Microsoft Issues Windows 10 Patches For Spectre And Foreshadow Side-Channel Exploits
Microsoft is pushing out new microcode updates for Intel processors affected by recently disclosed side channel exploits, including several Spectre variants and the newer Foreshadow flaw. The microcode updates apply to Windows 10 and Windows Server, and cover a range of Skylake, Kaby Lake, and Coffee Lake processors.
"This update is a stand-alone update targeted for Windows 10 version 1803 (Windows 10 April 2018 Update) and Windows Server Version 1803 (Server Core). This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM). We will offer additional microcode updates from Intel through this article for these operating systems as they become available to Microsoft," the support page states.
The situation surrounding side channel exploits has been ongoing. Unfortunately, it is not just the original Spectre and Meltdown variants that users have to worry about. More recently, Intel disclosed a new class of exploits called Foreshadow. These exploits involve Intel's Software Guard Extensions, otherwise known as SGX, which is supposed to serve as a secure enclave within memory on the processor to fend off malicious attempts to access private data.
"Accessing a logical or linear address that is not mapped to a physical location on the hardware will result in a terminal fault. Once the fault is triggered, there is a gap before resolution where the processor will use speculative execution to try to load data," Intel explained in a blog post.
So what does this have to do with Microsoft? Dealing with these exploits requires both microcode updates and software patches. Microsoft has been assisting Microsoft with doling out its microcode updates, while issuing Windows software mitigations of its own.
It's possible that more side channel exploits will be revealed at later dates. As for Foreshadow, the good news is that Intel is building in hardware level protections for its future processors, and specifically its upcoming Xeon Scalable CPUs (Cascade Lake) that are expected to ship later this year.