Microsoft's mystifying Meltdown/Spectre patches for AMD processors

Credit to Author: Woody Leonhard| Date: Tue, 16 Jan 2018 07:33:00 -0800

I’ve seen a lot of bizarre Microsoft patches-of-patches, but the new patches for AMD processors are in a world of their own. The security-only, manually downloadable patches appear to be Meltdown/Spectre patches for machines that were bricked by other bad patches, earlier this month, but they’ve arrived with no instructions — and a strange circular logic.

Last week, Microsoft released two patches, with these official titles:

The Win7 KB article says:

An update is available to fix the following issue that occurs after you install January 3, 2018—KB4056897 (Security-only update) or January 4, 2018—KB4056894 (Monthly Rollup):

AMD devices fall into an unbootable state…

This update does not replace a previously released update.

The Win8.1 article says the same thing, with reference to the analogous patches KB 4056898 and 4056895.

… and that’s all of the description on offer. You can find lots of posts about the two patches and how they fix the “unbootable state” (what most of us would call a BSOD or blue screen), but there’s exactly zero advice on how to use the patches, or what fixes they include. And that part about “does not replace a previously released update” has my head whirling.

Just for starters, if you installed one of this month’s buggy Meltdown/Spectre Windows patches on a machine with an older AMD processor (Athlon, Sempron, Turion, Opteron, Phenom and some Ryzen computers), you probably hit a blue screen. Microsoft pulled the patches a few days later, but a whole lot of people had to boot to a recovery environment or re-install Windows, just to get going again.

Now we have patches for Win7 and 8.1 that appear to be the Meltdown/Spectre patches specifically for AMD machines. There’s something karmic about a patch that is designed to install on a machine that can’t boot, thus can’t install any patches. But let’s move beyond the Kafkaesque dilemma.

Here are just a few of the many, many questions swirling around over the weekend:

Which AMD machines are targeted? I don’t know. Microsoft isn’t saying. Apparently these patches are meant for machines that threw BSODs with the earlier patches — but do you need to install the original patch and wait to see if you hit a BSOD, before installing these patches?

If installing a patch just to see if it bricks your machine doesn’t sound like a fun way to spend a snowy day, can you put these new patches on any AMD machine? If so, what happens? Who knows?

Are these patches replacements for the originals — do they cover the same ground — or are they somehow different? Poster @MrBrian on AskWoody says:

On Windows 7 x64, I compared what KB4056897 installs vs. what KB4073578 installs. Considering just executable files, KB4073578 installs a newer version of some executable files. … Of the changed executable files between the two Windows 7 x64 updates (inspected with CBS Package Inspector), the only executable file that changed in size is hvax64.exe.

So if the old and new versions of this month’s Windows/Spectre patches install different files, should you install the new patch on an AMD machine that somehow installed the old one?

For that matter, can you install this newer version on an Intel machine and get away with it? @MrBrian in an intrepid moment tried that. His conclusion:

As a test, I installed KB4073578 on two computers with two different Intel CPU models. I then rebooted and logged into a user account on each computer. There were no apparent problems.

To recap, we have patches for Win7 and 8.1 AMD computers that officially only apply to bricked AMD computers, but still install on Intel computers, and come up with a newer hvax64.exe file. And the patches are only for Win7 and 8.1, not Win10.

Care to chase this down the January patch rabbit hole?

For example, as @PKCano notes, the Win8.1 Monthly Rollup appeared after the Win7 Monthly Rollup. Does the Win8.1 Monthly Rollup include the new security files or the old ones?

What happens if you install the old patches and the new patches, in any time sequence combination of Security-only, Monthly Rollup, old and new?

Let’s not forget that Microsoft started pushing the Meltdown/Spectre patches for some AMD processors, but are they old ones or new ones, and for which processors?

Most of all, what happened to Windows 10? Microsoft yanked a half-dozen January Win10 cumulative updates because they were bricking AMD processors. At least some of those cumulative updates are going out again. Do they include the new files or the old ones? Since Microsoft doesn’t release Security-only patches for Win10, are we stuck with the old cumulative updates until the February Patch Tuesday cycle kicks in? What about those who have AMD machines that choke on the cumulative updates?

I feel an Excedrin headache coming on. Join me on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss