There have been reports about the latest fix to Intel’s microcode to protect against the Spectre vulnerability causing higher than expected reboots and other unpredictable system behavior. So, in light of this, Intel has recommended users hold off on deploying the current fix while they continue testing.
Microsoft has offered an out of band update (KB4078130) that will disable this fix for the time being until a new, tested and stable update has been released. Currently, this Spectre variant has not been used in the wild for any attacks, so the current risk of disabling this patch is seen as fairly low.
Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22, Intel recommended that customers stop deploying the current microcode version on affected processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential effect of the current microcode version, and we encourage customers to review their guidance on an ongoing basis to inform their decisions.
While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing, this update has been found to prevent the described behavior in devices that have affected microcode. For the full list of affected devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an affected device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”
There have been a lot of programs released that can scan your PC for issues and then give you strong worded advertisements to buy the full version of the software so you can fix the issues. However, these purchases are usually unnecessary. Microsoft is aiming to reduce the practice by changing their evaluation criteria for removing the software with Windows Defender.
I’ve seen the software in question many times, and I’ve had customers duped out of money by purchasing the software. Most of the time, they bring their PC to me to fix the issues that the software claimed it would fix. The first step is usually to remove the offending, paid for software, and then continue on with fixing the other issues.
There are a few questions I have, though. How long before the vendors create a workaround for this detection and what would the workaround be? How many false positives will there be? And, will there be a way to turn this feature off if desired? All in all, it’s a good thing and keeps the consumer protected against this scammy software practice.
We have recently updated our evaluation criteria to state:
Unwanted behaviors: coercive messaging
Programs must not display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions.
Software that coerces users may display the following characteristics, among others:
- Reports errors in an exaggerated or alarming manner about the user’s system and requires the user to pay for fixing the errors or issues monetarily or by performing other actions such as taking a survey, downloading a file, signing up for a newsletter, etc.
- Suggests that no other actions will correct the reported errors or issues
- Requires the user to act within a limited period of time to get the purported issue resolved
For collaboration and communication at the workplace, I find that Microsoft Teams does an excellent job. Microsoft has released some new feature updates for the application. Some decent new features are now included by default, and system administrators can have some granular controls for these new features.
New features in Microsoft Teams make it an even more powerful hub for teamwork by enabling you to use apps in new ways—including the ability to command apps and take quick actions from the command box, as well as include content from an app in a conversation. This marks the biggest single release of new functionality since Teams launched last March.
Microsoft has given Windows Insiders a look at the new Windows Diagnostic Data Viewer program that will be released with the next release of Windows 10. This allows greater transparency for Windows 10 users into the diagnostic data that is sent from your device as well as what data that is stored in relation to your device. Windows telemetry has been a big point for a lot of people hesitant to install the OS, and this is one more step in keeping things transparent for those users.
We’ve updated the Microsoft Privacy Dashboard with a new Activity History page which provides a clear and easy to navigate way to see the data that is saved with your Microsoft account. The Microsoft Privacy Dashboard allows you to manage your data and change what data is collected by adjusting the privacy settings on your device or browser at any time.
For those Windows 10 Fast Ring Insiders, a new build has been unleashed – Build 17083. A lot of new things in this build, as well as a lot of fixes. As usual, check the known issues for anything that might be a show stopper for you.
- If you have a VPN client installed via the Microsoft Store, it won’t work after upgrading to this build. If you require your VPN client to work – you might consider holding off taking this new build.
- If you install a font product from the Microsoft Store, then later install a new build (feature update), the Store package will remain installed, but the fonts within the package are not installed. Until this is fixed, the temporary workaround is to uninstall the product from the Apps page in Settings, then re-acquire the product from the Store.
- When users try to create a Microsoft Edge InPrivate window from inside a Mixed Reality headset, a regular window will get created instead. Users won’t be able to use InPrivate inside Mixed Reality in this build. InPrivate on desktop is not affected.
- We’re preparing for the inclusion of OpenSSH Server as a deployment mechanism in Developer Mode. However, the UI code got checked in ahead of the components, and so while there is a “Use OpenSSH (Beta) for remote deployment” switch in the UI under Settings, it won’t work, and turning it on will break remote deployment to that device until the switch is turned off.
- Audio playback from Microsoft Edge is sometimes unexpectedly muted. A workaround is to minimize Edge, count to three, and then unminimize.
- We’re investigating reports that Win32 apps pinned to Start have blank live tiles that show only a name starting with “W~”.
- We’re investigating an issue where using Task View to switch to an app might result in touch not working properly in that app. If you encounter this, restarting explorer.exe will fix it.
