WSUS AMD and Spectre
I ended up with the task of necroing our WSUS server right when Spectre/Meltdown hit.
WSUS seems straightforward for the most part, but all 64 bit machines are showing AMD64 for their processors when they are not.. I have read that this is because of the instruction set of the CPU and isn't a big deal. However because of it I think WSUS isn't pushing out the Spectre patches to these machines. Anyone know of a way around this? Or better yet a way to get WSUS to see them correctly? This is WSUS 4.0 on Server 2016 and the server is fully updated.
WSUS seems straightforward for the most part, but all 64 bit machines are showing AMD64 for their processors when they are not.. I have read that this is because of the instruction set of the CPU and isn't a big deal. However because of it I think WSUS isn't pushing out the Spectre patches to these machines. Anyone know of a way around this? Or better yet a way to get WSUS to see them correctly? This is WSUS 4.0 on Server 2016 and the server is fully updated.
Comments
-
techster79
Member Posts: 169 ■■■□□□□□□□
It's because of certain AV programs that aren't compatible with the patch. You have to deploy a registry key for the update to show needed in WSUS. Here's the details:
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-softwareStudying for MCSE: Server Infrastructure (70-414 left) -
J_86
Member Posts: 262 ■■□□□□□□□□
Microsoft pulled the patches for AMD processors:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 -
blatini
Member Posts: 285
All of our processors are Intel, not AMD, but it still displays AMD64 for the processor (should have been more clear originally). This is what a Win10 Enterprise machine shows for its info.
Also we have Sophos and they deployed the registry fix. Even on computers with that reg value it is not being pushed out. The only thing I can really think of is that WSUS sees an AMD processor type and rejects it.