ADV180013

Описание

Executive Summary

On January 3, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees.  On May 21, 2018, Intel announced the Rogue System Registry Read vulnerability and assigned CVE-2018-3640.

An attacker who has successfully exploited this vulnerability could then bypass Kernel Address Space Layout Randomization (KASLR) protections. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The mitigation for this vulnerability is exclusively through a microcode/firmware update, and there is no additional Microsoft Windows operating system update.

Recommended Actions

To protect your system from this vulnerability, Microsoft recommends that you take the following actions:

1. Register for Security Update email alerts to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications
2. Deploy updated microcode when it becomes available. Surface customers will receive updated microcode in the form of a firmware update through Windows Update.  For third party OEM device hardware, we recommend customers check with their device manufacturer for microcode/firmware updates. For a list of OEM manufacturer websites see Microsoft Knowledge Base article 4073757.

References

See the following links for further information related to CVE-2018-3640:

• Intel: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

FAQ

1. When will the firmware updates be available?

If you have a non-Microsoft device, we suggest contacting your OEM for ths information. For Microsoft devices, we will amend this advisory when microcode/firmware updates become available. Additionally, we will notify customers via security notification service email. To sign up for this notification email see Microsoft Technical Security Notifications.

2. Will there be updates for Windows operating systems?

There is no software mitigation needed. The mitigation for this issue is exclusively a processor microcode/firmware update. Affected users should contact their hardware vendor for these updates.

3. Where can I find information regarding the Speculative Store Bypass (SSB) vulnerability CVE-2018-3639?

For information about CVE-2018-3639, see ADV180012 | Microsoft Guidance for Speculative Store Bypass.

4. Where can I finder further information on Microsoft guidance for Spectre and Meltdown vulnerabilities? 

See ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities.