Applies ToWindows 7 Service Pack 1 Windows 8.1 Windows 10 Windows 10, version 1511, all editions Windows 10, version 1607, all editions Windows 10, version 1703, all editions Windows 10, version 1709, all editions Windows Server 2008 R2 Standard Windows Server 2012 R2 Standard

Summary

Notice: Applying this update will disable the Spectre variant 2 mitigation CVE-2017-5715 - “Branch target injection vulnerability.” Customers can apply this update to prevent unpredictable system behaviors, performance issues, and/or unexpected reboots after installation of microcode.

Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22, Intel recommended that customers stop deploying the current microcode version on affected processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential effect of the current microcode version, and we encourage customers to review their guidance on an ongoing basis to inform their decisions.

While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing, this update has been found to prevent the described behavior in devices that have affected microcode. For the full list of affected devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an affected device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” 

Note Users who do not have the affected Intel microcode do not have to download this update.

We are also offering a new option – available for advanced users on affected devices – to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently through registry setting changes. The instructions for the registry key settings can be found in the following Knowledge Base articles:

As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend that Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.

How to get this update

To get the stand-alone package for this update, go to the Microsoft Update Catalog website. 

More Information

Known issues in this update

Microsoft is not aware of any issues that affect this update currently. 

Prerequisites

There are no prerequisites to apply this update. 

Registry information

To apply this update, you don't have to make any changes to the registry. 

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.  

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.