It’s important to protect your computers against the hardware security vulnerabilities known as Spectre and Meltdown. Microsoft has published guidance for IT Pros that outlines the steps Microsoft has taken as well as steps you can take to take advantage of all available protections.
As outlined in the guidance for IT Pros article, Microsoft recommends three steps to help protect against the Spectre and Meltdown vulnerabilities:
- Verify that you are running a supported antivirus application.
- Apply all available Windows operating system updates, including the January 2018 and later Windows security updates.
- Apply any applicable processor firmware (microcode) updates provided by your device manufacturer(s).
To help you keep track of all this, we’re rolling out an update to Upgrade Readiness that provides insight into the status of your devices across these three axes. Note that you may see a large number of blank, “unknown”, or “to be determined” statuses at first. Rest assured, we will be working on enhancing the data that you see in Upgrade Readiness as new information becomes available.
One action that you can take immediately is to ensure that your computers are able to reach the following endpoint:
This may involve adding this URL to your company’s whitelist which may require approval from your security group. This endpoint is used to communicate updates to Microsoft’s compatibility information with client computers. By ensuring your computers can reach this endpoint, you can help them get the most up-to-date information Microsoft has available about supported antivirus solutions and versions, security update statuses, etc.
If you are seeing computers with statuses of “Unknown – action may be required” or similar messages in the Spectre and Meltdown blades, it is likely that you need to whitelist the above endpoint.
We’ll be updating this blog post over the next several weeks as we continue to enhance this feature. In the meantime, please let us know if you have any questions or feedback. You can always reach us at email@example.com.