SectionGuard and KB4056891 (Meltdown patch)
As you might have noticed, two major security related problems, affecting CPUs have become public knowledge during the last 48 hours: Spectre and Meltdown.
These problems are partially solvable, by patching your systems. Everyone is basically scrambling to get patches for Meltdown in place, and Microsoft has just released an urgent patch for this.
This patch has shown problems with several antivirus vendors, as their kernel drivers cause BSODs after the patch is installed. As a result of this, Microsoft is only pushing the update to customers with antivirus that specifically sets a certain registry key, and thus takes responsibility for applying the patch.
SectionGuard does not have this driver problem, and is not affected by the patch.
To get the patch:
- If you’re not running a 3rd party AV product which sets the key, you need to set a registry key manually
- If you’re running a 3rd party AV product which sets the key, you need to upgrade your AV and the updated AV will set the key
But as SectionGuard is not a traditional antivirus product, and can co-exist with or without an antivirus product, we’ve decided not to set the above mentioned registry key. The dilemma here is, that we might break your incompatible 3rd party antivirus product.
The Microsoft patch page for KB4056891 describes the registry settings needed, should you chose to implement these manually.
Then you need to do a regular Windows Update, and the patch will be applied.
For a comprehensive list of AV vendor support and registry key info, you can look at the spreadsheet by Kevin Beaumont on Google Sheets
If you want to know more details on the exploits in the CPUs, there’s an excellent explanation about the security implications on The Register