Thursday, 4 January 2018

Microsoft issues emergency Windows update for processor security bugs

Microsoft today releases a rare out-of-band security update for supported versions of Windows. The software update is part of a series of solutions that protect against a newly discovered processor error in Intel, AMD and ARM chipsets. Sources familiar with Microsoft projects tell The Verge that the company will release a Windows update that will automatically apply to Windows 10 machines today at 5:00 PM PT.

The update will also be available for earlier and compatible versions of Windows today, but systems running operating systems such as Windows 7 or Windows 8 will not be updated automatically through Windows Update until next Tuesday. Windows 10 will be updated automatically today.

While Microsoft is quickly fixing issues, patches will also be based on firmware updates from Intel, AMD, or other vendors being deployed. Some antivirus vendors will also need to update their software to work properly with the new patches, since the changes are related to kernel level access.

Firmware updates and hotfixes can slow down the execution of some systems. Sources familiar with the situation are telling The Verge that Skylake-based Intel processors or a newer architecture will not see any significant performance degradation. However, older processors could slow down more significantly due to firmware and software updates.

Intel says that any slowdown will depend on the workload, but the company has not explained how this will affect older machines. Microsoft is also planning to upgrade its cloud-based servers with the latest software and firmware patches, and these updates are in the process of being implemented.

The Verge understands that Google plans to document and disclose security breaches in processors at 5 pm. AND this day. The exact error seems to be related to how common applications and programs can discover the contents of protected areas in kernel memory. Operating system kernels have complete control over the entire system and link applications to the processor, memory and other hardware within a computer. There seems to be a flaw in modern processors that allow attackers to bypass kernel access protections so that regular applications can read the contents of kernel memory.

Software providers such as Microsoft and other Linux programmers protect this by separating the kernel memory from the user processes into what is called "kernel page table isolation". The Linux patches have been implemented in the last month and now Windows patches are in progress. available today.

Microsoft has confirmed the update of Windows in a statement:

We are aware of this problem throughout the industry and have worked closely with chip manufacturers to develop and test mitigation measures to protect our customers. We are implementing mitigation measures for cloud services, and we have also released security updates to protect Windows clients from vulnerabilities affecting Intel, ARM, and AMD compatible hardware chips. We received no information that these vulnerabilities were used to attack our customers.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.