If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
I currently look after six computers where I do some volunteer work.
With the update problems over the past two years I have put all out computers on manual update and watch https://www.askwoody.com/category/mi...ches-security/ website for problems. I t is a poor state that MS have got themselves into when it comes to having to do this. The computers are all Intel processors, OEM windows 7 pro OS, Avast (Free) antivirus Early this month Avast antivirus updated and put the following key into the registry -- REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft \Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. We also have a Windows Home Server 2011 on the network. It has run without Antivirus from the beginning as Avast did not have an Antivirus that would run on WHS2011. It has not been offered the KB4056894 update as the registry key is absent, no antivirus -- no registry key. Question 1 -- Can I manually put the key into the Server Registry so that it will be offered the KB4056894 update too, or is this really necessary. Question 2 As this update is said to slow down computers, is it really necessary to install it at all on any of the computers. Question 3 How do I, or can I, modify the registry key to stop the KB4056894 update being offered to the computers. My wife's has a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. The KB update is reported as BOSD'ing this ( See link above ) Any answers, offers to buy MS, or observations etc would be gratefully received. -- ~~~~~~~~~~~~ Maurice Helwig ~~~~~~~~~~~~ |
Ads |
#2
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Maurice Helwig wrote:
I currently look after six computers where I do some volunteer work. With the update problems over the past two years I have put all out computers on manual update and watch https://www.askwoody.com/category/mi...ches-security/ website for problems. I t is a poor state that MS have got themselves into when it comes to having to do this. The computers are all Intel processors, OEM windows 7 pro OS, Avast (Free) antivirus Early this month Avast antivirus updated and put the following key into the registry -- REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft \Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. We also have a Windows Home Server 2011 on the network. It has run without Antivirus from the beginning as Avast did not have an Antivirus that would run on WHS2011. It has not been offered the KB4056894 update as the registry key is absent, no antivirus -- no registry key. Question 1 -- Can I manually put the key into the Server Registry so that it will be offered the KB4056894 update too, or is this really necessary. Question 2 As this update is said to slow down computers, is it really necessary to install it at all on any of the computers. Question 3 How do I, or can I, modify the registry key to stop the KB4056894 update being offered to the computers. My wife's has a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. The KB update is reported as BOSD'ing this ( See link above ) Any answers, offers to buy MS, or observations etc would be gratefully received. The purpose of the registry key, is a communication between a third-party AV and the OS. If you're *not* using a third-party AV, then Microsoft knows Windows Defender is ready for the update, and so the OS will receive the update. But if you jammed in an update, where a third-party AV was not ready for it, it can cause system files to be quarantined. Setting the flag above means "we know you're about to mess with stuff that would set off our heuristic detection". If you are using a third-party AV, then the flag is a gating item. And the OS knows whether a third-party AV is present, because yet another registry entry turns off Windows Defender. This process should be fully automated. You could try catalog.update.microsoft.com and attempt to download and install the update. The .msu file you download, has rudimentary protection where it checks dependencies before it installs. For example, if you download the 32 bit version, and try to install it on a 64 bit OS, it will say "update is not for this computer". I would expect the above Registry key to be encoded in the .msu, so it delivers a snotty message if a dependency it needs, hasn't been met. Remember - you can do anything you want, if you have backups. Right ? You should have a backup of C: and System Reserved, just in case... Paul |
#3
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
On 12/01/2018 02:05, Maurice Helwig wrote:
A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. My personal opinion is to wait for two more weeks until Intel comes out with its own patch. They are on record to fix this within 10 days so I'll wait for their patch. There is nothing Microsoft can do about problems with the hardware. This bug is in the hardware not in the operating system so why try to apply an OS fix when hardware fix will be released soon. Intel will release a software patch to fix old hardware so you'll need to install them. Microsoft fix may not be the right one for anybody IMO. If, however, you want to do something to pass your time then apply Microsoft patch and see if it works for you or not. -- With over 600 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows. |
