March security updates expand Meltdown-Spectre protection for Windows

Microsoft fends off mining malware attack

The long, slow process of patching more than a billion PCs worldwide against the Meltdown and Spectre attacks continued today, with Microsoft's release of an assortment of software patches for multiple Windows versions as well as an expanded release of Intel microcode updates.

Today's Patch Tuesday release includes security updates that defend against the Meltdown vulnerability on PCs running x86 versions of Windows 7 and 8.1. With those updates, all currently supported Windows releases now include defense against this vulnerability.

For devices running Windows 10, today's security updates also remove the antivirus compatibility check that had blocked earlier cumulative security updates. In a companion blog post, Microsoft noted that it will continue to block security updates on PCs running antivirus drivers that are known to have compatibility issues.

In a separate but related release, Microsoft announced it is significantly expanding the number of Intel-validated microcode updates it's making available through the Microsoft Catalog site. The new updates mitigate against Spectre Variant 2 (CVE 2017-5715) and apply to a broad set of Skylake, Kaby Lake, and Coffee Lake Intel processors.

The full list of firmware updates is available in "KB4090007: Intel microcode updates." As with the first round of updates released several weeks ago , these new updates must be downloaded separately and can be installed only on machines running Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core).

In addition to installing the microcode updates, full protection requires modifications to the Windows registry, as described in a pair of technical articles that cover Windows client software and Windows Server releases .

Microsoft says it plans to continue issuing software and microcode updates as they become available, which means that IT managers will need to continually monitor their vulnerability to these attacks for months or even years to come.

關鍵詞:Windows 網絡安全


Windows Spectre Patches Are Here, But You Might Want to Wait

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown

Intel to fix Meltdown and Spectre in new chips; releasing code for older processors

Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Year

Meltdown/Spectre: Intel plans changes to protect its chips

Windows 7, Windows 10 Receive New Meltdown and Spectre Patches

Microsoft Expands Spectre and Meltdown Protection to Windows 7 and 8.1 PCs

Microsoft details steps being taken to address Spectre and Meltdown vulnerabilities