In a blog post, the company says enterprise customers have frequently asked how they know if their Windows devices are mitigating Meltdown and Spectre. Microsoft explains there are challenges posed by the vulnerability. “These hardware-based security vulnerabilities are a new challenge for all of us. Customers’ devices require both updates to CPU microcode (firmware) and the Windows operating system, and anti-virus software must be compatible with the latest Windows updates.” In an effort to improve visibility for IT pros, Windows Analytics service now report statuses for all Windows devices. Microsoft has included an anti-virus status, firmware status, and system security update status. This lets customers know if all bases of protection have been covered.
“Anti-virus Status: Some anti-virus (AV) software may not be compatible with the required Windows Operating System updates. This status insight indicates if the devices’ anti-virus software is compatible with the latest Windows security update. Windows Operating System Security Update Status: This Windows Analytics insight will indicate which Windows security update is running on any device and if any of these updates have been disabled. In some cases, IT Administrators may choose to install the security update, but disable the fix. Our complete list of Windows editions and security updates can be found in our Windows customer guidance article. Firmware Status – This insight provides details about the firmware installed on the device. Specifically, this insight reports if the installed firmware indicates that it includes the specific protections required. Initially, this status will be limited to the list of approved and available firmware security updates from Intel. We will be adding other CPU (chipset) partners’ data as it becomes available to Microsoft.”
Meltdown and Spectre
If you have followed the Meltdown and Spectre, it has been expansive and fast moving. The kernel-level bug affecting most Intel and some AMD CPUs has been public since earlier this month. Intel and various tech giants like Microsoft and Apple knew about the flaw since June 2017. However, they kept it secret to work on patches to fix the vulnerability. If users have downloaded those patches, their machine should be safe. However, Intel’s own patch had problems and users are advised not to download it.