From the beginning, Microsoft agreed to include the fix for Spectre in its regular software updates but insisted that Intel and PC manufacturers would have to push the Meltdown fix on their own.
Unfortunately, the overwhelming majority of users are still waiting, and in the meantime, untold millions of machines are at risk. Intel's first attempt at a fix was so spectacularly bad that the company urged users not to install it until a better fix could be rolled out.
Intel has since released an updated fix, but few users have taken advantage of it so far. The reason is because most users simply don't know how. They're not aware that they have to go to Intel's website to manually download and install it, or wait for an OEM push, which could still be months away.
Given this reality and the extreme danger that Spectre poses, Microsoft has reversed course and agreed to make special Windows update releases that include the Spectre fix. The first such update, KB4090007, is now out and available to users.
There are two important caveats to be aware of, however: