Microsoft has issued an out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update is only needed if you installed the Intel BIOS/firmware update from the OEM
and you are experiencing reboot issues.
The update applies to Windows 7 Service Pack 1, Windows 8.1, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 10 Version 1703, Windows 10 version 1709, Windows Server 2008 R2, Standard Windows Server 2012 R2 Standard.
For those who need it, KB4078130 (https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2) is only available from the Microsoft Update Catalog (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4078130).
References
- Update to Disable Mitigation against Spectre, Variant 2 (https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2)
- Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners (https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/)
I've been affected by the reboot issues, so downloaded and installed, but according to InSpectre the registry update didn't take effect until after I rebooted.
InSpectre still showed I was 'protected' immediately after the installation (which I ran as administrator), but after a reboot it showed I was at risk. If the Microsoft bulletin mentioned you needed to reboot for things to take effect, I missed it.
FWIW, Woody's take: https://www.computerworld.com/article/3252025/microsoft-windows/windows-surprise-patch-kb-4078130-the-hard-way-to-disable-spectre-2.html
This patch is to remove protection. Because the protection patch caused issues for some. If you did not have issues, then don't install 4078130.
Unfortunately, you might not know you need this until the computer acts up. I'm still trying to figure out how to install a patch for a computer that won't boot. Any suggestions?
January 31, 2018—KB4058258 (OS Build 16299.214)
Applies to: Windows 10 version 1709
https://support.microsoft.com/en-gb/help/4058258/windows-10-update-kb4058258
Paddy.. :)
This shouldn't be so difficult. I should be able to go to Windows Update and get the updates I need, and not get the updates I don't need.
Difficult destination to reach, but this should be the destination. Not sure it is.
After downgrading my BIOS and applying this MS update, not a single BSOD in the past week. Fingers crossed :)
QuoteAfter downgrading my BIOS
WOW, that's a bit much just to apply a "fix".
How did you know you had to downgrade the BIOS?
I've touched the BIOS twice and I've owned 16 computers over the years. I've done that because on a computer, the manufacturer told me I had to. (Bought a computer with ME and to upgrade, free, to XP, I had to update the BIOS and remove some software). The 2nd instance was to solve a problem. I wanted to install Windows 2000 and the screen kept going black. At that time, they'd give a text file stating what each BIOS version did. I looked them over and I found the newest fixed the black screen issue when trying to install Windows 2000.
I finally have some information on a January patch I kept asking about. It came out on the 12th
If you own an older AMD processor (that applies to 2 of our 4 computers) you manually install4073578 on a Windows 7 SP1 computer before you install the security only rollup, 4055269.
I'll be imaging all the computers before I install any of the January patches. I do it this way when it is a bad patch month.
Quote from: plodr on February 06, 2018, 03:21:26 PM
QuoteAfter downgrading my BIOS
WOW, that's a bit much just to apply a "fix". How did you know you had to downgrade the BIOS?
... because the new BIOS update pushed by Intel to Lenovo was yanked after I had installed it, and Lenovo suggested the downgrade to folks having BSOD issues until Intel got things sorted out. Much like what Microsoft said in the link Corrine provided in the opening post ... "The update is only needed if you installed the Intel BIOS/firmware update from the OEM and you are experiencing reboot issues."
The alternative was random reboots, which were driving me crazy.
On a side note, the BIOS downgrade stopped a lot of the reboots, but not all of them. I guess some of the microcode in 2.46.1.13 didn't return to what was in 2.44.1.13. The addition of the MS update installation has so far stopped the BSODs.