Microsoft cloud protections against speculative execution side-channel vulnerabilities


Summary


Microsoft is aware of detailed information that has been published about a new class of vulnerabilities that are referred to as speculative execution side-channel attacks. This industry-wide vulnerability takes advantage of out-of-order execution on many modern microprocessors and is not restricted to any single chip maker, hardware manufacturer, or software vendor.

To be well-protected, customers must apply updates at many layers of the computing stack, including both software and hardware/firmware updates. Microsoft is collaborating closely with industry partners to develop and test mitigations to help provide protection for our customers. At the time of publication of this article, Microsoft had not received any information to indicate that these vulnerabilities have been used to attack our customers.

Microsoft has deployed mitigations across all of our cloud services.

More information about this issue and its impact on Microsoft products

Impact to enterprise cloud services

Microsoft is not aware of any attacks on Microsoft cloud customers that leverage these  vulnerabilities. Microsoft employs a variety of detection capabilities to quickly respond to any malicious activity in our enterprise cloud services.

Azure infrastructure is updated with mitigations against this class of vulnerability. Customers should be aware of best practices for securing their applications running on Azure.

All other Microsoft enterprise cloud services such as Office 365, Dynamics 365, and Enterprise Mobility + Security have mitigations against these types of vulnerabilities. Microsoft engineering is continuing to perform analysis across the environments to confirm further protection.