Microsoft released Windows Updates that include Intel’s Spectre microcode patches

Microsoft announced this week the release of the microcode updates to address the Spectre vulnerability.

Last week Intel released microcode to address the CVE-2017-5715 Spectre vulnerability for many of its chips, let’s this time the security updates will not cause further problems.

The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser’s memory.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

Problems such as frequent reboots were related to the fix for the CVE-2017-5715 Spectre flaw (Spectre Variant 2) and affected almost any platform, including systems running on Broadwell Haswell CPUs, as well as Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms.

Microsoft is going to deliver microcode updates for Windows 10 version 1709 (Fall Creators Update) or Windows Server version 1709 (Server Core) running on devices with 6th Generation Intel Core (Skylake) processors.

“This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core).” read the advisory published by Microsoft. “This update also includes Intel microcode updates that were already released for these Operating Systems at the time of Release To Manufacturing (RTM). We will offer additional microcode updates from Intel thru this KB Article for these Operating Systems as they become available to Microsoft.”

Microsoft confirmed that almost any Window devices now have compatible security products installed and all problems with patches have been fixed.

“We have also been working closely with our anti-virus (AV) partners on compatibility with Windows updates, resulting in the vast majority of Windows devices now having compatible AV software installed.” wrote John Cable, Director of Program Management, Windows Servicing and Delivery

“We will continue to require that an AV compatibility check is made before delivering the latest Windows security updates via Windows Update until we have a sufficient level of AV software compatibility.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Spectre microcode, Intel)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next A flaw in HP Remote Management hardware Integrated Lights-Out 3 leaves expose servers to DoS »

Previous « Github hit by the biggest-ever DDoS attack that peaked 1.35 Tbs

Published by

Pierluigi Paganini

Tags: IntelMeltdownPierluigi PaganiniSecurity AffairsSpectre microcodeWindows

8 years ago

CISA pushes Federal agencies to retire end-of-support edge devices

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported…

3 hours ago

Hacking

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025,…

23 hours ago

Security

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials…

1 day ago

Security

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI…

1 day ago

Uncategorized

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including…

2 days ago

Hacktivism

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign…