The IT giant has rolled out a new batch of software and microcode security updates to address the Spectre flaw (Variant 2).
The Spectre Variant 2, aka CVE-2017-5715, is a branch target injection vulnerability, while the Meltdown and Variant 1 of the Spectre attacks can be mitigated efficiently with software updates, the Spectre Variant 2 requires microcode updates to be fully addressed.
Microsoft is one of the companies that first released security patched to address the Meltdown and Spectre vulnerabilities in Intel chips, has been releasing software mitigations for the Spectre and Meltdown flaws since January.
Now Microsoft issued the security update 4078407 that enables by default the mitigations against Spectre Variant 2 for all Windows 10 and Windows Server 2016 versions.
Microsoft anyway allows advanced users to manually enable the mitigations through registry settings.
“Applying this update will enable the Spectre Variant 2 mitigation CVE-2017-5715 – “Branch target injection vulnerability.”” reads the security advisory published by Microsoft.
Advanced users can also manually enable mitigation against Spectre, Variant 2 through the registry settings documented in the following articles:
In March, Microsoft released the first set of security updates for Windows systems running on Intel Skylake processors and later the tech giant also covered Coffee Lake and Kaby Lake CPUs.
Microsoft also provided updates for Broadwell and Haswell processors.
In April, Microsoft released out-of-band updates for Windows 7 and Windows Server 2008 R2 to fix a severe privilege escalation flaw introduced by the Meltdown security patches.
(Security Affairs – Spectre flaw, Microsoft)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.