Author Topic: Microsoft Out-of-Band Security Update for "Meltdown" and "Spectre" CPU Flaws  (Read 1689 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19714
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Microsoft released out-of-band security updates to address what are being referred to as "Meltdown" and "Spectre" CPU flaws, reported to be affecting almost all CPUs released since 1995.

As explained by John Hazen, Principal PM Lead, Microsoft Edge in Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer, Microsoft released KB4056890 with mitigations for the class of vulnerabilities which can be exploited as described in Security Advisory ADV180002. These  techniques can be used via JavaScript code running in the  browser, which may allow attackers to gain access to memory in the attacker’s  process.

The January security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows

The updates address Elevation of Privilege and Information Disclosure.  The related CVEs are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754  See Lawrence Abrams article at Bleeping Computer which includes a list of vendors official notices, patches and updates, including Amazon, AMD, Apple, Chrome, Intel, Mozilla, nVidia and more.

Important Note:  The update released is incompatible with a small number of anti-virus products and may result in BSOD's.  As a result, the update is only being released  to devices running antivirus software from partners who have confirmed  their software is compatible with the January 2018 Windows operating  system security update.  See Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software for additional information.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

References


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1053
  • advanced techno feeb
    • View Profile
Thank you for this. I woke up this morning to my login screen, and found that windows had installed a cumulative update this morning.

I was wondering what that was about.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1071
    • View Profile
FTR - it was reported these fixes and updates could potentially degrade performance with some processors up to 30% depending on tasks being performed. I have not done any benchmarks to see how things look "on paper", but I can say I have "perceived" no performance degradation whatsoever with any of my systems.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline MikeW

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 559
    • View Profile
I got the update tonight. As far as i can tell there has been no impact on system performance
Win 7 Home Premium  IE11 MSE  Mbam Pro