However, next-gen security providers including Crowd Strike, Cylance, Fire Eye, and Palo Alto Networks have only confirmed compatibility but so far haven't been willing to set the specific registry key.Next-gen providers claim they're not setting the registry key because they don't want to risk causing a BSOD in the event a customer also has other antivirus software installed.

"Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key", Microsoft's updated support page says.

A point to clarify though is that Microsoft won't enforce this requirement indefinitely, but rather only until it sees enough machines have applied the January 3 CPU fixes.

Download now: IT leader's guide to reducing insider security threats However, it seems conventional antivirus products meet both requirements, while next-generation security products have only confirmed compatibility.

Beaumont said Microsoft is using the new certification process to prevent antivirus vendors bypassing Microsoft's Kernel Patch Protection, which it introduced in 2007 to defend against rootkits.

A problem with next-gen providers not setting the registry key is that their products used to be sold as an addition to legacy antivirus, but are now being sold as the primary antivirus.

So customers who've made that switch must manually set the registry key to install the updates, something that Microsoft says should only be undertaken with extreme caution.

As he notes, the bypass technique some vendors are using is similar to the way rootkits work, which involves injecting their product into a Windows hypervisor to intercept system calls to memory locations that Microsoft changed in response to the Meltdown attack.

"Because some antivirus vendors are using very questionable techniques they end up [causing] systems to blue screen of death -- aka get into reboot loops.

Currently, the list of fully compatible antivirus currently includes Avast, AVG, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec.