Spectre – Meltdown - MS Bluescreen - Microsoft says AV producer has to Set Registry Flag

06.01.2018, 01:33 CET, Europe

Do not set the specific Registry key that Microsoft announced a few days ago manual until you checked 100% and understood what it does. This was wrongly interpreted and understood by several blogs and even larger news agencies. The way it should be done (As seen by Microsoft on Friday) is that the Antivirus producer will set the specific registry flag key which will make the Update available to you by download from Windows Update direct. You can also download from Windows Update catalog if you did this THEN (This weekend) on one machine. We recommend waiting with patching W7/W10 until Monday and this is clearer.

From our point of view it's unclear as example what people with W10, 1709 Fall Creators Update with Edge in Hypervisor Sandbox and Windows Defender should do (And thus no other AV software)?

There all comes from Microsoft? Anybody seen that update there?

Attention:

Microsoft clearly states that there have been Bluescreen on some machines. A thing most of you forgot and did not see since years. Several blogs the specific update caused problems even while installing. They only way to install it via wusa.exe and command line PLUS at the end kill server hanging tasks with scripts.

Note Customers will not receive the January 3, 2018, security updates and will not be protected from current security vulnerabilities unless their antivirus software sets the following registry key:

Microsoft has identified a compatibility issue with a small number of antivirus software products.

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.

If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.

Microsoft is working closely with antivirus software partners to ensure that all customers receive the January Windows security updates as soon as possible.

More Information

Note Customers will not receive the January 3, 2018, security updates and will not be protected from current security vulnerabilities unless their antivirus software sets the following registry key:

Since we recommend Mcafee here is there actual list which runs fine with the Update.

Mcafee 06.01.2018

The following products have been tested and are confirmed as compatible

Testing is ongoing for all McAfee products and no compatibility issues with the Microsoft update have been found so far. We expect all of our testing to be complete on endpoint products by End of Day Monday, January 8th.

* Data Exchange Layer (DXL) 3.1.0 and later

* Data Loss Prevention 9.4 and later

* Drive Encryption 7.0 and later

* ePolicy Orchestrator 5.9 and later (Sadly no Enterprise runs 5.9 ;-)

* Endpoint Security 10.2 and later

* File and Removable Media Protection 5.0.4 and later

* Host IPS 8.0 Patches 4, 7, 9, 10

* McAfee Active Response 1.1 and later

* McAfee Agent 4.8 Patch 3 and later

* McAfee Application Control 6.2.0 and later

* McAfee Client Proxy 1.2 and later

* MOVE 4.5 and later

* Native Encryption (MNE) 4.0 and later

* SiteAdvisor Enterprise 3.5 Patch 5 and later

* System Information Reporter (SIR) 1.0.1 and later

* Threat Intelligence Exchange (TIE) Client for VSE 1.0.2 and later

* VirusScan Enterprise 8.8 Patches 4, 8, 9, and 10

* VirusScan Enterprise for Storage 1.2 and later