January 2018 Security Updates (Meltdown and Spectre)
Will you be adding the patches required to address the Intel (Meltdown and Spectre) vulnerability?
-
They addressed this in the webcast today. There is a LOT of speculation floating around the internet right now, and Microsoft is working on patches. Once they are available they will be released to the package library from what I understand.
This will likely have a Collection in Inventory as well if I know them. If not I'm sure one can be created and the XML posted here, but I will wait for an official response.
-
I just wanted to let everyone know that I am running ESET Endpoint Antivirus in our environment and they were one of the first companies to be compatible with the Microsoft patches released on 1/3. So I deployed the Windows 10 and Windows 7 cumulative patches from PDQ and 98% of my devices updated without an issue. However, the last 2% gave me a nice BSOD during the required reboot. After doing some research, I found that PCs with older AMD Athlon processors are having issues with this patch. So if you have old AMD devices in your environment, be careful deploying this patch or hold off altogether. Luckily, I was able to use System Restore to get the PCs up and running but it was still a headache! What bothers me even more is that these old devices are being replaced in about a month. Talk about bad timing!
-
Does anyone have any update on this? I'd like to be able to use PDQ Inventory to audit my estate and report those devices that have not been patched against Spectre and Meltdown. I can appreciate the patches themselves may not yet be available, but an audit would tell us how big the problem is and we could then manually patch critical systems.
Thanks
-
Before I deployed the Microsoft patches, I first created a new registry scan profile that searched for the following key and value name. If it existed, then I knew our anti-virus was compatible with the patches. I then created two collections; one for devices that did not contain this value and one that contained the value. Once I scanned all of my devices with the new registry scan profile, I was able to see which devices were compatible and which ones were not. This worked for me except for the few older AMD devices that gave me the BSOD.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc
-
Hi Daimon, that is exactly what I'm looking for, thanks. Although I was hoping PDQ would push something out via an update or whatever. Given the importance of this vulnerability I'd have thought the providers of all patch management solutions would have been falling over themselves to advertise that they have things in hand.
Cheers
Please sign in to leave a comment.
Comments
17 comments