In order to solve the fatal vulnerabilities represented by the Intel processor, many manufacturers have to make major repairs.
Microsoft, Windows 10 with the next four patches today , Respectively are KB4056892, KB4056891, KB4056890 and KB4056888, which are respectively for Fall Creator Update (Version 1709), Creator Update User (Version 1703), Annual Update (Version 1607), Fall Update (Version 1511) Build 16299.192, 15063.850, 14393.2007 and 10586.1356.
Although these are cumulative updates, but BUG repair to improve performance at the same time, The most important point is the NT kernel-level adjustment, used to plug Melton and Specter two loopholes.
Microsoft also promised that patches for Win7 / 8.1 users will be released on next Tuesday's patch day, and Windows 10 Insider members have already been repaired when the kernel was tweaked last November.
In the meantime, as BUG affects big-box cloud computing environments, including Amazon EC2, Microsoft Azure and Google Compute Engine, Microsoft's Azure cloud, which runs large numbers of Linux and Windows, will be maintained and rebooted on January 10, presumably with the fixes described above.
Amazon AWS warns customers via email that significant security updates are expected to land on Friday , Without going into detail.
Today at noon, Tencent cloud also announced the morning of January 10 01: 00-05: 00 through hot upgrade technology hardware platform and virtualization platform for back-end repair.
Linux CN said that because Intel can not be updated through the micro-code filling pit, Linux / Windows is facing a redesign, with cloud services vendors hardest hit.
Experts point out that modern processors, such as Intel, perform speculative execution. In order to keep internal pipeline instructions up to the requirements, the CPU core tries to guess what code to run next and remove and execute it.
AMD processors are not constrained by the type of attack that kernel page table isolation resists. AMD microarchitectures do not allow memory references (including speculative references) to access higher privileged data in lower privileged mode when accessing page faults that result in errors.
Intel's CPU may speculatively execute code without performing a security check.It seems likely that starting the execution of the software with the processor starting to execute normally blocked instructions (eg, reading kernel memory from user mode) and checking at privilege level This instruction is completed before it occurs.
This will allow ring-level 3 user code to read ring-level 0 core data.
This problem and Intel shortly before the ME flaws suddenly fit together.
Currently, In the Intel line-up, Itaniums with IA-64 architecture and a handful of old Atoms are not affected.
As for ARM, the equivalent kernel page-table isolation (KPTI) patchset for arm64 has already been included in the Linux Correction kernel.
