Since Microsoft issued the patches for the chipset vulnerabilities known as Meltdown and Spectre that came to light via Google’s Project Zero last week, people who have AMD computers have issued complaints about their computers crashing to a Blue Screen for Death (BSOD).
On Tuesday, Microsoft temporarily suspended the rollout of security patches for devices that have AMD CPUs. On its support site, Microsoft said it was suspending the updates because it was concerned about the reports of AMD devices getting into “an unbootable state” following installs of the operating system security updates.
Microsoft specified that the problem was only related to “a small subset of older AMD processors”, and assured users it was working with AMD to resolve the issue and “should resume Windows OS security updates to this subset of AMD processors via Windows Update and WSUS by next week”.
For AMD-specific information, Windows referred users to AMD’s Security Advisory. In its Advisory issued yesterday, AMD said that security issues uncovered had “brought to the forefront the constant vigilance needed to protect and secure data”, including its microprocessor architecture that seeks to preserve secure data.
AMD said that the majority of AMD systems were receiving patches via Microsoft currently (Linux vendors are also rolling out patches across AMD products), and that it was working closely with them “to correct an issue that paused the distribution of patches for some older AMD processors”. AMD specified that these were limited to the “AMD Opteron, Athlon and AMD Turion X2 Ultra families”.
AMD assured users that they expect to quickly correct the issue and users of those AMD families should expect updates by next week.
The Meltdown and Spectre vulnerabilities have set the tech world on edge, as they are hardware bugs that allow programs to steal sensitive data from other programs, such as email, business documents and chat applications. They have not yet been exploited in the wild, but the worrying fact remains that nearly every processor made since 1995 is vulnerable to Meltdown and almost every modern system is vulnerable to Spectre.
Businesses and home users need to ensure that the antivirus being used on their systems is compatible with the Meltdown/Spectre patches. Previously, Microsoft has said that if you didn’t receive the out-of-band security update, this was because your antivirus was incompatible.
As CSO pointed out, Microsoft “then added a big detail to that caveat: Customers running incompatible antivirus will not only fail to receive the fix for Spectre and Meltdown, but they will not receive any Windows security patches until the antivirus solution is compliant.”
Many antivirus vendors are working on the required registry key, which will certify to Microsoft that they are compliant. However, a rushed fix could cause problems later. Some vendors have recommended setting the registry key manually.
If you want to check to see if your computer is protected against Meltdown and Spectre, you can find out using the steps listed here.