Spectre and its fellow microprocessor flaw Meltdown have been the tech story of the year. Probably the most dangerous threat ever seen, companies have been scrambling to shore up systems to prevent Spectre being exploited. None more than Intel, the company at the center of the problem.
Intel has been sending out patches to protect Spectre all year. Microsoft has now taken one of the newer patches. The company already released Intel's Spectre microcode for Skylake processors earlier this year. Now, Redmond has launched more microcode to protect against other Spectre variants on Windows 10.
Specifically, Microsoft has sent out mitigation for several Windows versions. KB4346085 for Win10 version 1709 (Fall Creators Update), KB4346086 for version 1703 (Creators Update), KB4346087 for version 1607 (Anniversary Update), and KB4346088 for version 1507. Additionally, Microsoft also launched KB4346084 for the current Windows 10 April 2018 Update (version 1803).
Microsoft has not announced these updates for Windows Update, which means they won't install automatically. Users can manually update by using the Microsoft Update Catalog portal.
If you have been following Spectre mitigation closely, you may know these updates have been released by Microsoft before. However, the new releases include additional protections, so are worth re-downloading. Specifically, protections against Spectre variants 3a and 4 have been included.
Last month, Intel and Microsoft announced a new problem with processors. Discovered by researchers, three new flaws called Foreshadow could lead to more issues. Similar to Meltdown and Spectre, known as the “L1 Terminal Fault” (L1TF), the vulnerability is another speculative execution problem.
This time researchers found the feature can be exploited for disclosure attacks. While Meltdown and Spectre affected all major processor companies, Foreshadow only affects Intel chips.