Patching for Meltdown/Spectre: Make sure your AV supplier has the key

The question of how fast to apply Microsoft’s January 3 patches for the Meltdown/Spectre processor vulnerability — and ones that may be issued today with the Patch Tuesday bundle — comes down to a number of factors, but perhaps the biggest is whether an organization’s anti-virus software will allow it.

We’ve already written that Microsoft warned AV makers its fixes may clash with their software. But according to a blog by infosec researcher and editor Kevin Beaumont, Microsoft has made it clear that unless AV providers certify their patches are certified compatible with its updates and adds a registry key NO Windows security fixes from now on can be installed. That key, which runs every time the product starts up, certifies their software is working with the CPU fixes.

The problem is some vendors are asking administrators to set the key rather than have their software do it automatically.

This impacts Windows Update, Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM), he writes.

Beaumont has compiled a spreadsheet of vendors that as of Monday, Jan 8 have or have not yet complied. Some require administrators to manually change the register key, while others say their fix is coming.

For example, in a  Jan. 5 advisory Cisco Systems says that the Microsoft patch has been tested and verified for compatibility for certain versions of its AMP for Endpoints Windows Connectors running on the public AMP Cloud. However, “customers will need to manually set the required compatibility registry key detailed in Microsoft KB4056892 after verifying all third-party endpoint security software installed on the endpoint is compatible.” Only then will the Microsoft security updates install.

Beaumont reminds CISOs that there are AV vendors and there are so-called next-generation endpoint solution providers who sometimes pitch themselves as supplements to anti-virus, but recently have been marketing themselves as AV replacements. Some of these vendors may require manual setting of a registry key to get Microsoft security updates from now on.

Beaumont’s list of those who have products that have not been certified and do not automatically fix the registry always changes. The message is administrators have to check with AV-related security suppliers to ensure future Microsoft security patches will be installed.

According to Beaumont’s list, as of the time of writing this story, providers whose products automatically apply the register change include Avast, AVG, Avira, EMSI, Eset, F-Secure, Kaspersky, Malwarebytes, Sophos and Symantec.

UPDATE: This morning Microsoft temporarily pulled nine Windows security updates with certain AMD processors after getting reports of some devices with CPUs from the manufacturer becoming unbootable after installing the fixes– even if they have compatiable AV software. “Microsoft determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft” for the mitigations, the company said.

To prevent AMD customers from getting into an unbootable state, Microsoft has temporarily paused sending the following Windows operating system updates to devices that have impacted AMD processors:

Microsoft said it is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices. 

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.