Jump to content
mystiky

Meltdown / Spectre and KAV / KIS 18.0.0.405f and Windows 10 new patch: Questions and Answers. [merged]

Recommended Posts

As you may be aware, Intel / AMD / ARM chips have been found to have serious vulnerability.  Known as Meltdown and

https://www.theverge.com/2018/1/3/16844630/intel-processor-security-flaw-bug-kernel-windows-linux

Microsoft already released a FIX for Windows 10.  However, as one reads here, this FIX may not work with some Anti-Virus programs:

https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

So, what is the word from Kaspersky's folks?

Edited by mystiky

Share this post


Link to post

Hi,  I have in one computer Kis2017 patch j and in anothert kis2018 patrch f, windows update doesn't find the update and I downloaded it from microsoft catalog. If Your pc has this REGKEY
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

 

Kaspersky is compatible with the patch (the 2 pacthes j for kis2017 and f for kis2018 create this regkey to be compatible with the microsoft patch)

Share this post


Link to post

Due to the Intel hardware issue discovered Microsoft released KB4056892 (OS Build 16299.192) for Windows 10.  According to an article I just read

http://www.zdnet.com/article/windows-meltdown-spectre-patches-if-you-havent-got-them-blame-your-antivirus/?loc=newsletter_large_thumb_featured&ftag=TRE-03-10aaa6b&bhid=20312173897669011625312597204853

"To avoid causing widespread BSOD problems Microsoft opted to only push its January 3 security updates to devices running antivirus from firms that have confirmed their software is compatible.

"If you have not been offered the security update, you may be running incompatible antivirus software and you should follow up with your software vendor," the company explains."

I have not been offered the update from MS and performing a search for updates reveals my PC is up to date at KB4054517 (OS Build 16299.125). I can not find any mention of the AV vendors that are in compliance. Is Kaspersky one of those that will NOT allow this MS update to be installed? If not, is there a patch forthcoming from Kaspersky to correct this or is it time to choose another vendor?

Share this post


Link to post

Thanks.  I have it but Windows Update (Windows 10) has not yet updated me.  I tried a manual check just now, and still nada.

Share this post


Link to post

I have the registry key but Windows Update does not update.  I am running kis 18.0.0.405(f)

 

 

Share this post


Link to post

Same here, Im running kav 18.0.0.405(f) and windows update wont let me update my PC...

Share this post


Link to post

I read Microsoft has problems with the update... This I think is the cause, why they have stopped rolling out it :)

Share this post


Link to post

I'm running kav 18.0.0.405(f) and windows update doesn't update my PC (win 10 x64, 16299.125). The REGKEY is already the same one which @mary7 mentioned  in #3.

Edited by Kiwie

Share this post


Link to post

FWIW, I noticed that the manual patch (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892) page dated 1/3  with the Microsoft Catalog link (http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892) is actually dated 1/4.  Note that the catalog won't display in my IE, but will display and download with Edge (UPDATE: tried it again and it downloaded something call Microsoft Catalog which now displays properly in IE).  I'm going to give it a bit more time with the regular Windows Update before manually installing. 

 

 

Edited by JGAta2

Share this post


Link to post

fwiw I did a manual update of KB4056892 from the Microsoft Catalog site and updated without issue on 2 Win10 pcs running KIS 18.0.0.405f

Share this post


Link to post

I realize that after 2018 Protection against screenshots  is not working properly The corner of all sites I try on chrome have the green secure lock but when I take a  screenshot to test secure protection the screen doesn't turn black I  still see the screenshot.

any solution yet?

and yes my windows 10 is not updating.

Share this post


Link to post
1 hour ago, GregLauver said:

To later posters who are worried about not getting a Windows Update yet:  drgaz gave you a good answer in the second post at the top.

Read  https://support.kaspersky.com/14042  and expect your Windows Update no sooner than January 9.

