Notice
Recent Posts
Recent Comments
Link
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Tags
more
Archives
Today
Total
관리 메뉴

감사합니다.

Spectre and Meltdown 본문

Microsoft/OS Update History

Spectre and Meltdown

springjunny 2018. 2. 22. 10:45

Link : https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown


Protect your Windows devices against Spectre and Meltdown

Applies to: Windows 10Windows 10 MobileWindows 8.1Windows 7HoloLensWindows Server 2016Windows Server 2012 StandardWindows Server 2012 R2 StandardWindows Server 2008 R2 Standard Less


This article discusses the impact of the recently disclosed processor vulnerabilities, named “Spectre” and “Meltdown,” for Windows customers and provides resources to help keep your devices protected at home, at work, and across your enterprise.

Summary

Microsoft is aware of new vulnerabilities in hardware processors named “Spectre” and “Meltdown”. These are a newly discovered class of vulnerabilities based on a common chip architecture that, when originally designed, was created to speed up computers. The technical name is “speculative execution side-channel vulnerabilities”. You can learn more about these vulnerabilities at Google Project Zero.

Who is affected?

Affected chips include those manufactured by Intel, AMD, and ARM, which means all devices running Windows operating systems are potentially vulnerable (e.g., desktops, laptops, cloud servers, and smartphones). Devices running other operating systems such as Android, Chrome, iOS, and MacOS are also affected. We advise customers running these operating systems to seek guidance from those vendors.

At the time of publication, we have not received any information to indicate that these vulnerabilities have been used to attack customers.

Protections we’ve provided to date

Starting in January 2018, Microsoft released updates for Windows operating systems, Internet Explorer and Edge browsers to help mitigate these vulnerabilities and help to protect customers. We also released updates to secure our cloud services.  We continue working closely with industry partners, including chip makers, hardware OEMs, and app vendors to protect customers against this class of vulnerabilities. 

We encourage you to always install the monthly updates to keep your devices up-to-date and secure. 

We will update this documentation when new mitigations become available and recommend you check back here regularly. 

What steps should I take to help protect my devices?

You will need to update both your hardware and your software to address this vulnerability. This includes applicable firmware updates from device manufacturers and, in some cases, updates to your antivirus software as well. We encourage you to keep your devices up-to-date by installing the monthly security updates. 

To receive all available protections, follow these steps to get the latest updates for both software and hardware:

  1. Keep your Windows device up to date by turning on automatic updates.
  2. Check that you’ve installed the latest Windows operating system security update from Microsoft. If automatic updates are turned on, the updates should be automatically delivered to you, but you should still confirm that they’re installed. For instructions, see Windows Update: FAQ
  3. Install available hardware (firmware) updates from your device manufacturer. All customers will need to check with their device manufacturer to download and install their device specific hardware update. See below for a list of device manufacturer websites

Resources


Depending on your role, the following support articles will help you identify and mitigate client and server environments that are affected by the Spectre and Meltdown vulnerabilities.

Microsoft Security AdvisoryMSRC ADV180002

IntelSecurity Advisory

ARMSecurity Advisory

AMDSecurity Advisory

NVIDIA: Security Advisory

Microsoft Secure blogUnderstanding the Performance Impact of Spectre and Meltdown Mitigations on Windows Systems

Windows for Business blogWindows Analytics now helps assess Meltdown and Spectre protections

Consumer GuidanceProtecting your device against chip-related security vulnerabilities

Antivirus GuidanceWindows security updates released January 3, 2018, and antivirus software

Guidance for AMD Windows OS security update blockKB4073707: Windows operating system security update block for some AMD based devices

Update to Disable Mitigation against Spectre, Variant 2KB4078130: Intel has identified reboot issues with microcode on some older processors 
 

Surface GuidanceSurface Guidance to protect against speculative execution side-channel vulnerabilities

IT Pro GuidanceWindows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Edge Developer BlogMitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

Server GuidanceWindows Server guidance to protect against speculative execution side-channel vulnerabilities

Server Hyper-V Guidance

Azure BlogSecuring Azure customers from CPU vulnerability

Azure KBKB4073235: Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities

Azure Stack guidanceKB4073418: Azure stack guidance to protect against the speculative execution side-channel vulnerabilities

SQL Server guidanceKB4073225: SQL Server Guidance to protect against speculative execution side-channel vulnerabilities

SCCM guidanceAdditional guidance to mitigate speculative execution side-channel vulnerabilities




Additional resources

List of OEM /Server device manufacturers

Use the links below to check with your device manufacturer for firmware updates. You will need to install both operating system and hardware/firmware updates for all available protections.

