Microsoft lobs Skylake Spectre microcode fixes out through its Windows

Just go install Intel's patch while we hunt the next CPU-level security flaw in Intel's silicon

By Shaun Nichols in San Francisco


Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips.

Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get KB4090007, which contains Intel's latest microcode patches to address Spectre design flaws in the processor silicon.

Specifically, the update will give those machines patches for CVE 2017-5715, also known as Spectre Variant 2. The branch target injection flaw would potentially allow malware on a PC or server to steal sensitive data, such as passwords, from kernel, hypervisor, or application memory.

The Skylake fixes are part of a larger line of microcode updates for the Spectre flaws that Intel is planning to roll out in the coming weeks. Chipzilla said people should obtain the security patches from their computer manufacturers, or via Microsoft.

Microsoft also gave an update on its work to address the compatibility issues that have arisen between some antivirus apps and its Meltdown/Spectre mitigations.

Redmond said that while it believes the "vast majority" of commercial anti-malware products are now able to handle the mitigations without triggering a blue screen of death, there are still some packages that may have problems, meaning Microsoft will continue to check which antivirus packages are in use and whether it is compatible with the fixes before a system is allowed to install the updates.

"We will continue to require that an AV compatibility check is made before delivering the latest Windows security updates via Windows Update until we have a sufficient level of AV software compatibility," Microsoft explained. "We recommend users check with their AV provider on compatibility of their installed AV software products."

Microsoft's next scheduled security update for all of its products (read: Patch Tuesday) is March 13. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Monday: Intel touts 28-core desktop CPU. Tuesday: AMD turns Threadripper up to 32

It's crazy how a little competition can cause that

Ex-Intel exec Diane Bryant exits Google cloud

Could Chipzilla replace Brian with a Bryant?

Google’s Android Emulator gains AMD and Hyper-V support

But Intel’s HAXM is still ‘Droid’s preferred hypervisor

Cheap-ish. Not Intel. Nice graphics. Pick, er, 3: AMD touts Ryzen Pro processors for business

Quickly follows 2018's Pro Mobile parts

A bit of intel on AMD's embedded Epyc and Ryzen processors

Dips Zen toes into embedded world with hot new SoCs

FYI: Processor bugs are everywhere – just ask Intel and AMD

More chip flaws await

Cray snuggles up with AMD: Clustered super CS500 lets in Epyc chip

Oh dear, Intel... look who's getting cosy with Cray

SHL just got real-mode: US lawmakers demand answers on Meltdown, Spectre handling from Intel, Microsoft and pals

Pact of silence questioned

Microsoft raises pistol, pulls the trigger on Windows 7, 8 updates for new Intel, AMD chips

Don't want to use Windows 10? Then you don't want any fixes

AMD Ryzen beats Intel Core i7 as a heater (that's also a server)

Distributed cloud company now working on Ryzens that warm your shower