Windows 7 meltdown patch - Free Download
Ever since we published our earlier article today on Microsoft releasing out-of-band Windows updates to address the Meltdown and Spectre CPU flaws , we've been getting non-stop requests for clarification and support in installing these patches. An editorial-form article is probably not the best format to give advice, so we're going to present a simple, dumbed-down, step-by-step article on how to get these updates and navigate Microsoft's overly complicated announcement.
There are four Microsoft help pages that we used to compile this information, which you may also want to read, just in case:. It means that if you go to the Windows Update section of your Windows operating system and you press "Check for updates," if something comes up, you're safe to install it. Windows update packages KB numbers are available here.
A different KB number will appear, depending on your operating system and hardware platform. If nothing comes up, that means Windows has detected the presence of an incompatible anti-virus AV application on your system. Microsoft says that during tests, it detected some anti-virus programs causing BSOD crashes that prevented computers from booting after the installation of the Meltdown and Spectre patches.
Microsoft says that currently, whenever users want to update Windows, its update system will check for that registry key on users' PCs. If the key exists, the Windows update process will believe the anti-virus software received an update to support the Meltdown and Spectre patches, and install the proper OS updates as well.
This is where things get messy. Some AV companies have said they don't plan to create that registry key, some said they cannot "technically" create that key, while others will ship updates in the following days. This Google Docs file contains a list of the responses from some AV companies. In simple terms, most AV users will have to wait, as most AV companies have promised to update their products and automatically add the registry key.
The simplest way to go about this is if you can go to the Windows Update section every day and press the "Check for updates" button and you'll receive the update after your AV product creates that registry key.
If you're one of the unlucky souls whose AV company doesn't plan to add that registry key, this is a. We'll display this in red so it sticks out.
Do not run the. Once you've run the file or added the registry key manually, your PC will receive the patches for the Meltdown and Spectre vulnerabilities. Microsoft has also released a set of Powershell one-liners that you can use to check if your PC installed the updates properly, or if you need additional firmware updates.
When starting PowerShell, make sure you start it with Admin privileges so that you can install the required modules. The Powershell command below will download and install a Powershell module for testing for the Meltdown and Spectre flaws. If you run the command and get execution errors, you might need to adjust your Powershell execution policy. Run the following command:. Google says that not all CPUs are vulnerable to the Meltdown and Spectre flaws, but if the result will look like this, with lots of red-colored text, then you're CPU and OS are vulnerable to these attacks.
Most likely, it looks like this. As explained above, this might take a few days for some users with "problematic" anti-virus software. After the updates, you'll need to run the Get-SpeculationControlSettings again. There are two possible scenarios. The image means that your system received patches for the Meltdown bug, but has received incomplete patches for the Spectre bug.
This was to be expected, as Google said yesterday that Spectre is harder to exploit, but also harder to patch. What the red text means is that you need additional chipset firmware updates. Depending on your computer's age, some OEM might not make these firmware updates available, meaning you'll be stuck with an incomplete Spectre patch.
Once you're done, remember to set the Powershell execution police back to a restricted mode, which may be useful in mitigating malware attacks that use Powershell to run malicious commands. Thanks for the info. Good article the AV list is quite useful. Haven't had a chance to run through this yet; but thanks to CC, LA and BC for offering this attempt to clarify what they and most of us , realize is a dynamic, sometimes contradictory, and hastily cobbled together set of recommendations - for an extremely broad spectrum of use-cases.
I'm sure their ears will be ringing with people complaining about their bleeping computer! When I ran the Powerscript I got this info "You are installing the modules from an untrusted repository. Are you sure you want to install the modules from 'PSGallery'? The article says, "The simplest way to go about this is if you can go to the Windows Update section every day and press the "Check for updates" button and you'll receive the update after your AV product creates that registry key.
I'm totally lost here. I'm assuming what this really means is that we are to install this. Is that what this means? Microsoft is only looking for that reg in order to allow you to install the patch. The next question, then, is in that I have the free version of Avira, and it's a well-known antivirus software, how can I know if the free version of Avira is compatible; they don't offer a way means of contacting them, as far as I can tell, unless you have the paid version.
According to the AV spreadsheet by Gossi, Avira v Make sure to update it all the way and check their own statement. So I guess we're good. I just don't know how to check the version of the free edition, though, but it's all good.
