News about the Meltdown and Spectre processor seems to be going from bad to worse, and over the weekend Microsoft had to release an emergency patch to disable patches for the Spectre bug.
The Windows Update (KB4078130) in question is something of a rarity, as not only did Microsoft rush it out over the weekend (rather than waiting until Tuesday, the usual day Microsoft releases updates), but it directly disables a security patch released by Intel.
This means that the issues the Intel patch caused were deemed more serious than the security vulnerabilities it was designed to fix – at least in the short term.
The issues Intel’s patch caused were revealed last week when Intel admitted that its was causing some machines to reboot unexpectedly.
Intel even warned users against downloading its own patch, with Intel EVP Neil Shenoy saying that “we recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions on specific platforms, as they may introduce higher than expected reboots and other unpredictable system behavior.”
Microsoft has clearly taken Intel’s advice, by stating that it had released the emergency patch to disable Intel’s Spectre patch because “our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22, Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution.”
According to Microsoft, this new patch “specifically disables only the mitigation against CVE-2017-5715”, which is the other, less catchy name for Spectre Variant 2.
If you’re not keen on removing the protection against Spectre, and feel like the possibility of system crashes is a price worth paying, then Microsoft has made it possible for users to manually disable and enable the mitigation against Spectre by changing registry settings.
Needless to say, this will be for advanced users only, but you can follow Microsoft’s instructions if you’re comfortable editing the registry.
Most users, however, should wait for a new patch from Intel that will mitigate against Spectre, without causing system instabilities. With Intel vowing to stop Meltdown and Spectre by the end of January, we hopefully won’t have too long to wait.