More threads by David Baxter PhD

David Baxter PhD

Late Founder
Microsoft's latest Windows patch toggles off Spectre protections after Intel warns of reboots
by Mark Hachman, PCWorld
January 29, 2018

If you own a Windows PC that seems buggier than usual after the recent round of Spectre patches, you might want to download this.

If you’ve noticed any unexpected reboots or PC instability as a result of the recent Spectre patches, there’s a solution: Microsoft has issued a patch that rolls back the recent Spectre mitigations.
Confused? It’s a bit complicated. After the initial Spectre and Meltdown vulnerabilities were disclosed, both Intel and Microsoft hustled out patches to mitigate the problem. Unfortunately, Intel’s latest microcode updates—and the BIOS updates from PC makers based upon them—were themselves buggy, causing instability and reboots in some PCs.

The solution? Turn off the recent patches. Microsoft's latest patch (KB4078130) allows those with affected systems to download the patch via the Microsoft Update Catalog, which disables the mitigations for the “Spectre variant 2”.

Note that the patch notes specifically state that you should run this patch “if you are running an impacted device” (emphasis ours). In other words, if your system is working normally, don’t bother downloading this patch. This is what Microsoft calls an “out of band” patch, and it doesn’t appear that it will be made available via Windows Update, either.

Why should you consider it? Intel has warned previously that the faulty patch can sometimes cause data loss and corruption, and Microsoft is saying the same: “Our own experience is that system instability can in some circumstances cause data loss or corruption,” the patch notes state. As of January 25, Microsoft adds, there have been no reports to indicate that the Spectre 2 variant has been known to attack customers.

There’s another wrinkle, though. As part of the patch, Microsoft is allowing users to edit the Windows registry to toggle the mitigations on or off. (Instructions are here.) It’s possible to toggle Microsoft’s patch off, and then, when Intel solves its own patching problem, re-enable it. That scenario is actually what Microsoft recommends — again, only if you’ve noticed system instability and want to take action against it.
Toggling the mitigations on and off is also a feature of the latest InSpectre utility.

As Bleeping Computer noted, system makers such as Dell and HP also advise rolling back their own BIOS patches to an earlier version, which they’ve redeployed. It’s all horrendously confusing for consumers and IT organizations alike. Fortunately, at least, there haven’t been any public cases of these vulnerabilities being exploited.

What should you do? There’s no one-size-fits-all answer to this question. But we can tell you what we’re doing: if a PC is working as expected, we’re leaving it patched and in place. If you’re backing up your data (to the cloud or an external drive) chances are your data will be saved in case your system goes down unexpectedly. But there’s no perfect solution — if you’re more paranoid than we are, feel free to deploy the patch.
Replying is not possible. This forum is only available as an archive.