There’s one big gotcha with this month’s security update from Microsoft that attempts to help solve the Meltdown/Spectre vulnerabilities. If your antivirus vendor has not correctly updated its software per Microsoft’s request, you won’t get Windows security updates this month – in fact, you may never Windows security updates again until your antivirus software is Microsoft Windows compliant.
It’s not necessarily buried information, but it is easy to pass by and not take proper notice, but there’s a special blurb in Microsoft’s recent document on Windows security updates released January 3, 2018, and antivirus software that should be critically highlighted:
Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:
Key=”HKEY_LOCAL_MACHINE” Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=”REG_DWORD”
Microsoft says its working with vendors to make sure they are aware and understand what needs to be done. Many have complied already, but there’s still many that haven’t. If you’re not sure, you need to check with your antivirus vendor to get a proper notice.
If your software vendor is slow to respond, you can always just backtrack and use the protection software built into Windows. However, its extremely important to do something.
Consider, too, that this doesn’t just affect Windows Update. It also affects patching mechanisms for WSUS and Configuration Manager. If the scanning mechanism doesn’t see the registry value where it should be, the available updates will show as not applicable. Some may consider that those found to be not applicable are already secure when they are far from it.
So, why is Microsoft doing this? Why is Microsoft requiring a simple registry key value as an indicator? Through this whole fiasco, Microsoft has learned that it cannot patch effectively due to workarounds that antivirus vendors have implemented in their software that bypasses Microsoft’s requirements – essentially making Windows unsecure when it should be.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!