#4
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Good Guy wrote:
On 12/01/2018 02:05, Maurice Helwig wrote: A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. My personal opinion is to wait for two more weeks until Intel comes out with its own patch. They are on record to fix this within 10 days so I'll wait for their patch. There is nothing Microsoft can do about problems with the hardware. This bug is in the hardware not in the operating system so why try to apply an OS fix when hardware fix will be released soon. Intel will release a software patch to fix old hardware so you'll need to install them. Microsoft fix may not be the right one for anybody IMO. If, however, you want to do something to pass your time then apply Microsoft patch and see if it works for you or not. The next installment of the soap opera is here. https://arstechnica.com/gadgets/2018...t-performance/ Spectre IBRS ("indirect branch restricted speculation") protects the kernel from branch prediction entries created by user mode applications; STIBP ("single thread indirect branch predictors") prevents one hyperthread on a core from using branch prediction entries created by the other thread on the core; IBPB ("indirect branch prediction barrier") provides a way to reset the branch predictor and clear its state. The Microsoft plan at the moment, seems to be to not load the microcode patch using the OS microcode loader. Leaving it to users (who want to suffer performance degradation), the opportunity to flash up their BIOS and load a newer version of microcode via the BIOS. ******* How this works is, when the processor starts, the processor revision is 00. That revision represents the "level" of microcode patch currently loaded. Let's say the BIOS loads version 07 microcode. It was available the day you bought your motherboard. That's what "your CPU is supported" means - there's a microcode available for it and it's sitting in a segment in the BIOS chip. Maybe two months ago, Intel released a regular installment of microcode patches (patch bugs we never hear about), and the version is 43. If the OS uses its microcode loader, 43 is higher than 07, so the OS one is loaded at boot time, and the microcode loader then shuts down and disappears. It works the same on Windows and Linux. If you use the Intel PID program, it will list the processor version as 43, which is actually the microcode version. Now, the opposite is possible. If the BIOS has version 43, and you boot Windows 2000 and the microcode loader in that OS has 07, then the OS one does not load. The BIOS version 43 wins. Between the two loaders, the highest version wins. So when in this case, Microsoft doesn't put the Intel microcode in their OS microcode loader, it leaves the choice up to the customer. The customer can load version 51 via a BIOS flash update. But sooner or later, this is going to catch up with Microsoft. You can't do this. It's dumb. The microcode versioning system was never intended for "user choice". To manage it this way is pin-headed. Microsoft is simply afraid of the "flack" it will receive, from doing the right thing. And if Intel in March comes out with version 52, which fixes a critical timing issue, then the 52 patch will have Spectre microcode as well as a critical hardware fix. What's the user going to do then ? How is Intel's good work, going to get delivered ? it's a soap opera. Run by chicken ****s. Sooner or later, someone has to admit that "security costs". There is a cost to protecting you. Your games are going to play 3 FPS slower. In order that the same computer can web surf and run Javascript safely. Suck it up. Paul |
#5
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
On 12/01/2018 2:48 PM, Paul wrote:
Maurice Helwig wrote: I currently look after six computers where I do some volunteer work. With the update problems over the past two years I have put all out computers on manual update and watch https://www.askwoody.com/category/mi...ches-security/ website for problems. I t is a poor state that MS have got themselves into when it comes to having to do this. The computers are all Intel processors, OEM windows 7 pro OS, Avast (Free) antivirus Early this month Avast antivirus updated and put the following key into the registry -- REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft \Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. We also have a Windows Home Server 2011 on the network. It has run without Antivirus from the beginning as Avast did not have an Antivirus that would run on WHS2011. It has not been offered the KB4056894 update as the registry key is absent, no antivirus -- no registry key. Question 1 -- Can I manually put the key into the Server Registry so that it will be offered the KB4056894 update too, or is this really necessary. Question 2 As this update is said to slow down computers, is it really necessary to install it at all on any of the computers. Question 3 How do I, or