Microsoft Releases “Fix” to Disable Spectre Variant 2 Mitigation

Microsoft has released an updated patch to disable the Spectre variant 2 exploit (CVE 2017-5715 Branch Target Injection). This is due to instability in the Intel microcode. To quote from the KB article.

Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) – specifically Intel noted that this microcode can cause “higher than expected reboots and other unpredictable system behavior” and then noted that situations like this may result in “data loss or corruption.” Our own experience is that system instability can in some circumstances cause data loss or corruption.

https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2 

For advanced users there is an option to specifically enable and disable the fix. Much like the recommendations from Microsoft when patching server operating systems. This gives even finer grained control for both client and server operating systems.

IT Pro Guidance (client OS)

Server OS Guidance

Opinion

It is very early days for these fixes. instability and the pushing and pulling of code, fixes and patches is to be expected. Patching of your environment should be done in a cautious controlled manner. Starting with a very small pool of test clients and servers.

All mitigation’s need to be applied including hardware fixes and virtualization vendor ones.  At the end of the day this is going to go on for months if not years and has shone a light onto a previously unfocused area for hackers and government agencies (we would be naive to think that various governments around the world are not already capitalizing on these and other exploits.)

Sadly is appears that the finger pointing and blame game has started between the vendors.

R.

Leave a reply:

Your email address will not be published.

Site Footer