As was said previously if some dweeb security expert was so concerned about the security, why in bloody heck did he blab it to the world? He should have worked quietly with the vendors who could then release patches instead of exposing the flaw so the hackers now have the keys to the backdoor in their hands.
Apparently they didn't, it appears one of the Linux Kernel developers commented the fix and what it was for in the kernel code, being open source any one of a lot of distro devs had that code and naturally would look at it before compiling it for their distro and it was bound to discussed, which is probably how it got leaked.
Lot of confusion going on as well with people thinking the Intel Management Engine fix from a couple of months ago is the one for Spectre and Meltdown and wondering why the Powershell script is saying they are still at risk! arghh! and people trying to get it for AMD processors when it's got nothing to do with AMD, what a mess.
For anyone who has not installed the Windows update patch please go and read the known issues first here
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 to avoid screwing up your system or getting failed installs.
Copied below:
[TABLE="class: cms_table_grid, width: 100%"]
[TR]
[TD="bgcolor: #F2F2F2"]
Symptom[/TD]
[TD]
Workaround[/TD]
[/TR]
[TR]
[TD="bgcolor: #F2F2F2"]Update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the
Reset this PC functionality after installing
KB4054022.[/TD]
[TD]
Note This workaround uses c:\temp and the x64 architecture as examples. Update these examples as appropriate for your environment.
- Download the appropriate version of KB4054022 for your device architecture from the Microsoft Update Catalog to c:\temp. Then run the commands in the steps below from the administrative command prompt.
- Expand the .msu file that you downloaded in step 1.
mkdir c:\temp
expand -f:* windows10.0-kb4054022-x64.msu c:\temp
- End the existing TrustedInstaller processes and install KB4054022 using the Deployment Image Servicing and Management tool.
taskkill /f /im tiworker.exe
taskkill /f /im trustedinstaller.exe
dism /online /add-package /packagepath:c:\temp\Windows10.0-KB4054022-x64.cab
- (Optional) Delete the CBS logs from the Windows Logs directory.
del /f %windir%\logs\cbs\*.log
Microsoft is working on a resolution and will provide an update in an upcoming release.[/TD]
[/TR]
[TR]
[TD="bgcolor: #F2F2F2"]Windows Update History reports that
KB4054517 failed to install because of Error 0x80070643.[/TD]
[TD]Even though the update was successfully installed, Windows Update incorrectly reports that the update failed to install. To verify the installation, select
Check for Updates to confirm that there are no additional updates available.
You can also type
About your PC in the Search box on your taskbar to confirm that your device is using OS Build 16299.125.
Microsoft is working on a resolution and will provide an update in an upcoming release.[/TD]
[/TR]
[TR]
[TD="bgcolor: #F2F2F2"]When calling CoInitializeSecurity, the call will fail if passing RPC_C_IMP_LEVEL_NONE under certain conditions.[/TD]
[TD]Microsoft is working on a resolution and will provide an update in an upcoming release.[/TD]
[/TR]
[TR]
[TD="bgcolor: #F2F2F2"]
Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV has updated the ALLOW REGKEY.[/TD]
[TD]Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”[/TD]
[/TR]
[/TABLE]
How to get this update
This update will be downloaded and installed automatically from
Windows Update. To get the standalone package for this update, go to the
Microsoft Update Catalog website.
.