Info surrounding Meltdown and Spectre fixes

Last Modified

Mon Dec 10 19:46 GMT 2018

Description

Here is some useful information surrounding Meltdown and Spectre fixes

Environment

N-able N-central

Solution

All the patches listed below by Microsoft do say that they should go through Windows Update.  This means that the agent should still detect and install these normally through detection and install process.
 
There are some known issues with these updates, so please take a moment to review each one.  There are a few problems, they are not the same for each OS version, so make sure to check other others.  The list below is for Windows 10 devices.
 
SymptomWorkaround
Update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the Reset this PC functionality after installing KB4054022.Note This workaround uses c:\temp and the x64 architecture as examples. Update these examples as appropriate for your environment.
  1. Download the appropriate version of KB4054022 for your device architecture from the Microsoft Update Catalog to c:\temp. Then run the commands in the steps below from the administrative command prompt.
  2. Expand the .msu file that you downloaded in step 1.

    mkdir c:\temp
    expand -f:* windows10.0-kb4054022-x64.msu c:\temp
  3. End the existing TrustedInstaller processes and install KB4054022 using the Deployment Image Servicing and Management tool.

    taskkill /f /im tiworker.exe
    taskkill /f /im trustedinstaller.exe
    dism /online /add-package /packagepath:c:\temp\Windows10.0-KB4054022-x64.cab
  4. (Optional) Delete the CBS logs from the Windows Logs directory.
del /f %windir%\logs\cbs\*.log
Microsoft is working on a resolution and will provide an update in an upcoming release.
Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select Check for Updates to confirm that there are no additional updates available.
You can also type About your PC in the Search box on your taskbar to confirm that your device is using OS Build 16299.125.
Microsoft is working on a resolution and will provide an update in an upcoming release.
When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions.Microsoft is working on a resolution and will provide an update in an upcoming release.
Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY.Contact your Anti-Virus AV to confirm that their software is compatible and have set the following  REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
 
 
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-meltdown-and-spectre-cpu-flaws/
 
Operating System VersionUpdate KB
Windows Server, version 1709 (Server Core Installation)4056892
Windows Server 20164056890
Windows Server 2012 R24056898
Windows Server 2012Not available
Windows Server 2008 R24056897
Windows Server 2008Not available
Windows 10 (RTM, 1511, 1607, 1703, 1709), Windows 8.1, Windows 7 SP1ADV180002  (Multiple KBs, it's  complicated)