HomeWinBuzzer NewsMicrosoft: No Security Updates until Anti-Viruses Become Meltdown Patch Compatible

Microsoft: No Security Updates until Anti-Viruses Become Meltdown Patch Compatible

Microsoft is refusing to push security updates to all PCs with anti-virus software until the vendors implement a registry key. The move comes after users experienced blue screens while trying to fix Meltdown and Spectre vulnerabilities.


Microsoft is taking a hard stance against Anti-viruses as Meltdown and Spectre patches cause bluescreen errors for some users. The company will deny computers with incompatible AVs security updates.

To do so, antivirus programs must update their software and add a special key to the registry. Once compatible, Windows will download the Meltdown and Spectre patches and any others available.

“Microsoft added this requirement to ensure customers can successfully install the January 2018 security updates,” explains a support page. “Microsoft will continue to enforce this requirement until there is high confidence that the majority of customers will not encounter device crashes after installing the security updates.”

Questionable Anti-Virus Tactics

For the unfamiliar, the Meltdown and Spectre vulnerabilities have arisen due to a flaw in CPUs. When a command is sent to perform any task, the CPU passes control to the kernel, which stays below the surface in processes even once the CPU takes back control. This is to ensure smoother and faster performance, but also means systems are potentially at risk.

By using JavaScript in the browser, attackers can read memory on a user’s machine, potentially accessing keystrokes, passwords, and more.

The issue with anti-viruses comes from techniques security researcher Kevin Beaumont describes as “very questionable”.

Some vendors are bypassing Kernel Patch Protection through use of a hypervisor, which is used to intercept system calls and guess memory locations. Because Microsoft’s latest patch changes those memory locations, some users are unable to start their PC.

So far, most major scanners have set the registry key, but there are still quite a few exceptions. The most notable are McAfee’s Endpoint Protection, as well as Panda and FireEye. All three are working on supporting it soon.

However, some users can install the registry key manually, rather than waiting for their vendor. Microsoft has instructions here, but notes that incorrect usage could cause serious problems.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News