Last month, I shared some insights into what we learned early on in helping customers respond to the industry-wide vulnerabilities of Spectre and Meltdown. A top question we continue to hear from IT professionals around the world is how can they best assess if the Windows devices across their enterprise are protected?
These hardware-based security vulnerabilities are a new challenge for all of us. Customers’ devices require both updates to CPU microcode (firmware) and the Windows operating system, and anti-virus software must be compatible with the latest Windows updates.
To help IT professionals everywhere, we have added new capabilities to our free Windows Analytics service 1 to report the status for all the Windows devices 2 that they manage. These new capabilities include:
- Anti-virus Status: Some anti-virus (AV) software may not be compatible with the required Windows Operating System updates. This status insight indicates if the devices’ anti-virus software is compatible with the latest Windows security update 3 .
- Windows Operating System Security Update Status: This Windows Analytics insight will indicate which Windows security update is running on any device and if any of these updates have been disabled. In some cases, IT Administrators may choose to install the security update, but disable the fix . Our complete list of Windows editions and security updates can be found in our Windows customer guidance article .
- Firmware Status – This insight provides details about the firmware installed on the device. Specifically, this insight reports if the installed firmware indicates that it includes the specific protections required. Initially, this status will be limited to the list of approved and available firmware security updates from Intel 4 . We will be adding other CPU (chipset) partners’ data as it becomes available to Microsoft.
Windows Analytics is currently being used on millions of devices to gain data-driven insights that reduce the cost of deploying, servicing, and supporting Windows. If you are not already, please get started today to take steps to help protect your organization.
1 Free Windows Analytics services include Upgrade Readiness and Update Compliance. Other Windows Analytics services may require a subscription. Learn more here
2 Windows 7 SP1, Windows 8.1 and Windows 10 devices
3 This capability requires that devices have the latest compatibility KB installed, available in the following February 2018 compatibility KBs:
- Win7 SP1: KB2952664
- Win8.1: KB2976978
- Win10: KB4033631
4 As available from Intel. Customers should also check with their CPU (chipset) and device manufacturers on availability of applicable firmware security updates for their specific device.