Update from Microsoft protects Windows 10 Mobile handsets from Meltdown and Spectre

Share

Microsoft has warned that its fix requires all anti-virus vendors to update their software to set a new Windows registry key, or else its security update won't work.

Microsoft has already issued emergency patches for Windows 10 users.

The flaws allow an attacker to use malware in user mode to reveal the contents of kernel memory, which should not normally be allowed and could result in the leakage of sensitive information, such as passwords.

To avoid causing widespread BSOD problems Microsoft opted to only push its January 3 security updates to devices running antivirus from firms that have confirmed their software is compatible. The support article about the new updates by Microsoft states that the company is also aware of how the vulnerabilities could impact its cloud services and has attempted to secure them.

Be sure to keep tuned for more updates.

The software update protects devices from the so-called Spectre and Meltdown vulnerabilities affecting Intel, ARM and AMD chipsets. The update was delivered though Windows Update. Microsoft and antivirus vendors have published instructions on how to do it, but modifying the Windows Registry incorrectly can cause serious problems, so proceed with caution. Customers with these platforms can install Microsoft Security Essentials. Even if that is successful, however, the operating system quickly attempts to reinstall the PC-freezing patch, they say.

Warning: Microsoft Fix Freezes Some PCs With AMD ChipsMeltdown and Spectre Security Update Bricks Some PCs With Athlon CPUsMathew J. Schwartz (euroinfosec) • January 8, 2018 The view for users of some Windows PCs based on AMD chips after Microsoft's emergency Meltdown and Spectre security update gets installed.

If that wasn't enough, Microsoft also made two changes to its Edge and Internet Explorer browsers to mitigate potential exploits by attacks through JavaScript. One of the security researchers said the bugs are "going to haunt us for years".

A Microsoft spokesperson confirmed to The Verge that the updates are currently rolling out now, and they can be downloaded by either checking with the device's internal update system or by visiting the Microsoft Download Center.

CPUs can leak data when unwinding unused speculative execution paths.

Share