can I, modify the registry key to stop the KB4056894 update being offered to the computers. My wife's has a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. The KB update is reported as BOSD'ing this ( See link above ) Any answers, offers to buy MS, or observations etc would be gratefully received. The purpose of the registry key, is a communication between a third-party AV and the OS. If you're *not* using a third-party AV, then Microsoft knows Windows Defender is ready for the update, and so the OS will receive the update. But if you jammed in an update, where a third-party AV was not ready for it, it can cause system files to be quarantined. Setting the flag above means "we know you're about to mess with stuff that would set off our heuristic detection". If you are using a third-party AV, then the flag is a gating item. And the OS knows whether a third-party AV is present, because yet another registry entry turns off Windows Defender. This process should be fully automated. You could try catalog.update.microsoft.com and attempt to download and install the update. The .msu file you download, has rudimentary protection where it checks dependencies before it installs. For example, if you download the 32 bit version, and try to install it on a 64 bit OS, it will say "update is not for this computer". I would expect the above Registry key to be encoded in the .msu, so it delivers a snotty message if a dependency it needs, hasn't been met. Remember - you can do anything you want, if you have backups. Right ? You should have a backup of C: and System Reserved, just in case... ** Paul Yes Macrium Reflect backups in place. It is interesting that the server has never had a 3rd party Antivirus installed neither the registry key is present and the KB4056894 update has not been offered yet. -- ~~~~~~~~~~~~ Maurice Helwig ~~~~~~~~~~~~ |
#6
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
"Paul" schreef in bericht
news Maurice Helwig wrote: I currently look after six computers where I do some volunteer work. With the update problems over the past two years I have put all out computers on manual update and watch https://www.askwoody.com/category/mi...ches-security/ website for problems. I t is a poor state that MS have got themselves into when it comes to having to do this. The computers are all Intel processors, OEM windows 7 pro OS, Avast (Free) antivirus Early this month Avast antivirus updated and put the following key into the registry -- REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft \Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. We also have a Windows Home Server 2011 on the network. It has run without Antivirus from the beginning as Avast did not have an Antivirus that would run on WHS2011. It has not been offered the KB4056894 update as the registry key is absent, no antivirus -- no registry key. Question 1 -- Can I manually put the key into the Server Registry so that it will be offered the KB4056894 update too, or is this really necessary. Question 2 As this update is said to slow down computers, is it really necessary to install it at all on any of the computers. Question 3 How do I, or can I, modify the registry key to stop the KB4056894 update being offered to the computers. My wife's has a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. The KB update is reported as BOSD'ing this ( See link above ) Any answers, offers to buy MS, or observations etc would be gratefully received. The purpose of the registry key, is a communication between a third-party AV and the OS. If you're *not* using a third-party AV, then Microsoft knows Windows Defender is ready for the update, and so the OS will receive the update. But if you jammed in an update, where a third-party AV was not ready for it, it can cause system files to be quarantined. Setting the flag above means "we know you're about to mess with stuff that would set off our heuristic detection". If you are using a third-party AV, then the flag is a gating item. And the OS knows whether a third-party AV is present, because yet another registry entry turns off Windows Defender. This process should be fully automated. You could try catalog.update.microsoft.com and attempt to download and install the update. The .msu file you download, has rudimentary protection where it checks dependencies before it installs. For example, if you download the 32 bit version, and try to install it on a 64 bit OS, it will say "update is not for this computer". I would expect the above Registry key to be encoded in the .msu, so it delivers a snotty message if a dependency it needs, hasn't been met. Remember - you can do anything you want, if you have backups. Right ? You should have a backup of C: and System Reserved, just in case... Paul Yesterday I got an extensive program update from Comodo internet security on both computers. Today I got the KB4056894 -- Spectre and Meltdown Update from MS and it installed without problems. Without any previously added registry key... -- |\ /| | \/ |@rk \../ \/os |
#7
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Paul wrote:
