Category: <span>Uncategorized</span>

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels (known as Spectre and Meltdown) that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chance to learn about these issues, we recommend watching The Case of Spectre and Meltdown by the team at TU Graz from BlueHat Israel, reading the blog post by Jann Horn (@tehjh) of Google Project Zero, or reading the FOSDEM 2018 presentation by Jon Masters of Red Hat.

Speculative Execution Bounty Launch

Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.

March 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice.
More information about this month’s security updates can be found in the Security Update Guide.

Inside the MSRC– The Monthly Security Update Releases

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence.
It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence.

February 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice.
More information about this month’s security updates can be found in the Security Update Guide.