Endpoint Security , Next-Generation Technologies & Secure Development , Open XDR

Microsoft Pauses Windows Security Updates to AMD Devices

Security Update Leaves Some Devices Unbootable; Microsoft Blames AMD
Microsoft Pauses Windows Security Updates to AMD Devices
AMD Athlon 64 CPU on motherboard. (Photo: Nayuki via Flickr/CC)

Microsoft has paused issuing security updates to some Windows PCs with AMD chipsets after reports emerged that the updates were leaving the systems unbootable (see Warning: Microsoft Fix Freezes Some PCs With AMD Chips).

See Also: Gartner Insights: Uncover, Investigate, and Respond to Endpoint Threats with EPPs

On Monday, Microsoft confirmed to Information Security Media Group that it was investigating the reports, which had been documented in long discussion threads on Microsoft's support forum starting on Thursday, that its KB4056892 security update for Windows, designed in part to mitigate the Meltdown and Spectre vulnerabilities, was leaving some systems unbootable.

Users vented their frustration over attempting to recover their systems after the failed updates installed, often automatically. "I understand that making the machine unbootable is the best protection from remote exploitation, but I would rather have the OS working," AMD PC user Jaroslav Škarvada said in a forum posting.

On Tuesday, Microsoft said it was pausing security updates to systems that have an affected AMD chipset. Microsoft blamed the problem on AMD failing to properly document its firmware.

A spokesman declined to comment on that assertion, but did confirm the Windows update problem. "AMD is aware of an issue with some older generation processors following installation of a Microsoft security update that was published over the weekend," the spokesman tells Information Security Media Group. "AMD and Microsoft have been working on an update to resolve the issue and expect it to begin rolling out again for those impacted shortly."

Based on users' reports, the problem appears to affect some older CPUs built by AMD, including Athlon and Sempron, although so far there's been no official summary of what all has been affected. Many Intel chips and at least some chips built by ARM also have Meltdown and Spectre flaws. But to date there appear to have been no reports suggesting that KB4056892 was leaving systems with those chips unbootable.

Microsoft Blames AMD

"After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown," Microsoft says in its security alert. "To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause ... Windows operating system updates to devices with impacted AMD processors at this time."

Microsoft's updated support notes for its KB4056892 security update.

Microsoft has said that to receive any future security updates on any Windows system, KB4056892 must be installed. Hence until the security update gets fixed for Windows PCs with affected AMD chips, they cannot be updated to receive the latest protections.

There's no timeline yet for when the problem might get resolved and working updates for affected AMD systems released. "Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible," Microsoft says.

The problem was no doubt exacerbated by vendors rushing to ship even basic mitigations for the Meltdown and Spectre flaws (see Meltdown and Spectre: Patches and Workarounds Appear).

Google's Project Zero says it developed proof-of-concept exploits for the chipset flaws and reported them to Intel, AMD and ARM on June 1, 2017. As part of a coordinated vulnerability program, all involved researchers and notified organizations agreed to not publicly announce the flaw until Jan. 9, at which point many planned to issue patches. But Google publicly confirmed the flaws on Wednesday after outside researchers began independently unearthing the flaws.

Paused: 9 Updates for Some AMD Systems

Microsoft says nine security updates are being temporarily withheld from affected systems, pending a fix:

Potential Recovery Options

For anyone with an AMD Windows PC that's been left unbootable, Microsoft has pointed to three resources that might help:

Expect Fresh Security Update

On Tuesday, Microsoft released its regularly scheduled monthly batch of Windows patches. But Liverpool, England-based security researcher Kevin Beaumont, who's been tracking patches that are being issued to mitigate Meltdown and Spectre, says it's likely that Microsoft will issue another monthly patch release once it resolve the AMD problem.

Any organizations preparing to issue the January cumulative patch from Microsoft may prefer to wait until they get one that doesn't leave some AMD systems unbootable.

***

Update (Jan. 11): AMD says the patch incompatibilities affected "some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families)" and that it expects the problem to be resolved and Microsoft to begin reissuing security updates by next week (see Spectre Reversal: AMD Confirms Chips Have Flaws).


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.