The IT giant has rolled out a new batch of software and microcode security updates to address the Spectre flaw (Variant 2).
The Spectre Variant 2, aka CVE-2017-5715, is a branch target injection vulnerability, while the Meltdown and Variant 1 of the Spectre attacks can be mitigated efficiently with software updates, the Spectre Variant 2 requires microcode updates to be fully addressed.
Microsoft is one of the companies that first released security patched to address the Meltdown and Spectre vulnerabilities in Intel chips, has been releasing software mitigations for the Spectre and Meltdown flaws since January.
Now Microsoft issued the security update 4078407 that enables by default the mitigations against Spectre Variant 2 for all Windows 10 and Windows Server 2016 versions.
Microsoft anyway allows advanced users to manually enable the mitigations through registry settings.
“Applying this update will enable the Spectre Variant 2 mitigation CVE-2017-5715 – “Branch target injection vulnerability.”” reads the security advisory published by Microsoft.
Advanced users can also manually enable mitigation against Spectre, Variant 2 through the registry settings documented in the following articles:
In March, Microsoft released the first set of security updates for Windows systems running on Intel Skylake processors and later the tech giant also covered Coffee Lake and Kaby Lake CPUs.
Microsoft also provided updates for Broadwell and Haswell processors.
In April, Microsoft released out-of-band updates for Windows 7 and Windows Server 2008 R2 to fix a severe privilege escalation flaw introduced by the Meltdown security patches.
(Security Affairs – Spectre flaw, Microsoft)