Good Guy wrote: On 12/01/2018 02:05, Maurice Helwig wrote: A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. My personal opinion is to wait for two more weeks until Intel comes out with its own patch. They are on record to fix this within 10 days so I'll wait for their patch. There is nothing Microsoft can do about problems with the hardware. This bug is in the hardware not in the operating system so why try to apply an OS fix when hardware fix will be released soon. Intel will release a software patch to fix old hardware so you'll need to install them. Microsoft fix may not be the right one for anybody IMO. If, however, you want to do something to pass your time then apply Microsoft patch and see if it works for you or not. The next installment of the soap opera is here. https://arstechnica.com/gadgets/2018...t-performance/ From the comment section of that article, comes this. https://support.lenovo.com/us/en/solutions/len-18282 "Withdrawn Broadwell & Haswell CPU Microcode Update: Intel provides the CPU microcode updates required to address Variant 2, which manufacturers like Lenovo then incorporate into their UEFI firmware. Intel has notified manufacturers of quality issues in the initial Broadwell and Haswell microcode updates with instructions to no longer distribute the affected microcode. As such, Lenovo has withdrawn previously issued UEFI firmware containing the affected Broadwell and Haswell CPU microcode. We will issue revised UEFI firmware updates as soon as possible following Intel’s release of revised Broadwell and Haswell CPU microcode. Servers affected by this issue are noted, below, as “Earlier update X withdrawn due to a microcode quality issue.” Per Intel, customers that have already installed the prior firmware update and are not experiencing difficulties can continue to use that firmware update. There is no need to roll back to a prior release. " https://newsroom.intel.com/news/inte...reboot-issues/ "We have received reports from a few customers of higher system reboot rates after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue. " Soap opera. Paul |
#8
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
On Fri, 12 Jan 2018 13:33:28 -0500, Paul wrote:
Soap opera. Paul Let me ask a silly question. If we can update the microcode in our CPU chip, why do we need the KB4056894? It sounds like you're saying we should flash a new BIOS, and then the CPU microcode will be done for us. Do I understand you correctly? And if so, where would we look for the new BIOS -- Intel, computer manufacturer (Dell, in my case), or ... ? And, by the way, is there any way within Windows to find out which BIOS version I have? I couldn't locate it in Device manager. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#9
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
On Sat, 13 Jan 2018 15:09:40 -0500, Stan Brown
wrote: And, by the way, is there any way within Windows to find out which BIOS version I have? I couldn't locate it in Device manager. The program "Speccy" can be downloaded from Piriform, either as an installable program or as a portable version. This program will tell you a lot of info about your PC, including BIOS version. |
#10
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Stan Brown wrote:
On Fri, 12 Jan 2018 13:33:28 -0500, Paul wrote: Soap opera. Paul Let me ask a silly question. If we can update the microcode in our CPU chip, why do we need the KB4056894? It sounds like you're saying we should flash a new BIOS, and then the CPU microcode will be done for us. Do I understand you correctly? And if so, where would we look for the new BIOS -- Intel, computer manufacturer (Dell, in my case), or ... ? And, by the way, is there any way within Windows to find out which BIOS version I have? I couldn't locate it in Device manager. Meltdown can be patched from the OS. Spectre, first level patch is via the browser. That removed the most dangerous attack surface first. Firefox 57.0.4 for example, has protection against sidechannel (timing) attacks on Javascript arrays. Users are most likely to gain the benefits of this, if they haven't meddled with the auto-updater on their browser. But the Branch Target Buffer is another place for the attack to happen, and the involved companies want a more generic protection so that it won't matter whether Notepad has an issue or whatever. By using the hardware protection against Spectre, that knocks out a whole bunch more attack surface. And that means the BIOS flash. Only the more modern processors (Skylake, Kaby Lake, Coffee Lake, Ryzen) have added features which modify the behavior on speculative branching. The older processors don't have any programmability in the BTB. It almost suggests that some architects *did* notice there was a potential for trouble, even without identifying the exact exploit. I don't know what can be done for the older processors. My initial thoughts on the matter, is microcode could be used to *completely shut down* the acceleration features in a pipeline, which would absolutely ruin the processor (drop to 50% speed). I wasn't aware that the BTB had all these whizzy screwdriver adjustments fitted to it. The notion of having a