Guidance Regarding Special Microsoft Update Released Outside of Standard Cycle | Information Technology | University of Pittsburgh
!

Guidance Regarding Special Microsoft Update Released Outside of Standard Cycle

Monday, January 29, 2018 - 15:16

 

Since the initial Meltdown and Spectre vulnerabilities announced on Jan. 3, 2018, Microsoft has released a special update (KB4078130) outside of its normal monthly cycle of security bulletins. This update rolls back their original patch, which was issued on January 4, 2018.

At this time, CSSD recommends that departments do not apply any patches or rollbacks for this special Microsoft update (CVE-2017-5715)—unless a system is showing signs of being unstable. Continue to install all other relevant security patches as they are released. 

The additional update is in response to Intel’s announcement on January 22, 2018, that their updates issued for Spectre variant 2 are causing "higher than expected reboots and other unpredictable system behavior" that can lead to "data loss or corruption."

Operating system and software vendors have been scrambling to issue patches for the Meltdown and Spectre vulnerabilities, which affect modern computer processors. Their exploitation could allow an attacker to obtain access to sensitive information. Though, at this time, there are no known exploits for these vulnerabilities.

CSSD is continuing to monitor the issue and will provide updates as necessary. Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions.

Additional information about Microsoft’s special update is available on the following websites: