Microsoft releases out-of-band security updates to address Intel bug
Microsoft released out-of-band security updates for Windows yesterdays that address a recently revealed major security bug in Intel, AMD and ARM processors.
The updates are filed under the IDs KB4056888 , KB4056890. KB4056891, KB4056892, and KB405689. All updates share the following description:
Security updates to Internet Explorer, Microsoft Scripting Engine, Microsoft Edge, Windows Graphics, Windows Kernel, Windows Subsystem for Linux, and the Windows SMB Server.
The update is available only for Windows 10 and Windows Server 2016 at this point; updates for Windows 7 and Windows 8.1 will be released next Tuesday according to The Verge. The second Tuesday of the month is Microsoft's traditional Patch Tuesday. Microsoft releases security updates for all supported products on that day usually.
The updates rely on firmware updates from Intel, AMD, and other vendors, and some software programs, antivirus products, for instance, may need patching as well to address the changes made to Kernel-level access.
The patches may cause performance to drop on affected systems. While Intel Skylake and newer processor systems won't see a massive drop in performance, older Intel processors may see a significant drop in performance after application.
Intel confirmed that performance might be affected depending on the system's workload. Initial benchmarks suggest that performance may drop by up to 30% in certain workload situations.
AMD published a response on its corporate website indicating that AMD processors are affected only by one variant of the vulnerability and that the company expects a negligible performance impact
Google disclosed the vulnerability yesterday on the Project Zero blog. It seems likely that Microsoft's decision to release an out-of-band security update for Windows 10 was caused by Google's disclosure date.
It is unclear why Microsoft won't release updates for Windows 7 and Windows 8.1 as out-of-band security updates as well.
Internet Explorer 11 patches are available on the Microsoft Update Catalog website as well.
Installing the update
Windows 10 users and admins can use Windows Updates to install the out-of-band security updates to affected machines running Windows 10.
- Tap on the Windows-key, type Windows Update and select the item from the list of results to open the Update & Security section of the Settings application.
- Click on "check for updates" to run a manual check for updates if the check does not happen automatically.
- Click download or wait for the download to complete automatically.
- Restart the computer system.
Follow the links below to the KnowledgeBase articles.
- Windows 10 version 1709: KB4056892
- Windows 10 version 1703: KB4056891
- Windows 10 version 1607: KB4056890
- Windows 10 version 1511: KB4056888
- Windows 10 version 1507: KB4056893
The following links point to the Microsoft Update Catalog website where updates can be downloaded manually: