[German]Microsoft starts rolling out an out-of-band update to mitigate (fix) the Intel CPU vulnerability bug within Windows. Currently the update for Windows 10 is available, patches for Windows 7 and Windows 8.1 as well as the server counterparts will follow.
The Intel CPU bug
Yesterday I reported about a design flaw in Intel's CPUs that has security impacts to all operating system. Details are discussed within my blog post: Design flaw in Intel CPUs set operating systems at risk. The design error may cause processes with normal privileges to gain access to memory areas belonging to the kernel. Intel has issued a statement, saying that others are also affected.
Anyway, Linux kernel developers have been releasing a kernel patch to mitigate the mess Intel shipped with its CPUs (the memory areas of kernel modules and application processes are kept separate and isolated from each other.
Microsoft's statement and an update
Microsoft has also and issued the following statement:
We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers."
According to The Verge, Microsoft will rollout a fix for Windows 10 as an out-of-band security update via Windows Update. But till now, I haven't received such an update on my test machines. Updates for Windows 7 SP1 and Windows 8.1 should be downloadable within the next days.
Design flaw in Intel CPUs set operating systems at risk
Microsoft releases Windows 10 Patch to fix Intel Bug
Critical Updates for Windows and Browser (01/03/2018)
Windows 10: Critical Updates (01/03/2018)
Critical Security Updates for Windows 7/8.1/Server (01/03/2018)
Cookies helps to fund this blog: Cookie settings