- The link for “Advanced display settings” is missing in Display Settings. If you need to access this dialog for now you’ll need to open Run and run “rundll32 display.dll,ShowAdapterSettings 0”.
A new Windows 10 build heads to the fast ring. This time, it’s build 17074. As with the last flight, there is a block for AMD processors at this time. Be sure to read the known issues before installing, in case there is a show stopper in there for your specific case.
When users try to create a Microsoft Edge InPrivate window from inside a Mixed Reality headset, a regular window will get created instead. Users won’t be able to use InPrivate inside Mixed Reality in this build. InPrivate on desktop is not affected.
We’re preparing for the inclusion of OpenSSH Server as a deployment mechanism in Developer Mode. However the UI code got checked in ahead of the components, and so while there is a “Use OpenSSH (Beta) for remote deployment” switch in the UI under Settings, it won’t work, and turning it on will break remote deployment to that device until the switch is turned off.
When you open Task View immediately after an upgrade, Timeline may not be visible. If you encounter this, wait 15-30 minutes and try launching Task View again.
The Windows Defender icon is missing from the systray, even if it shows as enabled in Settings.
Certain devices may hang on the boot screen after upgrading. If this happens to you, go into the BIOS and disable virtualization.
Apps that come preinstalled with Windows may fail to update in the Store with error 0x80073CF9.
Audio playback from Microsoft Edge is sometimes unexpectedly muted. A workaround is to minimize Edge, count to three, and then unminimize.
Upgrading to 17063 or later builds sometimes causes Settings / Privacy / Microphone, Camera, etc. to flip to “disabled”, which breaks camera and microphone access. A workaround is to manually turn them back on.
Mainstream support for Windows 8 & 8.1 ended yesterday without much fanfare. Windows 8 has low market share (around 8% according to NetMarketShare), but there are still people out there using it. Although the extended support still allows security updates, it does not give non-security updates.
Here is more detail on what the different security phases define as support:
Mainstream Support is the first phase of the product lifecycle. At the supported service pack level, Mainstream Support for products and services includes:
- Incident support (no-charge incident support, paid incident support, support charged on an hourly basis, support for warranty claims)
- Security update support
- The ability to request nonsecurity updates
NOTE: Enrollment in a maintenance program may be required to receive these benefits for certain products.
The Extended Support phase follows Mainstream Support for business, developer, and desktop operating system products. At the supported service pack level, Extended Support includes:
- Paid support4
- Security update support at no additional cost
- Nonsecurity related updates requires Extended Hotfix Support to be purchased (per-fix fees also apply).5
Extended Hotfix Support is not available for desktop operating system consumer products. More details are available here.
Bing has added some new features that are pretty cool. Flight Status allows you to search a flight before leaving to the airport to pick someone up or to just check the status of the flight. Also, you can search for various entertainment, TV, and movie information. There is even a way to check out sports playoffs. As with in the past, there are Bing predictions that show who Bing predicts will win the game. I wouldn’t place your bets quite yet, though!
Checking flight status can be a hassle, whether you’re rushing to pick someone up from arrivals, or if you’re in a terminal and want to check that your flight details haven’t changed.
Bing’s new tracking feature alleviates this by letting you look up flight statuses, even when you don’t have the airline or flight number on hand. Simply search by city name or airport code, and Bing pulls the results for you across airlines.
Lately there has been a lot of talk about the death of Cortana as a virtual assistant. From removing the AI assistant from Microsoft Dynamics to a partnership with Amazon and their Alexa assistant. While I don’t think this is going to be the end of Cortana, I think that Alexa on the desktop alongside Microsoft’s Cortana will cause some confusion. Brad Sams takes a look at the new HP Wave PC with built in Alexa and mentions something similar. It’s still early and their integration may end up being a good combination.
If you are looking for Alexa to control your PC, that doesn’t appear to be possible yet as it only operates within its current ecosystem. What this means is that searching your PC is still done with Cortana which puts you in an awkward situation of using two different assistants on the same piece of hardware.
Over the past week or so, there has been a lot of talk about the big, bad vulnerabilities called Spectre and Meltdown. For many, getting the patches out and the problem mitigated is the highest priority. However, there are many out there that are worried about the impact on performance with these latest patches.
Terry Myerson has put up a blog post addressing these worries. For those with CPU’s older than a couple years old, you may have a noticeable impact on system performance. For those with newer CPU’s, there will be an impact, but it will be much less noticeable, if at all.
Here is the summary of what we have found so far:
- With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
- With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
- With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
- Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.
For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead.