Microsoft lobs Skylake Spectre microcode fixes out through its Windows

Just go install Intel's patch while we hunt the next CPU-level security flaw in Intel's silicon

By Shaun Nichols in San Francisco

Posted in Security, 1st March 2018 23:48 GMT

Microsoft is pushing out another round of security updates to mitigate data-leaking Spectre side-channel vulnerabilities in modern Intel x64 chips.

Redmond said those who run Windows 10 Fall Creators Update and Windows Server Core with Skylake (aka 6th-generation Core) CPUs can go through the Microsoft Update Catalogue to get KB4090007, which contains Intel's latest microcode patches to address Spectre design flaws in the processor silicon.

Specifically, the update will give those machines patches for CVE 2017-5715, also known as Spectre Variant 2. The branch target injection flaw would potentially allow malware on a PC or server to steal sensitive data, such as passwords, from kernel, hypervisor, or application memory.

The Skylake fixes are part of a larger line of microcode updates for the Spectre flaws that Intel is planning to roll out in the coming weeks. Chipzilla said people should obtain the security patches from their computer manufacturers, or via Microsoft.

Microsoft also gave an update on its work to address the compatibility issues that have arisen between some antivirus apps and its Meltdown/Spectre mitigations.

Redmond said that while it believes the "vast majority" of commercial anti-malware products are now able to handle the mitigations without triggering a blue screen of death, there are still some packages that may have problems, meaning Microsoft will continue to check which antivirus packages are in use and whether it is compatible with the fixes before a system is allowed to install the updates.

"We will continue to require that an AV compatibility check is made before delivering the latest Windows security updates via Windows Update until we have a sufficient level of AV software compatibility," Microsoft explained. "We recommend users check with their AV provider on compatibility of their installed AV software products."

Microsoft's next scheduled security update for all of its products (read: Patch Tuesday) is March 13. ®

Sign up to our NewsletterGet IT in your inbox daily

12 Comments

More from The Register

A bit of intel on AMD's embedded Epyc and Ryzen processors

Dips Zen toes into embedded world with hot new SoCs

FYI: Processor bugs are everywhere – just ask Intel and AMD

More chip flaws await

Cray snuggles up with AMD: Clustered super CS500 lets in Epyc chip

Oh dear, Intel... look who's getting cosy with Cray

SHL just got real-mode: US lawmakers demand answers on Meltdown, Spectre handling from Intel, Microsoft and pals

Pact of silence questioned

AMD Ryzen beats Intel Core i7 as a heater (that's also a server)

Distributed cloud company now working on Ryzens that warm your shower

Microsoft raises pistol, pulls the trigger on Windows 7, 8 updates for new Intel, AMD chips

Don't want to use Windows 10? Then you don't want any fixes

Card shark Intel bets with discrete graphics chips, shuffles AMD's GPU boss into the deck

That's a busted flush of a headline

AMD scores EPYC gig powering new Azure instances

Don't pop the champagne yet: Microsoft's still using Intel in same series

'Self learning' Intel chips glimpsed, Nvidia emits blueprints, AMD and Tesla rumors, and more

AI roundup A quick guide to this week's reveals

Google reveals Edge bug that Microsoft has had trouble fixing

Oh great - because Google's explained how to make Edge run dodgy code