Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs

An anonymous reader shares a report: Microsoft is issuing a rare out-of-band security update to supported versions of Windows today (Wednesday). The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft's plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today. The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won't automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

Re: Mac OS X

Apple already deployed a fix in Mac OS X 10.12.3

This was yesterday!

[Guyle]

The date of TFA was January 3rd. The verbage in the article saying "today" was referring to January 3rd. The patches for Windows 10 rolled out already. I installed mine last night.

Re:What?

Read more than the headlines.

There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.

Re:What?

That's what comes from just barely reading the headlines. There are 2 classes of bugs (Spectre, Meltdown) and 3 exploits (Spectre-1, Spectre-2, and Meltdown-1). AMD and ARM are resistant to only to Meltdown. They are susceptible to Spectre.
Meltdown goes back to Core2, Spectre goes back down to Pentium Pro. Many other processors are likely vulnerable to Spectre, any CPU that does speculative execution may be vulnerable. Mainframes have been doing this since the 60's IIRC.

Re:What?

[blind+biker]

There seem to be Intel sockpuppets flooding technical forums, making the false equivalence between Meltdown (affects only Intel) and Spectre (affects all CPUs), whereas Meltdown is a clearly exploitable and in fact the exploit was demonstrated in a fucking browser running a Javascript. There is no known way to exploit Spectre. Spectre does not cross userspace-kernelspace.