OEM Device Manufacturers

Link to microcode availability

Acerhttps://us.answers.acer.com/app/answers/detail/a_id/53104
Asushttps://www.asus.com/News/YQ3Cr4OYKdZTwnQK

Dell

https://www.dell.com/support/meltdown-spectre

Epsonhttp://www.epsondirect.co.jp/support/information/2018/secure201801b.asp
Fujitsu

HP

https://support.hp.com/document/c05869091

Lenovo

https://support.lenovo.com/us/en/solutions/len-18282

LG

https://www.lg.com/us/support

NEChttp://jpn.nec.com/security-info/av18-001.html

Panasonic

https://pc-dl.panasonic.co.jp/itn/vuln/g18-001.html

Samsung

http://www.samsung.com/uk/support/newsalert/102095

Surface

Surface Guidance to protect against speculative execution side-channel vulnerabilities

Toshiba

http://go.toshiba.com/intel-side-channel

Vaio

https://solutions.vaio.com/3316

 

Server OEM Manufacturers

Link to microcode availability 

Dell

https://www.dell.com/support/meltdown-spectre

Fujitsuhttp://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html

HPE

http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

Huaweihttp://www.huawei.com/au/psirt/security-notices/huawei-sn-20180104-01-intel-en

Lenovo

https://support.lenovo.com/us/en/solutions/len-18282

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
 

February 2018 Updates 

Windows operating system updates for 32-bit (x86) systems

The following security updates provide additional protections for devices running 32-bit (x86) Windows operating  systems. Microsoft recommends customers install the update as soon as available. We continue to work to provide protections for other supported Windows versions but do not have a release schedule at this time. Please check back here for updates. 

Note: Windows 10 monthly security updates are cumulative month over month and will be downloaded and installed automatically from Windows Update. If you have installed earlier updates, only the new portions will be downloaded and installed on your device.  For more information, see the related knowledge base article for technical details and tthe FAQ below.

Product Update Released

Released

Release Date

Release Channel

KB

Windows 10 - Version 1709 / Windows Server 2016 (1709) / IoT Core - Quality UpdateReleasedJanuary 31WU, Catalog KB4058258
Windows Server 2016 (1709) - Server containerReleasedFebruary 13Docker HubKB4074588
Windows 10 - Version 1703 / IoT Core - Quality UpdateReleasedFebruary 13WU, WSUS, CatalogKB4074592
Windows 10 - Version 1607 / Windows Server 2016 / IoT Core - Quality UpdateReleasedFebruary 13WU, WSUS, CatalogKB4074590
Windows 10 HoloLens - OS and Firmware UpdatesReleasedFebruary 13WU, CatalogKB4074590
Windows Server 2016 (1607) - Container ImagesReleasedFebruary 13Docker HubKB4074590
Windows 10 - Version 1511 / IoT Core - Quality UpdateReleasedFebruary 13WU, WSUS, CatalogKB4074591
Windows 10 - Version RTM - Quality UpdateReleasedFebruary 13WU, WSUS, CatalogKB4074596

 

January 2018 Windows operating system updates

Starting in January 2018, Microsoft released security updates to provide mitigations for devices running the following x64-based Windows operating systems.  Customers should install latest Windows operating system security updates to take advantage of available protections. We are working to provide protections for other supported Windows versions but do not have a release schedule at this time. Please check back here for updates. For more information, see the related knowledge base article for technical details and the FAQ below.