First of all, this link dated December 29th 2017 is titled "Compatibility of Kaspersky Lab solutions with the Microsoft Security update of January 9, 2018."  The original poster and most of us are asking about the security update that was already released January 3rd (https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released) and which Microsoft has stated if it has not yet downloaded, it might be the AV vendor's fault.  Second of all, the link does not name KIS and KAV as incompatible.  The only products named incompatible are business products: Kaspersky Endpoint Security 10 for Windows,  Kaspersky Small Office Security and Kaspersky Anti-Ransomware Tool.  As we have pointed out, we all have the registry compatibility key installed so it is puzzling why the January 3rd security patch as documented by Microsoft as already released is not yet being downloaded.

Share this post


Link to post

I think Issue might be with the key Kaspersky update is making.

Can someone confirm this?

I read on MS webpage it is suppose to be DWORD Value called "cadca5fe-87d3-4b96-b7fb-a231484277cc" with Data set to "0"

My Kaspersky made on the other hand new !!!KEY!!! "HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" with Value "Default" and Data "0" and there is nothing in QualityCompat except Default=0

and that is a big difference!

Edited by mikw

Share this post


Link to post
54 minutes ago, JGAta2 said:

First of all, this link dated December 29th 2017 is titled "Compatibility of Kaspersky Lab solutions with the Microsoft Security update of January 9, 2018."  The original poster and most of us are asking about the security update that was already released January 3rd (https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released) and which Microsoft has stated if it has not yet downloaded, it might be the AV vendor's fault.  Second of all, the link does not name KIS and KAV as incompatible.  The only products named incompatible are business products: Kaspersky Endpoint Security 10 for Windows,  Kaspersky Small Office Security and Kaspersky Anti-Ransomware Tool.  As we have pointed out, we all have the registry compatibility key installed so it is puzzling why the January 3rd security patch as documented by Microsoft as already released is not yet being downloaded.

But the linked article seems only to be talking about business solutions. It doesn't say whether the home solutions (e.g. KIS, KTS) are compatible or not. It doesn't say they're one of the incompatible solutions but then it goes on to talk about "Other Windows based endpoint solutions for business ... are not affected". What about home solutions, is there another article?

As said above, it looks like the correct key is in place with patch f (it is there on my machine), but this particular article isn't helpful.

Edited by shammatt

Share this post


Link to post

@JGAta2 - This issue was discovered at least a couple of months ago; it's now "breaking news" only to the public.  Some lag may have been added to accommodate  third-party security vendors, or Kaspersky's January 9 estimate may have been based on intel available on December 29.  In any case ...

(1) There is no evidence that this issue has yet been exploited in the wild.  (2) Given the chaos and the scale of the rapid responses, it seems too soon to assume that applications and/or promises have been broken.  Give it some time.

Share this post


Link to post
22 minutes ago, mikw said:

I think Issue might be with the key Kaspersky update is making.

Can someone confirm this?

I read on MS webpage it is suppose to be DWORD Value called "cadca5fe-87d3-4b96-b7fb-a231484277cc" with Data set to "0"

My Kaspersky made on the other hand new !!!KEY!!! "HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" with Value "Default" and Data "0" and there is nothing in QualityCompat except Default=0

and that is a big difference!

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 

 

the reg key Is

Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD

Data="0x00000000

I have this but Windows Update doesn t find the KB4056892, I installed it with microsoft catalog and the computers run ok. The risk is a blue screen or pc that crash at start but I have t the problems on all my 3 computers after installed the patch

 

 

Share this post


Link to post
19 minutes ago, mikw said:

I think Issue might be with the key Kaspersky update is making.

Can someone confirm this?

I read on MS webpage it is suppose to be DWORD Value called "cadca5fe-87d3-4b96-b7fb-a231484277cc" with Data set to "0"

My Kaspersky made on the other hand new !!!KEY!!! "HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc" with Value "Default" and Data "0" and there is nothing in QualityCompat except Default=0

and that is a big difference!

