Microsoft: AV Software Can Conflict with Windows Meltdown Patches

Users of some third-party security software won't get Windows security updates that address critical CPU flaws until their antivirus applications are patched.

Meltdown Spectre

Windows users with AMD-based PCs aren't the only ones who are facing delays in receiving patches for the critical Meltdown and Spectre CPU vulnerabilities.

Microsoft is blocking downloads of the security updates on devices running antivirus software that is incompatible with the emergency patches the company recently issued. According to an online support document, antivirus software that makes "unsupported calls into Windows kernel memory" can cause blue screen errors on affected system, preventing them from booting to the desktop.

These errors are also known to Windows users as the “blue screen of death” because they require a complete restart that can result in the loss of data in documents a user was working on before the crash.

"These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot," states the Microsoft advisory. "To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on Jan. 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update."

Microsoft is requiring third-party antivirus vendors to set a registry key before the update is pushed to PCs running their anti-malware software. Naturally, Microsoft's own products (Windows Defender Antivirus, System Center Endpoint Protection and Microsoft Security Essentials) are already comply with the requirement.

Details on the registry key, along with instructions for users who cannot run or install antivirus software and are comfortable tinkering with the Windows registry are available here.

Some antivirus vendors have been quick to respond.

McAfee has rolled out an update to its endpoint security applications. The company claims that the latest versions of several products, including McAfee Anti-Virus, LiveSafe, Total Protection and Internet Security, are compatible with Microsoft's patch.

Symantec alerted its enterprise customers of an incompatibility with the ERASER (Expanded Remediation And Side Effect Repair) Engine found in some of its products. It issued an update on Jan. 4 that addresses the problem and recommended that businesses update their products immediately.

Other security software providers that have also updated their antivirus software include Bitdefender, F-Secure, Kaspersky and Sophos.

CPU Flaws Deal a Performance Hit

In the meantime, IT security professionals aren't the only ones dealing with the fallout of Meltdown and Spectre. Administrators who keep a close eye on system performance may already be experiencing the unwanted effects of the vulnerabilities.

On Jan. 9 blog post, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, said that some users may notice "significant slowdowns" after patching their Windows systems. Eric Wright, technology evangelist at Turbonomic, a cloud workload automation specialist, is warning CIOs about the potential for both slower and costlier IT operations.

"Performance issues that occur as a result of patching the Meltdown and Spectre CPU vulnerabilities will be a challenge for many organizations over the coming weeks and months. Companies are already reporting performance impacts after patching on-premises and cloud infrastructure, and preparing for an increase in public cloud bills since it will now take more time to process the same amount of data," said Wright in email remarks sent to eWEEK.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...