These patches are currently not available for all Windows versions, though, and all mitigations are disabled by default.
Only Windows 10, Windows Server 2016, Windows 7, and Windows Server 2008 R2 have received SpectreNG patches.
Meltdown and Spectre patching is a mess
Furthermore, because of a constant stream of Meltdown and Spectre patching that has been going on for the last six months, it’s been getting harder and harder for users to keep track of what patches they’ve received, what patch needs manual intervention, and which ones cause issues.
To help system administrators with these confusing issues, Microsoft has published a table yesterday that contains the status of each of the Meltdown and Spectre patches it released since January 3, this year.
Readers are advised that the table assumes they are running a Windows version with all the security patches installed and up to date, including yesterday’s June 2018 Patch Tuesday updates train.
If you’re running an OS version where patches are disabled by default, the user must visit the linked KB article for additional information on how to enable the associated mitigation, if the user deems it necessary and in his threat model.
|Operating System||CVE-2017-5715 (Spectre variant 2)||CVE-2017-5754 (Meltdown)||CVE-2018-3639 (Spectre variant 4 aka SpectreNG)|
|Windows 10||Enabled by default||Enabled by default||Disabled by default – see ADV180012|
|Windows Server 2016||Disabled by default – see KB4072698||Disabled by default – see KB4072698||Disabled by default – see ADV180012|
|Windows 8.1||Enabled by default||Enabled by default||Not applicable|
|Windows Server 2012 R2||Disabled by default – see KB4072698||Disabled by default – see KB4072698||Disabled by default – see ADV180012|
|Windows RT 8.1||Enabled by default||Enabled by default||Not applicable|
|Windows 7||Enabled by default||Enabled by default||Disabled by default – see ADV180012|
|Windows Server 2008 R2||Disabled by default – see KB4072698||Disabled by default – see KB4072698||Disabled by default – see ADV180012|
|Windows Server 2008||Enabled by default||Enabled by default||Not applicable|
Besides the above table, Microsoft has also admitted that some Meltdown and Spectre patches are still causing issues. Below is a list of known issues, which the company is currently working to address:
|KB4284880||Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface.|
|KB4284819||1) Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled.
2) When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:
|KB4284835||Some users running Windows 10 version 1803 may receive an error “An invalid argument was supplied” when accessing files or running programs from a shared folder using the SMBv1 protocol.|
|KB4284826||1) A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).
2) There is an issue with Windows and third-party software that is related to a missing file (oem< number >.inf). Because of this issue, after you apply this update, the network interface controller will stop working.
|KB4284867||Same as above.|