Windows Server 2016 and earlier: Disabled by default. Windows Server 2019, Windows Server 2022, and Azure Stack HCI: Enabled by default. For more information about “Retpoline”, follow Mitigating Spectre variant 2 with Retpoline on Windows blog post. Note “Retpoline” is enabled by default for devices running Windor newer if Spectre Variant 2 ( CVE-2017-5715) is enabled. Please refer to ADV180002 for additional information and this KB article for applicable registry key settings.
Please refer to ADV180002 for additional information The below table summarizes the requirement of CPU microcode and the default status of the mitigations on Windows Server.Įnabled by default (no option to disable) Security advisories ADV180002, ADV180012, ADV190013, and ADV220002 provide information about the risk that is posed by these vulnerabilities. They also help you identify the vulnerabilities and identify the default state of mitigations for Windows Server systems. Mitigation settings for Windows Server and Azure Stack HCI For a list of the latest Surface device firmware (microcode) updates, see KB4073065.
#Spectre and meltdown update
Note: Surface customers will receive a microcode update through Windows Update. Take action as required by using the advisories and registry key information that are provided in this knowledge base article. You should take the following actions to help protect against the vulnerabilities:Īpply all available Windows operating system updates, including the monthly Windows security updates.Īpply the applicable firmware (microcode) update that is provided by the device manufacturer.Įvaluate the risk to your environment based on the information that is provided on Microsoft Security Advisories: ADV180002, ADV180012, ADV190013, and ADV220002, in addition to the information provided in this knowledge base article. On June 14 2022, we published ADV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities and assigned these CVEs:ĬVE-2022-21123 | Shared Buffer Data Read (SBDR)ĬVE-2022-21125 | Shared Buffer Data Sampling (SBDS)ĬVE-2022-21127 | Special Register Buffer Data Sampling Update (SRBDS Update)ĬVE-2022-21166 | Device Register Partial Write (DRPW) Specific details for these silicon-based vulnerabilities can be found in the following security advisories and CVEs:ĪDV180002 | Guidance to mitigate speculative execution side-channel vulnerabilitiesĪDV180012 | Microsoft Guidance for Speculative Store BypassĪDV180013 | Microsoft Guidance for Rogue System Register ReadĪDV180016 | Microsoft Guidance for Lazy FP State RestoreĪDV180018 | Microsoft Guidance to mitigate L1TF variantĪDV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilitiesĪDV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data VulnerabilitiesĬVE-2022-23825 AMD CPU Branch Type ConfusionĬVE-2022-23816 AMD CPU Branch Type Confusion This article provides guidance for a new class of silicon-based microarchitectural and speculative execution side-channel vulnerabilities that affect many modern processors and operating systems.
Please check back here regularly for updated content.Īpril 20, 2023: Added MMIO registry information. NOTE: This article will be updated as additional information becomes available.
0 kommentar(er)
