As we crawl deeper down the Meltdown/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the “fix” that’s supposed to protect you against one of the Spectre variants. It’s the same patch, that works the same way, on every version of Windows, from Win7 to the latest Win10 beta builds.

I’m tempted to call it an out-of-band patch, but truth is that all of this month’s patches have been out of band.

You’ve no doubt been inundated by the news about Meltdown and Spectre, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer.

You all know that Intel has acknowledged that its latest firmware patches can cause “higher system reboots after applying firmware updates” in essentially all modern versions of its chips. If you’ve been paying attention, you also know that, on the software side, Microsoft has patched, bricked (more accurately, “rendered unbootable”), pulled, repatched and generally changed Windows patching from a once-a-month headache to an advanced persistent threat.

Source link