Mitigations for speculative execution side-channel vulnerabilities in CPU Microcode “speculative execution side-channel attacks”
•CVE-2017-5715 - Bounds check bypass
•CVE-2017-5753 - Branch target injection
•CVE-2017-5754 - Rogue data cache load
•CVE-2017-5753 - Branch target injection
•CVE-2017-5754 - Rogue data cache load
This class of vulnerabilities will affect many modern processors and operating systems, including hardware (Intel, AMD, and ARM), software(Windows, Linux, Android, Chrome, iOS, Mac OS). Both physical and virtual machine will be affected. At the time of publication, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time.
#Product Affected
All versions, client and server
#Solution
To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. Meanwhile, since the issue affect hardware, we may also need to install firmware updates from device manufacturer for increased protection. Please check with device manufacturer for relevant updates.
Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure, for more detailed information please check the following link:
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
For customers using Windows client operating systems including Windows 7 Service Pack 1, Windows 8.1, and Windows 10, we suggest:
-Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
-Apply all available Windows operating system updates, including the January 2018 Windows security updates.
- Apply the applicable firmware update that is provided by the device manufacturer
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
For customers using Windows server operating systems including Windows Server 2008 R2 Service Pack 1, Windows Server 2012 R2, and Windows Server 2016, we suggest:
- Apply the Windows operating system update.
- Make necessary configuration changes to enable protection.
- Apply an applicable firmware update from the OEM device manufacturer.
For Windows Server 2008, Windows Server 2012, please make the system up-to-date and pay close attention to the official article for latest updates.
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities. If any further information, we will update as soon as possible, your patience is much appreciated.
Please check the link below for more detailed information:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Nessun commento:
Posta un commento