Forum Discussion

Xavier_2020's avatar
Xavier_2020
Copper Contributor
Jan 27, 2020

Windows Update and security fixes.

Hi all,

Since several years, many securities issues has been discovered in CPU.

 

Microsoft has been able to update CPU microcode revision which is prerequisite to handle mitigation OS fixes on some CPU. That is a good point for overall security.

 

Unfortunately, that is not enough, and our computer are still vulnerable, because there are other actions that are not done by Windows Update.

After that, you have to update registry like this page:

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in 

 

Actually, no information about 1909 build, but Microsoft tell me that mitigations are still not installed on this new build. And consequently, there will be a lot of users and administrators that thought that they are secured with there computer, which is not the case.

 

For the future next Windows build, it would be very good that Windows Update install all securities fixes and mitigations by default, to secured all computers that is very important in our dangerous world, and only allow for specific user's needs that have computer that are not connected to the network, the ability to remove some specific Windows security fixes.

 

Hope that this very important security improvement will be soon applied by Windows Update by default.

 

Best regards

Xavier

  • RAJUMATHEMATICSMSC's avatar
    RAJUMATHEMATICSMSC
    Iron Contributor
    Mar 20, 2020

    Xavier_2020 . I have  applied the same registrykeys to windows 1909, but  stii some processors  are  vulnerable , eventhough microsoft cant fix those. 

    • HotCakeX's avatar
      HotCakeX
      MVP
      Mar 20, 2020
      Which processors and why Microsoft can't fix them? source?
  • HotCakeX's avatar
    HotCakeX
    MVP
    Jan 29, 2020
    Hi,
    I think because that article says:
    "Applies to: Windows 10, version 1903, Windows 10, version 1809, Windows 10, version 1803, Windows 10, version 1709, Windows 10, version 1607, Windows 10, Windows RT 8.1, Windows 8.1, Windows 7 Service Pack 1"

    and there is no mention of 1909 in that entire page, so it's safe to assume that it is already fixed in version 1909, otherwise Microsoft would have included it in the article as well.
    • Xavier_2020's avatar
      Xavier_2020
      Copper Contributor
      Jan 29, 2020

      HotCakeXI totally agree with your analyze. The issue is that in reality, according to Microsoft expert internal tests, it is not yet safe or fixed with 1909 version. You still need to manually modify registry.

      • HotCakeX's avatar
        HotCakeX
        MVP
        Jan 29, 2020

        Xavier_2020 

        Spoiler
        Xavier_2020 wrote:

        HotCakeXI totally agree with your analyze. The issue is that in reality, according to Microsoft expert internal tests, it is not yet safe or fixed with 1909 version. You still need to manually modify registry.

        Could you please show me that internal test results?

Resources