Category: updates

Jul 12 2018

Microsoft offers extended support for Windows, SQL 2008—but with a catch

(credit: Marcus W / Flickr)

Windows Server 2008 and 2008 R2, as well as SQL Server 2008 and 2008 R2, are due to move out of extended support over the next few years—SQL Server in July 2019 and Windows Server in January 2020. For organizations still using that software, this offers a few options: keep using the software and accept that it won't receive any more security updates, migrate to newer equivalents that are still supported, or pay Microsoft for a custom support contract to continue to receive security updates beyond the cutoff dates.

Today, Microsoft added a fourth option: migrate to Azure. Microsoft is extending the support window by three years (until July 2022 for SQL Server, January 2023 for Windows Server) for workloads hosted on Azure in the cloud. This extended support means that customers that make the switch to the cloud will receive another three years of security fixes. After those three years are up, customers will be back to the original set of choices: be insecure, upgrade, or pay for a custom support contract.

Microsoft isn't requiring customers to demonstrate that they have any kind of migration plan in place, and this support scheme incurs no additional costs beyond those already imposed by running software on Azure in the first place.

Read 2 remaining paragraphs | Comments

Apr 11 2018

AMD systems gain Spectre protection with latest Windows fixes

Enlarge / An AMD Ryzen. (credit: Fritzchens Fritz)

The latest Windows 10 fixes, released as part of yesterday's Patch Tuesday, enable protection against the Spectre variant 2 attacks on systems with AMD processors.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies. AMD chips are immune to Meltdown but have some vulnerability to the two Spectre variants. Spectre variant 1 requires application-level fixes; variant 2 requires operating system-level alterations.

Both Intel and AMD have released microcode updates to alter their processor behavior to give operating systems the control necessary to protect against Spectre variant 2. Microsoft has been shipping the Intel microcode, along with the operating system changes necessary to use the microcode's new features, for several weeks now; with yesterday's patch, similar protections are now enabled on AMD machines.

Read 2 remaining paragraphs | Comments

Mar 13 2018

Patch Tuesday drops the mandatory antivirus requirement after all

(credit: amalthya / Flickr)

In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antivirus software created a special entry in the registry to indicate that it's compatible with the Windows fixes.

This was due to the particularly invasive nature of the Meltdown fix: Microsoft found that certain antivirus products manipulated Windows' kernel memory in unsupported ways that would crash systems with the Meltdown fix applied. The registry entry was a way for antivirus software to positively affirm that it was compatible with the Meltdown fix; if that entry was absent, Windows assumed that incompatible antivirus software was installed and hence did not apply the security fix.

This put systems without any antivirus software at all in a strange position: they too lack the registry entries, so they'd be passed over for fixes, even though they don't, in fact, have any incompatible antivirus software.

Read 5 remaining paragraphs | Comments

Mar 01 2018

Intel’s latest set of Spectre microcode fixes is coming to a Windows update

Intel Skylake die shot. (credit: Intel)

Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies. Intel released microcode updates for its processors to provide operating systems with greater control over certain aspects of this speculative execution; however, the company's initial releases were found to cause problems.

Intel has since fixed the microcode bugs, but until this point Microsoft has said that Windows users should turn to their system vendors to actually get the new microcode.

Read 5 remaining paragraphs | Comments