First, from Bleeping Computer:
Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike.
Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.Back-ported patches are apparently in the works, but no ETA yet from Microsoft. So, that's the bad news. Ready for the worse news?
— Alex Ionescu (@aionescu) May 2, 2018
From Reuters:
Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday.
The magazine, called c’t, said it was aware of Intel Corp’s plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan’s Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable.
[...]
C’t did not name its sources because researchers were working under so-called responsible disclosure, in which they inform companies and agree to delay publishing their findings until a patch can be found.
The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7.Once again, it's looking like a pretty good day to be a W7-using AMD fan.
We'll have to see if Intel handles this latest revelation any better than they handled the original Meltdown reveal. That didn't go at all well, with Intel doing their level best to confuse the issue by claiming that AMD chips were also vulnerable to Meltdown (they weren't), and then passing "patches" to Microsoft for distribution that "accidentally" borked AMD-users' systems (oops?). The fact that even the "repaired" Meltdown fixes were still critically flawed is just the rotten cherry on top of this hot shit sundae.
So, Windows 10 users should all be rushing to adopt the latest update as quickly as possible. Right? Right? Yeah... about that...
From ghacks.net:
If you have not followed the release of the update, you may wonder why you should block the upgrade at this point in time.
It is simple: the update is riddled with bugs. I upgraded one PC to Windows 10 version 1803 and ran into a good dozen major issues; Edge or Windows Defender won't load, I can't right-click on taskbar items, no microcode update for Windows 10 version 1803 to patch the Spectre security issue is available, and shutdown is broken unless you disable Fast Restart.
Those are just the issues that I ran into. Other users reported Chrome, Cortana and other software program freezes, out of disk space warnings because the recovery partition got a drive letter suddenly, lots of Alienware PCs that lock up, and a lot more.
You can go back to the previous version if a device is updated automatically to the new version of Windows.
It is likely that Microsoft will release fixes for some of the issues but since those are provided on Tuesday the earliest, there is no time to test them before systems might get upgraded to the April 2018 Update.
So, with all the problems and issues associated with the Windows 10 version 1803 update, you may want to think hard about upgrading to the new version right now.If it were me, I'd still be patching -- just be sure to set a restore point first, so that you can roll back if the patch causes issues. Still, I can remember when Microsoft was swearing that Windows 10 wouldn't have these issues, and trying to convince us that Windows 7 had somehow become a security garbage fire because MS had released a new OS version, and I can't help but shake my head.
GG, Microsoft. Nice work.