Microsoft yanks buggy Windows Meltdown/Spectre patches for AMD computers

After five days of debilitating blue screens on AMD machines, Microsoft pulled the buggy patches very early Tuesday morning. More problems remain.

meltdown spectre
Project Zero

The hastily released Jan. 4 Windows Meltdown/Spectre patches left many AMD computer owners in a bind. Complaints started flowing in shortly after the release, with blue screen errors 0x000000C4 and 0x800F0845, and machines that stubbornly refused to start, even after undergoing normal resuscitation. Windows PCs with AMD processors got dinged, but there are also reports of Intel machines with AMD video cards malfunctioning.

Early this morning, Jan. 9, Microsoft finally acknowledged the bugs and pulled the patches for “some AMD devices.” But there are significant lingering problems, beyond the AMD bricking, that Microsoft hasn’t addressed.

Microsoft’s mea culpa, contained in KB 4073707, blames AMD:

Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.

Let the finger-pointing begin ... but you have to wonder who tested the patches.

What’s been yanked

As of this morning, Microsoft has pulled the following patches “to devices with impacted AMD processors”:

Each of the related KB articles has been altered to include the warning:

Microsoft has reports of some customers with AMD devices getting into an unbootable state after installing this KB. To prevent this issue, Microsoft will temporarily pause Windows OS updates to devices with impacted AMD processors at this time.

Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. If you have experienced an unbootable state or for more information see KB4073707. For AMD specific information please contact AMD.

It isn’t clear, at least to me, whether the AMD embargo includes Intel PCs with AMD video cards.

The KB article includes links to the old — and frequently ineffective — standard methods for dealing with blue screens in Win10, Win8.1 and Win7.

The not-so-subtle subtext: AMD screwed up and Microsoft ain’t the bad guy.

The lingering problem

There’s another problem on the horizon. During testing, Microsoft encountered many blue screens associated with specific antivirus programs. In order to guard against those blue screens, Microsoft established a registry key that must be set by an antivirus program before the Meltdown/Spectre patch will be applied. I talked about the machinations last week.

In a nutshell, you have to update your antivirus program — the right antivirus program — to a very recent version so it’ll establish the registry key, allowing the Meltdown/Spectre patch to go ahead. No registry key, no patch

There’s a long litany of non-compliant antivirus software on Kevin Beaumont’s masterful master list of antivirus patch compatibility. As of early this morning, nearly two dozen antivirus manufacturers don’t set the key, including big names like F-PROT, FireEye Endpoint Security, McAfee and Trend Micro.

If you think about that for more than 30 seconds, it should be obvious that there’s a fatal flaw. Several. Ignore, for the moment, the gargantuan task of ensuring that a large enterprise has all of its antivirus software (possibly from multiple manufacturers) up to date. Instead, think about the people who can’t get their antivirus software updated for whatever reason — compatibility, or they haven’t paid the piper. Then think about those who don’t run antivirus software, or at least antivirus software that complies with Microsoft’s registry requirement. And what about those who install or uninstall new, different or even multiple antivirus scanners?

Since all of Microsoft’s patches now are cumulative (except the Win7 and 8.1 security-only manually downloaded patches), that means those who don’t pay for their antivirus product, or otherwise get thrown under the antivirus bus, won’t get any more Windows patches. Ever.

And most will never know why.

Join us for popcorn, commiseration, and the latest news on the AskWoody Lounge.

Related:
5 tips for working with SharePoint Online
Shop Tech Products at Amazon