Setting that registry works in some situations – but not all.
There’s a master list of supported AV software: http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner Sent: Tuesday, January 9, 2018 8:13 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL? Aaron – If setting that registry key is now mandatory for the time being for the security updates to install, how does that affect OS offline updates servicing in MDT and CM? Broken I assume without manually editing the WIM first for the key? https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software BRIAN ILLNER | Canal Insurance Company 864.250.9227 864.679.2537 Fax Visit canalinsurance.com <http://canalinsurance.com> for news and information. <https://www.linkedin.com/company/canal-insurance-company> WARNING: As the information in this transmittal (including attachments, if any) may contain confidential, proprietary, or business trade secret information, it should only be reviewed by those who are the intended recipients. Unless you are an intended recipient, any review, use, disclosure, distribution or copying of this transmittal (or any attachments) is strictly prohibited. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. While Canal believes this transmittal to be free of virus or other defect, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Canal (or its subsidiaries and affiliates) for any loss or damage arising therefrom. From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Aaron Czechowski Sent: Monday, January 8, 2018 8:40 PM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL? We just published a blog post with a piece on SQL (in Config Manager infrastructure section): https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/ Let me know if you have any further questions/comments. Aaron From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger Sent: Monday, 8 January, 2018 11:52 To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL? Have you read through this yet: https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4073225%2Fguidance-for-sql-server&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575&sdata=DTXKrzyNfoaNdIUhdBwRX5CYT%2BwDHVL5ME5639aRCU4%3D&reserved=0> ? Keeping in mind that's the SQL recommendation, and there isn't (as far as I know), specific guidance from the ConfigMgr team regarding the SQL instances used for ConfigMgr. My (probably incorrect) take on it...It doesn't matter WHAT version of SQL 16 you have. the first SQL 16 version which addresses the vulnerability is CU7 for SP1. So if you are at SQL 16 SP1 No CU, you would want to apply CU7--if your scenario fits one of the scenarios outlined in the guidance, AND you don't care about what the ConfigMgr team has-yet-to-publish for guidance so that you do not break your ConfigMgr SQL instance from working correctly. If you are still using SQL 16 no SP, you'd update to SP1, and apply CU7. That's my likely INCORRECT interpretation. But that's why I'm just waiting for more info, and not trying to guess anything. I personally plan on just "wait for more info" regarding ConfigMgr SQL information, from the ConfigMgr Team. On Mon, Jan 8, 2018 at 12:39 PM, Brian Illner <brian.ill...@canal-ins.com <mailto:brian.ill...@canal-ins.com> > wrote: Could someone explain the SQL updates please? There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR I get that we download the Security Update for CU7 if we have that particular cumulative update installed, but what if its CU4 or CU5? Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU applied at all? BRIAN ILLNER | Canal Insurance Company 864.250.9227 <tel:(864)%20250-9227> 864.679.2537 <tel:(864)%20679-2537> Fax Error! Filename not specified. Visit canalinsurance.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575&sdata=wI5JflSNZ%2BxEX9NqpO8L0oRgXWm6YWdsU2wehw2cMxA%3D&reserved=0> for news and information. <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fcanal-insurance-company&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575&sdata=HyGDLs9ozqKHJETcomBo0Insu6yH83Af3AZkyXt05gc%3D&reserved=0> Error! Filename not specified. WARNING: As the information in this transmittal (including attachments, if any) may contain confidential, proprietary, or business trade secret information, it should only be reviewed by those who are the intended recipients. Unless you are an intended recipient, any review, use, disclosure, distribution or copying of this transmittal (or any attachments) is strictly prohibited. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. While Canal believes this transmittal to be free of virus or other defect, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Canal (or its subsidiaries and affiliates) for any loss or damage arising therefrom. From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> ] On Behalf Of Sherry Kissinger Sent: Monday, January 8, 2018 10:46 AM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL? Based on how I 'interpreted' that tweet, it was specific regarding the SQL patch. In my case, the one I would care about is SQL 16 SP1, the CU7 (Cumulative Update 7). ConfigMgr requires "CLR" to be enabled in order to function. Additionally, the majority of environments except for a super small ones where they might only have ONE server with all roles--almost everyone has at least a MP, DP, or SUP role server elsewhere. Depending on the configuration of those other servers, they likely leverage a SQL 'thing' called Linked Servers. CU7 also modifies Linked server configuration. So just wait on deploying CU7 until further information is available. If you haven't yet gone to SQL 16 SP1 CU6, my understanding is that version is supported/acceptable to SCCM--but it obviously doesn't address the Spectre/Meltdown stuff. On Mon, Jan 8, 2018 at 8:25 AM, John Aubrey <jaub...@norwoodmedical.com <mailto:jaub...@norwoodmedical.com> > wrote: I THINK, there is a SQL patch as well as the Window patches. I applied the Windows patch had SCCM is still working. I think the SQL patch is the one that causes issues. From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> ] On Behalf Of Mike Murray Sent: Friday, January 5, 2018 7:16 PM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL? Could someone expand on this? From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Poole Sent: Friday, January 5, 2018 12:59 PM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL? Thank you, Richard Poole From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Murray Sent: Friday, January 5, 2018 11:55 AM To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> Subject: [mssms] Spectre/Meltdown patch breaks ConfigMgr/SQL? Anyone have issues with this? https://twitter.com/djammmer/status/949122372384141312 <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdjammmer%2Fstatus%2F949122372384141312&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575&sdata=pp6R%2FV%2FK6wM2HDY%2B%2F1HkwDl552psjZiVx3cOZiqiszA%3D&reserved=0> Mike NOTICE: This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Email transmission cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message. This email neither constitutes an agreement to conduct transactions by electronic means nor creates any legally binding contract or enforceable obligation in the absence of a fully signed written contract. -- Thank you, Sherry Kissinger My Parameters: Standardize. Simplify. Automate Blog: http://mnscug.org/blogs/sherry-kissinger <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmnscug.org%2Fblogs%2Fsherry-kissinger&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575&sdata=Bu4QDF%2FMutBXUfgPD6xAMQWxgrPMy2w8fTyY1cnIlBM%3D&reserved=0> -- Thank you, Sherry Kissinger My Parameters: Standardize. Simplify. Automate Blog: http://mnscug.org/blogs/sherry-kissinger <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmnscug.org%2Fblogs%2Fsherry-kissinger&data=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575&sdata=Bu4QDF%2FMutBXUfgPD6xAMQWxgrPMy2w8fTyY1cnIlBM%3D&reserved=0>
