Protect your Windows devices against Spectre and Meltdown

Applies to: Windows 10Windows 10 MobileWindows 8.1 More

Summary



This article provides information and updates for a new class of attacks known as “speculative execution side-channel attacks.”  It also provides a comprehensive list of Windows client and server resources to help keep your devices protected at home, at work, and across your enterprise.

On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel processors to varying degrees. This class of vulnerabilities are based on a common chip architecture that was originally designed to speed up computers. You can learn more about these vulnerabilities at Google Project Zero.

On May 21, 2018, Google Project Zero (GPZ), Microsoft, and Intel disclosed two new chip vulnerabilities that are related to the Spectre and Meltdown issues that are known as Speculative Store Bypass (SSB) and Rogue System Registry Read. The customer risk from both disclosures is low.

For more information about these vulnerabilities, see the resources that are listed under May 2018 Windows operating system updates, and refer to the following Security Advisories:

On June 13, 2018, an additional vulnerability involving side-channel speculative execution, known as Lazy FP State Restore, was announced and assigned CVE-2018-3665. For more information about this vulnerability and recommended actions, see the following Security Advisory:

On August 14, 2018, L1 Terminal Fault (L1TF), a new speculative execution side channel vulnerability was announced that has multiple CVEs. L1TF affects Intel® Core® processors and Intel® Xeon® processors. For more information about L1TF and recommended actions, see our Security Advisory:

    Note: We recommend that you install all of the latest updates from Windows Update before you install any microcode updates.

    Steps to help protect your Windows devices


    November 2018 Windows operating system updates


    September 2018 Windows operating system updates


    August 2018 Windows operating system updates


    July 2018 Windows operating system updates


    We are pleased to announce that Microsoft has completed releasing additional protections on all supported Windows system versions through Windows Update for the following vulnerabilities:

    • Spectre Variant 2 for AMD processors
    • Speculative Store Bypass for Intel processors

    June 2018 Windows operating system updates


    May 2018 Windows operating system updates


    April 2018 Windows operating system updates


    March 2018 Windows operating system updates


    March 23, TechNet Security Research & Defense: KVA Shadow: Mitigating Meltdown on Windows

    March 14, Security Tech Center: Speculative Execution Side Channel Bounty Program Terms

    March 13, blog: March 2018 Windows Security Update – Expanding Our Efforts to Protect Customers

    March 1, blog: Update on Spectre and Meltdown security updates for Windows devices

    February 2018 Windows operating system updates


    Blog: Windows Analytics now helps assess Spectre and Meltdown protections

    January 2018 Windows operating system updates


    Blog: Understanding the Performance Impact of Spectre and Meltdown Mitigations on Windows Systems

    Resources and technical guidance


    Depending on your role, the following support articles can help you identify and mitigate client and server environments that are affected by the Spectre and Meltdown vulnerabilities.

    Links to OEM and Server device manufacturers for updates to protect against Spectre and Meltdown vulnerabilities


    To help address these vulnerabilities, you must update both your hardware and software. Use the following links to check with your device manufacturer for applicable firmware (microcode) updates.

    Frequently asked questions


    My OEM device manufacturer is not listed. What do I do?

    You will have to check with your device manufacturer for firmware (microcode) updates. If your device manufacturer is not listed in the table, contact your OEM directly.