More Microsoft Microcode Spectre Patches

Monday, April 30, 2018 @ 04:04 PM gHale

Microsoft released yet another round of software and microcode updates designed to address the CPU vulnerability known as Spectre Variant 2.

Microsoft has been releasing software mitigations for the Spectre and Meltdown vulnerabilities since January.

ICS Spectre, Meltdown Update Part V
Microsoft’s Out-of-Band Meltdown Patch
Intel Details Spectre, Meltdown Fixes; Future CPU Plans
Microsoft’s Out-of-Band MMPE Fix

A new standalone security update enables the mitigations against Spectre Variant 2 in all supported versions of Windows 10 and Windows Server 2016.

Microsoft said last month microcode updates from Intel will end up sent to Windows 10 and Windows Server 2016 users through the Microsoft Update Catalog.

The first round of updates covered devices with Intel Skylake processors and it later inluded Coffee Lake and Kaby Lake CPUs. Now, Broadwell and Haswell processors have have been added to the list.

Meltdown and Spectre allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to CVE-2017-5754, while Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre Variant 1 can be resolved with software updates, but Spectre Variant 2 requires microcode patches as well.

Leave a Reply

You must be logged in to post a comment.