Security Experts:

AMD, Microsoft Release Spectre Patches

AMD and Microsoft on Tuesday released microcode and operating system updates that should protect users against Spectre attacks.

When the existence of the Spectre and Meltdown vulnerabilities was brought to light, AMD downplayed their impact on its processors, but the company did promise to release microcode updates and add protections against these types of attacks to its future CPUs.

Meltdown attacks rely on a vulnerability identified as CVE-2017-5754, while Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). In the case of AMD, the company’s processors are not affected by Meltdown thanks to their design, and Spectre Variant 1 can be addressed with software patches – just like in the case of Intel processors.AMD releases microcode updates to patch Spectre

Mitigating Spectre Variant 2 attacks requires a combination of microcode and operating system updates, which AMD and Microsoft released on Tuesday.

“While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk,” said Mark Papermaster, senior vice president and chief technology officer at AMD.

Microcode updates, which users can obtain from device manufacturers via BIOS updates, have been developed for AMD processors dating back to the first Bulldozer core products launched in 2011. The chip giant has published a document detailing the indirect branch control feature designed to mitigate indirect branch target injection attacks such as Spectre Variant 2.

Windows 10 updates released by Microsoft on Tuesday include Spectre Variant 2 mitigations for AMD devices. The patches are also expected to become available for Windows Server 2016 after they are validated and tested.

Microsoft started releasing Spectre patches for devices with AMD processors shortly after the CPU vulnerabilities were disclosed in early January. However, the company was forced to temporarily suspend the updates due to instability issues.

As for Linux devices, AMD said mitigations for Spectre Variant 2 were made available earlier this year.

While AMD processors appear to be less impacted compared to Intel products, lawsuits have still been filed against the company over the Spectre vulnerabilities.

Related: Intel Shares Details on New CPUs With Spectre, Meltdown Protections

Related: AMD Chip Flaws Confirmed by More Researchers

Related: Intel Will Not Patch Spectre in Some CPUs

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.