14 DAY TRIAL // Microsoft has just released an emergency Windows update to address a vulnerability in Intel, AMD, and ARM chipsets that would allow attackers to bypass kernel access protections and take control of systems.
The security flaw, which was first believed to exist only in Intel processors, but which was then confirmed to also affect other chips, exposes kernel memory areas in a way that allows all apps to read protected content, thus exposing the data to unauthorized access.
Microsoft responded fast with today’s update, shipping it to all versions of Windows. What’s important to know, however, is that only Windows 10 is getting the update automatically today, while Windows 7 and Windows 8.1 will be offered the update on Patch Tuesday next week. Users can, however, install it manually already via the Microsoft Update Catalog.
Systems enrolled in the Windows Insider program in the Fast ring received the patch before the end of 2017 and no further action is required.
Impact on system performance
The software giant said in a statement it’s not aware of any successful exploits aimed at this vulnerability, and revealed that it’s also in the process of updating its cloud systems to protect against the flaw.
“We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers,” the company said.
It’s believed that deploying the patch could hamper system performance, but Intel claims that any noticeable slowdown depends on the workload, though no specifics were provided in this regard.
A series of updates, however, is likely to come for all affected chips in order to deal with any secondary effects, as the priority right now is to address the vulnerability and block any potential attack.