Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Releases More Patches for Meltdown, Spectre

Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10.

Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10.

Meltdown and Spectre allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to CVE-2017-5754, while Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre Variant 1 can be resolved with software updates, but Spectre Variant 2 requires microcode patches.

In addition to software mitigations, Microsoft recently started providing microcode patches as well. It initially delivered Intel’s microcode updates to devices running Windows 10 Fall Creators Update and Windows Server 2016 (1709) with Skylake processors.

Now that Intel has developed and tested patches for many of its products, Microsoft has also expanded the list of processors covered by its Windows 10 and Windows Server 2016 updates. Devices with Skylake, Coffee Lake and Kaby Lake CPUs can now receive the microcode updates from Intel via the Microsoft Update Catalog.

Microsoft also informed customers on Tuesday that software patches for the Meltdown vulnerability are now available for x86 editions of Windows 7 and Windows 8.1.

The company has also decided to remove the antivirus compatibility checks in Windows 10. The decision to introduce these checks came after the tech giant noticed that some security products had created compatibility issues with the Meltdown patches. This resulted in users not receiving security updates unless their AV vendor made some changes.

Microsoft has determined that this is no longer an issue on Windows 10 so the checks have been removed. On other versions of the operating system, users will still not receive updates if their antivirus is incompatible.

Microsoft’s Patch Tuesday updates for March 2018 fix over 70 flaws, including more than a dozen critical bugs affecting the company’s Edge and Internet Explorer web browsers.

Related: Microsoft Disables Spectre Mitigations Due to Instability

Related: Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patches

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.