Technology, Top News

Microsoft pushes out Windows 10 patches to plug Spectre and Foreshadow vulns

MICROSOFT HAS FLUNG patches at Windows 10 machines to keep the Spectre and Foreshadow vulnerabilities at bay.

The patches come courtesy of the latest Windows 10 update and should keep the OS and processors running on the underlying PCs safe from side channel exploits, or at least until cybersecurity boffins find a new suite of such attacks.

“This update is a stand-alone update targeted for Windows 10 version 1803 (Windows 10 April 2018 Update) and Windows Server Version 1803 (Server Core),” explains Redmond’s support page.

“This update also includes Intel microcode updates that were already released for these operating systems at the time of release to manufacturing (RTM). We will offer additional microcode updates from Intel through this article for these operating systems as they become available to Microsoft.”

Intel has also been pushing out microcode updates to its processors to protect against the new Foreshadow attack technique that was recently discovered by security researchers to exploit side channel functions in modern processors, namely those of Intel.

Combined, Microsoft and Intel’s patches should shore up the defences of most Windows 10 PCs. But it’s worth noting that no attacks using Spectre, Meltdown or Foreshadow have been seen out in the wild as malicious attacks. While the severity of the threat is pretty high, there seem to be far easier ways for hackers to get into machines than messing around with exploiting vulnerabilities in side channel processes.

The updates should be pushed out automatically to the average Windows laptop or desktop user. But in firms with a highly managed IT infrastructure or patching processes, it’s up to IT admins to check that Windows 10 machines on their networks are indeed up-to-date and protected from the vulnerabilities – even if they might not seem like that greater real-world threat. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend