Microsoft is rolling out an out-of-band security update for the Windows 10 Fall Creators Update (version 1709) and previous releases. This is an emergency update that is meant to address the recently disclosed flaws found on Intel, AMD, and ARM processors released in the past two decades that affect Windows as well as Linux and macOS operating systems.
The update for Windows 10 version 1709 is described as KB4056892 and bumps the version number to build 16299.192. While in version 1703 (Creators Update) the patch is described as KB4056891, KB4056890 for version 1609 (Anniversary Update), KB4056888 for version 1511 (November Update), and KB4056893 for Windows 10 version 1507 (Initial Release).
Microsoft has announced KB4056892 in the Windows support site, and it’s referred as “January 3, 2018—KB4056892 (OS Build 16299.192)”. If you’re already running the Windows 10 Fall Creators Update on your PC, this update will only address these issues:
Windows 10 build 16299.192 (KB4056892) for PCs is available immediately. The new update will download and install automatically, but you can always force the update from Settings > Update & security > Windows Update and clicking the Check for updates button.
The January 3 update for version 1709 has a few known issues, as such make sure to check the Microsoft support site (using the link mentioned above) if you come across any problems during and after the installation.
Windows 8.1 and Windows 7 are also getting an update to protect computers against this flaw that is making headlines across the internet, but users running older versions of Windows won’t see the update until the next Patch Tuesday.
It should be noted that Microsoft has quietly already patched the test version of Windows 10 available through the Insider program.
Alongside with the software updates, in order for everything to work correctly, hardware vendors are also releasing firmware updates for Intel, AMD, and other hardware. In the coming days, many security software vendors, specially antivirus companies, are expected to roll out updates to ensure their software will work correctly with Windows, as the changes are significant and will modify the way the kernel operates.
As a result of the patches, it’s also expected that devices to run slower (anywhere between 5 to 30 percent slower depending on the processor). According to Intel, on a report from The Verge, processors based on the Skylake architecture or newer won’t see significant performance degradation.
This isn’t just affecting home and work computers, cloud-based servers like those from Microsoft Azure, Amazon, and Google are affected too, and they’re also expected to patched in the coming days.
The flaws (“Meltdown” and “Spectre”) found in many microprocessors seem to be related to the way apps can find parts of protected kernel memory areas. The kernel in an operating system that has absolute control over the complete system, and allows apps to talk to the processor, access memory, and other hardware. The flaws in these processors allow attackers to bypass the kernel access protections and steal data from apps running in memory (e.g., web browsers, password managers, documents, photos, emails, etc).
On a statement, Microsoft notes:
We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.
Originally, Intel was the only processor platform that appeared to be affected, but then security researchers, including Google, disclosed that there are two vulnerabilities (“Meltdown” and “Spectre”) that affect Intel as well as AMD and ARM processors (to some extent) released in the past 20 years, which also affect any operating system that runs on those chips.
While most hardware manufacturers and software companies are collaborating and quickly responding to address these issues, the updates are part of a series of fixes that will be coming out to permanently address these vulnerabilities. However, due to the fact these are hardware flaws, the only way to really fix the problem without making your system slower is to wait until manufacturers change the design of their processors.
Update January 23, 2018: Intel is now recommending users not to installed its Spectre patch due a bug causing some random reboots in certain system. This problem affects some of the processors including Broadwell, Haswell, Coffee Lake, Kaby Lake, Skylake, and Ivy Bridge families.