PID for the BTB, and only cleaning PID specific sections of the BTB. The Intel processor has 1000 instructions, and only a glutton for punishment reads the *4000* page document with the details. The file was machine generated in part, which makes it particularly hard to read (a human author would have tried to group things in a more logical way, for easy reader consumption). The compiler writers only use 30% of the instruction set. The other 70% would only be generated by hand coding in assembler. The OS writers turned up their noses at the PID tweak, considering it too messy to implement. Now they have an incentive to work on it. I also haven't seen a statement as to what the Intel microcode patch hopes to achieve, and what it is adjusting. Obviously, it can't be the "hammer flavor" of fix, just turning off speculation entirely. It has to be a more nuanced fix, whatever it is. https://arstechnica.com/gadgets/2018...t-performance/ Paul |
#11
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Monty wrote:
On Sat, 13 Jan 2018 15:09:40 -0500, Stan Brown wrote: And, by the way, is there any way within Windows to find out which BIOS version I have? I couldn't locate it in Device manager. The program "Speccy" can be downloaded from Piriform, either as an installable program or as a portable version. This program will tell you a lot of info about your PC, including BIOS version. This^^. Also, it's a very good idea to check the manufacturer's support site regularly for BIOS, driver and system utility updates. I have Lenovo System Update runs as a scheduled job on my Thinkpad E560. It alerted on Wednesday, Jan. 10, that Lenovo had released a BIOS / Embedded controller update specifically related to Meltdown / Spectre problem. |
#12
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
On 13/01/2018 20:09, Stan Brown wrote:
Let me ask a silly question. If we can update the microcode in our CPU chip, why do we need the KB4056894? There are multiple vulnerabilities. Many people with older hardware won't be able to update their microcode and updating the microcode doesn't fix all the vulnerabilities anyway. -- Brian Gregory (in England). |
#13
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Brian Gregory wrote:
On 13/01/2018 20:09, Stan Brown wrote: Let me ask a silly question. If we can update the microcode in our CPU chip, why do we need the KB4056894? There are multiple vulnerabilities. Many people with older hardware won't be able to update their microcode and updating the microcode doesn't fix all the vulnerabilities anyway. The diff on the latest Intel Microcode release looks like this. Each Intel release gives microcode all the way back to a Pentium. However, like an NVidia or ATI video driver, "old" hardware doesn't receive new updates. When this list is prepared, it's a "diff" against the previous release. That means, since 20171117, the following processors received new microcode. The other processors would get the same old, smelly microcode they always got :-) Intel Processor Microcode Package for Linux 20180108 Release -- Updates upon 20171117 release -- IVT C0 (06-3e-04:ed) 428-42a === my CPU barely made the list (Launch Date Q3'13) SKL-U/Y D0 (06-4e-03:c0) ba-c2 BDW-U/Y E/F (06-3d-04:c0) 25-28 HSW-ULT Cx/Dx (06-45-01:72) 20-21 Crystalwell Cx (06-46-01:32) 17-18 BDW-H E/G (06-47-01:22) 17-1b HSX-EX E0 (06-3f-04:80) 0f-10 SKL-H/S R0 (06-5e-03:36) ba-c2 HSW Cx/Dx (06-3c-03:32) 22-23 HSX C0 (06-3f-02:6f) 3a-3b BDX-DE V0/V1 (06-56-02:10) 0f-14 BDX-DE V2 (06-56-03:10) 700000d-7000011 KBL-U/Y H0 (06-8e-09:c0) 62-80 KBL Y0 / CFL D0 (06-8e-0a:c0) 70-80 KBL-H/S B0 (06-9e-09:2a) 5e-80 CFL U0 (06-9e-0a:22) 70-80 CFL B0 (06-9e-0b:02) 72-80 SKX H0 (06-55-04:b7) 2000035-200003c GLK B0 (06-7a-01:01) 1e-22 My CPU definitely doesn't have all three Branch Target Buffer features. Maybe mine only has one of them. Only one of my computers in the house, is affected. That patch wouldn't touch any of my P4 machines. In Windows 10, if I run the Intel Processor Identification Utility, it reads out right now "428". That means Microsoft has not put 42A in the OS microcode loader (as they stated publicly would be their policy). Now, in theory, if I were to install Ubuntu 17.10, click the Software Updates button, suck in a new kernel, reboot, then dmesg | grep -i microcode should state "42A", as Ubuntu has shipped the Jan8 update to microcode, in the OS. And I found at least one hint, that for VirtualBox, a Linux Host behaves differently than a Linux Guest. The Linux Guest can detect paravirtualization, knows it is "inside" VirtualBox, and under those conditions, when it's patched up, it will *not* force microcode into the CPU. Consequently, a Windows 10 user with VirtualBox, with Ubuntu 17.10 as a Guest, will find their Intel PIU reporting "428". Apparently, about ten years ago, at the start of paravirtualization detection code development, someone figured out it would be dumb for a Guest to do that to the machine :-) Good call. The Intel PIU will also give the "063e 04" part, so you can check the above list, and see if you need to do any delta analysis (like if you're dual booting Win10/Ubuntu 17.10 say, and want to see if Linux is patching the microcode). The microcode can also be patched via a BIOS flash update, when your motherboard maker is ready. And when the "noise on the street", indicates it is safe to do that. The microcode for Broadwell (BDW) and Haswell (HSW) was withdrawn, due to some kind of reboot problem (on Lenovo). With no details on what the issue is, it's pretty hard to give advice on that one. Paul |
