Microsoft Suspends Patch Release for 'Meltdown' and 'Spectre' Security Flaws
Microsoft has temporarily called off the release of the patch that would resolve the Meltdown and Spectre security flaws on computers powered by processing chips from various manufacturers.
2018 had just started when a group of researchers revealed that leading computer chip makers had been issuing products with the Meltdown and Spectre vulnerabilities for the last couple of decades.
As explained by the security researchers, the Meltdown vulnerability was named as such because it "basically melts security boundaries which are normally enforced by the hardware." Meanwhile, the Spectre bug permits "an attacker to trick error-free programs" which can result to data exposure. They also explained that Spectre gained its name since "it is not easy to fix."
Microsoft was one of the early technology companies to issue a patch. However, they recently needed to suspend its release after reports came in that the security update issued on Jan. 3 was not compatible with a "small number" of antivirus programs.
In a statement, Microsoft explained: "The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory." The said problem makes affected computers unable to reboot.
However, the suspension of the security patch rollout does not affect all Windows users. Microsoft added that the Jan. 3 update would still be available to machines with antivirus programs that are compatible with the January 2018 security update, which consists of Windows Defender Antivirus, System Center Endpoint Protection, and Microsoft Security Essentials.
Windows users are advised to confirm with their antivirus provider if they can install the Jan. 3 update without stumbling on some errors.
Meanwhile, the company promised: "Microsoft is working closely with antivirus software partners to ensure that all customers receive the January Windows security updates as soon as possible."
Adding to the known issues of the security patch, Microsoft also confirmed that a number of users with AMD chips have reported seeing their computer in "an unbootable state" after installing the Jan. 3 update.
Microsoft then explained to The Verge: "Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown."
The discovery of the Meltdown and Spectre flaws is a concern in itself. However, it is worsened by the fact that the security patches required to fix them might slow down CPU speeds, especially in computers with older chips.