Search This Blog

Saturday, January 6, 2018

Microsoft patched the CPU vulnerabilities for Windows 10

Microsoft patched the CPU vulnerabilities for Windows 10

So your computer is probably vulnerable to a processor chip bug that could theoretically let JavaScript running in a web browser steal your passwords (among other problems). Both your computer and your smartphone are at risk. It's not good.



Thankfully, however, for anyone with a machine running Windows, you're probably in the clear. That's because on Wednesday, January 3, Microsoft released a fix.

So reports ZDNet, which explains this patch was not issued on Microsoft's standard Patch Tuesday — suggesting someone at the company decided it was urgent. Importantly, a Microsoft support page notes that the fix only applies to devices running Windows 10.

According to Microsoft, the "update will be downloaded and installed automatically from Windows Update."

"We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel," a Microsoft spokesperson explained in an emailed statement to Mashable. "We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”

Apple, for its part, has also reportedly patched the vulnerability in macOS 10.13.2.

In the meantime, more information has dropped on what actually turns out to be two separate vulnerabilities in a wide range of processor chips (not just from Intel). Dubbed Meltdown and Spectre, the bugs differ in both the ease of exploit and ease of mitigation.

"Meltdown and Spectre exploit critical vulnerabilities in modern processors," explains a website dedicated to the findings. "These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."

Software patches exist for Meltdown, and security researchers are working on fixes for Spectre.

As always, your safest bet is to make sure you update your OS early and often to help mitigate the risk of known vulnerabilities. 

No comments:

Post a Comment