Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft Releases KB4078130 Update to Disable Spectre Variant 2 Patch
#1
http://news.softpedia.com/news/microsoft...9580.shtml        Microsoft Releases KB4078130 Update to Disable Spectre Variant 2 Patch

The update is available for all supported Windows versions
Jan 29, 2018 05:48 GMT  ·  By Bogdan Popa ·  Share:      
Intel recently confirmed that its Spectre Variant 2 security update was causing issues on a number of hardware configurations, and this triggered a quick reaction from the rest of the industry, which had no other choice than to pull their own updates until a fix is offered.

With Intel’s own patches also included in Microsoft’s security updates for Windows, the Redmond-based software giant made the obvious call and decided to disable the Spectre Variant 2 patch as well, explaining in an advisory that all versions of the operating system are affected.

A new update labeled as KB4078130 is supposed to disable mitigation against Spectre Variant 2, and Microsoft also provides guidance to disable and enable this patch manually via the registry.

“While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – ‘Branch target injection vulnerability,’” Microsoft explains.

The company says that it’s not aware of any attacks aimed at the Spectre Variant 2 vulnerability, and explains that it’s waiting for Intel to deliver a fix in order to re-enable its own mitigation for Windows users.

“As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device,” the firm says.

Enable and disable Spectre Variant 2 mitigation manually
Microsoft also provides the following registry settings for user who want to enable or disable the Spectre Variant 2 without deploying KB4078130 on their systems:

To enable Variant 2: CVE 2017-5715 "Branch Target Injection":
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f

To disable Variant 2: CVE 2017-5715"Branch Target Injection":

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f

KB4078130 isn’t shipped via Windows Update, and can only be downloaded for Windows 7, 8.1, and 10 from the Update Catalog here.

#Microsoft#Windows#Spectre#Meltdown and Spectre#Windows Update
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws mrtrout 0 516 11-09-2021 , 10:20 PM
Last Post: mrtrout
  Microsoft and Google release urgent browser security update for Risk Level 4 Drive-b mrtrout 0 701 08-23-2021 , 09:13 AM
Last Post: mrtrout
  New Variant of IcedID Banking Trojan Spreading Wildely mrtrout 0 994 06-29-2021 , 11:24 PM
Last Post: mrtrout
  Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices Bjyda 0 916 03-17-2021 , 04:27 PM
Last Post: Bjyda
  Microsoft has blocked the ability to disable Windows 10 antivirus Igoreha 0 1,122 08-23-2020 , 12:26 PM
Last Post: Igoreha

Forum Jump:


Users browsing this thread: 1 Guest(s)