Microsoft’s Windows Meltdown patch will not protect your security, if your antivirus software isn’t compatible.
Microsoft updated their support page to state that Windows computers will not be protected from security vulnerabilities unless their antivirus software is compatible with the Spectre and Meltdown patches.
Microsoft has been rolling out a series of patches since the first week of January for the Spectre and Meltdown design flaws in modern processors that potentially allow hackers to bypass system protections. These flaws affect a wide range of devices and allow hackers to read sensitive information from the memory. That sensitive information includes passwords and other potentially compromising information.
Recently, on their support page, Microsoft stated that new security patches would not be sent to computers running incompatible third party antivirus software.
“Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key…”
Windows systems will not be certified as compatible and will not receive future security updates until the antivirus vendor sets a specific key in the Windows registry.
What does this mean for you?
As of January 10, 2018, most antivirus software companies have updated their software to be compatible with Microsoft’s Windows security patches. However, some require manual registry key setting in order for Microsoft to view them as compatible.
The antivirus software we utilize, ESET, is compatible and your system is protected if ESET is installed.
If you are using a different antivirus software, you can view this list https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview created by Information Security Researcher Kevin Beaumont.
As always, if you have any concerns, give us a call here at RHYNO Networks and we’ll help you make sure that your system is secure.