Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs (theverge.com)

Posted by msmash on from the racing-to-fix-things dept.

An anonymous reader shares a report: Microsoft is issuing a rare out-of-band security update to supported versions of Windows today (Wednesday). The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Sources familiar with Microsoft's plans tell The Verge that the company will issue a Windows update that will be automatically applied to Windows 10 machines at 5PM ET / 2PM PT today. The update will also be available for older and supported versions of Windows today, but systems running operating systems like Windows 7 or Windows 8 won't automatically be updated through Windows Update until next Tuesday. Windows 10 will be automatically updated today.

17 of 129 comments (clear)

  1. Re:Hooray! by Killall+-9+Bash · · Score: 2

    Unpatched win7 running on Ryzen.... what slowdown?

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  2. Should be user-configurable or based on trust by JoeyRox · · Score: 5, Interesting

    Due to the performance impact of this workaround it should have an option to disable it like Linux is providing. An alternate, more refined approach would be to selectively enable the kernel page-table isolation on a per-process basis, based on either user configuration or an automatic trust determination such as whether the app is signed by a trusted certificate source (ie, downloaded, unsigned apps would run with page isolation enabled).

  3. AMD getting the Patch despite not being vulnerable by mastagee · · Score: 4, Insightful

    to Meltdown. . . which is the only thing PTI will help with. Seems like an unnecessary performance penalty to push on AMD users. Most likely down for simplicity/consistency on Microsoft's side for kernel code management.

  4. Re: Mac OS X by Anonymous Coward · · Score: 2, Informative

    Apple already deployed a fix in Mac OS X 10.12.3

  5. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  6. Re: Mac OS X by DontBeAMoran · · Score: 2

    Oh, sure. Leave all of us PowerPC Mac users in the dust...

    --
    #DeleteFacebook
  7. Re:What? by Anonymous Coward · · Score: 3, Informative

    Read more than the headlines.

    There are two bugs. Some articles have reported that one of the bugs is Intel-specific, and one of them is not (Intel, AMD, and ARM). Whether the necessary patches will carry the same performance hit for each is not yet clear from what I've been reading, but it looks like the latter one might be less serious.

  8. Re:What? by Anonymous Coward · · Score: 4, Informative

    That's what comes from just barely reading the headlines. There are 2 classes of bugs (Spectre, Meltdown) and 3 exploits (Spectre-1, Spectre-2, and Meltdown-1). AMD and ARM are resistant to only to Meltdown. They are susceptible to Spectre.
    Meltdown goes back to Core2, Spectre goes back down to Pentium Pro. Many other processors are likely vulnerable to Spectre, any CPU that does speculative execution may be vulnerable. Mainframes have been doing this since the 60's IIRC.

  9. Re: Mac OS X by Bing+Tsher+E · · Score: 2

    You've been mired there for quite awhile.

  10. Re: Mac OS X by Doctor+Memory · · Score: 2

    OMG this affects PowerPC too! It's bigger than I thought!

    --
    Just junk food for thought...
  11. Not in the UK yet... by Archtech · · Score: 2

    I have run Windows Update several times today, but five minutes ago it was still telling me that there are no updates for my computer. (Windows 7 SP1, i7-940).

    And I am running MSE, not any "third party" anti-virus.

    This is normal behaviour. For many years Windows updates have not appeared here in the UK until at least 24 hours after the USA.

    --
    I am sure that there are many other solipsists out there.
  12. conspiracy hat time by magarity · · Score: 2

    Is it a coincidence that this flaw in CPUs since '96 has only been recently discovered and the article from a few days ago that top tech snoops are leaving the NSA?

  13. Re:What? by blind+biker · · Score: 5, Informative

    There seem to be Intel sockpuppets flooding technical forums, making the false equivalence between Meltdown (affects only Intel) and Spectre (affects all CPUs), whereas Meltdown is a clearly exploitable and in fact the exploit was demonstrated in a fucking browser running a Javascript. There is no known way to exploit Spectre. Spectre does not cross userspace-kernelspace.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
  14. Re:Hooray! by G00F · · Score: 2

    There is KB4012982, which is an update that detects newer CPU, and disables futher updates.

    https://support.microsoft.com/...

    The workaround for that is quite simple, uninstall and block that update, and you can continue to patch...

    --
    The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
  15. Re:Hooray! by Joce640k · · Score: 2

    Unpatched win7 running on Ryzen.... what slowdown?

    Luckily for us Windows 7 users Microsoft has chosen Windows 10 as the guinea pig. We'll get to see what happens performance-wise before we choose to update (or not).

    --
    No sig today...
  16. Can't risk sanctity of kernel-enforced DRM by Miamicanes · · Score: 5, Interesting

    Since the most likely result of the vulnerability to desktop users is being able to defeat kernel-enforced DRM and Windows licensing, it's no surprise Microsoft would push this out as a mandatory update of the highest priority.

  17. Re:Hooray! by F.Ultra · · Score: 2

    Depends, will it run Vista?