Important information on detection logic for the Intel 'Meltdown' security vulnerability

Version 8



    Microsoft has identified a severe compatibility issue with a small number of anti-virus software products.

    We highly suggest all customers review these issues here:

    Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite:

    Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"




    • The patches will be offered for deployment if the key exists.
    • If key does not exist you will be offered the detection only version of this patch.


    Affected patches:


    • MS18-01-IE Q4056568 - Cumulative Updates for Internet Explorer
    • MS18-01-SO7 Q4056897 - Security Only Update for Windows 7 and Server 2008 R2
    • MS18-01-SO8 Q4056899 - Security Only Update for Server 2012
    • MS18-01-SO81 Q4056898 - Security Only Update for Windows 8.1 and 2012 R2
    • MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893 - Cumulative Update for Windows 10 and Server 2016


    Affected CVEs:


    • CVE-2017-5753
    • CVE-2017-5715
    • CVE-2017-5754


    Link to Security bulletin advisory:


    Additional Information


    How to scan for specific patches: How To: Include or Exclude Specific Patches in Scan Results

    How to deploy these patches:  How To: Deploy Windows Security OOB updates released January 3, 2018

    How to add the registry using Security Tool IVA18-002 Q4072699: Security Tool: Implement the QualityCompat registry key that enables Windows security updates released on January 3, 2018

    Affected Products


    Ivanti Patch for Windows Servers 9.3.x

    Shavlik Protect 9.2.x