On January 10 Microsoft Corporation announced it will not allow downloads of future Windows security updates until your antivirus vendor sets a specific registry key that certifies compatibility with Windows. “Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key”, Microsoft’s updated support page notes.

Why is Microsoft doing this? 

Recently two security vulnerabilities were discovered in the Central Processing Unit (CPU) chip that is the heart of what makes computers work: the recently unleashed threats are called Meltdown and Spectre.  During testing to find solutions to these threats, researchers discovered that some third-party anti-virus vendors were taking shortcuts that wouldn’t block the types of attacks launched by these malicious applications. As a result, Microsoft has issued a new registry key for all third-party anti-virus software vendors to put in their own products to certify compatibility.  No registry key in AV software = no Windows updates for those PCs without the required key.

Is the AV software we use okay?

Security researcher Kevin Beaumont has compiled a list – which is frequently updated – of which AV manufacturers have software updates that are now compliant with the required key, or will soon be compliant.  Since this is a fluid situation here is the link for that list .

What should I do about this?

Here are some suggestions:

  1. Check with your I.T. consultants to be sure you have compatible AV software or programs. If not, have them advise you about next steps.
  2. It’s more important than ever to be sure your hardware, operating systems and software is up to date and supported by manufacturers. Attacks such as these are becoming more frequent.  If your data is adversely impacted, hacked, held for ransomware, or otherwise compromised, it can adversely affect your business and, in the case of law firms, your continuing ability to be allowed to practice law.

It’s important for any firm to ensure its data is secure and its network is functioning smoothly. It is doubly important for a law firm, since ethical rules are involved. Our thanks go to ZDNet.com for this timely announcement. At Crosspointe Consulting Group, our consultants want to help you get the most from your programs and applications. Be sure to call us if your IT consultants need assistance with maintaining your programs, or advise you to upgrade them. We can be reached at 877-357-0555 or contact us at info@crosspointecg.com.