This week a new vulnerability was flagged for W7 computers and 2008R2 servers - https://www.theregister.co.uk/2018/03/28/microsoft_windows_meltdown_patch_security_flaw
The vulnerability that has been found is related to a problem with the Meltdown patches that were developed for W7 / 2008R2 - the Jan / Feb patches for W7 / 2008R2 can make the servers less secure (see the link for more details).
Microsoft have patched this in the March 2018 releases for W7 / 2008R2 – however there are issues with these patches that can break networking, especially in, but not limited to, VMWare environments. It can cause serious network card issues on physical or virtual computers and servers.
- https://support.microsoft.com/en-us/help/4088875/windows-7-update-kb4088875
- https://support.microsoft.com/en-us/help/4088881
In each of the links above Microsoft have added a script to run prior to installing the new KBs. The script should remove some registry keys making it safe to install the updates – however if they are not accessible, then it will flag this to the user to remove them manually.
Once the script is run, the updates can then be installed.
We have decided NOT to release these fixes via WSUS for CC4 – as there is no control as to whether the scripts have been run on a system or not, which means any unprotected system could lose connectivity with the rest of the network, in some cases causing outages in school networks that would affect teaching and learning and possibly key safety systems in a school.
We recommend customers run the scripts on at least their servers and any windows 7 computers that use static IP addresses and then manually approve the updates - advice can be found in: TEC6182663.
We have liaised with Microsoft and hope to see the issues above fixed in the next patch Tuesday (10th April) – however this is not guaranteed. When we know more information on this issue we will update this blog.