Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Windows Updates Deliver Intel’s Spectre Microcode Patches

Microsoft announced on Thursday that Windows users will receive the microcode updates released by Intel to patch the notorious Spectre vulnerability.

Microsoft announced on Thursday that Windows users will receive the microcode updates released by Intel to patch the notorious Spectre vulnerability.

Meltdown and Spectre attacks allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to a flaw tracked as CVE-2017-5754, while Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre Variant 1 can be addressed with software updates, but Spectre Variant 2 requires microcode patches.

Microsoft has provided users the necessary software updates and it has now started delivering microcode patches as well.

After the first round of Spectre microcode patches from Intel caused more frequent reboots and other instability problems, the company started releasing new updates. The first patches were for Skylake, then for Kaby Lake and Coffee Lake, and this week for Haswell and Broadwell processors.

Intel has provided the microcode updates to device manufacturers, which are expected to make them available to customers once they have been tested.

For the time being, Microsoft will deliver Intel’s microcode updates to devices with 6th Generation Intel Core (Skylake) processors if they are running Windows 10 version 1709 (Fall Creators Update) or Windows Server version 1709 (Server Core).

“We will offer additional microcode updates from Intel as they become available to Microsoft. We will continue to work with chipset and device makers as they offer more vulnerability mitigations,” said John Cable, director of Program Management, Windows Servicing and Delivery.

When it started releasing software mitigations for Spectre and Meltdown, Microsoft warned that some users may not receive the updates due to antivirus compatibility issues. Cable said a vast majority of Windows devices now have compatible security products installed so they should not experience any problems in getting the patches.

Advertisement. Scroll to continue reading.

“We will continue to require that an AV compatibility check is made before delivering the latest Windows security updates via Windows Update until we have a sufficient level of AV software compatibility,” Cable explained.

After news broke that Intel’s first round of microcode updates caused instability issues, Microsoft released an update that allowed Windows users to disable the problematic Spectre Variant 2 mitigation.

Related: Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patches

Related: IBM Releases Spectre, Meltdown Patches for Power Systems

Related: Malware Exploiting Spectre, Meltdown Flaws Emerges

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.