Windows Meltdown and Spectre patches: Now Microsoft blocks security updates for some AMD based PCs
Microsoft has blocked a number of security updates for some AMD based PCs after discovering that installing updates to combat the Spectre and Meltdown bugs left some devices unable to boot.
Microsoft said it will temporarily stop sending the nine systems updates out to some PCs running particular AMD processors.
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," the company said.
"After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time:
Microsoft said it is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices "as soon as possible", but said for AMD device-specific information users should contact AMD.
Yesterday ZDNet reported that Microsoft's Windows patch for the Meltdown and Spectre attack methods was causing problems for users with AMD Athlon CPUs, according to a number of complaints on Microsoft's community forum. One poster said after installing the update the PC only displayed the Windows logo and otherwise failed to boot. The update was delivered through Windows Update to a "quite pre-historic" computer, specifically running on the AMD Athlon X2 6000+, which was released a decade ago. Others who report the same issue are also using older AMD chips.
The Spectre and Meltdown flaws are critical vulnerabilities found in many Intel chips which could allow an attacker steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents. Since they were discovered the tech industry has been scrambling the fix them, and this problem is just one of the unexpected consequences.
AMD chips aren't vulnerable to the Meltdown attack, but operating system updates could address one of the Spectre attacks it was vulnerable to.
If you have an AMD PC and are stuck in an unbootable state after updating, please call us immediatly and we will help you fix the issue as soon as possible
If you've got an HP notebook or mobile workstation computer, you'll want to check out the latest battery recall from the company. Lithium-ion batteries for affected HP laptops were shipped between December 2015 and December 2017. There have been eight reports of the battery packs overheating, melting or charring, three of which include reports of $4,500 in property damage and one report of a first degree burn to a hand.
You'll want to go to www.HP.com/go/batteryprogram2018 to see if your model is one of the ones named in the recall. If so, you can enable a battery safety mode and get instructions on how to get your battery replaced by an authorized technician, since these batteries are not able to be replaced by consumers. According to the recall notice, affected models include HP ProBooks (64x G2 and G3 series, 65x G2 and G3 series), HPx360 310 G2, HP Envy m6, HP Pavilion x360, HP 11, HP ZBook (17 G3, 17 G4, and Studio G3) Mobile Workstations. In addition, batteries sold as replacement or accessories for the HP XBook Studio G4 mobile workstation are also named.
Update: HP has released a statement about the issue. The quality and safety of all HP products is our top priority. We recently learned that batteries provided by one of our suppliers for certain notebook computers and mobile workstations present a potential safety concern. We are taking immediate action to address this issue including a voluntary recall and replacement of the batteries. This action pertains to 0.1 percent of the HP systems sold globally over the past two years. Customers can visit HP's site to learn if their battery should be replaced. Impacted customers will have their batteries replaced free of charge and may continue safely using their device by placing the battery in Safety Mode and connecting to an external power source.
Amazon, Google and now Apple... as the list of digital giants hit by the "Spectre" and "Meltdown" computer security flaws grows longer, the race is on to limit the damage.
"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple -- whose devices are usually regarded as secure -- said in a post on an online support page on Thursday.
Amost all microprocessors produced over the past 10 years by Intel, AMD and ARM are affected. No PC or mobile device can function without the miniature components that are effectively nerve centres for executing computer programmes and apps.
And that is what distinguishes them from previous security alerts that have tended to involve software rather than hardware.
In theory, Spectre and Meltdown could enable a user to "access kernel level memory access, exposing critical information that would be stored there, like system passwords," said Chris Morales, head of security analytics at Vectra.
Luke Wagner, a software engineer at Mozilla, wrote on a security blog that it was "possible to use similar techniques from web content to read private information".
Effectively, all electronic devices manufactured all around the world in recent years contain potentially vulnerable chips.
The biggest names in the sector, including Amazon, Google, Microsoft and Mozilla, are now rushing out updates and patches to eliminate the flaw.
US giant Intel, as well as its rivals AMD and ARM, have started installing updates.
In a statement on Thurday, Intel said it and its partners "have made significant progress in deploying updates" to mitigate any threats.
"Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years," an Intel statement said.
"In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services."
Apple, for its part, advised only getting apps from its online App Store which vets programmes for safety, and said it has already released some "mitigations" to protect against the exploit and planned to release a defensive update for Safari on macOS and iOS in the coming days.
Difficult to exploit?
But some experts believe that the only real "fix" in some cases would be replacing the chip itself, which would be a huge issue for the computing industry.
That said, the experts concede that hacking the chips would require a very high level of technical expertise and the risks were therefore limited.
The US Computer Emergency Readiness Team (CERT) said that it was "not aware of any active exploitation at this time."
In Germany, the BSI Federal Office for Information Security, similarly found no evidence of any "active exploitation" of the flaw, but still sector players to protect themselves "as quickly as possible."
In addition to the security flaw, Intel found itself in hot water Friday over the announcement that its chief executive had sold some of his shares in the company.
According to the specialist magazine Solutions Numeriques, Intel was aware of the existence of the security flaw in its chips at the end of November. But in the fourth quarter of last year, CEO Brian Krzanich sold nearly 900,000 shares, halving his stake in the company, according to Bloomberg.
A company spokesman told Bloomberg that the sale had nothing to do with the issue of the security flaw, insisting that Krzanich had exercised options according to a pre-set timetable agreed long before.
Owner of Byteback Computers, LLC