Microsoft pushed an unscheduled update to its Windows customers that will disable the patch that was supposed to mitigate the Spectre variant 2 (CVE 2017-5715 Branch Target Injection) CPU flaw.
Intel’s “Garbage” Patches
Although Intel was in a hurry to deliver its patches to “90% of Intel CPUs introduced in the past five years,” Linus Torvalds, the creator and principal developer of the Linux kernel, recently called the company’s patches “complete and utter garbage.” because they were doing things that were "not sane."
At least some of that criticism seems to have been validated, as Intel started pulling its Spectre v2 microcode patches last week because it was causing “higher than expected reboots and other unpredictable system behavior” on users’ machines.
Microsoft Disables Its Own Spectre V2 Patch
Now Microsoft is following suit and has issued an unscheduled update (KB4078130) that disables the OS-level patch that was supposed to work with Intel’s microcode update to mitigate Spectre v2. In Microsoft’s testing, this new update should fix the reboot issues for users, but for moment it also means that these users will remain vulnerable to Spectre v2.
Microsoft’s update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you’re using Windows 7, you will need to download the new update from Microsoft’s Update Catalog website (which doesn't seem to work with Chrome or Firefox) as Microsoft stopped delivering automatic updates to Windows 7 a while ago. Users of Windows 8.1 and later will receive the update via the automatic update system.
Microsoft is also offering users a way to manually disable the previous error-causing Spectre patch via registry settings, found in the following two Knowledge Base articles:
The company added that so far there have been no reports of attacks exploiting the Spectre v2 CPU flaw, but it recommends its customers to re-enable the mitigation when Intel reports that the rebooting issues have been solved for your particular devices.