Microsoft releases Windows updates to fix Meltdown/Spectre security flaws in Intel CPUs
Updates are KB4558130 for Windows 10 version 2004 and Windows Server version 2004, and KB4497165 for Windows 10 version 1903 and 1909
Microsoft has released two security updates for Windows 10 and Windows Server to patch vulnerabilities in some Intel processors, related to the Spectre and Meltdown security vulnerabilities.
The two flaws allow an unauthorised attacker to read all data in memory. This could enable passwords and other private data to be copied, possibly with little more than JavaScript code on a malicious web page.
The flaws are particularly serious as they were integral to the design of Intel CPUs built before October 2018, after which the company added hardware and software mitigations. Meltdown also affects some CPUs designed by AMD and IBM, while some AMD and ARM processors are also vulnerable to Spectre. Patches were released shortly after the bugs were revealed, but some came with a performance hit.
Microsoft's latest updates are KB4558130 for Windows 10 version 2004 and Windows Server version 2004, and KB4497165 for Windows 10 version 1903 and 1909. They can be downloaded direct from the company's website.
They are come after new microcode firmware was released by Intel and are designed to mitigate the following vulnerabilities in affected systems:
- CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
- CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
The updates from Microsoft also includes Intel microcode updates for the appropriate Windows 10 and Windows server versions.
Microsoft provides a list of affected Intel CPUs on its site and advises that the updates should only be installed on systems with these processors.