Headlines:

Microsoft entered the battle against Spectre and Meltdown computer processors vulnerabilities

After Intel warned customers to not deploy firmware updates issued for Spectre and Meltdown flaws because system instability was generated, Microsoft produced its own release, KB4078130. It disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the "Spectre" vulnerabilities.

"Our own experience is that system instability can in some circumstances cause data loss or corruption," Microsoft confirmed in the support document accompanying the update. The update was written for all supported versions of Windows, including Windows 7, 8.1 and 10, as well as the corresponding Server editions. Microsoft also published instructions for manually disabling the defenses against the pertinent Spectre vulnerability.

bugs-on-processors

"We recommend Windows customers, when appropriate, re-enable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device," the company already said. Microsoft has yet not received any information to indicate that these vulnerabilities have been used to attack customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software as well. Congress has some questions about Meltdown and Spectre, and they are calling out those involved. Members of the Committee on Energy and Commerce have drafted letters to the heads of several companies involved in the security flaw.

Comments