Several days we were announcing in this blog that Microsoft was asking users to stop the release for the patch –presumably solving diverse vulnerabilities for Meltdown and Spectre-(CVE 2017-5715).

We wrote as a humorous sentence that now we would need a patch for the patch. Finally Microsoft is issuing an “update” to disable the mitigation against Spectre.

The previously patch was intended to solve some of the issues with the hardware vulnerability, specifically for Spectre, but it did not worked as planned. It did not solve the original issues but introduced new vulnerabilities, causing instability and sudden system reboots with risk of data loss or data corruption.

The update Microsoft is releasing this time is related with the microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection).

This microcode can cause higher than expected reboots and other unpredictable system behavior -Microsoft (@support.microsoft.com) 30.01.2018

Microsoft is also offering 2 different solutions for the advanced users on the affected devices, which actually is: disabling the previous mitigation mechanisms:

KB4073119: IT Pro Guidance

KB4072698: Server Guidance

Microsoft ensures that there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers.

Nevertheless, Microsoft strongly recommends to its customers “when appropriate”, re-enable the mitigation mechanism when Intel reports that this unpredictable system behaviour has been resolved.

If you like this, follow me on twitter.