Windows surprise patch KB 4078130: The hard way to disable Spectre 2
Credit to Author: Woody Leonhard| Date: Mon, 29 Jan 2018 05:49:00 -0800
As we crawl deeper down the Meltdown/Spectre bunny hole, Microsoft released on Friday night a weird, download-only patch that disables the “fix” that’s supposed to protect you against one of the Spectre variants. It’s the same patch, that works the same way, on every version of Windows, from Win7 to the latest Win10 beta builds.
I’m tempted to call it an out-of-band patch, but truth is that all of this month’s patches have been out of band.
You’ve no doubt been inundated by the news about Meltdown and Spectre, the two (actually, three) highly publicized security vulnerabilities in essentially all modern computer chips that, at this point, has never been seen on a real, live, in-the-wild computer.
You all know that Intel has acknowledged that its latest firmware patches can cause “higher system reboots after applying firmware updates” in essentially all modern versions of its chips. If you’ve been paying attention, you also know that, on the software side, Microsoft has patched, bricked (more accurately, “rendered unbootable”), pulled, repatched and generally changed Windows patching from a once-a-month headache to an advanced persistent threat.
Now for something completely different.
On Friday night, Microsoft released a strange patch called KB 4078130 that “disables mitigation against Spectre, variant 2.” The KB article goes to great lengths describing how Intel’s the bad guy and its microcode patches don’t work right:
While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described.
There aren’t any details, but apparently this patch — which isn’t being sent out the Windows Update chute — adds two registry settings that “manually disable mitigation against Spectre Variant 2”:
“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management” /v FeatureSettingsOverride /t REG_DWORD /d 1 /f
“HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f
It appears that these are the same changes implemented weeks ago by Steve Gibson in his InSpectre program. Steve’s program gives you the option to turn off Spectre protection. The registry keys were originally documented on Jan. 3 — they’re hardly new.
But how, you may ask, does KB 4078130 actually work? It probably doesn’t disable Intel’s BIOS/UEFI firmware (although there was one occasion I can recall, years ago, when a Windows patch did update Intel microcode). More likely, the registry changes implement some sort of bypass within Windows itself to avoid using the dicey Spectre 2 part of the Intel microcode. Only Microsoft knows for sure, and Microsoft ain’t saying.
So, the proverbial bottom line: Should you be concerned?
Short answer, no. In particular, if you’ve followed my recommendations and avoided this entire Meltdown/Spectre upgrading debacle — haven’t installed any of this month’s patches, haven’t installed the latest BIOS/UEFI microcode — there’s nothing in KB 4078130 that’s of interest.
On the other hand, if you have installed your vendor’s microcode update, and you’ve installed the January Windows patches (one or more of the gazillion on offer), and you’re having problems — your machine stops unexpectedly, or performance hit the bottom of a molasses sludge pit — then installing KB 4078130 may help. Or maybe not.
Thx, @MrBrian, @abbodi86
What do you think about these mangled, useless patches? Join us on the AskWoody Lounge.