Product Update Released

Released

Release Date

Release Channel

KB

Windows 10 - Version 1709 / Windows Server 2016 (1709) / IoT Core - Quality Update

Released

January 3

WU, WSUS, Catalog, Azure Image Gallery

KB4056892

Windows Server 2016 (1709) - Server container

Released

January 5

Docker Hub

KB4056892

Windows 10 - Version 1703 / IoT Core - Quality Update

Released

January 3

WU, WSUS, Catalog

KB4056891

Windows 10 - Version 1607 / Windows Server 2016 / IoT Core- Quality Update

Released

January 3

WU, WSUS, Catalog

KB4056890

Windows Server 2016 (1607) - Container Images

Released

January 4

Docker Hub

KB4056890

Windows 10 - Version 1511 / IoT Core - Quality Update

Released

January 3

WU, WSUS, Catalog

KB4056888

Windows 10 - Version RTM - Quality Update

Released

January 3

WU, WSUS, Catalog

KB4056893

Windows 10 Mobile (OS Build 15254.192) - ARM

Released

January 5

WU, Catalog

KB4073117

Windows 10 Mobile (OS Build 15063.850)

Released

January 5

WU, Catalog

KB4056891

Windows 10 Mobile (OS Build 14393.2007)

Released

January 5

WU, Catalog

KB4056890

Windows 10 HoloLens

Released

January 5

WU, Catalog

KB4056890

Windows 8.1 / Windows Server 2012 R2 - Security Only Update

Released

January 3

WSUS, Catalog

KB4056898

Windows Embedded 8.1 Industry Enterprise

Released

January 3

WSUS, Catalog

KB4056898

Windows Embedded 8.1 Industry Pro

Released

January 3

WSUS, Catalog

KB4056898

Windows Embedded 8.1 Pro

Released

January 3

WSUS, Catalog

KB4056898

Windows 8.1 / Windows Server 2012 R2 Monthly Rollup

Released

January 8

WU, WSUS, Catalog

KB4056895

Windows Embedded 8.1 Industry Enterprise

Released

January 8

WU, WSUS, Catalog

KB4056895

Windows Embedded 8.1 Industry Pro

Released

January 8

WU, WSUS, Catalog

KB4056895

Windows Embedded 8.1 Pro

Released

January 8

WU, WSUS, Catalog

KB4056895

Windows Server 2012 Security Only

Coming

 

WSUS, Catalog

 

Windows Server 2008 SP2

Coming

 

WU, WSUS, Catalog

 

Windows Server 2012 Monthly Rollup

Coming

 

WU, WSUS, Catalog

 

Windows Embedded 8 Standard

Coming

 

WU, WSUS, Catalog

 

 

Windows 7 SP1 / Windows Server 2008 R2 SP1 - Security Only Update

Released

January 3

WSUS, Catalog

KB4056897

Windows Embedded Standard 7

Released

January 3

WSUS, Catalog

KB4056897

Windows Embedded POSReady 7

Released

January 3

WSUS, Catalog

KB4056897

Windows Thin PC

Released

January 3

WSUS, Catalog

KB4056897

Windows 7 SP1 / Windows Server 2008 R2 SP1 Monthly Rollup

Released

January 4

WU, WSUS, Catalog

KB4056894

Windows Embedded Standard 7

Released

January 4

WU, WSUS, Catalog

KB4056894

Windows Embedded POSReady 7

Released

January 4

WU, WSUS, Catalog

KB4056894

Windows Thin PC

Released

January 4

WU, WSUS, Catalog

KB4056894

 

Internet Explorer 11-Cumulative Update for Windows 7 SP1 and Windows 8.1

Released

January 3

WU, WSUS, Catalog

KB4056568



My OEM device manufacturer is not listed. What do I do?

You will need to check with your device manufacturer for firmware updates. If your device manufacturer is not listed in the table, contact your OEM directly.

Where can I find Surface hardware/firmware updates?

Updates for Microsoft Surface devices are available to customers through Windows Update. For a list of available Surface device firmware updates, see KB 4073065.

If your device is not from Microsoft, apply firmware updates from the device manufacturer. Contact your device manufacturer for more information.