This is not "the issue".  When I looked at the machine I use constantly (which is therefore updated constantly), its registry HKLM subkey had both the correct value and its own cadca5fe... subKey by the same name.  Then I became curious and fired up my notebook to look at the registry, and found what you described.  Since it had not been updated for a few days, KIS2018(f) complained that it was out of date; so I ran its update, rechecked the registry, and found the correct value newly added.

Share this post


Link to post
3 hours ago, GregLauver said:

(1) There is no evidence that this issue has yet been exploited in the wild.  (2) Given the chaos and the scale of the rapid responses, it seems too soon to assume that applications and/or promises have been broken.  Give it some time.

I normally would agree if Microsoft was not making a big deal about this saying that we should have the patch and if we don't to contact our AV vendor.  What if the Microsoft registry hack isn't working right?  Has anyone had a successful install through Windows Update?  The only installations I can point to are the manual ones.  I would think that Google would be full of people not getting the update if this was a widespread delay not related to the AV vendor.

Share this post


Link to post
1 hour ago, JGAta2 said:

I normally would agree if Microsoft was not making a big deal about this saying that we should have the patch and if we don't to contact our AV vendor.  What if the Microsoft registry hack isn't working right?  Has anyone had a successful install through Windows Update?  The only installations I can point to are the manual ones.  I would think that Google would be full of people not getting the update if this was a widespread delay not related to the AV vendor.

I have a new windows 10 laptop, fully patched, and never had Kaspersky or any other AV other than defender, and manually requesting windows updates does not offer this windows update. It is not yet available from Microsoft yet, which appears unrelated to antivirus.

Share this post


Link to post

I agree with JGAta2 on his concern for uncertainty of the compatibility of the Microsoft Update with Kaspersky's consumer products.  The question is simple, the answer should already be out.  (See below link, it appears consumer products ARE compatible with the Microsoft update).

My work computer (Windows 10 using Windows Defender only) received the Microsoft update yesterday (KB4056892).

My two homebuilt computers (running KAV2018) did not receive the Microsoft update.  I checked both yesterday evening and this morning and also performed manual updates on KAV to no avail.  I am wondering if perhaps the low hanging fruit (Win10 computers using Windows Defender only) was updated immediately whereas those with any 3rd party AV (present or residual) is being deferred till Jan 9th?  Can anyone confirm that they did automatically receive KB4056892 via Windows Update on a system using another 3rd party vendor's AV/IS product?

A word to Kaspersky:  Please link the Meltdown and Sceptre related news on your HOMEPAGE.  Having to drill down into the blog for such important information seems like an unnecessary hurdle and may be hindering others from seeing the information.

Update:  https://usa.kaspersky.com/blog/two-severe-vulnerabilities-found-in-intels-hardware/14326/

It appears Kaspersky has addressed our concern (above) by saying that "Both business and consumer solutions from Kaspersky Lab are fully compatible with this update.  Microsoft delivers the update only if the system is flagged as ready, and from our side, the readiness flag has been included in the updates that were delivered on December 28, 2017.  If your antivirus databases are up to date, then your computer is ready to receive the Windows update that fixes Meltdown. If you haven’t received it yet, you soon will, and we strongly recommend you install it as soon as possible."

So the question is, why is Microsoft holding back on updating our systems (with Kaspersky products)?

Edited by schwaps

Share this post


Link to post

I think there is no need to panic with Kaspersky home products, I've reading many users concerns about it in different security forums where I'm also active, with different security products than Kaspersky and still no patch, and many users are updating manually, just be a bit patient and the update will come probably on 9th January :)

I have 2 systems (see my signature): desktop AMD + W10FCU + KTS2019 beta 903 and yesterday night got the patch automatically, and laptop Intel + W10FCU + KTS2018f still no patch,  but I'm not going to force the patch manually... :)

Share this post


Link to post

I agree that panicking is unwarranted.  However, the way the news and media has spun this up, those of us with even the slightest bit of anxiety or OCD coupled with a technical background (a significant percentage I might add) are going to panic.  I even heard the news on a non-technical talk radio station which was quite unexpected.  Not-to-mention, it is difficult to weed out all the Fake News to find the truth.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.