This is the fix for the Meltdown and Spectre vulnerabilities discussed above. KB4056891, KB4056892, and KB405689 for Windows 10 and Server 2016 operating systems to address processor vulnerabilities in Intel, AMD, and ARM processors. It addresses addresses the following vulnerabilities: CVE-2017-5753 – Bounds check bypass, CVE-2017-5715 – Branch target injection and CVE-2017-5754 – Rogue data cache load. This is the in regard to the Intel, AMD and ARM processor vulnerabilities discussed above. ADV180002 – Guidance to mitigate speculative execution side-channel vulnerabilities.
Addresses an important out-of-bounds read vulnerability that could lead to information exposure.
ADV180001 – Adobe Flash Security Update for Windows, Microsoft Edge, and Internet Explorer 11. The following security advisory was released on Patch Tuesday this month: Let’s take a closer look at some of those update summaries. Microsoft’s release notes for today’s updates show a total of ninety-three patches for Internet Explorer, Microsoft Edge, Microsoft Windows,Microsoft Office/Microsoft Office Services/Web Apps, SQL Server, ChakraCore. Unfortunately, Spectre and Meltdown aren’t the only vulnerabilities out there as we kick off the 2018 patching season. In response to that, Microsoft reportedly will not distribute the January Patch Tuesday updates to anyone whose antivirus software hasn’t been updated to add a special registry key to make it compatible. In related news, some antivirus programs are incompatible with the Meltdown and Spectre patches and are causing problems. If you have a system with an AMD processor, please read the following Microsoft support article to find out which security updates are being blocked: Windows operating system security update block for some AMD based devices. In the meantime, Microsoft started preventing AMD machines from installing the update. Microsoft and AMD are reported to be working together to resolve it. The performance hit wasn’t entirely unexpected many experts had warned of it, but the more serious issue with some older AMD chips came as a surprise to many. Unfortunately, Microsoft acknowledged today (Patch Tuesday) that those fixes are causing performance slowdowns on some older Intel-based PCs and servers, and even caused some AMD-based computers to freeze up completely and be unable to boot. I wrote about these vulnerabilities in the article titled Is your processor facing the spectre of a meltdown? January got off to a rough start, security-wise, with two serious vulnerabilities affecting computer/device processors hitting the headlines and causing Microsoft to release a rare out-of-band patch. Here’s hoping it’s been a happy new year thus far, for all my friends and readers in the IT world.
0 kommentar(er)
