Microsoft has released patches for the Meltdown and Spectre CPU vulnerabilities, but you might find that you can’t install them or that they aren’t showing up as an option to install. The reason is due to some antivirus software not following the correct protocols, mainly making unsupported calls to the Windows kernel memory.
As a solution, Microsoft is now requiring all antivirus software to confirm compatibility with its CPU patches, followed by setting a registry key in their product to certify compatibility. The result will be successful installation of the January 2018 security update, as well as future security updates.
The short of it is that if you are not using a Microsoft-approved antivirus solution, you will no longer be able to get security updates from Microsoft!
Unless…you don’t have any antivirus software installed at all. If this is the case, you will simply need to update the registry manually, and then the January 2018 security update and all subsequent security updates will work just fine. The registry key and information you need to manually update is the following:
Key=”HKEY_LOCAL_MACHINE” Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=”REG_DWORD”
At the time of writing this blog, Microsoft has only stated that Windows Defender and Microsoft Security Essentials are compatible antivirus software programs. However, I was able to find a few sites that could guide you in determining if your antivirus is supported; here is a link to one of them. To determine if your antivirus software is compatible, you will need to do some digging and testing.