What to know about January’s Windows Security Updates

What:

Issues with January Security updates for Windows Desktops and Servers released today to Windows Update.

Issue:

  • Anti-Virus and CPU compatibility that may cause:
    • Security updates to not install
    • Cause blue screens and boot issues if installation of updates are forced
  • User performance will be impacted on older systems when security updates are installed successfully.

Why

Microsoft has released security updates to address the Meltdown and Specter vulnerabilities disclosed last week. However there are certain scenarios where these updates may not be installed, or may cause system issues. Additionally these updates when they are applied will impact system performance on older systems.

Scenario 1 – Incompatible anti-virus solution

Microsoft has found some anti-virus solution that were not operating in a supported manner.  When the security updates were applied it would render the system “unbootable”. The majority of the major vendors on the market have since updated their solutions, but may not yet be reporting compatibility to windows and require manual system changes to enable Security updates.

Microsoft guidance and registry information is listed in this support article:  https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

 

Compatible – no action required if running the latest version

Vendor Link
Sophos https://community.sophos.com/kb/en-us/128053
Symantec https://pbs.twimg.com/media/DSsRaXBVoAEDpMR.jpg:large
AVG https://support.avg.com/answers?id=9060N000000TrmmQAC
Kaspersky https://support.kaspersky.co.uk/14042

 

Compatible vendors but require manually setting registry key

Vendor Link
Cisco https://supportforums.cisco.com/t5/sourcefire-documents/cisco-amp-for-endpoints-compatibility-with-windows-security/ta-p/3306874
FireEye https://www.fireeye.com/blog/products-and-services/2018/01/fireeye-endpoint-security-agent-compatible-with-meltdown-update.html
McAfee https://kc.mcafee.com/corporate/index?page=content&id=KB90167
Palo-Alto https://live.paloaltonetworks.com/t5/Customer-Advisories/Information-about-Meltdown-and-Spectre-findings/ta-p/193878/jump-to/first-unread-message
TrendMicro https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates
WebRoot https://community.webroot.com/t5/Security-Industry-News/Microsoft-Patch-Release-1-3-18/m-p/310145

 

Not yet confirmed compatible

Vendor Link
VIPRE https://businesssupport.vipre.com/support/solutions/articles/1000258536
360 Total Security No vendor information currently available

 

Scenario 2- AMD Processors. 

If systems utilize AMD processors, Microsoft has delayed delivery of January security updates. Even if a system has a compatible anti-virus configuration these updates will not be advertised to those systems. If these updates are applied to AMD systems it may result in an system that is “unbootable”.

Microsoft support article regarding the issue with updates and AMD processors are available here:  https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

NOTE:  AMD has responded saying their processors are not at high risk due to limited exposure.  There response is available here:  https://www.amd.com/en/corporate/speculative-execution

Scenario 3 – Updates installed but system performance impacted.

There is no work around to this issue due to the nature of the threat that is being mitigated. Microsoft has identified older systems (pre-2015) with older Operating Systems (pre-Windows 10) the most at risk to performance degradation. This is notable as any slowdowns from the application of updates will not be related to your AV solution – but impacted by the real operations of the CPU and Operating system.

 

General performance behavior

Operating System CPU Impact
Windows 10 2016 era PC (skylack, kabylack) Unnoticeable – single digit performance impact to CPU
Windows 10 2015 era PC (Haswell or older) Decrease notice in performance, users may or may not notice depending on model and business tasks being executed
Windows 8.1 / Windows 7 2015 era PC (Haswell or older) Significant impact to performance due to the way older OSes use the kernel.  All users will notice the decrease in performance.

 

More details is available from Microsoft here: https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

Leave A Reply

Your email address will not be published. Required fields are marked *