This article is more than 1 year old
More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns
This is going to take a while
More examples have emerged of security fixes for the Meltdown vulnerability breaking things.
Patching against CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) borks both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.
Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your rollREAD MORE
PulseSecure has come up with a workaround for affected platforms, which include Windows 10 and Windows 8.1 but not Windows 7.
Sandboxie has released an updated client to solve compatibility issues with an emergency fix from Microsoft, as explained here. We've asked Sophos for comment.
Compatibility with the same set of Microsoft fixes released last Wednesday (January 3), freezes some PCs with AMD chips, as previously reported.
These sorts of issues leave sysadmins (and to a lesser extent consumers) between a rock and a hard place. The critical Meltdown and Spectre vulnerabilities recently found in Intel and other CPUs represent a significant security risk. Because the flaws are in the underlying system architecture, they will be exceptionally long-lived.
Remediation work is necessary but complicated because anti-malware packages need to be tweaked before Microsoft's patches can be applied, as previously reported.
Unless the antivirus compatibility registry key is set, Windows Update will not delivery January's or any future security updates. Anti-malware software requires low-level access to the machine it runs on so tweaks need to be made to accommodate changes in memory handling that come with the Meltdown and Spectre fixes or else crashes can occur, Microsoft warned.
A Redmond support article clarifies that "customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets [a particular] registry key".
Buckle up: it's going to be a bumpy ride even though some help is available.
Cybersecurity vulnerability manager Kevin Beaumont has put together a Windows antivirus patch compatibility spreadsheet here. ®