We are aware of the two recently discovered vulnerabilities, currently going by the names Meltdown and Spectre. These vulnerabilities affect most modern processors (including Intel and AMD), and allows an unauthorized process access to privileged system memory. Click here to see Microsoft’s Security Advisory for how to mitigate this attack.
At this point, there are no known exploits of this vulnerability; it has only been publically disclosed.
Microsoft has released a Security Only Update on January 3, 2018 to address this vulnerability for Windows devices, however:
1. There is a known compatibility issue with this patch and some Antivirus solutions, causing devices to experience a stop error (also known as blue screen errors) that make the device unable to boot. Click here to read more on this known Antivirus compatibility issue.
Because the list of Antivirus solutions with compatibility issues is not yet known, we DO NOT recommend that clients install this Microsoft update to their end client machines at this time.
We have confirmed with Webroot that they have tested the currently released versions of Webroot SecureAnywhere 9.0.18.xx and has confirmed compatibility with this patch, BUT Microsoft requires that a registry key is set before you do so. Additional information about why Microsoft requires this step can be found here. Within the next week, Webroot will be releasing a new SecureAnywhere version, 9.0.19.xx, that, along with a number of planned enhancements, will also set the REGKEY automatically. Until that version is available, we will set the REGKEY manually as described by Microsoft.
2. Our agent only manages Microsoft patches published through the Windows Update service. Since this Security Only update was published outside of the Windows Update service, it cannot be deployed by our agent on its own.
This security update will be included in Microsoft’s Monthly Security Patch Rollup, which will be released on Tuesday, January 9, 2018 through the Windows Update service. Our team will accelerate our standard patch testing process to ensure minimal install errors, but make the patch available as soon as possible. After our testing process is complete, the rollup, which will include the patch to fix this vulnerability, will be available to install per your configured patch policies.
We will continue to monitor new updates on this vulnerability and any known compatibility issues.