Important information on detection logic for the Intel 'Meltdown' security vulnerability

Version 11

    Overview

     

    Changes to expect in the Ivanti Content:

     

    • With the Ivanti Content release on 04/25/2018, we will be removing detection only patches for machines that do not have the AV registry entry as per the Microsoft article above and will be offering the patches in this document to applicable machines.

    We highly suggest all customers review these issues here:  https://support.microsoft.com/en-us/help/4072699

     

    Quote: We are lifting the AV compatibility check for Windows security updates for supported Windows 7 SP1 and Windows 8.1 devices via Windows Update. We continue to require that AV software be compatible, and in cases where there are known issues of AV driver compatibility, we will block those devices from updates to avoid any issues. We recommend customers check with their AV provider on compatibility of their installed AV software product.

    Affected patches:

     

    • MS18-01-IE Q4056568 - Cumulative Updates for Internet Explorer
    • MS18-01-SO7 Q4056897 - Security Only Update for Windows 7 and Server 2008 R2
    • MS18-01-SO81 Q4056898 - Security Only Update for Windows 8.1 and 2012 R2
    • MS18-01-MR7 Q4056894 - Monthly Rollup for Windows 7: January 4, 2018
    • MS18-01-MR81 Q4056895 - Monthly Rollup for Windows 8.1 and 2012 R2: January 8, 2018
    • MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893 - Cumulative Update for Windows 10 and Server 2016

     

    • MS18-02-IE Q4074736 - Cumulative security update for Internet Explorer: February 13, 2018
    • MS18-02-SO7 Q4074587 - Security Only Update for Windows 7 and 2008 R2: February 13, 2018
    • MS18-02-SO81 Q4074597 - Security Only Update for Windows 8.1 and 2012 R2: February 13, 2018
    • MS18-02-MR7 Q4074598 - Monthly Rollup for Windows 7: February 13, 2018
    • MS18-02-MR81 Q4074594 - Monthly Rollup for Windows 8.1 and 2012 R2: February 13, 2018
    • MS18-02-W10 Q4074588, Q4074592, Q4074596, Q4074590, Q4074591 - Cumulative Update for Windows 10 and Windows Server 2016

     

    Affected CVEs:

     

    • CVE-2017-5753
    • CVE-2017-5715
    • CVE-2017-5754

     

    Link to Security bulletin advisory:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

     

    Additional Information

     

    How to scan for specific patches: How To: Include or Exclude Specific Patches in Scan Results in Shavlik Protect

    How to deploy these patches:  How To: Deploy Windows Security OOB updates released January and February 2018

    How to add the registry using Security Tool IVA18-002 Q4072699: Security Tool: Implement the QualityCompat registry key that enables Windows security updates released on January 3, 2018

    Affected Products

     

    Ivanti Patch for Windows Servers 9.3.x

    Shavlik Protect 9.2.x