Protect your Windows devices against speculative execution side-channel attacks

Applies to: Windows 10Windows 10 MobileWindows 8.1


This article provides information and updates for a new class of attacks known as “speculative execution side-channel attacks.”  It also provides a comprehensive list of Windows client and server resources to help keep your devices protected at home, at work, and across your enterprise.

On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel processors to varying degrees. This class of vulnerabilities are based on a common chip architecture that was originally designed to speed up computers. You can learn more about these vulnerabilities at Google Project Zero.

On May 21, 2018, Google Project Zero (GPZ), Microsoft, and Intel disclosed two new chip vulnerabilities that are related to the Spectre and Meltdown issues that are known as Speculative Store Bypass (SSB) and Rogue System Registry Read. The customer risk from both disclosures is low.

For more information about these vulnerabilities, see the resources that are listed under May 2018 Windows operating system updates, and refer to the following Security Advisories:

On June 13, 2018, an additional vulnerability involving side-channel speculative execution, known as Lazy FP State Restore, was announced and assigned CVE-2018-3665. For more information about this vulnerability and recommended actions, see the following Security Advisory:

On August 14, 2018, L1 Terminal Fault (L1TF), a new speculative execution side channel vulnerability was announced that has multiple CVEs. L1TF affects Intel® Core® processors and Intel® Xeon® processors. For more information about L1TF and recommended actions, see our Security Advisory:

    Note: We recommend that you install all of the latest updates from Windows Update before you install any microcode updates.

    On May 14, 2019, Intel published information about a new subclass of speculative execution side-channel vulnerabilities known as Microarchitectural Data Sampling. They have been assigned the following CVEs:

    Important: These issues will affect other systems such as Android, Chrome, iOS, and MacOS. We advise customers seek guidance from their respective vendors.

    Microsoft has released updates to help mitigate these vulnerabilities. To get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.

    Note: We recommend that you install all of the latest updates from Windows Update before you install microcode updates.

    For more information about these issues and recommended actions, see the following Security Advisory:

    ADV 190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities

    On August 6, 2019 Intel released details about a Windows kernel information disclosure vulnerability. This vulnerability is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.

    Microsoft released a security update for the Windows operating system on July 9, 2019 to help mitigate this issue. Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019 are protected automatically. Note that this vulnerability does not require a microcode update from your device manufacturer (OEM).

    For more information about this vulnerability and applicable updates, see CVE-2019-1125 | Windows Kernel Information Disclosure Vulnerability in the Microsoft Security Update Guide.

    July 2019 Windows operating system updates

    July 2018 Windows operating system updates

    We are pleased to announce that Microsoft has completed releasing additional protections on all supported Windows system versions through Windows Update for the following vulnerabilities:

    • Spectre Variant 2 for AMD processors
    • Speculative Store Bypass for Intel processors

    Resources and technical guidance

    Depending on your role, the following support articles can help you identify and mitigate client and server environments that are affected by the Spectre and Meltdown vulnerabilities.

    Links to OEM and Server device manufacturers for updates to protect against Spectre and Meltdown vulnerabilities

    To help address these vulnerabilities, you must update both your hardware and software. Use the following links to check with your device manufacturer for applicable firmware (microcode) updates.

    Frequently asked questions