Has anyone found this patch being deployed yet for Win10?
Per MS, it should have started going out Jan 3rd, 2018 for Windows 10 machines to patch the latest Intel processor exploits.
I did not see it in Patch Management yet, but I am unsure if it will ever show up given the changes with Win10 Patching and the lack of an RMM to control it fully.
The patch should still pull into Kaseya even with their inability to control the Windows Automatic Updates.
Microsoft have advised that machines will not scan for the patch until your Antivirus has added a regkey to the machine.
"Note: Customers will not receive these security updates and will not be protected from security vulnerabilities unless their anti-virus software vendor sets the following registry key:
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”"
Apparently many Antivirus will need to update before this patch is applied due to it's interactions with the Kernel and Memory.
I'm guessing once that regkey is there your machines will have the ability to scan for it and it'll appear in Kaseya.
More information on specific patch numbers from: wccftech.com/microsoft-rolling-out-emergency-windows-10-fix-chip-bugs
Windows 10 Fall Creators Update is receiving KB4056892 (Build 16299.192) - This is not yet in Patch Management
Windows 10 Creators Update Version 17033 gets KB4056891 (Build 15063.850) - This is not yet in Patch Management
Version 1607 is getting KB4056890 (Build 14393.2007) - This one is in patch management
1511 receives KB4056888 (Build 10586.1356) – for enterprise and education only. - This is not yet in Patch Management
The original Windows 10 version is receiving KB4056893 (Build 10240.17738) – for enterprise only. - This is not yet in Patch Management.
Also - I am testing my workstations for the 5-30% reported performance hit this morning as well.
We have a mix of Win 7 and Win 10 machines. Has anyone put together a report that would pull together what machines need what? I don't seem to have much success creating custom reports.
I I ran 3dMark before patching on my workstation (Lenovo X1 Carbon i5/8gb) -
Graphics Score - 309
CPU Score - 1758
Overall Score 352
Note - I had not rebooted in the last 12 hours so results may be a bit lower than after a clean boot.
Installed the patch for Win 10 1709. windows10.0-kb4056892-x64
Ran 3dMark again -
Graphics Score - 298
CPU Score - 1672
Overall Score 339
So overall, I am seeing a CPU Score reduction of 4.89%.
This test is not at all scientific, but thought it may be interesting anyway.
Also - Webroot notes they are compatible with the latest patches for this exploit. We built and deployed the reg key via agent procedures.
Hopefully the patch shows up in Patch Management after we deploy this key and re-run patch scan.
I believe only Win10 patches have been released at this time. Tuesday of next week, the other Win systems are supposed to have a patch released.
As for the report, it is a bit early to work through the specifics with the information that is out there. You could report on any machine with an Intel processor since only a few Win10 machines may have been patched.
It looks like the key is in place for windows 7 with Symantec version 14 build 3752.
Has anyone applied the KB who runs Kaspersky (KAV) ?
Below is a list updating list of AV’s and if they have approved the patch yet or not.(maintained by @GossiTheDog)
Below are the currently known patch numbers by OS Version (Windows 8.1 and Windows 7 SP1 is yet to be released)
Windows 10 1709 KB4056892 (Build 16299.192)
Windows 10 1703 KB4056891 (Build 15063.850)
Windows 10 1607 KB4056890 (Build 14393.2007)
Windows 10 1511 KB4056888 (Build 10586.1356) – for enterprise and education only.
Windows 10 1503 KB4056893 (Build 10240.17738) – for enterprise only.
Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2012 Not available
Windows Server 2008 R2 4056897
Windows Server 2008 Not available
Quick update - Our Kaseya Server now shows -
After deploying the reg tweak and re-running patch scan (still running due to distro over a few hours)
Windows 10 1709 KB4056892 (Build 16299.192) - Does not show this one. I know we have Win 10-1709 boxes out there. I may just need to wait for more patch scans to complete.
Windows 10 1703 KB4056891 (Build 15063.850) - Shows up
Windows 10 1607 KB4056890 (Build 14393.2007) - Shows up
Windows 10 1511 KB4056888 (Build 10586.1356) – for enterprise and education only. - Does not show (expected to not show)
Windows 10 1503 KB4056893 (Build 10240.17738) – for enterprise only. - Does not show (expected to not show)
I've noticed there is no direct way to create a registry key in the Agent Procedures. You can check for, delete, update values. Is there a workaround to creating and setting the necessary key as mentioned above?
I usually use a powershell script to create registry Keys. We have uploaded an Agent Procedure to the exchange to create the registry key for the Meltdown vulnerability: https://automationexchange.kaseya.com/products/469
I advise to check this article from Microsoft first: https://support.microsoft.com/sw-ke/help/4072699/important-information-regarding-the-windows-security-updates-released and double check if your AntiVirus is supported via: https://support.microsoft.com/sw-ke/help/4072699/important-information-regarding-the-windows-security-updates-released
Tony H. Execute a Shell Command with a trailing back-slash
reg add HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\QualityCompat\
I think we're losing the fight with Microsoft. I have been running patch scans on my machine all day to test out the new patch and it never shows eligible. Then at 4:33pm today I get a pop up "Heads up we're going to make Windows better by updating soon....." and when I click the details it is KB4056891 that installed. All done by Microsoft behind the scenes. My machine is a Windows 7 that was upgraded so I've heard from Kaseya that my disable Auto updates should still be in place but they're not.