[Cross-Post] Intel CPU firmware vulnerability–“Speculative execution side-channel vulnerabilities”

RE:  “Speculative execution side-channel vulnerabilities” (Kernel (memory) Page Table Isolation).

Register’s Intel story from Jan. 3rd, 2018.

Intel Corp’s has released the following announcement:

Intel Responds to Security Research Findings

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

· Intel Security Advisory INTEL-SA-00086

· Support Article

· Detection Tool

US Cert has released the following announcement:

· US Cert. Notification

Microsoft Security Advisory:

ADV180002 | Vulnerability in CPU Microcode Could Allow Information Disclosure

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Microsoft Azure’s announcement:

Securing Azure customers from CPU vulnerability

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

4073235 Microsoft Cloud Protections Against Speculative Execution

https://support.microsoft.com/en-us/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities

Microsoft Windows and Windows Server related information:

4073119 Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
https://support.microsoft.com/?id=4073119

4072698 Windows Server Guidance to protect against the speculative execution side-channel vulnerabilities
https://support.microsoft.com/?id=4072698

The Windows and Windows Server related hotfixes are available here:

http://www.catalog.update.microsoft.com/Search.aspx?q=2018-01

Windows 10 1709 and Windows Server 1709 (a.k.a. Fall’s Creators update, codename RS3):

4056892 January 3, 2018—KB4056892 (OS Build 16299.192)

2018-01 Update for Windows 10 Version 1709 (KB4058702)

https://support.microsoft.com/?id=4056892

Windows 10 1703 and Windows Server 1703 (a.k.a. Creators update, codename RS2):

4056891 January 3, 2018—KB4056891 (OS Build 15063.850)

https://support.microsoft.com/?id=4056891

Windows 10 version 1607 and Windows Server 2016 (a.k.a. Anniversary edition, codename RS1):

4056890 January 3, 2018—KB4056890 (OS Build 14393.2007)

https://support.microsoft.com/?id=4056890

Windows 10 version 1511 (a.k.a. November update, codename TH2):

4056888 January 3, 2018—KB4056888 (OS Build 10586.1356)

2018-01 Cumulative Update for Windows 10 Version 1511 (KB4056888)

https://support.microsoft.com/?id=4056888

Windows 10 version 1507 (a.k.a. RTM, codename TH1):

4056893 January 3, 2018—KB4056893 (OS Build 10240.17738)

2018-01 Cumulative Update for Windows 10 Version 1507 (KB4056893)

https://support.microsoft.com/?id=4056893

Windows 8.1 and Windows Server 2012 R2:

January 3, 2018—KB4056898 (Security-only update)

2018-01 Security Only Quality Update for Windows Server 2012 R2  (KB4056898)

https://support.microsoft.com/?id=4056898

Windows Server 2012:

January 3, 2018—KB4056899 (Security-only update)

https://support.microsoft.com/?id=4056899

Windows 7 SP1 and Windows Server 2008 R2:

4056897 January 3, 2018—KB4056897 (Security-only update)

2018-01 Security Only Quality Update for Windows Server 2008 R2 (KB4056897)

https://support.microsoft.com/?id=4056897

Google’s announcement:

Today's CPU vulnerability: what you need to know

h.t.h.,

Yong