#14
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
On 12/01/2018 12:05 PM, Maurice Helwig wrote:
I currently look after six computers where I do some volunteer work. With the update problems over the past two years I have put all out computers on manual update and watch https://www.askwoody.com/category/mi...ches-security/ website for problems. I t is a poor state that MS have got themselves into when it comes to having to do this. The computers are all Intel processors, OEM windows 7 pro OS, Avast (Free) antivirus Early this month Avast antivirus updated and put the following key into the registry -- REGKEY on the machine Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft \Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000” A few days later KB4056894 was offered for update. I am waiting before I apply the update as there seems to be problems with the update and I understand that MS have modified it a couple of times all ready. We also have a Windows Home Server 2011 on the network. It has run without Antivirus from the beginning as Avast did not have an Antivirus that would run on WHS2011. It has not been offered the KB4056894 update as the registry key is absent, no antivirus -- no registry key. Question 1 -- Can I manually put the key into the Server Registry so that it will be offered the KB4056894 update too, or is this really necessary. Question 2 As this update is said to slow down computers, is it really necessary to install it at all on any of the computers. Question 3 How do I, or can I, modify the registry key to stop the KB4056894 update being offered to the computers. My wife's has a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. The KB update is reported as BOSD'ing this ( See link above ) Any answers, offers to buy MS, or observations etc would be gratefully received. Another Question while I wait for this mess to resolve -- If I hide the KB4056894 Update will it present itself again, or will it be rolled up into February's 2018 Updates when they are released. If they are rolled up into February's Updates, then they will be installed whether I like it or not. I am at the point of turning off updates all together -- the last two years have been a real mess. Patience is a virtue!!!!!!!!!!!! Maurice Helwig |
#15
|
|||
|
|||
KB4056894 -- Spectre and Meltdown Update
Maurice Helwig wrote:
Another Question while I wait for this mess to resolve -- If I hide the KB4056894 Update will it present itself again, or will it be rolled up into February's 2018 Updates when they are released. If they are rolled up into February's Updates, then they will be installed whether I like it or not. I am at the point of turning off updates all together -- the last two years have been a real mess. Patience is a virtue!!!!!!!!!!!! Maurice Helwig They have a bulletin about AMD crashes. There should be new KB numbers (and obviously, a cumulative in a few weeks time is going to include the "success" patch not the "fail" patch). https://support.microsoft.com/en-us/...-based-devices https://support.microsoft.com/en-us/help/4056897 January 3, 2018—KB4056897 (Security-only update) Microsoft has received reports from some customers about AMD devices getting into an unbootable state This issue is resolved in KB4073578. https://support.microsoft.com/en-us/...ws-server-2008 Summary An update is available to fix the following issue that occurs after you install January 3, 2018—KB4056897 (Security-only update) or January 4, 2018—KB4056894 (Monthly Rollup): "AMD devices fall into an unbootable state" Go here, and install this. This assumes you have an AMD processor or some sort. There was one report of an Intel processor doing this too, for whatever amusement that is worth. http://www.catalog.update.microsoft....px?q=KB4073578 2018-01 Update for Windows 7 for x64-based Systems (KB4073578) Windows 7 Updates 1/12/2018 n/a 66.9 MB Download Too bad the description is so terse. And there are maybe 3000 files inside that thing, so hard to spot a "theme" in terms of what they're trying to fix with that one. I can't tell if that replaces the other one, or irons out a driver bug. You could try MBSA 2.3 security analyzer, to see what Windows Update might try to bring in. Or, do a backup (offline), go online, install '578, reboot, then go to Windows Update and see what it proposes to install after that. If it "looks bad", you always have your backup to return you to the state you're in right now. So the message is, the AMD bug has some sort of workaround, but I don't have any info on the root cause, and the KB itself is so devoid of info, I might as well be asking a large rock for information. Paul |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|