Microsoft Delivers An Emergency Windows Update To Disable Its Own 'Spectre' Patch

It seems like the Spectre and Meltdown vulnerability is not going to leave the system users and makers so easily. Microsoft has just released an unplanned update for the Windows to disable the mitigation for Spectre bug that it has deployed earlier. The update comes after Intel circulate a notice to the makers for not deploying the Spectre patch. On 22 Jan, Intel shared that the Spectre mitigation or patch is causing the system instability.

Intel released a notice for the Windows users conveying them that the firm knows about the system vulnerability patches are affecting the systems. According to the company, the patch was found with an unexpected number of reboots with unpredictable system instability. The chip maker shared its report over the system update and warned the users about it. After the Intel’s alarming notice Microsoft released the Windows update last weekend and ask the users to disable the patch. The new update that the company has released automatically disables the patch and stops the system from getting unstable.

“While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 - 'Branch target injection vulnerability.' In our testing, this update has been found to prevent the behavior described” Microsoft posted in the printed document. Microsoft also shared that the system instability due to the mitigations can also cause data loss and corruption. Along with the automatic disable update the company has also shared manual instruction of turning off the Spectre defense. The instructions include Keys that IT administrators can use to enable or disable the mitigation by entering into the Windows registry.

The issue started after the Google researchers have revealed the hardware vulnerabilities in the processors and operating systems used by the majority of users. Afterwards, the software makers and OS manufacturers started deploying the update with vulnerability mitigations one by one. When Some of the users complained about the rebooting issue, Intel looked down to the update and discovered that the last update against the vulnerability is causing system problems. The latest discovery by Intel over the Spectre patch and Microsoft asking to disable the defense puts a real question on the user’s security against these vulnerabilities.

With the Windows update, Microsoft also assured its users by saying "We recommend Windows customers, when appropriate, re-enable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device”.