While the operating system updates address Meltdown, Spectre fixes rely on firmware updates from hardware vendors that implement microcode fixes from chip vendors.
In Intel's case, its microcode update introduces its Indirect Branch Prediction Side Channel Analysis Method.
Google reveals trio of speculative execution flaws, says AMD affected CPUs can leak data when unwinding unused speculative execution paths.
Major Linux redesign in the works to deal with Intel security flaw A serious security memory problem in all Intel chips has led to Linux's developers resetting how to deal with memory.
Third-party Windows antivirus products need to support Microsoft's security update and set a Windows registry key for customers to receive the update via Windows Update.
See: 50 time-saving tips to speed your work in Microsoft Office (free PDF) To make matters more confusing, only some antivirus vendors are actually doing both, while others require admins to set the registry key themselves, using Microsoft's instructions.
However, security researcher Kevin Beaumont has created a public spreadsheet that may help IT admins prepare for installing Microsoft's mitigations for the attack techniques that affect CPUs from Intel, AMD and Arm, albeit to differing degrees.
Trend Micro says its products Trend Micro Office Scan, Worry-Free Business Security, and Deep Security are affected by Microsoft's new requirement for vendors to verify compatibility with the patch.
Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems The faulty design has been present in chips for years and it will force a redesign of the Linux and Windows kernels."On January 4, 2018, Symantec released an updated Eraser engine to ensure compatibility with the Microsoft out-of-band update that had been released the previous day.While this engine update resolves the compatibility issues it was meant to address, some environments have reported issues with the SEP system tray icon after applying both updates," Symantec says in a support note.This addresses one of two Spectre attacks known as "branch target injection".Windows Meltdown-Spectre patches: If you haven't got them, blame your antivirus Microsoft says your antivirus software could stop you from receiving the emergency patches issued for Windows.For those that have SEP working with the Windows 10 1703 update, what steps are you taking to disable the Windows Defender Security Center and Windows Defender?The update appears to install correctly without blocking due to an incompatible SEP product.However, the post-update firewall alerts from the Security Center and having Defender running alongside SEP have me concerned that the SEP is not working correctly.I'm not sure who dropped the ball (Symantec, Microsoft, or both) but it doesn't seem like enough testing was completed.Additionally, some antivirus companies haven't completed compatibility testing.Microsoft hasn't said which antivirus products are compatible beyond its own Windows Defender and Microsoft Security Essentials.