• Microsoft has updated its Windows Analytics service to give IT pros an overview of how well protected their IT estate is against the Spectre and Meltdown security vulnerabilities.
  
• A dashboard details which firmware, operating system, and AV compatibility updates are installed, disabled or need to be put in place.

Mitigating the Meltdown and Spectre security vulnerabilities has turned into a major headache for IT admins.

New patches to offset the risk from these flaws have introduced problems of their own, causing computers to slowdown, as well as to both randomly reboot or to stop booting at all, which in turn has resulted in fresh updates to disable earlier problematic fixes.

The difficulty is that the Meltdown and Spectre security vulnerabilities are potentially too serious for any IT admin to ignore. Meltdown and Spectre are vulnerabilities in modern chip design that could allow attackers to bypass system protections on nearly every recent PC, server and smartphone, allowing hackers to read sensitive information, such as passwords, from memory.

To help IT pros navigate the minefield of working out which Meltdown and Spectre patches they should and shouldn’t install on Windows machines, Microsoft has updated its Windows Analytics service.

The updated Windows Analytics dashboard, shown below, will break down which Meltdown and Spectre patches have been installed across an IT estate, in a Windows group or on an individual machine. The overview details which firmware, operating system and AV compatibility updates are installed, disabled or need to be put in place.

The Windows Analytics service dashboard.

Image: Microsoft

The service is available on Education, Enterprise and Pro editions of supported desktop versions of Windows: Windows 7 with Service Pack 1, Windows 8.1, and Windows 10, and requires an Azure Active Directory account to set up.

Microsoft also announced it has rolled the latest operating system and firmware updates to mitigate against Spectre and Meltdown-related attacks into its February Patch Tuesday update.

While Microsoft released an out-of-band update earlier this month to disable Intel’s buggy Spectre-related firmware update, this emergency patch is not included in the February bundle.

The fixes in the Patch Tuesday update will be automatically installed on most Windows PCs but will need to be manually enabled on Windows servers.

Intel has also updated its guidance on which systems are safe to apply its microcode updates to mitigate variant 2 of the Spectre vulnerability, broadening its advice to cover older Intel processors.

via:  techrepublic