This article will be updated as additional information becomes available. Please check back here regularly for updates and new FAQ.
This article discusses the effect of the recently disclosed processor vulnerabilities, named “Spectre” and “Meltdown,” for Windows customers. This article also provides resources to help keep your devices protected at home, at work, and across your enterprise.
On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre and Meltdown) involving speculative execution side channels that affect AMD, ARM, and Intel processors to varying degrees. This class of vulnerabilities are based on a common chip architecture that was originally designed to speed up computers. You can learn more about these vulnerabilities at Google Project Zero.
On May 21, 2018, Google Project Zero (GPZ), Microsoft, and Intel disclosed two new chip vulnerabilities that are related to the Spectre and Meltdown issues that are known as Speculative Store Bypass (SSB) and Rogue System Registry Read. The customer risk from both disclosures is low.
For more information about these vulnerabilities, see the resources that are listed under May 2018 Windows operating system updates, and refer to the following Security Advisories:
- ADV180012 | Microsoft Guidance for Speculative Store Bypass
- ADV180013 | Microsoft Guidance for Rogue System Register Read
On June 13, 2018, an additional vulnerability involving side-channel speculative execution, known as Lazy FP State Restore, was announced and assigned CVE-2018-3665. For more information about this vulnerability and recommended actions, see the following Security Advisory:
July 2018 Windows operating system updates
March 2018 Windows operating system updates
March 23, TechNet Security Research & Defense: KVA Shadow: Mitigating Meltdown on Windows
March 14, Security Tech Center: Speculative Execution Side Channel Bounty Program Terms