Microsoft Releases Emergency Patch after Intel's to Fix Spectre Problem
At the beginning of this year, two serious and complex chip flaws named Spectre and Meltdown become a headache for processor producers, esp. Intel, as they affected nearly every computer and device with an Intel chip in. Though Intel tested out the first round patch Spectre variant 2 (CVE 2017-5715 Branch Target Injection) shortly after the two flaws revealed, it even made things from bad to worse because it causes "higher than expected reboots and other unpredictable system behaviors ". Put it simply, this buggy patch brought about more problems than the flaw itself, such as spontaneous reboots and instability of the system which may further lead to data corruption and data loss.
Good news after the busy weekend. Microsoft has worked out and issued an emergency out-of-band patch KB4078130 specifically to disable Intel's previous fix. According to Microsoft, this patch's patch works well to stop unexpected reboots and is now available for Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, both client and server. Those who updated with CVE 2017-5715 patch can manually download the update from the Microsoft Update Catalog website. Also, independent instructions for advanced users are offered alongside.
Till 25.January, no attacks from the vulnerabilities have been reported according to Windows Update. Though most of the users clearly know what system instability means, some of them still unaware of the potential threats from a vulnerable system. On the one hand, data corruption and data loss occur frequently due to unexpected reboots when documents unsaved, data being transmitted and other ongoing operations. On the other hand, making use of the flaws, hackers may sneak users' privacy for malicious uses. So you're strongly suggested to update your computer with the latest patch if you're running affected computer.
How to Verify if Your Computer's Updated with Intel's Previous Patch?
Step 1: For Windows 7, 8 and 10 users, please click Start - Control Panel - Programs - Programs and Features - View installed Updates then you'll see all the updates you installed on your computer.
Step2: Search "CVE-2017-5715" in this list to verify if you've updated. If not, please keep it this way. Otherwise, move to next step.
Step 3: You need to manually download Microsoft's patch KB4078130 from Microsoft Update Catalog website.
Step 4: Install this patch on your computer and restart.
Please note that this patch from Microsoft is only released to deal with Intel's previous patch. To solve the whole problem caused by Spectre and Meltdown, we still need to wait for further information.
Update 3: (May 22) A new variant of Meltdown and Spectre flaws was disclosed by Microsoft and Google on Monday. Due to patches already issued earlier this year, it's considered low risk of an attack with the newest chip flaw. Though this problem may not carry out an attack, it's necessary to keep an eye on the security patches from the chip and/or OS vendors.
Update 2: (Mar.21) Microsoft released patches for another two models: the Wi-Fi-only Surface Pro (model 1796) and the Surface Pro LTE Advanced (model 1807).
Update 1: (Mar.14) Microsoft released patches for Spectre and Meltdown on Windows 7 (Service Pack) and Windows 8.1 this week, where previously only Windows 10 available. That is to say, all currently supported Windows releases now include defense against these vulnerabilities. Besides, more Windows 10 users will benefit from this move as Microsoft is expanding the availability of Windows secure updates to those previously blocked anti-virus compatibility.