What's new

Microsoft issues Update to Disable Mitigation against Spectre, Variant 2

GreyFox7

Super Moderator
Staff member
Ref: https://support.microsoft.com/en-us...-disable-mitigation-against-spectre-variant-2

Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption. On January 22nd Intel recommended that customers stop deploying the current microcode version on impacted processors while they perform additional testing on the updated solution. We understand that Intel is continuing to investigate the potential impact of the current microcode version and encourage customers to review their guidance on an ongoing basis to inform their decisions.

While Intel tests, updates and deploys new microcode, we are making available an out of band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.” In our testing this update has been found to prevent the behavior described. For the full list of devices, see Intel’s microcode revision guidance. This update covers Windows 7 (SP1), Windows 8.1, and all versions of Windows 10, for client and server. If you are running an impacted device, this update can be applied by downloading it from the Microsoft Update Catalog website. Application of this payload specifically disables only the mitigation against CVE-2017-5715 – “Branch target injection vulnerability.”

We are also offering a new option – available for advanced users on impacted devices – to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes. The instructions for the registry key settings can be found in the following two Knowledge Base articles:

As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.
-----------------------------
AFAIK
This "Fix" is to be manually downloaded from the Update Catalog. It just toggles settings to turn of the mitigation patch for Spectre Variant 2. So you probably wont see much if anything happen as there's really nothing to install and the change is so small.

https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in

You can check or change the sate with Powershell or Registry edit.
 
Top