Recently discovered Spectre variants 3a and 4 affect many modern computer processors. Microsoft has released out-of-bounds patches for Windows 10, containing Intel's latest microcode fixes, which are helpful to protect against new Spectre and Foreshadow CPU attacks. You may check this post for more information.
To help defend against new Spectre and Foreshadow CPU attacks, Microsoft has released out-of-bounds patches for Windows 10.
Recently discovered Spectre variants 3a and 4 affect many modern computer processors. This time, Windows 10 update contains Intel’s latest microcode fixes, which are helpful to resolve the issue.
These vulnerabilities were introduced in detail in May. Spectre variant 4 allows a Speculative Store Bypass attack, letting a malicious script to manipulate a program to display data it processes, and that the script should not have access permission authority, for example, allowing a script running in a browser tab read data from another. It will affect a series of CPU, including Intel and AMD, IBM’s POWER8 and POWER9, and some ARM processors.
At the same time, ordinary programs could be allowed by Spectre variant 3a to view system information, such as status flags, which should be visible only to low-level system software, like device drivers or operating system kernels.
The new patches also include the latest microcode fixes, which can solve the recent Foreshadow chip vulnerability.
Foreshadow affects a range of SGX-enabled Intel Core processors and allows a malicious program to bypass protections and read data from the L1 cache, which is the fast memory available for each processor core.
Microcode is a kind of firmware for the CPU, and these latest patches apply to Intel’s sixth-generation through to the most recent eighth-generation processors.
For every version of Windows 10, Microsoft updates have been released, from the first build 1507, through to 1803, also known as the April 2018 Update.
For those managing machines using Windows Server Update Services (WSUS), updates should be automatically displayed.
You may also download them directly via Microsoft Updates Catalog. The updates were added on 8/20/2018.
If you are using Windows Update you can go to Settings, and under Update & Security, you may find Windows Update. Then select Check for updates to launch the update.
Spectre and Meltdown are vulnerabilities in modern chip design. They may allow attackers to bypass system protections on almost all recent PCs, servers and smartphones – allowing hackers to read sensitive information from memory, such as passwords.
The first variants of these vulnerabilities were announced in January this year. And chip manufacturers and system software vendors have launched a series of patches to try to reduce the risk of attack. Luckily, major browsers have been updated to make it difficult to exploit these vulnerabilities.
Because it is related to the basic features of modern CPUs, especially their use of Branch Prediction and Speculative Execution to speed up their operations, patching variant 2 of the Specter vulnerability has proved particularly difficult.
The result was that Intel firmware updates to reduce the risk of a successful attack, using Spectre Variant 2 caused instability and unexpected restart of the system, resulting in Intel replacing some fixes.
Both Intel and AMD expressed that they are working on reducing the risk cause by Spectre vulnerabilities in future processors. The chips of the two firms are found inside most PCs and servers. And the latest microcode fixes are available for systems running on Intel sixth to eighth generation processors.
However, whether AMD and Intel can redesign their processors to eliminate the risk of Spectre but not having significantly impact on performance is still unclear.