responded to some questions, you can find them on Page 3, Reply #34 (link below)
click here

[REDACTED]

Ihave Avast Pro antivirus 17.9.2322 build 17.9.3761.0 but do not have Allow Regkey. Even i do not have file QualityCompat!!! I do not understand.

[REDACTED]

I removed Avast from one of them and guess what - after rebooting the system (required to complete the uninstall of Avast) - UPDATES began immediately.

And for those with Malwarebytes installed as well (I have it on all my PC's), the computer I mention here has Malwarebytes installed and running before, during and after deleting Avast. No issues with that software preventing the update.

Exactly what happened for me, and I use MBAM as well.

[REDACTED]

Still not getting the Win10 patches for this security issue - on every PC I have Avast installed on. Avast is up to date on all of them. I have rebooted them multiple times. So, I take issue with your confidence that Avast is compatible!

I removed Avast from one of them and guess what - after rebooting the system (required to complete the uninstall of Avast) - UPDATES began immediately.

And for those with Malwarebytes installed as well (I have it on all my PC's), the computer I mention here has Malwarebytes installed and running before, during and after deleting Avast. No issues with that software preventing the update.

MS has no vested interest in putting people in a queue for this particular update. It was ready as of yesterday, your computer should have already downloaded and installed it. If yours did not, your antivirus is most likely getting in the way. I do not condone uninstalling any AntiVirus product as I did. I only did it to find out if Avast was stopping the update. You can draw your own conclusions.

EDIT: add additional info regarding Malwarebytes and remove some salty lanquage

I too have Malwarebytes and Avast. Like you I uninstalled Avast and left Malwarebytes installed. I have Win 10 build 1709 (Fall Creators Update). After my computer restarted I did an manual update check and immediately the update started downloading and installed perfectly. Apparently Windows Defender is the component that Microsoft requires for the security patch to work correctly. I am leaving Avast uninstalled for now.