Mitigation settings for Windows Server and Azure Stack HCI To help protect against this vulnerability, we recommend installing Windows updates that are dated on or after August 2023 and then take action as required by CVE-2023-20569 and registry key information that is provided in this knowledge base article.įor more information, see the AMD-SB-7005 security bulletin. This issue affects certain AMD processors and might potentially lead to information disclosure. On August 8, 2023, we published CVE-2023-20569 | Return Address Predictor (also known as Inception) which describes a new speculative side channel attack that can result in speculative execution at an attacker-controlled address. Take action as required by using the advisories and registry key information that are provided in this knowledge base article.
#SPECTER MELTDOWN UPDATE#
You should take the following actions to help protect against the vulnerabilities:Īpply all available Windows operating system updates, including the monthly Windows security updates.Īpply the applicable firmware (microcode) update that is provided by the device manufacturer.Įvaluate the risk to your environment based on the information that is provided on Microsoft Security Advisories: ADV180002, ADV180012, ADV190013, and ADV220002, in addition to the information provided in this knowledge base article. On June 14 2022, we published ADV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities and assigned these CVEs:ĬVE-2022-21123 | Shared Buffer Data Read (SBDR)ĬVE-2022-21125 | Shared Buffer Data Sampling (SBDS)ĬVE-2022-21127 | Special Register Buffer Data Sampling Update (SRBDS Update)ĬVE-2022-21166 | Device Register Partial Write (DRPW) Specific details for these silicon-based vulnerabilities can be found in the following ADVs (Security Advisories) and CVEs (Common Vulnerabilities and Exposures):ĪDV180002 | Guidance to mitigate speculative execution side-channel vulnerabilitiesĪDV180012 | Microsoft Guidance for Speculative Store BypassĪDV180013 | Microsoft Guidance for Rogue System Register ReadĪDV180016 | Microsoft Guidance for Lazy FP State RestoreĪDV180018 | Microsoft Guidance to mitigate L1TF variantĪDV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilitiesĪDV220002 | Microsoft Guidance on Intel Processor MMIO Stale Data VulnerabilitiesĬVE-2022-23825 | AMD CPU Branch Type ConfusionĬVE-2023-20569 | AMD CPU Return Address Predictor
This article provides guidance for a new class of silicon-based microarchitectural and speculative execution side-channel vulnerabilities that affect many modern processors and operating systems. Updated the "CVE-2022-23825 | AMD CPU Branch Type Confusion (BTC)" registry sectionĪdded "CVE-2023-20569 | AMD CPU Return Address Predictor" to "Summary" sectionĪdded the "CVE-2023-20569 | AMD CPU Return Address Predictor" registry section Removed content about CVE-2022-23816 as the CVE number is unusedĪdded "Branch Type Confusion" under the "Vulnerabilities" sectionĪdded more information to the "CVE-2022-23825 | AMD CPU Branch Type Confusion (BTC)" registry section
0 kommentar(er)
