This article will be updated as additional information becomes available. Please check back here regularly for updates and new FAQ.
This article discusses the impact of the recently disclosed processor vulnerabilities, named “Spectre” and “Meltdown,” for Windows customers. This article also provides resources to help keep your devices protected at home, at work, and across your enterprise.
Microsoft is aware of new hardware processor vulnerabilities that are named Spectre and Meltdown. These are a newly discovered class of vulnerability that are based on a common chip architecture that, when originally designed, was created to speed up computers. The technical name is “speculative execution side-channel vulnerabilities.” You can learn more about these vulnerabilities at Google Project Zero.
In January, Microsoft released information about a newly discovered class of hardware vulnerabilities (known as Spectre and Meltdown) that involve speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On May 21, 2018 Google Project Zero (GPZ), Microsoft, and Intel disclosed two new chip vulnerabilities that are related to the Spectre and Meltdown issues that are known as Speculative Store Bypass (SSB) and Rogue System Registry Read.
The customer risk from both disclosures is low.
For more information about these vulnerabilities, see resources listed in this article under the heading May 2018 Windows operating system updates, under New speculative execution side-channel vulnerability disclosure (Speculative Store Bypass - CVE-2018-3639 and Rogue System Register Read - CVE-2018-3640).
March 2018 Windows operating system updates
March 23, TechNet Security Research & Defense: KVA Shadow: Mitigating Meltdown on Windows
March 14, Security Tech Center: Speculative Execution Side Channel Bounty Program Terms