14 DAY TRIAL // Microsoft and AMD shipped new mitigations against the Spectre vulnerability that come in the form of microcode and operating system patches available for download right now on Windows 10.
AMD says that while Linux users received such updates earlier this year, Windows users needed additional protection against Spectre Variant 2, despite the company admitting that “it is very difficult to exploit” this particular vulnerability on its own processors.
“These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows,” AMD says.
Windows 10 users can get the new patch as part of this month’s cumulative update labeled as KB4093112 in Windows Update and also available separately on the Microsoft Update Catalog website. Only systems that are running the Windows 10 Fall Creators Update (version 1709) are getting the new Spectre patch, while Windows Server 2016 machines should receive them soon after final validation and testing.
Up-to-date Windows users fully protected
AMD says its customers are already protected against Spectre Variant 1 thanks to operating system updates that were released by Microsoft earlier this year, while the Meltdown vulnerability does not impact its processors because of the used design.
In addition to the updates that Microsoft released for Spectre Variant 2, AMD is offering microcode updates that can be installed by updating the BIOS.
“Microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first ‘Bulldozer’ core products introduced in 2011,” AMD explains.
The Meltdown and Spectre hardware flaws were disclosed in early January and since then Microsoft has already shipped several mitigations to protect users, along with microcode updates from Intel and AMD. An up-to-date Windows 10 computer should now be secure against exploits aimed at the three variants, though Microsoft says it’s not aware of any attack of this kind.