I've been spending a lot of time over the past few days dealing with this. We aren't an HP shop so I can't comment on that, but here is what I can say.
We are handling OS updates with our regular patch cycle, just with more vigorous testing to ensure there are no surprises.
- Make sure your AV sets the registry if you want the MS updates. https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
- Ironically, the MS patch can brick AMD machines, so be sure to test those. https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/
- From what I've read, Meltdown patch will cause slowdowns on servers doing a lot of kernel requests, up to 30% on some machines. Workstations shouldn't be affected as badly since desktop apps don't hit the kernel that often.
- Browsers are releasing updates to mitigate Spectre. Firefox has already released the update, IE and Edge should be updated tomorrow on patch Tuesday, and Chrome is releasing an update later this month. Don't know about Safari.
We are actually delaying patching for a week or so while our test group that normally gets a few days is expanded. The concern is for our Hyper-V stuff that the downtime required to patch everything (all guests have to be turned off while hosts are patched) will have to be done more than once as revisions of the patches come out. Im not so convinced that there will be more than 1 but I dont sign the checks so I dont really get to make that decision.
Anyway, here is the link to microsofts articles about it.
This is the general page with all the KB numbers and CVE numbers
This one is more important and is for servers with the registry changes that need to be made
Here are the lists of HP BIOS updates that I know about.
Workstations, Notebooks, etc.
For Microsoft patches, you will need to make sure all machines running A/V software have updated to a compatible version and have added the required registry key for the patch to show as applicable.
Here's a spreadsheet someone is maintaining that provides A/V compatibility info. CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre) Windows antivirus patch compatibility
Important: Windows security updates released January 3, 2018, and antivirus software
For machines without A/V installed you will need to manually add the key for patches to show as applicable. Details are in the link I provided.
Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Windows Server guidance to protect against speculative execution side-channel vulnerabilities
For servers, you will need to add a couple registry keys to enable the patch functionality. Details are in the link I provided.
SQL Server guidance to protect against speculative execution side-channel vulnerabilities
Protecting guest virtual machines from CVE-2017-5715 (branch target injection)
If you're running Hyper-V hosts and virtual machines you will need to follow these instructions. We're a VMware shop.
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
Has anyone created a report to show computer status of specific patches? Need to see which machines have not been patched for vulnerability.
Would like this report myself.