Your antivirus may clash with Windows Meltdown-Spectre patch Watch Now

Video: Your antivirus may clash with Windows Meltdown-Spectre patch

Several industrial-equipment manufacturers have reported problems with the fixes for the recently disclosed Meltdown and Spectre attacks.

Rockwell Automation has reported a dozen errors that are appearing in its FactoryTalk-based products after installing Microsoft's Meltdown and Spectre patches for Windows systems.

The errors include problems logging on to Rockwell's security server, issues with the FactoryTalk admin console, and various other error messages.

Intel last week confirmed that its firmware patches for the CPU flaws have been causing a higher number of reboots on Broadwell and Haswell chips. The company had reportedly told its datacenter customers to hold off on applying the patch due to the errors.

Microsoft also suspended its updates for AMD systems after some customers encountered booting issues once the Meltdown and Spectre were installed. AMD says Microsoft should re-release improved updates this week.

US ICS-CERT has published links to advisories from industrial-equipment manufacturers, including ABB, Siemens, and Rockwell.

"Siemens is aware that some updates can result in compatibility, performance or stability issues on certain products and operating systems," Siemens said.

"Operating system vendors, such as Microsoft, are still working to address these compatibility issues with their updates. Siemens will therefore continue to evaluate the applicability of those updates."

Rockwell confirmed its E1000, E2000, and E3000 Industrial Data Center products are vulnerable to the attacks and noted problems the patches are causing to its FactoryTalk products.

Image: Rockwell Automation

"Rockwell Automation is aware of anomalies in FactoryTalk-based software products that were introduced by the application of some of these updates. Some of the affected products include Studio 5000, FactoryTalk View SE, and RSLinx Classic," it said.

"Rockwell Automation is currently working with Microsoft to resolve these anomalies, and more information will be posted here when available."

As noted by security researcher Kevin Beaumont, the widely used SCADA/ICS software vendor Wonderware, which is part of Schneider Electric, has also reported problems with the patches.

"Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," Wonderware said.

On Friday, Wonderware UK told customers running its Historian software not to install Microsoft's patch.

"Customers running the Wonderware Historian software SHOULD NOT apply the Microsoft patch. Issues have been found with the Historian System Driver. See tech Alert 287 (attached) or here: (customer account required) for more information."

Previous and related coverage