Why don't MS add that reg key via their update? I have a 2nd generation Intel i5 in my laptop, is it affected by this loophole? That doesnt exactly ansnwer my question; does this mean my laptop is possibly affected by this or not? I know yes its an i5, but its a Second Generation i5, not a 8th or 7th or whatever generation they're coming out with now.
Are older generations affected? My understanding is that the flaws are present in nearly all CPUs built since the s. Meltdown applies mostly to Intel CPUs. Spectre applies in some form to everything with "speculative execution. However, it won't be patched. The Windows and Linux patches for Meltdown might be applied, but Intel will do nothing because reading between their press release lines it's more than 5 years old.
Plus, the OEM of your laptop would have to provide the firmware fixes, and nobody will provide that for a computer more than years old. I certainly don't expect it, for instance, from Gigabyte for my year-old desktop even though the CPU has the features implicated. I'll be happy at this point if MS keeps supporting Win10 on it.
I had trouble getting the Powershell module installed. Once I'd managed it via, eventually, downloading some package installer thing from Microsoft , Powershell tells me my system is unpatched - though I thought it was patched. For a moment, I thought that the instructions the bleepingComputer article provides were only for servers see https: So now I am confused.
MS add this reg. A cleaner option that most tech engineers once recommended was to: Backup any important license keys in your Anti Virus or Internet Security application if you don't have them already. Backup any personal data in case of system crash - from what I see it won't crash as it won't install unless compatible, but it is still recommended to always have backups. Then Restart, disregarding any security messages about this momentarily.
In the 'old days' we generally all use to uninstall our antivirus applications first, especially on BIG MS security updates. Maybe those old days are gone?
Or maybe that type of support is obsolete? Probably, as I've been away for a few years: I installed all patches. Could you help me to understand it please? False Windows OS support for branch target injection mitigation is present: True Windows OS support for branch target injection mitigation is enabled: False Windows OS support for branch target injection mitigation is disabled by system policy: False Windows OS support for branch target injection mitigation is disabled by absence of hardware support: Mine is showing this after following the guide: False What is the problem?
Shouldn't you set the Set-ExecutionPolicy Bypass back to restricted when done? I think it opens up other holes. It is specified at the end bottom of the article. Yes, seems VERY irresponsible to hand-hold everyone through the exact steps needed - but then to just drop the ball on telling people the exact command to set the Powershell Script Execution Policy BACK to the restricted mode it was on.
The command should be: Get-ExecutionPolicy And confirm that the response comes back as: Restricted If it still says 'Bypass', you need to re-enter the 'Set-ExecutionPolicy Restricted' command and make sure to answer Y and enter to the prompt. Also - I can see another huge problem brewing for people that followed instructions like this to 'check' themselves Install-Module seems to be ps5- how do I install with Enable-Module?
What I find odd is that nowhere does it mention it's for Intel ,the word intel is nowhere to be found? Above worked to some extent for me, although I found this article after I struggled through it and put things together myself. Some of the following is not included above. First I tried windows update and received nothing for I am on window 7 x64 and run Sophos endpoint standalone. I checked and updated Sophos.
Here are Windows 7 and 8.1 fixes for Meltdown and Spectre CPU flaws
How driverless cars, hyperloop, and drones will change our travel plans. Delivered Daily Subscribe Best of the Week Our editors highlight the TechRepublic articles, galleries, and videos that you absolutely cannot miss to stay current on the latest IT news, innovations, and tips. You are commenting using your Facebook account. Not a member yet? You are commenting using your WordPress.
Windows Update for Windows 7 Patch for Meltdown/Spectre
These new speculative execution side-channel vulnerabilities can be used to read the content of memory across a trusted boundary and, if exploited, can lead to information disclosure. My Profile Log Out. Windows for Business blog: I know yes its an i5, but its a Second Generation i5, not a 8th or 7th or whatever generation they're coming out with now. If I install the latest Security Only updates, am I protected from the vulnerabilities described?
January 3, 2018—KB4056892 (OS Build 16299.192)
KB — January While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. Windows Analytics now helps assess Spectre and Meltdown protections. See also Microsoft Knowledge Base Article for more information about affected Surface products and availability of the microcode updates. Security Advisory Consumer Guidance: So ended up going up to RX What is going on with this comment? Most likely, it looks like this. Problems with some anti-virus software may lead to BSODs But Microsoft also warns that the Meltdown and Spectre security fixes are incompatible with some anti-virus products. Seem that AMD scanner doesn't do very good job scanning. Windows 10 will banish Spectre slowdowns with Google's Retpoline patch. Upgrade for users with assistive tech still available.