Microsoft has resumed issuing patches to fix Meltdown and Spectre CPU vulnerabilities in PC CPUs after the software giant and its hardware partners have had time to evaluate the best ways fix what proved to be a complex cyber-security problem.
Like most major software vendors, Microsoft rushed to update its Windows operating systems after the software giant was notified of the vulnerabilities in modern-day computer processors.
That’s because it was clear after the vulnerabilities were disclosed in early days of 2018 that they can undermine some of the most fundamental data protection mechanisms found in today’s CPUs, including those from Intel, Advanced Micro Devices (AMD) and Arm.
Meltdown and Spectre essentially dissolve the barriers that prevent applications and attackers from arbitrarily accessing system memory. If exploited, the flaws could potentially allow attackers and malicious software to access memory locations that are ordinarily off limits, exposing sensitive information.
Although few Meltdown- and Spectre-based attacks have been detected so far, the risk posed by flaws have the IT industry on high alert and still dealing with the fallout. Microsoft released an emergency patch for Windows in January to reverse an earlier microcode patch from Intel that caused instability in some systems with Broadwell and Haswell processors.
Now, Microsoft is taking a more cautious approach to issuing Windows patches that touch both the operating system and any Intel-based hardware it runs on.
“While firmware (microcode) security updates are not yet broadly available, Intel recently announced that they have completed their validations and started to release microcode for newer CPU platforms,” wrote John Cable, director of Program Management, Windows Servicing and Delivery, at Microsoft in a March 1 blog post.
“Today, Microsoft will make available Intel microcode updates, initially for some Skylake devices running the most broadly installed version of Windows 10—the Windows 10 Fall Creators Update—through the Microsoft Update Catalog, KB4090007.”
First introduced in 2015, Skylake is the codename of Intel’s sixth-generation Core processors. According to the support document pertaining to KB4090007, the patch will target the Skylake H and S processors for notebooks and desktops, along with power-sipping Intel Core m processors, Skylake U/Y and U23e chips. The patch applies to version 1709 of Windows 10 and the Datacenter and Standard editions of Windows Server.
Of course, Microsoft is just one of several operating system makers that have had to issues fixes for Meltdown and Spectre.
On Jan. 28, and a little later than usual, Linus Torvalds released Linux 4.15 with patches addressing the CPU flaws. In his release announcement, he acknowledged that the process for releasing the new Linux kernel “was not a pleasant release cycle, with the whole Meltdown/Spectre thing coming in in the middle of the cycle.”
A day later, Apple announced it had released a series of updates for various macOS operating systems and other software, including macOS Sierra, High Sierra, El Capitan, iOS and the Safari browser on select versions of macOS.
Google, whose Project Zero cyber-security research unit had a hand in unearthing the CPU vulnerabilities, was quick to address them across its product portfolio, including Android and Chrome OS, the company revealed on Jan. 3.