In an ongoing saga of reboot and instability issues, MS jumps into Spectre updates with a new patch, KB4078130. It’s available only from the Microsoft Update Catalog. Download and apply it only on systems that have gone wonky since the patching started at or around January 3. (KB4056892 applies to my production desktop, but KB numbers vary by CPU type and x86/x64 OS variants.) Speculation is rife that MS issues Spectre reversal update seeks to mitigate Intel’s still-missing second round of microcode fixes.
CYA Explains Why MS Issues Spectre Reversal Update
Windows Support unleashed a new web page on Friday, January 26 to explain its actions. It’s entitled “Update to Disable Mitigation against Spectre, Variant 2.” The specific vulnerability involved is CVE 2017-5715 (requires microcode update for full enablement). However, this Support Note states:
As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.
What This Means For Security Maintenance
Yes, the vulnerability is best if not patched — at least, on PCs where it causes problems. For example, I have microcode fixes already installed on two systems right now. On one — a Dell Venue Pro 11 7130 (Haswell i5-4210Y CPU) — I yank the battery to reboot properly. On the other — the Surface Pro 3 (Haswell i7-4650U CPU) — I’ve experienced no issues whatsoever.
Neither system shows stablility issues, or serious reboot problems. Thus, those microcode fixes (and the related MS update KB4056892) can stay. But for those PCs adversely affected, admins might want to go ahead and apply KB4078130. Or, they might want to exercise an available registry option instead…
Exercising the Registry Option
As it happens, there’s another MS support note available to guide IT pros seeking for protection against so-called “speculative execution side-channel vulneratibilities.” (That’s the type of vulnerability that applies to Spectre and Meltdown.) That’s KB4073119, and it outlines PowerShell scripts to check vulnerability protections, and registry tweaks to enable or disable them. Or, you can download and use the afore-linked Catalog update instead, which MS claims will restore affected systems to stable operation. Your call.