Microsoft Windows Analytics Helps IT Pros Assess Meltdown/Spectre Exposure

Microsoft has modified its Windows Analytics service for IT admins to report on machines’ Meltdown/Spectre protection status.

The Meltdown/Spectre vulnerabilities have been a headache for everyone, but imagine having to deal with it for hundreds or thousands of machines. That task has already fallen onto the shoulders of the world’s IT admins. To make their jobs a little easier, Microsoft put a trio of new features into its Windows administration tool suite.

The first is an antivirus status check that probes whether a machine’s installed antivirus software will prevent it from receiving a Windows Meltdown/Spectre patch. The possibility of anti-virus software interfering with the patches was discovered when Microsoft released them in early January. Microsoft eventually gated the deployment of patches according to a whitelist of antivirus softwares. This new feature seems to leverage that list to give visibility into the issue.

The natural consequence of needing multiple patches, some of which your machine might have been gated from receiving, is that it can be difficult to definitively know whether your system is protected. System admins can be dealing with this for multiple generations of machines and Windows, so Microsoft has consolidated all information related to the deployment of Windows Meltdown/Spectre patches into one place. Windows Analytics will show, beyond which machines have the correct patch installed, which have had it disabled. Due to the initially unclear performance impact of the patches, Windows Meltdown/Spectre patches were defeatable with a registry modification. Microsoft later added another registry kill-switch to nullify Intel’s bugged BIOS updates.

Intel’s BIOS debacle is probably the reason Microsoft added this third feature, because Windows Analytics now reports on machines’ specific BIOS version. This is for automatically checking against lists provided by processor manufacturers. If you have any doubt that this is difficult to do, then look at Intel’s Spectre microcode revision guidance. Each line on there is one or a family of Intel CPUs that needs a specific BIOS update. Certain AMD and ARM CPUs have reportedly had firmware updates released for them as well, but they haven’t been as widely publicized. That's all the more reason for for Microsoft to make this aspect visible.

The Meltdown/Spectre issue has truly sent some waves through the tech industry. (We've been tracking all of it here.) As we know by now, Meltdown/Spectre mitigations are multi-faceted, and miscommunication between companies has left everyone confused more than once. Microsoft’s attempt to bring visibility and certainty to protecting against Meltdown/Spectre can only be a good thing.

Update, 2/14/18, 8am PT: Fixed typo.

  • DivergentMoon
    those "asses" are going to need the help :)
  • 7angrytangerines
    What "asses" those darn IT pros are! :D
  • nstone101
    So annoying. I freaking knew some wild stuff was happening. Just weird stuff, unexplainable, and very hard to i.d.
  • nstone101
    Whats everyones best suggestion, stay off the hard food and stick to softs? what would that equate to in this situation.. humor me.
  • derekullo
    I've been called worse.
  • BaRoMeTrIc
    Microsoft has their top asses on the job. No worries. Maybe next they can fix the fact that my VPN stopped working through the task manager after the fall creators update. Or the fact that the UI is made to look pretty but 100% non-functional/practical. Or the fact that skype keeps reappearing with every update after i have uninstalled it a million times.
  • 237841209
    There's always


  • esco_sid
    This thing is just a scare for normal people who dont know any better you would have to be already in a machine to even exploit this bug which would make 0 sense.