14 DAY TRIAL // Microsoft rolled out a new set of cumulative updates for Windows 10 as part of its Patch Tuesday cycle, and while all of them came with huge change logs, no mention was made regarding more mitigations for the Meltdown and Spectre vulnerabilities disclosed in early January.
The software giant, however, details the improvements in an update to ADV180002, the original guidance that the company published last month to address the two hardware flaws.
First and foremost, it’s worth highlighting that Microsoft has released additional security patches only for some Windows 10 versions, as it follows: KB4074596 for Windows 10, KB4074591 for Windows 10 Version 1511, KB4074590 for Windows 10 Version 1607, and KB4074592 for Windows 10 Version 1703.
32-bit Windows getting patched
Only the 32-bit versions of the operating systems are getting these extra mitigations, and Microsoft hasn’t released any new refinements for 64-bit SKUs. On the other hand, Microsoft says that more such updates will be released soon, but no details can be provided.
“Microsoft continues to work to provide 32-bit (x86) protections for other supported Windows versions but does not have a release schedule at this time. These update will be included in subsequent updates, and do not apply to x64 (64-bit) systems,” the firm says.
Additionally, the February 2018 Patch Tuesday rollout also includes Meltdown and Spectre patches for Microsoft HoloLens. No extra step is required, as the updates are installed automatically.
Intel has recently started shipping new Spectre Variant 2 patches for Skylake chipsets, after the company previously pulled the updates due to bugs causing unexpected reboots. All the other affected processors are projected to get the patches in the coming weeks as well. Additionally, Microsoft and all the other device manufacturers will include the new security patches in their firmware updates.
The typical recommendation still stands: users are advised to deploy these updates as soon as possible, especially because they include security fixes.