locked
Security Patch for Meltdown/Spectre RRS feed

  • Question

  • Hi,

    I am unable to see any update for Meltdown/Spectre when i check for update manually for both Win srv 2008 R2/Srver 2012R2.

    Please let me know solution.


    • Edited by fmsadmin Tuesday, January 16, 2018 6:41 AM
    Tuesday, January 16, 2018 6:23 AM

All replies

  • Check your WSUS server or, perhaps these updates are already installed (if you have automatically approving critical/security).

    https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

    Or you can manually add it to WSUS.

    Tuesday, January 16, 2018 6:32 AM
  • Hi,

    Please check the article below:

    Important: Windows security updates released January 3, 2018, and antivirus software

    https://support.microsoft.com/en-hk/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

    Hope it helps.

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 16, 2018 7:34 AM
  • We are not using WSUS for patch management.Is it safe for manual download & install updates. 
    Tuesday, January 16, 2018 10:31 AM
  • Sure, if you antivirus is up 2 date and has set the registry key QualityCompat. If you have no antivirus you need to set it yourself (GPO if you have more than 5 server)



    Regards Stephan

    OneDrive / Sharepoint Blog

    Tuesday, January 16, 2018 11:54 AM
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, January 17, 2018 9:19 AM
  • Hi,

    Was your issue resolved? 

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,
    Frank

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, January 19, 2018 8:48 AM
  • Should I be manually creating this reg key on all win 7, 8.1 and 10 workstations?
    Wednesday, January 24, 2018 7:45 PM
  • pstoric, if you mean this registry key:

    HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat

    then yes, you should create it if your virus software has not already (or you have no virus software). All compliant virus software should have added the key to clients already. See this article:

    https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, January 24, 2018 9:14 PM
  • Thanks. I assume that goes for Windows Server OS as well that don't use AV?
    Wednesday, January 24, 2018 9:36 PM
  • Yes, I believe a server OS also needs this registry key (either added by their virus protection software, or added manually). But in addition, server OS's probably need another registry setting described in this article:

    https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Thursday, January 25, 2018 12:28 AM