Microsoft is rolling out an out-of-band security update for the Windows 10 Fall Creators Update (version 1709) and previous releases. This is an emergency update that is meant to address the recently disclosed flaws found on Intel, AMD, and ARM processors released in the past two decades that affect Windows as well as Linux and macOS operating systems.
The update for Windows 10 version 1709 is described as KB4056892 and bumps the version number to build 16299.192. While in version 1703 (Creators Update) the patch is described as KB4056891, KB4056890 for version 1609 (Anniversary Update), KB4056888 for version 1511 (November Update), and KB4056893 for Windows 10 version 1507 (Initial Release).
- Microsoft explains Meltdown and Spectre updates slowdown impact on PCs
- Microsoft halts security updates AMD PCs and offers workaround
- Windows 10’s Meltdown and Spectre fix is causing issues on AMD PCs
- How to keep your PC protected against Meltdown and Spectre security bugs
- Surface line gets UEFI update to mitigate Meltdown and Spectre security bugs
What’s new on Windows 10 build 16299.192
Microsoft has announced KB4056892 in the Windows support site, and it’s referred as “January 3, 2018—KB4056892 (OS Build 16299.192)”. If you’re already running the Windows 10 Fall Creators Update on your PC, this update will only address these issues:
- Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
- Addresses issue where printing an Office Online document in Microsoft Edge fails.
- Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
- Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
- Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
- Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
- Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.
Windows 10 build 16299.192 (KB4056892) for PCs is available immediately. The new update will download and install automatically, but you can always force the update from Settings > Update & security > Windows Update and clicking the Check for updates button.
The January 3 update for version 1709 has a few known issues, as such make sure to check the Microsoft support site (using the link mentioned above) if you come across any problems during and after the installation.
Older versions of Windows will soon get patches as well
Windows 8.1 and Windows 7 are also getting an update to protect computers against this flaw that is making headlines across the internet, but users running older versions of Windows won’t see the update until the next Patch Tuesday.
It should be noted that Microsoft has quietly already patched the test version of Windows 10 available through the Insider program.
Alongside with the software updates, in order for everything to work correctly, hardware vendors are also releasing firmware updates for Intel, AMD, and other hardware. In the coming days, many security software vendors, specially antivirus companies, are expected to roll out updates to ensure their software will work correctly with Windows, as the changes are significant and will modify the way the kernel operates.
Fixes will affect performance on all devices
As a result of the patches, it’s also expected that devices to run slower (anywhere between 5 to 30 percent slower depending on the processor). According to Intel, on a report from The Verge, processors based on the Skylake architecture or newer won’t see significant performance degradation.
This isn’t just affecting home and work computers, cloud-based servers like those from Microsoft Azure, Amazon, and Google are affected too, and they’re also expected to patched in the coming days.
Vulnerabilities allow attackers to steal your data
The flaws (“Meltdown” and “Spectre”) found in many microprocessors seem to be related to the way apps can find parts of protected kernel memory areas. The kernel in an operating system that has absolute control over the complete system, and allows apps to talk to the processor, access memory, and other hardware. The flaws in these processors allow attackers to bypass the kernel access protections and steal data from apps running in memory (e.g., web browsers, password managers, documents, photos, emails, etc).
On a statement, Microsoft notes:
We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.
Originally, Intel was the only processor platform that appeared to be affected, but then security researchers, including Google, disclosed that there are two vulnerabilities (“Meltdown” and “Spectre”) that affect Intel as well as AMD and ARM processors (to some extent) released in the past 20 years, which also affect any operating system that runs on those chips.
While most hardware manufacturers and software companies are collaborating and quickly responding to address these issues, the updates are part of a series of fixes that will be coming out to permanently address these vulnerabilities. However, due to the fact these are hardware flaws, the only way to really fix the problem without making your system slower is to wait until manufacturers change the design of their processors.
Update January 23, 2018: Intel is now recommending users not to installed its Spectre patch due a bug causing some random reboots in certain system. This problem affects some of the processors including Broadwell, Haswell, Coffee Lake, Kaby Lake, Skylake, and Ivy Bridge families.