Thursday 23 August 2018

Windows 10 gets Intel’s patches for worrying new Foreshadow flaw

On the security front, Microsoft has pushed out a new batch of microcode updates for Windows 10 which mitigate against the Foreshadow vulnerability, along with additional Spectre variants.

As ZDNet spotted, the microcode patches, piped over from Intel, address the following flaws in the company’s processors: Spectre variant 3a (‘rogue system register read’) and variant 4 (‘speculative store bypass’), along with Foreshadow, a fresh vulnerability that came to light earlier this month, which hit the firm’s high-end Core and Xeon processors.

The patches have been released for all versions of Windows 10, as well as for Windows Server.

Alternative channel

Microsoft started releasing Intel’s microcode updates to Windows users back in March, hoping to bolster security for the users of the OS, and offering an extra channel to receive protection in case users haven’t had the CPU patches through from hardware manufacturers (via firmware updates, which can take some time to concoct and deploy).

Obviously, it’s good to see these sort of countermeasures pushed forward by whatever means possible, particularly when a new threat has popped up. Foreshadow is a worrying little beast which is (unsurprisingly) impervious to the protection put in place for Meltdown and Spectre, and it doesn’t leave any traces either, so the user won’t likely know that they’ve been hit.

Intel has promised that CPUs released down the line will have protection against Foreshadow baked in.

https://ift.tt/2o3aUaN

No comments:

Post a Comment