Microsoft releases emergency patches to address Meltdown and Spectre vulnerabilities affecting most current processors
Earlier this week, the Google Project Zero team discovered critical security flaws in Intel’s, ARM’s and AMD’s processors that can be exploited to gain access to the entire system powered by the aforementioned CPUs. Google nicknamed these two flaws “Meltdown” and “Spectre” and said that they affect all Intel’s CPUs and the ARM-based SoCs, but have little to no effect on AMD’s chips. Microsoft was quick to address these issues and immediately released a series of patches for systems running Windows 10, but in its haste, the company forgot to provide clear notes on what exactly these patches can fix.
According to a Microsoft spokesperson, the Windows team has been working together with all the implicated chip manufacturers and were able to provide solutions in a timely manner, although it looks like there has not been any Windows customer report involving vulnerability exploits as of yet. The Meltdown vulnerability is considerably easier to fix than Spectre, but both are as critical as it gets when exploited to full effect.
Microsoft mentions that the security patches update the Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine. There are no details regarding how these updates fix the vulnerabilities, however.
Here is the list of all the patches released for various Windows 10 versions:
• Windows 10 Fall Creators Update is receiving KB4056892 (Build 16299.192)
• Windows 10 Creators Update Version 17033 gets KB4056891 (Build 15063.850)
• Version 1607 is getting KB4056890 (Build 14393.2007)
• 1511 receives KB4056888 (Build 10586.1356) – for enterprise and education only.
• The original Windows 10 version is receiving KB4056893 (Build 10240.17738) – for enterprise only.
Even if no reports of the critical exploits have been recorded for now, Windows 10 users are strongly advised to install the security patch.