My operating system (OS) is not listed. When can I expect a fix to be released?

Addressing a hardware vulnerability with a software update presents significant challenges and mitigations for older operating systems and can require extensive architectural changes. We are continuing to work with affected chip manufacturers and investigating the best way to provide mitigations, which may be provided in a future update. Replacing older devices running these older operating systems should address the remaining risk along with updated antivirus software.

Although Windows XP-based systems are affected products, Microsoft is not issuing an update for them because the comprehensive architectural changes required would jeopardize system stability and cause application compatibility problems. We recommend that security-conscious customers upgrade to a newer supported operating system to keep pace with the changing security threat landscape and benefit from the more robust protections that newer operating systems provide.

Where can I find Microsoft HoloLens operating system and firmware updates?

Updates to Windows 10 for HoloLens are available to HoloLens customers through Windows Update.

After applying the February 2018 Windows Security Update HoloLens customers do not need to take any additional action to update their device firmware. These mitigations will also be included in all future releases of Windows 10 for HoloLens.

Where can I find Windows 10 Mobile firmware updates?

Contact your OEM for more information.

If I have installed the latest security updates released by Microsoft. Do I need to do anything else?

For your device to be fully protected, you should install the latest Windows operating system security updates for your device and applicable firmware updates from your device manufacturer. These updates should be available on your device manufacturer's website. Antivirus software updates should be installed first. Operating system and firmware updates can be installed in either order.

Am I fully protected if I only install Windows security updates?

You will need to update both your hardware and your software to address this vulnerability. You will also need to install applicable firmware updates from your device manufacturer for more comprehensive protection. We encourage you to keep your devices up-to-date by installing the monthly security updates.

Why is it so important to update my device with the latest feature release?

In each Windows 10 feature update, we build the latest security technology deep into the operating system, providing defense-in-depth features that prevent entire classes of malware from impacting your device. Feature update releases are targeted twice a year. In each monthly quality update, we add another layer of security, one that tracks emerging and changing trends in malware to make up-to-date systems safer in the face of changing and evolving threats.

My antivirus software is not listed as being compatible. What should I do?

Microsoft has been working closely with affected antivirus partners to ensure all customers receive the January Windows security updates as soon as possible. If customers are not being offered January security updates, Microsoft recommends customers contact their antivirus provider directly. Recommendations:

  • Ensure your devices are up to date with the latest security updates from Microsoft and from your hardware manufacturer. For more info on keeping your device up to date, see Windows Update: FAQ.
  • Continue to practice sensible caution when visiting websites of unknown origin and do not remain on sites you do not trust. Microsoft recommends all customers protect their devices by running a supported antivirus program. Customers can also take advantage of built-in antivirus protection: Windows Defender for Windows 10 devices, or Microsoft Security Essentials for Windows 7 devices. These solutions are compatible in cases where customers can’t install or run antivirus software.
I wasn’t offered the Windows security updates released in January or February. What should I do?

To help avoid adversely affecting customer devices, the Windows security updates released in January or February, , have not been offered to all customers. For details, see the Microsoft Knowledge Base Article 4072699

Intel has identified reboot issues with microcode on some older processors. What should I do?

Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.”  Our own experience is that system instability can in some circumstances cause data loss or corruption.  On January 22, Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution.  We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.


While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”  In our testing this update has been found to prevent the behavior described.  For the full list of devices, see Intel’s microcode revision guidance.  This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website.  Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” 


As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.

I have not installed the January 2018 Security Only updates. If I install the February 2018 Security Only updates, am I protected from the vulnerabilities described in this advisory?

Yes. While Security Only updates are not normally cumulative, to ensure customers are protected, Microsoft is including the mitigations against these vulnerabilities in the February Security Only updates. These updates also include the updates for AMD-based devices.

No. Security update 4078130 was a specific fix to prevent unpredictable system behaviors, performance issues, and/or unexpected reboots after installation of microcode. Applying the February security updates on Windows client operating systems enables all three mitigations. On Windows server operating systems, you still need to enable the mitigations after proper testing is performed. See Microsoft Knowledge Base Article 4072698 for more information.