Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Microsoft Disables Spectre Mitigations Due to Instability

Out-of-band Windows updates released by Microsoft over the weekend disable mitigations for one of the Spectre attack variants as they can cause systems to become unstable.

Out-of-band Windows updates released by Microsoft over the weekend disable mitigations for one of the Spectre attack variants as they can cause systems to become unstable.

Both microcode and software updates designed to address the Spectre and Meltdown vulnerabilities have turned out to be buggy, often making systems unbootable or causing them to reboot more frequently. Intel has suspended its patches until the issue is resolved and advised customers to stop deploying the updates.

HP, Dell, Lenovo, VMware, Red Hat and others had paused the patches and now Microsoft has done the same.

The problem appears to be related to CVE-2017-5715, which has been described as a “branch target injection vulnerability.” This is one of the flaws that allows Spectre attacks, specifically Spectre Variant 2 attacks.

Microsoft has confirmed that Intel’s patches cause system instability and can in some cases lead to data loss or corruption. Update KB4078130 released by the company over the weekend for Windows 7, Windows 8.1 and Windows 10 – for both clients and servers – disables the mitigation for CVE-2017-5715.

The company has also provided instructions for advanced users on how to manually enable and disable Spectre Variant 2 mitigations through registry settings.

“As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device,” Microsoft said in its advisory.

Microsoft quickly released mitigations for Meltdown and Spectre after the attack methods were disclosed, but the company’s own updates were also buggy. Shortly after it had started rolling them out, Microsoft was forced to suspend patches for devices with AMD processors due to instability issues.

Advertisement. Scroll to continue reading.

The Spectre and Meltdown vulnerabilities allow malicious applications to bypass memory isolation mechanisms and access sensitive data. The Meltdown attack relies on one vulnerability, tracked as CVE-2017-5754, but there are two main variants of the Spectre attack, including CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2).

Meltdown and Variant 1 of Spectre can be patched efficiently with software updates, but Spectre Variant 2 requires microcode updates for a complete fix.

Intel, AMD and Apple face class action lawsuits over the Spectre and Meltdown vulnerabilities. However, Intel does not appear too concerned that the incident will affect its bottom line – the company expects 2018 to be a record year in terms of revenue.

Related: Industry Reactions to Meltdown, Spectre Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...