Microsoft's free analytics service sniffs out Meltdown, Spectre patch status
- 16 February, 2018 07:11
Microsoft's free Windows Analytics service now scans enterprise Windows 7, Windows 8.1 and Windows 10 PCs, and reports whether they've been updated to defend against potential attacks exploiting the Meltdown and Spectre processor vulnerabilities.
The new capabilities of Windows Analytics' "Upgrade Readiness" were announced Tuesday by Terry Myerson, the top Windows executive at the company. Myerson called the vulnerabilities - found by Google security researchers and reported to vendors in mid-2017 - "a new challenge for all of us" because they were in the silicon, not in software.
"We have added new capabilities to our free Windows Analytics service to report the status for all the Windows devices that [IT professionals] manage," Myerson wrote in a post to a company blog.
Windows Analytics is a catch-all label for three separate services - Upgrade Readiness, Update Compliance and Device Heath - all of which pull from the telemetry Microsoft collects from Windows personal computers. Windows Analytics is a benefit of Windows Enterprise licensing, and so is available only to customers running that edition and offers insights only on devices powered by an Enterprise SKU (stock-selling unit), such as Windows 7 Enterprise or Windows 10 Enterprise.
Upgrade Readiness, the service that now includes Meltdown/Spectre scanning, was designed to identify the Windows 7 and Windows 8.1 PCs most likely to accept a Windows 10 upgrade. It can also pinpoint Windows 10 systems that have the best shot at upgrading to the next feature update, like this year's 1803 or 1809.
Upgrade Readiness is the only component of Windows Analytics that uses data harvested from Windows editions other than Windows 10.
With the Meltdown/Spectre update, Upgrade Readiness will show IT administrators whether a PC's antivirus software is compatible with the Windows updates Microsoft issued last month to better secure the OS from exploits. (Microsoft took the unprecedented step of requiring customers to have up-to-date antivirus software on their PC before it would hand over critical security updates to block Meltdown/Spectre.)
For organizations that have yet to widely apply the Meltdown/Spectre Windows security updates, the insights into antivirus deployment will be invaluable.
Upgrade Readiness will now also identify those systems that have successfully installed the Meltdown/Spectre Windows updates, as well as the PCs that have had the update disabled - a temporary measure available to IT - and information on the Intel firmware updates added to machines.
Because the Meltdown/Spectre vulnerabilities exist in the CPU (central processing unit), updates to the firmware are ultimately the best defense (other than replacing the processor with one unaffected by the bugs). At the outset, Upgrade Readiness tracks only Intel updates, but Myerson pledged, "We'll be adding other CPU (chipset) partners' data as it becomes available to Microsoft."
Elsewhere, however, Microsoft acknowledged that although it had kicked off the Meltdown/Spectre detections within Upgrade Readiness, customers should expect to see gaping holes in the information the service provides.
"Note that you may see a large number of blank, 'unknown,' or to be determined' statuses at first," said Zack Dvorak, a Microsoft program manager, in a different post. "Rest assured, we will be working on enhancing the data that you see in Upgrade Readiness as new information becomes available."