Microsoft has released two security updates for Windows 10 and Windows Server to patch vulnerabilities in some Intel processors, related to the Spectre and Meltdown security vulnerabilities.
The flaws are particularly serious as they were integral to the design of Intel CPUs built before October 2018, after which the company added hardware and software mitigations. Meltdown also affects some CPUs designed by AMD and IBM, while some AMD and ARM processors are also vulnerable to Spectre. Patches were released shortly after the bugs were revealed, but some came with a performance hit.
Microsoft's latest updates are KB4558130 for Windows 10 version 2004 and Windows Server version 2004, and KB4497165 for Windows 10 version 1903 and 1909. They can be downloaded direct from the company's website.
They are come after new microcode firmware was released by Intel and are designed to mitigate the following vulnerabilities in affected systems:
- CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
The updates from Microsoft also includes Intel microcode updates for the appropriate Windows 10 and Windows server versions.
Microsoft provides a list of affected Intel CPUs on its site and advises that the updates should only be installed on systems with these processors.
Neustar SVP Rodney Joffe is shortlisted for Security Specialist of the Year in the Digital Technology Leaders Awards
Egor Igorevich Kriuchkov had allegedly offered to pay $1m to a Tesla employee for installing malware on the company's network
How can you encourage employees to protect themselves in the new normal?
Identity and access management has become even more important in the remote working revolution
The leaked documents offered step-by-step guidance about how to pass the CREST exams