This article is more than 1 year old
Microsoft lobs Skylake Spectre microcode fixes out through its Windows
Just go install Intel's patch while we hunt the next CPU-level security flaw in Intel's silicon
Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips.
Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get KB4090007, which contains Intel's latest microcode patches to address Spectre design flaws in the processor silicon.
Specifically, the update will give those machines patches for CVE 2017-5715, also known as Spectre Variant 2. The branch target injection flaw would potentially allow malware on a PC or server to steal sensitive data, such as passwords, from kernel, hypervisor, or application memory.
The Skylake fixes are part of a larger line of microcode updates for the Spectre flaws that Intel is planning to roll out in the coming weeks. Chipzilla said people should obtain the security patches from their computer manufacturers, or via Microsoft.
Microsoft also gave an update on its work to address the compatibility issues that have arisen between some antivirus apps and its Meltdown/Spectre mitigations.
Redmond said that while it believes the "vast majority" of commercial anti-malware products are now able to handle the mitigations without triggering a blue screen of death, there are still some packages that may have problems, meaning Microsoft will continue to check which antivirus packages are in use and whether it is compatible with the fixes before a system is allowed to install the updates.
"We will continue to require that an AV compatibility check is made before delivering the latest Windows security updates via Windows Update until we have a sufficient level of AV software compatibility," Microsoft explained. "We recommend users check with their AV provider on compatibility of their installed AV software products."
Microsoft's next scheduled security update for all of its products (read: Patch Tuesday) is March 13. ®
Biting the hand that feeds IT
