Microsoft said to withdraw Meltdown fix
Efforts to patch the Meltdown and Spectre kernel memory vulnerabilities have hit a hitch after multiple security updates were reportedly put on hold.
The Australian Cyber Security Centre (ACSC) has advised that reports are circulating indicating that Microsoft is no longer offering important security patches for the two vulnerabilities following reports that multiple antivirus products are incompatible with the updates.
The reports suggest that Microsoft is withdrawing the patches until security vendors certify their wares as compatible.
The centre is recommending that Australian organisations consult both Microsoft's support website and that of their OEM device manufacturers and security product vendors for advice relating to patching the vulnerabilities.
Meanwhile Intel has reportedly been forced to tell some customers not to apply the patches it has issued to fix the vulnerabilities due to bugs in the microcode updates.
These customers include PC makers and large cloud providers and the warnings were issued after feedback indicating that the updates had caused some machines to reboot unexpectedly, according to the Wall Street Journal.
At least one Intel partner has expressed concern that the disclosure of bugs in the updates had only been issued to Tier-1 companies, leaving smaller players to deal with the fallout.
The developments follow last week's disclosure of Meltdown, a vulnerability that can allow malicious programs to access the memory storage of other programs and the operating system of an Intel device, and Spectre, a vulnerability allowing access to protected memory of other applications running on Intel, AMD and ARM chips.
Earlier this week the ACSC affirmed its advice that organisations should patch the two vulnerabilities as soon as possible.
Despite speculation that certain patches for the vulnerabilities adversely impact system performance, the ACSC insisted that for everyday users, the impact of applying patches is unlikely to be noticeable. Any performance hit is also justified by the improved security.
Organisations of every size across every industry have had to evolve their security practices to...
In today's business landscape, perimeter-based security is no longer sufficient.
Businesses across Australia and New Zealand continue to be targeted by cybercriminals as...