Microsoft To Set Fixes in Place of Meltdown and Spectre Flaws

After last week’s news broke on the Intel’s security flaw, developers and cloud based supporters have been scrambling to adjust and create patches to help secure a single fix against the Meltdown exploit. As the issue continues to affect other operating systems such as Android, Chrome, iOS and MacOS, provider’s such as Microsoft have already begun releasing several updates and patches to help mitigate the vulnerabilities.

Microsoft began beta-testing Meltdown protection as of late November last year, and as of January 3rd they have released Security-only Updates. Below you will find a complete list of all Microsoft Security fixes as well as additional Microsoft resources to help you protect your server against future vulnerabilities.

Microsoft Set Fixes

1. Microsoft has released a PowerShell Script that can check if your PC is vulnerable to Meltdown and Spectre. The script outlines recommended actions and a step by step verification steps that customers can run on their systems to ensure their protections are enabled.

Use the following steps to install and run the test:

  • Press the Windows key and type PowerShell.
  • Right click the PowerShell shortcut and select Run as Administrator.
  • Type Install-Module SpeculationControl and press Enter.
  • If you are prompted to install the NuGet provider, type Y and press Enter, and repeat if you are warned about installing from an untrusted repository.
  • With the installation complete, type Import-Module SpeculationControl and press Enter.
  • Type Get-SpeculationControlSettings and press Enter.

2. In addition, Microsoft recommends modifying Edge and Internet Explorer as they are a particular risk for this type of attack. The modification will remove support for SharedArrayBuffer from Microsoft Edge, and will also reduce the resolution performance.now() in Microsoft Edge and Internet Explorer from 5 microseconds to 20 microseconds, with variable jitter of up to an additional 20 microseconds.

3. Microsoft has also updated their Azure Cloud Computing platform to protect against Meltdown. This is a planned maintenance at the hypervision level, meaning that any Virtual Machines (VM) running on Azure will not need to be patched to protect against Meltdown. These improved security updates and increased quality control will substantially increase the difficulty of browser-based attacks such as password theft.

ATTENTION!

Microsoft Has Blocked a Number of Security Updates for Some AMD Based PC’s after discovering that installing the security updates (stated above) has left some devices unable to boot.

Some supports claim that the compatibility with some set Microsoft fixes is freezing some PCs with AMD chips. As a result, Microsoft will temporarily pause sending the following Windows system updates devices with AMD processors:

What You Can Do?

If you are unable to install the Meltdown patch at this time. It is essential that you update your browser. Firefox, Chrome, Internet Explorer, and Edge have all been updated with protections against the exploit. In addition, be sure to keep an eye on your security software when working without the Patch. Keeping an up to date software can keep malware off your PC.

For additional Microsoft Resources see:

Security Advisory ADV180002 | A Microsoft Security Update Guide

Windows Security Update | Released January 3, 2018, and antivirus software

Windows Client Guidance for IT Pros | To protect against speculative execution side-channel vulnerabilities

Windows Server Guidance | To protect against speculative execution side-channel vulnerabilities

Microsoft Edge and Internet Explorer | How to mitigate speculative execution and side-channel attacks

Microsoft Cloud Protections | against speculative execution side-channel vulnerabilities

Guide to protect SQL Server | against speculative execution side-channel vulnerabilities

We Will Continue To Monitor This Issue And Provide Any Updates On This Post As They Arise!

We are dedicated to providing our clients with the latest technology news and updates happening in your industry. If you would like to receive the latest technology trends and up to date news stories right to your inbox, click the sign up link below!

Yes I Want The Latest Technology News!

Comments are closed.