Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key (bleepingcomputer.com)

Posted by msmash on from the my-way-or-highway dept.

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has added a new and very important detail on the support page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches. According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches. The way antivirus programs become compatible is by updating their product and then adding a special registry key to the Windows Registry. The presence of this registry key tells the Windows OS the AV product is compatible and will trigger the Windows Update that installs the Meltdown and Spectre patches that address critical flaws in the design of modern CPUs.

21 of 136 comments (clear)

  1. Something wrong here by onyxruby · · Score: 3, Interesting

    Microsoft finally comes up with a way for the user to potentially have some level of control over their patches. All you have to do is mess around with a registry key and forgo all patches altogether. People have been demanding to have some level of control and this is what Microsoft comes up with...

    1. Re:Something wrong here by dkone · · Score: 3, Informative

      You do know that you can just disable the Windows Update service right? That was a 'feature' that you were able to implement from day one.

    2. Re:Something wrong here by StormReaver · · Score: 5, Informative

      You do know that you can just disable the Windows Update service right?

      Microsoft frequently ignores that setting.

    3. Re:Something wrong here by thegreatbob · · Score: 3, Informative

      Disable wuauserv, dosvc, and bits.... it's going to have an awfully hard time doing anything after that. I haven't found it to be able to re-enable itself under those conditions. Exception might be if it had updates queued during the next shutdown, though I'm not certain.

      --
      There is no XUL, only WebExtensions...
    4. Re:Something wrong here by Anonymous Coward · · Score: 2, Interesting

      I do the same, but Windows does periodically reenable them.

  2. Windows Server by DigiShaman · · Score: 4, Informative

    Remember,

    For Windows Server, you will need to also set the following three registry keys to enable post patch install. With Windows Home/pro, it's already enabled after installation.

    For Windows Server.

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f

    To Validate status, you can run the PowerShell command Get-SpeculationControlSettings.

    If Windows 10 or Server 2016, you can skip the first step.

    1. Set-ExecutionPolicy Bypass
    2. Install-Module SpeculationControl
    3. Get-SpeculationControlSettings
    You will now see results.
    4. Set-ExecutionPolicy Restricted (to protect the system via securing powershell again)

    Good luck. Be sure to apply BIOS updates when and if applicable to stave off Spectre

    --
    Life is not for the lazy.
  3. What if you don't an AV? by Anonymous Coward · · Score: 3, Interesting

    Who runs AV's anyway?

  4. Legitimate decision. by Gravis+Zero · · Score: 5, Interesting

    It pains me to side with Microsoft but their decision here is a good and legitimate one.

    The key to it's legitimacy is this quote:

    There is a problem where some anti-virus vendors are using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes.

    --
    Anons need not reply. Questions end with a question mark.
  5. Re:Now windows malware will mess with that key to by jawtheshark · · Score: 2, Interesting

    I came to say exactly this. I have no idea how they are going to protect it from a program that acquires root (Admin) privileges somehow. A Malware program that installs itself, has these kind of rights.

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
  6. Re:Now windows malware will mess with that key to by Deathlizard · · Score: 2

    Apparently This is a temporary solution according to Microsoft.
    https://support.microsoft.com/...

    Q3: How long will Microsoft require setting a registry key to receive the January 3, 2018, security updates?

    A3: Microsoft added this requirement to ensure customers can successfully install the January 2018 security updates. Microsoft will continue to enforce this requirement until there is high confidence that the majority of customers will not encounter device crashes after installing the security updates.

    --
    In Soviet Russia, Trojan exploits YOU!
  7. Re:not timely slashdot by DigitAl56K · · Score: 2

    1. Since when was Slashdot ever timely?

    2. I've skimmed a bunch of Spectre and Meltdown articles, haven't seen the registry key mentioned before now.

  8. Re:Now windows malware will mess with that key to by hairyfeet · · Score: 2

    So the better solution is to let the AV trash the OS so the user gets a BSOD on reboot? The reason they are requiring this is because if the AV isn't patched it trashes the update and leaves the OS unbootable. I'm sure once the majority of AVs push out a patch (which lets be honest an AV that doesn't push out some updates to deal with Meltdown is a truly shit AV) they will simply remove this requirement from the patch.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  9. Re:Now windows malware will mess with that key to by bondsbw · · Score: 4, Insightful

    You have bigger problems than a registry key if the malware has root.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  10. Re:No AV - No Updates? by sinij · · Score: 4, Funny

    So what happens if I don't install any AV-product and also don't use the Microsoft AV-Solution?

    It is highly unreasonable to expect MS to be able to patch your Linux box. :P

  11. Re: As a Linux user by Anonymous Coward · · Score: 2, Insightful

    sudo yes > /dev/hda

    Nope, first of all /dev/hda won't exist, we moved on to sda and mmcblk a good decade ago. But more importantly the sudo applies to the yes command, not to the redirect, so all you are doing is running 'yes' as root and then trying to write to the dev as an ordinary user.

  12. Re:Now windows malware will mess with that key to by Bert64 · · Score: 2

    If the malware is already installed, then its in their interest to ensure your system gets updates so it's less likely to get infected by any competing malware...

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  13. Re:Now windows malware will mess with that key to by lgw · · Score: 2

    Once a machine has a root kit installed , the game is lost. You can't remove rooted malware from the same machine. You might be able to clean the disk from a different machine, maybe, if it's low-rent malware. Of course, the Snowden leaks included NSA malware that lives in the BIOS of the drive, so it might just root the second system. Thanks NSA.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  14. Re:Now windows malware will mess with that key to by Skuld-Chan · · Score: 4, Informative

    If malware can set this reg key - your machine is already done (its only writable by system/admin).

  15. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  16. Re:Now windows malware will mess with that key to by Hal_Porter · · Score: 2

    You can actually make a case that a lot of security/antivirus products rather than protecting from malware, are actually malware.

    They

    1) Cause other programs to stop working or even the OS not to start
    2) Run with very high privilege levels
    3) Are unnecessarily hard to remove
    4) Disable Windows Defender
    5) Often mess with Windows Update.

    It's like this sad tale of becoming what you most fear and are trying to stop.

    .

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  17. So.. by xlsior · · Score: 2

    ... Going forward the end user (or whatever malware on their machine) can permanently disable windows updates by setting registry security to prevent such a key from getting created in the first place?