{"id":11016,"date":"2018-01-05T08:30:18","date_gmt":"2018-01-05T16:30:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/05\/news-4787\/"},"modified":"2018-01-05T08:30:18","modified_gmt":"2018-01-05T16:30:18","slug":"news-4787","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/01\/05\/news-4787\/","title":{"rendered":"Win7 Monthly Rollup KB 4056894 signals early, abbreviated Patch Tuesday"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Fri, 05 Jan 2018 06:48:00 -0800<\/strong><\/p>\n

Last night Microsoft released KB 4056894<\/a>, the 2018-01 Security Monthly Quality Rollup for Windows 7. Spurred by early disclosure of the Meltdown and Spectre vulnerabilities<\/a>, Microsoft has done yeoman work getting the software part of the patches pushed out the Automatic Update chute.<\/p>\n

That said, Windows patches are only part of a very formidable picture.<\/p>\n

As of this morning, all of the supported versions of Windows have Meltdown-related patches, except for Windows 8.1. In particular:<\/p>\n

Win10 1709<\/strong> KB 4056892<\/a> is a true cumulative update in that it includes the Meltdown patches and a dozen or so additional fixes. Build 16299.192. The Update Catalog lists the usual Delta updates.<\/p>\n

Win10 1709 for ARM<\/strong> KB 4056892 is a surprise drop listed in the Update Catalog<\/a>, presumably covering the same ground as the Win10 1709 cumulative update.<\/p>\n

Win10 1703<\/strong> KB 4056891<\/a> is listed as a cumulative update, but apparently it only has one new patch, the Meltdown fix. Build 15063.850. Delta updates in the Catalog.<\/p>\n

Win10 1607 and Server 2016<\/strong> KB 4056890<\/a> also appears as a cumulative update, but the only new piece (per the documentation) is the Meltdown fix. Build 14393.2007.<\/p>\n

Win10 1511 LTSB<\/strong> KB 4056888<\/a> appears as a cumulative update, but only appears to have the Meltdown patch. Build 10586.1356.<\/p>\n

Win10 1507 LTSB<\/strong> KB 4056893<\/a>, on the other hand, has one additional fix, for a SmartCard memory spike. Build 10240.17738.<\/p>\n

Win8.1 and Server 2012 R2<\/strong> KB 4056898<\/a> is the January security-only patch, which must be manually downloaded and installed. It, too, contains\u00a0only the Meltdown fix. (There was no Preview Monthly Rollup in December.) I don\u2019t see any references to a Win8.1 Monthly Rollup \u2014 it\u2019s likely we\u2019ll see one sooner or later.<\/p>\n

Win7 and Server 2008 R2<\/strong>, on the other hand, have the usual two patches. KB 4056897 <\/a>is the security-Only (manual install) patch. KB 4056894<\/a> is the just-released January Monthly Rollup. Both of them appear to contain just the Meltdown patch. I don\u2019t see any other fixes listed.<\/p>\n

As always, there\u2019s an ongoing list of security-only, manually installable patches on @PKCano\u2019s AKB 2000003<\/a>.<\/p>\n

Several hitches, actually.<\/p>\n

The Windows patches for Meltdown won\u2019t install unless you\u2019re running an antivirus program that specifically tells the patch installer that it\u2019s ready for the Meltdown fix. You have to update your antivirus to a version that\u2019s Meltdown-patch-friendly before the Windows installer will even try to install the patch. Kevin Beaumor (@GossiTheDog on Twitter) is maintaining a lengthy list of antivirus programs that claim to be Meltdown-patch-friendly<\/a>. As of this moment, Windows Defender is on the all-clear list, as you would expect, but McAfee Endpoint, F-PROT, Trend Micro and Sophos do not. The situation is in a constant state of flux.<\/p>\n

But that\u2019s not all.<\/p>\n

The Windows patches are necessary, at some point, but they\u2019re dependent on the antivirus patches. Independently, you also have to patch your computer\u2019s firmware (flash the BIOS or UEFI), and the browser that you use should be hardened as well.<\/p>\n

Intel has reported<\/a> that it\u2019s working on firmware upgrades, but you usually have to get firmware fixes from your PC\u2019s manufacturer. As best as I can tell, none of the major manufacturers have Meltdown-hardened firmware upgrades available. Not even Microsoft, in spite of its promises<\/a>.<\/p>\n

All of this is taking place against a backdrop where there are no known exploits for either Meltdown or Spectre in the wild. There are some demos working in testing labs, and at least one published piece of exploit code. But nobody has yet identified even one piece of wild malware that takes advantage of either Meltdown or Spectre.<\/p>\n

There\u2019s a reason why. Meltdown and Spectre sound scary, and they are, but they don\u2019t deliver the kind of snooping information most malware authors want from a PC. There\u2019s a whole lot of exposure in the cloud, but the potential on a normal, everyday PC isn\u2019t nearly so great.<\/p>\n

Alasdair Allan (@aallan) tweeted it well<\/a>:<\/p>\n

So if you’re running a #cryptocurrency exchange you must be shaking with fear right now. Think about the implications of #meltdown and #spectre and all those wallet private keys going through memory. Target rich environment. If we see exploits, that’s where it’ll start.<\/p>\n

The high-stakes Meltdown and Spectre intrusions will happen on exchange sites \u2014 possibly banking and brokerage sites, too, where the benefits are enormous. The big exposure right now isn\u2019t on everyday PCs.<\/p>\n

That\u2019s why I\u2019m continuing to recommend that you hold off on applying this month\u2019s \u201cEarly Patch Tuesday\u201d patches. The pieces aren\u2019t all ready yet, and you\u2019re not in a high-risk situation. Unless you\u2019re running a crypto exchange site, anyway.<\/p>\n

If you do decide to go ahead and patch, for heaven\u2019s sake don\u2019t install any patches manually, and don\u2019t jimmy the registry entry to allow patching if your antivirus isn\u2019t up to the task. There\u2019s a reason why the patch installers balk at conflicting antivirus software.<\/p>\n

Have a question, observation or whinge? Drop by the <\/em>AskWoody Lounge<\/em><\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Fri, 05 Jan 2018 06:48:00 -0800<\/strong><\/p>\n

\n
\n

Last night Microsoft released KB 4056894<\/a>, the 2018-01 Security Monthly Quality Rollup for Windows 7. Spurred by early disclosure of the Meltdown and Spectre vulnerabilities<\/a>, Microsoft has done yeoman work getting the software part of the patches pushed out the Automatic Update chute.<\/p>\n

That said, Windows patches are only part of a very formidable picture.<\/p>\n

Where we stand with Windows patches<\/h2>\n

As of this morning, all of the supported versions of Windows have Meltdown-related patches, except for Windows 8.1. In particular:<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10761],"class_list":["post-11016","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11016"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11016\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}