Microsoft adds Meltdown-Spectre patch device check to Windows Analytics

Microsoft's Windows Analytics offers a snapshot of the status of device mitigations against the Meltdown and Spectre CPU attacks.
Microsoft's Windows Analytics offers a snapshot of the status of device mitigations against the Meltdown and Spectre CPU attacks.


Microsoft has rolled out an update to its free enterprise IT service Windows Analytics to help detect each device’s status with respect to fixes for the Meltdown and Spectre CPU bugs. 

The updated Windows Analytics tool comes alongside today’s Patch Tuesday security updates and is available for Windows 7 Service Pack 1, Windows 8.1, and Windows 10. 

The new Windows Analytics feature offers IT pros the tools to check the status of devices on enterprise networks with respect to: third-party antivirus compatibility with Microsoft’s Meltdown and Spectre fixes; the Windows security updates for Meltdown and Spectre themselves; and firmware updates such as Intel’s microcode mitigations for the Spectre Variant 2 attack.     

Given the multifaceted problems that have surfaced in attempts to mitigate the attacks, the Windows Analytics feature is likely to be welcomed by IT pros and admins tasked with protecting PCs and servers that likely are powered by Intel CPUs.  

One of the first problems to emerge from early efforts to mitigate Meltdown and Spectre — otherwise known as the speculative execution side-channel attacks — was Microsoft’s requirement for third-party antivirus to be compatible with its kernel fixes

As Microsoft warned at January’s Patch Tuesday, a week after releasing its initial Meltdown and Spectre fixes, customers wouldn’t receive January’s or future security fixes unless their antivirus was compatible.   

Intel’s microcode updates were also found to be causing unexpected reboots on Broadwell, Haswell, and Skylake CPUs. On January 22 the chip maker told PC makers to stop deploying its updates. HP, Dell and Lenovo paused their respective BIOS updates with Spectre 2 fixes, while Microsoft shortly after also provided an update that admins could use to disable Spectre variant 2 mitigations on Windows machines that had already installed BIOS updates from PC makers.    

Microsoft by that stage had already analyzed the performance impact of the mitigations against Meltdown and Spectre. It found that Meltdown (variant 3) and Spectre (variant 1) had little impact, while Spectre Variant 2 did have an impact.  

Given the complexity of dealing with patches from multiple sources, compatibility issues, and Intel’s problematic firmware fixes, it’s not surprising that Microsoft has found customers demanding help to check the status of devices on enterprise networks, which could easily number thousands or tens of thousands of devices. 

“A top question we continue to hear from IT professionals around the world is how can they best assess if the Windows devices across their enterprise are protected?,” Terry Myerson, executive vice president of Microsoft’s Windows Devices Group wrotein a blogpost announcing the Windows Analytics feature. 

Myerson offered an explanation of the three main checks Windows Analytics now carries out, which is displayed in a dashboard for the status of Meltdown and Spectre vulnerabilities on devices across antivirus, Windows Security updates, and firmware security updates:   

  • Anti-virus Status: Some anti-virus (AV) software may not be compatible with the required Windows Operating System updates. This status insight indicates if the devices’ anti-virus software is compatible with the latest Windows security update.
  • Windows Operating System Security Update Status: This Windows Analytics insight will indicate which Windows security update is running on any device and if any of these updates have been disabled. In some cases, IT Administrators may choose to install the security update, but disable the fix. Our complete list of Windows editions and security updates can be found in our Windows customer guidance article.
  • Firmware Status – This insight provides details about the firmware installed on the device. Specifically, this insight reports if the installed firmware indicates that it includes the specific protections required. Initially, this status will be limited to the list of approved and available firmware security updates from Intel4. We will be adding other CPU (chipset) partners’ data as it becomes available to Microsoft.



Join the newsletter!

Or
Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags intelWindows 7cyber securityWindows 8.1meltdownspectreWindows 10

More about DellHPIntelLenovoMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts