March 2018 Windows security update – Expanding our efforts to protect customers

Article by · March 13, 2018 ·

Earlier this month I shared news on Microsoft’s continuing efforts to help protect our customers against the Spectre and Meltdown hardware-based vulnerabilities. Today, we are announcing the expansion of devices covered by Windows security updates by removing the anti-virus compatibility check for Windows 10 devices, expanding the availability of Intel microcode updates in the Microsoft Catalog, and adding coverage for x86 editions of Windows 71 and Windows 8.1.

Expanding availability of Windows security updates based on broad anti-virus compatibility

Our recent work with our anti-virus (AV) partners on compatibility with Windows updates has now reached a sustained level of broad ecosystem compatibility. As we’ve previously detailed, some AV products had created compatibility issues with the Windows security updates, by making unsupported calls into the kernel memory, which required us to make AV compatibility checks to manage this risk. Based on our analysis of available data, we are now lifting the AV compatibility check for the March Windows security updates for supported Windows 10 devices via Windows Update. This change will expand the breadth of Windows 10 devices offered cumulative Windows security updates, including software protections for Spectre and Meltdown. We continue to require that AV software is compatible and in cases where there are known issues of AV driver compatibility, we will block those devices from receiving Windows updates to avoid any issues. I’ll share more details in the weeks ahead on AV compatibility for older versions of Windows, as we further our goal of broad ecosystem compatibility. We recommend customers check with their AV provider on compatibility of their installed AV software product.

Expanding the coverage of needed updates to address Spectre and Meltdown vulnerabilities

Today, we are also significantly expanding the Intel validated microcode updates we are making available via the Microsoft Catalog. The expanded set of Intel microcode updates covers a broad set of the latest generation Intel platforms including Skylake, Kaby Lake, and Coffee Lake devices, and is available for Windows 10 version 1709. We will continue to broaden the number of Intel microcode updates available via the catalog as they become available to Microsoft from Intel. A full list of available Intel microcode updates by Window 10 version can be found in KB4093836. We continue to partner closely with chipset and device makers as they offer more vulnerability mitigations2.

We are also adding to the breadth of Windows updates to help protect against these vulnerabilities. Today, we are adding software coverage for the Meltdown vulnerability for x86 editions of Windows 7 and Windows 8.1 and we continue to work to provide updates for additional supported versions of Windows. You can find more information and a table of updated Windows editions in our Windows customer guidance article.

Staying up to date

As always, we emphasize the importance of installing the latest Windows updates when prompted on your device, so you are on the most secure version of Windows 10, which is version 1709 (Fall Creators Update). As a reminder, Windows 10 version 1607 (Anniversary Update) will reach end of service and receive its final security update on April 10, 2018. If you see a reminder that the latest version is ready to install, we recommend you follow the steps to pick a time that works best for you or update immediately. If you have not received an update offer on an older version of Windows 10, you can always choose to install the Fall Creators Update from the Software Download Site. Servicing timelines for each version of Windows 10 are shared on the Windows Lifecycle Fact Sheet.

1 Windows 7 version SP1
2 Customers should check with their CPU (chipset) and device manufacturers on availability of applicable firmware security updates for their specific device, including Intel’s Microcode Revision Guidance.

Source:: Windows | Blog

    Leave a comment