Microsoft expands software and microcode fixes for Meltdown and Spectre

More than two months on from the disclosure of the Meltdown and Spectre processor vulnerabilities, Microsoft has announced it is greatly expanding coverage for its own fixes. In a new blog post, the company says that it is stepping up distribution of Intel's verified microcode updates for more processors, as well as issuing software security fixes to more versions of Windows.

Included as part of today's Patch Tuesday rollout, Microsoft has expanded protections for the Meltdown vulnerability to x86 editions of Windows 7 and 8.1. That's in addition to emergency fixes Microsoft first rolled out just after the exploits were disclosed. The company notes that it will continue to work on providing updates for additional supported versions of Windows.

In addition to expanding its software fixes, Microsoft says that it has also removed the antivirus compatibility check for security updates on Windows 10. From Microsoft:

As we've previously detailed, some AV products had created compatibility issues with the Windows security updates, by making unsupported calls into the kernel memory, which required us to make AV compatibility checks to manage this risk. Based on our analysis of available data, we are now lifting the AV compatibility check for the March Windows security updates for supported Windows 10 devices via Windows Update. This change will expand the breadth of Windows 10 devices offered cumulative Windows security updates, including software protections for Spectre and Meltdown. We continue to require that AV software is compatible and in cases where there are known issues of AV driver compatibility, we will block those devices from receiving Windows updates to avoid any issues.

As a continuation of an effort that began at the beginning of March, Microsoft is also expanding the number of Intel microcode updates available through the Microsoft Update Catalog. The updates available from Microsoft, which guard against the Spectre Variant 2 vulnerability, now cover a growing range of Skylake, Coffee Lake, and Kaby Lake processors for machines running the Fall Creators Update. This update must be manually downloaded and installed from the Microsoft Update Catalog, and you can find a full list of processors for which it's available at Microsoft.