none
KB4058702 - update to protect from Intel Meltdown RRS feed

  • Question

  • If MS is so concerned about the Intel meltdown vunerability - WHY has this update NOT been semt out automatically to ALL users ?

    Why just a few chosen users ?

    Why leave it to the users to discover the update ourselves and manually install from the update catalogue ?

    Saturday, January 13, 2018 11:01 AM

Answers

All replies

  • Something here may help.

    https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

    I'd also ask for help over here.

    https://answers.microsoft.com/en-us/windows/forum/update

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, January 13, 2018 1:27 PM
    Moderator
  • I have asked the same question, and the answer I got in the Answers forum was a link to manually download and install the update for my computer. This is especially puzzling, since the update depends on the OS, the version, and perhaps the Build. The KB you refer to is for Windows 10 Version 1709 (I think OS Build 16299.192). Most consumers would have a hard time determining which update to download, so I don't understand why Windows Update fails to offer the correct one in so many cases.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Saturday, January 13, 2018 6:06 PM
    Moderator
  • I guess that MS do not really care about their customers security! 
    • Edited by Formula XX Saturday, January 13, 2018 6:17 PM
    Saturday, January 13, 2018 6:16 PM
  • I guess that MS do not really care about their customers security! 

    As far as I know patching would not be offered at all unless the qualitycompat key exists. In some cases a firmware update may be required for your hardware.

    https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, January 13, 2018 7:19 PM
    Moderator
  • My guess is that since the update cannot solve the issue and therefore it was decided not to gave it automatically. You should read the "fine print"! this is not a solution but workaround to make it harder. the issue cannot be solve in software level as it is hardware issue!

    By the way, a good place to discuss it in security forums....


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]


    Saturday, January 13, 2018 10:13 PM
    Moderator
  • After some investigation, I have decided I did not get the expected Windows update because my BIOS/firmware has not yet been updated. I found the firmware update for my Surface Pro 4 was released 1/10/2018. But in the article announcing this it says:

    When Surface updates are provided via the Windows Update service, they are delivered in stages to Surface customers. As a result, not every Surface will receive the update at the same time, but the update will be delivered to all devices. If you have not received the update, please manually check Windows Update later.

    I'm not worried, just curious. I will wait.

    Edit: The article I quoted is:

    https://support.microsoft.com/en-us/help/4023489/surface-surface-pro-4-update-history


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Monday, January 15, 2018 5:31 PM
    Moderator
  • For my Surface Pro 4 KB4056892 came in on 1/5/18 The last firmware I got was 12/6/17

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, January 15, 2018 5:37 PM
    Moderator
  • I have restarted several times just to be sure, but my last update is still 12/29/2017. And I don't see any firmware updates. Do you see those somewhere other than Windows Update History?

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, January 15, 2018 8:03 PM
    Moderator
  • I see it in windows update history under drivers, but I only see the one from 12/6/17. I really haven't paid much attention to this before but wonder if its somehow only aware of the last firmware applied?

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, January 15, 2018 8:11 PM
    Moderator
  • I also can see this in Device Manager (not sure why WU says in came in on 12/6/17?) Hmm in image it says 2016?

     

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Monday, January 15, 2018 8:14 PM
    Moderator
  • System Information (msinfo32.exe) says;

    BIOS Version/Date Microsoft Corporation 108.1926.769, 12/6/2017

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Monday, January 15, 2018 8:20 PM
    Moderator
  • Ah, SystemInfo. I looked at that before to get my build number. But that says my BIOS is 108.1866.769, 10/10/2017.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, January 15, 2018 9:34 PM
    Moderator
  • I couldn't find that one. Strange that this doc says what I have is 1/10/18 release.

    https://support.microsoft.com/en-us/help/4023489/surface-surface-pro-4-update-history

     Hmm, looking further I see that WU history reports 108.1926.769, 12/6/2017 was installed on 1/10/18 where KB4056892 was installed on 1/5/18

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, January 15, 2018 9:51 PM
    Moderator
  • Late today Windows Update installed KB4056891 on my Windows 10 Version 1703 (64-bit). Apparently these updates are staged. Now I just need the firmware update. Since I have a Microsoft Surface Pro 4, this should also be installed by Windows Update. I just need to be patient.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Saturday, January 20, 2018 12:57 AM
    Moderator
  • Late today Windows Update installed KB4056891 on my Windows 10 Version 1703 (64-bit). Apparently these updates are staged. Now I just need the firmware update. Since I have a Microsoft Surface Pro 4, this should also be installed by Windows Update. I just need to be patient.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Windows update will NOT touch your firmware - this is the 1st layer in the OS (before the OS starts up...
    Saturday, January 20, 2018 9:10 AM
  • Windows update will NOT touch your firmware - this is the 1st layer in the OS (before the OS starts up...

    Yes, firmware updates can and do come via windows update for surface pro.

    https://support.microsoft.com/en-us/help/4037238/surface-surface-pro-update-history

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, January 20, 2018 1:21 PM
    Moderator
  • Steeboo, this article:

    https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

    says the following:

    Note Surface customers will receive a microcode update via Windows update.

    meaning a processor microcode, or firmware, update. And this article:

    https://support.microsoft.com/en-us/help/4023489/surface-surface-pro-4-update-history

    says the firmware update for Surface Pro 4 was available through Windows Update on January 10. I have not yet received that firmware update (because of the staging), but I did receive a firmware update on 10/10/2017, presumably from Windows Update since I certainly didn't download anything. Firmware updates are released by the OEM, not the chip manufacturer.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Saturday, January 20, 2018 1:25 PM
    Moderator
  • I just now, late on 1/25/2018, got the firmware update for my Windows 10 Surface. It was deployed by Windows Update as advertised. When I run the Get-SpeculationControlSettings PowerShell module it shows I am fully protected.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, January 26, 2018 2:01 AM
    Moderator
  • I just now, late on 1/25/2018, got the firmware update for my Windows 10 Surface.

    WMIC  /BIOS  get  /Format:List

    may have been updated too then.  Unfortunately SerialNumber= is included so you probably shouldn't share.  What I have always wondered though is: are any of those values reports from the new firmware (via some kind of API) or just registry values the update provided as meta data?  E.g. otherwise, would wiping the values give us a chance to retry a firmware update that just doesn't seem to be doing what was expected?



    Robert Aldwinckle
    ---

    Friday, January 26, 2018 6:04 PM
  • Robert, your command gives me similar information as SystemInfo, except the later says my BIOS is dated 12/6/2017. I both cases the firmware ID is 108.1926.769, which matches documentation for the firmware update needed for Surface Pro 4.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, January 26, 2018 7:30 PM
    Moderator