Pierluigi Paganini March 05, 2019

Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks.

Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. 

In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that impact most modern processors, including those from Intel, AMD, and ARM.

The Meltdown attack (CVE-2017-5754) could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more. The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.

The Spectre attack (CVE-2017-5753 and CVE-2017-5715) allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser’s memory. The Spectre attack is hard to mitigate because it requires changes to processor architecture in order to solve it.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems. The Spectre attack works on almost every system, including desktops, laptops, cloud servers, as well as smartphones.

Now Microsoft released new updates for Windows 10 users to enable Google’s Retpoline mitigations for Spectre Variant 2. 

The Retpoline mitigations were already included in Windows 10 since early 2018, but they were disabled by default on production builds.

“Enables “Retpoline” for Windows on certain devices, which may improve performance of Spectre variant 2 mitigations (CVE-2017-5715). For more information, see our blog post, “Mitigating Spectre variant 2 with Retpoline on Windows“.” reads the security advisory published by Microsoft.

The latest security updates rolled out over the weekend enables the mitigation, on certain devices.

“While Retpoline is currently disabled by default on production Windows 10 client devices, we have backported the OS modifications needed to support Retpoline so that it can be used with Windows 10, version 1809 and have those modifications in the March 1, 2019 update (KB4482887),” Microsoft explains.

“Over the coming months, we will enable Retpoline as part of phased rollout via cloud configuration. Due to the complexity of the implementation and changes involved, we are only enabling Retpoline performance benefits for Windows 10, version 1809 and later releases.”

Microsoft is enabling Retpoline performance benefits only in Windows 10, version 1809 and later releases, the tech giant highlighted the complexity of the implementation and changes involved.

The mitigations rolled out by Microsoft are enabled in OS Build 17763.348, which is available for both Windows 10, version 1809, and Windows Server 2019, all versions.

Pierluigi Paganini

(SecurityAffairs – Spectre, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]