The January security release consists of security updates for the following software:
The updates address Elevation of Privilege and Information Disclosure. The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 See Lawrence Abrams article at Bleeping Computer which includes a list of vendors official notices, patches and updates, including Amazon, AMD, Apple, Chrome, Intel, Mozilla, nVidia and more.
According to an update added this week, Microsoft says that Windows users will not receive the January 2018 Patch Tuesday security updates, or any subsequent Patch Tuesday security updates, unless the antivirus program they are using becomes compatible with the Windows Meltdown and Spectre patches.
There is a problem where some anti-virus vendors are using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes. To be honest, some of the techniques are similar to ones used by rootkits — Kernel Patch Protection was introduced by Microsoft a decade ago to combat rootkits, in fact. Because some anti-virus vendors are using very questionable techniques they end up cause systems to ‘blue screen of death’ — aka get into reboot loops.